diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index 6f510ad3706..930e76c7690 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -392,7 +392,7 @@ if ($resql) { } print ""; print ajax_combobox("chartofaccounts"); - print ''; + print ''; print '
'; print '
'; diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index 0f4d538cfac..f19afb12899 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -535,7 +535,7 @@ if ($id) { } print ''; - print ''; + print ''; print ''; print ""; @@ -553,16 +553,16 @@ if ($id) { $num = $db->num_rows($resql); $i = 0; - $param = '&id='.$id; + $param = '&id='.urlencode($id); if ($search_country_id > 0) { - $param .= '&search_country_id='.$search_country_id; + $param .= '&search_country_id='.urlencode($search_country_id); } $paramwithsearch = $param; if ($sortorder) { - $paramwithsearch .= '&sortorder='.$sortorder; + $paramwithsearch .= '&sortorder='.urlencode($sortorder); } if ($sortfield) { - $paramwithsearch .= '&sortfield='.$sortfield; + $paramwithsearch .= '&sortfield='.urlencode($sortfield); } // There is several pages @@ -631,7 +631,7 @@ if ($id) { fieldListAccountModel($fieldlist, $obj, $tabname[$id], 'edit'); } - print ' '; + print ' '; print ' '; } else { $tmpaction = 'view'; diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php index 4c99acf4205..86efee3a04a 100644 --- a/htdocs/accountancy/admin/card.php +++ b/htdocs/accountancy/admin/card.php @@ -261,7 +261,7 @@ if ($action == 'create') { // autosuggest from existing account types if found print ''; $sql = 'SELECT DISTINCT pcg_type FROM ' . MAIN_DB_PREFIX . 'accounting_account'; - $sql .= ' WHERE fk_pcg_version = "' . $db->escape($accountsystem->ref) . '"'; + $sql .= " WHERE fk_pcg_version = '" . $db->escape($accountsystem->ref) . "'"; $sql .= ' AND entity in ('.getEntity('accounting_account', 0).')'; // Always limit to current entity. No sharing in accountancy. $sql .= ' LIMIT 50000'; // just as a sanity check $resql = $db->query($sql); @@ -337,7 +337,7 @@ if ($action == 'create') { // autosuggest from existing account types if found print ''; $sql = 'SELECT DISTINCT pcg_type FROM ' . MAIN_DB_PREFIX . 'accounting_account'; - $sql .= ' WHERE fk_pcg_version = "' . $db->escape($accountsystem->ref) . '"'; + $sql .= " WHERE fk_pcg_version = '" . $db->escape($accountsystem->ref) . "'"; $sql .= ' AND entity in ('.getEntity('accounting_account', 0).')'; // Always limit to current entity. No sharing in accountancy. $sql .= ' LIMIT 50000'; // just as a sanity check $resql = $db->query($sql); @@ -361,11 +361,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/accountancy/admin/categories.php b/htdocs/accountancy/admin/categories.php index bee481bebd6..39aa21f2d63 100644 --- a/htdocs/accountancy/admin/categories.php +++ b/htdocs/accountancy/admin/categories.php @@ -110,7 +110,7 @@ print ''; print ''; print ''; // Select the accounts @@ -137,7 +137,7 @@ if (!empty($cat_id)) { print '
'; print ajax_combobox('cpt_bk'); */ - print ' '; + print ' '; } print ''; } diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index 9a8a84893fe..4be890de7d5 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -558,7 +558,7 @@ if ($tabname[$id]) { } print ''; print ""; @@ -580,7 +580,7 @@ if ($resql) { $param = '&id='.$id; if ($search_country_id > 0) { - $param .= '&search_country_id='.$search_country_id; + $param .= '&search_country_id='.urlencode($search_country_id); } $paramwithsearch = $param; if ($sortorder) { @@ -734,7 +734,7 @@ if ($resql) { print ''; diff --git a/htdocs/accountancy/admin/closure.php b/htdocs/accountancy/admin/closure.php index a7873b72b90..8efb869ffaf 100644 --- a/htdocs/accountancy/admin/closure.php +++ b/htdocs/accountancy/admin/closure.php @@ -124,7 +124,7 @@ print ''; print "
'.$langs->trans("AccountingCategory").''; $formaccounting->select_accounting_category($cat_id, 'account_category', 1, 0, 0, 1); -print ''; +print ''; print '
'; - print ''; + print ''; print '
'; print ''; print ''; - print ''; + print ''; print '
'; print ''; print '
\n"; -print '
'; +print '
'; print ''; diff --git a/htdocs/accountancy/admin/defaultaccounts.php b/htdocs/accountancy/admin/defaultaccounts.php index 79a5c0975b7..061752c11c5 100644 --- a/htdocs/accountancy/admin/defaultaccounts.php +++ b/htdocs/accountancy/admin/defaultaccounts.php @@ -196,7 +196,7 @@ foreach ($list_account as $key) { print "\n"; -print '
'; +print '
'; print ''; diff --git a/htdocs/accountancy/admin/fiscalyear_card.php b/htdocs/accountancy/admin/fiscalyear_card.php index 16463ec027b..2aa33f21645 100644 --- a/htdocs/accountancy/admin/fiscalyear_card.php +++ b/htdocs/accountancy/admin/fiscalyear_card.php @@ -242,11 +242,7 @@ if ($action == 'create') { print ''; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/accountancy/admin/index.php b/htdocs/accountancy/admin/index.php index f8c0c95d3c1..45b5acc7c8a 100644 --- a/htdocs/accountancy/admin/index.php +++ b/htdocs/accountancy/admin/index.php @@ -446,7 +446,7 @@ print ''; print ''; -print '
'; +print '
'; print ''; diff --git a/htdocs/accountancy/admin/journals_list.php b/htdocs/accountancy/admin/journals_list.php index 9ba9d8a6e20..66e3f3b73e4 100644 --- a/htdocs/accountancy/admin/journals_list.php +++ b/htdocs/accountancy/admin/journals_list.php @@ -494,7 +494,7 @@ if ($id) { } print ''; - print ''; + print ''; print ''; print ""; @@ -512,7 +512,7 @@ if ($id) { $param = '&id='.$id; if ($search_country_id > 0) { - $param .= '&search_country_id='.$search_country_id; + $param .= '&search_country_id='.urlencode($search_country_id); } $paramwithsearch = $param; if ($sortorder) { @@ -606,7 +606,7 @@ if ($id) { print ''; print ''; print ''; - print ''; + print ''; print ''; print '
'; print ''; diff --git a/htdocs/accountancy/admin/productaccount.php b/htdocs/accountancy/admin/productaccount.php index e29653a3e40..9596cd96af8 100644 --- a/htdocs/accountancy/admin/productaccount.php +++ b/htdocs/accountancy/admin/productaccount.php @@ -198,7 +198,7 @@ if ($action == 'update') { $sql .= " WHERE rowid = ".((int) $productid); } - dol_syslog("/accountancy/admin/productaccount.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accountancy/admin/productaccount.php", LOG_DEBUG); if ($db->query($sql)) { $ok++; $db->commit(); @@ -329,7 +329,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $sql .= $db->plimit($limit + 1, $offset); -dol_syslog("/accountancy/admin/productaccount.php:: sql=".$sql, LOG_DEBUG); +dol_syslog("/accountancy/admin/productaccount.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { $num = $db->num_rows($result); diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index b84fe255760..126f61e272c 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -40,6 +40,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; $langs->loadLangs(array("accountancy", "compta")); $action = GETPOST('action', 'aZ09'); +$contextpage = GETPOST('contextpage', 'aZ09'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; @@ -120,19 +121,19 @@ if ($limit > 0 && $limit != $conf->liste_limit) { $filter = array(); if (!empty($search_date_start)) { $filter['t.doc_date>='] = $search_date_start; - $param .= '&date_startmonth='.GETPOST('date_startmonth', 'int').'&date_startday='.GETPOST('date_startday', 'int').'&date_startyear='.GETPOST('date_startyear', 'int'); + $param .= '&date_startmonth='.GETPOST('date_startmonth', 'int').'&date_startday='.GETPOST('date_startday', 'int').'&date_startyear='.GETPOST('date_startyear', 'int'); } if (!empty($search_date_end)) { $filter['t.doc_date<='] = $search_date_end; - $param .= '&date_endmonth='.GETPOST('date_endmonth', 'int').'&date_endday='.GETPOST('date_endday', 'int').'&date_endyear='.GETPOST('date_endyear', 'int'); + $param .= '&date_endmonth='.GETPOST('date_endmonth', 'int').'&date_endday='.GETPOST('date_endday', 'int').'&date_endyear='.GETPOST('date_endyear', 'int'); } if (!empty($search_accountancy_code_start)) { $filter['t.numero_compte>='] = $search_accountancy_code_start; - $param .= '&search_accountancy_code_start='.$search_accountancy_code_start; + $param .= '&search_accountancy_code_start='.urlencode($search_accountancy_code_start); } if (!empty($search_accountancy_code_end)) { $filter['t.numero_compte<='] = $search_accountancy_code_end; - $param .= '&search_accountancy_code_end='.$search_accountancy_code_end; + $param .= '&search_accountancy_code_end='.urlencode($search_accountancy_code_end); } if (!empty($search_ledger_code)) { $filter['t.code_journal'] = $search_ledger_code; diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php index c156a388735..1fab2cbf894 100644 --- a/htdocs/accountancy/bookkeeping/card.php +++ b/htdocs/accountancy/bookkeeping/card.php @@ -389,11 +389,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } else { @@ -450,7 +446,7 @@ if ($action == 'create') { print ''; print ''; print $form->selectDate($object->doc_date ? $object->doc_date : - 1, 'doc_date', '', '', '', "setdate"); - print ''; + print ''; print ''; } else { print $object->doc_date ? dol_print_date($object->doc_date, 'day') : ' '; @@ -477,7 +473,7 @@ if ($action == 'create') { print ''; print ''; print $formaccounting->select_journal($object->code_journal, 'code_journal', 0, 0, array(), 1, 1); - print ''; + print ''; print ''; } else { print $object->code_journal; @@ -504,7 +500,7 @@ if ($action == 'create') { print ''; print ''; print ''; - print ''; + print ''; print ''; } else { print $object->doc_ref; diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index bc260c77ed3..73c23e4d63b 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -530,25 +530,25 @@ $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.doc_date') { - $sqlwhere[] = $key.'=\''.$db->idate($value).'\''; + $sqlwhere[] = $key."='".$db->idate($value)."'"; } elseif ($key == 't.doc_date>=' || $key == 't.doc_date<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.numero_compte>=' || $key == 't.numero_compte<=') { - $sqlwhere[] = $key.'\''.$db->escape($value).'\''; + $sqlwhere[] = $key."'".$db->escape($value)."'"; } elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key.'='.((int) $value); } elseif ($key == 't.numero_compte') { - $sqlwhere[] = $key.' LIKE \''.$db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '".$db->escape($value)."%'"; } elseif ($key == 't.subledger_account') { $sqlwhere[] = natural_search($key, $value, 0, 1); } elseif ($key == 't.date_creation>=' || $key == 't.date_creation<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.tms>=' || $key == 't.tms<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.date_export>=' || $key == 't.date_export<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.date_validated>=' || $key == 't.date_validated<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.credit' || $key == 't.debit') { $sqlwhere[] = natural_search($key, $value, 1, 1); } elseif ($key == 't.reconciled_option') { @@ -612,7 +612,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex } $sql .= " WHERE rowid = ".((int) $movement->id); - dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG); + dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported", LOG_DEBUG); $result = $db->query($sql); if (!$result) { $error++; diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 77d10516daa..bc7226edb22 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -433,7 +433,7 @@ class AccountancyCategory // extends CommonObject $this->lines_display = array(); - dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -632,7 +632,7 @@ class AccountancyCategory // extends CommonObject $sql .= " WHERE aa.rowid = ".((int) $cpt_id); $this->db->begin(); - dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/accountancy/class/accountancysystem.class.php b/htdocs/accountancy/class/accountancysystem.class.php index 1b481027ac0..a62dddd6a26 100644 --- a/htdocs/accountancy/class/accountancysystem.class.php +++ b/htdocs/accountancy/class/accountancysystem.class.php @@ -105,7 +105,7 @@ class AccountancySystem $sql .= " a.pcg_version = '".$this->db->escape($ref)."'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -143,9 +143,9 @@ class AccountancySystem $sql = "INSERT INTO ".MAIN_DB_PREFIX."accounting_system"; $sql .= " (date_creation, fk_user_author, numero, label)"; - $sql .= " VALUES ('".$this->db->idate($now)."',".$user->id.",'".$this->db->escape($this->numero)."','".$this->db->escape($this->label)."')"; + $sql .= " VALUES ('".$this->db->idate($now)."',".((int) $user->id).",'".$this->db->escape($this->numero)."','".$this->db->escape($this->label)."')"; - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $id = $this->db->last_insert_id(MAIN_DB_PREFIX."accounting_system"); diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index 99a0dc0dc48..35178e43947 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -150,7 +150,7 @@ class AccountingAccount extends CommonObject global $conf; $this->db = $db; - $this->next_prev_filter = 'fk_pcg_version IN (SELECT pcg_version FROM '.MAIN_DB_PREFIX.'accounting_system WHERE rowid='.$conf->global->CHARTOFACCOUNTS.')'; // Used to add a filter in Form::showrefnav method + $this->next_prev_filter = "fk_pcg_version IN (SELECT pcg_version FROM ".MAIN_DB_PREFIX."accounting_system WHERE rowid=".((int) $conf->global->CHARTOFACCOUNTS).")"; // Used to add a filter in Form::showrefnav method } /** @@ -185,7 +185,7 @@ class AccountingAccount extends CommonObject $sql .= " AND a.fk_pcg_version = '".$this->db->escape($limittoachartaccount)."'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -289,7 +289,7 @@ class AccountingAccount extends CommonObject $this->db->begin(); - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -352,7 +352,7 @@ class AccountingAccount extends CommonObject $sql .= " , reconcilable = ".(int) $this->reconcilable; $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $this->db->commit(); @@ -374,12 +374,12 @@ class AccountingAccount extends CommonObject global $langs; $sql = "(SELECT fk_code_ventilation FROM ".MAIN_DB_PREFIX."facturedet"; - $sql .= " WHERE fk_code_ventilation=".$this->id.")"; + $sql .= " WHERE fk_code_ventilation=".((int) $this->id).")"; $sql .= "UNION"; $sql .= " (SELECT fk_code_ventilation FROM ".MAIN_DB_PREFIX."facture_fourn_det"; - $sql .= " WHERE fk_code_ventilation=".$this->id.")"; + $sql .= " WHERE fk_code_ventilation=".((int) $this->id).")"; - dol_syslog(get_class($this)."::checkUsage sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::checkUsage", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -604,7 +604,7 @@ class AccountingAccount extends CommonObject $sql .= "SET ".$fieldtouse." = '0'"; $sql .= " WHERE rowid = ".((int) $id); - dol_syslog(get_class($this)."::accountDeactivate ".$fieldtouse." sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::accountDeactivate ".$fieldtouse, LOG_DEBUG); $result = $this->db->query($sql); if ($result) { @@ -642,7 +642,7 @@ class AccountingAccount extends CommonObject $sql .= " SET ".$fieldtouse." = '1'"; $sql .= " WHERE rowid = ".((int) $id); - dol_syslog(get_class($this)."::account_activate ".$fieldtouse." sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::account_activate ".$fieldtouse, LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $this->db->commit(); diff --git a/htdocs/accountancy/class/accountingjournal.class.php b/htdocs/accountancy/class/accountingjournal.class.php index 95a69466658..376178b45ba 100644 --- a/htdocs/accountancy/class/accountingjournal.class.php +++ b/htdocs/accountancy/class/accountingjournal.class.php @@ -113,7 +113,7 @@ class AccountingJournal extends CommonObject $sql .= " AND entity = ".$conf->entity; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -170,18 +170,18 @@ class AccountingJournal extends CommonObject $sql .= ' WHERE 1 = 1'; $sql .= " AND entity IN (".getEntity('accountancy').")"; if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= " AND ".implode(" ".$filtermode." ", $sqlwhere); } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $this->lines = array(); - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 0c9b4113c2a..e1a54edf3cd 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -297,7 +297,7 @@ class BookKeeping extends CommonObject $sql .= " AND fk_doc = ".((int) $this->fk_doc); if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) { // DO NOT USE THIS IN PRODUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries. - $sql .= " AND fk_docdet = ".$this->fk_docdet; // This field can be 0 if record is for several lines + $sql .= " AND fk_docdet = ".((int) $this->fk_docdet); // This field can be 0 if record is for several lines } $sql .= " AND numero_compte = '".$this->db->escape($this->numero_compte)."'"; $sql .= " AND label_operation = '".$this->db->escape($this->label_operation)."'"; @@ -390,7 +390,7 @@ class BookKeeping extends CommonObject $sql .= ", '".$this->db->idate($now)."'"; $sql .= ", '".$this->db->escape($this->code_journal)."'"; $sql .= ", ".(!empty($this->journal_label) ? ("'".$this->db->escape($this->journal_label)."'") : "NULL"); - $sql .= ", ".$this->db->escape($this->piece_num); + $sql .= ", ".((int) $this->piece_num); $sql .= ", ".(!isset($this->entity) ? $conf->entity : $this->entity); $sql .= ")"; @@ -647,7 +647,7 @@ class BookKeeping extends CommonObject $sql .= ' '.(!isset($this->credit) ? 'NULL' : $this->credit).','; $sql .= ' '.(!isset($this->montant) ? 'NULL' : $this->montant).','; $sql .= ' '.(!isset($this->sens) ? 'NULL' : "'".$this->db->escape($this->sens)."'").','; - $sql .= ' '.$user->id.','; + $sql .= ' '.((int) $user->id).','; $sql .= ' '."'".$this->db->idate($now)."',"; $sql .= ' '.(empty($this->code_journal) ? 'NULL' : "'".$this->db->escape($this->code_journal)."'").','; $sql .= ' '.(empty($this->journal_label) ? 'NULL' : "'".$this->db->escape($this->journal_label)."'").','; @@ -883,7 +883,7 @@ class BookKeeping extends CommonObject $sql .= ' WHERE 1 = 1'; $sql .= " AND entity IN (".getEntity('accountancy').")"; if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= " AND ".implode(" ".$filtermode." ", $sqlwhere); } // Affichage par compte comptable if (!empty($option)) { @@ -894,10 +894,10 @@ class BookKeeping extends CommonObject } if (!empty($sortfield)) { - $sql .= ', '.$sortfield.' '.$sortorder; + $sql .= ", ".$sortfield." ".$sortorder; } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $resql = $this->db->query($sql); @@ -1043,13 +1043,13 @@ class BookKeeping extends CommonObject $sql .= " AND t.date_export IS NULL"; } if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= ' AND '.implode(" ".$filtermode." ", $sqlwhere); } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $this->lines = array(); @@ -1137,17 +1137,17 @@ class BookKeeping extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.doc_date') { - $sqlwhere[] = $key.'=\''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 't.doc_date>=' || $key == 't.doc_date<=') { - $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; + $sqlwhere[] = $key."'".$this->db->idate($value)."'"; } elseif ($key == 't.numero_compte>=' || $key == 't.numero_compte<=' || $key == 't.subledger_account>=' || $key == 't.subledger_account<=') { - $sqlwhere[] = $key.'\''.$this->db->escape($value).'\''; + $sqlwhere[] = $key."'".$this->db->escape($value)."'"; } elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif ($key == 't.subledger_account' || $key == 't.numero_compte') { - $sqlwhere[] = $key.' LIKE \''.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '".$this->db->escape($value)."%'"; } elseif ($key == 't.subledger_label') { - $sqlwhere[] = $key.' LIKE \''.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '".$this->db->escape($value)."%'"; } elseif ($key == 't.code_journal' && !empty($value)) { if (is_array($value)) { $sqlwhere[] = natural_search("t.code_journal", join(',', $value), 3, 1); @@ -1155,13 +1155,13 @@ class BookKeeping extends CommonObject $sqlwhere[] = natural_search("t.code_journal", $value, 3, 1); } } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } $sql .= ' WHERE entity IN ('.getEntity('accountancy').')'; if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= " AND ".implode(" ".$filtermode." ", $sqlwhere); } $sql .= ' GROUP BY t.numero_compte'; @@ -1170,7 +1170,7 @@ class BookKeeping extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $resql = $this->db->query($sql); @@ -1347,8 +1347,9 @@ class BookKeeping extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= ' SET '.$field.'='.(is_numeric($value) ? $value : "'".$this->db->escape($value)."'"); - $sql .= " WHERE piece_num = '".$this->db->escape($piece_num)."'"; + $sql .= " SET ".$field." = ".(is_numeric($value) ? ((float) $value) : "'".$this->db->escape($value)."'"); + $sql .= " WHERE piece_num = ".((int) $piece_num); + $resql = $this->db->query($sql); if (!$resql) { @@ -1637,7 +1638,7 @@ class BookKeeping extends CommonObject $sql .= ", date_export"; } $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= " WHERE piece_num = ".$piecenum; + $sql .= " WHERE piece_num = ".((int) $piecenum); $sql .= " AND entity IN (".getEntity('accountancy').")"; dol_syslog(__METHOD__, LOG_DEBUG); @@ -1678,7 +1679,7 @@ class BookKeeping extends CommonObject $sql = "SELECT MAX(piece_num)+1 as max FROM ".MAIN_DB_PREFIX.$this->table_element.$mode; $sql .= " WHERE entity IN (".getEntity('accountancy').")"; - dol_syslog(get_class($this)."getNextNumMvt sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."getNextNumMvt", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { @@ -1718,7 +1719,7 @@ class BookKeeping extends CommonObject $sql .= ", date_export"; } $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= " WHERE piece_num = ".$piecenum; + $sql .= " WHERE piece_num = ".((int) $piecenum); $sql .= " AND entity IN (".getEntity('accountancy').")"; dol_syslog(__METHOD__, LOG_DEBUG); @@ -1858,7 +1859,7 @@ class BookKeeping extends CommonObject $sql .= ' SELECT doc_date, doc_type,'; $sql .= ' doc_ref, fk_doc, fk_docdet, entity, thirdparty_code, subledger_account, subledger_label,'; $sql .= ' numero_compte, label_compte, label_operation, debit, credit,'; - $sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, '.$next_piecenum.", '".$this->db->idate($now)."'"; + $sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, '.((int) $next_piecenum).", '".$this->db->idate($now)."'"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.((int) $piece_num); $resql = $this->db->query($sql); if (!$resql) { @@ -2017,7 +2018,7 @@ class BookKeeping extends CommonObject $sql .= " WHERE aa.account_number = '".$this->db->escape($account)."'"; $sql .= " AND aa.entity IN (".getEntity('accountancy').")"; - dol_syslog(get_class($this)."::select_account sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::select_account", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $obj = ''; @@ -2057,7 +2058,7 @@ class BookKeeping extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_accounting_category as cat ON aa.fk_accounting_category = cat.rowid"; $sql .= " WHERE aa.entity IN (".getEntity('accountancy').")"; - dol_syslog(get_class($this)."::select_account sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::select_account", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $obj = ''; diff --git a/htdocs/accountancy/class/lettering.class.php b/htdocs/accountancy/class/lettering.class.php index b2abf01948e..1dd4c4df3e5 100644 --- a/htdocs/accountancy/class/lettering.class.php +++ b/htdocs/accountancy/class/lettering.class.php @@ -279,7 +279,7 @@ class Lettering extends BookKeeping $sql .= " WHERE rowid IN (".$this->db->sanitize(implode(',', $ids)).") AND date_validated IS NULL "; $this->db->begin(); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index b612762d358..a7220d01a28 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -95,7 +95,7 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting- $sql .= " AND doc_date >= '" . $db->idate($date_start) . "'"; $sql .= " AND doc_date <= '" . $db->idate($date_end) . "'"; - dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG); + dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated", LOG_DEBUG); $result = $db->query($sql); if (!$result) { $error++; @@ -189,7 +189,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(b.doc_date)='.$j, '1', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(b.doc_date)=".$j, "1", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " COUNT(b.rowid) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b"; @@ -198,7 +198,7 @@ $sql .= " AND b.doc_date <= '".$db->idate($search_date_end)."'"; $sql .= " AND b.entity IN (".getEntity('bookkeeping', 0).")"; // We don't share object for accountancy $sql .= " AND date_validated IS NULL"; -dol_syslog('htdocs/accountancy/closure/index.php sql='.$sql, LOG_DEBUG); +dol_syslog('htdocs/accountancy/closure/index.php', LOG_DEBUG); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index b3ce892b235..296d6729301 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -117,7 +117,7 @@ if (!empty($id)) { $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy - dol_syslog("/accounting/customer/card.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accounting/customer/card.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php index ede72c9d9e6..3b30d00dbf6 100644 --- a/htdocs/accountancy/customer/index.php +++ b/htdocs/accountancy/customer/index.php @@ -85,8 +85,8 @@ if ($action == 'clean' || $action == 'validatehistory') { $sql1 .= ' (SELECT accnt.rowid '; $sql1 .= ' FROM '.MAIN_DB_PREFIX.'accounting_account as accnt'; $sql1 .= ' INNER JOIN '.MAIN_DB_PREFIX.'accounting_system as syst'; - $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity.')'; - $sql1 .= ' AND fd.fk_facture IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'facture WHERE entity = '.$conf->entity.')'; + $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity).')'; + $sql1 .= ' AND fd.fk_facture IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'facture WHERE entity = '.((int) $conf->entity).')'; $sql1 .= ' AND fk_code_ventilation <> 0'; dol_syslog("htdocs/accountancy/customer/index.php fixaccountancycode", LOG_DEBUG); @@ -110,13 +110,13 @@ if ($action == 'validatehistory') { $sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet"; $sql1 .= " SET fk_code_ventilation = accnt.rowid"; $sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst"; - $sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number"; $sql1 .= " AND " . MAIN_DB_PREFIX . "facturedet.fk_code_ventilation = 0"; } else { $sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet as fd, " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst"; $sql1 .= " SET fk_code_ventilation = accnt.rowid"; - $sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number"; $sql1 .= " AND fd.fk_code_ventilation = 0"; }*/ @@ -283,7 +283,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, 'fd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "fd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -306,7 +306,7 @@ if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { } $sql .= " GROUP BY fd.fk_code_ventilation,aa.account_number,aa.label"; -dol_syslog('htdocs/accountancy/customer/index.php sql='.$sql, LOG_DEBUG); +dol_syslog('htdocs/accountancy/customer/index.php', LOG_DEBUG); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -367,7 +367,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, 'fd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "fd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -452,7 +452,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, 'fd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "fd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -513,7 +513,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, '(fd.total_ht-(fd.qty * fd.buy_price_ht))', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "(fd.total_ht-(fd.qty * fd.buy_price_ht))", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM((fd.total_ht-(fd.qty * fd.buy_price_ht))) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index 5ce9f5e13e8..35e02d5b007 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -188,7 +188,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog("accountancy/customer/list.php sql=".$sql, LOG_DEBUG); + dol_syslog("accountancy/customer/list.php", LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("Lineofinvoice", $monId).' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index db270b9d2db..7c2310ccce4 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -110,7 +110,7 @@ if (!empty($id)) { $sql .= " WHERE er.fk_statut > 0 AND erd.rowid = ".((int) $id); $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy - dol_syslog("/accounting/expensereport/card.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accounting/expensereport/card.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/accountancy/expensereport/index.php b/htdocs/accountancy/expensereport/index.php index f06dd5f8d6f..1544976bb07 100644 --- a/htdocs/accountancy/expensereport/index.php +++ b/htdocs/accountancy/expensereport/index.php @@ -79,8 +79,8 @@ if (($action == 'clean' || $action == 'validatehistory') && $user->rights->accou $sql1 .= ' (SELECT accnt.rowid '; $sql1 .= ' FROM '.MAIN_DB_PREFIX.'accounting_account as accnt'; $sql1 .= ' INNER JOIN '.MAIN_DB_PREFIX.'accounting_system as syst'; - $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity.')'; - $sql1 .= ' AND erd.fk_expensereport IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'expensereport WHERE entity = '.$conf->entity.')'; + $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity).')'; + $sql1 .= ' AND erd.fk_expensereport IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'expensereport WHERE entity = '.((int) $conf->entity).')'; $sql1 .= ' AND fk_code_ventilation <> 0'; dol_syslog("htdocs/accountancy/customer/index.php fixaccountancycode", LOG_DEBUG); $resql1 = $db->query($sql1); @@ -103,13 +103,13 @@ if ($action == 'validatehistory') { $sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det"; $sql1 .= " SET fk_code_ventilation = accnt.rowid"; $sql1 .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst"; - $sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND t.accountancy_code = accnt.account_number"; $sql1 .= " AND ".MAIN_DB_PREFIX."expensereport_det.fk_code_ventilation = 0"; } else { $sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd, ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst"; $sql1 .= " SET erd.fk_code_ventilation = accnt.rowid"; - $sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND t.accountancy_code=accnt.account_number"; $sql1 .= " AND erd.fk_code_ventilation = 0"; } @@ -166,13 +166,13 @@ for ($i = 1; $i <= 12; $i++) { print ''.$langs->trans("Total").''; $sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,"; -$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,"; +$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,"; for ($i = 1; $i <= 12; $i++) { $j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1; if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(er.date_debut)='.$j, 'erd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(er.date_debut)=".$j, "erd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(erd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as erd"; @@ -251,7 +251,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(er.date_debut)='.$j, 'erd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(er.date_debut)=".$j, "erd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " ROUND(SUM(erd.total_ht),2) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as erd"; @@ -330,7 +330,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(er.date_create)='.$j, 'erd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(er.date_create)=".$j, "erd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(erd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as erd"; diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index d69e78fead2..4cfc4dfb4ba 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -159,7 +159,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog('accountancy/expensereport/list.php:: sql='.$sql, LOG_DEBUG); + dol_syslog('accountancy/expensereport/list.php', LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("LineOfExpenseReport").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index bdda4583d54..d05135e7a67 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -364,10 +364,10 @@ if ($result) { // Note: We have the social contribution id, it can be faster to get accounting code from social contribution id. $sqlmid = 'SELECT cchgsoc.accountancy_code'; $sqlmid .= " FROM ".MAIN_DB_PREFIX."c_chargesociales cchgsoc"; - $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."chargesociales as chgsoc ON chgsoc.fk_type=cchgsoc.id"; - $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."paiementcharge as paycharg ON paycharg.fk_charge=chgsoc.rowid"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."chargesociales as chgsoc ON chgsoc.fk_type = cchgsoc.id"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."paiementcharge as paycharg ON paycharg.fk_charge = chgsoc.rowid"; $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."bank_url as bkurl ON bkurl.url_id=paycharg.rowid AND bkurl.type = 'payment_sc'"; - $sqlmid .= " WHERE bkurl.fk_bank=".$obj->rowid; + $sqlmid .= " WHERE bkurl.fk_bank = ".((int) $obj->rowid); dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=".$sqlmid, LOG_DEBUG); $resultmid = $db->query($sqlmid); diff --git a/htdocs/accountancy/journal/expensereportsjournal.php b/htdocs/accountancy/journal/expensereportsjournal.php index c1a62847b32..9633157b5b7 100644 --- a/htdocs/accountancy/journal/expensereportsjournal.php +++ b/htdocs/accountancy/journal/expensereportsjournal.php @@ -3,7 +3,7 @@ * Copyright (C) 2007-2010 Jean Heimburger * Copyright (C) 2011 Juanjo Menent * Copyright (C) 2012 Regis Houssin - * Copyright (C) 2013-2018 Alexandre Spangaro + * Copyright (C) 2013-2021 Alexandre Spangaro * Copyright (C) 2013-2016 Olivier Geffroy * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2018 Frédéric France @@ -627,7 +627,7 @@ if (empty($action) || $action == 'view') { print "".$expensereportstatic->getNomUrl(1).""; // Account print ""; - $accountoshow = length_accounta($conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT); + $accountoshow = length_accountg($conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT); if (($accountoshow == "") || $accountoshow == 'NotDefined') { print ''.$langs->trans("MainAccountForUsersNotDefined").''; } else { diff --git a/htdocs/accountancy/journal/purchasesjournal.php b/htdocs/accountancy/journal/purchasesjournal.php index 71358770775..9a65844871d 100644 --- a/htdocs/accountancy/journal/purchasesjournal.php +++ b/htdocs/accountancy/journal/purchasesjournal.php @@ -3,7 +3,7 @@ * Copyright (C) 2007-2010 Jean Heimburger * Copyright (C) 2011 Juanjo Menent * Copyright (C) 2012 Regis Houssin - * Copyright (C) 2013-2017 Alexandre Spangaro + * Copyright (C) 2013-2021 Alexandre Spangaro * Copyright (C) 2013-2016 Olivier Geffroy * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2018 Frédéric France @@ -648,7 +648,7 @@ if ($action == 'exportcsv') { // ISO and not UTF8 ! print '"'.$val["refsologest"].'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 32)).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.$conf->global->ACCOUNTING_ACCOUNT_SUPPLIER.'"'.$sep; + print '"'.length_accountg($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; print '"'.$langs->trans("Thirdparty").'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 16)).' - '.$val["refsuppliersologest"].' - '.$langs->trans("Thirdparty").'"'.$sep; @@ -717,9 +717,9 @@ if ($action == 'exportcsv') { // ISO and not UTF8 ! print '"'.$date.'"'.$sep; print '"'.$val["refsologest"].'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 32)).'"'.$sep; - print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; + print '"'.length_accountg(html_entity_decode($k)).'"'.$sep; + print '"'.length_accountg(html_entity_decode($k)).'"'.$sep; + print '"'.length_accountg(html_entity_decode($k)).'"'.$sep; print '"'.$langs->trans("Thirdparty").'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 16)).' - '.$val["refsuppliersologest"].' - '.$langs->trans("VAT").' NPR"'.$sep; print '"'.($mt < 0 ? price(-$mt) : '').'"'.$sep; @@ -894,7 +894,7 @@ if (empty($action) || $action == 'view') { print "".$invoicestatic->getNomUrl(1).""; // Account print ""; - $accountoshow = length_accounta($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER); + $accountoshow = length_accountg($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER); if (($accountoshow == "") || $accountoshow == 'NotDefined') { print ''.$langs->trans("MainAccountForSuppliersNotDefined").''; } else { diff --git a/htdocs/accountancy/journal/sellsjournal.php b/htdocs/accountancy/journal/sellsjournal.php index 93be8e8b1b9..bd476173427 100644 --- a/htdocs/accountancy/journal/sellsjournal.php +++ b/htdocs/accountancy/journal/sellsjournal.php @@ -609,7 +609,7 @@ if ($action == 'exportcsv') { // ISO and not UTF8 ! print '"'.$val["ref"].'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 32)).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.$conf->global->ACCOUNTING_ACCOUNT_CUSTOMER.'"'.$sep; + print '"'.length_accountg($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; print '"'.$langs->trans("Thirdparty").'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 16)).' - '.$invoicestatic->ref.' - '.$langs->trans("Thirdparty").'"'.$sep; @@ -834,7 +834,7 @@ if (empty($action) || $action == 'view') { print "".$invoicestatic->getNomUrl(1).""; // Account print ""; - $accountoshow = length_accounta($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER); + $accountoshow = length_accountg($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER); if (($accountoshow == "") || $accountoshow == 'NotDefined') { print ''.$langs->trans("MainAccountForCustomersNotDefined").''; } else { diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 1e7887c1bdc..05d32d0cec5 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -118,7 +118,7 @@ if (!empty($id)) { $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('facture_fourn', 0).")"; // We don't share object for accountancy - dol_syslog("/accounting/supplier/card.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accounting/supplier/card.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index f047ddf70de..1836687d042 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -283,7 +283,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$j, 'ffd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$j, "ffd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(ffd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; @@ -362,7 +362,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$j, 'ffd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$j, "ffd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(ffd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; @@ -441,7 +441,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$j, 'ffd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$j, "ffd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(ffd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index 4fd16df2afe..c6cfd3f7c92 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -193,7 +193,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog('accountancy/supplier/list.php sql='.$sql, LOG_DEBUG); + dol_syslog('accountancy/supplier/list.php', LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("Lineofinvoice").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; diff --git a/htdocs/adherents/admin/member.php b/htdocs/adherents/admin/member.php index d03beec610e..f9b10c3ce3b 100644 --- a/htdocs/adherents/admin/member.php +++ b/htdocs/adherents/admin/member.php @@ -225,6 +225,13 @@ print ''.$langs->trans("MemberCreateAnExternalUserForSub print $form->selectyesno('ADHERENT_CREATE_EXTERNAL_USER_LOGIN', (!empty($conf->global->ADHERENT_CREATE_EXTERNAL_USER_LOGIN) ? $conf->global->ADHERENT_CREATE_EXTERNAL_USER_LOGIN : 0), 1); print "\n"; +// Allow members to change type on renewal forms +/* To test during next beta +print ''.$langs->trans("MemberAllowchangeOfType").''; +print $form->selectyesno('ADHERENT_LOGIN_NOT_REQUIRED', (!empty($conf->global->MEMBER_ALLOW_CHANGE_OF_TYPE) ? 0 : 1), 1); +print "\n"; +*/ + // Insert subscription into bank account print ''.$langs->trans("MoreActionsOnSubscription").''; $arraychoices = array('0'=>$langs->trans("None")); diff --git a/htdocs/adherents/admin/website.php b/htdocs/adherents/admin/website.php index bb320e9f48a..87e4538248c 100644 --- a/htdocs/adherents/admin/website.php +++ b/htdocs/adherents/admin/website.php @@ -238,7 +238,7 @@ if (!empty($conf->global->MEMBER_ENABLE_PUBLIC)) { print ''; print '
'; - print ''; + print ''; print '
'; } diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 42e0b84228f..b614afd25b2 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -1121,15 +1121,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - if (!empty($backtopage)) { - print ''; - } else { - print ''; - } - print '
'; + print $form->buttonsSaveCancel("AddMember"); print "\n"; } @@ -1396,11 +1388,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } @@ -1814,15 +1802,23 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; print $form->select_company($object->socid, 'socid', '', 1); print ''; - print ''; + print ''; print ''; } else { if ($object->socid) { $company = new Societe($db); $result = $company->fetch($object->socid); print $company->getNomUrl(1); + + // Show link to invoices + $tmparray = $company->getOutstandingBills('customer'); + if (!empty($tmparray['refs'])) { + print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').''.$langs->trans("Invoices").' ('.count($tmparray['refs']).')'; + // TODO Add alert if warning on at least one invoice late + print ''; + } } else { - print $langs->trans("NoThirdPartyAssociatedToMember"); + print ''.$langs->trans("NoThirdPartyAssociatedToMember").''; } } print ''; @@ -1846,7 +1842,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { } print ''; - //VCard + // VCard print ''; print $langs->trans("VCard").''; print ''; @@ -1941,7 +1937,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (!empty($conf->societe->enabled) && !$object->socid) { if ($user->rights->societe->creer) { if (Adherent::STATUS_DRAFT != $object->statut) { - print ''.$langs->trans("CreateDolibarrThirdParty").''."\n";; + print ''.$langs->trans("CreateDolibarrThirdParty").''."\n"; } else { print ''.$langs->trans("CreateDolibarrThirdParty").''."\n"; } @@ -2002,8 +1998,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Generated documents $filename = dol_sanitizeFileName($object->ref); //$filename = 'tmp_cards.php'; - //$filedir = $conf->adherent->dir_output . '/' . get_exdir($object->id, 2, 0, 0, $object, 'member') . dol_sanitizeFileName($object->ref); - $filedir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 0, $object, 'member'); + $filedir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member'); $urlsource = $_SERVER['PHP_SELF'].'?id='.$object->id; $genallowed = $user->rights->adherent->lire; $delallowed = $user->rights->adherent->creer; diff --git a/htdocs/adherents/cartes/carte.php b/htdocs/adherents/cartes/carte.php index 8d9ed70a925..4c26e34dd8d 100644 --- a/htdocs/adherents/cartes/carte.php +++ b/htdocs/adherents/cartes/carte.php @@ -73,7 +73,7 @@ if ((!empty($foruserid) || !empty($foruserlogin) || !empty($mode)) && !$mesg) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type as t, ".MAIN_DB_PREFIX."adherent as d"; @@ -276,7 +276,7 @@ foreach (array_keys($_Avery_Labels) as $codecards) { } asort($arrayoflabels); print $form->selectarray('model', $arrayoflabels, (GETPOST('model') ? GETPOST('model') : (empty($conf->global->ADHERENT_CARD_TYPE) ? '' : $conf->global->ADHERENT_CARD_TYPE)), 1, 0, 0, '', 0, 0, 0, '', '', 1); -print '
'; +print '
'; print ''; print '

'; @@ -295,7 +295,7 @@ foreach (array_keys($_Avery_Labels) as $codecards) { asort($arrayoflabels); print $form->selectarray('model', $arrayoflabels, (GETPOST('model') ?GETPOST('model') : (empty($conf->global->ADHERENT_CARD_TYPE) ? '' : $conf->global->ADHERENT_CARD_TYPE)), 1, 0, 0, '', 0, 0, 0, '', '', 1); print '
'.$langs->trans("Login").': '; -print '
'; +print '
'; print ''; print '

'; @@ -313,7 +313,7 @@ foreach (array_keys($_Avery_Labels) as $codecards) { } asort($arrayoflabels); print $form->selectarray('modellabel', $arrayoflabels, (GETPOST('modellabel') ? GETPOST('modellabel') : (empty($conf->global->ADHERENT_ETIQUETTE_TYPE) ? '' : $conf->global->ADHERENT_ETIQUETTE_TYPE)), 1, 0, 0, '', 0, 0, 0, '', '', 1); -print '
'; +print '
'; print ''; // End of page diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 2d5eae90938..bdb77982733 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -774,7 +774,7 @@ class Adherent extends CommonObject // Remove links to user and replace with new one if (!$error) { dol_syslog(get_class($this)."::update update link to user"); - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -784,7 +784,7 @@ class Adherent extends CommonObject } // If there is a user linked to this member if ($this->user_id > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".$this->id." WHERE rowid = ".$this->user_id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id)." WHERE rowid = ".((int) $this->user_id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -926,7 +926,7 @@ class Adherent extends CommonObject // Search for last subscription id and end date $sql = "SELECT rowid, datec as dateop, dateadh as datedeb, datef as datefin"; $sql .= " FROM ".MAIN_DB_PREFIX."subscription"; - $sql .= " WHERE fk_adherent=".$this->id; + $sql .= " WHERE fk_adherent = ".((int) $this->id); $sql .= " ORDER by dateadh DESC"; // Sort by start subscription date dol_syslog(get_class($this)."::update_end_date", LOG_DEBUG); @@ -939,7 +939,7 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " datefin=".($datefin != '' ? "'".$this->db->idate($datefin)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_end_date", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1100,7 +1100,7 @@ class Adherent extends CommonObject } else { $sql .= ", pass = '".$this->db->escape($password_indatabase)."'"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); //dol_syslog("Adherent::Password sql=hidden"); dol_syslog(get_class($this)."::setPassword", LOG_DEBUG); @@ -1223,7 +1223,7 @@ class Adherent extends CommonObject // Add link to third party for current member $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET fk_soc = ".($thirdpartyid > 0 ? $thirdpartyid : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setThirdPartyId", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1465,7 +1465,7 @@ class Adherent extends CommonObject $sql .= " c.dateadh as dateh,"; $sql .= " c.datef as datef"; $sql .= " FROM ".MAIN_DB_PREFIX."subscription as c"; - $sql .= " WHERE c.fk_adherent = ".$this->id; + $sql .= " WHERE c.fk_adherent = ".((int) $this->id); $sql .= " ORDER BY c.dateadh"; dol_syslog(get_class($this)."::fetch_subscriptions", LOG_DEBUG); @@ -1831,8 +1831,8 @@ class Adherent extends CommonObject if (!$error && !empty($bank_line_id)) { // Update fk_bank into subscription table - $sql = 'UPDATE '.MAIN_DB_PREFIX.'subscription SET fk_bank='.$bank_line_id; - $sql .= ' WHERE rowid='.$subscriptionid; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'subscription SET fk_bank='.((int) $bank_line_id); + $sql .= ' WHERE rowid='.((int) $subscriptionid); $result = $this->db->query($sql); if (!$result) { @@ -1900,8 +1900,8 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " statut = ".self::STATUS_VALIDATED; $sql .= ", datevalid = '".$this->db->idate($now)."'"; - $sql .= ", fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ", fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate", LOG_DEBUG); $result = $this->db->query($sql); @@ -1952,7 +1952,7 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " statut = ".self::STATUS_RESILIATED; $sql .= ", fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -2002,7 +2002,7 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " statut = ".self::STATUS_EXCLUDED; $sql .= ", fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -2185,6 +2185,9 @@ class Adherent extends CommonObject if (!empty($this->ref)) { $label .= '
'.$langs->trans('Ref').': '.$this->ref; } + if (!empty($this->login)) { + $label .= '
'.$langs->trans('Login').': '.$this->login; + } if (!empty($this->firstname) || !empty($this->lastname)) { $label .= '
'.$langs->trans('Name').': '.$this->getFullName($langs); } diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index ad24b9f1c05..88dbf6e2b39 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -142,7 +142,7 @@ class AdherentType extends CommonObject $sql = "SELECT lang, label, description, email"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id; + $sql .= " WHERE fk_type = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -181,21 +181,21 @@ class AdherentType extends CommonObject if ($key == $current_lang) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id; + $sql .= " WHERE fk_type = ".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); if ($this->db->num_rows($result)) { // if there is already a description line for this language $sql2 = "UPDATE ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql2 .= " SET "; - $sql2 .= " label='".$this->db->escape($this->label)."',"; - $sql2 .= " description='".$this->db->escape($this->description)."'"; - $sql2 .= " WHERE fk_type=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " SET"; + $sql2 .= " label = '".$this->db->escape($this->label)."',"; + $sql2 .= " description = '".$this->db->escape($this->description)."'"; + $sql2 .= " WHERE fk_type = ".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."adherent_type_lang (fk_type, lang, label, description"; $sql2 .= ")"; - $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label)."',"; + $sql2 .= " VALUES(".((int) $this->id).",'".$this->db->escape($key)."','".$this->db->escape($this->label)."',"; $sql2 .= " '".$this->db->escape($this->description)."'"; $sql2 .= ")"; } @@ -207,7 +207,7 @@ class AdherentType extends CommonObject } elseif (isset($this->multilangs[$key])) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id; + $sql .= " WHERE fk_type = ".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); @@ -215,9 +215,9 @@ class AdherentType extends CommonObject if ($this->db->num_rows($result)) { // if there is already a description line for this language $sql2 = "UPDATE ".MAIN_DB_PREFIX."adherent_type_lang"; $sql2 .= " SET "; - $sql2 .= " label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; - $sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; - $sql2 .= " WHERE fk_type=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " label = '".$this->db->escape($this->multilangs["$key"]["label"])."',"; + $sql2 .= " description = '".$this->db->escape($this->multilangs["$key"]["description"])."'"; + $sql2 .= " WHERE fk_type = ".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."adherent_type_lang (fk_type, lang, label, description"; $sql2 .= ")"; @@ -259,7 +259,7 @@ class AdherentType extends CommonObject public function delMultiLangs($langtodelete, $user) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id." AND lang='".$this->db->escape($langtodelete)."'"; + $sql .= " WHERE fk_type = ".((int) $this->id)." AND lang = '".$this->db->escape($langtodelete)."'"; dol_syslog(get_class($this).'::delMultiLangs', LOG_DEBUG); $result = $this->db->query($sql); @@ -584,7 +584,7 @@ class AdherentType extends CommonObject /** * Return array of Member objects for member type this->id (or all if this->id not defined) * - * @param string $excludefilter Filter to exclude + * @param string $excludefilter Filter to exclude. This value must not come from a user input. * @param int $mode 0=Return array of member instance * 1=Return array of member instance without extra data * 2=Return array of members id only diff --git a/htdocs/adherents/class/adherentstats.class.php b/htdocs/adherents/class/adherentstats.class.php index 489ed20d6c2..e777108c491 100644 --- a/htdocs/adherents/class/adherentstats.class.php +++ b/htdocs/adherents/class/adherentstats.class.php @@ -70,7 +70,7 @@ class AdherentStats extends Stats $this->where .= " m.statut != -1"; $this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")"; - //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .((int) $user->id); if ($this->memberid) { $this->where .= " AND m.rowid = ".((int) $this->memberid); } diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index d57a01510d4..b95313bdbc1 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -204,7 +204,7 @@ class Members extends DolibarrApi * @param int $limit Limit for list * @param int $page Page number * @param string $typeid ID of the type of member - * @param int $category Use this param to filter list by category + * @param int $category Use this param to filter list by category * @param string $sqlfilters Other criteria to filter answers separated by a comma. * Example: "(t.ref:like:'SO-%') and ((t.date_creation:<:'20160101') or (t.nature:is:NULL))" * @return array Array of member objects diff --git a/htdocs/adherents/class/subscription.class.php b/htdocs/adherents/class/subscription.class.php index fff9d925cd9..cae5dd07beb 100644 --- a/htdocs/adherents/class/subscription.class.php +++ b/htdocs/adherents/class/subscription.class.php @@ -275,7 +275,7 @@ class Subscription extends CommonObject $sql .= " datef='".$this->db->idate($this->datef)."',"; $sql .= " datec='".$this->db->idate($this->datec)."',"; $sql .= " fk_bank = ".($this->fk_bank ? ((int) $this->fk_bank) : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index 44d5ee5399b..d714e3d9a32 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -204,7 +204,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } } diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 68430a71bab..d33010a1eff 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -318,12 +318,13 @@ $sql .= " d.email, d.phone, d.phone_perso, d.phone_mobile, d.skype, d.birth, d.p $sql .= " d.fk_adherent_type as type_id, d.morphy, d.statut, d.datec as date_creation, d.tms as date_update,"; $sql .= " d.note_private, d.note_public,"; $sql .= " s.nom,"; +$sql .= " ".$db->ifsql("d.societe IS NULL", "s.nom", "d.societe")." as companyname,"; $sql .= " t.libelle as type, t.subscription,"; $sql .= " state.code_departement as state_code, state.nom as state_name,"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -492,7 +493,7 @@ if (GETPOSTISSET("search_status")) { if ($search_status == Adherent::STATUS_VALIDATED && $filter == 'outofdate') { $titre = $langs->trans("MembersListNotUpToDate"); } - if ($search_status == Adherent::STATUS_RESILIATED) { + if ((string) $search_status == (string) Adherent::STATUS_RESILIATED) { // The cast to string is required to have test false when search_status is '' $titre = $langs->trans("MembersListResiliated"); } if ($search_status == Adherent::STATUS_EXCLUDED) { @@ -833,7 +834,7 @@ if (!empty($arrayfields['d.gender']['checked'])) { print_liste_field_titre($arrayfields['d.gender']['label'], $_SERVER['PHP_SELF'], 'd.gender', $param, "", "", $sortfield, $sortorder); } if (!empty($arrayfields['d.company']['checked'])) { - print_liste_field_titre($arrayfields['d.company']['label'], $_SERVER["PHP_SELF"], 'd.societe', '', $param, '', $sortfield, $sortorder); + print_liste_field_titre($arrayfields['d.company']['label'], $_SERVER["PHP_SELF"], 'companyname', '', $param, '', $sortfield, $sortorder); } if (!empty($arrayfields['d.login']['checked'])) { print_liste_field_titre($arrayfields['d.login']['label'], $_SERVER["PHP_SELF"], 'd.login', '', $param, '', $sortfield, $sortorder); @@ -906,6 +907,7 @@ while ($i < min($num, $limit)) { $memberstatic->id = $obj->rowid; $memberstatic->ref = $obj->ref; $memberstatic->civility_id = $obj->civility; + $memberstatic->login = $obj->login; $memberstatic->lastname = $obj->lastname; $memberstatic->firstname = $obj->firstname; $memberstatic->gender = $obj->gender; @@ -920,9 +922,13 @@ while ($i < min($num, $limit)) { if (!empty($obj->fk_soc)) { $memberstatic->fetch_thirdparty(); - $companyname = $memberstatic->thirdparty->name; + if ($memberstatic->thirdparty->id > 0) { + $companyname = $memberstatic->thirdparty->name; + $companynametoshow = $memberstatic->thirdparty->getNomUrl(1); + } } else { $companyname = $obj->company; + $companynametoshow = $obj->company; } $memberstatic->company = $companyname; @@ -985,7 +991,7 @@ while ($i < min($num, $limit)) { // Company if (!empty($arrayfields['d.company']['checked'])) { print ''; - print $companyname; + print $companynametoshow; print "\n"; } // Login @@ -1095,7 +1101,7 @@ while ($i < min($num, $limit)) { } // EMail if (!empty($arrayfields['d.email']['checked'])) { - print "".dol_print_email($obj->email, 0, 0, 1)."\n"; + print ''.dol_print_email($obj->email, 0, 0, 1)."\n"; } // End of subscription date $datefin = $db->jdate($obj->datefin); diff --git a/htdocs/adherents/stats/geo.php b/htdocs/adherents/stats/geo.php index 16dfc3ccff6..e751a7b5c65 100644 --- a/htdocs/adherents/stats/geo.php +++ b/htdocs/adherents/stats/geo.php @@ -308,7 +308,7 @@ if ($mode) { print ''; foreach ($data as $val) { - $year = isset($val['year']) ? $val['year'] : '';; + $year = isset($val['year']) ? $val['year'] : ''; print ''; print ''.$val['label'].''; if (isset($label2)) { diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 7f8da3a33b3..f090189b52b 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -209,7 +209,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! // Subscription informations $datesubscription = 0; $datesubend = 0; - $paymentdate = 0; + $paymentdate = ''; // Do not use 0 here, default value is '' that means not filled where 0 means 1970-01-01 if (GETPOST("reyear", "int") && GETPOST("remonth", "int") && GETPOST("reday", "int")) { $datesubscription = dol_mktime(0, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int")); } @@ -260,7 +260,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! } // Check if a payment is mandatory or not - if (!$error && $adht->subscription) { // Member type need subscriptions + if ($adht->subscription) { // Member type need subscriptions if (!is_numeric($amount)) { // If field is '' or not a numeric value $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Amount")); @@ -268,28 +268,35 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! $error++; $action = 'addsubscription'; } else { + // If an amount has been provided, we check also fields that becomes mandatory when amount is not null. if (!empty($conf->banque->enabled) && GETPOST("paymentsave") != 'none') { if (GETPOST("subscription")) { if (!GETPOST("label")) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } if (GETPOST("paymentsave") != 'invoiceonly' && !GETPOST("operation")) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } if (GETPOST("paymentsave") != 'invoiceonly' && !(GETPOST("accountid", 'int') > 0)) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("FinancialAccount")); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } } else { - if (GETPOST("accountid")) { + if (GETPOST("accountid", 'int')) { $errmsg = $langs->trans("ErrorDoNotProvideAccountsIfNullAmount"); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } } - if ($errmsg) { - $error++; - setEventMessages($errmsg, null, 'errors'); - $error++; - $action = 'addsubscription'; - } } } } @@ -594,15 +601,23 @@ if ($rowid > 0) { print ''; print $form->select_company($object->fk_soc, 'socid', '', 1); print ''; - print ''; + print ''; print ''; } else { if ($object->fk_soc) { $company = new Societe($db); $result = $company->fetch($object->fk_soc); print $company->getNomUrl(1); + + // Show link to invoices + $tmparray = $company->getOutstandingBills('customer'); + if (!empty($tmparray['refs'])) { + print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').''.$langs->trans("Invoices").' ('.count($tmparray['refs']).')'; + // TODO Add alert if warning on at least one invoice late + print ''; + } } else { - print $langs->trans("NoThirdPartyAssociatedToMember"); + print ''.$langs->trans("NoThirdPartyAssociatedToMember").''; } } print ''; @@ -628,7 +643,7 @@ if ($rowid > 0) { if ($object->user_id) { $form->form_users($_SERVER['PHP_SELF'].'?rowid='.$object->id, $object->user_id, 'none'); } else { - print $langs->trans("NoDolibarrAccess"); + print ''.$langs->trans("NoDolibarrAccess").''; } } print ''; @@ -970,17 +985,18 @@ if ($rowid > 0) { print ''.$langs->trans('MoreActions'); print ''; print ''; - print ' '.$langs->trans("None").'
'; + print ''; + print '
'; // Add entry into bank accoun if (!empty($conf->banque->enabled)) { print ' '.$langs->trans("MoreActionBankDirect").'
'; + print '>
'; } // Add invoice with no payments if (!empty($conf->societe->enabled) && !empty($conf->facture->enabled)) { print 'fk_soc)) print ' disabled'; - print '> '.$langs->trans("MoreActionInvoiceOnly"); + print '>
'; } // Add invoice with payments if (!empty($conf->banque->enabled) && !empty($conf->societe->enabled) && !empty($conf->facture->enabled)) { print 'fk_soc)) print ' disabled'; - print '> '.$langs->trans("MoreActionBankViaInvoice"); + print '>
'; } print ''; diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php index 575d6d2301b..3f4a3872980 100644 --- a/htdocs/adherents/subscription/card.php +++ b/htdocs/adherents/subscription/card.php @@ -245,11 +245,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '       '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; print "\n"; diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index f640407c570..839e0c8ba47 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -172,7 +172,7 @@ if ($action == 'update' && $user->rights->adherent->configurer) { $object->morphy = trim($morphy); $object->status = (int) $status; $object->subscription = (int) $subscription; - $object->amount = ($amount == '' ? '' : price2num($amount, 'MT'));; + $object->amount = ($amount == '' ? '' : price2num($amount, 'MT')); $object->duration_value = $duration_value; $object->duration_unit = $duration_unit; $object->note = trim($comment); @@ -398,11 +398,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print "\n"; } @@ -830,11 +826,7 @@ if ($rowid > 0) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ""; } diff --git a/htdocs/adherents/type_ldap.php b/htdocs/adherents/type_ldap.php index 87a952a68b4..a695f84bb81 100644 --- a/htdocs/adherents/type_ldap.php +++ b/htdocs/adherents/type_ldap.php @@ -166,7 +166,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } $ldap->unbind(); diff --git a/htdocs/adherents/type_translation.php b/htdocs/adherents/type_translation.php index 6c8f273ae77..63ff01584b0 100644 --- a/htdocs/adherents/type_translation.php +++ b/htdocs/adherents/type_translation.php @@ -228,13 +228,7 @@ if ($action == 'edit') { } } - print '
'; - - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action != 'create') { @@ -297,11 +291,7 @@ if ($action == 'create' && $user->rights->adherent->configurer) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/admin/accountant.php b/htdocs/admin/accountant.php index 24df7e0cb68..c7bd40efa37 100644 --- a/htdocs/admin/accountant.php +++ b/htdocs/admin/accountant.php @@ -177,12 +177,7 @@ print ''; print ''; -print '
'; -print ''; -//print '     '; -//print ''; -print '
'; -//print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php index a3d725bee93..730983ad090 100644 --- a/htdocs/admin/agenda.php +++ b/htdocs/admin/agenda.php @@ -209,9 +209,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print "
"; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php index 54d5158b4ed..463df5475f9 100644 --- a/htdocs/admin/agenda_other.php +++ b/htdocs/admin/agenda_other.php @@ -392,7 +392,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/agenda_xcal.php b/htdocs/admin/agenda_xcal.php index 59dd1bf1ac2..f854649962c 100644 --- a/htdocs/admin/agenda_xcal.php +++ b/htdocs/admin/agenda_xcal.php @@ -139,9 +139,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print "
"; +print $form->buttonsSaveCancel("Save", ''); print "\n"; @@ -165,24 +163,27 @@ $urlvcal = ''.$langs->trans("WebCalUrlForVCalExport", 'vcal', '').''); $message .= '
'; -$message .= ''; +$message .= ''; $message .= '
'; +$message .= ajax_autoselect('onlinepaymenturl1'); $message .= '
'; $urlical = ''; $urlical .= $urlwithroot.'/public/agenda/agendaexport.php?format=ical&type=event'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : 'KEYNOTDEFINED').''; $message .= img_picto('', 'globe').' '.str_replace('{url}', $urlical, ''.$langs->trans("WebCalUrlForVCalExport", 'ical/ics', '').''); $message .= '
'; -$message .= ''; +$message .= ''; $message .= '
'; +$message .= ajax_autoselect('onlinepaymenturl2'); $message .= '
'; $urlrss = ''; $urlrss .= $urlwithroot.'/public/agenda/agendaexport.php?format=rss'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : 'KEYNOTDEFINED').''; $message .= img_picto('', 'globe').' '.str_replace('{url}', $urlrss, ''.$langs->trans("WebCalUrlForVCalExport", 'rss', '').''); $message .= '
'; -$message .= ''; +$message .= ''; $message .= '
'; +$message .= ajax_autoselect('onlinepaymenturl3'); $message .= '
'; print $message; diff --git a/htdocs/admin/bank.php b/htdocs/admin/bank.php index 79853c9cda9..fb937dc1dbe 100644 --- a/htdocs/admin/bank.php +++ b/htdocs/admin/bank.php @@ -499,9 +499,7 @@ print "\n"; print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print '
'; +$form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/admin/barcode.php b/htdocs/admin/barcode.php index e6211f0b56f..b0eb36d81ac 100644 --- a/htdocs/admin/barcode.php +++ b/htdocs/admin/barcode.php @@ -272,8 +272,7 @@ if ($resql) { print "\n"; if (empty($conf->use_javascript_ajax)) { - print '
'; - print ''; + print $form->buttonsSaveCancel("Save", ''); } print "
"; diff --git a/htdocs/admin/bom.php b/htdocs/admin/bom.php index c401c6cabf1..021233ef449 100644 --- a/htdocs/admin/bom.php +++ b/htdocs/admin/bom.php @@ -457,7 +457,7 @@ if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { print $doleditor->Create(); } print ''; -print ''; +print ''; print "\n"; print ''; @@ -471,7 +471,7 @@ print $form->textwithpicto($langs->trans("WatermarkOnDraftBOMs"), $htmltext, 1, print ''; print ''; print ''; -print ''; +print ''; print "\n"; print ''; diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 56971457f76..c4e697bfe00 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -473,9 +473,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL == 2 || !empty($conf->global->MAIN_ACTIVA print ''; print ''; -print '
'; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; print "\n".''."\n"; diff --git a/htdocs/admin/chequereceipts.php b/htdocs/admin/chequereceipts.php index cc3377c9762..837d8d997b2 100644 --- a/htdocs/admin/chequereceipts.php +++ b/htdocs/admin/chequereceipts.php @@ -268,7 +268,7 @@ if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { print $doleditor->Create(); } print ''; -print ''; +print ''; print "\n"; print ''; print "
"; diff --git a/htdocs/admin/clicktodial.php b/htdocs/admin/clicktodial.php index 09ba880dd33..326e7028bbf 100644 --- a/htdocs/admin/clicktodial.php +++ b/htdocs/admin/clicktodial.php @@ -117,7 +117,7 @@ print ''; print ''; print ''; -print '

'; +print $form->buttonsSaveCancel("Modify", ''); print '

'; diff --git a/htdocs/admin/commande.php b/htdocs/admin/commande.php index 7407961649c..c10fdd5bbdf 100644 --- a/htdocs/admin/commande.php +++ b/htdocs/admin/commande.php @@ -507,7 +507,7 @@ print ''; print $langs->trans("PaymentMode").''; print ''; if (empty($conf->facture->enabled)) { - print ''; + print ''; } print ''; print "\n"; @@ -628,7 +628,7 @@ if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { print $doleditor->Create(); } print ''; -print ''; +print ''; print "\n"; print ''; @@ -642,7 +642,7 @@ print $form->textwithpicto($langs->trans("WatermarkOnDraftOrders"), $htmltext, 1 print ''; print ''; print ''; -print ''; +print ''; print "\n"; print ''; diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index 0ca1ae7d98e..7420aa17ce9 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -824,10 +824,7 @@ if ($mysoc->useRevenueStamp()) { print ""; - -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/company_socialnetworks.php b/htdocs/admin/company_socialnetworks.php index 2d4b2e6d128..57c75b352f8 100644 --- a/htdocs/admin/company_socialnetworks.php +++ b/htdocs/admin/company_socialnetworks.php @@ -135,9 +135,7 @@ print ''; print '
'; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/compta.php b/htdocs/admin/compta.php index 6aad1c55d04..047b87ff014 100644 --- a/htdocs/admin/compta.php +++ b/htdocs/admin/compta.php @@ -199,7 +199,7 @@ print ''; print "\n"; -print '

'; +print '

'; print ''; // End of page diff --git a/htdocs/admin/const.php b/htdocs/admin/const.php index 93550ea3254..84cae83efec 100644 --- a/htdocs/admin/const.php +++ b/htdocs/admin/const.php @@ -222,7 +222,7 @@ if (!empty($conf->multicompany->enabled) && !$user->entity) { print ''; print ''; } -print ''; +print ''; print "\n"; print ''; @@ -310,10 +310,10 @@ print ''; if ($conf->use_javascript_ajax) { print '
'; print '
'; - print ''; + print ''; print '
'; print '
'; - print ''; + print ''; print '
'; } diff --git a/htdocs/admin/contract.php b/htdocs/admin/contract.php index c10a6ed04b4..ea8a80b17d6 100644 --- a/htdocs/admin/contract.php +++ b/htdocs/admin/contract.php @@ -468,9 +468,7 @@ print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/defaultvalues.php b/htdocs/admin/defaultvalues.php index 038d8d0915c..e74a8df069c 100644 --- a/htdocs/admin/defaultvalues.php +++ b/htdocs/admin/defaultvalues.php @@ -399,7 +399,7 @@ if (!is_array($result) && $result<0) { print ''; print ''; print '
'; - print ''; + print ''; print ''; } print ''; diff --git a/htdocs/admin/delais.php b/htdocs/admin/delais.php index 4b1e34335e8..2c6f9dc17c9 100644 --- a/htdocs/admin/delais.php +++ b/htdocs/admin/delais.php @@ -448,8 +448,8 @@ if (empty($conf->global->MAIN_DISABLE_METEO) || $conf->global->MAIN_DISABLE_METE if ($action == 'edit') { - print '
'; - print '
'; + print $form->buttonsSaveCancel("Save", ''); + print ''; } else { print '
'; print ''.$langs->trans("Modify").'
'; diff --git a/htdocs/admin/delivery.php b/htdocs/admin/delivery.php index cbbcafcf975..04d52c491b2 100644 --- a/htdocs/admin/delivery.php +++ b/htdocs/admin/delivery.php @@ -439,7 +439,7 @@ if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { print $doleditor->Create(); } print ''; -print ''; +print ''; print "\n"; print ''; diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 6835ce82e60..9073c9e238c 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -1487,7 +1487,7 @@ if ($id) { } print ''; if ($action != 'edit') { - print ''; + print ''; } print ''; @@ -1813,7 +1813,7 @@ if ($id) { if (!is_null($withentity)) { print ''; } - print ''; + print ''; print ''; print ''; } else { diff --git a/htdocs/admin/dolistore/class/dolistore.class.php b/htdocs/admin/dolistore/class/dolistore.class.php index 9e5a1e8bce1..bfcb751f9a9 100644 --- a/htdocs/admin/dolistore/class/dolistore.class.php +++ b/htdocs/admin/dolistore/class/dolistore.class.php @@ -84,7 +84,7 @@ class Dolistore try { $this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api); - dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV); + dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV')); // $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data. // Here we set the option array for the Webservice : we want categories resources @@ -134,7 +134,7 @@ class Dolistore try { $this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api); - dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV); + dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV')); // $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data. // Here we set the option array for the Webservice : we want products resources diff --git a/htdocs/admin/emailcollector_card.php b/htdocs/admin/emailcollector_card.php index fdc0b893087..fe1a61c686c 100644 --- a/htdocs/admin/emailcollector_card.php +++ b/htdocs/admin/emailcollector_card.php @@ -276,11 +276,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } @@ -309,9 +305,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/admin/emailcollector_list.php b/htdocs/admin/emailcollector_list.php index c57e681be34..ddfa847d813 100644 --- a/htdocs/admin/emailcollector_list.php +++ b/htdocs/admin/emailcollector_list.php @@ -208,12 +208,12 @@ $title = $langs->trans('ListOf', $langs->transnoentitiesnoconv("EmailCollector") // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -259,7 +259,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/admin/eventorganization.php b/htdocs/admin/eventorganization.php index d01aece1ca0..c37c5ccd41f 100644 --- a/htdocs/admin/eventorganization.php +++ b/htdocs/admin/eventorganization.php @@ -298,11 +298,7 @@ if ($action == 'edit') { } print ''; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; print '
'; diff --git a/htdocs/admin/expedition.php b/htdocs/admin/expedition.php index 8916adef471..ee3d4f18562 100644 --- a/htdocs/admin/expedition.php +++ b/htdocs/admin/expedition.php @@ -454,7 +454,7 @@ print "\n"; print ''; -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/expensereport.php b/htdocs/admin/expensereport.php index 7ff30242336..0b6beb2abc6 100644 --- a/htdocs/admin/expensereport.php +++ b/htdocs/admin/expensereport.php @@ -460,9 +460,7 @@ print ''."\n"; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/expensereport_rules.php b/htdocs/admin/expensereport_rules.php index 050c2b9455c..0b12f8d3741 100644 --- a/htdocs/admin/expensereport_rules.php +++ b/htdocs/admin/expensereport_rules.php @@ -201,7 +201,7 @@ if ($action != 'edit') { echo ''.$form->selectDate(strtotime(date('Y-m-t', dol_now())), 'end', '', '', 0, '', 1, 0).''; echo ' '.$conf->currency.''; echo ''.$form->selectyesno('restrictive', 0, 1).''; - echo ''; + echo ''; echo ''; echo ''; diff --git a/htdocs/admin/export.php b/htdocs/admin/export.php index 9b154e88789..0addfcf38f7 100644 --- a/htdocs/admin/export.php +++ b/htdocs/admin/export.php @@ -98,7 +98,7 @@ print ''; print ''; print ''.$langs->trans("ExportCsvSeparator").''; print ''; -print ''; +print ''; print ''; print ''; diff --git a/htdocs/admin/external_rss.php b/htdocs/admin/external_rss.php index 71086096e4f..26ba4d40f58 100644 --- a/htdocs/admin/external_rss.php +++ b/htdocs/admin/external_rss.php @@ -180,6 +180,7 @@ if (GETPOST("delete")) { /* * View */ +$form = new Form($db); llxHeader('', $langs->trans("ExternalRSSSetup")); @@ -209,11 +210,9 @@ print 'http://news.google.com/news?ned=us&topic=h&output=rss
http://www.d print ''; print ''; -print '
'; -print ''; +print $form->buttonsSaveCancel("Add", ''); print ''; print ''; -print '
'; print ''; diff --git a/htdocs/admin/facture.php b/htdocs/admin/facture.php index bd4b6f5404f..8b88b9a9ac8 100644 --- a/htdocs/admin/facture.php +++ b/htdocs/admin/facture.php @@ -579,7 +579,7 @@ if (!empty($conf->global->INVOICE_USE_DEFAULT_DOCUMENT)) { // Hidden conf print ''; print ''.$langs->trans("Type").''; print ''.$langs->trans("Name").''; - print ''; + print ''; print "\n"; $listtype = array( @@ -623,7 +623,7 @@ print ''; print ''; print ''; print $langs->trans("PaymentMode").''; -print ''; +print ''; print "\n"; print ''; @@ -716,7 +716,7 @@ print $langs->trans("ForceInvoiceDate"); print ''; print $form->selectyesno("forcedate", $conf->global->FAC_FORCE_DATE_VALIDATION, 1); print ''; -print ''; +print ''; print "\n"; print ''; @@ -742,7 +742,7 @@ if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { print $doleditor->Create(); } print ''; -print ''; +print ''; print "\n"; print ''; @@ -755,7 +755,7 @@ print $form->textwithpicto($langs->trans("WatermarkOnDraftBill"), $htmltext, 1, print ''; print ''; print ''; -print ''; +print ''; print "\n"; print ''; diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php index 3388b649a67..9d3fd768647 100644 --- a/htdocs/admin/fckeditor.php +++ b/htdocs/admin/fckeditor.php @@ -215,7 +215,7 @@ if (empty($conf->use_javascript_ajax)) { print $conf->global->FCKEDITOR_TEST; print ''; } - print '
'."\n"; + print $form->buttonsSaveCancel("Save", ''); print '
'; print ''."\n"; diff --git a/htdocs/admin/fichinter.php b/htdocs/admin/fichinter.php index cdfa1f91753..b878c40138e 100644 --- a/htdocs/admin/fichinter.php +++ b/htdocs/admin/fichinter.php @@ -512,7 +512,7 @@ if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { print $doleditor->Create(); } print ''; -print ''; +print ''; print "\n"; print ''; @@ -525,7 +525,7 @@ print $form->textwithpicto($langs->trans("WatermarkOnDraftInterventionCards"), $ print ''; print ''; print ''; -print ''; +print ''; print "\n"; print ''; // print products on fichinter @@ -540,7 +540,7 @@ if ($conf->global->FICHINTER_PRINT_PRODUCTS) { } print '/>'; print ''; -print ''; +print ''; print "\n"; print ''; // Use services duration @@ -555,7 +555,7 @@ print ''; print 'global->FICHINTER_USE_SERVICE_DURATION ? ' checked' : '').'>'; print ''; print ''; -print ''; +print ''; print ''; print ''; print ''; @@ -571,7 +571,7 @@ print ''; print 'global->FICHINTER_WITHOUT_DURATION ? ' checked' : '').'>'; print ''; print ''; -print ''; +print ''; print ''; print ''; print ''; @@ -587,7 +587,7 @@ print ''; print 'global->FICHINTER_DATE_WITHOUT_HOUR ? ' checked' : '').'>'; print ''; print ''; -print ''; +print ''; print ''; print ''; print ''; diff --git a/htdocs/admin/geoipmaxmind.php b/htdocs/admin/geoipmaxmind.php index 40819b697e3..35def897445 100644 --- a/htdocs/admin/geoipmaxmind.php +++ b/htdocs/admin/geoipmaxmind.php @@ -107,7 +107,7 @@ print ''; print ''; print ''; print ''; -print ''; +print ''; print "\n"; // Lib version diff --git a/htdocs/admin/holiday.php b/htdocs/admin/holiday.php index c9214742d13..9dfb15477cc 100644 --- a/htdocs/admin/holiday.php +++ b/htdocs/admin/holiday.php @@ -556,10 +556,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2) { print '
'.$langs->trans("Parameter").''.$langs->trans("Value").'
'; print ''; - -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index 8a8349bb26b..7ba9a875643 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -268,7 +268,7 @@ if ($action == 'update') { $_SESSION["mainmenu"] = ""; // The menu manager may have changed - header("Location: ".$_SERVER["PHP_SELF"]."?mainmenu=home&leftmenu=setup".'&mode='.$mode.(GETPOSTISSET('page_y', 'int') ? '&page_y='.GETPOST('page_y', 'int') : '')); + header("Location: ".$_SERVER["PHP_SELF"]."?mainmenu=home&leftmenu=setup".'&mode='.$mode.(GETPOSTISSET('page_y') ? '&page_y='.GETPOST('page_y', 'int') : '')); exit; } diff --git a/htdocs/admin/import.php b/htdocs/admin/import.php index 38f8ae7554b..27e05e86143 100644 --- a/htdocs/admin/import.php +++ b/htdocs/admin/import.php @@ -87,7 +87,7 @@ print ''."\n"; print ''; print ''.$langs->trans("ImportCsvSeparator").' ('.$langs->trans("ByDefault").')'; print ''."global->IMPORT_CSV_SEPARATOR_TO_USE) ? ',' : $conf->global->IMPORT_CSV_SEPARATOR_TO_USE)."\">"; -print ''; +print ''; print ''; print ''; diff --git a/htdocs/admin/knowledgemanagement.php b/htdocs/admin/knowledgemanagement.php index b8434773f67..457303c9798 100644 --- a/htdocs/admin/knowledgemanagement.php +++ b/htdocs/admin/knowledgemanagement.php @@ -258,9 +258,7 @@ if ($action == 'edit') { } print ''; - print '
'; - print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; print '
'; diff --git a/htdocs/admin/ldap.php b/htdocs/admin/ldap.php index 26f0c28172f..80897320e90 100644 --- a/htdocs/admin/ldap.php +++ b/htdocs/admin/ldap.php @@ -274,7 +274,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/ldap_contacts.php b/htdocs/admin/ldap_contacts.php index 4fb58898a07..d68726c5125 100644 --- a/htdocs/admin/ldap_contacts.php +++ b/htdocs/admin/ldap_contacts.php @@ -284,7 +284,7 @@ print info_admin($langs->trans("LDAPDescValues")); print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/ldap_groups.php b/htdocs/admin/ldap_groups.php index 19d24ecd5db..91fba4e3519 100644 --- a/htdocs/admin/ldap_groups.php +++ b/htdocs/admin/ldap_groups.php @@ -210,7 +210,7 @@ print info_admin($langs->trans("LDAPDescValues")); print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/ldap_members.php b/htdocs/admin/ldap_members.php index ab1af5fcf16..3fb65f730c6 100644 --- a/htdocs/admin/ldap_members.php +++ b/htdocs/admin/ldap_members.php @@ -433,7 +433,7 @@ print info_admin($langs->trans("LDAPDescValues")); print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/ldap_members_types.php b/htdocs/admin/ldap_members_types.php index ae4a1794f35..777bc80c6e1 100644 --- a/htdocs/admin/ldap_members_types.php +++ b/htdocs/admin/ldap_members_types.php @@ -180,7 +180,7 @@ print info_admin($langs->trans("LDAPDescValues")); print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/ldap_users.php b/htdocs/admin/ldap_users.php index 6e38eb2564e..ab6c0f52121 100644 --- a/htdocs/admin/ldap_users.php +++ b/htdocs/admin/ldap_users.php @@ -397,7 +397,7 @@ print info_admin($langs->trans("LDAPDescValues")); print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/limits.php b/htdocs/admin/limits.php index 4a599499053..ef0c996569f 100644 --- a/htdocs/admin/limits.php +++ b/htdocs/admin/limits.php @@ -108,9 +108,9 @@ $aCurrencies = array($conf->currency); // Default currency always first position if (!empty($conf->multicurrency->enabled) && !empty($conf->global->MULTICURRENCY_USE_LIMIT_BY_CURRENCY)) { require_once DOL_DOCUMENT_ROOT.'/core/lib/multicurrency.lib.php'; - $sql = 'SELECT rowid, code FROM '.MAIN_DB_PREFIX.'multicurrency'; - $sql .= ' WHERE entity = '.$conf->entity; - $sql .= ' AND code != "'.$conf->currency.'"'; // Default currency always first position + $sql = "SELECT rowid, code FROM ".MAIN_DB_PREFIX."multicurrency"; + $sql .= " WHERE entity = ".((int) $conf->entity); + $sql .= " AND code <> '".$db->escape($conf->currency)."'"; // Default currency always first position $resql = $db->query($sql); if ($resql) { while ($obj = $db->fetch_object($resql)) { diff --git a/htdocs/admin/loan.php b/htdocs/admin/loan.php index 94b0da08d4f..0769ee5c0a0 100644 --- a/htdocs/admin/loan.php +++ b/htdocs/admin/loan.php @@ -117,7 +117,7 @@ print ''; print ''; print "\n"; -print '
'; +print '
'; // End of page llxFooter(); diff --git a/htdocs/admin/mailing.php b/htdocs/admin/mailing.php index 1b0df5843f3..b1a9efc8648 100644 --- a/htdocs/admin/mailing.php +++ b/htdocs/admin/mailing.php @@ -186,8 +186,7 @@ if (!empty($conf->use_javascript_ajax) && $conf->global->MAIN_FEATURES_LEVEL >= print ''; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/mailman.php b/htdocs/admin/mailman.php index 15dcccdb000..8b003ce2d4e 100644 --- a/htdocs/admin/mailman.php +++ b/htdocs/admin/mailman.php @@ -218,7 +218,7 @@ if (!empty($conf->global->ADHERENT_USE_MAILMAN)) { print ''; print $langs->trans("TestSubscribe").'
'; - print $langs->trans("EMail").'
'; + print $langs->trans("EMail").'
'; print ''; @@ -227,7 +227,7 @@ if (!empty($conf->global->ADHERENT_USE_MAILMAN)) { print ''; print $langs->trans("TestUnSubscribe").'
'; - print $langs->trans("EMail").'
'; + print $langs->trans("EMail").'
'; print ''; } diff --git a/htdocs/admin/mails.php b/htdocs/admin/mails.php index e86c78763ee..de160a1c946 100644 --- a/htdocs/admin/mails.php +++ b/htdocs/admin/mails.php @@ -536,11 +536,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/admin/mails_emailing.php b/htdocs/admin/mails_emailing.php index 511f5dde698..436ffa3d003 100644 --- a/htdocs/admin/mails_emailing.php +++ b/htdocs/admin/mails_emailing.php @@ -405,11 +405,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/admin/mails_senderprofile_list.php b/htdocs/admin/mails_senderprofile_list.php index d8c827337ad..baa8c3688d8 100644 --- a/htdocs/admin/mails_senderprofile_list.php +++ b/htdocs/admin/mails_senderprofile_list.php @@ -226,12 +226,12 @@ print "
\n"; // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -282,7 +282,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY " foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { @@ -395,12 +395,8 @@ if ($action != 'create') { print $form->selectarray('active', $object->fields['active']['arrayofkeyval'], (GETPOSTISSET('active') ? GETPOST('active', 'int') : $object->active), 0, 0, 0, '', 1); print ''; print ''; - print '
'; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + + print $form->buttonsSaveCancel(); } } else { /*print '
'; @@ -428,12 +424,8 @@ if ($action != 'create') { print $form->selectarray('active', $object->fields['active']['arrayofkeyval'], GETPOST('active', 'int'), 0); print ''; print ''; - print '
'; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + + print $form->buttonsSaveCancel(); //print '
'; } diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index db3c45a0776..25a33717c46 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -564,8 +564,8 @@ $sql = "SELECT rowid as rowid, module, label, type_template, lang, fk_user, priv $sql .= " FROM ".MAIN_DB_PREFIX."c_email_templates"; $sql .= " WHERE entity IN (".getEntity('email_template').")"; if (!$user->admin) { - $sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".$user->id."))"; // Show only public and private to me - $sql .= " AND (active = 1 OR fk_user = ".$user->id.")"; // Show only active or owned by me + $sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".((int) $user->id)."))"; // Show only public and private to me + $sql .= " AND (active = 1 OR fk_user = ".((int) $user->id).")"; // Show only active or owned by me } if (empty($conf->global->MAIN_MULTILANGS)) { $sql .= " AND (lang = '".$db->escape($langs->defaultlang)."' OR lang IS NULL OR lang = '')"; @@ -746,7 +746,7 @@ if ($action == 'view') { if ($tmpfieldlist == 'topic') { print ''; if ($action != 'edit') { - print ''; + print ''; } print ''; } diff --git a/htdocs/admin/mails_ticket.php b/htdocs/admin/mails_ticket.php index 939273c1da2..667f58807dc 100644 --- a/htdocs/admin/mails_ticket.php +++ b/htdocs/admin/mails_ticket.php @@ -380,11 +380,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 2e84efbfb06..aaadde965a2 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -391,11 +391,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action == 'edit') { @@ -516,12 +512,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - // Bouton - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 77c070ad573..658be446765 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -588,6 +588,11 @@ if ($mode == 'common' || $mode == 'commonkanban') { setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); } + $disabled_modules = array(); + if (!empty($_SESSION["disablemodules"])) { + $disabled_modules = explode(',', $_SESSION["disablemodules"]); + } + // Show list of modules $oldfamily = ''; $foundoneexternalmodulewithupdate = 0; @@ -613,6 +618,7 @@ if ($mode == 'common' || $mode == 'commonkanban') { continue; } + $modulenameshort = strtolower(preg_replace('/^mod/i', '', get_class($objMod))); $const_name = 'MAIN_MODULE_'.strtoupper(preg_replace('/^mod/i', '', get_class($objMod))); // Check filters @@ -754,6 +760,11 @@ if ($mode == 'common' || $mode == 'commonkanban') { $codeenabledisable = ''; $codetoconfig = ''; + // Force disable of module disabled into session (for demo for example) + if (in_array($modulenameshort, $disabled_modules)) { + $objMod->disabled = true; + } + // Activate/Disable and Setup (2 columns) if (!empty($conf->global->$const_name)) { // If module is already activated // Set $codeenabledisable @@ -761,6 +772,7 @@ if ($mode == 'common' || $mode == 'commonkanban') { if (!empty($arrayofwarnings[$modName])) { $codeenabledisable .= ''."\n"; } + if (!empty($objMod->disabled)) { $codeenabledisable .= $langs->trans("Disabled"); } elseif (!empty($objMod->always_enabled) || ((!empty($conf->multicompany->enabled) && $objMod->core_enabled) && ($user->entity || $conf->entity != 1))) { @@ -789,16 +801,16 @@ if ($mode == 'common' || $mode == 'commonkanban') { if (!empty($objMod->config_page_url) && !$disableSetup) { $backtourlparam = ''; if ($search_keyword != '') { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_keyword='.$search_keyword; // No urlencode here, done later + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_keyword='.urlencode($search_keyword); // No urlencode here, done later } if ($search_nature > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_nature='.$search_nature; // No urlencode here, done later + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_nature='.urlencode($search_nature); // No urlencode here, done later } if ($search_version > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_version='.$search_version; // No urlencode here, done later + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_version='.urlencode($search_version); // No urlencode here, done later } if ($search_status > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_status='.$search_status; // No urlencode here, done later + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_status='.urlencode($search_status); // No urlencode here, done later } $backtourl = $_SERVER["PHP_SELF"].$backtourlparam; diff --git a/htdocs/admin/mrp.php b/htdocs/admin/mrp.php index 74263538c71..08e257b0188 100644 --- a/htdocs/admin/mrp.php +++ b/htdocs/admin/mrp.php @@ -451,7 +451,7 @@ if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { print $doleditor->Create(); } print ''; -print ''; +print ''; print "\n"; print ''; @@ -465,7 +465,7 @@ print $form->textwithpicto($langs->trans("WatermarkOnDraftMOs"), $htmltext, 1, ' print ''; print ''; print ''; -print ''; +print ''; print "\n"; print ''; diff --git a/htdocs/admin/multicurrency.php b/htdocs/admin/multicurrency.php index 373ab0e0f48..95b418a75f0 100644 --- a/htdocs/admin/multicurrency.php +++ b/htdocs/admin/multicurrency.php @@ -221,7 +221,7 @@ print '
'; print ''; print ''; print $form->selectyesno("MULTICURRENCY_BUY_PRICE_IN_CURRENCY",$conf->global->MULTICURRENCY_BUY_PRICE_IN_CURRENCY,1); -print ''; +print ''; print '
'; print ''; */ @@ -235,7 +235,7 @@ print '
'; print ''; print ''; print $form->selectarray('MULTICURRENCY_MODIFY_RATE_APPLICATION', array('PU_DOLIBARR' => 'PU_DOLIBARR', 'PU_CURRENCY' => 'PU_CURRENCY'), $conf->global->MULTICURRENCY_MODIFY_RATE_APPLICATION); -print ''; +print ''; print '
'; print ''; @@ -305,7 +305,7 @@ print ''; print ''.$form->selectCurrency('', 'code', 1).''; print ''; print ' '; -print ''; +print ''; print ''; print ''; @@ -330,7 +330,7 @@ foreach ($TCurrency as &$currency) { print ''; print '1 '.$conf->currency.' = '; print ' '.$currency->code.' '; - print ' '; + print ' '; print ''; print ''; print ''; diff --git a/htdocs/admin/notification.php b/htdocs/admin/notification.php index 4c1df0fa938..8137c34e1e6 100644 --- a/htdocs/admin/notification.php +++ b/htdocs/admin/notification.php @@ -201,7 +201,7 @@ print ''; print ''; print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; @@ -280,7 +280,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2) { } print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); } else { print ''; print ''; @@ -463,7 +463,7 @@ print '
'; print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php index e2f123f627c..9bf5be2c294 100644 --- a/htdocs/admin/oauth.php +++ b/htdocs/admin/oauth.php @@ -150,7 +150,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/oauthlogintokens.php b/htdocs/admin/oauthlogintokens.php index 998b6c39c0f..8697b400a2b 100644 --- a/htdocs/admin/oauthlogintokens.php +++ b/htdocs/admin/oauthlogintokens.php @@ -334,7 +334,7 @@ if ($mode == 'setup' && $user->admin) { if (!empty($driver)) { if ($submit_enabled) { - print '
'; + print $form->buttonsSaveCancel("Modify", ''); } } diff --git a/htdocs/admin/openinghours.php b/htdocs/admin/openinghours.php index 2e262a1bb7e..e6bc6ee8f1d 100644 --- a/htdocs/admin/openinghours.php +++ b/htdocs/admin/openinghours.php @@ -131,10 +131,7 @@ if (empty($action) || $action == 'edit' || $action == 'updateedit') { print ''; - print '
'; - print ''; - print '
'; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } diff --git a/htdocs/admin/payment.php b/htdocs/admin/payment.php index 9b380b676b4..b4b06d62e5e 100644 --- a/htdocs/admin/payment.php +++ b/htdocs/admin/payment.php @@ -273,11 +273,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print '
'; -print ''; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/paymentbybanktransfer.php b/htdocs/admin/paymentbybanktransfer.php index 43ad8c15929..4d170aa5fbd 100644 --- a/htdocs/admin/paymentbybanktransfer.php +++ b/htdocs/admin/paymentbybanktransfer.php @@ -114,7 +114,7 @@ if ($action == "set") { if ($action == "addnotif") { $bon = new BonPrelevement($db); - $bon->AddNotification($db, GETPOST('user', 'int'), $action); + $bon->addNotification($db, GETPOST('user', 'int'), $action); header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -122,7 +122,7 @@ if ($action == "addnotif") { if ($action == "deletenotif") { $bon = new BonPrelevement($db); - $bon->DeleteNotificationById(GETPOST('notif', 'int')); + $bon->deleteNotificationById(GETPOST('notif', 'int')); header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -200,9 +200,8 @@ if (!$conf->global->PAYMENTBYBANKTRANSFER_ADDDAYS) { print ''; print ''; print ''; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; @@ -447,7 +446,7 @@ if (! empty($conf->global->MAIN_MODULE_NOTIFICATION)) print $form->selectarray('action',$actions);// select_dolusers(0,'user',0); print ''; - print ''; + print ''; // List of current notifications for objet_type='withdraw' $sql = "SELECT u.lastname, u.firstname,"; diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index 3f58353320e..4d02a2ddb7a 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -104,6 +104,8 @@ if ($action == 'update') { if (GETPOSTISSET('PDF_USE_ALSO_LANGUAGE_CODE')) dolibarr_set_const($db, "PDF_USE_ALSO_LANGUAGE_CODE", GETPOST('PDF_USE_ALSO_LANGUAGE_CODE', 'alpha'), 'chaine', 0, '', $conf->entity); if (GETPOSTISSET('SHOW_SUBPRODUCT_REF_IN_PDF')) dolibarr_set_const($db, "SHOW_SUBPRODUCT_REF_IN_PDF", GETPOST('SHOW_SUBPRODUCT_REF_IN_PDF', 'alpha'), 'chaine', 0, '', $conf->entity); + if (GETPOSTISSET('PDF_SHOW_LINK_TO_ONLINE_PAYMENT')) dolibarr_set_const($db, "PDF_SHOW_LINK_TO_ONLINE_PAYMENT", GETPOST('PDF_SHOW_LINK_TO_ONLINE_PAYMENT', 'alpha'), 'chaine', 0, '', $conf->entity); + setEventMessages($langs->trans("SetupSaved"), null, 'mesgs'); header("Location: ".$_SERVER["PHP_SELF"]."?mainmenu=home&leftmenu=setup"); @@ -463,12 +465,20 @@ print ''.$langs->trans("ShowDetailsInPDFPageFoot").'selectarray('MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS', $arraydetailsforpdffoot, (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS) ? $conf->global->MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS : 0)); print ''; +// Show online payment link on invoices + +print ''.$langs->trans("PDF_SHOW_LINK_TO_ONLINE_PAYMENT").''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('PDF_SHOW_LINK_TO_ONLINE_PAYMENT'); +} else { + print $form->selectyesno('PDF_SHOW_LINK_TO_ONLINE_PAYMENT', (!empty($conf->global->PDF_SHOW_LINK_TO_ONLINE_PAYMENT)) ? $conf->global->PDF_SHOW_LINK_TO_ONLINE_PAYMENT : 0, 1); +} +print ''; + print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/pdf_other.php b/htdocs/admin/pdf_other.php index 7dec909ecb6..3883e885619 100644 --- a/htdocs/admin/pdf_other.php +++ b/htdocs/admin/pdf_other.php @@ -128,9 +128,7 @@ print ''; print ''; /* -print '
'; -print ''; -print '
'; + print $form->buttonsSaveCancel(); */ print ''; diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index 01e3b6d4913..f9c183b5c7d 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -117,7 +117,7 @@ if ($action == "set") { if ($action == "addnotif") { $bon = new BonPrelevement($db); - $bon->AddNotification($db, GETPOST('user', 'int'), $action); + $bon->addNotification($db, GETPOST('user', 'int'), $action); header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -125,7 +125,7 @@ if ($action == "addnotif") { if ($action == "deletenotif") { $bon = new BonPrelevement($db); - $bon->DeleteNotificationById(GETPOST('notif', 'int')); + $bon->deleteNotificationById(GETPOST('notif', 'int')); header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -214,9 +214,8 @@ print ''; +print $form->buttonsSaveCancel("Save", ''); print ''; @@ -461,7 +460,7 @@ if (! empty($conf->global->MAIN_MODULE_NOTIFICATION)) print $form->selectarray('action',$actions);// select_dolusers(0,'user',0); print ''; - print ''; + print ''; // List of current notifications for objet_type='withdraw' $sql = "SELECT u.lastname, u.firstname,"; diff --git a/htdocs/admin/propal.php b/htdocs/admin/propal.php index a0d590579ca..3e75836e9fe 100644 --- a/htdocs/admin/propal.php +++ b/htdocs/admin/propal.php @@ -483,7 +483,7 @@ print ''; print $langs->trans("PaymentMode").''; print ''; if (empty($conf->facture->enabled)) { - print ''; + print ''; } print ''; print "\n"; @@ -587,7 +587,7 @@ print ""; print ''; print ''.$langs->trans("DefaultProposalDurationValidity").''; print ''."global->PROPALE_VALIDITY_DURATION."\">"; -print ''; +print ''; print ''; print ''; @@ -600,7 +600,7 @@ print $langs->trans("UseCustomerContactAsPropalRecipientIfExist"); print ''; print $form->selectyesno("value",$conf->global->PROPALE_USE_CUSTOMER_CONTACT_AS_RECIPIENT,1); print ''; -print ''; +print ''; print "\n"; print ''; */ @@ -627,7 +627,7 @@ if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { print $doleditor->Create(); } print ''; -print ''; +print ''; print "\n"; print ''; @@ -640,7 +640,7 @@ print $form->textwithpicto($langs->trans("WatermarkOnDraftProposal"), $htmltext, print ''; print ''; print ''; -print ''; +print ''; print "\n"; print ''; diff --git a/htdocs/admin/proxy.php b/htdocs/admin/proxy.php index af646bb4096..635fb2e1e7b 100644 --- a/htdocs/admin/proxy.php +++ b/htdocs/admin/proxy.php @@ -197,9 +197,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/receiptprinter.php b/htdocs/admin/receiptprinter.php index 883a6ff6f03..988023175db 100644 --- a/htdocs/admin/receiptprinter.php +++ b/htdocs/admin/receiptprinter.php @@ -341,7 +341,7 @@ if ($mode == 'config' && $user->admin) { print ''.$printer->profileresprint.''; print ''; print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; print ''; } else { @@ -432,7 +432,7 @@ if ($mode == 'template' && $user->admin) { print ''; print ''; print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } else { print ''.$printer->listprinterstemplates[$line]['name'].''; diff --git a/htdocs/admin/reception_setup.php b/htdocs/admin/reception_setup.php index e9a4a724871..e049985c61e 100644 --- a/htdocs/admin/reception_setup.php +++ b/htdocs/admin/reception_setup.php @@ -470,7 +470,7 @@ print "\n"; */ print ''; -//print '
'; +//print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/security_file.php b/htdocs/admin/security_file.php index 12c90cf3c21..1368fe48488 100644 --- a/htdocs/admin/security_file.php +++ b/htdocs/admin/security_file.php @@ -179,7 +179,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index 817539ed949..5f8cc66eb1e 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -184,7 +184,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/stock.php b/htdocs/admin/stock.php index a4a9e91e3ff..e45a01d9ed1 100644 --- a/htdocs/admin/stock.php +++ b/htdocs/admin/stock.php @@ -644,7 +644,7 @@ print ''; print ''.$langs->trans("MainDefaultWarehouse").''; print ''; print $formproduct->selectWarehouses($conf->global->MAIN_DEFAULT_WAREHOUSE, 'default_warehouse', '', 1, 0, 0, '', 0, 0, array(), 'left reposition'); -print ''; +print ''; print ""; print "\n"; diff --git a/htdocs/admin/supplier_invoice.php b/htdocs/admin/supplier_invoice.php index bc587845cda..c4958083181 100644 --- a/htdocs/admin/supplier_invoice.php +++ b/htdocs/admin/supplier_invoice.php @@ -464,7 +464,7 @@ if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { print $doleditor->Create(); } print ''; -print ''; +print ''; print "\n"; print '
'; diff --git a/htdocs/admin/supplier_order.php b/htdocs/admin/supplier_order.php index 7cf64e4800d..27629d99a82 100644 --- a/htdocs/admin/supplier_order.php +++ b/htdocs/admin/supplier_order.php @@ -453,7 +453,7 @@ print $langs->trans("IfSetToYesDontForgetPermission"); print ''; print ''; print ''; -print ''; +print ''; print "\n"; @@ -508,7 +508,7 @@ if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { print $doleditor->Create(); } print ''; -print ''; +print ''; print "\n"; // Option to add a quality/validation step, on products, after reception. diff --git a/htdocs/admin/supplier_payment.php b/htdocs/admin/supplier_payment.php index 3f79b52eff3..863674bab75 100644 --- a/htdocs/admin/supplier_payment.php +++ b/htdocs/admin/supplier_payment.php @@ -447,7 +447,7 @@ print dol_get_fiche_end(); print '
'; print '
'; -print ''; +print ''; print '
'; print '
'; diff --git a/htdocs/admin/supplier_proposal.php b/htdocs/admin/supplier_proposal.php index 68066a2aebc..869ee4ca4fb 100644 --- a/htdocs/admin/supplier_proposal.php +++ b/htdocs/admin/supplier_proposal.php @@ -479,7 +479,7 @@ if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { print $doleditor->Create(); } print ''; -print ''; +print ''; print "\n"; print ''; @@ -492,7 +492,7 @@ print $form->textwithpicto($langs->trans("WatermarkOnDraftProposal"), $htmltext, print ''; print ''; print ''; -print ''; +print ''; print "\n"; print ''; diff --git a/htdocs/admin/taxes.php b/htdocs/admin/taxes.php index a3b3a7f1d91..613c8853297 100644 --- a/htdocs/admin/taxes.php +++ b/htdocs/admin/taxes.php @@ -259,7 +259,7 @@ print "
\n"; print '
'; -print ''; +print ''; print '

'; print '
'; diff --git a/htdocs/admin/ticket.php b/htdocs/admin/ticket.php index 320857de887..bfd2ae4b09b 100644 --- a/htdocs/admin/ticket.php +++ b/htdocs/admin/ticket.php @@ -580,9 +580,7 @@ print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/ticket_public.php b/htdocs/admin/ticket_public.php index 98ce554c363..22e4a4a1b42 100644 --- a/htdocs/admin/ticket_public.php +++ b/htdocs/admin/ticket_public.php @@ -390,7 +390,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print ''; print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } diff --git a/htdocs/admin/tools/purge.php b/htdocs/admin/tools/purge.php index 09647549c8b..f246a9eb0b2 100644 --- a/htdocs/admin/tools/purge.php +++ b/htdocs/admin/tools/purge.php @@ -121,7 +121,7 @@ print ''; //if ($choice != 'confirm_allfiles') //{ print '
'; - print '
'; + print '
'; //} print ''; diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index 3fa2e5d0af9..4fb4e05f771 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -146,7 +146,7 @@ if ($action == 'add') { if (!$error) { $db->begin(); - $sql = "INSERT INTO ".MAIN_DB_PREFIX."overwrite_trans(lang, transkey, transvalue, entity) VALUES ('".$db->escape($langcode)."','".$db->escape($transkey)."','".$db->escape($transvalue)."', ".$db->escape($conf->entity).")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."overwrite_trans(lang, transkey, transvalue, entity) VALUES ('".$db->escape($langcode)."','".$db->escape($transkey)."','".$db->escape($transvalue)."', ".((int) $conf->entity).")"; $result = $db->query($sql); if ($result > 0) { $db->commit(); diff --git a/htdocs/admin/website.php b/htdocs/admin/website.php index 864bb39798b..c6ad8e08ed0 100644 --- a/htdocs/admin/website.php +++ b/htdocs/admin/website.php @@ -498,7 +498,7 @@ if ($id) { print ''; if ($action != 'edit') { - print ''; + print ''; } print ''; print ""; @@ -580,7 +580,7 @@ if ($id) { fieldListWebsites($fieldlist, $obj, $tabname[$id], 'edit'); } - print ' '; + print ' '; print ' '; } else { $tmpaction = 'view'; diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php index 0a84de7b7c1..b4e1abdbadb 100644 --- a/htdocs/api/class/api.class.php +++ b/htdocs/api/class/api.class.php @@ -310,14 +310,23 @@ class DolibarrApi } if ($tmp[$i] == ')') { $counter--; + + // TODO: After a closing ), only a " or " or " and " or end of string is allowed. } if ($counter < 0) { - $error = "Bad sqlfilters=".$sqlfilters; + $error = "Bad sqlfilters (too many closing parenthesis) = ".$sqlfilters; dol_syslog($error, LOG_WARNING); return false; } $i++; } + + if ($counter > 0) { + $error = "Bad sqlfilters (too many opening parenthesis) = ".$sqlfilters; + dol_syslog($error, LOG_WARNING); + return false; + } + return true; } @@ -327,7 +336,8 @@ class DolibarrApi * Function to forge a SQL criteria * * @param array $matches Array of found string by regex search. - * Example: "t.ref:like:'SO-%'" or "t.date_creation:<:'20160101'" or "t.date_creation:<:'2016-01-01 12:30:00'" or "t.nature:is:NULL" + * Each entry is 1 and only 1 criteria. + * Example: "t.ref:like:'SO-%'", "t.date_creation:<:'20160101'", "t.date_creation:<:'2016-01-01 12:30:00'", "t.nature:is:NULL", "t.field2:isnot:NULL" * @return string Forged criteria. Example: "t.field like 'abc%'" */ protected static function _forge_criteria_callback($matches) @@ -345,18 +355,36 @@ class DolibarrApi return ''; } + // Sanitize operand $operand = preg_replace('/[^a-z0-9\._]/i', '', trim($tmp[0])); + // Sanitize operator $operator = strtoupper(preg_replace('/[^a-z<>=]/i', '', trim($tmp[1]))); + // Only some operators are allowed. + if (! in_array($operator, array('LIKE', 'ULIKE', '<', '>', '<=', '>=', '=', '<>', 'IS', 'ISNOT', 'IN'))) { + return ''; + } + if ($operator == 'ISNOT') { + $operator = 'IS NOT'; + } + // Sanitize value $tmpescaped = trim($tmp[2]); $regbis = array(); if ($operator == 'IN') { $tmpescaped = "(".$db->sanitize($tmpescaped, 1).")"; - } elseif (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) { - $tmpescaped = "'".$db->escape($regbis[1])."'"; + } elseif (in_array($operator, array('<', '>', '<=', '>=', '=', '<>'))) { + if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) { // If 'YYYY-MM-DD HH:MM:SS+X' + $tmpescaped = "'".$db->escape($regbis[1])."'"; + } else { + $tmpescaped = ((float) $tmpescaped); + } } else { - $tmpescaped = $db->sanitize($db->escape($tmpescaped)); + if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) { + $tmpescaped = "'".$db->escape($regbis[1])."'"; + } else { + $tmpescaped = "'".$db->escape($tmpescaped)."'"; + } } return $db->escape($operand).' '.$db->escape($operator)." ".$tmpescaped; diff --git a/htdocs/asset/admin/setup.php b/htdocs/asset/admin/setup.php index c6cd45a0cc5..07da0541619 100644 --- a/htdocs/asset/admin/setup.php +++ b/htdocs/asset/admin/setup.php @@ -81,9 +81,7 @@ if ($action == 'edit') { print ''; - print '
'; - print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; print '
'; diff --git a/htdocs/asset/card.php b/htdocs/asset/card.php index 3d722bca400..4a2e98fc666 100644 --- a/htdocs/asset/card.php +++ b/htdocs/asset/card.php @@ -169,11 +169,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -210,9 +206,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/asset/list.php b/htdocs/asset/list.php index 1d994e25177..770493a90f6 100644 --- a/htdocs/asset/list.php +++ b/htdocs/asset/list.php @@ -197,12 +197,12 @@ $title = $langs->trans('ListOf', $langs->transnoentitiesnoconv("Assets")); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -249,7 +249,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY " foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/asset/type.php b/htdocs/asset/type.php index 6103b963e21..6f743172617 100644 --- a/htdocs/asset/type.php +++ b/htdocs/asset/type.php @@ -396,11 +396,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + $form->buttonsSaveCancel("Add"); print "\n"; } @@ -600,9 +596,7 @@ if ($rowid > 0) { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ""; } diff --git a/htdocs/barcode/codeinit.php b/htdocs/barcode/codeinit.php index f35547523c9..4ebbe832dc5 100644 --- a/htdocs/barcode/codeinit.php +++ b/htdocs/barcode/codeinit.php @@ -214,7 +214,7 @@ if ($conf->societe->enabled) { print $langs->trans("CurrentlyNWithoutBarCode", $nbno, $nbtotal, $langs->transnoentitiesnoconv("ThirdParties")).'
'."\n"; - print '
'; print '



'; @@ -283,10 +283,10 @@ if ($conf->product->enabled || $conf->product->service) { print '
'; //print ' '.$langs->trans("ResetBarcodeForAllRecords").'
'; $moretags1 = (($disabled || $disabled1) ? ' disabled title="'.dol_escape_htmltag($titleno).'"' : ''); - print ''; + print ''; $moretags2 = (($nbno == $nbtotal) ? ' disabled' : ''); print '   '; - print ''; + print ''; print '



'; } diff --git a/htdocs/barcode/printsheet.php b/htdocs/barcode/printsheet.php index ff57587d1b4..2cb4d972493 100644 --- a/htdocs/barcode/printsheet.php +++ b/htdocs/barcode/printsheet.php @@ -382,7 +382,7 @@ if (!empty($user->rights->produit->lire) || !empty($user->rights->service->lire) print '
'; print '
'; $form->select_produits(GETPOST('productid', 'int'), 'productid', '', '', 0, -1, 2, '', 0, array(), 0, '1', 0, 'minwidth400imp', 1); - print '   '; + print '   '; print '
'; } @@ -433,7 +433,7 @@ print '
'; print ''; -print '
'; +print '
'; print ''; print '
'; diff --git a/htdocs/blockedlog/admin/blockedlog.php b/htdocs/blockedlog/admin/blockedlog.php index 423c40d9e20..8880e6c1e86 100644 --- a/htdocs/blockedlog/admin/blockedlog.php +++ b/htdocs/blockedlog/admin/blockedlog.php @@ -124,7 +124,7 @@ if (!empty($conf->global->BLOCKEDLOG_USE_REMOTE_AUTHORITY)) { print ''; print ''; print ''; - print ''; + print ''; print ''; print ''; @@ -154,7 +154,7 @@ if ($resql) { $seledted = empty($conf->global->BLOCKEDLOG_DISABLE_NOT_ALLOWED_FOR_COUNTRY) ? array() : explode(',', $conf->global->BLOCKEDLOG_DISABLE_NOT_ALLOWED_FOR_COUNTRY); print $form->multiselectarray('BLOCKEDLOG_DISABLE_NOT_ALLOWED_FOR_COUNTRY', $countryArray, $seledted); -print ''; +print ''; print ''; print ''; diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index cd530994b9b..235336d4f73 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -267,11 +267,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } @@ -302,9 +298,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php index df21938aec5..4a94dc7ce86 100644 --- a/htdocs/bom/bom_list.php +++ b/htdocs/bom/bom_list.php @@ -297,7 +297,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.' ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.' ' : ''); } } // Add fields from hooks @@ -363,7 +363,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 3996b5e49bd..ea4b306ac12 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -94,7 +94,7 @@ class BOM extends CommonObject * @var array Array with all fields and their property. Do not use it as a static var. It may be modified by constructor. */ public $fields = array( - 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'position'=>1, 'notnull'=>1, 'index'=>1, 'comment'=>"Id",), + 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-2, 'position'=>1, 'notnull'=>1, 'index'=>1, 'comment'=>"Id",), 'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'notnull'=> 1, 'default'=>1, 'index'=>1, 'position'=>5), 'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'noteditable'=>1, 'visible'=>4, 'position'=>10, 'notnull'=>1, 'default'=>'(PROV)', 'index'=>1, 'searchall'=>1, 'comment'=>"Reference of BOM", 'showoncombobox'=>'1',), 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'notnull'=>1, 'searchall'=>1, 'showoncombobox'=>'2', 'autofocusoncreate'=>1, 'css'=>'maxwidth300', 'csslist'=>'tdoverflowmax200'), @@ -431,25 +431,25 @@ class BOM extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')'; + $sql .= " AND (".implode(" ".$filtermode." ", $sqlwhere).")"; } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -1288,13 +1288,13 @@ class BOMLine extends CommonObjectLine if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -1306,7 +1306,7 @@ class BOMLine extends CommonObjectLine $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/bom/tpl/objectline_create.tpl.php b/htdocs/bom/tpl/objectline_create.tpl.php index 7cc2873b261..210ab695ec8 100644 --- a/htdocs/bom/tpl/objectline_create.tpl.php +++ b/htdocs/bom/tpl/objectline_create.tpl.php @@ -138,7 +138,7 @@ print ''; $coldisplay += $colspan; print ''; -print ''; +print ''; print ''; print ''; diff --git a/htdocs/bookmarks/admin/bookmark.php b/htdocs/bookmarks/admin/bookmark.php index 5f30db5d7f2..3d5c8eb3bc0 100644 --- a/htdocs/bookmarks/admin/bookmark.php +++ b/htdocs/bookmarks/admin/bookmark.php @@ -78,7 +78,7 @@ print ''; print $langs->trans("NbOfBoomarkToShow").''; print ''; print ''; -print '
'; +print '
'; // End of page llxFooter(); diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php index f7795a14f47..045e656de50 100644 --- a/htdocs/bookmarks/card.php +++ b/htdocs/bookmarks/card.php @@ -301,7 +301,8 @@ if ($id > 0 && !preg_match('/^add/i', $action)) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
   
'; + print $form->buttonsSaveCancel(); + print ''; } diff --git a/htdocs/categories/card.php b/htdocs/categories/card.php index 141e061ac20..44b812b4d96 100644 --- a/htdocs/categories/card.php +++ b/htdocs/categories/card.php @@ -274,7 +274,7 @@ if ($user->rights->categorie->creer) { print dol_get_fiche_end(''); print '
'; - print ''; + print ''; print '     '; print ''; print '
'; diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index bb70b520fa1..ba5515149d4 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -455,7 +455,7 @@ class Categorie extends CommonObject $sql .= ($this->socid > 0 ? $this->socid : 'null').", "; } $sql .= "'".$this->db->escape($this->visible)."', "; - $sql .= $this->db->escape($type).", "; + $sql .= ((int) $type).", "; $sql .= (!empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : 'null').", "; $sql .= (!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : 'null').", "; $sql .= (int) $conf->entity.", "; @@ -547,7 +547,7 @@ class Categorie extends CommonObject $sql .= ", visible = ".(int) $this->visible; $sql .= ", fk_parent = ".(int) $this->fk_parent; $sql .= ", fk_user_modif = ".(int) $user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); if ($this->db->query($sql)) { @@ -613,7 +613,7 @@ class Categorie extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."categorie"; $sql .= " SET fk_parent = ".((int) $this->fk_parent); - $sql .= " WHERE fk_parent = ".$this->id; + $sql .= " WHERE fk_parent = ".((int) $this->id); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -634,7 +634,7 @@ class Categorie extends CommonObject ); foreach ($arraydelete as $key => $value) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$key; - $sql .= " WHERE ".$value." = ".$this->id; + $sql .= " WHERE ".$value." = ".((int) $this->id); if (!$this->db->query($sql)) { $this->errors[] = $this->db->lasterror(); dol_syslog("Error sql=".$sql." ".$this->error, LOG_ERR); @@ -687,13 +687,13 @@ class Categorie extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); $sql .= " (fk_categorie, fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type]).")"; - $sql .= " VALUES (".$this->id.", ".$obj->id.")"; + $sql .= " VALUES (".((int) $this->id).", ".((int) $obj->id).")"; dol_syslog(get_class($this).'::add_type', LOG_DEBUG); if ($this->db->query($sql)) { if (!empty($conf->global->CATEGORIE_RECURSIV_ADD)) { $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'categorie'; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::add_type", LOG_DEBUG); $resql = $this->db->query($sql); @@ -781,7 +781,7 @@ class Categorie extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id; + $sql .= " WHERE fk_categorie = ".((int) $this->id); $sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $obj->id); dol_syslog(get_class($this).'::del_type', LOG_DEBUG); @@ -833,11 +833,11 @@ class Categorie extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type])." as c"; $sql .= ", ".MAIN_DB_PREFIX.(empty($this->MAP_OBJ_TABLE[$type]) ? $type : $this->MAP_OBJ_TABLE[$type])." as o"; $sql .= " WHERE o.entity IN (".getEntity($obj->element).")"; - $sql .= " AND c.fk_categorie = ".$this->id; + $sql .= " AND c.fk_categorie = ".((int) $this->id); $sql .= " AND c.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = o.rowid"; // Protection for external users if (($type == 'customer' || $type == 'supplier') && $user->socid > 0) { - $sql .= " AND o.rowid = ".$user->socid; + $sql .= " AND o.rowid = ".((int) $user->socid); } if ($limit > 0 || $offset > 0) { $sql .= $this->db->plimit($limit + 1, $offset); @@ -877,7 +877,7 @@ class Categorie extends CommonObject public function containsObject($type, $object_id) { $sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); + $sql .= " WHERE fk_categorie = ".((int) $this->id)." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); dol_syslog(get_class($this)."::containsObject", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -924,12 +924,11 @@ class Categorie extends CommonObject $idoftype = array_search($type, self::$MAP_ID_TO_CODE); $sql = "SELECT s.rowid"; - $sql .= " FROM ".MAIN_DB_PREFIX."categorie as s"; - $sql .= " , ".MAIN_DB_PREFIX."categorie_".$sub_type." as sub "; + $sql .= " FROM ".MAIN_DB_PREFIX."categorie as s, ".MAIN_DB_PREFIX."categorie_".$sub_type." as sub"; $sql .= ' WHERE s.entity IN ('.getEntity('category').')'; $sql .= ' AND s.type='.((int) $idoftype); $sql .= ' AND s.rowid = sub.fk_categorie'; - $sql .= ' AND sub.'.$subcol_name.' = '.((int) $id); + $sql .= " AND sub.".$subcol_name." = ".((int) $id); $sql .= $this->db->order($sortfield, $sortorder); @@ -1002,7 +1001,7 @@ class Categorie extends CommonObject { // phpcs:enable $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."categorie"; - $sql .= " WHERE fk_parent = ".$this->id; + $sql .= " WHERE fk_parent = ".((int) $this->id); $sql .= " AND entity IN (".getEntity('category').")"; $res = $this->db->query($sql); @@ -1408,7 +1407,7 @@ class Categorie extends CommonObject $parents = array(); $sql = "SELECT fk_parent FROM ".MAIN_DB_PREFIX."categorie"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); @@ -1508,7 +1507,7 @@ class Categorie extends CommonObject $sql .= " WHERE ct.fk_categorie = c.rowid AND ct.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".(int) $id; // This seems useless because the table already contains id of category of 1 unique type. So commented. // So now it works also with external added categories. - //$sql .= " AND c.type = ".$this->MAP_ID[$type]; + //$sql .= " AND c.type = ".((int) $this->MAP_ID[$type]); $sql .= " AND c.entity IN (".getEntity('category').")"; $res = $this->db->query($sql); @@ -1803,7 +1802,7 @@ class Categorie extends CommonObject foreach ($langs_available as $key => $value) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang"; - $sql .= " WHERE fk_category=".$this->id; + $sql .= " WHERE fk_category=".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); @@ -1811,13 +1810,13 @@ class Categorie extends CommonObject if ($key == $current_lang) { if ($this->db->num_rows($result)) { // si aucune ligne dans la base $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; - $sql2 .= " SET label='".$this->db->escape($this->label)."',"; - $sql2 .= " description='".$this->db->escape($this->description)."'"; - $sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " SET label = '".$this->db->escape($this->label)."',"; + $sql2 .= " description = '".$this->db->escape($this->description)."'"; + $sql2 .= " WHERE fk_category = ".((int) $this->id)." AND lang = '".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->label); - $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; + $sql2 .= " VALUES(".((int) $this->id).", '".$this->db->escape($key)."', '".$this->db->escape($this->label)."'"; + $sql2 .= ", '".$this->db->escape($this->multilangs["$key"]["description"])."')"; } dol_syslog(get_class($this).'::setMultiLangs', LOG_DEBUG); if (!$this->db->query($sql2)) { @@ -1829,11 +1828,11 @@ class Categorie extends CommonObject $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; $sql2 .= " SET label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; $sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; - $sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->multilangs["$key"]["label"]); - $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; + $sql2 .= " VALUES(".((int) $this->id).", '".$this->db->escape($key)."', '".$this->db->escape($this->multilangs["$key"]["label"])."'"; + $sql2 .= ",'".$this->db->escape($this->multilangs["$key"]["description"])."')"; } // on ne sauvegarde pas des champs vides @@ -1871,7 +1870,7 @@ class Categorie extends CommonObject $sql = "SELECT lang, label, description"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang"; - $sql .= " WHERE fk_category=".$this->id; + $sql .= " WHERE fk_category=".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index cd5d7ad8214..80f64210bf5 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -274,11 +274,7 @@ if ($action == 'edit') { print '
'; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action != 'add') { @@ -334,11 +330,7 @@ if ($action == 'add' && ($user->rights->produit->creer || $user->rights->service print ''; print ''; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 97a573ce86f..a7dba92085a 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -591,10 +591,10 @@ if (empty($reshook) && $action == 'update') { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = 'dolresource'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element)."'"; - $sql .= " WHERE ac.id != ".$object->id; + $sql .= " WHERE ac.id <> ".((int) $object->id); $sql .= " AND er.resource_id IN ("; $sql .= " SELECT resource_id FROM ".MAIN_DB_PREFIX."element_resources"; - $sql .= " WHERE element_id = ".$object->id; + $sql .= " WHERE element_id = ".((int) $object->id); $sql .= " AND element_type = '".$db->escape($object->element)."'"; $sql .= " AND busy = 1"; $sql .= ")"; @@ -770,10 +770,10 @@ if (empty($reshook) && GETPOST('actionmove', 'alpha') == 'mupdate') { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = 'dolresource'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element)."'"; - $sql .= " WHERE ac.id != ".$object->id; + $sql .= " WHERE ac.id <> ".((int) $object->id); $sql .= " AND er.resource_id IN ("; $sql .= " SELECT resource_id FROM ".MAIN_DB_PREFIX."element_resources"; - $sql .= " WHERE element_id = ".$object->id; + $sql .= " WHERE element_id = ".((int) $object->id); $sql .= " AND element_type = '".$db->escape($object->element)."'"; $sql .= " AND busy = 1"; $sql .= ")"; @@ -1317,15 +1317,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - if (empty($backtopage)) { - print ''; - } else { - print ''; - } - print '
'; + print $form->buttonsSaveCancel("Add"); print ""; } @@ -1804,11 +1796,7 @@ if ($id > 0) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { @@ -1863,7 +1851,7 @@ if ($id > 0) { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index bbf86d87c59..df73c6a70f7 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -542,18 +542,18 @@ class ActionComm extends CommonObject $sql .= (isset($this->type_id) ? $this->type_id : "null").","; $sql .= ($code ? ("'".$this->db->escape($code)."'") : "null").", "; $sql .= (!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null").", "; - $sql .= ((isset($this->socid) && $this->socid > 0) ? $this->socid : "null").", "; - $sql .= ((isset($this->fk_project) && $this->fk_project > 0) ? $this->fk_project : "null").", "; + $sql .= ((isset($this->socid) && $this->socid > 0) ? ((int) $this->socid) : "null").", "; + $sql .= ((isset($this->fk_project) && $this->fk_project > 0) ? ((int) $this->fk_project) : "null").", "; $sql .= " '".$this->db->escape($this->note_private)."', "; - $sql .= ((isset($this->contact_id) && $this->contact_id > 0) ? $this->contact_id : "null").", "; // deprecated, use ->socpeopleassigned + $sql .= ((isset($this->contact_id) && $this->contact_id > 0) ? ((int) $this->contact_id) : "null").", "; // deprecated, use ->socpeopleassigned $sql .= (isset($user->id) && $user->id > 0 ? $user->id : "null").", "; $sql .= ($userownerid > 0 ? $userownerid : "null").", "; $sql .= ($userdoneid > 0 ? $userdoneid : "null").", "; $sql .= "'".$this->db->escape($this->label)."','".$this->db->escape($this->percentage)."','".$this->db->escape($this->priority)."','".$this->db->escape($this->fulldayevent)."','".$this->db->escape($this->location)."', "; $sql .= "'".$this->db->escape($this->transparency)."', "; - $sql .= (!empty($this->fk_element) ? $this->fk_element : "null").", "; + $sql .= (!empty($this->fk_element) ? ((int) $this->fk_element) : "null").", "; $sql .= (!empty($this->elementtype) ? "'".$this->db->escape($this->elementtype)."'" : "null").", "; - $sql .= $conf->entity.","; + $sql .= ((int) $conf->entity).","; $sql .= (!empty($this->extraparams) ? "'".$this->db->escape($this->extraparams)."'" : "null").", "; // Fields emails $sql .= (!empty($this->email_msgid) ? "'".$this->db->escape($this->email_msgid)."'" : "null").", "; @@ -585,15 +585,18 @@ class ActionComm extends CommonObject //dol_syslog(var_export($this->userassigned, true)); $already_inserted = array(); foreach ($this->userassigned as $key => $val) { - if (!is_array($val)) { // For backward compatibility when val=id + // Common value with new behavior is to have $val = array('id'=>iduser, 'transparency'=>0|1) and $this->userassigned is an array of iduser => $val. + if (!is_array($val)) { // For backward compatibility when $val='id'. $val = array('id'=>$val); } if ($val['id'] > 0) { - if (!empty($already_inserted[$val['id']])) continue; + if (!empty($already_inserted[$val['id']])) { + continue; + } $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'user', ".$val['id'].", ".(empty($val['mandatory']) ? '0' : $val['mandatory']).", ".(empty($val['transparency']) ? '0' : $val['transparency']).", ".(empty($val['answer_status']) ? '0' : $val['answer_status']).")"; + $sql .= " VALUES(".((int) $this->id).", 'user', ".((int) $val['id']).", ".(empty($val['mandatory']) ? '0' : ((int) $val['mandatory'])).", ".(empty($val['transparency']) ? '0' : ((int) $val['transparency'])).", ".(empty($val['answer_status']) ? '0' : ((int) $val['answer_status'])).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -612,10 +615,13 @@ class ActionComm extends CommonObject if (!empty($this->socpeopleassigned)) { $already_inserted = array(); foreach ($this->socpeopleassigned as $id => $val) { - if (!empty($already_inserted[$val['id']])) continue; + // Common value with new behavior is to have $val = iduser and $this->socpeopleassigned is an array of iduser => $val. + if (!empty($already_inserted[$id])) { + continue; + } $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'socpeople', ".$id.", 0, 0, 0)"; + $sql .= " VALUES(".((int) $this->id).", 'socpeople', ".((int) $id).", 0, 0, 0)"; $resql = $this->db->query($sql); if (!$resql) { @@ -623,7 +629,7 @@ class ActionComm extends CommonObject dol_syslog('Error to process socpeopleassigned: ' . $this->db->lasterror(), LOG_ERR); $this->errors[] = $this->db->lasterror(); } else { - $already_inserted[$val['id']] = true; + $already_inserted[$id] = true; } } } @@ -875,7 +881,7 @@ class ActionComm extends CommonObject $sql = 'SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm_resources'; - $sql .= ' WHERE fk_actioncomm = '.$this->id; + $sql .= ' WHERE fk_actioncomm = '.((int) $this->id); $sql .= " AND element_type IN ('user', 'socpeople')"; $resql = $this->db->query($sql); if ($resql) { @@ -919,7 +925,7 @@ class ActionComm extends CommonObject // phpcs:enable $sql = "SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_resources"; - $sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".$this->id; + $sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".((int) $this->id); $resql2 = $this->db->query($sql); if ($resql2) { @@ -973,7 +979,7 @@ class ActionComm extends CommonObject // remove categorie association if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_actioncomm"; - $sql .= " WHERE fk_actioncomm=".$this->id; + $sql .= " WHERE fk_actioncomm=".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -985,7 +991,7 @@ class ActionComm extends CommonObject // remove actioncomm_resources if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources"; - $sql .= " WHERE fk_actioncomm=".$this->id; + $sql .= " WHERE fk_actioncomm=".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -996,7 +1002,7 @@ class ActionComm extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; - $sql .= " WHERE fk_actioncomm = ".$this->id; + $sql .= " WHERE fk_actioncomm = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -1017,7 +1023,7 @@ class ActionComm extends CommonObject // remove actioncomm if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm"; - $sql .= " WHERE id=".$this->id; + $sql .= " WHERE id=".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -1159,7 +1165,7 @@ class ActionComm extends CommonObject // Now insert assignedusers if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'user'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'user'"; $resql = $this->db->query($sql); $already_inserted = array(); @@ -1170,7 +1176,7 @@ class ActionComm extends CommonObject if (!empty($already_inserted[$val['id']])) continue; $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'user', ".$val['id'].", ".(empty($val['mandatory']) ? '0' : $val['mandatory']).", ".(empty($val['transparency']) ? '0' : $val['transparency']).", ".(empty($val['answer_status']) ? '0' : $val['answer_status']).")"; + $sql .= " VALUES(".((int) $this->id).", 'user', ".((int) $val['id']).", ".(empty($val['mandatory']) ? '0' : ((int) $val['mandatory'])).", ".(empty($val['transparency']) ? '0' : ((int) $val['transparency'])).", ".(empty($val['answer_status']) ? '0' : ((int) $val['answer_status'])).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -1184,7 +1190,7 @@ class ActionComm extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'socpeople'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'socpeople'"; $resql = $this->db->query($sql); if (!empty($this->socpeopleassigned)) { @@ -1193,7 +1199,7 @@ class ActionComm extends CommonObject if (!empty($already_inserted[$val['id']])) continue; $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'socpeople', ".$id.", 0, 0, 0)"; + $sql .= " VALUES(".((int) $this->id).", 'socpeople', ".((int) $id).", 0, 0, 0)"; $resql = $this->db->query($sql); if (!$resql) { @@ -1320,7 +1326,7 @@ class ActionComm extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; } if (!$user->rights->agenda->allactions->read) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".$user->id; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".((int) $user->id); } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; $sql .= " WHERE 1 = 1"; @@ -1329,14 +1335,14 @@ class ActionComm extends CommonObject } $sql .= " AND a.entity IN (".getEntity('agenda').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($user->socid) { - $sql .= " AND a.fk_soc = ".$user->socid; + $sql .= " AND a.fk_soc = ".((int) $user->socid); } if (!$user->rights->agenda->allactions->read) { - $sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id; - $sql .= " OR ar.fk_element = ".$user->id; // Added by PV + $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id); + $sql .= " OR ar.fk_element = ".((int) $user->id); $sql .= ")"; } @@ -2226,7 +2232,7 @@ class ActionComm extends CommonObject //Select all action comm reminders for event $sql = "SELECT rowid as id, typeremind, dateremind, status, offsetvalue, offsetunit, fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; - $sql .= " WHERE fk_actioncomm = ".$this->id; + $sql .= " WHERE fk_actioncomm = ".((int) $this->id); if ($onlypast) { $sql .= " AND dateremind <= '".$this->db->idate(dol_now())."'"; } diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index eb1ac59cfe0..4c4d44c3a6e 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -108,6 +108,8 @@ $help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:M&omodulodulo_Agenda'; llxHeader('', $langs->trans("Agenda"), $help_url); +$now = dol_now(); +$delay_warning = $conf->global->MAIN_DELAY_ACTIONS_TODO * 24 * 60 * 60; if ($object->id > 0) { $result1 = $object->fetch($id); @@ -135,9 +137,6 @@ if ($object->id > 0) { $head = actions_prepare_head($object); - $now = dol_now(); - $delay_warning = $conf->global->MAIN_DELAY_ACTIONS_TODO * 24 * 60 * 60; - print dol_get_fiche_head($head, 'documents', $langs->trans("Action"), -1, 'action'); $linkback = img_picto($langs->trans("BackToList"), 'object_list', 'class="hideonsmartphone pictoactionview"'); diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index cba52bf2384..19aff1699c8 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -448,7 +448,7 @@ if ($action == 'show_day') { } $nav .= $form->selectDate($dateselect, 'dateselect', 0, 0, 1, '', 1, 0); -//$nav .= ' '; +//$nav .= ' '; $nav .= ''; // Must be after the nav definition @@ -692,7 +692,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.$socid; @@ -878,7 +878,7 @@ if ($showbirthday) { // Add events in array $sql = 'SELECT sp.rowid, sp.lastname, sp.firstname, sp.birthday'; $sql .= ' FROM '.MAIN_DB_PREFIX.'socpeople as sp'; - $sql .= ' WHERE (priv=0 OR (priv=1 AND fk_user_creat='.$user->id.'))'; + $sql .= ' WHERE (priv=0 OR (priv=1 AND fk_user_creat='.((int) $user->id).'))'; $sql .= " AND sp.entity IN (".getEntity('socpeople').")"; if ($action == 'show_day') { $sql .= ' AND MONTH(birthday) = '.((int) $month); diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 9aebf9d3ed9..95d882f8076 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -381,7 +381,7 @@ $sql .= " sp.lastname, sp.firstname, sp.email, sp.phone, sp.address, sp.phone as // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } @@ -447,7 +447,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index b39d6c3141d..b1fecbf6475 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -558,7 +558,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.((int) $socid); diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 10d9871c4c9..413de33db1f 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -579,7 +579,7 @@ if ($pid) { $sql .= " AND a.fk_project = ".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.((int) $socid); diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index fefee1c07dd..015e06df36a 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -826,7 +826,7 @@ if ($object->id > 0) { $sql .= ", p.datep as dp, p.fin_validite as date_limit"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c"; $sql .= " WHERE p.fk_soc = s.rowid AND p.fk_statut = c.id"; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('propal').")"; $sql .= " ORDER BY p.datep DESC"; @@ -891,7 +891,7 @@ if ($object->id > 0) { $sql .= ", c.facture as billed"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; $sql .= " WHERE c.fk_soc = s.rowid "; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('commande').')'; $sql .= " ORDER BY c.date_commande DESC"; @@ -907,7 +907,7 @@ if ($object->id > 0) { $sql2 .= ' FROM '.MAIN_DB_PREFIX.'societe as s'; $sql2 .= ', '.MAIN_DB_PREFIX.'commande as c'; $sql2 .= ' WHERE c.fk_soc = s.rowid'; - $sql2 .= ' AND s.rowid = '.$object->id; + $sql2 .= ' AND s.rowid = '.((int) $object->id); // Show orders with status validated, shipping started and delivered (well any order we can bill) $sql2 .= " AND ((c.fk_statut IN (1,2)) OR (c.fk_statut = 3 AND c.facture = 0))"; @@ -967,7 +967,7 @@ if ($object->id > 0) { $sql .= ', s.nom'; $sql .= ', s.rowid as socid'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."expedition as e"; - $sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND e.entity IN (".getEntity('expedition').")"; $sql .= ' GROUP BY e.rowid'; $sql .= ', e.ref'; @@ -1032,7 +1032,7 @@ if ($object->id > 0) { $sql = "SELECT s.nom, s.rowid, c.rowid as id, c.ref as ref, c.statut as contract_status, c.datec as dc, c.date_contrat as dcon, c.ref_customer as refcus, c.ref_supplier as refsup"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c"; $sql .= " WHERE c.fk_soc = s.rowid "; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('contract').")"; $sql .= " ORDER BY c.datec DESC"; @@ -1106,7 +1106,7 @@ if ($object->id > 0) { $sql = "SELECT s.nom, s.rowid, f.rowid as id, f.ref, f.fk_statut, f.duree as duration, f.datei as startdate"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f"; $sql .= " WHERE f.fk_soc = s.rowid"; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('intervention').")"; $sql .= " ORDER BY f.tms DESC"; @@ -1171,7 +1171,7 @@ if ($object->id > 0) { $sql .= ', f.suspended as suspended'; $sql .= ', s.nom, s.rowid as socid'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_rec as f"; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= ' GROUP BY f.rowid, f.titre, f.total_ht, f.total_tva, f.total_ttc,'; $sql .= ' f.date_last_gen, f.datec, f.frequency, f.unit_frequency,'; @@ -1263,7 +1263,7 @@ if ($object->id > 0) { $sql .= ', SUM(pf.amount) as am'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON f.rowid=pf.fk_facture'; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= ' GROUP BY f.rowid, f.ref, f.type, f.total_ht, f.total_tva, f.total_ttc,'; $sql .= ' f.datef, f.datec, f.paye, f.fk_statut,'; diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 1d74cba61cd..52f6e675c5f 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -90,7 +90,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc"; $sql .= " WHERE s.fk_stcomm = st.id"; $sql .= " AND p.entity IN (".getEntity('socpeople').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($type == "c") { $sql .= " AND s.client IN (1, 3)"; diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index 48e08ce3c0d..2603b520c77 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -106,10 +106,16 @@ print load_fiche_titre($langs->trans("CommercialArea"), '', 'commercial'); print '
'; -print getCustomerProposalPieChart($socid); -print '
'; -print getCustomerOrderPieChart($socid); -print '
'; +$tmp = getCustomerProposalPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} +$tmp = getCustomerOrderPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} /* * Draft customer proposals @@ -130,7 +136,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = ".Propal::STATUS_DRAFT; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -227,7 +233,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa $sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT; $sql .= " AND p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -323,7 +329,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -420,10 +426,10 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT; $sql .= " AND cf.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { - $sql .= " AND cf.fk_soc = ".$socid; + $sql .= " AND cf.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -561,7 +567,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) { $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = $socid"; @@ -657,7 +663,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.fournisseur = ".Societe::SUPPLIER; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -763,7 +769,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_product = p.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -838,7 +844,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -954,7 +960,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_SHIPMENTONPROCESS.")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index e03d13c29e8..8b97f23737e 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -165,7 +165,7 @@ if (empty($reshook)) { $now = dol_now(); // Positioning date of start sending - $sql = "UPDATE ".MAIN_DB_PREFIX."mailing SET date_envoi='".$db->idate($now)."' WHERE rowid=".$object->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."mailing SET date_envoi='".$db->idate($now)."' WHERE rowid=".((int) $object->id); $resql2 = $db->query($sql); if (!$resql2) { dol_print_error($db); @@ -368,7 +368,7 @@ if (empty($reshook)) { dol_syslog("comm/mailing/card.php: error for #".$i.($mail->error ? ' - '.$mail->error : ''), LOG_WARNING); $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " SET statut=-1, error_text='".$db->escape($mail->error)."', date_envoi='".$db->idate($now)."' WHERE rowid=".$obj->rowid; + $sql .= " SET statut=-1, error_text='".$db->escape($mail->error)."', date_envoi='".$db->idate($now)."' WHERE rowid=".((int) $obj->rowid); $resql2 = $db->query($sql); if (!$resql2) { dol_print_error($db); diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 3f2cfc2974c..4411b8a326a 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -60,7 +60,7 @@ $search_lastname = GETPOST("search_lastname", 'alphanohtml'); $search_firstname = GETPOST("search_firstname", 'alphanohtml'); $search_email = GETPOST("search_email", 'alphanohtml'); $search_other = GETPOST("search_other", 'alphanohtml'); -$search_dest_status = GETPOST('search_dest_status', 'alphanohtml'); +$search_dest_status = GETPOST('search_dest_status', 'int'); // Search modules dirs $modulesdir = dolGetModulesDirs('/mailings'); @@ -135,7 +135,7 @@ if (GETPOST('exportcsv', 'int')) { $sql = "SELECT mc.rowid, mc.lastname, mc.firstname, mc.email, mc.other, mc.statut as status, mc.date_envoi, mc.tms,"; $sql .= " mc.source_id, mc.source_type, mc.error_text"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc"; - $sql .= " WHERE mc.fk_mailing=".$object->id; + $sql .= " WHERE mc.fk_mailing=".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); $resql = $db->query($sql); @@ -454,7 +454,7 @@ if ($object->fetch($id) >= 0) { $sql = "SELECT mc.rowid, mc.lastname, mc.firstname, mc.email, mc.other, mc.statut, mc.date_envoi, mc.tms,"; $sql .= " mc.source_url, mc.source_id, mc.source_type, mc.error_text"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc"; - $sql .= " WHERE mc.fk_mailing=".$object->id; + $sql .= " WHERE mc.fk_mailing=".((int) $object->id); $asearchcriteriahasbeenset = 0; if ($search_lastname) { $sql .= natural_search("mc.lastname", $search_lastname); @@ -473,7 +473,7 @@ if ($object->fetch($id) >= 0) { $asearchcriteriahasbeenset++; } if ($search_dest_status != '' && $search_dest_status >= -1) { - $sql .= " AND mc.statut=".$db->escape($search_dest_status)." "; + $sql .= " AND mc.statut = ".((int) $search_dest_status); $asearchcriteriahasbeenset++; } $sql .= $db->order($sortfield, $sortorder); @@ -539,6 +539,8 @@ if ($object->fetch($id) >= 0) { } $morehtmlcenter .= '   id.'">'.$langs->trans("Download").''; + $massactionbutton = ''; + print_barre_liste($langs->trans("MailSelectedRecipients"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $morehtmlcenter, $num, $nbtotalofrecords, 'generic', 0, '', '', $limit); print ''; diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index 9051ebfa921..79e25c83385 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -181,7 +181,7 @@ class AdvanceTargetingMailing extends CommonObject $this->db->begin(); - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; $this->errors[] = "Error ".$this->db->lasterror(); @@ -230,7 +230,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; $sql .= " WHERE t.rowid = ".((int) $id); - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -289,7 +289,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = 'mailing'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -352,7 +352,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = '".$this->db->escape($type_element)."'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -422,7 +422,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -600,31 +600,31 @@ class AdvanceTargetingMailing extends CommonObject if (($extrafields->attributes[$elementtype]['type'][$key] == 'varchar') || ($extrafields->attributes[$elementtype]['type'][$key] == 'text')) { if (!empty($arrayquery['options_'.$key])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key])."')"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') || ($extrafields->attributes[$elementtype]['type'][$key] == 'double')) { if (!empty($arrayquery['options_'.$key.'_max'])) { - $sqlwhere[] = " (te.".$key." >= ".$arrayquery['options_'.$key.'_max']." AND te.".$key." <= ".$arrayquery['options_'.$key.'_min'].")"; + $sqlwhere[] = " (te.".$key." >= ".((float) $arrayquery["options_".$key."_max"])." AND te.".$key." <= ".((float) $arrayquery["options_".$key.'_min']).")"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'date') || ($extrafields->attributes[$elementtype]['type'][$key] == 'datetime')) { if (!empty($arrayquery['options_'.$key.'_end_dt'])) { - $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery['options_'.$key.'_st_dt'])."' AND te.".$key." <= '".$this->db->idate($arrayquery['options_'.$key.'_end_dt'])."')"; + $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery["options_".$key."_st_dt"])."' AND te.".$key." <= '".$this->db->idate($arrayquery["options_".$key."_end_dt"])."')"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'boolean') { if ($arrayquery['options_'.$key] != '') { - $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery['options_'.$key]).")"; + $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery["options_".$key]).")"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'link') { if ($arrayquery['options_'.$key] > 0) { - $sqlwhere[]= " (te.".$key." = ".((int) $arrayquery['options_'.$key]).")"; + $sqlwhere[]= " (te.".$key." = ".((int) $arrayquery["options_".$key]).")"; } } else { if (is_array($arrayquery['options_'.$key])) { - $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))"; + $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery["options_".$key])."'", 1)."))"; } elseif (!empty($arrayquery['options_'.$key])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key])."')"; } } } @@ -636,7 +636,7 @@ class AdvanceTargetingMailing extends CommonObject } - dol_syslog(get_class($this)."::query_thirdparty sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::query_thirdparty", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $this->thirdparty_lines = array(); @@ -743,31 +743,31 @@ class AdvanceTargetingMailing extends CommonObject if (($extrafields->attributes[$elementtype]['type'][$key] == 'varchar') || ($extrafields->attributes[$elementtype]['type'][$key] == 'text')) { if (!empty($arrayquery['options_'.$key.'_cnct'])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key.'_cnct'])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key."_cnct"])."')"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') || ($extrafields->attributes[$elementtype]['type'][$key] == 'double')) { if (!empty($arrayquery['options_'.$key.'_max_cnct'])) { - $sqlwhere[] = " (te.".$key." >= ".$arrayquery['options_'.$key.'_max_cnct']." AND te.".$key." <= ".$arrayquery['options_'.$key.'_min_cnct'].")"; + $sqlwhere[] = " (te.".$key." >= ".((float) $arrayquery["options_".$key."_max_cnct"])." AND te.".$key." <= ".((float) $arrayquery["options_".$key."_min_cnct"]).")"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'date') || ($extrafields->attributes[$elementtype]['type'][$key] == 'datetime')) { if (!empty($arrayquery['options_'.$key.'_end_dt_cnct'])) { - $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery['options_'.$key.'_st_dt_cnct'])."' AND te.".$key." <= '".$this->db->idate($arrayquery['options_'.$key.'_end_dt_cnct'])."')"; + $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery["options_".$key."_st_dt_cnct"])."' AND te.".$key." <= '".$this->db->idate($arrayquery["options_".$key."_end_dt_cnct"])."')"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'boolean') { if ($arrayquery['options_'.$key.'_cnct'] != '') { if ($arrayquery['options_'.$key.'_cnct'] == 0) { - $sqlwhere[] = " (te.".$key." = ".$arrayquery['options_'.$key.'_cnct']." OR ((te.".$key." IS NULL) AND (te.fk_object IS NOT NULL)))"; + $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery["options_".$key."_cnct"])." OR ((te.".$key." IS NULL) AND (te.fk_object IS NOT NULL)))"; } else { - $sqlwhere[] = " (te.".$key." = ".$arrayquery['options_'.$key.'_cnct'].")"; + $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery["options_".$key."_cnct"]).")"; } } } else { if (is_array($arrayquery['options_'.$key.'_cnct'])) { - $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key.'_cnct'])."'", 1)."))"; + $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery["options_".$key."_cnct"])."'", 1)."))"; } elseif (!empty($arrayquery['options_'.$key.'_cnct'])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key.'_cnct'])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key."_cnct"])."')"; } } } @@ -850,22 +850,22 @@ class AdvanceTargetingMailing extends CommonObject } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') || ($extrafields->attributes[$elementtype]['type'][$key] == 'double')) { if (!empty($arrayquery['options_'.$key.'_max'])) { - $sqlwhere[] = " (tse.".$key." >= ".$arrayquery['options_'.$key.'_max']." AND tse.".$key." <= ".$arrayquery['options_'.$key.'_min'].")"; + $sqlwhere[] = " (tse.".$key." >= ".((float) $arrayquery["options_".$key."_max"])." AND tse.".$key." <= ".((float) $arrayquery["options_".$key."_min"]).")"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'date') || ($extrafields->attributes[$elementtype]['type'][$key] == 'datetime')) { if (!empty($arrayquery['options_'.$key.'_end_dt'])) { - $sqlwhere[] = " (tse.".$key." >= '".$this->db->idate($arrayquery['options_'.$key.'_st_dt'])."' AND tse.".$key." <= '".$this->db->idate($arrayquery['options_'.$key.'_end_dt'])."')"; + $sqlwhere[] = " (tse.".$key." >= '".$this->db->idate($arrayquery["options_".$key."_st_dt"])."' AND tse.".$key." <= '".$this->db->idate($arrayquery["options_".$key."_end_dt"])."')"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'boolean') { if ($arrayquery['options_'.$key] != '') { - $sqlwhere[] = " (tse.".$key." = ".$arrayquery['options_'.$key].")"; + $sqlwhere[] = " (tse.".$key." = ".((int) $arrayquery["options_".$key]).")"; } } else { if (is_array($arrayquery['options_'.$key])) { - $sqlwhere[] = " (tse.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))"; + $sqlwhere[] = " (tse.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery["options_".$key])."'", 1)."))"; } elseif (!empty($arrayquery['options_'.$key])) { - $sqlwhere[] = " (tse.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')"; + $sqlwhere[] = " (tse.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key])."')"; } } } @@ -877,7 +877,7 @@ class AdvanceTargetingMailing extends CommonObject } } - dol_syslog(get_class($this)."::query_contact sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::query_contact", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $this->contact_lines = array(); diff --git a/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php b/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php index 12684e5f873..cfdca4a1fc2 100644 --- a/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php +++ b/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php @@ -237,22 +237,22 @@ class FormAdvTargetEmailing extends Form $keyList = 'rowid'; if (count($InfoFieldList) >= 3) { - if (strpos($InfoFieldList [3], 'extra.') !== false) { - $keyList = 'main.'.$InfoFieldList [2].' as rowid'; + if (strpos($InfoFieldList[3], 'extra.') !== false) { + $keyList = 'main.'.$InfoFieldList[2].' as rowid'; } else { - $keyList = $InfoFieldList [2].' as rowid'; + $keyList = $InfoFieldList[2].' as rowid'; } } - $sql = 'SELECT '.$keyList.', '.$InfoFieldList [1]; - $sql .= ' FROM '.MAIN_DB_PREFIX.$InfoFieldList [0]; - if (!empty($InfoFieldList [3])) { + $sql = "SELECT ".$keyList.", ".$InfoFieldList[1]; + $sql .= " FROM ".MAIN_DB_PREFIX.$InfoFieldList[0]; + if (!empty($InfoFieldList[3])) { // We have to join on extrafield table - if (strpos($InfoFieldList [3], 'extra') !== false) { - $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList [0].'_extrafields as extra'; - $sql .= ' WHERE extra.fk_object=main.'.$InfoFieldList [2].' AND '.$InfoFieldList [3]; + if (strpos($InfoFieldList[3], 'extra') !== false) { + $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; + $sql .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[3]; } else { - $sql .= ' WHERE '.$InfoFieldList [3]; + $sql .= " WHERE ".$InfoFieldList[3]; } } if (!empty($InfoFieldList[1])) { @@ -267,7 +267,7 @@ class FormAdvTargetEmailing extends Form if ($num) { while ($i < $num) { $obj = $this->db->fetch_object($resql); - $labeltoshow = dol_trunc($obj->$InfoFieldList [1], 90); + $labeltoshow = dol_trunc($obj->$InfoFieldList[1], 90); $options_array[$obj->rowid] = $labeltoshow; $i++; } diff --git a/htdocs/comm/mailing/class/mailing.class.php b/htdocs/comm/mailing/class/mailing.class.php index d281fcb1a3a..2f9ef25af31 100644 --- a/htdocs/comm/mailing/class/mailing.class.php +++ b/htdocs/comm/mailing/class/mailing.class.php @@ -228,7 +228,7 @@ class Mailing extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing"; $sql .= " (date_creat, fk_user_creat, entity)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$user->id.", ".$conf->entity.")"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $user->id).", ".((int) $conf->entity).")"; if (!$this->title) { $this->title = $langs->trans("NoTitle"); @@ -490,7 +490,7 @@ class Mailing extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."mailing "; $sql .= " SET statut = 1, date_valid = '".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("Mailing::valid", LOG_DEBUG); if ($this->db->query($sql)) { @@ -555,7 +555,7 @@ class Mailing extends CommonObject { // phpcs:enable $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); dol_syslog("Mailing::delete_targets", LOG_DEBUG); $resql = $this->db->query($sql); @@ -582,7 +582,7 @@ class Mailing extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; $sql .= " SET statut = 0"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); dol_syslog("Mailing::reset_targets_status", LOG_DEBUG); $resql = $this->db->query($sql); @@ -604,7 +604,7 @@ class Mailing extends CommonObject public function countNbOfTargets($mode) { $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); if ($mode == 'alreadysent') { $sql .= " AND statut <> 0"; } elseif ($mode == 'alreadysentok') { @@ -638,7 +638,7 @@ class Mailing extends CommonObject public function refreshNbOfTargets() { $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -647,7 +647,7 @@ class Mailing extends CommonObject $nbforupdate = $obj->nb; $sql = 'UPDATE '.MAIN_DB_PREFIX.'mailing SET nbemail = '.((int) $nbforupdate); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' WHERE rowid = '.((int) $this->id); $resqlupdate = $this->db->query($sql); if (! $resqlupdate) { diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php index fb10c6435af..8da9a17ebb2 100644 --- a/htdocs/comm/multiprix.php +++ b/htdocs/comm/multiprix.php @@ -121,7 +121,7 @@ if ($_socid > 0) { print dol_get_fiche_end(); - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ""; @@ -134,7 +134,7 @@ if ($_socid > 0) { */ $sql = "SELECT rc.rowid,rc.price_level, rc.datec as dc, u.rowid as uid, u.login"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_prices as rc, ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE rc.fk_soc =".$objsoc->id; + $sql .= " WHERE rc.fk_soc = ".((int) $objsoc->id); $sql .= " AND u.rowid = rc.fk_user_author"; $sql .= " ORDER BY rc.datec DESC"; diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 163581221a8..ce74c510bc7 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -6,7 +6,7 @@ * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2006 Andre Cianfarani * Copyright (C) 2010-2016 Juanjo Menent - * Copyright (C) 2010-2018 Philippe Grand + * Copyright (C) 2010-2021 Philippe Grand * Copyright (C) 2012-2013 Christophe Battarel * Copyright (C) 2012 Cedric Salvador * Copyright (C) 2013-2014 Florian Henry @@ -121,7 +121,7 @@ $usercansend = (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights-> $usercancreateorder = $user->rights->commande->creer; $usercancreateinvoice = $user->rights->facture->creer; $usercancreatecontract = $user->rights->contrat->creer; -$usercancreateintervention = $user->rights->ficheinter->creer; +$usercancreateintervention = $user->hasRight('ficheinter', 'creer'); $usercancreatepurchaseorder = ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer); $permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc.php @@ -260,10 +260,10 @@ if (empty($reshook)) { if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) { $outputlangs = $langs; $newlang = ''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id', 'aZ09')) { + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang) && GETPOST('lang_id', 'aZ09')) { $newlang = GETPOST('lang_id', 'aZ09'); } - if ($conf->global->MAIN_MULTILANGS && empty($newlang)) { + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang)) { $newlang = $object->thirdparty->default_lang; } if (!empty($newlang)) { @@ -1860,11 +1860,8 @@ if ($action == 'create') { print dol_get_fiche_end(); $langs->load("bills"); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + + print $form->buttonsSaveCancel("CreateDraft"); print ""; @@ -2073,7 +2070,7 @@ if ($action == 'create') { print ''; print ''; print $form->selectDate($object->date, 're', '', '', 0, "editdate"); - print ''; + print ''; print ''; } else { if ($object->date) { @@ -2100,7 +2097,7 @@ if ($action == 'create') { print ''; print ''; print $form->selectDate($object->fin_validite, 'ech', '', '', '', "editecheance"); - print ''; + print ''; print ''; } else { if (!empty($object->fin_validite)) { diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 3bc30d7d729..d92638d7347 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1727,7 +1727,7 @@ class Propal extends CommonObject $sql .= ' d.fk_multicurrency, d.multicurrency_code, d.multicurrency_subprice, d.multicurrency_total_ht, d.multicurrency_total_tva, d.multicurrency_total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'propaldet as d'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON (d.fk_product = p.rowid)'; - $sql .= ' WHERE d.fk_propal = '.$this->id; + $sql .= ' WHERE d.fk_propal = '.((int) $this->id); if ($only_product) { $sql .= ' AND p.fk_product_type = 0'; } @@ -1879,8 +1879,8 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET ref = '".$this->db->escape($num)."',"; - $sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1906,7 +1906,7 @@ class Propal extends CommonObject if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'propale/".$this->db->escape($this->newref)."'"; - $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -1974,7 +1974,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET datep = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2030,7 +2030,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET fin_validite = ".($date_fin_validite != '' ? "'".$this->db->idate($date_fin_validite)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2101,7 +2101,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; $sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2156,9 +2156,9 @@ class Propal extends CommonObject $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; - $sql .= " SET fk_availability = '".$id."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; + $sql .= " SET fk_availability = ".((int) $id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__.' availability('.$id.')', LOG_DEBUG); $resql = $this->db->query($sql); @@ -2221,7 +2221,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; $sql .= " SET fk_input_reason = ".((int) $id); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2284,8 +2284,8 @@ class Propal extends CommonObject $this->db->begin(); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal SET ref_client = '.(empty($ref_client) ? 'NULL' : '\''.$this->db->escape($ref_client).'\''); - $sql .= ' WHERE rowid = '.$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET ref_client = ".(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'"); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__.' $this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2346,7 +2346,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2409,7 +2409,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET remise_absolue = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2530,7 +2530,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2627,8 +2627,8 @@ class Propal extends CommonObject $newprivatenote = dol_concatdesc($this->note_private, $note); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal SET fk_statut = '.self::STATUS_BILLED.", "; - $sql .= " note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_SIGNED; + $sql .= " note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".((int) $user->id); + $sql .= ' WHERE rowid = '.((int) $this->id).' AND fk_statut = '.((int) self::STATUS_SIGNED); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2707,7 +2707,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -2780,7 +2780,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = c.id"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -2789,7 +2789,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_statut = ".self::STATUS_DRAFT; } if ($notcurrentuser > 0) { - $sql .= " AND p.fk_user_author <> ".$user->id; + $sql .= " AND p.fk_user_author <> ".((int) $user->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -2934,7 +2934,7 @@ class Propal extends CommonObject if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -2970,7 +2970,7 @@ class Propal extends CommonObject // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -3285,7 +3285,7 @@ class Propal extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('propal').")"; @@ -3296,7 +3296,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_statut = ".self::STATUS_SIGNED; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3462,7 +3462,7 @@ class Propal extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('propal').")"; @@ -4087,7 +4087,7 @@ class PropaleLigne extends CommonObjectLine $sql .= " ".price2num($this->localtax2_tx).","; $sql .= " '".$this->db->escape($this->localtax1_type)."',"; $sql .= " '".$this->db->escape($this->localtax2_type)."',"; - $sql .= " ".(price2num($this->subprice) !== '' ?price2num($this->subprice) : "null").","; + $sql .= " ".(price2num($this->subprice) !== '' ? price2num($this->subprice) : "null").","; $sql .= " ".price2num($this->remise_percent).","; $sql .= " ".(isset($this->info_bits) ? "'".$this->db->escape($this->info_bits)."'" : "null").","; $sql .= " ".price2num($this->total_ht).","; @@ -4097,12 +4097,12 @@ class PropaleLigne extends CommonObjectLine $sql .= " ".price2num($this->total_ttc).","; $sql .= " ".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null").","; $sql .= " ".(isset($this->pa_ht) ? "'".price2num($this->pa_ht)."'" : "null").","; - $sql .= ' '.$this->special_code.','; - $sql .= ' '.$this->rang.','; - $sql .= ' '.(!$this->fk_unit ? 'NULL' : $this->fk_unit).','; + $sql .= ' '.((int) $this->special_code).','; + $sql .= ' '.((int) $this->rang).','; + $sql .= ' '.(empty($this->fk_unit) ? 'NULL' : ((int) $this->fk_unit)).','; $sql .= " ".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null").','; $sql .= " ".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null"); - $sql .= ", ".($this->fk_multicurrency > 0 ? $this->fk_multicurrency : 'null'); + $sql .= ", ".($this->fk_multicurrency > 0 ? ((int) $this->fk_multicurrency) : 'null'); $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; $sql .= ", ".$this->multicurrency_subprice; $sql .= ", ".$this->multicurrency_total_ht; @@ -4156,7 +4156,7 @@ class PropaleLigne extends CommonObjectLine $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".$this->rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".((int) $this->rowid); dol_syslog("PropaleLigne::delete", LOG_DEBUG); if ($this->db->query($sql)) { // Remove extrafields diff --git a/htdocs/comm/propal/class/propalestats.class.php b/htdocs/comm/propal/class/propalestats.class.php index a06945a09a6..181e5b545f8 100644 --- a/htdocs/comm/propal/class/propalestats.class.php +++ b/htdocs/comm/propal/class/propalestats.class.php @@ -94,10 +94,10 @@ class PropaleStats extends Stats //$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity; $this->where .= ($this->where ? ' AND ' : '')."p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND p.fk_soc = ".$this->socid; + $this->where .= " AND p.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { $this->where .= ' AND fk_user_author = '.((int) $this->userid); diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 7ff3e405499..de2e4a1d64c 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -67,8 +67,11 @@ print load_fiche_titre($langs->trans("ProspectionArea"), '', 'propal'); print '
'; print '
'; -print getCustomerProposalPieChart($socid); -print '
'; +$tmp = getCustomerProposalPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} /* * Draft proposals @@ -85,7 +88,7 @@ if (!empty($conf->propal->enabled)) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut =".Propal::STATUS_DRAFT; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND p.fk_soc = ".((int) $socid); @@ -163,7 +166,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -236,7 +239,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { $sql .= " AND p.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -319,7 +322,7 @@ if (! empty($conf->propal->enabled)) $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 1"; if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); $sql.= " ORDER BY c.rowid DESC"; $resql=$db->query($sql); @@ -394,7 +397,7 @@ if (! empty($conf->propal->enabled)) $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 2 "; if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); $sql.= " ORDER BY c.rowid DESC"; $resql=$db->query($sql); diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index a21b4650f5b..ff8a583b0ef 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -346,7 +346,7 @@ if ($action == "sign" && $permissiontoclose) { foreach ($toselect as $checked) { if ($tmpproposal->fetch($checked)) { if ($tmpproposal->statut == $tmpproposal::STATUS_VALIDATED) { - $tmpproposal->statut = $tmpproposal::STATUS_SIGNED;; + $tmpproposal->statut = $tmpproposal::STATUS_SIGNED; if ($tmpproposal->closeProposal($user, $tmpproposal::STATUS_SIGNED)) { setEventMessage($tmpproposal->ref." ".$langs->trans('Signed'), 'mesgs'); } else { @@ -481,7 +481,7 @@ if ($search_categ_cus) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -526,7 +526,7 @@ $sql .= $hookmanager->resPrint; $sql .= ' WHERE p.fk_soc = s.rowid'; $sql .= ' AND p.entity IN ('.getEntity('propal').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_town) { @@ -581,7 +581,7 @@ if ($search_warehouse != '' && $search_warehouse > 0) { $sql .= natural_search("p.fk_warehouse", $search_warehouse, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND p.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND p.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('p.multicurrency_tx', $search_multicurrency_tx, 1); diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index bdf9b75998b..bcb0fefa7b8 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -189,13 +189,7 @@ if ($socid > 0) { print dol_get_fiche_end(); - print '
'; - print ''; - if (!empty($backtopage)) { - print '     '; - print ''; - } - print '
'; + print $form->buttonsSaveCancel("Modify"); print ""; @@ -214,7 +208,7 @@ if ($socid > 0) { $sql = "SELECT rc.rowid, rc.remise_client as remise_percent, rc.note, rc.datec as dc,"; $sql .= " u.login, u.rowid as user_id"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise as rc, ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE rc.fk_soc = ".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.entity IN (".getEntity('discount').")"; $sql .= " AND u.rowid = rc.fk_user_author"; $sql .= " ORDER BY rc.datec DESC"; @@ -266,7 +260,7 @@ if ($socid > 0) { $sql = "SELECT rc.rowid, rc.remise_supplier as remise_percent, rc.note, rc.datec as dc,"; $sql .= " u.login, u.rowid as user_id"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_supplier as rc, ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE rc.fk_soc = ".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.entity IN (".getEntity('discount').")"; $sql .= " AND u.rowid = rc.fk_user_author"; $sql .= " ORDER BY rc.datec DESC"; diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 8f26d897389..42a5ee42e16 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -267,8 +267,8 @@ if ($socid > 0) { $remise_all = $remise_user = 0; $sql = "SELECT SUM(rc.amount_ht) as amount, rc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND discount_type = 0"; // Exclude supplier discounts $sql .= " AND (fk_facture_line IS NULL AND fk_facture IS NULL)"; $sql .= " GROUP BY rc.fk_user"; @@ -297,8 +297,8 @@ if ($socid > 0) { $remise_all = $remise_user = 0; $sql = "SELECT SUM(rc.amount_ht) as amount, rc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND discount_type = 1"; // Exclude customer discounts $sql .= " AND (fk_invoice_supplier_line IS NULL AND fk_invoice_supplier IS NULL)"; $sql .= " GROUP BY rc.fk_user"; @@ -408,8 +408,8 @@ if ($socid > 0) { $sql .= " fa.ref as ref, fa.type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fa ON rc.fk_facture_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND u.rowid = rc.fk_user"; $sql .= " AND rc.discount_type = 0"; // Eliminate supplier discounts $sql .= " AND (rc.fk_facture_line IS NULL AND rc.fk_facture IS NULL)"; @@ -547,8 +547,8 @@ if ($socid > 0) { $sql .= " fa.ref, fa.type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fa ON rc.fk_invoice_supplier_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND u.rowid = rc.fk_user"; $sql .= " AND rc.discount_type = 1"; // Eliminate customer discounts $sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; @@ -700,7 +700,7 @@ if ($socid > 0) { $sql .= " , ".MAIN_DB_PREFIX."facturedet as fc"; $sql .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fa ON rc.fk_facture_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc =".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.fk_facture_line = fc.rowid"; $sql .= " AND fc.fk_facture = f.rowid"; $sql .= " AND rc.fk_user = u.rowid"; @@ -718,7 +718,7 @@ if ($socid > 0) { $sql2 .= " , ".MAIN_DB_PREFIX."user as u"; $sql2 .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql2 .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fa ON rc.fk_facture_source = fa.rowid"; - $sql2 .= " WHERE rc.fk_soc =".$object->id; + $sql2 .= " WHERE rc.fk_soc = ".((int) $object->id); $sql2 .= " AND rc.fk_facture = f.rowid"; $sql2 .= " AND rc.fk_user = u.rowid"; $sql2 .= " AND rc.discount_type = 0"; // Eliminate supplier discounts @@ -860,7 +860,7 @@ if ($socid > 0) { $sql .= " , ".MAIN_DB_PREFIX."facture_fourn_det as fc"; $sql .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fa ON rc.fk_invoice_supplier_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc =".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.fk_invoice_supplier_line = fc.rowid"; $sql .= " AND fc.fk_facture_fourn = f.rowid"; $sql .= " AND rc.fk_user = u.rowid"; @@ -878,7 +878,7 @@ if ($socid > 0) { $sql2 .= " , ".MAIN_DB_PREFIX."user as u"; $sql2 .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql2 .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fa ON rc.fk_invoice_supplier_source = fa.rowid"; - $sql2 .= " WHERE rc.fk_soc =".$object->id; + $sql2 .= " WHERE rc.fk_soc = ".((int) $object->id); $sql2 .= " AND rc.fk_invoice_supplier = f.rowid"; $sql2 .= " AND rc.fk_user = u.rowid"; $sql2 .= " AND rc.discount_type = 1"; // Eliminate customer discounts diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 8420a5e7f87..3152dd29044 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1568,7 +1568,7 @@ if ($action == 'create' && $usercancreate) { print ''.$langs->trans('Customer').''; if ($socid > 0) { print ''; - print $soc->getNomUrl(1); + print $soc->getNomUrl(1, 'customer'); print ''; print ''; } else { @@ -1822,12 +1822,7 @@ if ($action == 'create' && $usercancreate) { print dol_get_fiche_end(); - // Button "Create Draft" - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraft"); // Show origin lines if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { @@ -2019,7 +2014,7 @@ if ($action == 'create' && $usercancreate) { $morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, $usercancreate, 'string', '', 0, 1); $morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, $usercancreate, 'string', '', null, null, '', 1); // Thirdparty - $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$soc->getNomUrl(1); + $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$soc->getNomUrl(1, 'customer'); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { $morehtmlref .= ' ('.$langs->trans("OtherOrders").')'; } @@ -2115,7 +2110,7 @@ if ($action == 'create' && $usercancreate) { print ''; print ''; print $form->selectDate($object->date, 'order_', '', '', '', "setdate"); - print ''; + print ''; print ''; } else { print $object->date ? dol_print_date($object->date, 'day') : ' '; @@ -2136,7 +2131,7 @@ if ($action == 'create' && $usercancreate) { print ''; print ''; print $form->selectDate($object->delivery_date ? $object->delivery_date : -1, 'liv_', 1, 1, '', "setdate_livraison", 1, 0); - print ''; + print ''; print ''; } else { print $object->delivery_date ? dol_print_date($object->delivery_date, 'dayhour') : ' '; diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index 745fea5ab76..c67d5267e53 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -967,6 +967,102 @@ class Orders extends DolibarrApi return $this->_cleanObjectDatas($this->commande); } + /** + * Get the shipments of an order + * + * @param int $id Id of the order + * + * @url GET {id}/shipment + * + * @return array + * + * @throws RestException 401 + * @throws RestException 404 + * @throws RestException 500 + */ + public function getOrderShipments($id) + { + require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; + if (!DolibarrApiAccess::$user->rights->expedition->lire) { + throw new RestException(401); + } + $sql = "SELECT e.rowid"; + $sql .= " FROM ".MAIN_DB_PREFIX."expedition as e"; + $sql .= " JOIN ".MAIN_DB_PREFIX."expeditiondet as edet"; + $sql .= " ON e.rowid = edet.fk_expedition"; + $sql .= " JOIN ".MAIN_DB_PREFIX."commandedet as cdet"; + $sql .= " ON edet.fk_origin_line = cdet.rowid"; + $sql .= " JOIN ".MAIN_DB_PREFIX."commande as c"; + $sql .= " ON cdet.fk_commande = c.rowid"; + $sql .= " WHERE c.rowid = ".((int) $id); + $sql .= " GROUP BY e.rowid"; + $sql .= $this->db->order("e.rowid", "ASC"); + + dol_syslog("API Rest request"); + $result = $this->db->query($sql); + + if ($result) { + $num = $this->db->num_rows($result); + if ($num <= 0) { + throw new RestException(404, 'Shipments not found '); + } + $i = 0; + while ($i < $num) { + $obj = $this->db->fetch_object($result); + $shipment_static = new Expedition($this->db); + if ($shipment_static->fetch($obj->rowid)) { + $obj_ret[] = $this->_cleanObjectDatas($shipment_static); + } + $i++; + } + } else { + throw new RestException(500, 'Error when retrieve shipment list : '.$this->db->lasterror()); + } + return $obj_ret; + } + + /** + * Create the shipment of an order + * + * @param int $id Id of the order + * @param int $warehouse_id Id of a warehouse + * + * @url POST {id}/shipment/{warehouse_id} + * + * @return int + * + * @throws RestException 401 + * @throws RestException 404 + * @throws RestException 500 + */ + public function createOrderShipment($id, $warehouse_id) + { + require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; + if (!DolibarrApiAccess::$user->rights->expedition->creer) { + throw new RestException(401); + } + if ($warehouse_id <= 0) { + throw new RestException(404, 'Warehouse not found'); + } + $result = $this->commande->fetch($id); + if (!$result) { + throw new RestException(404, 'Order not found'); + } + $shipment = new Expedition($this->db); + $shipment->socid = $this->commande->socid; + $result = $shipment->create(DolibarrApiAccess::$user); + if ($result <= 0) { + throw new RestException(500, 'Error on creating expedition :'.$this->db->lasterror()); + } + foreach ($this->commande->lines as $line) { + $result = $shipment->create_line($warehouse_id, $line->id, $line->qty); + if ($result <= 0) { + throw new RestException(500, 'Error on creating expedition lines:'.$this->db->lasterror()); + } + $i++; + } + return $shipment->id; + } // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore /** diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 65b446727e5..daf55e81605 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -493,8 +493,8 @@ class Commande extends CommonOrder $sql .= " SET ref = '".$this->db->escape($num)."',"; $sql .= " fk_statut = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($now)."',"; - $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -624,7 +624,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { @@ -698,7 +698,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET fk_statut='.self::STATUS_VALIDATED.', facture=0'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::set_reopen", LOG_DEBUG); $resql = $this->db->query($sql); @@ -757,9 +757,9 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET fk_statut = '.self::STATUS_CLOSED.','; - $sql .= ' fk_user_cloture = '.$user->id.','; + $sql .= ' fk_user_cloture = '.((int) $user->id).','; $sql .= " date_cloture = '".$this->db->idate($now)."'"; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT; if ($this->db->query($sql)) { if (!$notrigger) { @@ -807,7 +807,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET fk_statut = ".self::STATUS_CANCELED; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; dol_syslog(get_class($this)."::cancel", LOG_DEBUG); @@ -934,8 +934,8 @@ class Commande extends CommonOrder $sql .= ", multicurrency_code"; $sql .= ", multicurrency_tx"; $sql .= ")"; - $sql .= " VALUES ('(PROV)', ".$this->socid.", '".$this->db->idate($now)."', ".$user->id; - $sql .= ", ".($this->fk_project > 0 ? $this->fk_project : "null"); + $sql .= " VALUES ('(PROV)', ".((int) $this->socid).", '".$this->db->idate($now)."', ".((int) $user->id); + $sql .= ", ".($this->fk_project > 0 ? ((int) $this->fk_project) : "null"); $sql .= ", '".$this->db->idate($date)."'"; $sql .= ", ".($this->source >= 0 && $this->source != '' ? $this->db->escape($this->source) : 'null'); $sql .= ", '".$this->db->escape($this->note_private)."'"; @@ -944,15 +944,15 @@ class Commande extends CommonOrder $sql .= ", ".($this->ref_client ? "'".$this->db->escape($this->ref_client)."'" : "null"); $sql .= ", ".($this->ref_int ? "'".$this->db->escape($this->ref_int)."'" : "null"); $sql .= ", '".$this->db->escape($this->model_pdf)."'"; - $sql .= ", ".($this->cond_reglement_id > 0 ? $this->cond_reglement_id : "null"); - $sql .= ", ".($this->mode_reglement_id > 0 ? $this->mode_reglement_id : "null"); - $sql .= ", ".($this->fk_account > 0 ? $this->fk_account : 'NULL'); - $sql .= ", ".($this->availability_id > 0 ? $this->availability_id : "null"); - $sql .= ", ".($this->demand_reason_id > 0 ? $this->demand_reason_id : "null"); + $sql .= ", ".($this->cond_reglement_id > 0 ? ((int) $this->cond_reglement_id) : "null"); + $sql .= ", ".($this->mode_reglement_id > 0 ? ((int) $this->mode_reglement_id) : "null"); + $sql .= ", ".($this->fk_account > 0 ? ((int) $this->fk_account) : 'NULL'); + $sql .= ", ".($this->availability_id > 0 ? ((int) $this->availability_id) : "null"); + $sql .= ", ".($this->demand_reason_id > 0 ? ((int) $this->demand_reason_id) : "null"); $sql .= ", ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : "null"); - $sql .= ", ".($this->fk_delivery_address > 0 ? $this->fk_delivery_address : 'NULL'); - $sql .= ", ".(!empty($this->shipping_method_id) && $this->shipping_method_id > 0 ? $this->shipping_method_id : 'NULL'); - $sql .= ", ".(!empty($this->warehouse_id) && $this->warehouse_id > 0 ? $this->warehouse_id : 'NULL'); + $sql .= ", ".($this->fk_delivery_address > 0 ? ((int) $this->fk_delivery_address) : 'NULL'); + $sql .= ", ".(!empty($this->shipping_method_id) && $this->shipping_method_id > 0 ? ((int) $this->shipping_method_id) : 'NULL'); + $sql .= ", ".(!empty($this->warehouse_id) && $this->warehouse_id > 0 ? ((int) $this->warehouse_id) : 'NULL'); $sql .= ", ".($this->remise_absolue > 0 ? $this->db->escape($this->remise_absolue) : 'NULL'); $sql .= ", ".($this->remise_percent > 0 ? $this->db->escape($this->remise_percent) : 0); $sql .= ", ".(int) $this->fk_incoterms; @@ -962,7 +962,7 @@ class Commande extends CommonOrder $sql .= ", ".($this->pos_source != '' ? "'".$this->db->escape($this->pos_source)."'" : "null"); $sql .= ", ".(int) $this->fk_multicurrency; $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; - $sql .= ", ".(double) $this->multicurrency_tx; + $sql .= ", ".(float) $this->multicurrency_tx; $sql .= ")"; dol_syslog(get_class($this)."::create", LOG_DEBUG); @@ -2026,7 +2026,7 @@ class Commande extends CommonOrder $sql .= ' p.weight, p.weight_units, p.volume, p.volume_units'; $sql .= ' FROM '.MAIN_DB_PREFIX.'commandedet as l'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON (p.rowid = l.fk_product)'; - $sql .= ' WHERE l.fk_commande = '.$this->id; + $sql .= ' WHERE l.fk_commande = '.((int) $this->id); if ($only_product) { $sql .= ' AND p.fk_product_type = 0'; } @@ -2180,7 +2180,7 @@ class Commande extends CommonOrder $sql .= ' '.MAIN_DB_PREFIX.'commandedet as cd'; $sql .= ' WHERE'; $sql .= ' ed.fk_origin_line = cd.rowid'; - $sql .= ' AND cd.fk_commande ='.$this->id; + $sql .= ' AND cd.fk_commande = '.((int) $this->id); //print $sql; dol_syslog(get_class($this)."::getNbOfShipments", LOG_DEBUG); @@ -2222,12 +2222,12 @@ class Commande extends CommonOrder $sql .= ' ed.fk_expedition = e.rowid AND'; } $sql .= ' ed.fk_origin_line = cd.rowid'; - $sql .= ' AND cd.fk_commande ='.$this->id; + $sql .= ' AND cd.fk_commande = '.((int) $this->id); if ($this->fk_product > 0) { - $sql .= ' AND cd.fk_product = '.$this->fk_product; + $sql .= ' AND cd.fk_product = '.((int) $this->fk_product); } if ($filtre_statut >= 0) { - $sql .= ' AND e.fk_statut >= '.$filtre_statut; + $sql .= ' AND e.fk_statut >= '.((int) $filtre_statut); } $sql .= ' GROUP BY cd.rowid, cd.fk_product'; //print $sql; @@ -2264,7 +2264,7 @@ class Commande extends CommonOrder $sql = 'SELECT count(*)'; $sql .= ' FROM '.MAIN_DB_PREFIX.'expedition as e'; $sql .= ', '.MAIN_DB_PREFIX.'element_element as el'; - $sql .= ' WHERE el.fk_source = '.$this->id; + $sql .= ' WHERE el.fk_source = '.((int) $this->id); $sql .= " AND el.sourcetype = 'commande'"; $sql .= " AND el.fk_target = e.rowid"; $sql .= " AND el.targettype = 'shipping'"; @@ -2421,7 +2421,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET remise_percent = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT; + $sql .= ' WHERE rowid = '.((int) $this->id).' AND fk_statut = '.((int) self::STATUS_DRAFT); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2485,7 +2485,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET remise_absolue = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT; + $sql .= ' WHERE rowid = '.((int) $this->id).' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2543,7 +2543,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET date_commande = ".($date ? "'".$this->db->idate($date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".((int) self::STATUS_DRAFT); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".((int) self::STATUS_DRAFT); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2615,7 +2615,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET date_livraison = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2688,7 +2688,7 @@ class Commande extends CommonOrder $sql .= " WHERE c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -2697,7 +2697,7 @@ class Commande extends CommonOrder $sql .= " AND c.fk_statut = ".self::STATUS_DRAFT; } if (is_object($excluser)) { - $sql .= " AND c.fk_user_author <> ".$excluser->id; + $sql .= " AND c.fk_user_author <> ".((int) $excluser->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -2874,7 +2874,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET'; $sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'"); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2930,7 +2930,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET facture = 1'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT; dol_syslog(get_class($this)."::classifyBilled", LOG_DEBUG); if ($this->db->query($sql)) { @@ -2980,7 +2980,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET facture = 0'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT; dol_syslog(get_class($this)."::classifyUnBilled", LOG_DEBUG); if ($this->db->query($sql)) { @@ -3395,8 +3395,8 @@ class Commande extends CommonOrder // Delete extrafields of lines and lines if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; - $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -3432,7 +3432,7 @@ class Commande extends CommonOrder // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -3507,14 +3507,14 @@ class Commande extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."commande as c"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." c.entity IN (".getEntity('commande').")"; //$sql.= " AND c.fk_statut IN (1,2,3) AND c.facture = 0"; $sql .= " AND ((c.fk_statut IN (".self::STATUS_VALIDATED.",".self::STATUS_SHIPMENTONPROCESS.")) OR (c.fk_statut = ".self::STATUS_CLOSED." AND c.facture = 0))"; // If status is 2 and facture=1, it must be selected if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3917,7 +3917,7 @@ class Commande extends CommonOrder $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." co.entity IN (".getEntity('commande').")"; @@ -4396,8 +4396,8 @@ class OrderLine extends CommonOrderLine $sql .= " ".($this->price != '' ? "'".price2num($this->price)."'" : "null").","; $sql .= " '".price2num($this->remise)."',"; $sql .= ' '.(!empty($this->fk_remise_except) ? $this->fk_remise_except : "null").','; - $sql .= ' '.$this->special_code.','; - $sql .= ' '.$this->rang.','; + $sql .= ' '.((int) $this->special_code).','; + $sql .= ' '.((int) $this->rang).','; $sql .= ' '.(!empty($this->fk_fournprice) ? $this->fk_fournprice : "null").','; $sql .= ' '.price2num($this->pa_ht).','; $sql .= " '".$this->db->escape($this->info_bits)."',"; @@ -4649,7 +4649,7 @@ class OrderLine extends CommonOrderLine $sql .= ",total_localtax1='".price2num($this->total_localtax1)."'"; $sql .= ",total_localtax2='".price2num($this->total_localtax2)."'"; $sql .= ",total_ttc='".price2num($this->total_ttc)."'"; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog("OrderLine::update_total", LOG_DEBUG); diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php index 6bd6067dcf7..8ac89d5a18f 100644 --- a/htdocs/commande/class/commandestats.class.php +++ b/htdocs/commande/class/commandestats.class.php @@ -94,13 +94,13 @@ class CommandeStats extends Stats $this->where .= ($this->where ? ' AND ' : '').'c.entity IN ('.getEntity('commande').')'; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } if ($typentid) { diff --git a/htdocs/commande/customer.php b/htdocs/commande/customer.php index 62f8c4772f6..3ecaa0fbee1 100644 --- a/htdocs/commande/customer.php +++ b/htdocs/commande/customer.php @@ -87,7 +87,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.fk_stcomm = st.id AND c.fk_soc = s.rowid"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (GETPOST("search_nom")) { $sql .= natural_search("s.nom", GETPOST("search_nom")); diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index 73f40668cea..a794d79e743 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -77,8 +77,11 @@ print load_fiche_titre($langs->trans("OrdersArea"), '', 'order'); print '
'; -print getCustomerOrderPieChart($socid); -print '
'; +$tmp = getCustomerOrderPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} /* @@ -101,7 +104,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -169,7 +172,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -253,7 +256,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid DESC"; @@ -342,7 +345,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid DESC"; diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index d25af27f34c..5f3568701e5 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -436,7 +436,7 @@ if ($search_categ_cus) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -486,7 +486,7 @@ if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_ref) { $sql .= natural_search('c.ref', $search_ref); @@ -505,7 +505,7 @@ if ($search_status <> '') { if ($search_status == 1 && empty($conf->expedition->enabled)) { $sql .= ' AND c.fk_statut IN (1,2)'; // If module expedition disabled, we include order with status 'sending in process' into 'validated' } else { - $sql .= ' AND c.fk_statut = '.$search_status; // brouillon, validee, en cours, annulee + $sql .= ' AND c.fk_statut = '.((int) $search_status); // brouillon, validee, en cours, annulee } } if ($search_status == 4) { @@ -570,7 +570,7 @@ if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".$search_user; + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".((int) $search_user); } if ($search_total_ht != '') { $sql .= natural_search('c.total_ht', $search_total_ht, 1); @@ -585,7 +585,7 @@ if ($search_warehouse != '' && $search_warehouse > 0) { $sql .= natural_search('c.fk_warehouse', $search_warehouse, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND c.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND c.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('c.multicurrency_tx', $search_multicurrency_tx, 1); diff --git a/htdocs/commande/note.php b/htdocs/commande/note.php index dbfb0bdd43c..e03d9c00edb 100644 --- a/htdocs/commande/note.php +++ b/htdocs/commande/note.php @@ -116,7 +116,7 @@ if ($id > 0 || !empty($ref)) { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); diff --git a/htdocs/commande/stats/index.php b/htdocs/commande/stats/index.php index bd92dc084c7..a9c38e1531c 100644 --- a/htdocs/commande/stats/index.php +++ b/htdocs/commande/stats/index.php @@ -349,7 +349,7 @@ if (!in_array($nowyear, $arrayyears)) { arsort($arrayyears); print $form->selectarray('year', $arrayyears, $year, 0); print ''; -print ''; +print ''; print ''; print ''; print '

'; diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index 2c94cea750c..fddf7a2879f 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -588,7 +588,7 @@ foreach ($listofchoices as $choice => $val) { print '
'; } -print ''; +print ''; print ''."\n"; diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 14aeee29d69..e5e264a12f5 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -561,7 +561,7 @@ $sql .= " ba.rowid as bankid, ba.ref as bankref"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -929,7 +929,7 @@ if ($resql) { if ($action != 'addline' && $action != 'reconcile') { if (empty($conf->global->BANK_DISABLE_DIRECT_INPUT)) { if (empty($conf->global->BANK_USE_OLD_VARIOUS_PAYMENT)) { // Default is to record miscellaneous direct entries using miscellaneous payments - $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create&accountid='.$search_account.'&backtopage='.urlencode($_SERVER['PHP_SELF'].'?id='.urlencode($search_account)), '', $user->rights->banque->modifier); + $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create&accountid='.urlencode($search_account).'&backtopage='.urlencode($_SERVER['PHP_SELF'].'?id='.urlencode($search_account)), '', $user->rights->banque->modifier); } else // If direct entries is not done using miscellaneous payments { $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?action=addline&page='.$page.$param, '', $user->rights->banque->modifier); diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index d1cc0413bfd..02b967f6fdb 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -565,11 +565,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateAccount"); print ''; } else { @@ -1081,11 +1077,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); print ''; } diff --git a/htdocs/compta/bank/categ.php b/htdocs/compta/bank/categ.php index fb9fead3089..403caa6cdfd 100644 --- a/htdocs/compta/bank/categ.php +++ b/htdocs/compta/bank/categ.php @@ -113,7 +113,7 @@ if ($action != 'edit') { print ''; print ' '; print ''; - print ''; + print ''; print ''; } diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 03ec879c5ad..804cfa09281 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -907,8 +907,8 @@ class Account extends CommonObject $sql .= ",owner_address = '".$this->db->escape($this->owner_address)."'"; $sql .= ",state_id = ".($this->state_id > 0 ? $this->state_id : "null"); $sql .= ",fk_pays = ".($this->country_id > 0 ? $this->country_id : "null"); - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); dol_syslog(get_class($this)."::update_bban", LOG_DEBUG); @@ -1059,7 +1059,7 @@ class Account extends CommonObject // Delete link between tag and bank account if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_account"; - $sql .= " WHERE fk_account = ".$this->id; + $sql .= " WHERE fk_account = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1151,7 +1151,7 @@ class Account extends CommonObject $sql = "SELECT COUNT(rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_account=".$this->id; + $sql .= " WHERE fk_account = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1188,7 +1188,7 @@ class Account extends CommonObject $sql = "SELECT sum(amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_account = ".$this->id; + $sql .= " WHERE fk_account = ".((int) $this->id); if ($option == 1) { $sql .= " AND dateo <= '".$this->db->idate(dol_now())."'"; } @@ -1998,7 +1998,7 @@ class AccountLine extends CommonObject // Protection to avoid any delete of accounted lines. Protection on by default if (empty($conf->global->BANK_ALLOW_TRANSACTION_DELETION_EVEN_IF_IN_ACCOUNTING)) { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -2385,7 +2385,7 @@ class AccountLine extends CommonObject $result .= yn($this->rappro); } if ($option == 'showall' || $option == 'showconciliatedandaccounted') { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/bank/class/bankcateg.class.php b/htdocs/compta/bank/class/bankcateg.class.php index ccf5828d40a..ab58cb8287c 100644 --- a/htdocs/compta/bank/class/bankcateg.class.php +++ b/htdocs/compta/bank/class/bankcateg.class.php @@ -213,7 +213,7 @@ class BankCateg // extends CommonObject // Delete link between tag and bank account if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_account"; - $sql .= " WHERE fk_categorie = ".$this->id; + $sql .= " WHERE fk_categorie = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -225,7 +225,7 @@ class BankCateg // extends CommonObject // Delete link between tag and bank lines if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class"; - $sql .= " WHERE fk_categ = ".$this->id; + $sql .= " WHERE fk_categ = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index cdb2c0596f5..5a6aa81d663 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -573,7 +573,7 @@ class PaymentVarious extends CommonObject { // phpcs:enable $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.((int) $id_bank); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { return 1; diff --git a/htdocs/compta/bank/list.php b/htdocs/compta/bank/list.php index 657b1cb8577..cd6e6cfd365 100644 --- a/htdocs/compta/bank/list.php +++ b/htdocs/compta/bank/list.php @@ -185,7 +185,7 @@ $sql = "SELECT b.rowid, b.label, b.courant, b.rappro, b.account_number, b.fk_acc // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index 167c809a8b1..97184c1b8eb 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -116,7 +116,7 @@ if ($_GET["rel"] == 'prev') { $sql = "SELECT DISTINCT(b.num_releve) as num"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " ORDER BY b.num_releve DESC"; dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG); @@ -134,7 +134,7 @@ if ($_GET["rel"] == 'prev') { $sql = "SELECT DISTINCT(b.num_releve) as num"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve > '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " ORDER BY b.num_releve ASC"; dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG); @@ -165,7 +165,7 @@ $sql .= " WHERE b.num_releve='".$db->escape($numref)."'"; if (empty($numref)) { $sql .= " OR b.num_releve is null"; } -$sql .= " AND b.fk_account = ".$object->id; +$sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " AND b.fk_account = ba.rowid"; $sql .= $db->order("b.datev, b.datec", "ASC"); // We add date of creation to have correct order when everything is done the same day @@ -340,7 +340,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($objp->numr)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -353,7 +353,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve = '".$db->escape($objp->numr)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -421,7 +421,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { @@ -605,7 +605,7 @@ if (empty($numref)) { $sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as ct"; $sql .= ", ".MAIN_DB_PREFIX."bank_class as cl"; $sql .= " WHERE ct.rowid = cl.fk_categ"; - $sql .= " AND ct.entity = ".$conf->entity; + $sql .= " AND ct.entity = ".((int) $conf->entity); $sql .= " AND cl.lineid = ".((int) $objp->rowid); $resc = $db->query($sql); diff --git a/htdocs/compta/bank/various_payment/card.php b/htdocs/compta/bank/various_payment/card.php index 2b4a68bec90..68c6ed20458 100644 --- a/htdocs/compta/bank/various_payment/card.php +++ b/htdocs/compta/bank/various_payment/card.php @@ -512,11 +512,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php index 407e8b3cf73..dbaaf882bfb 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_list.php +++ b/htdocs/compta/cashcontrol/cashcontrol_list.php @@ -223,7 +223,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -287,7 +287,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index 0bc18e31bde..af61af5e836 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -115,9 +115,9 @@ elseif ($syear && $smonth && ! $sday) $sql.= " AND dateo BETWEEN '".$db->idate(d elseif ($syear && $smonth && $sday) $sql.= " AND dateo BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $smonth, $sday, $syear))."' AND '".$db->idate(dol_mktime(23, 59, 59, $smonth, $sday, $syear))."'"; else dol_print_error('', 'Year not defined'); // Define filter on bank account -$sql.=" AND (b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CASH; -$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CB; -$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; +$sql.=" AND (b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CASH); +$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CB); +$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE); $sql.=")"; */ $sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code"; diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index b0a4716b7e1..504e5638abc 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -104,7 +104,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.fk_stcomm = st.id AND s.client in (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (dol_strlen($stcomm)) { $sql .= " AND s.fk_stcomm=".((int) $stcomm); diff --git a/htdocs/compta/deplacement/class/deplacement.class.php b/htdocs/compta/deplacement/class/deplacement.class.php index 1972e3f686e..81022e9bc71 100644 --- a/htdocs/compta/deplacement/class/deplacement.class.php +++ b/htdocs/compta/deplacement/class/deplacement.class.php @@ -249,7 +249,7 @@ class Deplacement extends CommonObject $sql .= " , note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null"); $sql .= " , note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null"); $sql .= " , fk_projet = ".($this->fk_project > 0 ? $this->fk_project : 0); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php index 547f0676b7b..12351032b53 100644 --- a/htdocs/compta/deplacement/index.php +++ b/htdocs/compta/deplacement/index.php @@ -159,7 +159,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND d.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php index 61d30ea1345..428eacbc93a 100644 --- a/htdocs/compta/deplacement/list.php +++ b/htdocs/compta/deplacement/list.php @@ -105,7 +105,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id." OR d.fk_soc IS NULL) "; + $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR d.fk_soc IS NULL) "; } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php index affdd2e8991..94a884bf1bf 100644 --- a/htdocs/compta/facture/card-rec.php +++ b/htdocs/compta/facture/card-rec.php @@ -1144,10 +1144,8 @@ if ($action == 'create') { } print "\n"; - print '
'; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); + print "\n"; } else { dol_print_error('', "Error, no invoice ".$object->id); @@ -1473,7 +1471,7 @@ if ($action == 'create') { print ''; print " ".$form->selectarray('unit_frequency', array('d'=>$langs->trans('Day'), 'm'=>$langs->trans('Month'), 'y'=>$langs->trans('Year')), ($object->unit_frequency ? $object->unit_frequency : 'm')); print ''; - print ''; + print ''; print ''; } else { if ($object->frequency > 0) { diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 5d81da90088..6c3cfeb7731 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -321,8 +321,8 @@ if (empty($reshook)) { //var_dump($array_of_total_ht_per_vat_rate);exit; foreach ($array_of_total_ht_per_vat_rate as $vatrate => $tmpvalue) { - $tmp_total_ht = $array_of_total_ht_per_vat_rate[$vatrate]; - $tmp_total_ht_devise = $array_of_total_ht_devise_per_vat_rate[$vatrate]; + $tmp_total_ht = price2num($array_of_total_ht_per_vat_rate[$vatrate]); + $tmp_total_ht_devise = price2num($array_of_total_ht_devise_per_vat_rate[$vatrate]); if (($tmp_total_ht < 0 || $tmp_total_ht_devise < 0) && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES)) { if ($object->type == $object::TYPE_DEPOSIT) { @@ -708,7 +708,7 @@ if (empty($reshook)) { // On verifie si la facture a des paiements $sql = 'SELECT pf.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf'; - $sql .= ' WHERE pf.fk_facture = '.$object->id; + $sql .= ' WHERE pf.fk_facture = '.((int) $object->id); $result = $db->query($sql); if ($result) { @@ -873,7 +873,7 @@ if (empty($reshook)) { $sql = 'SELECT SUM(pf.amount) as total_paiements'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf, '.MAIN_DB_PREFIX.'paiement as p'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id'; - $sql .= ' WHERE pf.fk_facture = '.$object->id; + $sql .= ' WHERE pf.fk_facture = '.((int) $object->id); $sql .= ' AND pf.fk_paiement = p.rowid'; $sql .= ' AND p.entity IN ('.getEntity('invoice').')'; $resql = $db->query($sql); @@ -889,7 +889,7 @@ if (empty($reshook)) { $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_facture_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); $resql = $db->query($sql); if (!empty($resql)) { while ($obj = $db->fetch_object($resql)) { @@ -2596,10 +2596,10 @@ if (empty($reshook)) { $errors = 0; if (count($linkedCreditNotesList) > 0) { // now, credit note must follow - $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture '; - $sql .= ' SET situation_cycle_ref='.$newCycle; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; + $sql .= ' SET situation_cycle_ref = '.((int) $newCycle); $sql .= ' , situation_final=0'; - $sql .= ' , situation_counter='.$object->situation_counter; + $sql .= ' , situation_counter='.((int) $object->situation_counter); $sql .= ' WHERE rowid IN ('.$db->sanitize(implode(',', $linkedCreditNotesList)).')'; $resql = $db->query($sql); @@ -3785,11 +3785,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - // Button "Create Draft" - print '
'; - print ''; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraft"); // Show origin lines if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { @@ -4888,7 +4884,7 @@ if ($action == 'create') { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; - $sql .= ' WHERE pf.fk_facture = '.$object->id.' AND pf.fk_paiement = p.rowid'; + $sql .= ' WHERE pf.fk_facture = '.((int) $object->id).' AND pf.fk_paiement = p.rowid'; $sql .= ' AND p.entity IN ('.getEntity('invoice').')'; $sql .= ' ORDER BY p.datep, p.tms'; @@ -4979,7 +4975,7 @@ if ($action == 'create') { $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_facture_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -5068,23 +5064,27 @@ if ($action == 'create') { // Remainder to pay print ''; print ''; - print $langs->trans('RemainderToPay'); - if ($resteapayeraffiche < 0) { - print ' ('.$langs->trans('ExcessReceived').')'; + if ($resteapayeraffiche >= 0) { + print $langs->trans('RemainderToPay'); + } else { + print $langs->trans('ExcessReceived'); } print ''; print ''; - print ''.price($resteapayeraffiche).''; - print ' '; + print ''.price($resteapayeraffiche).' '; // Remainder to pay Multicurrency if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { print ''; print ''; - print $langs->trans('MulticurrencyRemainderToPay'); + if ($resteapayeraffiche >= 0) { + print $langs->trans('RemainderToPayMulticurrency'); + } else { + print $langs->trans('ExcessReceivedMulticurrency'); + } print ''; print ''; - print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).''; + print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).' '; } // Retained warranty : usualy use on construction industry @@ -5125,8 +5125,21 @@ if ($action == 'create') { print ' ('.$langs->trans('ExcessPaid').')'; } print ' :'; - print ''.price($sign * $resteapayeraffiche).''; - print ' '; + print ''.price($sign * $resteapayeraffiche).' '; + + // Remainder to pay back Multicurrency + if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { + print ''; + print ''; + if ($resteapayeraffiche <= 0) { + print $langs->trans('RemainderToPayBackMulticurrency'); + } else { + print $langs->trans('ExcessPaidMulticurrency'); + } + print ''; + print ''; + print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($sign * $object->multicurrency_tx * $resteapayeraffiche, 'MT')).' '; + } // Sold credit note // print ''.$langs->trans('TotalTTC').' :'; @@ -5194,7 +5207,7 @@ if ($action == 'create') { } print ' '; print '%'; - print ''; + print ''; print ''; print ''; diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index 3dfa5f70603..2708c9e8386 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -1138,7 +1138,7 @@ class Invoices extends DolibarrApi $sql = 'SELECT SUM(pf.amount) as total_payments'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf, '.MAIN_DB_PREFIX.'paiement as p'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id'; - $sql .= ' WHERE pf.fk_facture = '.$this->invoice->id; + $sql .= ' WHERE pf.fk_facture = '.((int) $this->invoice->id); $sql .= ' AND pf.fk_paiement = p.rowid'; $sql .= ' AND p.entity IN ('.getEntity('invoice').')'; $resql = $this->db->query($sql); diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 6b9837e77bd..a0509774998 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -665,7 +665,7 @@ class FactureRec extends CommonInvoice $sql .= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as product_label, p.description as product_desc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facturedet_rec as l'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; - $sql .= ' WHERE l.fk_facture = '.$this->id; + $sql .= ' WHERE l.fk_facture = '.((int) $this->id); $sql .= ' ORDER BY l.rang'; dol_syslog('FactureRec::fetch_lines', LOG_DEBUG); @@ -1752,7 +1752,7 @@ class FactureRec extends CommonInvoice if (!empty($unit)) { $sql .= ', unit_frequency = \''.$this->db->escape($unit).'\''; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setFrequencyAndUnit", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1785,7 +1785,7 @@ class FactureRec extends CommonInvoice if ($increment_nb_gen_done > 0) { $sql .= ', nb_gen_done = nb_gen_done + 1'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setNextDate", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1819,7 +1819,7 @@ class FactureRec extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET nb_gen_max = '.((int) $nb); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1846,7 +1846,7 @@ class FactureRec extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET auto_validate = '.((int) $validate); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1873,7 +1873,7 @@ class FactureRec extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET generate_pdf = '.((int) $validate); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setGeneratePdf", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1899,8 +1899,8 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET modelpdf = "'.$model.'"'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " SET modelpdf = '".$this->db->escape($model)."'"; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setModelPdf", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index eb380a4a212..294646414cd 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -293,7 +293,7 @@ class Facture extends CommonInvoice 'rowid' =>array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>1), 'ref' =>array('type'=>'varchar(30)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>1, 'position'=>5), 'entity' =>array('type'=>'integer', 'label'=>'Entity', 'default'=>1, 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'position'=>20, 'index'=>1), - 'ref_client' =>array('type'=>'varchar(255)', 'label'=>'Ref client', 'enabled'=>1, 'visible'=>-1, 'position'=>10), + 'ref_client' =>array('type'=>'varchar(255)', 'label'=>'RefCustomer', 'enabled'=>1, 'visible'=>-1, 'position'=>10), 'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'Ref ext', 'enabled'=>1, 'visible'=>0, 'position'=>12), //'ref_int' =>array('type'=>'varchar(255)', 'label'=>'Ref int', 'enabled'=>1, 'visible'=>0, 'position'=>30), // deprecated 'type' =>array('type'=>'smallint(6)', 'label'=>'Type', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>15), @@ -343,8 +343,8 @@ class Facture extends CommonInvoice 'multicurrency_code' =>array('type'=>'varchar(255)', 'label'=>'Currency', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>280), 'multicurrency_tx' =>array('type'=>'double(24,8)', 'label'=>'CurrencyRate', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>285, 'isameasure'=>1), 'multicurrency_total_ht' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountHT', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>290, 'isameasure'=>1), - 'multicurrency_total_tva' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountVAT', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>295, 'isameasure'=>1), - 'multicurrency_total_ttc' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountTTC', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>300, 'isameasure'=>1), + 'multicurrency_total_tva' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountVAT', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>291, 'isameasure'=>1), + 'multicurrency_total_ttc' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountTTC', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>292, 'isameasure'=>1), 'fk_fac_rec_source' =>array('type'=>'integer', 'label'=>'RecurringInvoiceSource', 'enabled'=>1, 'visible'=>-1, 'position'=>305), 'last_main_doc' =>array('type'=>'varchar(255)', 'label'=>'LastMainDoc', 'enabled'=>1, 'visible'=>-1, 'position'=>310), 'module_source' =>array('type'=>'varchar(32)', 'label'=>'POSModule', 'enabled'=>1, 'visible'=>-1, 'position'=>315), @@ -1625,10 +1625,10 @@ class Facture extends CommonInvoice } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); - $result = $this->db->query($sql); - if ($result) { - if ($this->db->num_rows($result)) { - $obj = $this->db->fetch_object($result); + $resql = $this->db->query($sql); + if ($resql) { + if ($this->db->num_rows($resql)) { + $obj = $this->db->fetch_object($resql); $this->id = $obj->rowid; $this->entity = $obj->entity; @@ -1730,14 +1730,18 @@ class Facture extends CommonInvoice $this->error = $this->db->error(); return -3; } + + $this->db->free($resql); + return 1; } else { $this->error = 'Invoice with id='.$rowid.' or ref='.$ref.' or ref_ext='.$ref_ext.' not found'; - dol_syslog(get_class($this)."::fetch Error ".$this->error, LOG_ERR); + + dol_syslog(__METHOD__ . $this->error, LOG_WARNING); return 0; } } else { - $this->error = $this->db->error(); + $this->error = $this->db->lasterror(); return -1; } } @@ -1769,7 +1773,7 @@ class Facture extends CommonInvoice $sql .= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as product_label, p.description as product_desc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facturedet as l'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; - $sql .= ' WHERE l.fk_facture = '.$this->id; + $sql .= ' WHERE l.fk_facture = '.((int) $this->id); $sql .= ' ORDER BY l.rang, l.rowid'; dol_syslog(get_class($this).'::fetch_lines', LOG_DEBUG); @@ -1876,8 +1880,8 @@ class Facture extends CommonInvoice $this->tab_next_situation_invoice = array(); $sql = 'SELECT rowid, type, situation_cycle_ref, situation_counter FROM '.MAIN_DB_PREFIX.'facture'; - $sql .= ' WHERE rowid <> '.$this->id; - $sql .= ' AND entity = '.$this->entity; + $sql .= " WHERE rowid <> ".((int) $this->id); + $sql .= ' AND entity = '.((int) $this->entity); $sql .= ' AND situation_cycle_ref = '.(int) $this->situation_cycle_ref; $sql .= ' ORDER BY situation_counter ASC'; @@ -2152,7 +2156,7 @@ class Facture extends CommonInvoice } else { $sql .= ' SET ref_client = \''.$this->db->escape($ref_client).'\''; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2408,9 +2412,9 @@ class Facture extends CommonInvoice if ($close_note) { $sql .= ", close_note='".$this->db->escape($close_note)."'"; } - $sql .= ', fk_user_closing = '.$user->id; + $sql .= ', fk_user_closing = '.((int) $user->id); $sql .= ", date_closing = '".$this->db->idate($now)."'"; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2474,7 +2478,7 @@ class Facture extends CommonInvoice $sql .= ' SET paye=0, fk_statut='.self::STATUS_VALIDATED.', close_code=null, close_note=null,'; $sql .= ' date_closing=null,'; $sql .= ' fk_user_closing=null'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::set_unpaid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2545,7 +2549,7 @@ class Facture extends CommonInvoice if ($close_note) { $sql .= ", close_note='".$this->db->escape($close_note)."'"; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2553,7 +2557,7 @@ class Facture extends CommonInvoice // as they have not been used since the invoice is abandoned. $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_facture = NULL'; - $sql .= ' WHERE fk_facture = '.$this->id; + $sql .= ' WHERE fk_facture = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2693,7 +2697,7 @@ class Facture extends CommonInvoice $sql .= ", datef='".$this->db->idate($this->date)."'"; $sql .= ", date_lim_reglement='".$this->db->idate($this->date_lim_reglement)."'"; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2996,7 +3000,7 @@ class Facture extends CommonInvoice $sql = "UPDATE ".MAIN_DB_PREFIX."facture"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -3755,7 +3759,7 @@ class Facture extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; $sql .= ' SET remise_percent = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= ' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); @@ -3817,7 +3821,7 @@ class Facture extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; $sql .= ' SET remise_absolue = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= ' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); @@ -4042,7 +4046,7 @@ class Facture extends CommonInvoice $sql .= " WHERE f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -4051,7 +4055,7 @@ class Facture extends CommonInvoice $sql .= " AND f.fk_statut = ".self::STATUS_DRAFT; } if (is_object($excluser)) { - $sql .= " AND f.fk_user_author <> ".$excluser->id; + $sql .= " AND f.fk_user_author <> ".((int) $excluser->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -4233,14 +4237,14 @@ class Facture extends CommonInvoice $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON f.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." f.paye=0"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_statut = ".self::STATUS_VALIDATED; if ($user->socid) { - $sql .= " AND f.fk_soc = ".$user->socid; + $sql .= " AND f.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -4480,7 +4484,7 @@ class Facture extends CommonInvoice $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." f.entity IN (".getEntity('invoice').")"; @@ -4598,7 +4602,7 @@ class Facture extends CommonInvoice $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'facture'; $sql .= ' WHERE situation_cycle_ref = '.((int) $this->situation_cycle_ref); - $sql .= ' AND situation_counter < '.$this->situation_counter; + $sql .= ' AND situation_counter < '.((int) $this->situation_counter); $sql .= ' AND entity = '.($this->entity > 0 ? $this->entity : $conf->entity); $resql = $this->db->query($sql); $res = array(); @@ -4631,7 +4635,7 @@ class Facture extends CommonInvoice $this->db->begin(); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.((int) $this->id); + $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.((int) $this->situation_final).' WHERE rowid = '.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -4849,10 +4853,11 @@ class Facture extends CommonInvoice public function setRetainedWarranty($value) { dol_syslog(get_class($this).'::setRetainedWarranty('.$value.')'); + if ($this->statut >= 0) { $fieldname = 'retained_warranty'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.floatval($value); + $sql .= " SET ".$fieldname." = ".((float) $value); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -4889,8 +4894,8 @@ class Facture extends CommonInvoice if ($this->statut >= 0) { $fieldname = 'retained_warranty_date_limit'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.(strval($timestamp) != '' ? '\''.$this->db->idate($timestamp).'\'' : 'null'); - $sql .= ' WHERE rowid='.((int) $this->id); + $sql .= " SET ".$fieldname." = ".(strval($timestamp) != '' ? "'".$this->db->idate($timestamp)."'" : 'null'); + $sql .= ' WHERE rowid = '.((int) $this->id); if ($this->db->query($sql)) { $this->retained_warranty_date_limit = $timestamp; @@ -5385,9 +5390,9 @@ class FactureLigne extends CommonInvoiceLine $sql .= ' '.(!empty($this->fk_remise_except) ? $this->fk_remise_except : "null").','; $sql .= " ".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null").","; $sql .= " ".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null").","; - $sql .= ' '.$this->fk_code_ventilation.','; - $sql .= ' '.$this->rang.','; - $sql .= ' '.$this->special_code.','; + $sql .= ' '.((int) $this->fk_code_ventilation).','; + $sql .= ' '.((int) $this->rang).','; + $sql .= ' '.((int) $this->special_code).','; $sql .= ' '.(!empty($this->fk_fournprice) ? $this->fk_fournprice : "null").','; $sql .= ' '.price2num($this->pa_ht).','; $sql .= " '".$this->db->escape($this->info_bits)."',"; @@ -5396,11 +5401,11 @@ class FactureLigne extends CommonInvoiceLine $sql .= " ".price2num($this->total_ttc).","; $sql .= " ".price2num($this->total_localtax1).","; $sql .= " ".price2num($this->total_localtax2); - $sql .= ", ".$this->situation_percent; + $sql .= ", ".((float) $this->situation_percent); $sql .= ", ".(!empty($this->fk_prev_id) ? $this->fk_prev_id : "null"); $sql .= ", ".(!$this->fk_unit ? 'NULL' : $this->fk_unit); - $sql .= ", ".$user->id; - $sql .= ", ".$user->id; + $sql .= ", ".((int) $user->id); + $sql .= ", ".((int) $user->id); $sql .= ", ".(int) $this->fk_multicurrency; $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; $sql .= ", ".price2num($this->multicurrency_subprice); @@ -5679,7 +5684,7 @@ class FactureLigne extends CommonInvoiceLine return -1; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".$this->rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if ($this->db->query($sql)) { $this->db->commit(); @@ -5719,7 +5724,7 @@ class FactureLigne extends CommonInvoiceLine $sql .= ",total_localtax1=".price2num($this->total_localtax1).""; $sql .= ",total_localtax2=".price2num($this->total_localtax2).""; $sql .= ",total_ttc=".price2num($this->total_ttc).""; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::update_total", LOG_DEBUG); @@ -5759,7 +5764,7 @@ class FactureLigne extends CommonInvoiceLine return 0; } - $sql = 'SELECT situation_percent FROM '.MAIN_DB_PREFIX.'facturedet WHERE rowid='.$this->fk_prev_id; + $sql = 'SELECT situation_percent FROM '.MAIN_DB_PREFIX.'facturedet WHERE rowid='.((int) $this->fk_prev_id); $resql = $this->db->query($sql); if ($resql && $resql->num_rows > 0) { $res = $this->db->fetch_array($resql); diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index e6547cc9f89..96c8e88b97e 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -86,16 +86,16 @@ class FactureStats extends Stats $this->where = " f.fk_statut >= 0"; $this->where .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($mode == 'customer') { $this->where .= " AND (f.fk_statut <> 3 OR f.close_code <> 'replaced')"; // Exclude replaced invoices as they are duplicated (we count closed invoices for other reasons) } if ($this->socid) { - $this->where .= " AND f.fk_soc = ".$this->socid; + $this->where .= " AND f.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND f.fk_user_author = '.$this->userid; + $this->where .= ' AND f.fk_user_author = '.((int) $this->userid); } if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { $this->where .= " AND f.type IN (0,1,2,5)"; diff --git a/htdocs/compta/facture/class/paymentterm.class.php b/htdocs/compta/facture/class/paymentterm.class.php index 87cd50d27c6..f94ad573a81 100644 --- a/htdocs/compta/facture/class/paymentterm.class.php +++ b/htdocs/compta/facture/class/paymentterm.class.php @@ -311,7 +311,7 @@ class PaymentTerm // extends CommonObject $sql .= " type_cdr=".(isset($this->type_cdr) ? $this->type_cdr : "null").","; $sql .= " nbjour=".(isset($this->nbjour) ? $this->nbjour : "null").","; $sql .= " decalage=".(isset($this->decalage) ? $this->decalage : "null").""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -350,7 +350,7 @@ class PaymentTerm // extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."c_payment_term"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/compta/facture/index.php b/htdocs/compta/facture/index.php index 66a2fccaf08..d3d3a33acb5 100644 --- a/htdocs/compta/facture/index.php +++ b/htdocs/compta/facture/index.php @@ -59,19 +59,33 @@ print load_fiche_titre($langs->trans("CustomersInvoicesArea"), '', 'bill'); print '
'; print '
'; -print getNumberInvoicesPieChart('customers'); -//print getCustomerInvoicePieChart($socid); -print '
'; -print getCustomerInvoiceDraftTable($max, $socid); +$tmp = getNumberInvoicesPieChart('customers'); +if ($tmp) { + print $tmp; + print '
'; +} +$tmp = getCustomerInvoiceDraftTable($max, $socid); +if ($tmp) { + print $tmp; + print '
'; +} print '
'; print '
'; print '
'; -print getCustomerInvoiceLatestEditTable($maxLatestEditCount, $socid); -print '
'; -print getCustomerInvoiceUnpaidOpenTable($max, $socid); +$tmp = getCustomerInvoiceLatestEditTable($maxLatestEditCount, $socid); +if ($tmp) { + print $tmp; + print '
'; +} + +$tmp = getCustomerInvoiceUnpaidOpenTable($max, $socid); +if ($tmp) { + print $tmp; + print '
'; +} print '
'; print '
'; diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php index d099bfd57bc..660c7d7c4e4 100644 --- a/htdocs/compta/facture/invoicetemplate_list.php +++ b/htdocs/compta/facture/invoicetemplate_list.php @@ -260,7 +260,7 @@ $sql .= " f.fk_cond_reglement, f.fk_mode_reglement"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 93be3ba445a..a54797323a3 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -235,13 +235,13 @@ $arrayfields = array( 'rtp'=>array('label'=>"Rest", 'checked'=>0, 'position'=>150), // Not enabled by default because slow 'u.login'=>array('label'=>"Author", 'checked'=>1, 'position'=>165), 'sale_representative'=>array('label'=>"SaleRepresentativesOfThirdParty", 'checked'=>0, 'position'=>166), - 'f.multicurrency_code'=>array('label'=>'Currency', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>170), - 'f.multicurrency_tx'=>array('label'=>'CurrencyRate', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>171), - 'f.multicurrency_total_ht'=>array('label'=>'MulticurrencyAmountHT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>180), - 'f.multicurrency_total_vat'=>array('label'=>'MulticurrencyAmountVAT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>190), - 'f.multicurrency_total_ttc'=>array('label'=>'MulticurrencyAmountTTC', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>200), - 'multicurrency_dynamount_payed'=>array('label'=>'MulticurrencyAlreadyPaid', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>210), - 'multicurrency_rtp'=>array('label'=>'MulticurrencyRemainderToPay', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>220), // Not enabled by default because slow + 'f.multicurrency_code'=>array('label'=>'Currency', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>280), + 'f.multicurrency_tx'=>array('label'=>'CurrencyRate', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>285), + 'f.multicurrency_total_ht'=>array('label'=>'MulticurrencyAmountHT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>290), + 'f.multicurrency_total_vat'=>array('label'=>'MulticurrencyAmountVAT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>291), + 'f.multicurrency_total_ttc'=>array('label'=>'MulticurrencyAmountTTC', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>292), + 'multicurrency_dynamount_payed'=>array('label'=>'MulticurrencyAlreadyPaid', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>295), + 'multicurrency_rtp'=>array('label'=>'MulticurrencyRemainderToPay', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>296), // Not enabled by default because slow 'total_pa' => array('label' => ($conf->global->MARGIN_TYPE == '1' ? 'BuyingPrice' : 'CostPrice'), 'checked' => 0, 'position' => 300, 'enabled' => (empty($conf->margin->enabled) || !$user->rights->margins->liretous ? 0 : 1)), 'total_margin' => array('label' => 'Margin', 'checked' => 0, 'position' => 301, 'enabled' => (empty($conf->margin->enabled) || !$user->rights->margins->liretous ? 0 : 1)), 'total_margin_rate' => array('label' => 'MarginRate', 'checked' => 0, 'position' => 302, 'enabled' => (empty($conf->margin->enabled) || !$user->rights->margins->liretous || empty($conf->global->DISPLAY_MARGIN_RATES) ? 0 : 1)), @@ -430,7 +430,7 @@ if ($action == 'makepayment_confirm' && $user->rights->facture->paiement) { } } if (empty($errorpayment)) { - setEventMessage($langs->trans('RegisterPaymentAndClasiffiedPayedDone', $facture->ref)); + setEventMessage($langs->trans('PaymentRegisteredAndInvoiceSetToPaid', $facture->ref)); } } } @@ -561,7 +561,7 @@ if ($search_categ_cus && $search_categ_cus!=-1) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -607,7 +607,7 @@ $sql .= $hookmanager->resPrint; $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_product_category > 0) { $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); @@ -680,7 +680,7 @@ if ($search_montant_ttc != '') { $sql .= natural_search('f.total_ttc', $search_montant_ttc, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND f.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND f.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('f.multicurrency_tx', $search_multicurrency_tx, 1); @@ -775,7 +775,7 @@ if (!$sall) { $sql .= ' f.paye, f.fk_statut, f.close_code,'; $sql .= ' f.datec, f.tms, f.date_closing,'; $sql .= ' f.retained_warranty, f.retained_warranty_date_limit, f.situation_final, f.situation_cycle_ref, f.situation_counter,'; - $sql .= ' f.fk_user_author, f.fk_multicurrency, f.multicurrency_code, f.multicurrency_tx, f.multicurrency_total_ht, f.multicurrency_total_tva,'; + $sql .= ' f.fk_user_author, f.fk_multicurrency, f.multicurrency_code, f.multicurrency_tx, f.multicurrency_total_ht,'; $sql .= ' f.multicurrency_total_tva, f.multicurrency_total_ttc,'; $sql .= ' s.rowid, s.nom, s.name_alias, s.email, s.phone, s.fax, s.address, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur,'; $sql .= ' typent.code,'; @@ -803,7 +803,7 @@ if (!$sall) { // Add HAVING from hooks $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook -$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 ' . $hookmanager->resPrint) : ''; +$sql .= !empty($hookmanager->resPrint) ? (" HAVING 1=1 " . $hookmanager->resPrint) : ""; $sql .= ' ORDER BY '; $listfield = explode(',', $sortfield); @@ -1945,7 +1945,7 @@ if ($resql) { } // Amount VAT if (!empty($arrayfields['f.total_tva']['checked'])) { - print ''.price($obj->total_vat)."\n"; + print ''.price($obj->total_tva)."\n"; if (!$i) { $totalarray['nbfield']++; } diff --git a/htdocs/compta/facture/prelevement.php b/htdocs/compta/facture/prelevement.php index 6fdc74a7539..0d2c3070261 100644 --- a/htdocs/compta/facture/prelevement.php +++ b/htdocs/compta/facture/prelevement.php @@ -577,9 +577,9 @@ if ($object->id > 0) { $sql .= " , pfd.amount"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; @@ -598,9 +598,9 @@ if ($object->id > 0) { $sql = "SELECT SUM(pfd.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; @@ -699,9 +699,9 @@ if ($object->id > 0) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u on pfd.fk_user_demande = u.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."prelevement_bons as pb ON pb.rowid = pfd.fk_prelevement_bons"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; @@ -765,9 +765,9 @@ if ($object->id > 0) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u on pfd.fk_user_demande = u.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."prelevement_bons as pb ON pb.rowid = pfd.fk_prelevement_bons"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 1"; $sql .= " AND pfd.ext_payment_id IS NULL"; diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index b1ad18e6461..ca7cd08a6fe 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -135,7 +135,7 @@ if (!empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) { $sql .= " WHERE s.rowid = f.fk_soc"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); @@ -280,7 +280,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " WHERE s.rowid = ff.fk_soc"; $sql .= " AND ff.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND ff.fk_soc = ".((int) $socid); @@ -592,7 +592,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/localtax/card.php b/htdocs/compta/localtax/card.php index 451007932d7..e2a96f4fb5b 100644 --- a/htdocs/compta/localtax/card.php +++ b/htdocs/compta/localtax/card.php @@ -196,11 +196,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php index 03acd9d88eb..0f49b8d5823 100644 --- a/htdocs/compta/paiement.php +++ b/htdocs/compta/paiement.php @@ -529,14 +529,14 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie $sql .= ' f.datef as df, f.fk_soc as socid, f.date_lim_reglement as dlr'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture as f'; $sql .= ' WHERE f.entity IN ('.getEntity('facture').')'; - $sql .= ' AND (f.fk_soc = '.$facture->socid; + $sql .= ' AND (f.fk_soc = '.((int) $facture->socid); // Can pay invoices of all child of parent company if (!empty($conf->global->FACTURE_PAYMENTS_ON_DIFFERENT_THIRDPARTIES_BILLS) && !empty($facture->thirdparty->parent)) { - $sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.$facture->thirdparty->parent.')'; + $sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.((int) $facture->thirdparty->parent).')'; } // Can pay invoices of all child of myself if (!empty($conf->global->FACTURE_PAYMENTS_ON_SUBSIDIARY_COMPANIES)) { - $sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.$facture->thirdparty->id.')'; + $sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.((int) $facture->thirdparty->id).')'; } $sql .= ') AND f.paye = 0'; $sql .= ' AND f.fk_statut = 1'; // Statut=0 => not validated, Statut=2 => canceled @@ -875,7 +875,7 @@ if (!GETPOST('action', 'aZ09')) { $sql .= ' AND f.fk_soc = '.((int) $socid); } - $sql .= ' ORDER BY '.$sortfield.' '.$sortorder; + $sql .= $db->order($sortfield, $sortorder); $sql .= $db->plimit($limit + 1, $offset); $resql = $db->query($sql); diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index 2b65ad4a84a..ed8ec522aea 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -126,7 +126,7 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture $sql .= ' WHERE pf.fk_facture = f.rowid'; $sql .= ' AND f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; - $sql .= ' AND pf.fk_paiement = '.$object->id; + $sql .= ' AND pf.fk_paiement = '.((int) $object->id); $resql = $db->query($sql); if ($resql) { $i = 0; @@ -342,7 +342,7 @@ $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf,'.MAIN_DB_PREFIX.'factur $sql .= ' WHERE pf.fk_facture = f.rowid'; $sql .= ' AND f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; -$sql .= ' AND pf.fk_paiement = '.$object->id; +$sql .= ' AND pf.fk_paiement = '.((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 32f81532ecf..0092e731046 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -538,7 +538,7 @@ if ($action == 'new') { print ''; print ''; print $form->selectDate($object->date_bordereau, 'datecreate_', '', '', '', "setdate"); - print ''; + print ''; print ''; } else { print $object->date_bordereau ? dol_print_date($object->date_bordereau, 'day') : ' '; @@ -563,7 +563,7 @@ if ($action == 'new') { print ''; print ''; print ''; - print ''; + print ''; print ''; } else diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 0c05a1bc03a..fe967543fdc 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -290,7 +290,7 @@ class RemiseCheque extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -305,7 +305,7 @@ class RemiseCheque extends CommonObject if ($this->errno === 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; $sql .= " SET fk_bordereau = 0"; - $sql .= " WHERE fk_bordereau = ".$this->id; + $sql .= " WHERE fk_bordereau = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -344,7 +344,7 @@ class RemiseCheque extends CommonObject if ($this->errno == 0 && $numref) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET statut = 1, ref = '".$this->db->escape($numref)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $sql .= " AND statut = 0"; @@ -585,7 +585,7 @@ class RemiseCheque extends CommonObject $sql .= ", ".MAIN_DB_PREFIX."bordereau_cheque as bc"; $sql .= " WHERE b.fk_account = ba.rowid"; $sql .= " AND b.fk_bordereau = bc.rowid"; - $sql .= " AND bc.rowid = ".$this->id; + $sql .= " AND bc.rowid = ".((int) $this->id); $sql .= " AND bc.entity = ".$conf->entity; $sql .= " ORDER BY b.dateo ASC, b.rowid ASC"; @@ -647,7 +647,7 @@ class RemiseCheque extends CommonObject $nb = 0; $sql = "SELECT amount "; $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_bordereau = ".$this->id; + $sql .= " WHERE fk_bordereau = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -661,7 +661,7 @@ class RemiseCheque extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET amount = ".price2num($total); $sql .= ", nbcheque = ".((int) $nb); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -851,7 +851,7 @@ class RemiseCheque extends CommonObject if ($user->rights->banque->cheque) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET date_bordereau = ".($date ? "'".$this->db->idate($date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("RemiseCheque::set_date", LOG_DEBUG); $resql = $this->db->query($sql); @@ -880,8 +880,8 @@ class RemiseCheque extends CommonObject // phpcs:enable if ($user->rights->banque->cheque) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql .= " SET ref = '".$ref."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET ref = '".$this->db->escape($ref)."'"; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("RemiseCheque::set_number", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/class/cpaiement.class.php b/htdocs/compta/paiement/class/cpaiement.class.php index e9623f55c11..1c7abf71c3b 100644 --- a/htdocs/compta/paiement/class/cpaiement.class.php +++ b/htdocs/compta/paiement/class/cpaiement.class.php @@ -273,7 +273,7 @@ class Cpaiement $sql .= ' active = '.(isset($this->active) ? $this->active : "null").','; $sql .= ' accountancy_code = '.(isset($this->accountancy_code) ? "'".$this->db->escape($this->accountancy_code)."'" : "null").','; $sql .= ' module = '.(isset($this->module) ? "'".$this->db->escape($this->module)."'" : "null"); - $sql .= ' WHERE id='.$this->id; + $sql .= ' WHERE id = '.((int) $this->id); $this->db->begin(); @@ -334,7 +334,7 @@ class Cpaiement if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE id='.$this->id; + $sql .= ' WHERE id = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index f31d66a2f6d..3e1dc59a52e 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -292,8 +292,8 @@ class Paiement extends CommonObject $note = ($this->note_private ? $this->note_private : $this->note); $sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement (entity, ref, ref_ext, datec, datep, amount, multicurrency_amount, fk_paiement, num_paiement, note, ext_payment_id, ext_payment_site, fk_user_creat, pos_change)"; - $sql .= " VALUES (".$conf->entity.", '".$this->db->escape($this->ref)."', '".$this->db->escape($this->ref_ext)."', '".$this->db->idate($now)."', '".$this->db->idate($this->datepaye)."', ".$total.", ".$mtotal.", ".$this->paiementid.", "; - $sql .= "'".$this->db->escape($num_payment)."', '".$this->db->escape($note)."', ".($this->ext_payment_id ? "'".$this->db->escape($this->ext_payment_id)."'" : "null").", ".($this->ext_payment_site ? "'".$this->db->escape($this->ext_payment_site)."'" : "null").", ".$user->id.", ".((float) $this->pos_change).")"; + $sql .= " VALUES (".((int) $conf->entity).", '".$this->db->escape($this->ref)."', '".$this->db->escape($this->ref_ext)."', '".$this->db->idate($now)."', '".$this->db->idate($this->datepaye)."', ".((float) $total).", ".((float) $mtotal).", ".((int) $this->paiementid).", "; + $sql .= "'".$this->db->escape($num_payment)."', '".$this->db->escape($note)."', ".($this->ext_payment_id ? "'".$this->db->escape($this->ext_payment_id)."'" : "null").", ".($this->ext_payment_site ? "'".$this->db->escape($this->ext_payment_site)."'" : "null").", ".((int) $user->id).", ".((float) $this->pos_change).")"; $resql = $this->db->query($sql); if ($resql) { @@ -305,7 +305,7 @@ class Paiement extends CommonObject if (is_numeric($amount) && $amount <> 0) { $amount = price2num($amount); $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiement_facture (fk_facture, fk_paiement, amount, multicurrency_amount)'; - $sql .= ' VALUES ('.$facid.', '.$this->id.', \''.$amount.'\', \''.$this->multicurrency_amounts[$key].'\')'; + $sql .= ' VALUES ('.((int) $facid).', '.((int) $this->id).", ".((float) $amount).", ".((float) $this->multicurrency_amounts[$key]).')'; dol_syslog(get_class($this).'::create Amount line '.$key.' insert paiement_facture', LOG_DEBUG); $resql = $this->db->query($sql); @@ -533,12 +533,12 @@ class Paiement extends CommonObject // Delete payment (into paiement_facture and paiement) $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiement_facture'; - $sql .= ' WHERE fk_paiement = '.$this->id; + $sql .= ' WHERE fk_paiement = '.((int) $this->id); dol_syslog($sql); $result = $this->db->query($sql); if ($result) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiement'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog($sql); $result = $this->db->query($sql); if (!$result) { @@ -756,7 +756,7 @@ class Paiement extends CommonObject { // phpcs:enable $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.((int) $id_bank); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::update_fk_bank', LOG_DEBUG); $result = $this->db->query($sql); @@ -788,7 +788,7 @@ class Paiement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET datep = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -800,7 +800,7 @@ class Paiement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.'bank'; $sql .= " SET dateo = '".$this->db->idate($date)."', datev = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".$this->id.")"; + $sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".((int) $this->id).")"; $sql .= " AND rappro = 0"; $result = $this->db->query($sql); @@ -839,7 +839,7 @@ class Paiement extends CommonObject if (!empty($num) && $this->statut != 1) { $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET num_paiement = '".$this->db->escape($num)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_num", LOG_DEBUG); $result = $this->db->query($sql); @@ -956,7 +956,7 @@ class Paiement extends CommonObject { $sql = 'SELECT pf.fk_facture'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf, '.MAIN_DB_PREFIX.'facture as f'; // We keep link on invoice to allow use of some filters on invoice - $sql .= ' WHERE pf.fk_facture = f.rowid AND pf.fk_paiement = '.$this->id; + $sql .= ' WHERE pf.fk_facture = f.rowid AND pf.fk_paiement = '.((int) $this->id); if ($filter) { $sql .= ' AND '.$filter; } @@ -989,7 +989,7 @@ class Paiement extends CommonObject { $sql = 'SELECT pf.fk_facture, pf.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf'; - $sql .= ' WHERE pf.fk_paiement = '.$this->id; + $sql .= ' WHERE pf.fk_paiement = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $i = 0; diff --git a/htdocs/compta/paiement/list.php b/htdocs/compta/paiement/list.php index ee847603954..d1a94f5e690 100644 --- a/htdocs/compta/paiement/list.php +++ b/htdocs/compta/paiement/list.php @@ -209,7 +209,7 @@ if (GETPOST("orphelins", "alpha")) { } $sql .= " WHERE p.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/payment_sc/card.php b/htdocs/compta/payment_sc/card.php index c75974077c3..27a35e83352 100644 --- a/htdocs/compta/payment_sc/card.php +++ b/htdocs/compta/payment_sc/card.php @@ -170,7 +170,7 @@ $sql = 'SELECT f.rowid as scid, f.libelle as label, f.paye, f.amount as sc_amoun $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementcharge as pf,'.MAIN_DB_PREFIX.'chargesociales as f, '.MAIN_DB_PREFIX.'c_chargesociales as pc'; $sql .= ' WHERE pf.fk_charge = f.rowid AND f.fk_type = pc.id'; $sql .= ' AND f.entity = '.$conf->entity; -$sql .= ' AND pf.rowid = '.$object->id; +$sql .= ' AND pf.rowid = '.((int) $object->id); dol_syslog("compta/payment_sc/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/compta/payment_vat/card.php b/htdocs/compta/payment_vat/card.php index 1b615bcbb8d..bfa14009380 100644 --- a/htdocs/compta/payment_vat/card.php +++ b/htdocs/compta/payment_vat/card.php @@ -227,7 +227,7 @@ $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_vat as pf,'.MAIN_DB_PREFIX.'tva as f'; $sql .= ' WHERE pf.fk_tva = f.rowid'; //$sql .= ' AND f.fk_type = pc.id'; $sql .= ' AND f.entity = '.$conf->entity; -$sql .= ' AND pf.rowid = '.$object->id; +$sql .= ' AND pf.rowid = '.((int) $object->id); dol_syslog("compta/payment_vat/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/compta/paymentbybanktransfer/index.php b/htdocs/compta/paymentbybanktransfer/index.php index 5d76ae4d8b4..25763dd8339 100644 --- a/htdocs/compta/paymentbybanktransfer/index.php +++ b/htdocs/compta/paymentbybanktransfer/index.php @@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; $sql .= " AND pfd.fk_facture_fourn = f.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 1b6afa3cffe..ed7ecae5cf9 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -203,7 +203,7 @@ class BonPrelevement extends CommonObject */ $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); $sql .= " AND fk_soc =".((int) $client_id); $sql .= " AND code_banque = '".$this->db->escape($code_banque)."'"; $sql .= " AND code_guichet = '".$this->db->escape($code_guichet)."'"; @@ -348,8 +348,8 @@ class BonPrelevement extends CommonObject if ($this->db->begin()) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET statut = ".self::STATUS_TRANSFERED; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $result = $this->db->query($sql); if (!$result) { @@ -374,7 +374,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes"; $sql .= " SET statut = 2"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::set_credite Erreur 1"); @@ -429,7 +429,7 @@ class BonPrelevement extends CommonObject $sql .= ", statut = ".self::STATUS_CREDITED; $sql .= ", date_credit = '".$this->db->idate($date)."'"; $sql .= " WHERE rowid=".((int) $this->id); - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND statut = ".self::STATUS_TRANSFERED; $resql = $this->db->query($sql); @@ -528,7 +528,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes"; $sql .= " SET statut = 2"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::set_infocredit Update lines Error"); @@ -582,8 +582,8 @@ class BonPrelevement extends CommonObject $sql .= " , date_trans = '".$this->db->idate($date)."'"; $sql .= " , method_trans = ".((int) $method); $sql .= " , statut = ".self::STATUS_TRANSFERED; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND statut = 0"; if ($this->db->query($sql)) { @@ -646,8 +646,8 @@ class BonPrelevement extends CommonObject $sql .= " , ".MAIN_DB_PREFIX."prelevement_facture as pf"; $sql .= " WHERE pf.fk_prelevement_lignes = pl.rowid"; $sql .= " AND pl.fk_prelevement_bons = p.rowid"; - $sql .= " AND p.rowid = ".$this->id; - $sql .= " AND p.entity = ".$conf->entity; + $sql .= " AND p.rowid = ".((int) $this->id); + $sql .= " AND p.entity = ".((int) $conf->entity); if ($amounts) { if ($this->type == 'bank-transfer') { $sql .= " GROUP BY fk_facture_fourn"; @@ -868,7 +868,7 @@ class BonPrelevement extends CommonObject $sql .= " AND f.total_ttc > 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; - dol_syslog(__METHOD__."::Read invoices, sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__."::Read invoices,", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -989,10 +989,10 @@ class BonPrelevement extends CommonObject $sql = "SELECT substring(ref from char_length(ref) - 1)"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " WHERE ref LIKE '%".$this->db->escape($ref)."%'"; - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " ORDER BY ref DESC LIMIT 1"; - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande"; $sql .= " SET traite = 1"; $sql .= ", date_traite = '".$this->db->idate($now)."'"; - $sql .= ", fk_prelevement_bons = ".$this->id; + $sql .= ", fk_prelevement_bons = ".((int) $this->id); $sql .= " WHERE rowid = ".((int) $fac[1]); $resql = $this->db->query($sql); @@ -1141,7 +1141,7 @@ class BonPrelevement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET amount = ".price2num($this->total); $sql .= " WHERE rowid = ".((int) $this->id); - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { @@ -1205,7 +1205,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id.")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id).")"; $resql1 = $this->db->query($sql); if (!$resql1) { dol_print_error($this->db); @@ -1213,7 +1213,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id); $resql2 = $this->db->query($sql); if (!$resql2) { dol_print_error($this->db); @@ -1221,7 +1221,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".((int) $this->id); $resql3 = $this->db->query($sql); if (!$resql3) { dol_print_error($this->db); @@ -1229,7 +1229,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".((int) $this->id); $resql4 = $this->db->query($sql); if (!$resql4) { dol_print_error($this->db); @@ -1341,18 +1341,14 @@ class BonPrelevement extends CommonObject } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Delete a notification def by id * * @param int $rowid id of notification * @return int 0 if OK, <0 if KO */ - public function DeleteNotificationById($rowid) + public function deleteNotificationById($rowid) { - // phpcs:enable - $result = 0; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; $sql .= " WHERE rowid = ".((int) $rowid); @@ -1363,21 +1359,23 @@ class BonPrelevement extends CommonObject } } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Delete a notification * - * @param int $user notification user - * @param string $action notification action - * @return int >0 if OK, <0 if KO + * @param int|User $user notification user + * @param string $action notification action + * @return int >0 if OK, <0 if KO */ - public function DeleteNotification($user, $action) + public function deleteNotification($user, $action) { - // phpcs:enable - $result = 0; + if (is_object($user)) { + $userid = $user->id; + } else { // If user is an id + $userid = $user; + } $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; - $sql .= " WHERE fk_user=".$user." AND fk_action='".$this->db->escape($action)."'"; + $sql .= " WHERE fk_user=".((int) $userid)." AND fk_action='".$this->db->escape($action)."'"; if ($this->db->query($sql)) { return 0; @@ -1390,28 +1388,34 @@ class BonPrelevement extends CommonObject /** * Add a notification * - * @param DoliDB $db database handler - * @param int $user notification user - * @param string $action notification action - * @return int 0 if OK, <0 if KO + * @param DoliDB $db database handler + * @param int|User $user notification user + * @param string $action notification action + * @return int 0 if OK, <0 if KO */ - public function AddNotification($db, $user, $action) + public function addNotification($db, $user, $action) { // phpcs:enable $result = 0; - if ($this->DeleteNotification($user, $action) == 0) { + if (is_object($user)) { + $userid = $user->id; + } else { // If user is an id + $userid = $user; + } + + if ($this->deleteNotification($user, $action) == 0) { $now = dol_now(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec,fk_user, fk_soc, fk_contact, fk_action)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$user.", 'NULL', 'NULL', '".$this->db->escape($action)."')"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $userid).", 'NULL', 'NULL', '".$this->db->escape($action)."')"; dol_syslog("adnotiff: ".$sql); if ($this->db->query($sql)) { $result = 0; } else { $result = -1; - dol_syslog(get_class($this)."::AddNotification Error $result"); + dol_syslog(get_class($this)."::addNotification Error $result"); } } @@ -1491,7 +1495,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."societe as soc,"; $sql .= " ".MAIN_DB_PREFIX."c_country as c,"; $sql .= " ".MAIN_DB_PREFIX."societe_rib as rib"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture = f.rowid"; $sql .= " AND f.fk_soc = soc.rowid"; @@ -1607,7 +1611,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."societe as soc,"; $sql .= " ".MAIN_DB_PREFIX."c_country as c,"; $sql .= " ".MAIN_DB_PREFIX."societe_rib as rib"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture_fourn = f.rowid"; $sql .= " AND f.fk_soc = soc.rowid"; @@ -1697,7 +1701,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,"; $sql .= " ".MAIN_DB_PREFIX."facture as f,"; $sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture = f.rowid"; @@ -1723,7 +1727,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,"; $sql .= " ".MAIN_DB_PREFIX."facture_fourn as f,"; $sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture_fourn = f.rowid"; diff --git a/htdocs/compta/prelevement/class/rejetprelevement.class.php b/htdocs/compta/prelevement/class/rejetprelevement.class.php index db92da8ce90..c10b0de662c 100644 --- a/htdocs/compta/prelevement/class/rejetprelevement.class.php +++ b/htdocs/compta/prelevement/class/rejetprelevement.class.php @@ -100,7 +100,7 @@ class RejetPrelevement $facs = $this->getListInvoices(1); require_once DOL_DOCUMENT_ROOT.'/compta/prelevement/class/ligneprelevement.class.php'; - $lipre = new LignePrelevement($this->db, $user); + $lipre = new LignePrelevement($this->db); $lipre->fetch($id); $this->db->begin(); @@ -222,8 +222,8 @@ class RejetPrelevement $sql = "SELECT fk_user_demande"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; - $sql .= " WHERE pfd.fk_prelevement_bons = ".$this->bon_id; - $sql .= " AND pfd.fk_facture".($this->type == 'bank-transfer' ? '_fourn=' : '=').$fac->id; + $sql .= " WHERE pfd.fk_prelevement_bons = ".((int) $this->bon_id); + $sql .= " AND pfd.fk_facture".($this->type == 'bank-transfer' ? '_fourn' : '').' = '.((int) $fac->id); $resql = $this->db->query($sql); if ($resql) { @@ -296,7 +296,7 @@ class RejetPrelevement $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as f ON (pf.fk_facture = f.rowid)"; } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."prelevement_lignes as pl ON (pf.fk_prelevement_lignes = pl.rowid)"; - $sql .= " WHERE pf.fk_prelevement_lignes = ".$this->id; + $sql .= " WHERE pf.fk_prelevement_lignes = ".((int) $this->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $resql = $this->db->query($sql); diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index 6f045f3ca74..52b5427be16 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -260,13 +260,13 @@ if ($nb) { print ''; print ''; } - print ''; + print ''; } else { $title = $langs->trans("CreateAll"); if ($type == 'bank-transfer') { $title = $langs->trans("CreateFileForPaymentByBankTransfer"); } - print ''.$title."\n"; + print ''.$title."\n"; } } else { if ($mysoc->isInEEC()) { diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php index 266097f7a2d..0230e4cb726 100644 --- a/htdocs/compta/prelevement/demandes.php +++ b/htdocs/compta/prelevement/demandes.php @@ -138,7 +138,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.rowid = f.fk_soc"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php index 11c38bbb044..c0f89a7e046 100644 --- a/htdocs/compta/prelevement/index.php +++ b/htdocs/compta/prelevement/index.php @@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; $sql .= " AND pfd.fk_facture = f.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index 5aca25466a3..f2f192271ac 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -614,9 +614,9 @@ if ($modecompta == 'BOOKKEEPING') { } } - $sql .= " AND f.entity = ".$conf->entity; + $sql .= " AND f.entity = ".((int) $conf->entity); if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY name, socid"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/compta/sociales/card.php b/htdocs/compta/sociales/card.php index 7454f61f6de..bcfa574d696 100644 --- a/htdocs/compta/sociales/card.php +++ b/htdocs/compta/sociales/card.php @@ -399,7 +399,7 @@ if ($action == 'create') { print dol_get_fiche_end(); print '
'; - print ''; + print ''; print '     '; print ''; print '
'; diff --git a/htdocs/compta/sociales/class/cchargesociales.class.php b/htdocs/compta/sociales/class/cchargesociales.class.php index ee9a270b283..d03132b04f7 100644 --- a/htdocs/compta/sociales/class/cchargesociales.class.php +++ b/htdocs/compta/sociales/class/cchargesociales.class.php @@ -329,7 +329,7 @@ class Cchargesociales if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE id='.$this->id; + $sql .= ' WHERE id = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php index 1977ac9791b..a7c6ab2c593 100644 --- a/htdocs/compta/sociales/class/chargesociales.class.php +++ b/htdocs/compta/sociales/class/chargesociales.class.php @@ -301,7 +301,7 @@ class ChargeSociales extends CommonObject // Delete payments if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -445,7 +445,7 @@ class ChargeSociales extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."chargesociales SET"; $sql .= " paye = 1"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -480,7 +480,7 @@ class ChargeSociales extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."chargesociales SET"; $sql .= " paye = 0"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -642,7 +642,7 @@ class ChargeSociales extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index 48ba4b06d30..fa95b08faca 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -777,7 +777,7 @@ class PaymentSocialContribution extends CommonObject $type = 'bank'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->bank_line; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->bank_line); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php index a4deec56715..388d0f5a7bf 100644 --- a/htdocs/compta/sociales/list.php +++ b/htdocs/compta/sociales/list.php @@ -209,10 +209,10 @@ if (!empty($search_users)) { $sql .= ' AND cs.fk_user IN('.implode(', ', $search_users).')'; } if (!empty($search_type) && $search_type > 0) { - $sql .= ' AND cs.fk_mode_reglement='.$search_type; + $sql .= ' AND cs.fk_mode_reglement='.((int) $search_type); } if (!empty($search_account) && $search_account > 0) { - $sql .= ' AND cs.fk_account='.$search_account; + $sql .= ' AND cs.fk_account='.((int) $search_account); } if ($search_amount) { $sql .= natural_search("cs.amount", $search_amount, 1); diff --git a/htdocs/compta/stats/byratecountry.php b/htdocs/compta/stats/byratecountry.php index d65bed019fc..afc56532fdf 100644 --- a/htdocs/compta/stats/byratecountry.php +++ b/htdocs/compta/stats/byratecountry.php @@ -306,7 +306,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " fd.product_type AS product_type,"; $sql .= " cc.code, cc.label AS country,"; for ($i = 1; $i <= 12; $i++) { - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$i, 'fd.total_ht', '0').") AS month".str_pad($i, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$i, "fd.total_ht", "0").") AS month".str_pad($i, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -325,7 +325,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " GROUP BY fd.tva_tx,fd.product_type, cc.label, cc.code "; $sql .= " ORDER BY country, product_type, vatrate"; - dol_syslog("htdocs/compta/tva/index.php sql=".$sql, LOG_DEBUG); + dol_syslog("htdocs/compta/tva/index.php", LOG_DEBUG); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -393,7 +393,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql2 .= " ffd.product_type AS product_type,"; $sql2 .= " cc.code, cc.label AS country,"; for ($i = 1; $i <= 12; $i++) { - $sql2 .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$i, 'ffd.total_ht', '0').") AS month".str_pad($i, 2, '0', STR_PAD_LEFT).","; + $sql2 .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$i, "ffd.total_ht", "0").") AS month".str_pad($i, 2, "0", STR_PAD_LEFT).","; } $sql2 .= " SUM(ffd.total_ht) as total"; $sql2 .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; @@ -413,7 +413,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql2 .= " ORDER BY country, product_type, vatrate"; //print $sql2; - dol_syslog("htdocs/compta/tva/index.php sql=".$sql, LOG_DEBUG); + dol_syslog("htdocs/compta/tva/index.php", LOG_DEBUG); $resql2 = $db->query($sql2); if ($resql2) { $num = $db->num_rows($resql2); diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index daf5afb025e..a093a086050 100755 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -726,12 +726,9 @@ if ($id) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '   '; - print ''; - print '
'; - print "\n"; + print $form->buttonsSaveCancel(); + + print ""; } /* diff --git a/htdocs/compta/tva/class/paymentvat.class.php b/htdocs/compta/tva/class/paymentvat.class.php index bc234b4516e..8eaf141b06c 100644 --- a/htdocs/compta/tva/class/paymentvat.class.php +++ b/htdocs/compta/tva/class/paymentvat.class.php @@ -620,7 +620,7 @@ class PaymentVAT extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index 45d3d2e74b4..38da3c21eae 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -247,7 +247,7 @@ class Tva extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."tva SET"; $sql .= " paye = 1"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { return 1; @@ -267,7 +267,7 @@ class Tva extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."tva SET"; $sql .= " paye = 0"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { return 1; @@ -768,7 +768,7 @@ class Tva extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/tva/list.php b/htdocs/compta/tva/list.php index 1dc0180bd60..8c12dbfd704 100644 --- a/htdocs/compta/tva/list.php +++ b/htdocs/compta/tva/list.php @@ -161,16 +161,16 @@ if (!empty($search_label)) { $sql .= natural_search('t.label', $search_label); } if (!empty($search_dateend_start)) { - $sql .= ' AND t.datev >= "'.$db->idate($search_dateend_start).'"'; + $sql .= " AND t.datev >= '".$db->idate($search_dateend_start)."'"; } if (!empty($search_dateend_end)) { - $sql .= ' AND t.datev <= "'.$db->idate($search_dateend_end).'"'; + $sql .= " AND t.datev <= '".$db->idate($search_dateend_end)."'"; } if (!empty($search_datepayment_start)) { - $sql .= ' AND t.datep >= "'.$db->idate($search_datepayment_start).'"'; + $sql .= " AND t.datep >= '".$db->idate($search_datepayment_start)."'"; } if (!empty($search_datepayment_end)) { - $sql .= ' AND t.datep <= "'.$db->idate($search_datepayment_end).'"'; + $sql .= " AND t.datep <= '".$db->idate($search_datepayment_end)."'"; } if (!empty($search_type) && $search_type > 0) { $sql .= ' AND t.fk_typepayment = '.((int) $search_type); diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 469869f00e9..13096ddcd40 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -883,16 +883,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - if (!empty($backtopage)) { - print '     '; - print ''; - } else { - print '     '; - print ''; - } - print '
'; + print $form->buttonsSaveCancel("Add"); print ""; } elseif ($action == 'edit' && !empty($id)) { @@ -1220,11 +1211,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ""; } diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 165a7bf7bc3..066ee681f7a 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -385,13 +385,13 @@ class Contact extends CommonObject if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= ", ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); $clause = "AND"; } - $sql .= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')'; - $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))"; + $sql .= " ".$clause." sp.entity IN (".getEntity($this->element).")"; + $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat = ".((int) $user->id)."))"; if ($user->socid > 0) { - $sql .= " AND sp.fk_soc = ".$user->socid; + $sql .= " AND sp.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -595,7 +595,7 @@ class Contact extends CommonObject $sql .= ", fk_user_modif=".($user->id > 0 ? "'".$this->db->escape($user->id)."'" : "NULL"); $sql .= ", default_lang=".($this->default_lang ? "'".$this->db->escape($this->default_lang)."'" : "NULL"); $sql .= ", entity = ".((int) $this->entity); - $sql .= " WHERE rowid=".((int) $id); + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); @@ -871,12 +871,12 @@ class Contact extends CommonObject // Mis a jour contact $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET"; - $sql .= " birthday=".($this->birthday ? "'".$this->db->idate($this->birthday)."'" : "null"); + $sql .= " birthday = ".($this->birthday ? "'".$this->db->idate($this->birthday)."'" : "null"); $sql .= ", photo = ".($this->photo ? "'".$this->db->escape($this->photo)."'" : "null"); if ($user) { - $sql .= ", fk_user_modif=".$user->id; + $sql .= ", fk_user_modif = ".((int) $user->id); } - $sql .= " WHERE rowid=".$this->db->escape($id); + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::update_perso this->birthday=".$this->birthday." -", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1068,7 +1068,7 @@ class Contact extends CommonObject // Search Dolibarr user linked to this contact $sql = "SELECT u.rowid "; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE u.fk_socpeople = ".$this->id; + $sql .= " WHERE u.fk_socpeople = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1091,7 +1091,7 @@ class Contact extends CommonObject if ($user) { $sql = "SELECT fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."user_alert"; - $sql .= " WHERE fk_user = ".$user->id." AND fk_contact = ".$this->db->escape($id); + $sql .= " WHERE fk_user = ".((int) $user->id)." AND fk_contact = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { @@ -1162,7 +1162,7 @@ class Contact extends CommonObject $sql = "SELECT tc.element, count(ec.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as tc"; $sql .= " WHERE ec.fk_c_type_contact = tc.rowid"; - $sql .= " AND fk_socpeople = ".$this->id; + $sql .= " AND fk_socpeople = ".((int) $this->id); $sql .= " AND tc.source = 'external'"; $sql .= " GROUP BY tc.element"; @@ -1211,7 +1211,7 @@ class Contact extends CommonObject $sql = "SELECT ec.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."element_contact ec,"; $sql .= " ".MAIN_DB_PREFIX."c_type_contact tc"; - $sql .= " WHERE ec.fk_socpeople=".$this->id; + $sql .= " WHERE ec.fk_socpeople=".((int) $this->id); $sql .= " AND ec.fk_c_type_contact=tc.rowid"; $sql .= " AND tc.source='external'"; dol_syslog(__METHOD__, LOG_DEBUG); @@ -1242,7 +1242,7 @@ class Contact extends CommonObject if (!$error) { // Remove Roles - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1254,7 +1254,7 @@ class Contact extends CommonObject if (!$error) { // Remove Roles - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1266,7 +1266,7 @@ class Contact extends CommonObject if (!$error) { // Remove category - $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1278,7 +1278,7 @@ class Contact extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople"; - $sql .= " WHERE rowid=".((int) $this->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); if (!$result) { @@ -1727,7 +1727,7 @@ class Contact extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."societe_contacts as sc, ".MAIN_DB_PREFIX."c_type_contact as tc"; $sql .= " WHERE tc.rowid = sc.fk_c_type_contact"; $sql .= " AND tc.source = 'external' AND tc.active=1"; - $sql .= " AND sc.fk_socpeople = ".$this->id; + $sql .= " AND sc.fk_socpeople = ".((int) $this->id); $sql .= " AND sc.entity IN (".getEntity('societe').')'; $resql = $this->db->query($sql); @@ -2040,7 +2040,7 @@ class Contact extends CommonObject $obj = $this->db->fetch_object($resql); $noemail = $obj->nb; if (empty($noemail)) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".$this->db->escape(getEntity('mailing', 0)).", '".$this->db->idate(dol_now())."')"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".getEntity('mailing', 0).", '".$this->db->idate(dol_now())."')"; $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -2054,7 +2054,7 @@ class Contact extends CommonObject $this->errors[] = $this->error; } } else { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity = ".$this->db->escape(getEntity('mailing', 0)); + $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity IN (".getEntity('mailing', 0).")"; $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/contact/ldap.php b/htdocs/contact/ldap.php index 6677a7b17d7..79696d12997 100644 --- a/htdocs/contact/ldap.php +++ b/htdocs/contact/ldap.php @@ -178,7 +178,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } $ldap->unbind(); diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index e5a9ab3f0d6..be5685615d7 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -89,6 +89,7 @@ $search_categ_thirdparty = GETPOST("search_categ_thirdparty", 'int'); $search_categ_supplier = GETPOST("search_categ_supplier", 'int'); $search_status = GETPOST("search_status", 'int'); $search_type = GETPOST('search_type', 'alpha'); +$search_address = GETPOST('search_address', 'alpha'); $search_zip = GETPOST('search_zip', 'alpha'); $search_town = GETPOST('search_town', 'alpha'); $search_import_key = GETPOST("search_import_key", "alpha"); @@ -260,6 +261,7 @@ if (empty($reshook)) { $search_firstname = ""; $search_societe = ""; $search_town = ""; + $search_address = ""; $search_zip = ""; $search_country = ""; $search_poste = ""; @@ -353,7 +355,7 @@ if ($resql) { } $sql = "SELECT s.rowid as socid, s.nom as name,"; -$sql .= " p.rowid, p.lastname as lastname, p.statut, p.firstname, p.zip, p.town, p.poste, p.email, p.no_email,"; +$sql .= " p.rowid, p.lastname as lastname, p.statut, p.firstname, p.address, p.zip, p.town, p.poste, p.email, p.no_email,"; $sql .= " p.socialnetworks, p.photo,"; $sql .= " p.phone as phone_pro, p.phone_mobile, p.phone_perso, p.fax, p.fk_pays, p.priv, p.datec as date_creation, p.tms as date_update,"; $sql .= " st.libelle as stcomm, st.picto as stcomm_picto, p.fk_stcommcontact as stcomm_id, p.fk_prospectcontactlevel,"; @@ -361,7 +363,7 @@ $sql .= " co.label as country, co.code as country_code"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -389,7 +391,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= ' WHERE p.entity IN ('.getEntity('socpeople').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND (sc.fk_user = ".$user->id." OR p.fk_soc IS NULL)"; + $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR p.fk_soc IS NULL)"; } if (!empty($userid)) { // propre au commercial $sql .= " AND p.fk_user_creat=".((int) $userid); @@ -403,13 +405,13 @@ if ($search_stcomm != '' && $search_stcomm != -2) { // Filter to exclude not owned private contacts if ($search_priv != '0' && $search_priv != '1') { - $sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".$user->id."))"; + $sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".((int) $user->id)."))"; } else { if ($search_priv == '0') { $sql .= " AND p.priv='0'"; } if ($search_priv == '1') { - $sql .= " AND (p.priv='1' AND p.fk_user_creat=".$user->id.")"; + $sql .= " AND (p.priv='1' AND p.fk_user_creat=".((int) $user->id).")"; } } @@ -478,13 +480,16 @@ if (strlen($search_fax)) { if (!empty($conf->socialnetworks->enabled)) { foreach ($socialnetworks as $key => $value) { if ($value['active'] && strlen($search_[$key])) { - $sql .= ' AND p.socialnetworks LIKE \'%"'.$key.'":"'.$search_[$key].'%\''; + $sql .= " AND p.socialnetworks LIKE '%\"".$key."\":\"".$search_[$key]."%'"; } } } if (strlen($search_email)) { $sql .= natural_search('p.email', $search_email); } +if (strlen($search_address)) { + $sql .= natural_search("p.address", $search_address); +} if (strlen($search_zip)) { $sql .= natural_search("p.zip", $search_zip); } @@ -594,6 +599,9 @@ if ($search_firstname != '') { if ($search_societe != '') { $param .= '&search_societe='.urlencode($search_societe); } +if ($search_address != '') { + $param .= '&search_address='.urlencode($search_address); +} if ($search_zip != '') { $param .= '&search_zip='.urlencode($search_zip); } @@ -775,6 +783,11 @@ if (!empty($arrayfields['p.poste']['checked'])) { print ''; print ''; } +if (!empty($arrayfields['p.address']['checked'])) { + print ''; + print ''; + print ''; +} if (!empty($arrayfields['p.zip']['checked'])) { print ''; print ''; @@ -923,6 +936,9 @@ if (!empty($arrayfields['p.firstname']['checked'])) { if (!empty($arrayfields['p.poste']['checked'])) { print_liste_field_titre($arrayfields['p.poste']['label'], $_SERVER["PHP_SELF"], "p.poste", $begin, $param, '', $sortfield, $sortorder); } +if (!empty($arrayfields['p.address']['checked'])) { + print_liste_field_titre($arrayfields['p.address']['label'], $_SERVER["PHP_SELF"], "p.address", $begin, $param, '', $sortfield, $sortorder); +} if (!empty($arrayfields['p.zip']['checked'])) { print_liste_field_titre($arrayfields['p.zip']['label'], $_SERVER["PHP_SELF"], "p.zip", $begin, $param, '', $sortfield, $sortorder); } @@ -1016,6 +1032,7 @@ while ($i < min($num, $limit)) { $contactstatic->phone_pro = $obj->phone_pro; $contactstatic->phone_perso = $obj->phone_perso; $contactstatic->phone_mobile = $obj->phone_mobile; + $contactstatic->address = $obj->address; $contactstatic->zip = $obj->zip; $contactstatic->town = $obj->town; $contactstatic->socialnetworks = $arraysocialnetworks; @@ -1059,6 +1076,13 @@ while ($i < min($num, $limit)) { $totalarray['nbfield']++; } } + // Address + if (!empty($arrayfields['p.address']['checked'])) { + print ''.$obj->address.''; + if (!$i) { + $totalarray['nbfield']++; + } + } // Zip if (!empty($arrayfields['p.zip']['checked'])) { print ''.$obj->zip.''; diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index 261ffebf29c..a5b64e37998 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -205,11 +205,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ""; } else { diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index d5187c6a040..56e3d797086 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -1174,11 +1174,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); if (is_object($objectsrc)) { print ''; @@ -1437,7 +1433,7 @@ if ($action == 'create') { $sql .= " p.rowid as pid, p.ref as pref, p.label as plabel, p.fk_product_type as ptype, p.entity as pentity, p.tosell, p.tobuy, p.tobatch"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid"; - $sql .= " WHERE cd.rowid = ".$object->lines[$cursorline - 1]->id; + $sql .= " WHERE cd.rowid = ".((int) $object->lines[$cursorline - 1]->id); $result = $db->query($sql); if ($result) { diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 5436c55faeb..a7a42ca7350 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -181,6 +181,13 @@ class Contrat extends CommonObject */ public $lines = array(); + public $nbofservices; + public $nbofserviceswait; + public $nbofservicesopened; + public $nbofservicesexpired; + //public $lower_planned_end_date; + //public $higher_planner_end_date; + /** * Maps ContratLigne IDs to $this->lines indexes * @var int[] @@ -429,7 +436,8 @@ class Contrat extends CommonObject foreach ($this->lines as $contratline) { // Close lines not already closed if ($contratline->statut != ContratLigne::STATUS_CLOSED) { - $contratline->date_cloture = $now; + $contratline->date_end_real = $now; + $contratline->date_cloture = $now; // For backward compatibility $contratline->fk_user_cloture = $user->id; $contratline->statut = ContratLigne::STATUS_CLOSED; $result = $contratline->close_line($user, $now, $comment, $notrigger); @@ -499,7 +507,7 @@ class Contrat extends CommonObject if ($num) { $sql = "UPDATE ".MAIN_DB_PREFIX."contrat SET ref = '".$this->db->escape($num)."', statut = 1"; //$sql.= ", fk_user_valid = ".$user->id.", date_valid = '".$this->db->idate($now)."'"; - $sql .= " WHERE rowid = ".$this->id." AND statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND statut = 0"; dol_syslog(get_class($this)."::validate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -599,7 +607,7 @@ class Contrat extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."contrat SET statut = 0"; //$sql.= ", fk_user_valid = null, date_valid = null"; - $sql .= " WHERE rowid = ".$this->id." AND statut = 1"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND statut = 1"; dol_syslog(get_class($this)."::validate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -753,6 +761,7 @@ class Contrat extends CommonObject // phpcs:enable global $langs, $conf, $extrafields; + $this->nbofservices = 0; $this->nbofserviceswait = 0; $this->nbofservicesopened = 0; $this->nbofservicesexpired = 0; @@ -792,7 +801,7 @@ class Contrat extends CommonObject $sql .= " d.fk_unit,"; $sql .= " d.product_type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as d LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid"; - $sql .= " WHERE d.fk_contrat = ".$this->id; + $sql .= " WHERE d.fk_contrat = ".((int) $this->id); $sql .= " ORDER by d.rowid ASC"; dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG); @@ -948,13 +957,13 @@ class Contrat extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."contrat (datec, fk_soc, fk_user_author, date_contrat,"; $sql .= " fk_commercial_signature, fk_commercial_suivi, fk_projet,"; $sql .= " ref, entity, note_private, note_public, ref_customer, ref_supplier, ref_ext)"; - $sql .= " VALUES ('".$this->db->idate($now)."',".$this->socid.",".$user->id; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $this->socid).", ".((int) $user->id); $sql .= ", ".(dol_strlen($this->date_contrat) != 0 ? "'".$this->db->idate($this->date_contrat)."'" : "NULL"); - $sql .= ",".($this->commercial_signature_id > 0 ? $this->commercial_signature_id : "NULL"); - $sql .= ",".($this->commercial_suivi_id > 0 ? $this->commercial_suivi_id : "NULL"); - $sql .= ",".($this->fk_project > 0 ? $this->fk_project : "NULL"); + $sql .= ",".($this->commercial_signature_id > 0 ? ((int) $this->commercial_signature_id) : "NULL"); + $sql .= ",".($this->commercial_suivi_id > 0 ? ((int) $this->commercial_suivi_id) : "NULL"); + $sql .= ",".($this->fk_project > 0 ? ((int) $this->fk_project) : "NULL"); $sql .= ", ".(dol_strlen($this->ref) <= 0 ? "null" : "'".$this->db->escape($this->ref)."'"); - $sql .= ", ".$conf->entity; + $sql .= ", ".((int) $conf->entity); $sql .= ", ".(!empty($this->note_private) ? ("'".$this->db->escape($this->note_private)."'") : "NULL"); $sql .= ", ".(!empty($this->note_public) ? ("'".$this->db->escape($this->note_public)."'") : "NULL"); $sql .= ", ".(!empty($this->ref_customer) ? ("'".$this->db->escape($this->ref_customer)."'") : "NULL"); @@ -1150,11 +1159,11 @@ class Contrat extends CommonObject /* $sql = "DELETE cdl"; $sql.= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd"; - $sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id; + $sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id); */ $sql = "SELECT cdl.rowid as cdlrowid "; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd"; - $sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id; + $sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id); dol_syslog(get_class($this)."::delete contratdet_log", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1188,7 +1197,7 @@ class Contrat extends CommonObject // Delete contratdet extrafields $main = MAIN_DB_PREFIX.'contratdet'; $ef = $main."_extrafields"; - $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".$this->id.")"; + $sql = "DELETE FROM ".$ef." WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_contrat = ".((int) $this->id).")"; dol_syslog(get_class($this)."::delete contratdet_extrafields", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1201,7 +1210,7 @@ class Contrat extends CommonObject if (!$error) { // Delete contratdet $sql = "DELETE FROM ".MAIN_DB_PREFIX."contratdet"; - $sql .= " WHERE fk_contrat=".$this->id; + $sql .= " WHERE fk_contrat=".((int) $this->id); dol_syslog(get_class($this)."::delete contratdet", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1213,7 +1222,7 @@ class Contrat extends CommonObject // Delete llx_ecm_files if (!$error) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? "" : "@".$this->module))."' AND src_object_id = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -2103,9 +2112,9 @@ class Contrat extends CommonObject $sql = "SELECT cd.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd"; - $sql .= " WHERE fk_contrat =".$this->id; + $sql .= " WHERE fk_contrat =".((int) $this->id); if ($status >= 0) { - $sql .= " AND statut = ".$status; + $sql .= " AND statut = ".((int) $status); } dol_syslog(get_class($this)."::array_detail()", LOG_DEBUG); @@ -2137,9 +2146,9 @@ class Contrat extends CommonObject $sql = "SELECT c.rowid, c.ref"; $sql .= " FROM ".MAIN_DB_PREFIX."contrat as c"; - $sql .= " WHERE fk_soc =".$this->socid; + $sql .= " WHERE fk_soc =".((int) $this->socid); if ($option == 'others') { - $sql .= " AND c.rowid != ".$this->id; + $sql .= " AND c.rowid <> ".((int) $this->id); } dol_syslog(get_class($this)."::getOtherContracts()", LOG_DEBUG); @@ -2205,12 +2214,12 @@ class Contrat extends CommonObject //$sql.= " AND cd.date_fin_validite < '".$this->db->idate($datetouse)."'"; } $sql .= " AND c.fk_soc = s.rowid"; - $sql .= " AND c.entity = ".$conf->entity; + $sql .= " AND c.entity = ".((int) $conf->entity); if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $this->db->query($sql); @@ -2279,7 +2288,7 @@ class Contrat extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." c.entity = ".$conf->entity; @@ -2642,10 +2651,23 @@ class ContratLigne extends CommonObjectLine public $date_end; // date end planned public $date_end_real; // date end real // For backward compatibility + /** + * @deprecated Use date_start + */ public $date_ouverture_prevue; // date start planned + /** + * @deprecated Use date_start_real + */ public $date_ouverture; // date start real + /** + * @deprecated Use date_end + */ public $date_fin_validite; // date end planned + /** + * @deprecated Use date_end_real + */ public $date_cloture; // date end real + public $tva_tx; public $localtax1_tx; public $localtax2_tx; @@ -3062,7 +3084,6 @@ class ContratLigne extends CommonObjectLine $this->oldcopy = new ContratLigne($this->db); $this->oldcopy->fetch($this->id); - $this->oldcopy->fetch_optionals(); // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET"; @@ -3120,7 +3141,7 @@ class ContratLigne extends CommonObjectLine if ($this->date_ouverture_prevue != $this->oldcopy->date_ouverture_prevue) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET'; $sql .= " date_ouverture_prevue = ".($this->date_ouverture_prevue != '' ? "'".$this->db->idate($this->date_ouverture_prevue)."'" : "null"); - $sql .= " WHERE fk_contrat = ".$this->fk_contrat; + $sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat); $resql = $this->db->query($sql); if (!$resql) { @@ -3131,7 +3152,7 @@ class ContratLigne extends CommonObjectLine if ($this->date_fin_validite != $this->oldcopy->date_fin_validite) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET'; $sql .= " date_fin_validite = ".($this->date_fin_validite != '' ? "'".$this->db->idate($this->date_fin_validite)."'" : "null"); - $sql .= " WHERE fk_contrat = ".$this->fk_contrat; + $sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat); $resql = $this->db->query($sql); if (!$resql) { @@ -3181,7 +3202,7 @@ class ContratLigne extends CommonObjectLine $sql .= ",total_localtax1=".price2num($this->total_localtax1, 'MT').""; $sql .= ",total_localtax2=".price2num($this->total_localtax2, 'MT').""; $sql .= ",total_ttc=".price2num($this->total_ttc, 'MT').""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_total", LOG_DEBUG); @@ -3236,12 +3257,12 @@ class ContratLigne extends CommonObjectLine $sql .= " '".$this->db->escape($this->info_bits)."',"; $sql .= " ".price2num($this->price_ht).",".price2num($this->remise).","; if ($this->fk_fournprice > 0) { - $sql .= ' '.$this->fk_fournprice.','; + $sql .= ' '.((int) $this->fk_fournprice).','; } else { $sql .= ' null,'; } if ($this->pa_ht > 0) { - $sql .= ' '.price2num($this->pa_ht); + $sql .= ' '.((float) price2num($this->pa_ht)); } else { $sql .= ' null'; } @@ -3311,10 +3332,10 @@ class ContratLigne extends CommonObjectLine if ($date_end >= 0) { $sql .= " date_fin_validite = ".(dol_strlen($date_end) != 0 ? "'".$this->db->idate($date_end)."'" : "null").","; } - $sql .= " fk_user_ouverture = ".$user->id.","; + $sql .= " fk_user_ouverture = ".((int) $user->id).","; $sql .= " date_cloture = null,"; $sql .= " commentaire = '".$this->db->escape($comment)."'"; - $sql .= " WHERE rowid = ".$this->id." AND (statut = ".ContratLigne::STATUS_INITIAL." OR statut = ".ContratLigne::STATUS_CLOSED.")"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND (statut = ".ContratLigne::STATUS_INITIAL." OR statut = ".ContratLigne::STATUS_CLOSED.")"; dol_syslog(get_class($this)."::active_line", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3375,9 +3396,9 @@ class ContratLigne extends CommonObjectLine $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET statut = ".((int) ContratLigne::STATUS_CLOSED).","; $sql .= " date_cloture = '".$this->db->idate($date_end)."',"; - $sql .= " fk_user_cloture = ".$user->id.","; + $sql .= " fk_user_cloture = ".((int) $user->id).","; $sql .= " commentaire = '".$this->db->escape($comment)."'"; - $sql .= " WHERE rowid = ".$this->id." AND statut = ".((int) ContratLigne::STATUS_OPEN); + $sql .= " WHERE rowid = ".((int) $this->id)." AND statut = ".((int) ContratLigne::STATUS_OPEN); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index a5e3da943b7..b85cda094f3 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -99,10 +99,10 @@ $sql .= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid"; $sql .= " AND (cd.statut != 4 OR (cd.statut = 4 AND (cd.date_fin_validite is null or cd.date_fin_validite >= '".$db->idate($now)."')))"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; if ($user->socid) { - $sql .= ' AND c.fk_soc = '.$user->socid; + $sql .= ' AND c.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cd.statut"; $resql = $db->query($sql); @@ -136,10 +136,10 @@ $sql .= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid"; $sql .= " AND (cd.statut = 4 AND cd.date_fin_validite < '".$db->idate($now)."')"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; if ($user->socid) { - $sql .= ' AND c.fk_soc = '.$user->socid; + $sql .= ' AND c.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cd.statut"; $resql = $db->query($sql); @@ -247,7 +247,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) { $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND c.statut = 0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -304,11 +304,11 @@ print '
'; // Last modified contracts $max = 5; $sql = 'SELECT '; -$sql .= ' sum('.$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; -$sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,'; -$sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,'; -$sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,'; -$sql .= ' sum('.$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,'; +$sql .= " sum(".$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; +$sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,'; +$sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,'; +$sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,'; +$sql .= " sum(".$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,'; $sql .= " c.rowid as cid, c.ref, c.datec, c.tms, c.statut, s.nom as name, s.rowid as socid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,"; if (!$user->rights->societe->client->voir && !$socid) { @@ -320,7 +320,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND c.statut > 0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -395,7 +395,7 @@ $sql .= " WHERE c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -477,7 +477,7 @@ $sql .= " AND cd.statut = 0"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -559,7 +559,7 @@ $sql .= " AND cd.date_fin_validite < '".$db->idate($now)."'"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index a744b2c1bf7..66d84874d76 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -7,7 +7,8 @@ * Copyright (C) 2015 Claudio Aschieri * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2016-2018 Ferran Marcet - * Copyright (C) 2019 Nicolas ZABOURI + * Copyright (C) 2019 Nicolas Zabouri + * Copyright (C) 2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -66,9 +67,14 @@ $search_product_category = GETPOST('search_product_category', 'int'); $search_dfmonth = GETPOST('search_dfmonth', 'int'); $search_dfyear = GETPOST('search_dfyear', 'int'); $search_op2df = GETPOST('search_op2df', 'alpha'); -$day = GETPOST("day", "int"); -$year = GETPOST("year", "int"); -$month = GETPOST("month", "int"); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); $optioncss = GETPOST('optioncss', 'alpha'); @@ -171,9 +177,6 @@ include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php'; // Purge search criteria if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers - $day = ''; - $month = ''; - $year = ''; $search_dfmonth = ''; $search_dfyear = ''; $search_op2df = ''; @@ -190,6 +193,14 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_user = ''; $search_sale = ''; $search_product_category = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; $sall = ""; $search_status = ""; $toselect = ''; @@ -225,15 +236,15 @@ $sql .= ' s.rowid as socid, s.nom as name, s.name_alias, s.email, s.town, s.zip, $sql .= " typent.code as typent_code,"; $sql .= " state.code_departement as state_code, state.nom as state_name,"; $sql .= " MIN(".$db->ifsql("cd.statut=4", "cd.date_fin_validite", "null").") as lower_planned_end_date,"; -$sql .= ' SUM('.$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; -$sql .= ' SUM('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,'; -$sql .= ' SUM('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,'; -$sql .= ' SUM('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,'; -$sql .= ' SUM('.$db->ifsql("cd.statut=5", 1, 0).') as nb_closed'; +$sql .= " SUM(".$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; +$sql .= " SUM(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,'; +$sql .= " SUM(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,'; +$sql .= " SUM(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,'; +$sql .= " SUM(".$db->ifsql("cd.statut=5", 1, 0).') as nb_closed'; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -271,9 +282,14 @@ if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); +} +if ($search_date_start) { + $sql .= " AND c.date_contrat >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND c.date_contrat <= '".$db->idate($search_date_end)."'"; } -$sql .= dolSqlDateFilter('c.date_contrat', $day, $month, $year); if ($search_name) { $sql .= natural_search('s.nom', $search_name); } @@ -415,6 +431,24 @@ if ($search_ref_supplier != '') { if ($search_op2df != '') { $param .= '&search_op2df='.urlencode($search_op2df); } +if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); +} +if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); +} +if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); +} +if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); +} +if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); +} +if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); +} if ($search_dfyear != '') { $param .= '&search_dfyear='.urlencode($search_dfyear); } @@ -594,16 +628,13 @@ if (!empty($arrayfields['sale_representative']['checked'])) { print ''; } if (!empty($arrayfields['c.date_contrat']['checked'])) { - // Date contract - print ''; - //print $langs->trans('Month').': '; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - //print ' '.$langs->trans('Year').': '; - $syear = $year; - print $formother->selectyear($syear, 'year', 1, 20, 5); + print ''; + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; } // Extra fields diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index d4ab03b9800..0c06a194fd4 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -235,7 +235,7 @@ $sql .= " cd.tms as date_update"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -262,7 +262,7 @@ if ($search_product_category > 0) { } $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($mode == "0") { $sql .= " AND cd.statut = 0"; diff --git a/htdocs/core/actions_addupdatedelete.inc.php b/htdocs/core/actions_addupdatedelete.inc.php index 74ad69e4e1d..1154252a348 100644 --- a/htdocs/core/actions_addupdatedelete.inc.php +++ b/htdocs/core/actions_addupdatedelete.inc.php @@ -35,8 +35,7 @@ if (!empty($permissionedit) && empty($permissiontoadd)) { } if ($cancel) { - /*var_dump($cancel); - var_dump($backtopage);exit;*/ + /*var_dump($cancel);var_dump($backtopage);var_dump($backtopageforcancel);exit;*/ if (!empty($backtopageforcancel)) { header("Location: ".$backtopageforcancel); exit; diff --git a/htdocs/core/actions_builddoc.inc.php b/htdocs/core/actions_builddoc.inc.php index 63cac253976..7cde7e6f886 100644 --- a/htdocs/core/actions_builddoc.inc.php +++ b/htdocs/core/actions_builddoc.inc.php @@ -66,13 +66,13 @@ if ($action == 'builddoc' && $permissiontoadd) { $outputlangs = $langs; $newlang = ''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id', 'aZ09')) { + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang) && GETPOST('lang_id', 'aZ09')) { $newlang = GETPOST('lang_id', 'aZ09'); } - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && isset($object->thirdparty->default_lang)) { + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang) && isset($object->thirdparty->default_lang)) { $newlang = $object->thirdparty->default_lang; // for proposal, order, invoice, ... } - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && isset($object->default_lang)) { + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang) && isset($object->default_lang)) { $newlang = $object->default_lang; // for thirdparty } if (!empty($newlang)) { diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index c986a2e5ac1..23851b5e789 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -631,6 +631,8 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. $createbills_onebythird = GETPOST('createbills_onebythird', 'int'); $validate_invoices = GETPOST('validate_invoices', 'int'); + $errors = array(); + $TFact = array(); $TFactThird = array(); @@ -645,18 +647,19 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. if ($cmd->fetch($id_order) <= 0) { continue; } + $cmd->fetch_thirdparty(); $objecttmp = new Facture($db); if (!empty($createbills_onebythird) && !empty($TFactThird[$cmd->socid])) { - $objecttmp = $TFactThird[$cmd->socid]; // If option "one bill per third" is set, we use already created order. + // If option "one bill per third" is set, and an invoice for this thirdparty was already created, we re-use it. + $objecttmp = $TFactThird[$cmd->socid]; } else { - // Load extrafields of order - $cmd->fetch_optionals(); - + // If we want one invoice per order or if there is no first invoice yet for this thirdparty. $objecttmp->socid = $cmd->socid; $objecttmp->type = $objecttmp::TYPE_STANDARD; - $objecttmp->cond_reglement_id = $cmd->cond_reglement_id; - $objecttmp->mode_reglement_id = $cmd->mode_reglement_id; + $objecttmp->cond_reglement_id = ($cmd->cond_reglement_id || $cmd->thirdparty->cond_reglement_id); + $objecttmp->mode_reglement_id = ($cmd->mode_reglement_id || $cmd->thirdparty->mode_reglement_id); + $objecttmp->fk_project = $cmd->fk_project; $objecttmp->multicurrency_code = $cmd->multicurrency_code; if (empty($createbills_onebythird)) { @@ -680,23 +683,20 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. $nb_bills_created++; $lastref = $objecttmp->ref; $lastid = $objecttmp->id; + + $TFactThird[$cmd->socid] = $objecttmp; + } else { + $langs->load("errors"); + $errors[] = $cmd->ref.' : '.$langs->trans($objecttmp->error); + $error++; } } if ($objecttmp->id > 0) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."element_element ("; - $sql .= "fk_source"; - $sql .= ", sourcetype"; - $sql .= ", fk_target"; - $sql .= ", targettype"; - $sql .= ") VALUES ("; - $sql .= $id_order; - $sql .= ", '".$db->escape($objecttmp->origin)."'"; - $sql .= ", ".$objecttmp->id; - $sql .= ", '".$db->escape($objecttmp->element)."'"; - $sql .= ")"; + $res = $objecttmp->add_object_linked($objecttmp->origin, $id_order); - if (!$db->query($sql)) { + if ($res == 0) { + $errors[] = $objecttmp->error; $error++; } @@ -845,7 +845,6 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. } $id = $objecttmp->id; // For builddoc action - $object = $objecttmp; // Builddoc $donotredirect = 1; @@ -854,7 +853,7 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. // Call action to build doc $savobject = $object; - $object = $objecttmp; + $object = $objecttmp; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; $object = $savobject; } @@ -949,6 +948,7 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. exit; } else { $db->rollback(); + $action = 'create'; $_GET["origin"] = $_POST["origin"]; $_GET["originid"] = $_POST["originid"]; diff --git a/htdocs/core/ajax/ajaxdirpreview.php b/htdocs/core/ajax/ajaxdirpreview.php index 09292dd4991..810a23957fd 100644 --- a/htdocs/core/ajax/ajaxdirpreview.php +++ b/htdocs/core/ajax/ajaxdirpreview.php @@ -328,7 +328,7 @@ if ($type == 'directory') { if ($section) { $param .= '§ion='.$section; if (isset($search_doc_ref) && $search_doc_ref != '') { - $param .= '&search_doc_ref='.$search_doc_ref; + $param .= '&search_doc_ref='.urlencode($search_doc_ref); } $textifempty = $langs->trans('NoFileFound'); diff --git a/htdocs/core/ajax/check_notifications.php b/htdocs/core/ajax/check_notifications.php index 35d10af49b6..bbbc95a19c5 100644 --- a/htdocs/core/ajax/check_notifications.php +++ b/htdocs/core/ajax/check_notifications.php @@ -75,12 +75,9 @@ if ($action == 'stopreminder') { $listofreminderid = GETPOST('listofreminderids', 'intcomma'); // Set the reminder as done - //foreach ($listofreminderidsarray as $listofreminderid) { - // if (empty($listofreminderid)) continue; - //$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'action_reminder WHERE rowid = '.$listofreminderid.' AND fk_user = '.$user->id; $sql = 'UPDATE '.MAIN_DB_PREFIX.'actioncomm_reminder SET status = 1'; $sql .= ' WHERE status = 0 AND rowid IN ('.$db->sanitize($db->escape($listofreminderid)).')'; - $sql .= ' AND fk_user = '.$user->id.' AND entity = '.$conf->entity; + $sql .= ' AND fk_user = '.((int) $user->id).' AND entity = '.((int) $conf->entity); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -149,13 +146,13 @@ if (empty($_SESSION['auto_check_events_not_before']) || $time >= $_SESSION['auto $sql = 'SELECT a.id as id_agenda, a.code, a.datep, a.label, a.location, ar.rowid as id_reminder, ar.dateremind, ar.fk_user as id_user_reminder'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a'; if (!empty($user->conf->MAIN_USER_WANT_ALL_EVENTS_NOTIFICATIONS)) { - $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id; + $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.((int) $user->id); $sql .= ' WHERE a.code <> "AC_OTH_AUTO"'; $sql .= ' AND ('; $sql .= " (ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity; $sql .= ' )'; } else { - $sql .= ' JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id; + $sql .= ' JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.((int) $user->id); $sql .= " AND ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity; } $sql .= $db->order('datep', 'ASC'); diff --git a/htdocs/core/boxes/box_actions.php b/htdocs/core/boxes/box_actions.php index 121137fd1a6..64a2314560c 100644 --- a/htdocs/core/boxes/box_actions.php +++ b/htdocs/core/boxes/box_actions.php @@ -100,13 +100,13 @@ class box_actions extends ModeleBoxes $sql .= " AND a.entity IN (".getEntity('actioncomm').")"; $sql .= " AND a.percent >= 0 AND a.percent < 100"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!$user->rights->agenda->allactions->read) { - $sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id.")"; + $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id).")"; } $sql .= " ORDER BY a.datec DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_activity.php b/htdocs/core/boxes/box_activity.php index 18c1f28c590..a858111d76d 100644 --- a/htdocs/core/boxes/box_activity.php +++ b/htdocs/core/boxes/box_activity.php @@ -120,10 +120,10 @@ class box_activity extends ModeleBoxes $sql .= " WHERE p.entity IN (".getEntity('propal').")"; $sql .= " AND p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND p.datep >= '".$this->db->idate($tmpdate)."'"; $sql .= " AND p.date_cloture IS NULL"; // just unclosed @@ -210,10 +210,10 @@ class box_activity extends ModeleBoxes $sql .= " WHERE c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND c.date_commande >= '".$this->db->idate($tmpdate)."'"; $sql .= " GROUP BY c.fk_statut"; @@ -297,10 +297,10 @@ class box_activity extends ModeleBoxes $sql .= ")"; $sql .= " WHERE f.entity IN (".getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.datef >= '".$this->db->idate($tmpdate)."' AND f.paye=1"; diff --git a/htdocs/core/boxes/box_clients.php b/htdocs/core/boxes/box_clients.php index 3c83d7521f2..995f017f5f1 100644 --- a/htdocs/core/boxes/box_clients.php +++ b/htdocs/core/boxes/box_clients.php @@ -98,10 +98,10 @@ class box_clients extends ModeleBoxes $sql .= " WHERE s.client IN (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_commandes.php b/htdocs/core/boxes/box_commandes.php index 6583673f8ca..4d47f703fff 100644 --- a/htdocs/core/boxes/box_commandes.php +++ b/htdocs/core/boxes/box_commandes.php @@ -110,10 +110,10 @@ class box_commandes extends ModeleBoxes $sql .= " AND c.fk_statut = 1"; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_comptes.php b/htdocs/core/boxes/box_comptes.php index 7166ebb713e..f42b7a2ef7c 100644 --- a/htdocs/core/boxes/box_comptes.php +++ b/htdocs/core/boxes/box_comptes.php @@ -122,7 +122,12 @@ class box_comptes extends ModeleBoxes $account_static->accountancy_journal = $objp->accountancy_journal; $solde = $account_static->solde(0); - $solde_total[$objp->currency_code] += $solde; + if (!array_key_exists($objp->currency_code, $solde_total)) { + $solde_total[$objp->currency_code] = $solde; + } else { + $solde_total[$objp->currency_code] += $solde; + } + $this->info_box_contents[$line][] = array( 'td' => '', diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php index fada6a93bfd..6aefc1f2d74 100644 --- a/htdocs/core/boxes/box_contacts.php +++ b/htdocs/core/boxes/box_contacts.php @@ -98,10 +98,10 @@ class box_contacts extends ModeleBoxes } $sql .= " WHERE sp.entity IN (".getEntity('socpeople').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND sp.fk_soc = ".$user->socid; + $sql .= " AND sp.fk_soc = ".((int) $user->socid); } $sql .= " ORDER BY sp.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_contracts.php b/htdocs/core/boxes/box_contracts.php index 9d7b625db91..9bb794b94fa 100644 --- a/htdocs/core/boxes/box_contracts.php +++ b/htdocs/core/boxes/box_contracts.php @@ -92,10 +92,10 @@ class box_contracts extends ModeleBoxes $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (! empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_contrat DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php index d0117526515..b61fe66f064 100644 --- a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php +++ b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php @@ -99,7 +99,7 @@ class box_customers_outstanding_bill_reached extends ModeleBoxes $sql .= " WHERE s.client IN (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { $sql .= " AND s.rowid = $user->socid"; diff --git a/htdocs/core/boxes/box_factures.php b/htdocs/core/boxes/box_factures.php index 12382ccb583..6bdeabda212 100644 --- a/htdocs/core/boxes/box_factures.php +++ b/htdocs/core/boxes/box_factures.php @@ -107,10 +107,10 @@ class box_factures extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY f.datef DESC, f.ref DESC "; diff --git a/htdocs/core/boxes/box_factures_fourn.php b/htdocs/core/boxes/box_factures_fourn.php index a5d63c7b9c3..70640efeb78 100644 --- a/htdocs/core/boxes/box_factures_fourn.php +++ b/htdocs/core/boxes/box_factures_fourn.php @@ -106,10 +106,10 @@ class box_factures_fourn extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY f.datef DESC, f.ref DESC "; diff --git a/htdocs/core/boxes/box_factures_fourn_imp.php b/htdocs/core/boxes/box_factures_fourn_imp.php index 9c35055011d..74f9a3a46aa 100644 --- a/htdocs/core/boxes/box_factures_fourn_imp.php +++ b/htdocs/core/boxes/box_factures_fourn_imp.php @@ -92,6 +92,7 @@ class box_factures_fourn_imp extends ModeleBoxes $sql .= ", f.tva as total_tva"; $sql .= ", f.total_ttc"; $sql .= ", f.paye, f.fk_statut as status, f.type"; + $sql .= ", f.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ",".MAIN_DB_PREFIX."facture_fourn as f"; if (!$user->rights->societe->client->voir && !$user->socid) { @@ -102,10 +103,10 @@ class box_factures_fourn_imp extends ModeleBoxes $sql .= " AND f.paye = 0"; $sql .= " AND fk_statut = 1"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY datelimite DESC, f.ref_supplier DESC "; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_factures_imp.php b/htdocs/core/boxes/box_factures_imp.php index 400ae910749..3b6e857b058 100644 --- a/htdocs/core/boxes/box_factures_imp.php +++ b/htdocs/core/boxes/box_factures_imp.php @@ -110,10 +110,10 @@ class box_factures_imp extends ModeleBoxes $sql .= " AND f.paye = 0"; $sql .= " AND fk_statut = 1"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " GROUP BY s.rowid, s.nom, s.name_alias, s.code_client, s.code_compta, s.client, s.logo, s.email, s.entity, s.tva_intra, s.siren, s.siret, s.ape, s.idprof4, s.idprof5, s.idprof6,"; $sql .= " f.ref, f.date_lim_reglement,"; diff --git a/htdocs/core/boxes/box_ficheinter.php b/htdocs/core/boxes/box_ficheinter.php index 7179be0cfbb..3b62361343a 100644 --- a/htdocs/core/boxes/box_ficheinter.php +++ b/htdocs/core/boxes/box_ficheinter.php @@ -96,10 +96,10 @@ class box_ficheinter extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid "; $sql .= " AND f.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY f.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_fournisseurs.php b/htdocs/core/boxes/box_fournisseurs.php index b0d5a0774fc..c0516c1cf4c 100644 --- a/htdocs/core/boxes/box_fournisseurs.php +++ b/htdocs/core/boxes/box_fournisseurs.php @@ -93,10 +93,10 @@ class box_fournisseurs extends ModeleBoxes $sql .= " WHERE s.fournisseur = 1"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC "; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_last_modified_ticket.php b/htdocs/core/boxes/box_last_modified_ticket.php index 33d2bab0485..57e54594255 100644 --- a/htdocs/core/boxes/box_last_modified_ticket.php +++ b/htdocs/core/boxes/box_last_modified_ticket.php @@ -94,14 +94,14 @@ class box_last_modified_ticket extends ModeleBoxes $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc"; - $sql .= " WHERE t.entity = ".$conf->entity; + $sql .= " WHERE t.entity IN (".getEntity('ticket').')'; // $sql.= " AND e.rowid = er.fk_event"; - //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); if ($user->socid) { - $sql .= " AND t.fk_soc= ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } - $sql .= " ORDER BY t.tms DESC, t.rowid DESC "; + $sql .= " ORDER BY t.tms DESC, t.rowid DESC"; $sql .= $this->db->plimit($max, 0); $resql = $this->db->query($sql); diff --git a/htdocs/core/boxes/box_last_ticket.php b/htdocs/core/boxes/box_last_ticket.php index e08a54f1c87..39086464f73 100644 --- a/htdocs/core/boxes/box_last_ticket.php +++ b/htdocs/core/boxes/box_last_ticket.php @@ -93,12 +93,11 @@ class box_last_ticket extends ModeleBoxes $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_category as category ON category.code=t.category_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc"; - - $sql .= " WHERE t.entity = ".$conf->entity; + $sql .= " WHERE t.entity IN (".getEntity('ticket').")"; // $sql.= " AND e.rowid = er.fk_event"; - //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if ($user->socid) { - $sql .= " AND t.fk_soc= ".$user->socid; + $sql .= " AND t.fk_soc= ".((int) $user->socid); } //$sql.= " AND t.fk_statut > 9"; diff --git a/htdocs/core/boxes/box_produits.php b/htdocs/core/boxes/box_produits.php index dde3b685d25..d039881445e 100644 --- a/htdocs/core/boxes/box_produits.php +++ b/htdocs/core/boxes/box_produits.php @@ -122,8 +122,8 @@ class box_produits extends ModeleBoxes if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sqld = "SELECT label"; $sqld .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sqld .= " WHERE fk_product=".$objp->rowid; - $sqld .= " AND lang='".$this->db->escape($langs->getDefaultLang())."'"; + $sqld .= " WHERE fk_product = ".((int) $objp->rowid); + $sqld .= " AND lang = '".$this->db->escape($langs->getDefaultLang())."'"; $sqld .= " LIMIT 1"; $resultd = $this->db->query($sqld); diff --git a/htdocs/core/boxes/box_produits_alerte_stock.php b/htdocs/core/boxes/box_produits_alerte_stock.php index d7ae1566a44..5e7ec72d0e1 100644 --- a/htdocs/core/boxes/box_produits_alerte_stock.php +++ b/htdocs/core/boxes/box_produits_alerte_stock.php @@ -129,8 +129,8 @@ class box_produits_alerte_stock extends ModeleBoxes if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sqld = "SELECT label"; $sqld .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sqld .= " WHERE fk_product=".$objp->rowid; - $sqld .= " AND lang='".$this->db->escape($langs->getDefaultLang())."'"; + $sqld .= " WHERE fk_product = ".((int) $objp->rowid); + $sqld .= " AND lang = '".$this->db->escape($langs->getDefaultLang())."'"; $sqld .= " LIMIT 1"; $resultd = $this->db->query($sqld); diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php index 9f1204c4dc4..f14ab699690 100644 --- a/htdocs/core/boxes/box_project.php +++ b/htdocs/core/boxes/box_project.php @@ -136,8 +136,9 @@ class box_project extends ModeleBoxes $sql = "SELECT count(*) as nb, sum(progress) as totprogress"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as p LEFT JOIN ".MAIN_DB_PREFIX."projet_task as pt on pt.fk_projet = p.rowid"; - $sql .= " WHERE p.entity IN (".getEntity('project').')'; - $sql .= " AND p.rowid = ".$objp->rowid; + $sql .= " WHERE p.entity IN (".getEntity('project').')'; + $sql .= " AND p.rowid = ".((int) $objp->rowid); + $resultTask = $this->db->query($sql); if ($resultTask) { $objTask = $this->db->fetch_object($resultTask); diff --git a/htdocs/core/boxes/box_propales.php b/htdocs/core/boxes/box_propales.php index 9c6376351e7..6599116a980 100644 --- a/htdocs/core/boxes/box_propales.php +++ b/htdocs/core/boxes/box_propales.php @@ -96,10 +96,10 @@ class box_propales extends ModeleBoxes $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY p.datep DESC, p.ref DESC "; diff --git a/htdocs/core/boxes/box_prospect.php b/htdocs/core/boxes/box_prospect.php index 7489cc997ea..06d42e34b18 100644 --- a/htdocs/core/boxes/box_prospect.php +++ b/htdocs/core/boxes/box_prospect.php @@ -99,10 +99,10 @@ class box_prospect extends ModeleBoxes $sql .= " WHERE s.client IN (2, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_services_contracts.php b/htdocs/core/boxes/box_services_contracts.php index 98e2b82bb37..320932a0c6f 100644 --- a/htdocs/core/boxes/box_services_contracts.php +++ b/htdocs/core/boxes/box_services_contracts.php @@ -96,12 +96,12 @@ class box_services_contracts extends ModeleBoxes $sql .= " INNER JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= ")"; $sql .= " WHERE c.entity = ".$conf->entity; if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= $this->db->order("c.tms", "DESC"); $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_services_expired.php b/htdocs/core/boxes/box_services_expired.php index 75cc1cde413..433c566ad31 100644 --- a/htdocs/core/boxes/box_services_expired.php +++ b/htdocs/core/boxes/box_services_expired.php @@ -93,10 +93,10 @@ class box_services_expired extends ModeleBoxes $sql .= " AND c.entity = ".$conf->entity; $sql .= " AND c.fk_soc=s.rowid AND cd.fk_contrat=c.rowid AND c.statut > 0"; if ($user->socid) { - $sql .= ' AND c.fk_soc = '.$user->socid; + $sql .= ' AND c.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY c.rowid, c.ref, c.statut, c.date_contrat, c.ref_customer, c.ref_supplier, s.nom, s.rowid"; $sql .= ", s.email, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur"; diff --git a/htdocs/core/boxes/box_shipments.php b/htdocs/core/boxes/box_shipments.php index abb639ddb94..2b6adfe3bdc 100644 --- a/htdocs/core/boxes/box_shipments.php +++ b/htdocs/core/boxes/box_shipments.php @@ -109,10 +109,10 @@ class box_shipments extends ModeleBoxes $sql .= " AND e.fk_statut = 1"; } if ($user->socid > 0) { - $sql.= " AND s.rowid = ".$user->socid; + $sql.= " AND s.rowid = ".((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } else { $sql .= " ORDER BY e.date_delivery, e.ref DESC "; } diff --git a/htdocs/core/boxes/box_supplier_orders.php b/htdocs/core/boxes/box_supplier_orders.php index 0c2b97ce6b5..b3451d9b6c3 100644 --- a/htdocs/core/boxes/box_supplier_orders.php +++ b/htdocs/core/boxes/box_supplier_orders.php @@ -98,10 +98,10 @@ class box_supplier_orders extends ModeleBoxes $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php index 04dabbd0ff3..8125a848fd0 100644 --- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php +++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php @@ -99,10 +99,10 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; $sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC"; diff --git a/htdocs/core/boxes/box_validated_projects.php b/htdocs/core/boxes/box_validated_projects.php index 66a4f76f1b3..0c4155da6c7 100644 --- a/htdocs/core/boxes/box_validated_projects.php +++ b/htdocs/core/boxes/box_validated_projects.php @@ -118,7 +118,7 @@ class box_validated_projects extends ModeleBoxes if ($projectsListId) { $sql .= ' AND p.rowid IN ('.$this->db->sanitize($projectsListId).')'; // Only project we ara allowed } - $sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user =".$user->id.")"; + $sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user = ".((int) $user->id).")"; $sql .= " GROUP BY p.rowid, p.ref, p.fk_soc, p.dateo"; $sql .= " ORDER BY p.dateo ASC"; @@ -157,7 +157,7 @@ class box_validated_projects extends ModeleBoxes ); if ($objp->fk_soc > 0) { - $sql = 'SELECT rowid, nom as name FROM '.MAIN_DB_PREFIX.'societe WHERE rowid ='.$objp->fk_soc; + $sql = 'SELECT rowid, nom as name FROM '.MAIN_DB_PREFIX.'societe WHERE rowid = '.((int) $objp->fk_soc); $resql = $this->db->query($sql); //$socstatic = new Societe($this->db); $obj2 = $this->db->fetch_object($resql); @@ -165,7 +165,7 @@ class box_validated_projects extends ModeleBoxes 'td' => 'class="tdoverflowmax150 maxwidth200onsmartphone"', 'text' => $obj2->name, 'asis' => 1, - 'url' => DOL_URL_ROOT.'/societe/card.php?socid='.$obj2->rowid + 'url' => DOL_URL_ROOT.'/societe/card.php?socid='.urlencode($obj2->rowid) ); } else { $this->info_box_contents[$i][] = array( diff --git a/htdocs/core/class/commonincoterm.class.php b/htdocs/core/class/commonincoterm.class.php index 25745bb4c5c..11af43c2914 100644 --- a/htdocs/core/class/commonincoterm.class.php +++ b/htdocs/core/class/commonincoterm.class.php @@ -109,7 +109,7 @@ trait CommonIncoterm $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET fk_incoterms = ".($id_incoterm > 0 ? $id_incoterm : "null"); $sql .= ", location_incoterms = ".($id_incoterm > 0 ? "'".$this->db->escape($location)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::setIncoterms', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index 81f2b529f1d..dfabfd24ebe 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -132,7 +132,7 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT sum(amount) as amount, sum(multicurrency_amount) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); @@ -227,7 +227,7 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE fk_facture_source = '.$this->id; + $sql .= ' WHERE fk_facture_source = '.((int) $this->id); $sql .= ' AND type = 2'; $resql = $this->db->query($sql); if ($resql) { @@ -254,7 +254,7 @@ abstract class CommonInvoice extends CommonObject { $sql = 'SELECT rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE fk_facture_source = '.$this->id; + $sql .= ' WHERE fk_facture_source = '.((int) $this->id); $sql .= ' AND type < 2'; if ($option == 'validated') { $sql .= ' AND fk_statut = 1'; @@ -308,9 +308,8 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT p.ref, pf.amount, pf.multicurrency_amount, p.fk_paiement, p.datep, p.num_paiement as num, t.code'.$field3; $sql .= ' FROM '.MAIN_DB_PREFIX.$table.' as pf, '.MAIN_DB_PREFIX.$table2.' as p, '.MAIN_DB_PREFIX.'c_paiement as t'; - $sql .= ' WHERE pf.'.$field.' = '.$this->id; - //$sql.= ' WHERE pf.'.$field.' = 1'; - $sql .= ' AND pf.'.$field2.' = p.rowid'; + $sql .= " WHERE pf.".$field." = ".((int) $this->id); + $sql .= " AND pf.".$field2." = p.rowid"; $sql .= ' AND p.fk_paiement = t.id'; $sql .= ' AND p.entity IN ('.getEntity($sharedentity).')'; if ($filtertype) { @@ -338,12 +337,12 @@ abstract class CommonInvoice extends CommonObject if ($this->element == 'facture' || $this->element == 'invoice') { $sql = 'SELECT rc.amount_ttc as amount, rc.multicurrency_amount_ttc as multicurrency_amount, rc.datec as date, f.ref as ref, rc.description as type'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f'; - $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$this->id; + $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.((int) $this->id); $sql .= ' AND (f.type = 2 OR f.type = 0 OR f.type = 3)'; // Find discount coming from credit note or excess received or deposits (payments from deposits are always null except if FACTURE_DEPOSITS_ARE_JUST_PAYMENTS is set) } elseif ($this->element == 'facture_fourn' || $this->element == 'invoice_supplier') { $sql = 'SELECT rc.amount_ttc as amount, rc.multicurrency_amount_ttc as multicurrency_amount, rc.datec as date, f.ref as ref, rc.description as type'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f'; - $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$this->id; + $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.((int) $this->id); $sql .= ' AND (f.type = 2 OR f.type = 0 OR f.type = 3)'; // Find discount coming from credit note or excess received or deposits (payments from deposits are always null except if FACTURE_DEPOSITS_ARE_JUST_PAYMENTS is set) } @@ -462,7 +461,7 @@ abstract class CommonInvoice extends CommonObject $type = 'supplier_invoice'; } - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -700,9 +699,9 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT count(*)'; $sql .= ' FROM '.MAIN_DB_PREFIX.'prelevement_facture_demande'; if ($type == 'bank-transfer') { - $sql .= ' WHERE fk_facture_fourn = '.$this->id; + $sql .= ' WHERE fk_facture_fourn = '.((int) $this->id); } else { - $sql .= ' WHERE fk_facture = '.$this->id; + $sql .= ' WHERE fk_facture = '.((int) $this->id); } $sql .= ' AND ext_payment_id IS NULL'; // To exclude record done for some online payments $sql .= ' AND traite = 0'; @@ -735,16 +734,16 @@ abstract class CommonInvoice extends CommonObject $sql .= 'fk_facture, '; } $sql .= ' amount, date_demande, fk_user_demande, code_banque, code_guichet, number, cle_rib, sourcetype, entity)'; - $sql .= ' VALUES ('.$this->id; - $sql .= ",'".price2num($amount)."'"; - $sql .= ",'".$this->db->idate($now)."'"; - $sql .= ",".$fuser->id; - $sql .= ",'".$this->db->escape($bac->code_banque)."'"; - $sql .= ",'".$this->db->escape($bac->code_guichet)."'"; - $sql .= ",'".$this->db->escape($bac->number)."'"; - $sql .= ",'".$this->db->escape($bac->cle_rib)."'"; - $sql .= ",'".$this->db->escape($sourcetype)."'"; - $sql .= ",".$conf->entity; + $sql .= ' VALUES ('.((int) $this->id); + $sql .= ", ".((float) price2num($amount)); + $sql .= ", '".$this->db->idate($now)."'"; + $sql .= ", ".((int) $fuser->id); + $sql .= ", '".$this->db->escape($bac->code_banque)."'"; + $sql .= ", '".$this->db->escape($bac->code_guichet)."'"; + $sql .= ", '".$this->db->escape($bac->number)."'"; + $sql .= ", '".$this->db->escape($bac->cle_rib)."'"; + $sql .= ", '".$this->db->escape($sourcetype)."'"; + $sql .= ", ".((int) $conf->entity); $sql .= ")"; dol_syslog(get_class($this)."::demande_prelevement", LOG_DEBUG); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 4d3c39027ac..5cdb83194f4 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1224,7 +1224,7 @@ abstract class CommonObject $listId = implode(",", $temp); $sql = "DELETE FROM ".MAIN_DB_PREFIX."element_contact"; - $sql .= " WHERE element_id = ".$this->id; + $sql .= " WHERE element_id = ".((int) $this->id); if ($listId) { $sql .= " AND fk_c_type_contact IN (".$this->db->sanitize($listId).")"; } @@ -1272,9 +1272,9 @@ abstract class CommonObject if ($source == 'external' || $source == 'thirdparty') { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople t on ec.fk_socpeople = t.rowid"; } - $sql .= " WHERE ec.element_id =".$this->id; + $sql .= " WHERE ec.element_id = ".((int) $this->id); $sql .= " AND ec.fk_c_type_contact=tc.rowid"; - $sql .= " AND tc.element='".$this->db->escape($this->element)."'"; + $sql .= " AND tc.element = '".$this->db->escape($this->element)."'"; if ($code) { $sql .= " AND tc.code = '".$this->db->escape($code)."'"; } @@ -1701,7 +1701,7 @@ abstract class CommonObject $idtype = $this->barcode_type; if (empty($idtype) && $idtype != '0') { // If type of barcode no set, we try to guess. If set to '0' it means we forced to have type remain not defined - if ($this->element == 'product') { + if ($this->element == 'product' && !empty($conf->global->PRODUIT_DEFAULT_BARCODE_TYPE)) { $idtype = $conf->global->PRODUIT_DEFAULT_BARCODE_TYPE; } elseif ($this->element == 'societe') { $idtype = $conf->global->GENBARCODE_BARCODETYPE_THIRDPARTY; @@ -1843,7 +1843,7 @@ abstract class CommonObject if (!empty($element)) { $sql .= " AND entity IN (".getEntity($element).")"; } else { - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); } dol_syslog(get_class($this).'::fetchObjectFrom', LOG_DEBUG); @@ -1992,7 +1992,7 @@ abstract class CommonObject /** * Load properties id_previous and id_next by comparing $fieldid with $this->ref * - * @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')" + * @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')". Do not allow user input data here. * @param string $fieldid Name of field to use for the select MAX and MIN * @param int $nodbprefix Do not include DB prefix to forge table name * @return int <0 if KO, >0 if OK @@ -2041,10 +2041,10 @@ abstract class CommonObject } $sql .= " WHERE te.".$fieldid." < '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists) if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)'; + $sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)'; } if (!empty($filter)) { if (!preg_match('/^\s*AND/i', $filter)) { @@ -2054,7 +2054,7 @@ abstract class CommonObject } if (isset($this->ismultientitymanaged) && !is_numeric($this->ismultientitymanaged)) { $tmparray = explode('@', $this->ismultientitymanaged); - $sql .= ' AND te.'.$tmparray[0].' = '.($tmparray[1] == 'societe' ? 's' : 'parenttable').'.rowid'; // If we need to link to this table to limit select to entity + $sql .= " AND te.".$tmparray[0]." = ".($tmparray[1] == "societe" ? "s" : "parenttable").".rowid"; // If we need to link to this table to limit select to entity } elseif ($restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) { $sql .= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to socid } @@ -2075,13 +2075,13 @@ abstract class CommonObject $sql .= ' AND parenttable.entity IN ('.getEntity($tmparray[1]).')'; } if ($restrictiononfksoc == 1 && $socid && $this->element != 'societe') { - $sql .= ' AND te.fk_soc = '.$socid; + $sql .= ' AND te.fk_soc = '.((int) $socid); } if ($restrictiononfksoc == 2 && $socid && $this->element != 'societe') { - $sql .= ' AND (te.fk_soc = '.$socid.' OR te.fk_soc IS NULL)'; + $sql .= ' AND (te.fk_soc = '.((int) $socid).' OR te.fk_soc IS NULL)'; } if ($restrictiononfksoc && $socid && $this->element == 'societe') { - $sql .= ' AND te.rowid = '.$socid; + $sql .= ' AND te.rowid = '.((int) $socid); } //print 'socid='.$socid.' restrictiononfksoc='.$restrictiononfksoc.' ismultientitymanaged = '.$this->ismultientitymanaged.' filter = '.$filter.' -> '.$sql."
"; @@ -2111,10 +2111,10 @@ abstract class CommonObject } $sql .= " WHERE te.".$fieldid." > '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists) if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)'; + $sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)'; } if (!empty($filter)) { if (!preg_match('/^\s*AND/i', $filter)) { @@ -2124,7 +2124,7 @@ abstract class CommonObject } if (isset($this->ismultientitymanaged) && !is_numeric($this->ismultientitymanaged)) { $tmparray = explode('@', $this->ismultientitymanaged); - $sql .= ' AND te.'.$tmparray[0].' = '.($tmparray[1] == 'societe' ? 's' : 'parenttable').'.rowid'; // If we need to link to this table to limit select to entity + $sql .= " AND te.".$tmparray[0]." = ".($tmparray[1] == "societe" ? "s" : "parenttable").".rowid"; // If we need to link to this table to limit select to entity } elseif ($restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) { $sql .= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to socid } @@ -2145,13 +2145,13 @@ abstract class CommonObject $sql .= ' AND parenttable.entity IN ('.getEntity($tmparray[1]).')'; } if ($restrictiononfksoc == 1 && $socid && $this->element != 'societe') { - $sql .= ' AND te.fk_soc = '.$socid; + $sql .= ' AND te.fk_soc = '.((int) $socid); } if ($restrictiononfksoc == 2 && $socid && $this->element != 'societe') { - $sql .= ' AND (te.fk_soc = '.$socid.' OR te.fk_soc IS NULL)'; + $sql .= ' AND (te.fk_soc = '.((int) $socid).' OR te.fk_soc IS NULL)'; } if ($restrictiononfksoc && $socid && $this->element == 'societe') { - $sql .= ' AND te.rowid = '.$socid; + $sql .= ' AND te.rowid = '.((int) $socid); } //print 'socid='.$socid.' restrictiononfksoc='.$restrictiononfksoc.' ismultientitymanaged = '.$this->ismultientitymanaged.' filter = '.$filter.' -> '.$sql."
"; // Rem: Bug in some mysql version: SELECT MIN(rowid) FROM llx_socpeople WHERE rowid > 1 when one row in database with rowid=1, returns 1 instead of null @@ -2206,19 +2206,19 @@ abstract class CommonObject return -1; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; if (!empty($this->fields['fk_project'])) { // Common case if ($projectid) { - $sql .= ' SET fk_project = '.((int) $projectid); + $sql .= " SET fk_project = ".((int) $projectid); } else { - $sql .= ' SET fk_project = NULL'; + $sql .= " SET fk_project = NULL"; } $sql .= ' WHERE rowid = '.((int) $this->id); } elseif ($this->table_element == 'actioncomm') { // Special case for actioncomm if ($projectid) { - $sql .= ' SET fk_project = '.((int) $projectid); + $sql .= " SET fk_project = ".((int) $projectid); } else { - $sql .= ' SET fk_project = NULL'; + $sql .= " SET fk_project = NULL"; } $sql .= ' WHERE id = '.((int) $this->id); } else // Special case for old architecture objects @@ -2228,7 +2228,7 @@ abstract class CommonObject } else { $sql .= ' SET fk_projet = NULL'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); } dol_syslog(get_class($this)."::setProject", LOG_DEBUG); @@ -2266,8 +2266,8 @@ abstract class CommonObject $fieldname = 'fk_typepayment'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; + $sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL'); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2278,7 +2278,7 @@ abstract class CommonObject } return 1; } else { - dol_syslog(get_class($this).'::setPaymentMethods Error '.$sql.' - '.$this->db->error()); + dol_syslog(get_class($this).'::setPaymentMethods Error '.$this->db->error()); $this->error = $this->db->error(); return -1; } @@ -2302,7 +2302,7 @@ abstract class CommonObject $fieldname = 'multicurrency_code'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname." = '".$this->db->escape($code)."'"; + $sql .= " SET ".$fieldname." = '".$this->db->escape($code)."'"; $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2340,7 +2340,7 @@ abstract class CommonObject $fieldname = 'multicurrency_tx'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.((float) $rate); + $sql .= " SET ".$fieldname." = ".((float) $rate); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2548,7 +2548,7 @@ abstract class CommonObject } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); + $sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL'); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2590,7 +2590,7 @@ abstract class CommonObject } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); + $sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL'); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2625,7 +2625,7 @@ abstract class CommonObject $fieldname = 'retained_warranty_fk_cond_reglement'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.((int) $id); + $sql .= " SET ".$fieldname." = ".((int) $id); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2658,14 +2658,14 @@ abstract class CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ".$fieldname." = ".((int) $id); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->fk_delivery_address = $id; return 1; } else { $this->error = $this->db->error(); - dol_syslog(get_class($this).'::setDeliveryAddress Error '.$sql.' - '.$this->error); + dol_syslog(get_class($this).'::setDeliveryAddress Error '.$this->error); return -1; } } @@ -2782,7 +2782,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET model_pdf = '".$this->db->escape($newmodelpdf)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDocModel", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2884,7 +2884,7 @@ abstract class CommonObject // Count number of lines to reorder (according to choice $renum) $nl = 0; $sql = 'SELECT count(rowid) FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.'='.$this->id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); if (!$renum) { $sql .= ' AND rang = 0'; } @@ -2906,11 +2906,11 @@ abstract class CommonObject // We first search all lines that are parent lines (for multilevel details lines) $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); if ($fk_parent_line) { $sql .= ' AND fk_parent_line IS NULL'; } - $sql .= ' ORDER BY rang ASC, rowid '.$rowidorder; + $sql .= " ORDER BY rang ASC, rowid ".$rowidorder; dol_syslog(get_class($this)."::line_order search all parent lines", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2954,11 +2954,11 @@ abstract class CommonObject $rows = array(); $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND fk_parent_line = '.$id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); + $sql .= ' AND fk_parent_line = '.((int) $id); $sql .= ' ORDER BY rang ASC'; - dol_syslog(get_class($this)."::getChildrenOfLine search children lines for line ".$id."", LOG_DEBUG); + dol_syslog(get_class($this)."::getChildrenOfLine search children lines for line ".$id, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql) > 0) { @@ -3031,7 +3031,7 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) $rang); $sql .= ' WHERE rowid = '.((int) $rowid); dol_syslog(get_class($this)."::updateRangOfLine", LOG_DEBUG); @@ -3074,11 +3074,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND rang = '.($rang - 1); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) $rang); + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); + $sql .= ' AND rang = '.((int) ($rang - 1)); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1)); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) ($rang - 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -3105,11 +3105,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) $rang); + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); $sql .= ' AND rang = '.((int) ($rang + 1)); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1)); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) ($rang + 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -3148,7 +3148,7 @@ abstract class CommonObject public function getIdOfLine($rang) { $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); $sql .= ' AND rang = '.((int) $rang); $resql = $this->db->query($sql); if ($resql) { @@ -3174,9 +3174,9 @@ abstract class CommonObject // Search the last rang with fk_parent_line if ($fk_parent_line) { - $sql = 'SELECT max('.$positionfield.') FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND fk_parent_line = '.$fk_parent_line; + $sql = "SELECT max(".$positionfield.") FROM ".MAIN_DB_PREFIX.$this->table_element_line; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); + $sql .= ' AND fk_parent_line = '.((int) $fk_parent_line); dol_syslog(get_class($this)."::line_max", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3190,8 +3190,8 @@ abstract class CommonObject } } else { // If not, search the last rang of element - $sql = 'SELECT max('.$positionfield.') FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql = "SELECT max(".$positionfield.") FROM ".MAIN_DB_PREFIX.$this->table_element_line; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); dol_syslog(get_class($this)."::line_max", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3217,9 +3217,9 @@ abstract class CommonObject return -1; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET ref_ext = '".$this->db->escape($ref_ext)."'"; - $sql .= " WHERE ".(isset($this->table_rowid) ? $this->table_rowid : 'rowid')." = ".$this->id; + $sql .= " WHERE ".(isset($this->table_rowid) ? $this->table_rowid : 'rowid')." = ".((int) $this->id); dol_syslog(get_class($this)."::update_ref_ext", LOG_DEBUG); if ($this->db->query($sql)) { @@ -3268,10 +3268,10 @@ abstract class CommonObject } else { $fieldusermod = "fk_user_modif"; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET note".$newsuffix." = ".(!empty($note) ? ("'".$this->db->escape($note)."'") : "NULL"); - $sql .= " ,".$fieldusermod." = ".$user->id; - $sql .= " WHERE rowid =".$this->id; + $sql .= ", ".$fieldusermod." = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_note", LOG_DEBUG); if ($this->db->query($sql)) { @@ -3386,21 +3386,21 @@ abstract class CommonObject $fieldup = 'value_unit'; } - $sql = 'SELECT rowid, qty, '.$fieldup.' as up, remise_percent, total_ht, '.$fieldtva.' as total_tva, total_ttc, '.$fieldlocaltax1.' as total_localtax1, '.$fieldlocaltax2.' as total_localtax2,'; + $sql = "SELECT rowid, qty, ".$fieldup." as up, remise_percent, total_ht, ".$fieldtva." as total_tva, total_ttc, ".$fieldlocaltax1." as total_localtax1, ".$fieldlocaltax2." as total_localtax2,"; $sql .= ' tva_tx as vatrate, localtax1_tx, localtax2_tx, localtax1_type, localtax2_type, info_bits, product_type'; if ($this->table_element_line == 'facturedet') { $sql .= ', situation_percent'; } $sql .= ', multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); if ($exclspec) { $product_field = 'product_type'; if ($this->table_element_line == 'contratdet') { $product_field = ''; // contratdet table has no product_type field } if ($product_field) { - $sql .= ' AND '.$product_field.' <> 9'; + $sql .= " AND ".$product_field." <> 9"; } } $sql .= ' ORDER by rowid'; // We want to be sure to always use same order of line to not change lines differently when option MAIN_ROUNDOFTOTAL_NOT_TOTALOFROUND is used @@ -3440,7 +3440,7 @@ abstract class CommonObject //var_dump($diff_when_using_price_ht.' '.$diff_on_current_total); if ($diff_when_using_price_ht && $diff_on_current_total) { - $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".$tmpcal[1].", total_ttc = ".$tmpcal[2]." WHERE rowid = ".$obj->rowid; + $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".price2num((float) $tmpcal[1]).", total_ttc = ".price2num((float) $tmpcal[2])." WHERE rowid = ".((int) $obj->rowid); dol_syslog('We found unconsistent data into detailed line (diff_when_using_price_ht = '.$diff_when_using_price_ht.' and diff_on_current_total = '.$diff_on_current_total.') for line rowid = '.$obj->rowid." (total vat of line calculated=".$tmpcal[1].", database=".$obj->total_tva."). We fix the total_vat and total_ttc of line by running sqlfix = ".$sqlfix, LOG_WARNING); $resqlfix = $this->db->query($sqlfix); if (!$resqlfix) { @@ -3484,7 +3484,7 @@ abstract class CommonObject dol_print_error('', $errmsg); exit; } - $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".($obj->total_tva - $diff).", total_ttc = ".($obj->total_ttc - $diff)." WHERE rowid = ".$obj->rowid; + $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".price2num($obj->total_tva - $diff).", total_ttc = ".price2num($obj->total_ttc - $diff)." WHERE rowid = ".((int) $obj->rowid); dol_syslog('We found a difference of '.$diff.' for line rowid = '.$obj->rowid.". We fix the total_vat and total_ttc of line by running sqlfix = ".$sqlfix); $resqlfix = $this->db->query($sqlfix); if (!$resqlfix) { @@ -3553,15 +3553,15 @@ abstract class CommonObject if (empty($nodatabaseupdate)) { $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET'; - $sql .= " ".$fieldht." = ".price2num($this->total_ht).","; - $sql .= " ".$fieldtva." = ".price2num($this->total_tva).","; - $sql .= " ".$fieldlocaltax1." = ".price2num($this->total_localtax1).","; - $sql .= " ".$fieldlocaltax2." = ".price2num($this->total_localtax2).","; - $sql .= " ".$fieldttc." = ".price2num($this->total_ttc); - $sql .= ", multicurrency_total_ht = ".price2num($this->multicurrency_total_ht, 'MT', 1); - $sql .= ", multicurrency_total_tva = ".price2num($this->multicurrency_total_tva, 'MT', 1); - $sql .= ", multicurrency_total_ttc = ".price2num($this->multicurrency_total_ttc, 'MT', 1); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " ".$fieldht." = ".((float) price2num($this->total_ht)).","; + $sql .= " ".$fieldtva." = ".((float) price2num($this->total_tva)).","; + $sql .= " ".$fieldlocaltax1." = ".((float) price2num($this->total_localtax1)).","; + $sql .= " ".$fieldlocaltax2." = ".((float) price2num($this->total_localtax2)).","; + $sql .= " ".$fieldttc." = ".((float) price2num($this->total_ttc)); + $sql .= ", multicurrency_total_ht = ".((float) price2num($this->multicurrency_total_ht, 'MT', 1)); + $sql .= ", multicurrency_total_tva = ".((float) price2num($this->multicurrency_total_tva, 'MT', 1)); + $sql .= ", multicurrency_total_ttc = ".((float) price2num($this->multicurrency_total_ttc, 'MT', 1)); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_price", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3590,7 +3590,7 @@ abstract class CommonObject * @param string $origin Linked element type * @param int $origin_id Linked element id * @param User $f_user User that create - * @param int $notrigger 1=Does not execute triggers, 0= execute triggers + * @param int $notrigger 1=Does not execute triggers, 0=execute triggers * @return int <=0 if KO, >0 if OK * @see fetchObjectLinked(), updateObjectLinked(), deleteObjectLinked() */ @@ -3624,9 +3624,9 @@ abstract class CommonObject $sql .= ", fk_target"; $sql .= ", targettype"; $sql .= ") VALUES ("; - $sql .= $origin_id; + $sql .= ((int) $origin_id); $sql .= ", '" . $this->db->escape($origin) . "'"; - $sql .= ", " . $this->id; + $sql .= ", " . ((int) $this->id); $sql .= ", '" . $this->db->escape($this->element) . "'"; $sql .= ")"; @@ -3899,14 +3899,14 @@ abstract class CommonObject $sql = "UPDATE " . MAIN_DB_PREFIX . "element_element SET "; if ($updatesource) { - $sql .= "fk_source = " . $sourceid; + $sql .= "fk_source = " . ((int) $sourceid); $sql .= ", sourcetype = '" . $this->db->escape($sourcetype) . "'"; - $sql .= " WHERE fk_target = " . $this->id; + $sql .= " WHERE fk_target = " . ((int) $this->id); $sql .= " AND targettype = '" . $this->db->escape($this->element) . "'"; } elseif ($updatetarget) { - $sql .= "fk_target = " . $targetid; + $sql .= "fk_target = " . ((int) $targetid); $sql .= ", targettype = '" . $this->db->escape($targettype) . "'"; - $sql .= " WHERE fk_source = " . $this->id; + $sql .= " WHERE fk_source = " . ((int) $this->id); $sql .= " AND sourcetype = '" . $this->db->escape($this->element) . "'"; } @@ -3992,15 +3992,15 @@ abstract class CommonObject $sql .= " rowid = " . ((int) $rowid); } else { if ($deletesource) { - $sql .= " fk_source = " . $sourceid . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'"; - $sql .= " AND fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "'"; + $sql .= " fk_source = " . ((int) $sourceid) . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'"; + $sql .= " AND fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "'"; } elseif ($deletetarget) { - $sql .= " fk_target = " . $targetid . " AND targettype = '" . $this->db->escape($targettype) . "'"; - $sql .= " AND fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "'"; + $sql .= " fk_target = " . ((int) $targetid) . " AND targettype = '" . $this->db->escape($targettype) . "'"; + $sql .= " AND fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "'"; } else { - $sql .= " (fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "')"; + $sql .= " (fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "')"; $sql .= " OR"; - $sql .= " (fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "')"; + $sql .= " (fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "')"; } } @@ -4038,7 +4038,7 @@ abstract class CommonObject global $db; - $sql = 'SELECT '.$field_select.' FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where); + $sql = "SELECT ".$field_select." FROM ".MAIN_DB_PREFIX.$table_element." WHERE ".$field_where." = ".((int) $fk_object_where); $resql = $db->query($sql); $TRes = array(); @@ -4067,7 +4067,7 @@ abstract class CommonObject global $db; - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where); + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table_element." WHERE ".$field_where." = ".((int) $fk_object_where); $resql = $db->query($sql); if (empty($resql)) { @@ -4359,7 +4359,7 @@ abstract class CommonObject $sql = "SELECT subprice as pu_ht, qty, remise_percent, total_ht"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element_line; - $sql .= " WHERE ".$this->fk_element." = ".$this->id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); dol_syslog(get_class($this).'::getTotalDiscount', LOG_DEBUG); $resql = $this->db->query($sql); @@ -4500,7 +4500,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET extraparams = ".(!empty($extraparams) ? "'".$this->db->escape($extraparams)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setExtraParameters", LOG_DEBUG); $resql = $this->db->query($sql); @@ -5317,8 +5317,8 @@ abstract class CommonObject $update_main_doc_field = 1; } if ($update_main_doc_field && !empty($this->table_element)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element." SET last_main_doc = '".$this->db->escape($ecmfile->filepath.'/'.$ecmfile->filename)."'"; - $sql .= ' WHERE rowid = '.$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET last_main_doc = '".$this->db->escape($ecmfile->filepath."/".$ecmfile->filename)."'"; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -5506,7 +5506,7 @@ abstract class CommonObject $sql = "SELECT rowid, property, lang , value"; $sql .= " FROM ".MAIN_DB_PREFIX."object_lang"; $sql .= " WHERE type_object = '".$this->db->escape($element)."'"; - $sql .= " AND fk_object = ".$this->id; + $sql .= " AND fk_object = ".((int) $this->id); //dol_syslog(get_class($this)."::fetch_optionals get extrafields data for ".$this->table_element, LOG_DEBUG); // Too verbose $resql = $this->db->query($sql); @@ -5783,7 +5783,7 @@ abstract class CommonObject dol_syslog(get_class($this)."::deleteExtraFields delete", LOG_DEBUG); - $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id; + $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql_del); if (!$resql) { @@ -5983,7 +5983,7 @@ abstract class CommonObject dol_syslog(get_class($this)."::insertExtraFields delete then insert", LOG_DEBUG); - $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id; + $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id); $this->db->query($sql_del); $sql = "INSERT INTO ".MAIN_DB_PREFIX.$table_element."_extrafields (fk_object"; @@ -6135,7 +6135,7 @@ abstract class CommonObject foreach ($new_array_languages as $key => $langcodearray) { // $key = 'name', 'town', ... foreach ($langcodearray as $langcode => $value) { $sql_del = "DELETE FROM ".MAIN_DB_PREFIX."object_lang"; - $sql_del .= " WHERE fk_object = ".$this->id." AND property = '".$this->db->escape($key)."' AND type_object = '".$this->db->escape($table_element)."'"; + $sql_del .= " WHERE fk_object = ".((int) $this->id)." AND property = '".$this->db->escape($key)."' AND type_object = '".$this->db->escape($table_element)."'"; $sql_del .= " AND lang = '".$this->db->escape($langcode)."'"; $this->db->query($sql_del); @@ -6319,7 +6319,7 @@ abstract class CommonObject $linealreadyfound = 0; // Check if there is already a line for this object (in most cases, it is, but sometimes it is not, for example when extra field has been created after), so we must keep this overload) - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$this->table_element."_extrafields WHERE fk_object = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$this->table_element."_extrafields WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $tmpobj = $this->db->fetch_object($resql); @@ -6334,7 +6334,7 @@ abstract class CommonObject } else { $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element."_extrafields SET ".$key." = '".$this->db->escape($this->array_options["options_".$key])."'"; } - $sql .= " WHERE fk_object = ".$this->id; + $sql .= " WHERE fk_object = ".((int) $this->id); } else { $result = $this->insertExtraFields('', $user); if ($result < 0) { @@ -6677,17 +6677,17 @@ abstract class CommonObject //We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra') !== false) { - $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4]; + $sql .= " as main, ".MAIN_DB_PREFIX.$InfoFieldList[0]."_extrafields as extra"; + $sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; } else { - $sqlwhere .= ' WHERE '.$InfoFieldList[4]; + $sqlwhere .= " WHERE ".$InfoFieldList[4]; } } else { $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. if (in_array($InfoFieldList[0], array('tablewithentity'))) { - $sqlwhere .= ' AND entity = '.$conf->entity; + $sqlwhere .= " AND entity = ".((int) $conf->entity); } $sql .= $sqlwhere; //print $sql; @@ -6830,16 +6830,16 @@ abstract class CommonObject // We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra') !== false) { $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4]; + $sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; } else { - $sqlwhere .= ' WHERE '.$InfoFieldList[4]; + $sqlwhere .= " WHERE ".$InfoFieldList[4]; } } else { $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. if (in_array($InfoFieldList[0], array('tablewithentity'))) { - $sqlwhere .= ' AND entity = '.$conf->entity; + $sqlwhere .= " AND entity = ".((int) $conf->entity); } // $sql.=preg_replace('/^ AND /','',$sqlwhere); // print $sql; @@ -7757,7 +7757,7 @@ abstract class CommonObject if ($display_type == 'card') { $out .= ''; - if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER) && $action == 'view') { + if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER) && ($action == 'view' || $action == 'editline')) { $out .= ''; } $out .= 'table_element.' as t'; + $sql = "SELECT ".$fieldlist; + $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element.' as t'; if (!empty($id)) { $sql .= ' WHERE t.rowid = '.((int) $id); } elseif (!empty($ref)) { - $sql .= " WHERE t.ref = ".$this->quote($ref, $this->fields['ref']); + $sql .= " WHERE t.ref = '".$this->db->escape($ref)."'"; } else { $sql .= ' WHERE 1 = 1'; // usage with empty id and empty ref is very rare } @@ -8825,9 +8825,9 @@ abstract class CommonObject $objectline = new $objectlineclassname($this->db); - $sql = 'SELECT '.$objectline->getFieldList('l'); - $sql .= ' FROM '.MAIN_DB_PREFIX.$objectline->table_element.' as l'; - $sql .= ' WHERE l.fk_'.$this->element.' = '.$this->id; + $sql = "SELECT ".$objectline->getFieldList('l'); + $sql .= " FROM ".MAIN_DB_PREFIX.$objectline->table_element." as l"; + $sql .= " WHERE l.fk_".$this->element." = ".((int) $this->id); if ($morewhere) { $sql .= $morewhere; } @@ -8973,7 +8973,7 @@ abstract class CommonObject if ($forcechilddeletion) { // Force also delete of childtables that should lock deletion in standard case when option force is off foreach ($this->childtables as $table) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table." WHERE ".$this->fk_element." = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -9022,7 +9022,7 @@ abstract class CommonObject } } else { // Delete record in child table - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table." WHERE ".$this->fk_element." = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -9100,7 +9100,7 @@ abstract class CommonObject $this->db->begin(); $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE '.$parentField.' = '.(int) $parentId; + $sql .= " WHERE ".$parentField." = ".(int) $parentId; $resql = $this->db->query($sql); if (!$resql) { @@ -9223,7 +9223,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET ".$statusfield." = ".((int) $status); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { @@ -9509,7 +9509,7 @@ abstract class CommonObject // Delete ecm_files extrafields $sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files_extrafields WHERE fk_object IN ("; $sql .= " SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE filename LIKE '".$this->db->escape($this->ref)."%'"; - $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here + $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here $sql .= ")"; if (!$this->db->query($sql)) { @@ -9521,7 +9521,7 @@ abstract class CommonObject // Delete ecm_files $sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files"; $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%'"; - $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here + $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -9533,7 +9533,7 @@ abstract class CommonObject // Delete in database with mode 1 if ($mode == 1) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files_extrafields"; - $sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id.")"; + $sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? "" : "@".$this->module))."' AND src_object_id = ".((int) $this->id).")"; $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -9542,7 +9542,7 @@ abstract class CommonObject } $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files"; - $sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id); + $sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? "" : "@".$this->module))."' AND src_object_id = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); diff --git a/htdocs/core/class/commonobjectline.class.php b/htdocs/core/class/commonobjectline.class.php index f821e5050b1..6d5573b9d76 100644 --- a/htdocs/core/class/commonobjectline.class.php +++ b/htdocs/core/class/commonobjectline.class.php @@ -86,7 +86,7 @@ abstract class CommonObjectLine extends CommonObject $label_type = 'code'; } - $sql = 'select '.$label_type.', code from '.MAIN_DB_PREFIX.'c_units where rowid='.$this->fk_unit; + $sql = "SELECT ".$label_type.", code from ".MAIN_DB_PREFIX."c_units where rowid = ".((int) $this->fk_unit); $resql = $this->db->query($sql); if ($resql && $this->db->num_rows($resql) > 0) { $res = $this->db->fetch_array($resql); @@ -98,7 +98,7 @@ abstract class CommonObjectLine extends CommonObject $this->db->free($resql); return $label; } else { - $this->error = $this->db->error().' sql='.$sql; + $this->error = $this->db->lasterror(); dol_syslog(get_class($this)."::getLabelOfUnit Error ".$this->error, LOG_ERR); return -1; } diff --git a/htdocs/core/class/coreobject.class.php b/htdocs/core/class/coreobject.class.php index 45018cb1d8f..33510186646 100644 --- a/htdocs/core/class/coreobject.class.php +++ b/htdocs/core/class/coreobject.class.php @@ -183,7 +183,7 @@ class CoreObject extends CommonObject $this->{$className} = array(); - $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$childTable.' WHERE '.$this->fk_element.' = '.$this->id; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX.$childTable." WHERE ".$this->fk_element." = ".((int) $this->id); $res = $this->db->query($sql); if ($res) { diff --git a/htdocs/core/class/cproductnature.class.php b/htdocs/core/class/cproductnature.class.php index 6c3a1f7bb9d..2f523d4cda7 100644 --- a/htdocs/core/class/cproductnature.class.php +++ b/htdocs/core/class/cproductnature.class.php @@ -208,13 +208,13 @@ class CProductNature // extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || $key == 't.active' || $key == 't.code') { - $sqlwhere[] = $key.'='.(int) $value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 't.label') { - $sqlwhere[] = $key.' = \''.$this->db->escape($value).'\''; + $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -226,7 +226,7 @@ class CProductNature // extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/ctyperesource.class.php b/htdocs/core/class/ctyperesource.class.php index b0a604e9e28..5b22e4e2033 100644 --- a/htdocs/core/class/ctyperesource.class.php +++ b/htdocs/core/class/ctyperesource.class.php @@ -230,19 +230,16 @@ class Ctyperesource $sql = 'SELECT'; $sql .= ' t.rowid,'; - $sql .= " t.code,"; $sql .= " t.label,"; $sql .= " t.active"; - - $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; // Manage filter $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { - $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere [] = $key." LIKE '%".$this->db->escape($value)."%'"; } } @@ -253,7 +250,7 @@ class Ctyperesource $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/cunits.class.php b/htdocs/core/class/cunits.class.php index 364565af3aa..6fd9b7a05cf 100644 --- a/htdocs/core/class/cunits.class.php +++ b/htdocs/core/class/cunits.class.php @@ -251,13 +251,13 @@ class CUnits // extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || $key == 't.active' || $key == 't.scale') { - $sqlwhere[] = $key.'='.(int) $value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 't.unit_type' || $key == 't.code' || $key == 't.short_label') { - $sqlwhere[] = $key.' = \''.$this->db->escape($value).'\''; + $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -269,7 +269,7 @@ class CUnits // extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/defaultvalues.class.php b/htdocs/core/class/defaultvalues.class.php index 5b49254b275..bad30901594 100644 --- a/htdocs/core/class/defaultvalues.class.php +++ b/htdocs/core/class/defaultvalues.class.php @@ -264,17 +264,17 @@ class DefaultValues extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || ($key == 't.entity' && !is_array($value)) || ($key == 't.user_id' && !is_array($value))) { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (isset($this->fields[$key]) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 't.page' || $key == 't.param' || $key == 't.type') { - $sqlwhere[] = $key.' = \''.$this->db->escape($value).'\''; + $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (is_array($value)) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize(implode(',', $value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize(implode(',', $value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -286,7 +286,7 @@ class DefaultValues extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 2aa829f4090..46789352bd7 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -144,7 +144,7 @@ class DiscountAbsolute $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fsup ON sr.fk_invoice_supplier_source = fsup.rowid"; $sql .= " WHERE sr.entity IN (".getEntity('invoice').")"; if ($rowid) { - $sql .= " AND sr.rowid=".((int) $rowid); + $sql .= " AND sr.rowid = ".((int) $rowid); } if ($fk_facture_source) { $sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source); @@ -315,7 +315,7 @@ class DiscountAbsolute $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except"; $sql .= " WHERE (fk_invoice_supplier_line IS NOT NULL"; // Not used as absolute simple discount $sql .= " OR fk_invoice_supplier IS NOT NULL)"; // Not used as credit note and not used as deposit - $sql .= " AND fk_invoice_supplier_source = ".$this->fk_invoice_supplier_source; + $sql .= " AND fk_invoice_supplier_source = ".((int) $this->fk_invoice_supplier_source); //$sql.=" AND rowid != ".$this->id; dol_syslog(get_class($this)."::delete Check if we can remove discount", LOG_DEBUG); @@ -355,7 +355,7 @@ class DiscountAbsolute if ($this->fk_facture_source) { $sql = "UPDATE ".MAIN_DB_PREFIX."facture"; $sql .= " set paye=0, fk_statut=1"; - $sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_facture_source; + $sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_facture_source); dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG); $result = $this->db->query($sql); @@ -370,7 +370,7 @@ class DiscountAbsolute } elseif ($this->fk_invoice_supplier_source) { $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn"; $sql .= " set paye=0, fk_statut=1"; - $sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_invoice_supplier_source; + $sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_invoice_supplier_source); dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG); $result = $this->db->query($sql); @@ -434,7 +434,7 @@ class DiscountAbsolute $sql .= " SET fk_facture = ".((int) $rowidinvoice); } } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::link_to_invoice", LOG_DEBUG); $resql = $this->db->query($sql); @@ -470,7 +470,7 @@ class DiscountAbsolute } else { $sql .= " SET fk_facture_line = NULL, fk_facture = NULL"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::unlink_invoice", LOG_DEBUG); $resql = $this->db->query($sql); @@ -488,7 +488,7 @@ class DiscountAbsolute * * @param Societe $company Object third party for filter * @param User $user Filtre sur un user auteur des remises - * @param string $filter Filtre autre + * @param string $filter Filter other. Warning: Do not use a user input value here. * @param int $maxvalue Filter on max value for discount * @param int $discount_type 0 => customer discount, 1 => supplier discount * @param int $multicurrency Return multicurrency_amount instead of amount @@ -503,23 +503,23 @@ class DiscountAbsolute $sql = "SELECT SUM(rc.amount_ttc) as amount, SUM(rc.multicurrency_amount_ttc) as multicurrency_amount"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " WHERE rc.entity = ".$conf->entity; - $sql .= " AND rc.discount_type=".intval($discount_type); + $sql .= " AND rc.discount_type=".((int) $discount_type); if (!empty($discount_type)) { $sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; // Available from supplier } else { $sql .= " AND (rc.fk_facture IS NULL AND rc.fk_facture_line IS NULL)"; // Available to customer } if (is_object($company)) { - $sql .= " AND rc.fk_soc = ".$company->id; + $sql .= " AND rc.fk_soc = ".((int) $company->id); } if (is_object($user)) { - $sql .= " AND rc.fk_user = ".$user->id; + $sql .= " AND rc.fk_user = ".((int) $user->id); } if ($filter) { - $sql .= ' AND ('.$filter.')'; + $sql .= " AND (".$filter.")"; } if ($maxvalue) { - $sql .= ' AND rc.amount_ttc <= '.price2num($maxvalue); + $sql .= ' AND rc.amount_ttc <= '.((float) price2num($maxvalue)); } $resql = $this->db->query($sql); @@ -555,12 +555,12 @@ class DiscountAbsolute if ($invoice->element == 'facture' || $invoice->element == 'invoice') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f'; - $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$invoice->id; + $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.((int) $invoice->id); $sql .= ' AND f.type = 3'; } elseif ($invoice->element == 'invoice_supplier') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f'; - $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$invoice->id; + $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.((int) $invoice->id); $sql .= ' AND f.type = 3'; } else { $this->error = get_class($this)."::getSumDepositsUsed was called with a bad object as a first parameter"; @@ -596,13 +596,13 @@ class DiscountAbsolute if ($invoice->element == 'facture' || $invoice->element == 'invoice') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f'; - $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$invoice->id; - $sql .= ' AND f.type IN ('.$this->db->sanitize($invoice::TYPE_STANDARD.', '.$invoice::TYPE_CREDIT_NOTE.', '.$invoice::TYPE_SITUATION).')'; // Find discount coming from credit note or excess received + $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.((int) $invoice->id); + $sql .= " AND f.type IN (".$this->db->sanitize($invoice::TYPE_STANDARD.", ".$invoice::TYPE_CREDIT_NOTE.", ".$invoice::TYPE_SITUATION).')'; // Find discount coming from credit note or excess received } elseif ($invoice->element == 'invoice_supplier') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f'; - $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$invoice->id; - $sql .= ' AND f.type IN ('.$this->db->sanitize($invoice::TYPE_STANDARD.', '.$invoice::TYPE_CREDIT_NOTE).')'; // Find discount coming from credit note or excess paid + $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.((int) $invoice->id); + $sql .= " AND f.type IN (".$this->db->sanitize($invoice::TYPE_STANDARD.", ".$invoice::TYPE_CREDIT_NOTE).')'; // Find discount coming from credit note or excess paid } else { $this->error = get_class($this)."::getSumCreditNotesUsed was called with a bad object as a first parameter"; dol_print_error($this->error); @@ -636,11 +636,11 @@ class DiscountAbsolute if ($invoice->element == 'facture' || $invoice->element == 'invoice') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc'; - $sql .= ' WHERE rc.fk_facture IS NULL AND rc.fk_facture_source = '.$invoice->id; + $sql .= ' WHERE rc.fk_facture IS NULL AND rc.fk_facture_source = '.((int) $invoice->id); } elseif ($invoice->element == 'invoice_supplier') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc'; - $sql .= ' WHERE rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_source = '.$invoice->id; + $sql .= ' WHERE rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_source = '.((int) $invoice->id); } else { $this->error = get_class($this)."::getSumCreditNotesUsed was called with a bad object as a first parameter"; dol_print_error($this->error); diff --git a/htdocs/core/class/dolreceiptprinter.class.php b/htdocs/core/class/dolreceiptprinter.class.php index a3ddb3d7c7f..9813876c031 100644 --- a/htdocs/core/class/dolreceiptprinter.class.php +++ b/htdocs/core/class/dolreceiptprinter.class.php @@ -867,7 +867,7 @@ class dolReceiptPrinter extends Printer $error = 0; $sql = 'SELECT template'; $sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt_template'; - $sql .= ' WHERE rowid='.$templateid; + $sql .= ' WHERE rowid = '.((int) $templateid); $sql .= ' AND entity = '.$conf->entity; $resql = $this->db->query($sql); if ($resql) { @@ -905,7 +905,7 @@ class dolReceiptPrinter extends Printer $sql = 'SELECT rowid, name, fk_type, fk_profile, parameter'; $sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt'; $sql .= ' WHERE rowid = '.((int) $printerid); - $sql .= ' AND entity = '.$conf->entity; + $sql .= ' AND entity = '.((int) $conf->entity); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_array($resql); diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index f6a5ba93d61..1ab990f59a9 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1157,7 +1157,7 @@ class ExtraFields } else { $checked = ' value="1" '; } - $out = ''; + $out = ''; } else { $out .= $form->selectyesno($keyprefix.$key.$keysuffix, $value, 1, false, 1); } @@ -1273,16 +1273,16 @@ class ExtraFields //We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra') !== false) { $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4]; + $sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; } else { - $sqlwhere .= ' WHERE '.$InfoFieldList[4]; + $sqlwhere .= " WHERE ".$InfoFieldList[4]; } } else { $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. if (in_array($InfoFieldList[0], array('tablewithentity'))) { - $sqlwhere .= ' AND entity = '.$conf->entity; + $sqlwhere .= ' AND entity = '.((int) $conf->entity); } $sql .= $sqlwhere; //print $sql; @@ -1485,16 +1485,16 @@ class ExtraFields // We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra.') !== false) { $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4]; + $sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; } else { - $sqlwhere .= ' WHERE '.$InfoFieldList[4]; + $sqlwhere .= " WHERE ".$InfoFieldList[4]; } } else { $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. if (in_array($InfoFieldList[0], array('tablewithentity'))) { - $sqlwhere .= ' AND entity = '.$conf->entity; + $sqlwhere .= " AND entity = ".((int) $conf->entity); } // $sql.=preg_replace('/^ AND /','',$sqlwhere); // print $sql; @@ -1718,7 +1718,7 @@ class ExtraFields $sql = 'SELECT '.$keyList; $sql .= ' FROM '.MAIN_DB_PREFIX.$InfoFieldList[0]; - if (strpos($InfoFieldList[4], 'extra') !== false) { + if (!empty($InfoFieldList[4]) && strpos($InfoFieldList[4], 'extra') !== false) { $sql .= ' as main'; } if ($selectkey == 'rowid' && empty($value)) { diff --git a/htdocs/core/class/hookmanager.class.php b/htdocs/core/class/hookmanager.class.php index 45643e26e4c..40610ce5d6f 100644 --- a/htdocs/core/class/hookmanager.class.php +++ b/htdocs/core/class/hookmanager.class.php @@ -160,7 +160,7 @@ class HookManager //dol_syslog(get_class($this).'::executeHooks method='.$method." action=".$action." context=".$parameters['context']); // Define type of hook ('output' or 'addreplace'). - // TODO Remove hooks with type 'output'. All hooks must be converted into 'addreplace' hooks. + // TODO Remove hooks with type 'output' (exemple getNomUrl). All hooks must be converted into 'addreplace' hooks. $hooktype = 'output'; if (in_array( $method, @@ -172,6 +172,7 @@ class HookManager 'addSearchEntry', 'addStatisticLine', 'addSectionECMAuto', + 'checkSecureAccess', 'createDictionaryFieldlist', 'editDictionaryFieldlist', 'getFormMail', @@ -188,6 +189,7 @@ class HookManager 'formConfirm', 'getAccessForbiddenMessage', 'getDirList', + 'hookGetEntity', 'getFormMail', 'getFormatedCustomerRef', 'getFormatedSupplierRef', @@ -267,7 +269,7 @@ class HookManager $actionclassinstance->error = 0; $actionclassinstance->errors = array(); - dol_syslog(get_class($this)."::executeHooks Qualified hook found (hooktype=".$hooktype."). We call method ".get_class($actionclassinstance).'->'.$method.", context=".$context.", module=".$module.", action=".$action.((is_object($object) && property_exists($object, 'id')) ? ', objectid='.$object->id : ''), LOG_DEBUG); + dol_syslog(get_class($this)."::executeHooks Qualified hook found (hooktype=".$hooktype."). We call method ".get_class($actionclassinstance).'->'.$method.", context=".$context.", module=".$module.", action=".$action.((is_object($object) && property_exists($object, 'id')) ? ', object id='.$object->id : '').((is_object($object) && property_exists($object, 'element')) ? ', object element='.$object->element : ''), LOG_DEBUG); // Add current context to avoid method execution in bad context, you can add this test in your method : eg if($currentcontext != 'formfile') return; $parameters['currentcontext'] = $context; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 07abdb4b465..265255f6e0a 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -10,7 +10,7 @@ * Copyright (C) 2007 Franky Van Liedekerke * Copyright (C) 2007 Patrick Raguin * Copyright (C) 2010 Juanjo Menent - * Copyright (C) 2010-2019 Philippe Grand + * Copyright (C) 2010-2021 Philippe Grand * Copyright (C) 2011 Herve Prot * Copyright (C) 2012-2016 Marcos García * Copyright (C) 2012 Cedric Salvador @@ -1347,13 +1347,13 @@ class Form } $sql .= " WHERE s.entity IN (".getEntity('societe').")"; if (!empty($user->socid)) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if ($filter) { $sql .= " AND (".$filter.")"; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($conf->global->COMPANY_HIDE_INACTIVE_IN_COMBOBOX)) { $sql .= " AND s.status <> 0"; @@ -1414,7 +1414,7 @@ class Form } } if ($showempty) { - $out .= ''."\n"; + $out .= ''."\n"; } $num = $this->db->num_rows($resql); @@ -1664,7 +1664,7 @@ class Form } $sql .= " WHERE sp.entity IN (".getEntity('socpeople').")"; if ($socid > 0 || $socid == -1) { - $sql .= " AND sp.fk_soc=".$socid; + $sql .= " AND sp.fk_soc = ".((int) $socid); } if (!empty($conf->global->CONTACT_HIDE_INACTIVE_IN_COMBOBOX)) { $sql .= " AND sp.statut <> 0"; @@ -2446,13 +2446,13 @@ class Form if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY) || !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) { $sql .= ", (SELECT pp.rowid FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid"; if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) { - $sql .= " AND price_level=".$price_level; + $sql .= " AND price_level = ".((int) $price_level); } $sql .= " ORDER BY date_price"; $sql .= " DESC LIMIT 1) as price_rowid"; $sql .= ", (SELECT pp.price_by_qty FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid"; // price_by_qty is 1 if some prices by qty exists in subtable if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) { - $sql .= " AND price_level=".$price_level; + $sql .= " AND price_level = ".((int) $price_level); } $sql .= " ORDER BY date_price"; $sql .= " DESC LIMIT 1) as price_by_qty"; @@ -2472,7 +2472,7 @@ class Form //Price by customer if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES) && !empty($socid)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".$socid." AND pcp.fk_product=p.rowid"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".((int) $socid)." AND pcp.fk_product=p.rowid"; } // Units if (!empty($conf->global->PRODUCT_USE_UNITS)) { @@ -2565,7 +2565,7 @@ class Form $sql .= ')'; } if (count($warehouseStatusArray)) { - $sql .= ' GROUP BY'.$selectFields; + $sql .= " GROUP BY ".$selectFields; } //Sort by category @@ -2625,7 +2625,7 @@ class Form if ((!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY) || !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) && !empty($objp->price_by_qty) && $objp->price_by_qty == 1) { // Price by quantity will return many prices for the same product $sql = "SELECT rowid, quantity, price, unitprice, remise_percent, remise, price_base_type"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price=".$objp->price_rowid; + $sql .= " WHERE fk_product_price = ".((int) $objp->price_rowid); $sql .= " ORDER BY quantity ASC"; dol_syslog(get_class($this)."::select_produits_list search prices by qty", LOG_DEBUG); @@ -3462,7 +3462,7 @@ class Form $sql .= " WHERE pfp.entity IN (".getEntity('productsupplierprice').")"; $sql .= " AND p.tobuy = 1"; $sql .= " AND s.fournisseur = 1"; - $sql .= " AND p.rowid = ".$productid; + $sql .= " AND p.rowid = ".((int) $productid); $sql .= " ORDER BY s.nom, pfp.ref_fourn DESC"; dol_syslog(get_class($this)."::select_product_fourn_price", LOG_DEBUG); @@ -6988,7 +6988,7 @@ class Form if (isset($objecttmp->ismultientitymanaged)) { if (!is_numeric($objecttmp->ismultientitymanaged)) { $tmparray = explode('@', $objecttmp->ismultientitymanaged); - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$tmparray[1].' as parenttable ON parenttable.rowid = t.'.$tmparray[0]; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$tmparray[1]." as parenttable ON parenttable.rowid = t.".$tmparray[0]; } if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') { if (!$user->rights->societe->client->voir && !$user->socid) { @@ -7009,18 +7009,18 @@ class Form $sql .= " AND t.entity IN (".getEntity($objecttmp->table_element).")"; } if (!is_numeric($objecttmp->ismultientitymanaged)) { - $sql .= ' AND parenttable.entity = t.'.$tmparray[0]; + $sql .= " AND parenttable.entity = t.".$tmparray[0]; } if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) { if ($objecttmp->element == 'societe') { - $sql .= " AND t.rowid = ".$user->socid; + $sql .= " AND t.rowid = ".((int) $user->socid); } else { - $sql .= " AND t.fk_soc = ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } } if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') { if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } } } @@ -7855,6 +7855,11 @@ class Form if (empty($conf->expedition->enabled)) { continue; // Do not show if module disabled } + } elseif ($objecttype == 'ficheinter') { + $tplpath = 'fichinter'; + if (empty($conf->ficheinter->enabled)) { + continue; // Do not show if module disabled + } } elseif ($objecttype == 'invoice_supplier') { $tplpath = 'fourn/facture'; } elseif ($objecttype == 'order_supplier') { @@ -9049,7 +9054,7 @@ class Form $sql .= " AND f.fk_projet = p.rowid AND f.fk_statut=0"; //Brouillons seulement //if ($projectsListId) $sql.= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; //if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; - //if ($socid > 0) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; + //if ($socid > 0) $sql.= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)"; $sql .= " ORDER BY p.ref, f.ref ASC"; $resql = $this->db->query($sql); @@ -9250,4 +9255,53 @@ class Form return $retstring; } + + /** + * Output the buttons to submit a creation/edit form + * + * @param string $save_label Alternative label for save button + * @param string $cancel_label Alternative label for cancel button + * @param array $morefields Add additional buttons between save and cancel + * @param bool $withoutdiv Option to remove enclosing centered div + * @return string Html code with the buttons + */ + public function buttonsSaveCancel($save_label = 'Save', $cancel_label = 'Cancel', $morefields = array(), $withoutdiv = 0) + { + global $langs; + + $buttons = array(); + + $save = array( + 'name' => 'save', + 'label_key' => $save_label, + ); + + if ($save_label == 'Create' || $save_label == 'Add' ) { + $save['name'] = 'add'; + } elseif ($save_label == 'Modify') { + $save['name'] = 'edit'; + } + + $cancel = array( + 'name' => 'cancel', + 'label_key' => 'Cancel', + ); + + !empty($save_label) ? $buttons[] = $save : ''; + + if (!empty($morefields)) { + $buttons[] = $morefields; + } + + !empty($cancel_label) ? $buttons[] = $cancel : ''; + + $retstring = $withoutdiv ? '': '
'; + + foreach ($buttons as $button) { + $retstring .= ''; + } + $retstring .= $withoutdiv ? '': '
'; + + return $retstring; + } } diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index 57bedd2807a..c6462850708 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -183,7 +183,7 @@ class FormCompany extends Form if (!empty($htmlname) && $user->admin) { print ' '.info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1); } - print ''; + print ''; print ''; } @@ -234,7 +234,7 @@ class FormCompany extends Form if (!empty($htmlname) && $user->admin) { print ' '.info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1); } - print ''; + print ''; print ''; } diff --git a/htdocs/core/class/html.formcontract.class.php b/htdocs/core/class/html.formcontract.class.php index eb0f1baaef1..5db615f4654 100644 --- a/htdocs/core/class/html.formcontract.class.php +++ b/htdocs/core/class/html.formcontract.class.php @@ -80,7 +80,7 @@ class FormContract if ($socid > 0) { // CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY is 'all' or a list of ids separated by coma. if (empty($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) { - $sql .= " AND (c.fk_soc=".$socid." OR c.fk_soc IS NULL)"; + $sql .= " AND (c.fk_soc=".((int) $socid)." OR c.fk_soc IS NULL)"; } elseif ($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY != 'all') { $sql .= " AND (c.fk_soc IN (".$this->db->sanitize($socid.", ".$conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY).") "; $sql .= " OR c.fk_soc IS NULL)"; diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 9da814f3369..04d4ad34e89 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -501,7 +501,7 @@ class FormMail extends Form } $out .= '   '; - $out .= ''; + $out .= ''; $out .= '   '; $out .= '
'; } elseif (!empty($this->param['models']) && in_array($this->param['models'], array( @@ -516,7 +516,7 @@ class FormMail extends Form $out .= info_admin($langs->trans("YouCanChangeValuesForThisListFrom", $langs->transnoentitiesnoconv('Setup').' - '.$langs->transnoentitiesnoconv('EMails')), 1); } $out .= '   '; - $out .= ''; + $out .= ''; $out .= '   '; $out .= '
'; } else { @@ -601,7 +601,7 @@ class FormMail extends Form // Add also email aliases from the c_email_senderprofile table $sql = 'SELECT rowid, label, email FROM '.MAIN_DB_PREFIX.'c_email_senderprofile'; - $sql .= ' WHERE active = 1 AND (private = 0 OR private = '.$user->id.')'; + $sql .= ' WHERE active = 1 AND (private = 0 OR private = '.((int) $user->id).')'; $sql .= ' ORDER BY position'; $resql = $this->db->query($sql); if ($resql) { @@ -821,7 +821,7 @@ class FormMail extends Form $out .= ''; } $out .= ' '; - $out .= ''; + $out .= ''; } } else { $out .= $this->withfile; @@ -957,7 +957,7 @@ class FormMail extends Form if ($this->withform == 1 || $this->withform == -1) { $out .= '
'; - $out .= 'trans("SendMail").'"'; // Add a javascript test to avoid to forget to submit file before sending email if ($this->withfile == 2 && $conf->use_javascript_ajax) { $out .= ' onClick="if (document.mailform.addedfile.value != \'\') { alert(\''.dol_escape_js($langs->trans("FileWasNotUploaded")).'\'); return false; } else { return true; }"'; @@ -1276,7 +1276,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE (type_template='".$db->escape($type_template)."' OR type_template='all')"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned + $sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // Get all public or private owned if ($active >= 0) { $sql .= " AND active = ".((int) $active); } @@ -1399,7 +1399,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE type_template='".$this->db->escape($type_template)."'"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".$user->id.")"; + $sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".((int) $user->id).")"; if (is_object($outputlangs)) { $sql .= " AND (lang = '".$this->db->escape($outputlangs->defaultlang)."' OR lang IS NULL OR lang = '')"; } @@ -1435,7 +1435,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE type_template IN ('".$this->db->escape($type_template)."', 'all')"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own. + $sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // See all public templates or templates I own. if ($active >= 0) { $sql .= " AND active = ".((int) $active); } diff --git a/htdocs/core/class/html.formmargin.class.php b/htdocs/core/class/html.formmargin.class.php index f951a3dc198..02972f39630 100644 --- a/htdocs/core/class/html.formmargin.class.php +++ b/htdocs/core/class/html.formmargin.class.php @@ -99,7 +99,8 @@ class FormMargin $pv = $line->total_ht; $pa_ht = ($pv < 0 ? -$line->pa_ht : $line->pa_ht); // We choosed to have line->pa_ht always positive in database, so we guess the correct sign - if ($object->element == 'facture' && $object->type == $object::TYPE_SITUATION) { + if (($object->element == 'facture' && $object->type == $object::TYPE_SITUATION) + || ($object->element == 'facture' && $object->type == $object::TYPE_CREDIT_NOTE && $conf->global->INVOICE_USE_SITUATION_CREDIT_NOTE && $object->situation_counter > 0)) { $pa = $line->qty * $pa_ht * ($line->situation_percent / 100); } else { $pa = $line->qty * $pa_ht; diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index 5f00ed6877b..f0fdfaadd02 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -497,10 +497,10 @@ class FormOther } if (empty($user->rights->user->user->lire)) { - $sql_usr .= " AND u.rowid = ".$user->id; + $sql_usr .= " AND u.rowid = ".((int) $user->id); } if (!empty($user->socid)) { - $sql_usr .= " AND u.fk_soc = ".$user->socid; + $sql_usr .= " AND u.fk_soc = ".((int) $user->socid); } //Add hook to filter on user (for exemple on usergroup define in custom modules) @@ -524,7 +524,7 @@ class FormOther $sql_usr .= " WHERE u2.entity IN (".getEntity('user').")"; } - $sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc=".$user->socid; + $sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc = ".((int) $user->socid); //Add hook to filter on user (for exemple on usergroup define in custom modules) if (!empty($reshook)) { diff --git a/htdocs/core/class/html.formprojet.class.php b/htdocs/core/class/html.formprojet.class.php index 4177c4237b8..9696dca7183 100644 --- a/htdocs/core/class/html.formprojet.class.php +++ b/htdocs/core/class/html.formprojet.class.php @@ -350,7 +350,7 @@ class FormProjets $sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; } if ($socid > 0) { - $sql .= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; + $sql .= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)"; } $sql .= " ORDER BY p.ref, t.ref ASC"; diff --git a/htdocs/core/class/html.formsms.class.php b/htdocs/core/class/html.formsms.class.php index 57d8876c3ea..0ce9cae7b4e 100644 --- a/htdocs/core/class/html.formsms.class.php +++ b/htdocs/core/class/html.formsms.class.php @@ -322,7 +322,7 @@ function limitChars(textarea, limit, infodiv) if ($showform) { print '
'; - print ''; + print ''; if ($this->withcancel) { print '     '; print ''; diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index 50f4bf9fb39..435c02b3f7a 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -468,7 +468,7 @@ class FormTicket } print '
'; - print ''; + print ''; if ($this->withcancel) { print "      "; print ''; @@ -1132,7 +1132,7 @@ class FormTicket print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1); } print '   '; - print ''; + print ''; print '
'; } @@ -1147,7 +1147,7 @@ class FormTicket } // Subject - print ''.$langs->trans('Subject').''; + print ''.$langs->trans('Subject').''; print 'ref.'] '.$langs->trans('TicketNewMessage').'" />'; print ''; @@ -1302,7 +1302,7 @@ class FormTicket print ''; print '

'; - print ''; + print ''; if ($this->withcancel) { print "     "; print ''; diff --git a/htdocs/core/class/link.class.php b/htdocs/core/class/link.class.php index be81c1e2737..5e008a1e1ac 100644 --- a/htdocs/core/class/link.class.php +++ b/htdocs/core/class/link.class.php @@ -182,7 +182,7 @@ class Link extends CommonObject $sql .= ", label = '".$this->db->escape($this->label)."'"; $sql .= ", objecttype = '".$this->db->escape($this->objecttype)."'"; $sql .= ", objectid = ".$this->objectid; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update sql = ".$sql); $resql = $this->db->query($sql); @@ -365,7 +365,7 @@ class Link extends CommonObject // Remove link $sql = "DELETE FROM ".MAIN_DB_PREFIX."links"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { diff --git a/htdocs/core/class/notify.class.php b/htdocs/core/class/notify.class.php index bb37293354e..019618366d1 100644 --- a/htdocs/core/class/notify.class.php +++ b/htdocs/core/class/notify.class.php @@ -398,7 +398,7 @@ class Notify $sql .= " WHERE n.fk_user = c.rowid AND a.rowid = n.fk_action"; $sql .= " AND c.statut = 1"; if (is_numeric($notifcode)) { - $sql .= " AND n.fk_action = ".$notifcode; // Old usage + $sql .= " AND n.fk_action = ".((int) $notifcode); // Old usage } else { $sql .= " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage } @@ -622,10 +622,10 @@ class Notify if ($mailfile->sendfile()) { if ($obj->type_target == 'touserid') { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_soc, fk_user, type, objet_type, type_target, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".$notifcodedefid.", ".($object->socid ? $object->socid : 'null').", ".$obj->cid.", '".$obj->type."', '".$object_type."', '".$obj->type_target."', ".$object->id.", '".$this->db->escape($obj->email)."')"; + $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".((int) $notifcodedefid).", ".($object->socid > 0 ? ((int) $object->socid) : 'null').", ".((int) $obj->cid).", '".$this->db->escape($obj->type)."', '".$this->db->escape($object_type)."', '".$this->db->escape($obj->type_target)."', ".((int) $object->id).", '".$this->db->escape($obj->email)."')"; } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_soc, fk_contact, type, objet_type, type_target, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".$notifcodedefid.", ".($object->socid ? $object->socid : 'null').", ".$obj->cid.", '".$obj->type."', '".$object_type."', '".$obj->type_target."', ".$object->id.", '".$this->db->escape($obj->email)."')"; + $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".((int) $notifcodedefid).", ".($object->socid > 0 ? ((int) $object->socid) : 'null').", ".((int) $obj->cid).", '".$this->db->escape($obj->type)."', '".$this->db->escape($object_type)."', '".$this->db->escape($obj->type_target)."', ".((int) $object->id).", '".$this->db->escape($obj->email)."')"; } if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -857,7 +857,7 @@ class Notify if ($mailfile->sendfile()) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_soc, fk_contact, type, type_target, objet_type, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".$notifcodedefid.", ".($object->socid ? $object->socid : 'null').", null, 'email', 'tofixedemail', '".$object_type."', ".$object->id.", '".$this->db->escape($conf->global->$param)."')"; + $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".((int) $notifcodedefid).", ".($object->socid > 0 ? ((int) $object->socid) : 'null').", null, 'email', 'tofixedemail', '".$this->db->escape($object_type)."', ".((int) $object->id).", '".$this->db->escape($conf->global->$param)."')"; if (!$this->db->query($sql)) { dol_print_error($this->db); } diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index bdd6cc2b83a..fd89a00a810 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -593,12 +593,16 @@ class Utils /** * Execute a CLI command. * - * @param string $command Command line to execute. - * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; - * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method - * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. + * @param string $command Command line to execute. + * Warning: The command line is sanitize so can't contains any redirection char '>'. Use param $redirectionfile if you need it. + * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; + * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method + * @param string $redirectionfile If defined, a redirection of output to this files is added. + * @param int $noescapecommand 1=Do not escape command. Warning: Using this parameter need you alreay sanitized the command. if not, it will lead to security vulnerability. + * This parameter is provided for backward compatibility with external modules. Always use 0 in core. + * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. */ - public function executeCLI($command, $outputfile, $execmethod = 0) + public function executeCLI($command, $outputfile, $execmethod = 0, $redirectionfile = null, $noescapecommand = 0) { global $conf, $langs; @@ -606,7 +610,12 @@ class Utils $output = ''; $error = ''; - $command = escapeshellcmd($command); + if (empty($noescapecommand)) { + $command = escapeshellcmd($command); + } + if ($redirectionfile) { + $command .= " > ".dol_sanitizePathName($redirectionfile); + } $command .= " 2>&1"; if (!empty($conf->global->MAIN_EXEC_USE_POPEN)) { @@ -1079,11 +1088,11 @@ class Utils fwrite($handle, "/*!40000 ALTER TABLE `".$table."` DISABLE KEYS */;\n"); } - $sql = 'SELECT * FROM '.$table; // Here SELECT * is allowed because we don't have definition of columns to take + $sql = "SELECT * FROM ".$table; // Here SELECT * is allowed because we don't have definition of columns to take $result = $db->query($sql); while ($row = $db->fetch_row($result)) { // For each row of data we print a line of INSERT - fwrite($handle, 'INSERT '.$delayed.$ignore.'INTO `'.$table.'` VALUES ('); + fwrite($handle, "INSERT ".$delayed.$ignore."INTO ".$table." VALUES ("); $columns = count($row); for ($j = 0; $j < $columns; $j++) { // Processing each columns of the row to ensure that we correctly save the value (eg: add quotes for string - in fact we add quotes for everything, it's easier) diff --git a/htdocs/core/class/validate.class.php b/htdocs/core/class/validate.class.php index 1738034545d..1b2447dc23a 100644 --- a/htdocs/core/class/validate.class.php +++ b/htdocs/core/class/validate.class.php @@ -46,13 +46,12 @@ class Validate /** - * Constructor + * Constructor * - * @param DoliDB $db Database handler - * @param Translate $outputLang output lang for error - * @return null + * @param DoliDB $db Database handler + * @param Translate $outputLang Output lang for error */ - public function __construct($db, $outputLang = false) + public function __construct($db, $outputLang = null) { global $langs; @@ -263,7 +262,7 @@ class Validate } foreach ($value_arr as $val) { - $sql = 'SELECT ' . $col . ' FROM ' . MAIN_DB_PREFIX . $table . " WHERE " . $col ." = '" . $this->db->escape($val) . "'"; // nore quick than count(*) to check existing of a row + $sql = "SELECT ".$col." FROM ".MAIN_DB_PREFIX.$table." WHERE ".$col." = '".$this->db->escape($val)."'"; // nore quick than count(*) to check existing of a row $resql = $this->db->getRow($sql); if ($resql) { continue; diff --git a/htdocs/core/customreports.php b/htdocs/core/customreports.php index ca6e61e3b1c..3693b52cc74 100644 --- a/htdocs/core/customreports.php +++ b/htdocs/core/customreports.php @@ -239,13 +239,14 @@ if (is_array($search_groupby) && count($search_groupby)) { $fieldtocount = $search_groupby[$gkey]; } - $sql = 'SELECT DISTINCT '.$fieldtocount.' as val'; + $sql = "SELECT DISTINCT ".$fieldtocount." as val"; if (strpos($fieldtocount, 'te.') === 0) { $sql .= ' FROM '.MAIN_DB_PREFIX.$object->table_element.'_extrafields as te'; } else { $sql .= ' FROM '.MAIN_DB_PREFIX.$object->table_element.' as t'; } // TODO Add the where here + // ... $sql .= ' LIMIT '.($MAXUNIQUEVALFORGROUP + 1); @@ -469,60 +470,60 @@ if (!empty($search_measures) && !empty($search_xaxis)) { foreach ($search_xaxis as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y') as x_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y') as x_".$key.', '; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m') as x_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m') as x_".$key.', '; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d') as x_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d') as x_".$key.', '; } else { - $sql .= $val.' as x_'.$key.', '; + $sql .= $val." as x_".$key.", "; } } foreach ($search_groupby as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y') as g_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y') as g_".$key.', '; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m') as g_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m') as g_".$key.', '; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d') as g_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d') as g_".$key.', '; } else { - $sql .= $val.' as g_'.$key.', '; + $sql .= $val." as g_".$key.", "; } } foreach ($search_measures as $key => $val) { if ($val == 't.count') { - $sql .= 'COUNT(t.'.$fieldid.') as y_'.$key.', '; + $sql .= "COUNT(t.".$fieldid.") as y_".$key.', '; } elseif (preg_match('/\-sum$/', $val)) { $tmpval = preg_replace('/\-sum$/', '', $val); - $sql .= 'SUM('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', '; + $sql .= "SUM(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", "; } elseif (preg_match('/\-average$/', $val)) { $tmpval = preg_replace('/\-average$/', '', $val); - $sql .= 'AVG('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', '; + $sql .= "AVG(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", "; } elseif (preg_match('/\-min$/', $val)) { $tmpval = preg_replace('/\-min$/', '', $val); - $sql .= 'MIN('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', '; + $sql .= "MIN(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", "; } elseif (preg_match('/\-max$/', $val)) { $tmpval = preg_replace('/\-max$/', '', $val); - $sql .= 'MAX('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', '; + $sql .= "MAX(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", "; } } $sql = preg_replace('/,\s*$/', '', $sql); $sql .= ' FROM '.MAIN_DB_PREFIX.$object->table_element.' as t'; // Add measure from extrafields if ($object->isextrafieldmanaged) { - $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.$object->table_element.'_extrafields as te ON te.fk_object = t.'.$fieldid; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as te ON te.fk_object = t.".$fieldid; } if ($object->ismultientitymanaged) { if ($object->ismultientitymanaged == 1) { // Nothing here } else { $tmparray = explode('@', $object->ismultientitymanaged); - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$tmparray[1].' as parenttable ON t.'.$tmparray[0].' = parenttable.rowid'; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$tmparray[1]." as parenttable ON t.".$tmparray[0]." = parenttable.rowid"; $sql .= ' AND parenttable.entity IN ('.getEntity($tmparray[1]).')'; } } @@ -537,27 +538,27 @@ if (!empty($search_measures) && !empty($search_xaxis)) { foreach ($search_xaxis as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y'), "; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), "; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), "; } else { - $sql .= $val.', '; + $sql .= $val.", "; } } foreach ($search_groupby as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y'), "; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), "; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), "; } else { $sql .= $val.', '; } @@ -567,13 +568,13 @@ if (!empty($search_measures) && !empty($search_xaxis)) { foreach ($search_xaxis as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y'), "; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), "; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), "; } else { $sql .= $val.', '; } @@ -581,13 +582,13 @@ if (!empty($search_measures) && !empty($search_xaxis)) { foreach ($search_groupby as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y'), "; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), "; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), "; } else { $sql .= $val.', '; } diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php index 8c62390f447..29ced10dc35 100644 --- a/htdocs/core/db/DoliDB.class.php +++ b/htdocs/core/db/DoliDB.class.php @@ -203,9 +203,9 @@ abstract class DoliDB implements Database $limit = $conf->liste_limit; } if ($offset > 0) { - return " LIMIT $offset,$limit "; + return " LIMIT ".((int) $offset).",".((int) $limit)." "; } else { - return " LIMIT $limit "; + return " LIMIT ".((int) $limit)." "; } } diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 5245a9dac3c..55d5f18dd00 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -905,7 +905,7 @@ class DoliDBPgsql extends DoliDB // Test charset match LC_TYPE (pgsql error otherwise) //print $charset.' '.setlocale(LC_CTYPE,'0'); exit; - $sql = 'CREATE DATABASE "'.$database.'" OWNER "'.$owner.'" ENCODING \''.$charset.'\''; + $sql = "CREATE DATABASE '".$this->escape($database)."' OWNER '".$this->escape($owner)."' ENCODING '".$this->escape($charset)."'"; dol_syslog($sql, LOG_DEBUG); $ret = $this->query($sql); return $ret; @@ -924,11 +924,11 @@ class DoliDBPgsql extends DoliDB // phpcs:enable $listtables = array(); - $like = ''; + $escapedlike = ''; if ($table) { - $like = " AND table_name LIKE '".$this->escape($table)."'"; + $escapedlike = " AND table_name LIKE '".$this->escape($table)."'"; } - $result = pg_query($this->db, "SELECT table_name FROM information_schema.tables WHERE table_schema = 'public'".$like." ORDER BY table_name"); + $result = pg_query($this->db, "SELECT table_name FROM information_schema.tables WHERE table_schema = 'public'".$escapedlike." ORDER BY table_name"); if ($result) { while ($row = $this->fetch_row($result)) { $listtables[] = $row[0]; diff --git a/htdocs/core/db/sqlite3.class.php b/htdocs/core/db/sqlite3.class.php index 53bcb6806dc..072d5f0c4b3 100644 --- a/htdocs/core/db/sqlite3.class.php +++ b/htdocs/core/db/sqlite3.class.php @@ -421,7 +421,7 @@ class DoliDBSqlite3 extends DoliDB $descTable = $this->db->querySingle("SELECT sql FROM sqlite_master WHERE name='".$this->escape($tablename)."'"); // 1- Renommer la table avec un nom temporaire - $this->query('ALTER TABLE '.$tablename.' RENAME TO tmp_'.$tablename); + $this->query("ALTER TABLE ".$tablename." RENAME TO tmp_".$tablename); // 2- Recréer la table avec la contrainte ajoutée @@ -436,10 +436,10 @@ class DoliDBSqlite3 extends DoliDB $this->query($descTable); // 3- Transférer les données - $this->query('INSERT INTO '.$tablename.' SELECT * FROM tmp_'.$tablename); + $this->query("INSERT INTO ".$tablename." SELECT * FROM tmp_".$tablename); // 4- Supprimer la table temporaire - $this->query('DROP TABLE tmp_'.$tablename); + $this->query("DROP TABLE tmp_".$tablename); // dummy statement $query = "SELECT 0"; @@ -840,17 +840,12 @@ class DoliDBSqlite3 extends DoliDB } // ALTER DATABASE dolibarr_db DEFAULT CHARACTER SET latin DEFAULT COLLATE latin1_swedish_ci - $sql = 'CREATE DATABASE '.$database; - $sql .= ' DEFAULT CHARACTER SET '.$charset.' DEFAULT COLLATE '.$collation; + $sql = "CREATE DATABASE ".$this->escape($database); + $sql .= " DEFAULT CHARACTER SET ".$this->escape($charset)." DEFAULT COLLATE ".$this->escape($collation); dol_syslog($sql, LOG_DEBUG); $ret = $this->query($sql); - if (!$ret) { - // We try again for compatibility with Mysql < 4.1.1 - $sql = 'CREATE DATABASE '.$database; - $ret = $this->query($sql); - dol_syslog($sql, LOG_DEBUG); - } + return $ret; } diff --git a/htdocs/core/js/lib_foot.js.php b/htdocs/core/js/lib_foot.js.php index 74a7f543bfc..1de4fef0176 100644 --- a/htdocs/core/js/lib_foot.js.php +++ b/htdocs/core/js/lib_foot.js.php @@ -232,23 +232,39 @@ print ' jQuery(\'.clipboardCPButton, .clipboardCPValueToPrint\').click(function() { /* console.log(this.parentNode); */ - console.log("We click on a clipboardCPButton or clipboardCPValueToPrint class"); - if (window.getSelection) { - selection = window.getSelection(); + console.log("We click on a clipboardCPButton or clipboardCPValueToPrint class and we want to copy content of clipboardCPValue class"); + if (window.getSelection) { range = document.createRange(); + + /* We select value to print using the parent. */ + /* We should use the class clipboardCPValue but it may have several element with copy/paste so class to select is not enough */ range.selectNodeContents(this.parentNode.firstChild); - selection.removeAllRanges(); - selection.addRange( range ); + selection = window.getSelection(); /* get the object used for selection */ + selection.removeAllRanges(); /* clear current selection */ + selection.addRange(range); /* make the new selection with the value to copy */ } - document.execCommand( \'copy\' ); + + /* copy selection into clipboard */ + var succeed; + try { + succeed = document.execCommand(\'copy\'); + } catch(e) { + succeed = false; + } + + /* Remove the selection to avoid to see the hidden field to copy selected */ window.getSelection().removeAllRanges(); /* Show message */ var lastchild = this.parentNode.lastChild; var tmp = lastchild.innerHTML - lastchild.innerHTML = \''.dol_escape_js($langs->trans('CopiedToClipboard')).'\'; + if (succeed) { + lastchild.innerHTML = \''.dol_escape_js($langs->trans('CopiedToClipboard')).'\'; + } else { + lastchild.innerHTML = \''.dol_escape_js($langs->trans('Error')).'\'; + } setTimeout(() => { lastchild.innerHTML = tmp; }, 1000); }); });'."\n"; diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 87f77bad4e7..6bebf3e4edb 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -306,8 +306,8 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle // with // 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401 + 200100000, 'PCG99-ABREGE','CAPIT', '1234', 1400 + 200100000,...' // Note: string with 'PCG99-ABREGE','CAPIT', 1234 instead of 'PCG99-ABREGE','CAPIT', '1234' is also supported - $newsql = preg_replace('/VALUES\s*\(__ENTITY__, \s*(\d+)\s*,(\s*\'[^\',]*\'\s*,\s*\'[^\',]*\'\s*,\s*\'?[^\',]*\'?\s*),\s*\'?([^\',]*)\'?/ims', 'VALUES (__ENTITY__, \1 + '.$offsetforchartofaccount.', \2, \3 + '.$offsetforchartofaccount, $newsql); - $newsql = preg_replace('/([,\s])0 \+ '.$offsetforchartofaccount.'/ims', '\1 0', $newsql); + $newsql = preg_replace('/VALUES\s*\(__ENTITY__, \s*(\d+)\s*,(\s*\'[^\',]*\'\s*,\s*\'[^\',]*\'\s*,\s*\'?[^\',]*\'?\s*),\s*\'?([^\',]*)\'?/ims', 'VALUES (__ENTITY__, \1 + '.((int) $offsetforchartofaccount).', \2, \3 + '.((int) $offsetforchartofaccount), $newsql); + $newsql = preg_replace('/([,\s])0 \+ '.((int) $offsetforchartofaccount).'/ims', '\1 0', $newsql); //var_dump($newsql); $arraysql[$i] = $newsql; @@ -536,7 +536,7 @@ function dolibarr_get_const($db, $name, $entity = 1) $sql = "SELECT ".$db->decrypt('value')." as value"; $sql .= " FROM ".MAIN_DB_PREFIX."const"; - $sql .= " WHERE name = ".$db->encrypt($name, 1); + $sql .= " WHERE name = '".$db->escape($db->encrypt($name))."'"; $sql .= " AND entity = ".((int) $entity); dol_syslog("admin.lib::dolibarr_get_const", LOG_DEBUG); @@ -583,7 +583,7 @@ function dolibarr_set_const($db, $name, $value, $type = 'chaine', $visible = 0, $db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."const"; - $sql .= " WHERE name = ".$db->encrypt($name, 1); + $sql .= " WHERE name = '".$db->escape($db->encrypt($name))."'"; if ($entity >= 0) { $sql .= " AND entity = ".((int) $entity); } @@ -1811,7 +1811,7 @@ function addDocumentModel($name, $type, $label = '', $description = '') $db->begin(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)"; - $sql .= " VALUES ('".$db->escape($name)."','".$db->escape($type)."',".$conf->entity.", "; + $sql .= " VALUES ('".$db->escape($name)."','".$db->escape($type)."',".((int) $conf->entity).", "; $sql .= ($label ? "'".$db->escape($label)."'" : 'null').", "; $sql .= (!empty($description) ? "'".$db->escape($description)."'" : "null"); $sql .= ")"; diff --git a/htdocs/core/lib/agenda.lib.php b/htdocs/core/lib/agenda.lib.php index 9796c49cf59..048335201ee 100644 --- a/htdocs/core/lib/agenda.lib.php +++ b/htdocs/core/lib/agenda.lib.php @@ -168,7 +168,7 @@ function show_array_actions_to_do($max = 5) $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; $sql .= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep2 > '".$db->idate($now)."'))"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -284,7 +284,7 @@ function show_array_last_actions_done($max = 5) $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; $sql .= " AND (a.percent >= 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 7d261f2d5ab..7a10d2d4ff8 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -64,7 +64,7 @@ function societe_prepare_head(Societe $object) } else { $sql = "SELECT COUNT(p.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as p"; - $sql .= " WHERE p.fk_soc = ".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -140,7 +140,7 @@ function societe_prepare_head(Societe $object) } else { $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as n"; - $sql .= " WHERE fk_soc = ".$object->id; + $sql .= " WHERE fk_soc = ".((int) $object->id); $sql .= " AND entity IN (".getEntity('project').")"; $resql = $db->query($sql); if ($resql) { @@ -223,7 +223,7 @@ function societe_prepare_head(Societe $object) $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib as n"; - $sql .= " WHERE n.fk_soc = ".$object->id; + $sql .= " WHERE n.fk_soc = ".((int) $object->id); if (empty($conf->stripe->enabled)) { $sql .= " AND n.stripe_card_ref IS NULL"; } else { @@ -240,7 +240,7 @@ function societe_prepare_head(Societe $object) //if (! empty($conf->stripe->enabled) && $nbBankAccount > 0) $nbBankAccount = '...'; // No way to know exact number - $head[$h][0] = DOL_URL_ROOT.'/societe/paymentmodes.php?socid='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/societe/paymentmodes.php?socid='.urlencode($object->id); $head[$h][1] = $title; if ($foundonexternalonlinesystem) { $head[$h][1] .= '...'; @@ -252,12 +252,12 @@ function societe_prepare_head(Societe $object) } if (!empty($conf->website->enabled) && (!empty($conf->global->WEBSITE_USE_WEBSITE_ACCOUNTS)) && (!empty($user->rights->societe->lire))) { - $head[$h][0] = DOL_URL_ROOT.'/societe/website.php?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/societe/website.php?id='.urlencode($object->id); $head[$h][1] = $langs->trans("WebSiteAccounts"); $nbNote = 0; $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_account as n"; - $sql .= " WHERE fk_soc = ".$object->id.' AND fk_website > 0'; + $sql .= " WHERE fk_soc = ".((int) $object->id).' AND fk_website > 0'; $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -272,6 +272,19 @@ function societe_prepare_head(Societe $object) $h++; } + if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') == 'thirdparty') { + if (!empty($user->rights->partnership->read)) { + $nbPartnership = is_array($object->partnerships) ? count($object->partnerships) : 0; + $head[$h][0] = DOL_URL_ROOT.'/societe/partnership.php?socid='.$object->id; + $head[$h][1] = $langs->trans("Partnership"); + $head[$h][2] = 'partnership'; + if ($nbPartnership > 0) { + $head[$h][1] .= ''.$nbPartnership.''; + } + $h++; + } + } + // Show more tabs from modules // Entries must be declared in modules descriptor with line // $this->tabs = array('entity:+tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to add new tab @@ -291,7 +304,7 @@ function societe_prepare_head(Societe $object) } else { $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."notify_def as n"; - $sql .= " WHERE fk_soc = ".$object->id; + $sql .= " WHERE fk_soc = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -302,7 +315,7 @@ function societe_prepare_head(Societe $object) dol_setcache($cachekey, $nbNotif, 120); // If setting cache fails, this is not a problem, so we do not test result. } - $head[$h][0] = DOL_URL_ROOT.'/societe/notify/card.php?socid='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/societe/notify/card.php?socid='.urlencode($object->id); $head[$h][1] = $langs->trans("Notifications"); if ($nbNotif > 0) { $head[$h][1] .= ''.$nbNotif.''; @@ -319,7 +332,7 @@ function societe_prepare_head(Societe $object) if (!empty($object->note_public)) { $nbNote++; } - $head[$h][0] = DOL_URL_ROOT.'/societe/note.php?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/societe/note.php?id='.urlencode($object->id); $head[$h][1] = $langs->trans("Notes"); if ($nbNote > 0) { $head[$h][1] .= ''.$nbNote.''; @@ -367,7 +380,7 @@ function societe_prepare_head(Societe $object) } else { $sql = "SELECT COUNT(id) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm"; - $sql .= " WHERE fk_soc = ".$object->id; + $sql .= " WHERE fk_soc = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -793,7 +806,7 @@ function show_projects($conf, $langs, $db, $object, $backtopage = '', $nocreatel $sql .= ", cls.code as opp_status_code"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_lead_status as cls on p.fk_opp_status = cls.rowid"; - $sql .= " WHERE p.fk_soc = ".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('project').")"; $sql .= " ORDER BY p.dateo DESC"; @@ -1070,9 +1083,9 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '') $sql .= " t.civility as civility_id, t.address, t.zip, t.town"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople_extrafields as ef on (t.rowid = ef.fk_object)"; - $sql .= " WHERE t.fk_soc = ".$object->id; + $sql .= " WHERE t.fk_soc = ".((int) $object->id); if ($search_status != '' && $search_status != '-1') { - $sql .= " AND t.statut = ".$db->escape($search_status); + $sql .= " AND t.statut = ".((int) $search_status); } if ($search_name) { $sql .= natural_search(array('t.lastname', 't.firstname'), $search_name); @@ -1476,46 +1489,46 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; if ($force_filter_contact === false) { if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) { - $sql .= " AND a.fk_soc = ".$filterobj->id; + $sql .= " AND a.fk_soc = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Dolresource') { /* Nothing */ } elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) { - $sql .= " AND a.fk_project = ".$filterobj->id; + $sql .= " AND a.fk_project = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') { $sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Product') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && is_array($filterobj->fields) && is_array($filterobj->fields['rowid']) && is_array($filterobj->fields['ref']) && $filterobj->table_element && $filterobj->element) { // Generic case - $sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? '@'.$module : '')."'"; + $sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? "@".$module : "")."'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } } diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index fd830d47eb1..350c2334915 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1159,10 +1159,11 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable * @param object $object Current object in use * @param boolean $allowdotdot Allow to delete file path with .. inside. Never use this, it is reserved for migration purpose. * @param int $indexdatabase Try to remove also index entries. + * @param int $nolog Disable log file * @return boolean True if no error (file is deleted or if glob is used and there's nothing to delete), False if error * @see dol_delete_dir() */ -function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1) +function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1, $nolog = 0) { global $db, $conf, $user, $langs; global $hookmanager; @@ -1170,7 +1171,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, // Load translation files required by the page $langs->loadLangs(array('other', 'errors')); - dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook); + if (empty($nolog)) { + dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook); + } // Security: // We refuse transversal using .. and pipes into filenames. @@ -1226,7 +1229,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, } if ($ok) { - dol_syslog("Removed file ".$filename, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("Removed file ".$filename, LOG_DEBUG); + } // Delete entry into ecm database $rel_filetodelete = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filename); @@ -1264,7 +1269,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $ok = unlink($file_osencoded); } if ($ok) { - dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG); + } } else { dol_syslog("Failed to remove file ".$file_osencoded, LOG_WARNING); } @@ -1304,11 +1311,15 @@ function dol_delete_dir($dir, $nophperrors = 0) * @param int $nophperrors Disable all PHP output errors * @param int $onlysub Delete only files and subdir, not main directory * @param int $countdeleted Counter to count nb of elements found really deleted + * @param int $indexdatabase Try to remove also index entries. + * @param int $nolog Disable log files (too verbose when making recursive directories) * @return int Number of files and directory we try to remove. NB really removed is returned into var by reference $countdeleted. */ -function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0) +function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0, $indexdatabase = 1, $nolog = 0) { - dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG); + } if (dol_is_dir($dir)) { $dir_osencoded = dol_osencode($dir); if ($handle = opendir("$dir_osencoded")) { @@ -1319,9 +1330,9 @@ function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = if ($item != "." && $item != "..") { if (is_dir(dol_osencode("$dir/$item")) && !is_link(dol_osencode("$dir/$item"))) { - $count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted); + $count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted, $indexdatabase, $nolog); } else { - $result = dol_delete_file("$dir/$item", 1, $nophperrors); + $result = dol_delete_file("$dir/$item", 1, $nophperrors, 0, null, false, $indexdatabase, $nolog); $count++; if ($result) { $countdeleted++; @@ -1332,6 +1343,7 @@ function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = } closedir($handle); + // Delete also the main directory if (empty($onlysub)) { $result = dol_delete_dir($dir, $nophperrors); $count++; @@ -2257,8 +2269,9 @@ function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('( */ function dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser = '', $refname = '', $mode = 'read') { - global $conf, $db, $user; + global $conf, $db, $user, $hookmanager; global $dolibarr_main_data_root, $dolibarr_main_document_root_alt; + global $object; if (!is_object($fuser)) { $fuser = $user; @@ -2915,20 +2928,22 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, } } - // For modules who wants to manage different levels of permissions for documents - $subPermCategoryConstName = strtoupper($modulepart).'_SUBPERMCATEGORY_FOR_DOCUMENTS'; - if (!empty($conf->global->$subPermCategoryConstName)) { - $subPermCategory = $conf->global->$subPermCategoryConstName; - if (!empty($subPermCategory) && (($fuser->rights->$modulepart->$subPermCategory->{$lire}) || ($fuser->rights->$modulepart->$subPermCategory->{$read}) || ($fuser->rights->$modulepart->$subPermCategory->{$download}))) { - $accessallowed = 1; + $parameters = array( + 'modulepart' => $modulepart, + 'original_file' => $original_file, + 'entity' => $entity, + 'fuser' => $fuser, + 'refname' => '', + 'mode' => $mode + ); + $reshook = $hookmanager->executeHooks('checkSecureAccess', $parameters, $object); + if ($reshook > 0) { + if (!empty($hookmanager->resArray['accessallowed'])) { + $accessallowed = $hookmanager->resArray['accessallowed']; + } + if (!empty($hookmanager->resArray['sqlprotectagainstexternals'])) { + $sqlprotectagainstexternals = $hookmanager->resArray['sqlprotectagainstexternals']; } - } - - // Define $sqlprotectagainstexternals for modules who want to protect access using a SQL query. - $sqlProtectConstName = strtoupper($modulepart).'_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS'; - if (!empty($conf->global->$sqlProtectConstName)) { // If module want to define its own $sqlprotectagainstexternals - // Example: mymodule__SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS = "SELECT fk_soc FROM ".MAIN_DB_PREFIX.$modulepart." WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; - eval('$sqlprotectagainstexternals = "'.$conf->global->$sqlProtectConstName.'";'); } } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 01c199b4ffd..483e890e369 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -104,7 +104,7 @@ function getDoliDBInstance($type, $host, $user, $pass, $name, $port) */ function getEntity($element, $shared = 1, $currentobject = null) { - global $conf, $mc; + global $conf, $mc, $hookmanager, $object, $action; // fix different element names (France to English) switch ($element) { @@ -117,7 +117,7 @@ function getEntity($element, $shared = 1, $currentobject = null) } if (is_object($mc)) { - return $mc->getEntity($element, $shared, $currentobject); + $out = $mc->getEntity($element, $shared, $currentobject); } else { $out = ''; $addzero = array('user', 'usergroup', 'c_email_templates', 'email_template', 'default_values'); @@ -125,8 +125,27 @@ function getEntity($element, $shared = 1, $currentobject = null) $out .= '0,'; } $out .= ((int) $conf->entity); - return $out; } + + // Manipulate entities to query on the fly + $parameters = array( + 'element' => $element, + 'shared' => $shared, + 'object' => $object, + 'currentobject' => $currentobject, + 'out' => $out + ); + $reshook = $hookmanager->executeHooks('hookGetEntity', $parameters, $currentobject, $action); // Note that $action and $object may have been modified by some hooks + + if (is_numeric($reshook)) { + if ($reshook == 0 && !empty($hookmanager->resprints)) { + $out .= ','.$hookmanager->resprints; // add + } elseif ($reshook == 1) { + $out = $hookmanager->resprints; // replace + } + } + + return $out; } /** @@ -753,9 +772,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = $out = dol_string_nohtmltag($out, 0); // Remove also other dangerous string sequences // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals + // '../' or '..\' is dangerous because it allows dir transversals // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. - $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '\', '\', '/', '../', '..\\'), '', $out); } while ($oldstringtoclean != $out); // keep lines feed } @@ -768,9 +787,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = // Remove html tags $out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8'); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals + // '../' or '..\' is dangerous because it allows dir transversals // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. - $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '\', '\', '/', '../', '..\\'), '', $out); } while ($oldstringtoclean != $out); } break; @@ -1069,7 +1088,7 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1) // List of special chars for filenames in windows are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file // Char '>' '<' '|' '$' and ';' are special chars for shells. // Char '/' and '\' are file delimiters. - // -- car can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command + // Chars '--' can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command $filesystem_forbidden_chars = array('<', '>', '/', '\\', '?', '*', '|', '"', ':', '°', '$', ';'); $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); @@ -1090,7 +1109,10 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1) */ function dol_sanitizePathName($str, $newstr = '_', $unaccent = 1) { - $filesystem_forbidden_chars = array('<', '>', '?', '*', '|', '"', '°'); + // List of special chars for filenames in windows are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file + // Char '>' '<' '|' '$' and ';' are special chars for shells. + // Chars '--' can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command + $filesystem_forbidden_chars = array('<', '>', '?', '*', '|', '"', '°', '$', ';'); $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); $tmp = preg_replace('/\s+\-/', ' _', $tmp); @@ -1283,9 +1305,9 @@ function dol_escape_json($stringtoescape) * Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields. * * @param string $stringtoescape String to escape - * @param int $keepb 1=Keep b tags, 0=remove them completeley + * @param int $keepb 1=Keep b tags, 0=remove them completely * @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a '; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/bom/mod_bom_advanced.php b/htdocs/core/modules/bom/mod_bom_advanced.php index d590c3ff70c..09faf05d7d6 100644 --- a/htdocs/core/modules/bom/mod_bom_advanced.php +++ b/htdocs/core/modules/bom/mod_bom_advanced.php @@ -81,7 +81,7 @@ class mod_bom_advanced extends ModeleNumRefboms $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/cheque/mod_chequereceipt_thyme.php b/htdocs/core/modules/cheque/mod_chequereceipt_thyme.php index 16e0f666774..40d63e63143 100644 --- a/htdocs/core/modules/cheque/mod_chequereceipt_thyme.php +++ b/htdocs/core/modules/cheque/mod_chequereceipt_thyme.php @@ -75,7 +75,7 @@ class mod_chequereceipt_thyme extends ModeleNumRefChequeReceipts $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= ' '; + $texte .= ' '; $texte .= ''; diff --git a/htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php b/htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php index 239ec7639ec..adb26a38e0a 100644 --- a/htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php +++ b/htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php @@ -158,7 +158,7 @@ class doc_generic_order_odt extends ModelePDFCommandes $texte .= $conf->global->COMMANDE_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index be0b9f3c6fe..d45bab013e9 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -1311,16 +1311,23 @@ class pdf_einstein extends ModelePDFCommandes $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities($titlekey); + $title .= ' '.$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $title .= ' - '.$outputlangs->transnoentities("NotValidated"); + } $pdf->MultiCell($w, 3, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); + /* $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + */ - $posy += 1; + $posy += 3; $pdf->SetFont('', '', $default_font_size - 1); if ($object->ref_client) { diff --git a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php index 7e04445ea15..52f96764473 100644 --- a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php @@ -1482,11 +1482,17 @@ class pdf_eratosthene extends ModelePDFCommandes $title .= ' - '; $title .= $outputlangsbis->transnoentities($titlekey); } + $title .= ' '.$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $title .= ' - '.$outputlangs->transnoentities("NotValidated"); + } $pdf->MultiCell($w, 3, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); + /* $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); @@ -1496,8 +1502,9 @@ class pdf_eratosthene extends ModelePDFCommandes $textref .= ' - '.$outputlangs->transnoentities("NotValidated"); } $pdf->MultiCell($w, 4, $textref, '', 'R'); + */ - $posy += 1; + $posy += 3; $pdf->SetFont('', '', $default_font_size - 2); if ($object->ref_client) { diff --git a/htdocs/core/modules/commande/mod_commande_saphir.php b/htdocs/core/modules/commande/mod_commande_saphir.php index 8b4ccdfaba7..ffb53480aa3 100644 --- a/htdocs/core/modules/commande/mod_commande_saphir.php +++ b/htdocs/core/modules/commande/mod_commande_saphir.php @@ -81,7 +81,7 @@ class mod_commande_saphir extends ModeleNumRefCommandes $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/contract/mod_contract_magre.php b/htdocs/core/modules/contract/mod_contract_magre.php index dcaee5eadbc..e0c54c1d022 100644 --- a/htdocs/core/modules/contract/mod_contract_magre.php +++ b/htdocs/core/modules/contract/mod_contract_magre.php @@ -86,7 +86,7 @@ class mod_contract_magre extends ModelNumRefContracts $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/delivery/mod_delivery_saphir.php b/htdocs/core/modules/delivery/mod_delivery_saphir.php index d5ac288b52a..7fc9b2e6e52 100644 --- a/htdocs/core/modules/delivery/mod_delivery_saphir.php +++ b/htdocs/core/modules/delivery/mod_delivery_saphir.php @@ -85,7 +85,7 @@ class mod_delivery_saphir extends ModeleNumRefDeliveryOrder $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/expedition/doc/doc_generic_shipment_odt.modules.php b/htdocs/core/modules/expedition/doc/doc_generic_shipment_odt.modules.php index 8a2b6b2b121..5229645afe5 100644 --- a/htdocs/core/modules/expedition/doc/doc_generic_shipment_odt.modules.php +++ b/htdocs/core/modules/expedition/doc/doc_generic_shipment_odt.modules.php @@ -159,7 +159,7 @@ class doc_generic_shipment_odt extends ModelePdfExpedition $texte .= $conf->global->EXPEDITION_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/expedition/mod_expedition_ribera.php b/htdocs/core/modules/expedition/mod_expedition_ribera.php index 79bbcbdb481..736ddc3ab3f 100644 --- a/htdocs/core/modules/expedition/mod_expedition_ribera.php +++ b/htdocs/core/modules/expedition/mod_expedition_ribera.php @@ -81,7 +81,7 @@ class mod_expedition_ribera extends ModelNumRefExpedition $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/expensereport/mod_expensereport_sand.php b/htdocs/core/modules/expensereport/mod_expensereport_sand.php index 482b8c06431..c403aa8c228 100644 --- a/htdocs/core/modules/expensereport/mod_expensereport_sand.php +++ b/htdocs/core/modules/expensereport/mod_expensereport_sand.php @@ -84,7 +84,7 @@ class mod_expensereport_sand extends ModeleNumRefExpenseReport $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php b/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php index 0d360269d46..ec494302e93 100644 --- a/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php +++ b/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php @@ -158,7 +158,7 @@ class doc_generic_invoice_odt extends ModelePDFFactures $texte .= $conf->global->FACTURE_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index 44b658cc42e..13d83dbd3f1 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -248,6 +248,14 @@ class pdf_crabe extends ModelePDFFactures // Load translation files required by the page $outputlangs->loadLangs(array("main", "bills", "products", "dict", "companies")); + global $outputlangsbis; + $outputlangsbis = null; + if (!empty($conf->global->PDF_USE_ALSO_LANGUAGE_CODE) && $outputlangs->defaultlang != $conf->global->PDF_USE_ALSO_LANGUAGE_CODE) { + $outputlangsbis = new Translate('', $conf); + $outputlangsbis->setDefaultLang($conf->global->PDF_USE_ALSO_LANGUAGE_CODE); + $outputlangsbis->loadLangs(array("main", "bills", "products", "dict", "companies")); + } + $nblines = count($object->lines); // Loop on each lines to detect if there is at least one image to show @@ -761,10 +769,10 @@ class pdf_crabe extends ModelePDFFactures } // Display info area - $posy = $this->_tableau_info($pdf, $object, $bottomlasttab, $outputlangs); + $posy = $this->_tableau_info($pdf, $object, $bottomlasttab, $outputlangs, $outputlangsbis); // Display total area - $posy = $this->_tableau_tot($pdf, $object, $deja_regle, $bottomlasttab, $outputlangs); + $posy = $this->_tableau_tot($pdf, $object, $deja_regle, $bottomlasttab, $outputlangs, $outputlangsbis); // Display Payments area if (($deja_regle || $amount_credit_notes_included || $amount_deposits_included) && empty($conf->global->INVOICE_NO_PAYMENT_DETAILS)) { @@ -854,7 +862,7 @@ class pdf_crabe extends ModelePDFFactures $sql .= " re.description, re.fk_facture_source,"; $sql .= " f.type, f.datef"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f"; - $sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".$object->id; + $sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".((int) $object->id); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -914,7 +922,7 @@ class pdf_crabe extends ModelePDFFactures $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id; + $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id); //$sql.= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = 1"; $sql .= " ORDER BY p.datep"; @@ -1014,9 +1022,10 @@ class pdf_crabe extends ModelePDFFactures * @param Facture $object Object to show * @param int $posy Y * @param Translate $outputlangs Langs object - * @return void + * @param Translate $outputlangsbis Object lang for output bis + * @return int Pos y */ - protected function _tableau_info(&$pdf, $object, $posy, $outputlangs) + protected function _tableau_info(&$pdf, $object, $posy, $outputlangs, $outputlangsbis) { // phpcs:enable global $conf, $mysoc; @@ -1053,7 +1062,7 @@ class pdf_crabe extends ModelePDFFactures $lib_condition_paiement = str_replace('\n', "\n", $lib_condition_paiement); $pdf->MultiCell(67, 4, $lib_condition_paiement, 0, 'L'); - $posy = $pdf->GetY() + 3; + $posy = $pdf->GetY() + 3; // We need spaces for 2 lines payment conditions } if ($object->type != 2) { @@ -1078,7 +1087,7 @@ class pdf_crabe extends ModelePDFFactures } // Show payment mode - if ($object->mode_reglement_code + if (!empty($object->mode_reglement_code) && $object->mode_reglement_code != 'CHQ' && $object->mode_reglement_code != 'VIR') { $pdf->SetFont('', 'B', $default_font_size - 2); @@ -1091,9 +1100,25 @@ class pdf_crabe extends ModelePDFFactures $lib_mode_reg = $outputlangs->transnoentities("PaymentType".$object->mode_reglement_code) != ('PaymentType'.$object->mode_reglement_code) ? $outputlangs->transnoentities("PaymentType".$object->mode_reglement_code) : $outputlangs->convToOutputCharset($object->mode_reglement); $pdf->MultiCell(80, 5, $lib_mode_reg, 0, 'L'); - // Show online payment link - $useonlinepayment = ((!empty($conf->paypal->enabled) || !empty($conf->stripe->enabled) || !empty($conf->paybox->enabled)) && !empty($conf->global->PDF_SHOW_LINK_TO_ONLINE_PAYMENT)); - if (($object->mode_reglement_code == 'CB' || $object->mode_reglement_code == 'VAD') && $object->statut != Facture::STATUS_DRAFT && $useonlinepayment) { + $posy = $pdf->GetY(); + } + + // Show online payment link + if (empty($object->mode_reglement_code) || $object->mode_reglement_code == 'CB' || $object->mode_reglement_code == 'VAD') { + $useonlinepayment = 0; + if (!empty($conf->global->PDF_SHOW_LINK_TO_ONLINE_PAYMENT)) { + if (!empty($conf->paypal->enabled)) { + $useonlinepayment++; + } + if (!empty($conf->stripe->enabled)) { + $useonlinepayment++; + } + if (!empty($conf->paybox->enabled)) { + $useonlinepayment++; + } + } + + if ($object->statut != Facture::STATUS_DRAFT && $useonlinepayment) { require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php'; global $langs; @@ -1102,11 +1127,11 @@ class pdf_crabe extends ModelePDFFactures $paiement_url = getOnlinePaymentUrl('', 'invoice', $object->ref, '', '', ''); $linktopay = $langs->trans("ToOfferALinkForOnlinePayment", $servicename).' '.$outputlangs->transnoentities("ClickHere").''; - $pdf->writeHTMLCell(80, 10, '', '', dol_htmlentitiesbr($linktopay), 0, 1); + $pdf->SetXY($this->marge_gauche, $posy); + $pdf->writeHTMLCell(80, 5, '', '', dol_htmlentitiesbr($linktopay), 0, 1); } - - $posy = $pdf->GetY() + 2; + $posy = $pdf->GetY() + 1; } // Show payment mode CHQ @@ -1181,12 +1206,13 @@ class pdf_crabe extends ModelePDFFactures * @param int $deja_regle Amount already paid (in the currency of invoice) * @param int $posy Position depart * @param Translate $outputlangs Objet langs + * @param Translate $outputlangsbis Object lang for output bis * @return int Position pour suite */ - protected function _tableau_tot(&$pdf, $object, $deja_regle, $posy, $outputlangs) + protected function _tableau_tot(&$pdf, $object, $deja_regle, $posy, $outputlangs, $outputlangsbis) { // phpcs:enable - global $conf, $mysoc; + global $conf, $mysoc, $hookmanager; $sign = 1; if ($object->type == 2 && !empty($conf->global->INVOICE_POSITIVE_CREDIT_NOTE)) { @@ -1253,7 +1279,8 @@ class pdf_crabe extends ModelePDFFactures $tvacompl = " (".$outputlangs->transnoentities("NonPercuRecuperable").")"; } - $totalvat = $outputlangs->transcountrynoentities("TotalLT1", $mysoc->country_code).' '; + $totalvat = $outputlangs->transcountrynoentities("TotalLT1", $mysoc->country_code).(is_object($outputlangsbis) ? ' / '.$outputlangsbis->transcountrynoentities("TotalLT1", $mysoc->country_code) : ''); + $totalvat .= ' '; $totalvat .= vatrate(abs($tvakey), 1).$tvacompl; $pdf->MultiCell($col2x - $col1x, $tab2_hl, $totalvat, 0, 'L', 1); @@ -1285,7 +1312,8 @@ class pdf_crabe extends ModelePDFFactures $tvakey = str_replace('*', '', $tvakey); $tvacompl = " (".$outputlangs->transnoentities("NonPercuRecuperable").")"; } - $totalvat = $outputlangs->transcountrynoentities("TotalLT2", $mysoc->country_code).' '; + $totalvat = $outputlangs->transcountrynoentities("TotalLT2", $mysoc->country_code).(is_object($outputlangsbis) ? ' / '.$outputlangsbis->transcountrynoentities("TotalLT2", $mysoc->country_code) : ''); + $totalvat .= ' '; $totalvat .= vatrate(abs($tvakey), 1).$tvacompl; $pdf->MultiCell($col2x - $col1x, $tab2_hl, $totalvat, 0, 'L', 1); @@ -1702,10 +1730,17 @@ class pdf_crabe extends ModelePDFFactures $title .= $outputlangsbis->transnoentities("InvoiceProForma"); } } + $title .= ' '.$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $title .= ' - '.$outputlangs->transnoentities("NotValidated"); + } + $pdf->MultiCell($w, 3, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); + /* $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); @@ -1714,9 +1749,9 @@ class pdf_crabe extends ModelePDFFactures $pdf->SetTextColor(128, 0, 0); $textref .= ' - '.$outputlangs->transnoentities("NotValidated"); } - $pdf->MultiCell($w, 4, $textref, '', 'R'); + $pdf->MultiCell($w, 4, $textref, '', 'R');*/ - $posy += 1; + $posy += 3; $pdf->SetFont('', '', $default_font_size - 2); if ($object->ref_client) { diff --git a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php index d6b4516695a..2bd8fb2ecec 100644 --- a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php @@ -906,10 +906,10 @@ class pdf_sponge extends ModelePDFFactures } // Display infos area - $posy = $this->drawInfoTable($pdf, $object, $bottomlasttab, $outputlangs); + $posy = $this->drawInfoTable($pdf, $object, $bottomlasttab, $outputlangs, $outputlangsbis); // Display total zone - $posy = $this->drawTotalTable($pdf, $object, $deja_regle, $bottomlasttab, $outputlangs); + $posy = $this->drawTotalTable($pdf, $object, $deja_regle, $bottomlasttab, $outputlangs, $outputlangsbis); // Display payment area if (($deja_regle || $amount_credit_notes_included || $amount_deposits_included) && empty($conf->global->INVOICE_NO_PAYMENT_DETAILS)) { @@ -1015,7 +1015,7 @@ class pdf_sponge extends ModelePDFFactures $sql .= " re.description, re.fk_facture_source,"; $sql .= " f.type, f.datef"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f"; - $sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".$object->id; + $sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".((int) $object->id); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -1061,7 +1061,7 @@ class pdf_sponge extends ModelePDFFactures $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id; + $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id); //$sql.= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = 1"; $sql .= " ORDER BY p.datep"; @@ -1104,9 +1104,10 @@ class pdf_sponge extends ModelePDFFactures * @param Facture $object Object to show * @param int $posy Y * @param Translate $outputlangs Langs object + * @param Translate $outputlangsbis Object lang for output bis * @return int Pos y */ - protected function drawInfoTable(&$pdf, $object, $posy, $outputlangs) + protected function drawInfoTable(&$pdf, $object, $posy, $outputlangs, $outputlangsbis) { global $conf, $mysoc; @@ -1118,7 +1119,11 @@ class pdf_sponge extends ModelePDFFactures if ($this->emetteur->country_code == 'FR' && empty($mysoc->tva_assuj)) { $pdf->SetFont('', 'B', $default_font_size - 2); $pdf->SetXY($this->marge_gauche, $posy); - $pdf->MultiCell(100, 3, $outputlangs->transnoentities("VATIsNotUsedForInvoice"), 0, 'L', 0); + if ($mysoc->forme_juridique_code == 92) { + $pdf->MultiCell(100, 3, $outputlangs->transnoentities("VATIsNotUsedForInvoiceAsso"), 0, 'L', 0); + } else { + $pdf->MultiCell(100, 3, $outputlangs->transnoentities("VATIsNotUsedForInvoice"), 0, 'L', 0); + } $posy = $pdf->GetY() + 4; } @@ -1138,7 +1143,7 @@ class pdf_sponge extends ModelePDFFactures $lib_condition_paiement = str_replace('\n', "\n", $lib_condition_paiement); $pdf->MultiCell(67, 4, $lib_condition_paiement, 0, 'L'); - $posy = $pdf->GetY() + 3; + $posy = $pdf->GetY() + 3; // We need spaces for 2 lines payment conditions } if ($object->type != 2) { @@ -1163,7 +1168,7 @@ class pdf_sponge extends ModelePDFFactures } // Show payment mode - if ($object->mode_reglement_code + if (!empty($object->mode_reglement_code) && $object->mode_reglement_code != 'CHQ' && $object->mode_reglement_code != 'VIR') { $pdf->SetFont('', 'B', $default_font_size - 2); @@ -1176,9 +1181,25 @@ class pdf_sponge extends ModelePDFFactures $lib_mode_reg = $outputlangs->transnoentities("PaymentType".$object->mode_reglement_code) != ('PaymentType'.$object->mode_reglement_code) ? $outputlangs->transnoentities("PaymentType".$object->mode_reglement_code) : $outputlangs->convToOutputCharset($object->mode_reglement); $pdf->MultiCell(80, 5, $lib_mode_reg, 0, 'L'); - // Show online payment link - $useonlinepayment = ((!empty($conf->paypal->enabled) || !empty($conf->stripe->enabled) || !empty($conf->paybox->enabled)) && !empty($conf->global->PDF_SHOW_LINK_TO_ONLINE_PAYMENT)); - if (($object->mode_reglement_code == 'CB' || $object->mode_reglement_code == 'VAD') && $object->statut != Facture::STATUS_DRAFT && $useonlinepayment) { + $posy = $pdf->GetY(); + } + + // Show online payment link + if (empty($object->mode_reglement_code) || $object->mode_reglement_code == 'CB' || $object->mode_reglement_code == 'VAD') { + $useonlinepayment = 0; + if (!empty($conf->global->PDF_SHOW_LINK_TO_ONLINE_PAYMENT)) { + if (!empty($conf->paypal->enabled)) { + $useonlinepayment++; + } + if (!empty($conf->stripe->enabled)) { + $useonlinepayment++; + } + if (!empty($conf->paybox->enabled)) { + $useonlinepayment++; + } + } + + if ($object->statut != Facture::STATUS_DRAFT && $useonlinepayment) { require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php'; global $langs; @@ -1187,10 +1208,11 @@ class pdf_sponge extends ModelePDFFactures $paiement_url = getOnlinePaymentUrl('', 'invoice', $object->ref, '', '', ''); $linktopay = $langs->trans("ToOfferALinkForOnlinePayment", $servicename).' '.$outputlangs->transnoentities("ClickHere").''; - $pdf->writeHTMLCell(80, 10, '', '', dol_htmlentitiesbr($linktopay), 0, 1); + $pdf->SetXY($this->marge_gauche, $posy); + $pdf->writeHTMLCell(80, 5, '', '', dol_htmlentitiesbr($linktopay), 0, 1); } - $posy = $pdf->GetY() + 2; + $posy = $pdf->GetY() + 1; } // Show payment mode CHQ @@ -1263,9 +1285,10 @@ class pdf_sponge extends ModelePDFFactures * @param int $deja_regle Amount already paid (in the currency of invoice) * @param int $posy Position depart * @param Translate $outputlangs Objet langs + * @param Translate $outputlangsbis Object lang for output bis * @return int Position pour suite */ - protected function drawTotalTable(&$pdf, $object, $deja_regle, $posy, $outputlangs) + protected function drawTotalTable(&$pdf, $object, $deja_regle, $posy, $outputlangs, $outputlangsbis) { global $conf, $mysoc, $hookmanager; @@ -1276,14 +1299,6 @@ class pdf_sponge extends ModelePDFFactures $default_font_size = pdf_getPDFFontSize($outputlangs); - $outputlangsbis = null; - if (!empty($conf->global->PDF_USE_ALSO_LANGUAGE_CODE) && $outputlangs->defaultlang != $conf->global->PDF_USE_ALSO_LANGUAGE_CODE) { - $outputlangsbis = new Translate('', $conf); - $outputlangsbis->setDefaultLang($conf->global->PDF_USE_ALSO_LANGUAGE_CODE); - $outputlangsbis->loadLangs(array("main", "dict", "companies", "bills", "products", "propal")); - $default_font_size--; - } - $tab2_top = $posy; $tab2_hl = 4; $pdf->SetFont('', '', $default_font_size - 1); @@ -1939,10 +1954,17 @@ class pdf_sponge extends ModelePDFFactures $title .= $outputlangsbis->transnoentities("InvoiceProForma"); } } + $title .= ' '.$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $title .= ' - '.$outputlangs->transnoentities("NotValidated"); + } + $pdf->MultiCell($w, 3, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); + /* $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); @@ -1951,9 +1973,9 @@ class pdf_sponge extends ModelePDFFactures $pdf->SetTextColor(128, 0, 0); $textref .= ' - '.$outputlangs->transnoentities("NotValidated"); } - $pdf->MultiCell($w, 4, $textref, '', 'R'); + $pdf->MultiCell($w, 4, $textref, '', 'R');*/ - $posy += 1; + $posy += 3; $pdf->SetFont('', '', $default_font_size - 2); if ($object->ref_client) { diff --git a/htdocs/core/modules/facture/mod_facture_mercure.php b/htdocs/core/modules/facture/mod_facture_mercure.php index 32e06f285a9..706c35a9f82 100644 --- a/htdocs/core/modules/facture/mod_facture_mercure.php +++ b/htdocs/core/modules/facture/mod_facture_mercure.php @@ -78,7 +78,7 @@ class mod_facture_mercure extends ModeleNumRefFactures $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("InvoiceStandard").'):'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/fichinter/mod_arctic.php b/htdocs/core/modules/fichinter/mod_arctic.php index 91025817a9d..cb5acddd6e9 100644 --- a/htdocs/core/modules/fichinter/mod_arctic.php +++ b/htdocs/core/modules/fichinter/mod_arctic.php @@ -86,7 +86,7 @@ class mod_arctic extends ModeleNumRefFicheinter $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/holiday/mod_holiday_immaculate.php b/htdocs/core/modules/holiday/mod_holiday_immaculate.php index 000c7881561..84d6638a27e 100644 --- a/htdocs/core/modules/holiday/mod_holiday_immaculate.php +++ b/htdocs/core/modules/holiday/mod_holiday_immaculate.php @@ -86,7 +86,7 @@ class mod_holiday_immaculate extends ModelNumRefHolidays $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/import/import_csv.modules.php b/htdocs/core/modules/import/import_csv.modules.php index 6bec94d6130..184c99a95e7 100644 --- a/htdocs/core/modules/import/import_csv.modules.php +++ b/htdocs/core/modules/import/import_csv.modules.php @@ -720,7 +720,7 @@ class ImportCsv extends ModeleImports } if ($val == 'user->id') { $listfields[] = preg_replace('/^'.preg_quote($alias, '/').'\./', '', $key); - $listvalues[] = $user->id; + $listvalues[] = ((int) $user->id); } elseif (preg_match('/^lastrowid-/', $val)) { $tmp = explode('-', $val); $lastinsertid = (isset($last_insert_id_array[$tmp[1]])) ? $last_insert_id_array[$tmp[1]] : 0; @@ -731,7 +731,7 @@ class ImportCsv extends ModeleImports } elseif (preg_match('/^const-/', $val)) { $tmp = explode('-', $val, 2); $listfields[] = preg_replace('/^'.preg_quote($alias, '/').'\./', '', $key); - $listvalues[] = "'".$tmp[1]."'"; + $listvalues[] = "'".$this->db->escape($tmp[1])."'"; } else { $this->errors[$error]['lib'] = 'Bad value of profile setup '.$val.' for array_import_fieldshidden'; $this->errors[$error]['type'] = 'Import profile setup'; @@ -753,7 +753,7 @@ class ImportCsv extends ModeleImports // We do SELECT to get the rowid, if we already have the rowid, it's to be used below for related tables (extrafields) if (empty($lastinsertid)) { // No insert done yet for a parent table - $sqlSelect = 'SELECT rowid FROM '.$tablename; + $sqlSelect = "SELECT rowid FROM ".$tablename; $data = array_combine($listfields, $listvalues); $where = array(); @@ -764,7 +764,7 @@ class ImportCsv extends ModeleImports $where[] = $key.' = '.$data[$key]; $filters[] = $col.' = '.$data[$key]; } - $sqlSelect .= ' WHERE '.implode(' AND ', $where); + $sqlSelect .= " WHERE ".implode(' AND ', $where); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -791,12 +791,12 @@ class ImportCsv extends ModeleImports // a direct insert into subtable extrafields, but when me wake an update, the insertid is defined and the child record // may already exists. So we rescan the extrafield table to know if record exists or not for the rowid. // Note: For extrafield tablename, we have in importfieldshidden_array an enty 'extra.fk_object'=>'lastrowid-tableparent' so $keyfield is 'fk_object' - $sqlSelect = 'SELECT rowid FROM '.$tablename; + $sqlSelect = "SELECT rowid FROM ".$tablename; if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlSelect .= ' WHERE '.$keyfield.' = '.((int) $lastinsertid); + $sqlSelect .= " WHERE ".$keyfield.' = '.((int) $lastinsertid); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -818,19 +818,19 @@ class ImportCsv extends ModeleImports if (!empty($lastinsertid)) { // Build SQL UPDATE request - $sqlstart = 'UPDATE '.$tablename; + $sqlstart = "UPDATE ".$tablename; $data = array_combine($listfields, $listvalues); $set = array(); foreach ($data as $key => $val) { - $set[] = $key.' = '.$val; + $set[] = $key." = ".$val; } - $sqlstart .= ' SET '.implode(', ', $set); + $sqlstart .= " SET ".implode(', ', $set); if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlend = ' WHERE '.$keyfield.' = '.((int) $lastinsertid); + $sqlend = " WHERE ".$keyfield." = ".((int) $lastinsertid); $sql = $sqlstart.$sqlend; @@ -851,17 +851,17 @@ class ImportCsv extends ModeleImports // Update not done, we do insert if (!$error && !$updatedone) { // Build SQL INSERT request - $sqlstart = 'INSERT INTO '.$tablename.'('.implode(', ', $listfields).', import_key'; - $sqlend = ') VALUES('.implode(', ', $listvalues).", '".$this->db->escape($importid)."'"; + $sqlstart = "INSERT INTO ".$tablename."(".implode(", ", $listfields).", import_key"; + $sqlend = ") VALUES(".implode(', ', $listvalues).", '".$this->db->escape($importid)."'"; if (!empty($tablewithentity_cache[$tablename])) { - $sqlstart .= ', entity'; - $sqlend .= ', '.$conf->entity; + $sqlstart .= ", entity"; + $sqlend .= ", ".$conf->entity; } if (!empty($objimport->array_import_tables_creator[0][$alias])) { - $sqlstart .= ', '.$objimport->array_import_tables_creator[0][$alias]; - $sqlend .= ', '.$user->id; + $sqlstart .= ", ".$objimport->array_import_tables_creator[0][$alias]; + $sqlend .= ", ".$user->id; } - $sql = $sqlstart.$sqlend.')'; + $sql = $sqlstart.$sqlend.")"; //dol_syslog("import_csv.modules", LOG_DEBUG); // Run insert request diff --git a/htdocs/core/modules/import/import_xlsx.modules.php b/htdocs/core/modules/import/import_xlsx.modules.php index 0378180475d..aaca0d3bd77 100644 --- a/htdocs/core/modules/import/import_xlsx.modules.php +++ b/htdocs/core/modules/import/import_xlsx.modules.php @@ -761,7 +761,7 @@ class ImportXlsx extends ModeleImports } if ($val == 'user->id') { $listfields[] = preg_replace('/^' . preg_quote($alias, '/') . '\./', '', $key); - $listvalues[] = $user->id; + $listvalues[] = ((int) $user->id); } elseif (preg_match('/^lastrowid-/', $val)) { $tmp = explode('-', $val); $lastinsertid = (isset($last_insert_id_array[$tmp[1]])) ? $last_insert_id_array[$tmp[1]] : 0; @@ -772,7 +772,7 @@ class ImportXlsx extends ModeleImports } elseif (preg_match('/^const-/', $val)) { $tmp = explode('-', $val, 2); $listfields[] = preg_replace('/^' . preg_quote($alias, '/') . '\./', '', $key); - $listvalues[] = "'" . $tmp[1] . "'"; + $listvalues[] = "'" . $this->db->escape($tmp[1]) . "'"; } else { $this->errors[$error]['lib'] = 'Bad value of profile setup ' . $val . ' for array_import_fieldshidden'; $this->errors[$error]['type'] = 'Import profile setup'; @@ -793,7 +793,7 @@ class ImportXlsx extends ModeleImports // We do SELECT to get the rowid, if we already have the rowid, it's to be used below for related tables (extrafields) if (empty($lastinsertid)) { // No insert done yet for a parent table - $sqlSelect = 'SELECT rowid FROM ' . $tablename; + $sqlSelect = "SELECT rowid FROM " . $tablename; $data = array_combine($listfields, $listvalues); $where = array(); @@ -804,7 +804,7 @@ class ImportXlsx extends ModeleImports $where[] = $key . ' = ' . $data[$key]; $filters[] = $col . ' = ' . $data[$key]; } - $sqlSelect .= ' WHERE ' . implode(' AND ', $where); + $sqlSelect .= " WHERE " . implode(' AND ', $where); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -831,12 +831,12 @@ class ImportXlsx extends ModeleImports // a direct insert into subtable extrafields, but when me wake an update, the insertid is defined and the child record // may already exists. So we rescan the extrafield table to know if record exists or not for the rowid. // Note: For extrafield tablename, we have in importfieldshidden_array an enty 'extra.fk_object'=>'lastrowid-tableparent' so $keyfield is 'fk_object' - $sqlSelect = 'SELECT rowid FROM ' . $tablename; + $sqlSelect = "SELECT rowid FROM " . $tablename; if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlSelect .= ' WHERE ' . $keyfield . ' = ' .((int) $lastinsertid); + $sqlSelect .= "WHERE " . $keyfield . " = " .((int) $lastinsertid); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -858,19 +858,19 @@ class ImportXlsx extends ModeleImports if (!empty($lastinsertid)) { // Build SQL UPDATE request - $sqlstart = 'UPDATE ' . $tablename; + $sqlstart = "UPDATE " . $tablename; $data = array_combine($listfields, $listvalues); $set = array(); foreach ($data as $key => $val) { $set[] = $key . ' = ' . $val; } - $sqlstart .= ' SET ' . implode(', ', $set); + $sqlstart .= " SET " . implode(', ', $set); if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlend = ' WHERE ' . $keyfield . ' = '.((int) $lastinsertid); + $sqlend = " WHERE " . $keyfield . " = ".((int) $lastinsertid); $sql = $sqlstart . $sqlend; @@ -891,17 +891,17 @@ class ImportXlsx extends ModeleImports // Update not done, we do insert if (!$error && !$updatedone) { // Build SQL INSERT request - $sqlstart = 'INSERT INTO ' . $tablename . '(' . implode(', ', $listfields) . ', import_key'; - $sqlend = ') VALUES(' . implode(', ', $listvalues) . ", '" . $this->db->escape($importid) . "'"; + $sqlstart = "INSERT INTO " . $tablename . "(" . implode(", ", $listfields) . ", import_key"; + $sqlend = ") VALUES(" . implode(', ', $listvalues) . ", '" . $this->db->escape($importid) . "'"; if (!empty($tablewithentity_cache[$tablename])) { - $sqlstart .= ', entity'; - $sqlend .= ', ' . $conf->entity; + $sqlstart .= ", entity"; + $sqlend .= ", " . $conf->entity; } if (!empty($objimport->array_import_tables_creator[0][$alias])) { - $sqlstart .= ', ' . $objimport->array_import_tables_creator[0][$alias]; - $sqlend .= ', ' . $user->id; + $sqlstart .= ", " . $objimport->array_import_tables_creator[0][$alias]; + $sqlend .= ", " . $user->id; } - $sql = $sqlstart . $sqlend . ')'; + $sql = $sqlstart . $sqlend . ")"; //dol_syslog("import_xlsx.modules", LOG_DEBUG); // Run insert request diff --git a/htdocs/core/modules/mailings/contacts1.modules.php b/htdocs/core/modules/mailings/contacts1.modules.php index 0ca62392c82..2d41dfd9725 100644 --- a/htdocs/core/modules/mailings/contacts1.modules.php +++ b/htdocs/core/modules/mailings/contacts1.modules.php @@ -395,7 +395,7 @@ class mailing_contacts1 extends MailingTargets $sql .= " AND (SELECT count(*) FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = sp.email) = 0"; // Exclude unsubscribed email adresses $sql .= " AND sp.statut = 1"; - $sql .= " AND sp.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")"; + $sql .= " AND sp.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; // Filter on category if ($filter_category <> 'all') { $sql .= " AND cs.fk_categorie = c.rowid AND cs.fk_socpeople = sp.rowid"; diff --git a/htdocs/core/modules/mailings/fraise.modules.php b/htdocs/core/modules/mailings/fraise.modules.php index 34a5bd34a1e..09445264dc7 100644 --- a/htdocs/core/modules/mailings/fraise.modules.php +++ b/htdocs/core/modules/mailings/fraise.modules.php @@ -252,7 +252,7 @@ class mailing_fraise extends MailingTargets } $sql .= " , ".MAIN_DB_PREFIX."adherent_type as ta"; $sql .= " WHERE a.entity IN (".getEntity('member').") AND a.email <> ''"; // Note that null != '' is false - $sql .= " AND a.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$this->db->escape($mailing_id).")"; + $sql .= " AND a.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; // Filter on status if (GETPOST("filter") == '-1') { $sql .= " AND a.statut=-1"; diff --git a/htdocs/core/modules/mailings/modules_mailings.php b/htdocs/core/modules/mailings/modules_mailings.php index 7c0aa2b19b5..afbf1e22481 100644 --- a/htdocs/core/modules/mailings/modules_mailings.php +++ b/htdocs/core/modules/mailings/modules_mailings.php @@ -184,7 +184,7 @@ class MailingTargets // This can't be abstract as it is used for some method $sql .= "'".$this->db->escape($targetarray['other'])."',"; $sql .= "'".$this->db->escape($targetarray['source_url'])."',"; $sql .= (empty($targetarray['source_id']) ? 'null' : "'".$this->db->escape($targetarray['source_id'])."'").","; - $sql .= "'".$this->db->escape(dol_hash($dolibarr_main_instance_unique_id.';'.$targetarray['email'].';'.$targetarray['lastname'].';'.$mailing_id.';'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY, 'md5'))."',"; + $sql .= "'".$this->db->escape(dol_hash($dolibarr_main_instance_unique_id.";".$targetarray['email'].";".$targetarray['lastname'].";".$mailing_id.";".$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY, 'md5'))."',"; $sql .= "'".$this->db->escape($targetarray['source_type'])."')"; dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); @@ -208,7 +208,7 @@ class MailingTargets // This can't be abstract as it is used for some method //Update the status to show thirdparty mail that don't want to be contacted anymore' $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; $sql .= " SET statut=3"; - $sql .= " WHERE fk_mailing=".$mailing_id." AND email in (SELECT email FROM ".MAIN_DB_PREFIX."societe where fk_stcomm=-1)"; + $sql .= " WHERE fk_mailing = ".((int) $mailing_id)." AND email in (SELECT email FROM ".MAIN_DB_PREFIX."societe where fk_stcomm=-1)"; $sql .= " AND source_type='thirdparty'"; dol_syslog(__METHOD__.": mailing update status to display thirdparty mail that do not want to be contacted"); $result=$this->db->query($sql); @@ -216,7 +216,7 @@ class MailingTargets // This can't be abstract as it is used for some method //Update the status to show contact mail that don't want to be contacted anymore' $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; $sql .= " SET statut=3"; - $sql .= " WHERE fk_mailing=".$mailing_id." AND source_type='contact' AND (email in (SELECT sc.email FROM ".MAIN_DB_PREFIX."socpeople AS sc "; + $sql .= " WHERE fk_mailing = ".((int) $mailing_id)." AND source_type='contact' AND (email in (SELECT sc.email FROM ".MAIN_DB_PREFIX."socpeople AS sc "; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe s ON s.rowid=sc.fk_soc WHERE s.fk_stcomm=-1 OR no_email=1))"; dol_syslog(__METHOD__.": mailing update status to display contact mail that do not want to be contacted",LOG_DEBUG); $result=$this->db->query($sql); @@ -224,7 +224,7 @@ class MailingTargets // This can't be abstract as it is used for some method $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; $sql .= " SET statut=3"; - $sql .= " WHERE fk_mailing=".$mailing_id." AND email IN (SELECT mu.email FROM ".MAIN_DB_PREFIX."mailing_unsubscribe AS mu WHERE mu.entity IN ('".getEntity('mailing')."'))"; + $sql .= " WHERE fk_mailing =" .((int) $mailing_id)." AND email IN (SELECT mu.email FROM ".MAIN_DB_PREFIX."mailing_unsubscribe AS mu WHERE mu.entity IN ('".getEntity('mailing')."'))"; dol_syslog(__METHOD__.":mailing update status to display emails that do not want to be contacted anymore", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/modules/member/doc/doc_generic_member_odt.class.php b/htdocs/core/modules/member/doc/doc_generic_member_odt.class.php index 939c78f32e3..7b2af1e0032 100644 --- a/htdocs/core/modules/member/doc/doc_generic_member_odt.class.php +++ b/htdocs/core/modules/member/doc/doc_generic_member_odt.class.php @@ -154,7 +154,7 @@ class doc_generic_member_odt extends ModelePDFMember $texte .= $conf->global->MEMBER_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/modAdherent.class.php b/htdocs/core/modules/modAdherent.class.php index 16ecbee8526..ff0c67408c5 100644 --- a/htdocs/core/modules/modAdherent.class.php +++ b/htdocs/core/modules/modAdherent.class.php @@ -344,6 +344,9 @@ class modAdherent extends DolibarrModules 'a.email'=>"Email", 'a.birth'=>"Birthday", 'a.statut'=>"Status*", 'a.photo'=>"Photo", 'a.note_public'=>"NotePublic", 'a.note_private'=>"NotePrivate", 'a.datec'=>'DateCreation', 'a.datefin'=>'DateEndSubscription' ); + if (!empty($conf->societe->enabled)) { + $this->import_fields_array[$r]['a.fk_soc'] = "ThirdParty"; + } // Add extra fields $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'adherent' AND entity IN (0,".$conf->entity.")"; $resql = $this->db->query($sql); @@ -355,16 +358,23 @@ class modAdherent extends DolibarrModules } } // End add extra fields + $this->import_convertvalue_array[$r] = array(); + if (!empty($conf->societe->enabled)) { + $this->import_convertvalue_array[$r]['a.fk_soc'] = array('rule'=>'fetchidfromref', 'classfile'=>'/societe/class/societe.class.php', 'class'=>'Societe', 'method'=>'fetch', 'element'=>'ThirdParty'); + } $this->import_fieldshidden_array[$r] = array('extra.fk_object'=>'lastrowid-'.MAIN_DB_PREFIX.'adherent'); // aliastable.field => ('user->id' or 'lastrowid-'.tableparent) $this->import_regex_array[$r] = array( 'a.civility'=>'code@'.MAIN_DB_PREFIX.'c_civility', 'a.fk_adherent_type'=>'rowid@'.MAIN_DB_PREFIX.'adherent_type', 'a.morphy'=>'(phy|mor)', 'a.statut'=>'^[0|1]', 'a.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', 'a.datefin'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$'); $this->import_examplevalues_array[$r] = array( - 'a.civility'=>"MR", 'a.lastname'=>'Smith', 'a.firstname'=>'John', 'a.login'=>'jsmith', 'a.pass'=>'passofjsmith', 'a.fk_adherent_type'=>'1', + 'a.civility'=>"MR", 'a.lastname'=>'Smith', 'a.firstname'=>'John', 'a.gender'=>'man or woman', 'a.login'=>'jsmith', 'a.pass'=>'passofjsmith', 'a.fk_adherent_type'=>'1', 'a.morphy'=>'"mor" or "phy"', 'a.societe'=>'JS company', 'a.address'=>'21 jump street', 'a.zip'=>'55000', 'a.town'=>'New York', 'a.country'=>'1', 'a.email'=>'jsmith@example.com', 'a.birth'=>'1972-10-10', 'a.statut'=>"0 or 1", 'a.note_public'=>"This is a public comment on member", 'a.note_private'=>"This is private comment on member", 'a.datec'=>dol_print_date($now, '%Y-%m__%d'), 'a.datefin'=>dol_print_date(dol_time_plus_duree($now, 1, 'y'), '%Y-%m-%d') ); + if (!empty($conf->societe->enabled)) { + $this->import_examplevalues_array[$r]['a.fk_soc'] = "rowid or name"; + } // Cronjobs $arraydate = dol_getdate(dol_now()); @@ -421,8 +431,8 @@ class modAdherent extends DolibarrModules }*/ $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type='member' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','member',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type='member' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','member',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modBlockedLog.class.php b/htdocs/core/modules/modBlockedLog.class.php index 9a90fa945bb..0c645099f56 100644 --- a/htdocs/core/modules/modBlockedLog.class.php +++ b/htdocs/core/modules/modBlockedLog.class.php @@ -170,9 +170,9 @@ class modBlockedLog extends DolibarrModules $sql = array(); // If already used, we add an entry to show we enable module - require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/blockedlog.class.php'; + require_once DOL_DOCUMENT_ROOT . '/blockedlog/class/blockedlog.class.php'; - $object = new stdClass(); + $object = new stdClass(); $object->id = 1; $object->element = 'module'; $object->ref = 'systemevent'; diff --git a/htdocs/core/modules/modBom.class.php b/htdocs/core/modules/modBom.class.php index 18f46fda70f..71b40d5f19c 100644 --- a/htdocs/core/modules/modBom.class.php +++ b/htdocs/core/modules/modBom.class.php @@ -503,8 +503,8 @@ class modBom extends DolibarrModules } $sql = array( - //"DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape('standard')."' AND type = 'bom' AND entity = ".$conf->entity, - //"INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape('standard')."', 'bom', ".$conf->entity.")" + //"DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape('standard')."' AND type = 'bom' AND entity = ".((int) $conf->entity), + //"INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape('standard')."', 'bom', ".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modCategorie.class.php b/htdocs/core/modules/modCategorie.class.php index 4f97eed58f0..776c5c76681 100644 --- a/htdocs/core/modules/modCategorie.class.php +++ b/htdocs/core/modules/modCategorie.class.php @@ -501,7 +501,7 @@ class modCategorie extends DolibarrModules 'cs.fk_categorie'=>array('rule'=>'fetchidfromref', 'classfile'=>'/categories/class/categorie.class.php', 'class'=>'Categorie', 'method'=>'fetch', 'element'=>'category'), 'cs.fk_soc'=>array('rule'=>'fetchidfromref', 'classfile'=>'/societe/class/societe.class.php', 'class'=>'Societe', 'method'=>'fetch', 'element'=>'ThirdParty') ); - $this->import_examplevalues_array[$r] = array('cs.fk_categorie'=>"rowid or label", 'cs.fk_soc'=>"rowid or ref"); + $this->import_examplevalues_array[$r] = array('cs.fk_categorie'=>"rowid or label", 'cs.fk_soc'=>"rowid or name"); } // 2 Customers @@ -522,7 +522,7 @@ class modCategorie extends DolibarrModules 'cs.fk_categorie'=>array('rule'=>'fetchidfromref', 'classfile'=>'/categories/class/categorie.class.php', 'class'=>'Categorie', 'method'=>'fetch', 'element'=>'category'), 'cs.fk_soc'=>array('rule'=>'fetchidfromref', 'classfile'=>'/societe/class/societe.class.php', 'class'=>'Societe', 'method'=>'fetch', 'element'=>'ThirdParty') ); - $this->import_examplevalues_array[$r] = array('cs.fk_categorie'=>"rowid or label", 'cs.fk_soc'=>"rowid or ref"); + $this->import_examplevalues_array[$r] = array('cs.fk_categorie'=>"rowid or label", 'cs.fk_soc'=>"rowid or name"); } // 3 Members diff --git a/htdocs/core/modules/modCommande.class.php b/htdocs/core/modules/modCommande.class.php index 4275d806d40..d9d30e8b7a1 100644 --- a/htdocs/core/modules/modCommande.class.php +++ b/htdocs/core/modules/modCommande.class.php @@ -466,8 +466,8 @@ class modCommande extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','order',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."', 'order', ".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modContrat.class.php b/htdocs/core/modules/modContrat.class.php index f91e54039f4..2fc0c7f1e0d 100644 --- a/htdocs/core/modules/modContrat.class.php +++ b/htdocs/core/modules/modContrat.class.php @@ -33,7 +33,6 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; */ class modContrat extends DolibarrModules { - /** * Constructor. Define names, constants, directories, boxes, permissions * @@ -246,8 +245,8 @@ class modContrat extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'contract' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','contract',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'contract' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."', 'contract', ".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modDon.class.php b/htdocs/core/modules/modDon.class.php index 7d8a8fc9455..da7ee6c5e82 100644 --- a/htdocs/core/modules/modDon.class.php +++ b/htdocs/core/modules/modDon.class.php @@ -156,8 +156,8 @@ class modDon extends DolibarrModules global $conf; $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'donation' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','donation',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'donation' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','donation',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modEmailCollector.class.php b/htdocs/core/modules/modEmailCollector.class.php index 53223ecd705..566d050aacd 100644 --- a/htdocs/core/modules/modEmailCollector.class.php +++ b/htdocs/core/modules/modEmailCollector.class.php @@ -264,16 +264,6 @@ class modEmailCollector extends DolibarrModules public function init($options = '') { global $conf, $user; - //$this->_load_tables('/dav/sql/'); - - // Create extrafields - //include_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; - //$extrafields = new ExtraFields($this->db); - //$result1=$extrafields->addExtraField('myattr1', "New Attr 1 label", 'boolean', 1, 3, 'thirdparty', 0, 0, '', '', 1, '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); - //$result2=$extrafields->addExtraField('myattr2', "New Attr 2 label", 'varchar', 1, 10, 'project', 0, 0, '', '', 1, '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); - //$result3=$extrafields->addExtraField('myattr3', "New Attr 3 label", 'varchar', 1, 10, 'bank_account', 0, 0, '', '', 1, '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); - //$result4=$extrafields->addExtraField('myattr4', "New Attr 4 label", 'select', 1, 3, 'thirdparty', 0, 1, '', array('options'=>array('code1'=>'Val1','code2'=>'Val2','code3'=>'Val3')), 1 '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); - //$result5=$extrafields->addExtraField('myattr5', "New Attr 5 label", 'text', 1, 10, 'user', 0, 0, '', '', 1, '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); $sql = array(); @@ -285,17 +275,17 @@ class modEmailCollector extends DolibarrModules $descriptionA1 .= ' If the collector Collect_Responses is also enabled, when you send an email from the ticket, you may also see answers of your customers or partners directly on the ticket view.'; $sqlforexampleA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleA1 .= " VALUES (".$conf->entity.", 'Collect_Ticket_Requets', 'Example to collect ticket requests', '".$this->db->escape($descriptionA1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleA1 .= " VALUES (".$conf->entity.", 'Collect_Ticket_Requets', 'Example to collect ticket requests', '".$this->db->escape($descriptionA1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleFilterA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterA2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterA3 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, rulevalue, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'to', 'support@example.com', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'to', 'support@example.com', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleA4 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleA4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'ticket', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleA4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'ticket', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleA1; $sql[] = $sqlforexampleFilterA1; @@ -314,14 +304,14 @@ class modEmailCollector extends DolibarrModules $descriptionA1 = 'This collector will scan your mailbox "Sent" directory to find emails that was sent as an answer of another email directly from your email software and not from Dolibarr. If such an email is found, the event of answer is recorded into Dolibarr.'; $sqlforexampleA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleA1 .= " VALUES (".$conf->entity.", 'Collect_Responses_Out', 'Example to collect answers to emails done from your external email software', '".$this->db->escape($descriptionA1)."', 'Sent', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleA1 .= " VALUES (".$conf->entity.", 'Collect_Responses_Out', 'Example to collect answers to emails done from your external email software', '".$this->db->escape($descriptionA1)."', 'Sent', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleFilterA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".$conf->entity."), 'isanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".((int) $conf->entity)."), 'isanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterA2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".$conf->entity."), 'withouttrackingidinmsgid', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".((int) $conf->entity)."), 'withouttrackingidinmsgid', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleActionA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleActionA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".$conf->entity."), 'recordevent', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleActionA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".((int) $conf->entity)."), 'recordevent', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleA1; $sql[] = $sqlforexampleFilterA1; @@ -330,18 +320,18 @@ class modEmailCollector extends DolibarrModules } } - $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".$conf->entity; + $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".((int) $conf->entity); $tmpresql = $this->db->query($tmpsql); if ($tmpresql) { if ($this->db->num_rows($tmpresql) == 0) { $descriptionB1 = 'This collector will scan your mailbox to find all emails that are an answer of an email sent from your application. An event (Module Agenda must be enabled) with the email response will be recorded at the good place. For example, if your send a commercial proposal, order, invoice or message for a ticket by email from the application, and your customer answers your email, the system will automatically catch the answer and add it into your ERP.'; $sqlforexampleB1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleB1 .= " VALUES (".$conf->entity.", 'Collect_Responses_In', 'Example to collect any received email that is a response of an email sent from Dolibarr', '".$this->db->escape($descriptionB1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleB1 .= " VALUES (".$conf->entity.", 'Collect_Responses_In', 'Example to collect any received email that is a response of an email sent from Dolibarr', '".$this->db->escape($descriptionB1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleB2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleB2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".$conf->entity."), 'isanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleB2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".((int) $conf->entity)."), 'isanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleB3 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleB3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".$conf->entity."), 'recordevent', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleB3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".((int) $conf->entity)."), 'recordevent', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleB1; $sql[] = $sqlforexampleB2; @@ -351,7 +341,7 @@ class modEmailCollector extends DolibarrModules dol_print_error($this->db); } - $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity; + $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity); $tmpresql = $this->db->query($tmpsql); if ($tmpresql) { if ($this->db->num_rows($tmpresql) == 0) { @@ -360,17 +350,17 @@ class modEmailCollector extends DolibarrModules $descriptionC1 .= "Note: With this initial example, the title of the lead is generated including the email. If the thirdparty can't be found in database (new customer), the lead will be attached to the thirdparty with ID 1."; $sqlforexampleC1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleC1 .= " VALUES (".$conf->entity.", 'Collect_Leads', 'Example to collect leads', '".$this->db->escape($descriptionC1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleC1 .= " VALUES (".$conf->entity.", 'Collect_Leads', 'Example to collect leads', '".$this->db->escape($descriptionC1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleFilterC1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity)."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterC2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity)."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterC3 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, rulevalue, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity."), 'to', 'sales@example.com', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity)."), 'to', 'sales@example.com', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleC4 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, actionparam, date_creation, fk_user_creat, status)"; - $sqlforexampleC4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity."), 'project', 'tmp_from=EXTRACT:HEADER:^From:(.*);socid=SETIFEMPTY:1;usage_opportunity=SET:1;description=EXTRACT:BODY:(.*);title=SET:Lead or message from __tmp_from__ received by email', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleC4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity)."), 'project', 'tmp_from=EXTRACT:HEADER:^From:(.*);socid=SETIFEMPTY:1;usage_opportunity=SET:1;description=EXTRACT:BODY:(.*);title=SET:Lead or message from __tmp_from__ received by email', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleC1; $sql[] = $sqlforexampleFilterC1; @@ -382,7 +372,7 @@ class modEmailCollector extends DolibarrModules dol_print_error($this->db); } - $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity; + $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity); $tmpresql = $this->db->query($tmpsql); if ($tmpresql) { if ($this->db->num_rows($tmpresql) == 0) { @@ -390,17 +380,17 @@ class modEmailCollector extends DolibarrModules $descriptionC1 .= "Note: With this initial example, the title of the candidature is generated including the email."; $sqlforexampleC1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleC1 .= " VALUES (".$conf->entity.", 'Collect_Candidatures', 'Example to collect email for job candidatures', '".$this->db->escape($descriptionC1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleC1 .= " VALUES (".$conf->entity.", 'Collect_Candidatures', 'Example to collect email for job candidatures', '".$this->db->escape($descriptionC1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleFilterC1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity)."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterC2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity)."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterC3 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, rulevalue, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity."), 'to', 'jobs@example.com', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity)."), 'to', 'jobs@example.com', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleC4 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, actionparam, date_creation, fk_user_creat, status)"; - $sqlforexampleC4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity."), 'candidature', 'tmp_from=EXTRACT:HEADER:^From:(.*)(<.*>)?;fk_recruitmentjobposition=EXTRACT:HEADER:^To:[^\n]*\+([^\n]*);description=EXTRACT:BODY:(.*);lastname=SET:__tmp_from__', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleC4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity)."), 'candidature', 'tmp_from=EXTRACT:HEADER:^From:(.*)(<.*>)?;fk_recruitmentjobposition=EXTRACT:HEADER:^To:[^\n]*\+([^\n]*);description=EXTRACT:BODY:(.*);lastname=SET:__tmp_from__', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleC1; $sql[] = $sqlforexampleFilterC1; diff --git a/htdocs/core/modules/modEventOrganization.class.php b/htdocs/core/modules/modEventOrganization.class.php index 4ba73d4fe2c..8a3fb3d80cf 100644 --- a/htdocs/core/modules/modEventOrganization.class.php +++ b/htdocs/core/modules/modEventOrganization.class.php @@ -387,10 +387,10 @@ class modEventOrganization extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".$this->db->escape(strtolower($myTmpObjectKey))."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/modExpedition.class.php b/htdocs/core/modules/modExpedition.class.php index 238eef2d6fe..c10e13a46d8 100644 --- a/htdocs/core/modules/modExpedition.class.php +++ b/htdocs/core/modules/modExpedition.class.php @@ -359,10 +359,10 @@ class modExpedition extends DolibarrModules $sql = array(); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'shipping' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','shipping',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'delivery' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','delivery',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'shipping' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','shipping',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'delivery' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','delivery',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modExpenseReport.class.php b/htdocs/core/modules/modExpenseReport.class.php index 63bc99f41ee..53708ece3dd 100644 --- a/htdocs/core/modules/modExpenseReport.class.php +++ b/htdocs/core/modules/modExpenseReport.class.php @@ -249,8 +249,8 @@ class modExpenseReport extends DolibarrModules $this->remove($options); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard' AND type='expensereport' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard','expensereport',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard' AND type='expensereport' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard','expensereport',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modFacture.class.php b/htdocs/core/modules/modFacture.class.php index bb044900acd..2fadb5d86ae 100644 --- a/htdocs/core/modules/modFacture.class.php +++ b/htdocs/core/modules/modFacture.class.php @@ -458,8 +458,8 @@ class modFacture extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'invoice' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','invoice',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'invoice' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','invoice',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modFckeditor.class.php b/htdocs/core/modules/modFckeditor.class.php index 7742051989e..94912030a56 100644 --- a/htdocs/core/modules/modFckeditor.class.php +++ b/htdocs/core/modules/modFckeditor.class.php @@ -63,7 +63,7 @@ class modFckeditor extends DolibarrModules $this->config_page_url = array("fckeditor.php"); // Dependencies - $this->disabled = (in_array(constant('JS_CKEDITOR'), array('disabled', 'disabled/')) ? 1 : 0); // A condition to disable module (used for native debian packages) + $this->disabled = in_array(constant('JS_CKEDITOR'), array('disabled', 'disabled/')); $this->depends = array(); $this->requiredby = array('modWebsites'); diff --git a/htdocs/core/modules/modFicheinter.class.php b/htdocs/core/modules/modFicheinter.class.php index af99e6f646f..356b9ca6f51 100644 --- a/htdocs/core/modules/modFicheinter.class.php +++ b/htdocs/core/modules/modFicheinter.class.php @@ -77,6 +77,11 @@ class modFicheinter extends DolibarrModules $this->const = array(); $r = 0; + if (!isset($conf->ficheinter) || !isset($conf->ficheinter->enabled)) { + $conf->ficheinter = new stdClass(); + $conf->ficheinter->enabled = 0; + } + $this->const[$r][0] = "FICHEINTER_ADDON_PDF"; $this->const[$r][1] = "chaine"; $this->const[$r][2] = "soleil"; @@ -231,8 +236,8 @@ class modFicheinter extends DolibarrModules $this->remove($options); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'ficheinter' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','ficheinter',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'ficheinter' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','ficheinter',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modFournisseur.class.php b/htdocs/core/modules/modFournisseur.class.php index 5d71a5abdc8..a36f219007b 100644 --- a/htdocs/core/modules/modFournisseur.class.php +++ b/htdocs/core/modules/modFournisseur.class.php @@ -353,7 +353,7 @@ class modFournisseur extends DolibarrModules $this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid AND f.rowid = fd.fk_facture_fourn'; $this->export_sql_end[$r] .= ' AND f.entity IN ('.getEntity('supplier_invoice').')'; if (is_object($user) && empty($user->rights->societe->client->voir)) { - $this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id; + $this->export_sql_end[$r] .= ' AND sc.fk_user = '.((int) $user->id); } $r++; @@ -417,7 +417,7 @@ class modFournisseur extends DolibarrModules $this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid'; $this->export_sql_end[$r] .= ' AND f.entity IN ('.getEntity('supplier_invoice').')'; if (is_object($user) && empty($user->rights->societe->client->voir)) { - $this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id; + $this->export_sql_end[$r] .= ' AND sc.fk_user = '.((int) $user->id); } // Order @@ -493,7 +493,7 @@ class modFournisseur extends DolibarrModules $this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid AND f.rowid = fd.fk_commande'; $this->export_sql_end[$r] .= ' AND f.entity IN ('.getEntity('supplier_order').')'; if (is_object($user) && empty($user->rights->societe->client->voir)) { - $this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id; + $this->export_sql_end[$r] .= ' AND sc.fk_user = '.((int) $user->id); } //Import Supplier Invoice @@ -857,8 +857,8 @@ class modFournisseur extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order_supplier' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','order_supplier',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order_supplier' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."', 'order_supplier', ".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modHoliday.class.php b/htdocs/core/modules/modHoliday.class.php index be0b39ecc7e..63c76e24548 100644 --- a/htdocs/core/modules/modHoliday.class.php +++ b/htdocs/core/modules/modHoliday.class.php @@ -336,8 +336,8 @@ class modHoliday extends DolibarrModules */ $sql = array( - // "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'holiday' AND entity = ".$conf->entity, - // "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','holiday',".$conf->entity.")" + // "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'holiday' AND entity = ".((int) $conf->entity), + // "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','holiday',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modKnowledgeManagement.class.php b/htdocs/core/modules/modKnowledgeManagement.class.php index 6d9bef40232..5957158e893 100644 --- a/htdocs/core/modules/modKnowledgeManagement.class.php +++ b/htdocs/core/modules/modKnowledgeManagement.class.php @@ -474,10 +474,10 @@ class modKnowledgeManagement extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/modMrp.class.php b/htdocs/core/modules/modMrp.class.php index eb3baae78cd..1cfbd76caf7 100644 --- a/htdocs/core/modules/modMrp.class.php +++ b/htdocs/core/modules/modMrp.class.php @@ -352,8 +352,8 @@ class modMrp extends DolibarrModules } $sql = array( - //"DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape('standard')."' AND type = 'mo' AND entity = ".$conf->entity, - //"INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape('standard')."', 'mo', ".$conf->entity.")" + //"DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape('standard')."' AND type = 'mo' AND entity = ".((int) $conf->entity), + //"INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape('standard')."', 'mo', ".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modPartnership.class.php b/htdocs/core/modules/modPartnership.class.php index d7041eca754..a036613fcec 100644 --- a/htdocs/core/modules/modPartnership.class.php +++ b/htdocs/core/modules/modPartnership.class.php @@ -453,10 +453,10 @@ class modPartnership extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/modPrelevement.class.php b/htdocs/core/modules/modPrelevement.class.php index 8d68b372e91..a42d3c8b5a0 100644 --- a/htdocs/core/modules/modPrelevement.class.php +++ b/htdocs/core/modules/modPrelevement.class.php @@ -145,8 +145,8 @@ class modPrelevement extends DolibarrModules $this->remove($options); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'bankaccount' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','bankaccount',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'bankaccount' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','bankaccount',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modProjet.class.php b/htdocs/core/modules/modProjet.class.php index 25448f239e6..66138c584b5 100644 --- a/htdocs/core/modules/modProjet.class.php +++ b/htdocs/core/modules/modProjet.class.php @@ -366,12 +366,12 @@ class modProjet extends DolibarrModules } $sql = array(); - $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'task' AND entity = ".$conf->entity; - $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','task',".$conf->entity.")"; - $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'beluga' AND type = 'project' AND entity = ".$conf->entity; - $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('beluga','project',".$conf->entity.")"; - $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'baleine' AND type = 'project' AND entity = ".$conf->entity; - $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('baleine','project',".$conf->entity.")"; + $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'task' AND entity = ".((int) $conf->entity); + $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','task',".((int) $conf->entity).")"; + $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'beluga' AND type = 'project' AND entity = ".((int) $conf->entity); + $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('beluga','project',".((int) $conf->entity).")"; + $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'baleine' AND type = 'project' AND entity = ".((int) $conf->entity); + $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('baleine','project',".((int) $conf->entity).")"; return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modPropale.class.php b/htdocs/core/modules/modPropale.class.php index 83e2b5a0402..33a28c9ec11 100644 --- a/htdocs/core/modules/modPropale.class.php +++ b/htdocs/core/modules/modPropale.class.php @@ -470,8 +470,8 @@ class modPropale extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'propal' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','propal',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'propal' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','propal',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modReceiptPrinter.class.php b/htdocs/core/modules/modReceiptPrinter.class.php index ee87f4c57ba..1e26de93bcb 100644 --- a/htdocs/core/modules/modReceiptPrinter.class.php +++ b/htdocs/core/modules/modReceiptPrinter.class.php @@ -133,6 +133,7 @@ class modReceiptPrinter extends DolibarrModules public function init($options = '') { global $conf, $langs; + // Clean before activation $this->remove($options); @@ -140,8 +141,8 @@ class modReceiptPrinter extends DolibarrModules $sql = array( "CREATE TABLE IF NOT EXISTS ".MAIN_DB_PREFIX."printer_receipt (rowid integer AUTO_INCREMENT PRIMARY KEY, name varchar(128), fk_type integer, fk_profile integer, parameter varchar(128), entity integer) ENGINE=innodb;", "CREATE TABLE IF NOT EXISTS ".MAIN_DB_PREFIX."printer_receipt_template (rowid integer AUTO_INCREMENT PRIMARY KEY, name varchar(128), template text, entity integer) ENGINE=innodb;", - "DELETE FROM ".MAIN_DB_PREFIX."printer_receipt_template WHERE name = '".$langs->trans('Example')."';", - "INSERT INTO ".MAIN_DB_PREFIX."printer_receipt_template (name,template,entity) VALUES ('".$langs->trans('Example')."', '".$templateexample."', 1);", + "DELETE FROM ".MAIN_DB_PREFIX."printer_receipt_template WHERE name = '".$this->db->escape($langs->trans('Example'))."';", + "INSERT INTO ".MAIN_DB_PREFIX."printer_receipt_template (name,template,entity) VALUES ('".$this->db->escape($langs->trans('Example'))."', '".$this->db->escape($templateexample)."', 1);", ); return $this->_init($sql, $options); } diff --git a/htdocs/core/modules/modReception.class.php b/htdocs/core/modules/modReception.class.php index 02f17cf0fbe..4696f15019a 100644 --- a/htdocs/core/modules/modReception.class.php +++ b/htdocs/core/modules/modReception.class.php @@ -282,8 +282,8 @@ class modReception extends DolibarrModules $sql = array(); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'reception' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','reception',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'reception' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','reception',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modRecruitment.class.php b/htdocs/core/modules/modRecruitment.class.php index 3d4e88872ef..02e7cdfbf4c 100644 --- a/htdocs/core/modules/modRecruitment.class.php +++ b/htdocs/core/modules/modRecruitment.class.php @@ -448,10 +448,10 @@ class modRecruitment extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".$this->db->escape(strtolower($myTmpObjectKey))."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index af4fb9e64b8..eed6871c465 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -340,7 +340,7 @@ class modSociete extends DolibarrModules $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as incoterm ON s.fk_incoterms = incoterm.rowid'; $this->export_sql_end[$r] .= ' WHERE s.entity IN ('.getEntity('societe').')'; if (is_object($user) && empty($user->rights->societe->client->voir)) { - $this->export_sql_end[$r] .= ' AND (sc.fk_user = '.$user->id.' '; + $this->export_sql_end[$r] .= ' AND (sc.fk_user = '.((int) $user->id).' '; if (!empty($conf->global->SOCIETE_EXPORT_SUBORDINATES_CHILDS)) { $subordinatesids = $user->getAllChildIds(); $this->export_sql_end[$r] .= count($subordinatesids) > 0 ? ' OR (sc.fk_user IN ('.$this->db->sanitize(implode(',', $subordinatesids)).')' : ''; @@ -410,7 +410,7 @@ class modSociete extends DolibarrModules $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_typent as t ON s.fk_typent = t.id'; $this->export_sql_end[$r] .= ' WHERE c.entity IN ('.getEntity('socpeople').')'; if (is_object($user) && empty($user->rights->societe->client->voir)) { - $this->export_sql_end[$r] .= ' AND (sc.fk_user = '.$user->id.' '; + $this->export_sql_end[$r] .= ' AND (sc.fk_user = '.((int) $user->id).' '; if (!empty($conf->global->SOCIETE_EXPORT_SUBORDINATES_CHILDS)) { $subordinatesids = $user->getAllChildIds(); $this->export_sql_end[$r] .= count($subordinatesids) > 0 ? ' OR (sc.fk_user IN ('.$this->db->sanitize(implode(',', $subordinatesids)).')' : ''; diff --git a/htdocs/core/modules/modStock.class.php b/htdocs/core/modules/modStock.class.php index 3494cb684dc..d0cfa64c884 100644 --- a/htdocs/core/modules/modStock.class.php +++ b/htdocs/core/modules/modStock.class.php @@ -35,7 +35,6 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; */ class modStock extends DolibarrModules { - /** * Constructor. Define names, constants, directories, boxes, permissions * @@ -454,10 +453,10 @@ class modStock extends DolibarrModules $sql = array(); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'stock' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','stock',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[2][2])."' AND type = 'mouvement' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[2][2])."','mouvement',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'stock' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','stock',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[2][2])."' AND type = 'mouvement' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[2][2])."','mouvement',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modSupplierProposal.class.php b/htdocs/core/modules/modSupplierProposal.class.php index 4a0fc21fa44..36df0dd27bd 100644 --- a/htdocs/core/modules/modSupplierProposal.class.php +++ b/htdocs/core/modules/modSupplierProposal.class.php @@ -179,8 +179,8 @@ class modSupplierProposal extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'supplier_proposal' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','supplier_proposal',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'supplier_proposal' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','supplier_proposal',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modTicket.class.php b/htdocs/core/modules/modTicket.class.php index 78bcb9901af..01561b40b01 100644 --- a/htdocs/core/modules/modTicket.class.php +++ b/htdocs/core/modules/modTicket.class.php @@ -344,8 +344,8 @@ class modTicket extends DolibarrModules array("sql" => "insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (110121, 'ticket', 'internal', 'CONTRIBUTOR', 'Intervenant', 1);", "ignoreerror" => 1), array("sql" => "insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (110122, 'ticket', 'external', 'SUPPORTCLI', 'Contact client suivi incident', 1);", "ignoreerror" => 1), array("sql" => "insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (110123, 'ticket', 'external', 'CONTRIBUTOR', 'Intervenant', 1);", "ignoreerror" => 1), - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'TICKET_ADDON_PDF_ODT_PATH' AND type = 'ticket' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('TICKET_ADDON_PDF_ODT_PATH','ticket',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'TICKET_ADDON_PDF_ODT_PATH' AND type = 'ticket' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('TICKET_ADDON_PDF_ODT_PATH','ticket',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modUser.class.php b/htdocs/core/modules/modUser.class.php index 01303892435..e54ac7bd440 100644 --- a/htdocs/core/modules/modUser.class.php +++ b/htdocs/core/modules/modUser.class.php @@ -322,7 +322,7 @@ class modUser extends DolibarrModules 'u.birth'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$' ); $this->import_examplevalues_array[$r] = array( - 'u.lastname'=>"Doe", 'u.firstname'=>'John', 'u.login'=>'jdoe', 'u.employee'=>'0 or 1', 'u.job'=>'CTO', 'u.gender'=>'0 or 1', + 'u.lastname'=>"Doe", 'u.firstname'=>'John', 'u.login'=>'jdoe', 'u.employee'=>'0 or 1', 'u.job'=>'CTO', 'u.gender'=>'man or woman', 'u.pass_crypted'=>'Encrypted password', 'u.fk_soc'=>'0 (internal user) or company name (external user)', 'u.datec'=>dol_print_date(dol_now(), '%Y-%m-%d'), 'u.address'=>"61 jump street", 'u.zip'=>"123456", 'u.town'=>"Big town", 'u.fk_country'=>'US, FR, DE...', 'u.office_phone'=>"0101010101", 'u.office_fax'=>"0101010102", diff --git a/htdocs/core/modules/modWorkstation.class.php b/htdocs/core/modules/modWorkstation.class.php index 8e2d676bf27..3069be8ced5 100755 --- a/htdocs/core/modules/modWorkstation.class.php +++ b/htdocs/core/modules/modWorkstation.class.php @@ -435,10 +435,10 @@ class modWorkstation extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".$this->db->escape(strtolower($myTmpObjectKey))."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/movement/doc/pdf_standard.modules.php b/htdocs/core/modules/movement/doc/pdf_standard.modules.php index e029c4d5d66..528f45ee962 100644 --- a/htdocs/core/modules/movement/doc/pdf_standard.modules.php +++ b/htdocs/core/modules/movement/doc/pdf_standard.modules.php @@ -278,7 +278,7 @@ class pdf_stdandard extends ModelePDFMovement // Add fields from extrafields if (!empty($extrafields->attributes[$element]['label'])) { foreach ($extrafields->attributes[$element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/core/modules/mrp/doc/doc_generic_mo_odt.modules.php b/htdocs/core/modules/mrp/doc/doc_generic_mo_odt.modules.php index e93ecd1af0a..b6ad4c6b8ff 100644 --- a/htdocs/core/modules/mrp/doc/doc_generic_mo_odt.modules.php +++ b/htdocs/core/modules/mrp/doc/doc_generic_mo_odt.modules.php @@ -158,7 +158,7 @@ class doc_generic_mo_odt extends ModelePDFMo $texte .= $conf->global->MRP_MO_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/mrp/mod_mo_advanced.php b/htdocs/core/modules/mrp/mod_mo_advanced.php index 14292f7f896..ba518159dbf 100644 --- a/htdocs/core/modules/mrp/mod_mo_advanced.php +++ b/htdocs/core/modules/mrp/mod_mo_advanced.php @@ -82,7 +82,7 @@ class mod_mo_advanced extends ModeleNumRefMos $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/payment/mod_payment_ant.php b/htdocs/core/modules/payment/mod_payment_ant.php index dca32b26505..958074202fe 100644 --- a/htdocs/core/modules/payment/mod_payment_ant.php +++ b/htdocs/core/modules/payment/mod_payment_ant.php @@ -84,7 +84,7 @@ class mod_payment_ant extends ModeleNumRefPayments $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/printing/printgcp.modules.php b/htdocs/core/modules/printing/printgcp.modules.php index ace8a5da188..ec53b523336 100644 --- a/htdocs/core/modules/printing/printgcp.modules.php +++ b/htdocs/core/modules/printing/printgcp.modules.php @@ -334,7 +334,7 @@ class printing_printgcp extends PrintingDriver $fileprint .= '/'.$file; $mimetype = dol_mimetype($fileprint); // select printer uri for module order, propal,... - $sql = "SELECT rowid, printer_id, copy FROM ".MAIN_DB_PREFIX."printing WHERE module='".$this->db->escape($module)."' AND driver='printgcp' AND userid=".$user->id; + $sql = "SELECT rowid, printer_id, copy FROM ".MAIN_DB_PREFIX."printing WHERE module='".$this->db->escape($module)."' AND driver='printgcp' AND userid=".((int) $user->id); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); diff --git a/htdocs/core/modules/printing/printipp.modules.php b/htdocs/core/modules/printing/printipp.modules.php index b4d4c89b47f..0d824d2c7c0 100644 --- a/htdocs/core/modules/printing/printipp.modules.php +++ b/htdocs/core/modules/printing/printipp.modules.php @@ -148,7 +148,7 @@ class printing_printipp extends PrintingDriver } // select printer uri for module order, propal,... - $sql = "SELECT rowid,printer_id,copy FROM ".MAIN_DB_PREFIX."printing WHERE module = '".$this->db->escape($module)."' AND driver = 'printipp' AND userid = ".$user->id; + $sql = "SELECT rowid,printer_id,copy FROM ".MAIN_DB_PREFIX."printing WHERE module = '".$this->db->escape($module)."' AND driver = 'printipp' AND userid = ".((int) $user->id); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -309,7 +309,7 @@ class printing_printipp extends PrintingDriver $ipp->setAuthentication($this->user, $this->password); } // select printer uri for module order, propal,... - $sql = 'SELECT rowid,printer_uri,printer_name FROM '.MAIN_DB_PREFIX.'printer_ipp WHERE module="'.$module.'"'; + $sql = "SELECT rowid,printer_uri,printer_name FROM ".MAIN_DB_PREFIX."printer_ipp WHERE module = '".$this->db->escape($module)."'"; $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); diff --git a/htdocs/core/modules/product/doc/doc_generic_product_odt.modules.php b/htdocs/core/modules/product/doc/doc_generic_product_odt.modules.php index 1acf50dd95a..05eef305c37 100644 --- a/htdocs/core/modules/product/doc/doc_generic_product_odt.modules.php +++ b/htdocs/core/modules/product/doc/doc_generic_product_odt.modules.php @@ -161,7 +161,7 @@ class doc_generic_product_odt extends ModelePDFProduct $texte .= $conf->global->PRODUCT_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/product/mod_codeproduct_elephant.php b/htdocs/core/modules/product/mod_codeproduct_elephant.php index 0b03bd9b6a4..9e32dc38fab 100644 --- a/htdocs/core/modules/product/mod_codeproduct_elephant.php +++ b/htdocs/core/modules/product/mod_codeproduct_elephant.php @@ -118,7 +118,7 @@ class mod_codeproduct_elephant extends ModeleProductCode $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("ProductCodeModel").'):'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/product_batch/mod_lot_advanced.php b/htdocs/core/modules/product_batch/mod_lot_advanced.php index 8ee857bfbea..0e920483508 100644 --- a/htdocs/core/modules/product_batch/mod_lot_advanced.php +++ b/htdocs/core/modules/product_batch/mod_lot_advanced.php @@ -82,7 +82,7 @@ class mod_lot_advanced extends ModeleNumRefBatch $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; // Option to enable custom masks per product $texte .= ''; diff --git a/htdocs/core/modules/product_batch/mod_sn_advanced.php b/htdocs/core/modules/product_batch/mod_sn_advanced.php index 54c67291d9a..ca24a67c781 100644 --- a/htdocs/core/modules/product_batch/mod_sn_advanced.php +++ b/htdocs/core/modules/product_batch/mod_sn_advanced.php @@ -82,7 +82,7 @@ class mod_sn_advanced extends ModeleNumRefBatch $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; // Option to enable custom masks per product $texte .= ''; diff --git a/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php b/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php index 233180630b0..f86f5b55a9c 100644 --- a/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php +++ b/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php @@ -449,7 +449,7 @@ class doc_generic_project_odt extends ModelePDFProjects $texte .= $conf->global->PROJECT_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/project/mod_project_universal.php b/htdocs/core/modules/project/mod_project_universal.php index 480d19396c3..550d72c4f68 100644 --- a/htdocs/core/modules/project/mod_project_universal.php +++ b/htdocs/core/modules/project/mod_project_universal.php @@ -85,7 +85,7 @@ class mod_project_universal extends ModeleNumRefProjects $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php b/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php index 638ab70bb84..3890c6526bc 100644 --- a/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php +++ b/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php @@ -416,7 +416,7 @@ class doc_generic_task_odt extends ModelePDFTask $texte .= $conf->global->PROJECT_TASK_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/project/task/mod_task_universal.php b/htdocs/core/modules/project/task/mod_task_universal.php index 3a6ef89f3fb..6de02dcaf99 100644 --- a/htdocs/core/modules/project/task/mod_task_universal.php +++ b/htdocs/core/modules/project/task/mod_task_universal.php @@ -85,7 +85,7 @@ class mod_task_universal extends ModeleNumRefTask $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php b/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php index 9c7e0af4df0..bd2fcfa471f 100644 --- a/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php +++ b/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php @@ -160,7 +160,7 @@ class doc_generic_proposal_odt extends ModelePDFPropales $texte .= $conf->global->PROPALE_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/propale/doc/pdf_azur.modules.php b/htdocs/core/modules/propale/doc/pdf_azur.modules.php index 2045683661b..bf079c47b66 100644 --- a/htdocs/core/modules/propale/doc/pdf_azur.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_azur.modules.php @@ -1473,16 +1473,23 @@ class pdf_azur extends ModelePDFPropales $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); + $title .= ' '.$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $title .= ' - '.$outputlangs->transnoentities("NotValidated"); + } $pdf->MultiCell(100, 4, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); + /* $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + */ - $posy += 1; + $posy += 3; $pdf->SetFont('', '', $default_font_size - 2); if ($object->ref_client) { diff --git a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php index 7d8ada03ad5..97f76df31bb 100644 --- a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php @@ -1574,10 +1574,17 @@ class pdf_cyan extends ModelePDFPropales $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); + $title .= ' '.$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $title .= ' - '.$outputlangs->transnoentities("NotValidated"); + } + $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); + /* $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); @@ -1587,8 +1594,9 @@ class pdf_cyan extends ModelePDFPropales $textref .= ' - '.$outputlangs->transnoentities("NotValidated"); } $pdf->MultiCell($w, 4, $textref, '', 'R'); + */ - $posy += 1; + $posy += 3; $pdf->SetFont('', '', $default_font_size - 2); if ($object->ref_client) { diff --git a/htdocs/core/modules/propale/mod_propale_saphir.php b/htdocs/core/modules/propale/mod_propale_saphir.php index ce78f341319..af7579fb142 100644 --- a/htdocs/core/modules/propale/mod_propale_saphir.php +++ b/htdocs/core/modules/propale/mod_propale_saphir.php @@ -87,7 +87,7 @@ class mod_propale_saphir extends ModeleNumRefPropales $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/rapport/pdf_paiement.class.php b/htdocs/core/modules/rapport/pdf_paiement.class.php index 9f85aca1aff..5904db84398 100644 --- a/htdocs/core/modules/rapport/pdf_paiement.class.php +++ b/htdocs/core/modules/rapport/pdf_paiement.class.php @@ -206,7 +206,7 @@ class pdf_paiement $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { $sql .= " AND s.rowid = ".((int) $socid); @@ -241,13 +241,13 @@ class pdf_paiement if (!empty($conf->banque->enabled)) { $sql .= " AND p.fk_bank = b.rowid AND b.fk_account = ba.rowid "; } - $sql .= " AND f.entity = ".$conf->entity; + $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } // If global param PAYMENTS_FOURN_REPORT_GROUP_BY_MOD is set, payement fourn are ordered by paiement_code if (!empty($conf->global->PAYMENTS_FOURN_REPORT_GROUP_BY_MOD)) { diff --git a/htdocs/core/modules/reception/doc/doc_generic_reception_odt.modules.php b/htdocs/core/modules/reception/doc/doc_generic_reception_odt.modules.php index 93dbc4995b4..34d34ec3e19 100644 --- a/htdocs/core/modules/reception/doc/doc_generic_reception_odt.modules.php +++ b/htdocs/core/modules/reception/doc/doc_generic_reception_odt.modules.php @@ -153,7 +153,7 @@ class doc_generic_reception_odt extends ModelePdfReception $texte .= $conf->global->RECEPTION_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/reception/mod_reception_moonstone.php b/htdocs/core/modules/reception/mod_reception_moonstone.php index 0d0ced20eb4..e1a5669dc09 100644 --- a/htdocs/core/modules/reception/mod_reception_moonstone.php +++ b/htdocs/core/modules/reception/mod_reception_moonstone.php @@ -62,7 +62,7 @@ class mod_reception_moonstone extends ModelNumRefReception $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php b/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php index fdafb22e96b..8b8069ff34f 100644 --- a/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php +++ b/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php @@ -141,7 +141,7 @@ class doc_generic_odt extends ModeleThirdPartyDoc $texte .= ''; $texte .= ''; $texte .= '  '; - $texte .= ''; + $texte .= ''; $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/societe/mod_codeclient_elephant.php b/htdocs/core/modules/societe/mod_codeclient_elephant.php index 705564e7e8e..c18b768a724 100644 --- a/htdocs/core/modules/societe/mod_codeclient_elephant.php +++ b/htdocs/core/modules/societe/mod_codeclient_elephant.php @@ -134,7 +134,7 @@ class mod_codeclient_elephant extends ModeleThirdPartyCode $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("CustomerCodeModel").'):'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/societe/mod_codecompta_aquarium.php b/htdocs/core/modules/societe/mod_codecompta_aquarium.php index 752691b03b8..e03958e58bf 100644 --- a/htdocs/core/modules/societe/mod_codecompta_aquarium.php +++ b/htdocs/core/modules/societe/mod_codecompta_aquarium.php @@ -102,7 +102,7 @@ class mod_codecompta_aquarium extends ModeleAccountancyCode $texte .= $langs->trans('COMPANY_AQUARIUM_CLEAN_REGEX').' = '.$conf->global->COMPANY_AQUARIUM_CLEAN_REGEX."
\n"; } $texte .= ''; - $texte .= ''; + $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/societe/mod_codecompta_digitaria.php b/htdocs/core/modules/societe/mod_codecompta_digitaria.php index 56c5b8e8885..c4887f01383 100644 --- a/htdocs/core/modules/societe/mod_codecompta_digitaria.php +++ b/htdocs/core/modules/societe/mod_codecompta_digitaria.php @@ -125,7 +125,7 @@ class mod_codecompta_digitaria extends ModeleAccountancyCode $texte .= $langs->trans('COMPANY_DIGITARIA_UNIQUE_CODE').' = '.yn(1)."
\n"; } $texte .= ''; - $texte .= ''; + $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/stock/doc/doc_generic_stock_odt.modules.php b/htdocs/core/modules/stock/doc/doc_generic_stock_odt.modules.php index 5ca5019588a..2e48160d038 100644 --- a/htdocs/core/modules/stock/doc/doc_generic_stock_odt.modules.php +++ b/htdocs/core/modules/stock/doc/doc_generic_stock_odt.modules.php @@ -155,7 +155,7 @@ class doc_generic_stock_odt extends ModelePDFStock $texte .= $conf->global->STOCK_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/stock/doc/pdf_standard.modules.php b/htdocs/core/modules/stock/doc/pdf_standard.modules.php index ebc109151d6..5374245cea4 100644 --- a/htdocs/core/modules/stock/doc/pdf_standard.modules.php +++ b/htdocs/core/modules/stock/doc/pdf_standard.modules.php @@ -337,8 +337,8 @@ class pdf_standard extends ModelePDFStock if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sql = "SELECT label"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$objp->rowid; - $sql .= " AND lang='".$this->db->escape($langs->getDefaultLang())."'"; + $sql .= " WHERE fk_product = ".((int) $objp->rowid); + $sql .= " AND lang = '".$this->db->escape($langs->getDefaultLang())."'"; $sql .= " LIMIT 1"; $result = $this->db->query($sql); diff --git a/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php b/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php index 57d5798c29e..5fc2737957f 100644 --- a/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php +++ b/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php @@ -95,7 +95,7 @@ class mod_facture_fournisseur_tulip extends ModeleNumRefSuppliersInvoices $texte .= ':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/supplier_order/doc/doc_generic_supplier_order_odt.modules.php b/htdocs/core/modules/supplier_order/doc/doc_generic_supplier_order_odt.modules.php index 3a2775bef82..49ba1ec6cdf 100644 --- a/htdocs/core/modules/supplier_order/doc/doc_generic_supplier_order_odt.modules.php +++ b/htdocs/core/modules/supplier_order/doc/doc_generic_supplier_order_odt.modules.php @@ -159,7 +159,7 @@ class doc_generic_supplier_order_odt extends ModelePDFSuppliersOrders $texte .= $conf->global->SUPPLIER_ORDER_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php b/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php index c691b1448ef..473664cb44c 100644 --- a/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php +++ b/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php @@ -87,7 +87,7 @@ class mod_commande_fournisseur_orchidee extends ModeleNumRefSuppliersOrders $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php b/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php index 19e632a6264..0bc0543e6cd 100644 --- a/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php +++ b/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php @@ -84,7 +84,7 @@ class mod_supplier_payment_brodator extends ModeleNumRefSupplierPayments $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/supplier_proposal/doc/doc_generic_supplier_proposal_odt.modules.php b/htdocs/core/modules/supplier_proposal/doc/doc_generic_supplier_proposal_odt.modules.php index 717818448ec..8cd572a1bcf 100644 --- a/htdocs/core/modules/supplier_proposal/doc/doc_generic_supplier_proposal_odt.modules.php +++ b/htdocs/core/modules/supplier_proposal/doc/doc_generic_supplier_proposal_odt.modules.php @@ -162,7 +162,7 @@ class doc_generic_supplier_proposal_odt extends ModelePDFSupplierProposal $texte .= $conf->global->SUPPLIER_PROPOSAL_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/supplier_proposal/mod_supplier_proposal_saphir.php b/htdocs/core/modules/supplier_proposal/mod_supplier_proposal_saphir.php index 3b8754d9928..e7db54062cb 100644 --- a/htdocs/core/modules/supplier_proposal/mod_supplier_proposal_saphir.php +++ b/htdocs/core/modules/supplier_proposal/mod_supplier_proposal_saphir.php @@ -87,7 +87,7 @@ class mod_supplier_proposal_saphir extends ModeleNumRefSupplierProposal $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/takepos/mod_takepos_ref_universal.php b/htdocs/core/modules/takepos/mod_takepos_ref_universal.php index d103dbe3b0b..b3d26b39511 100644 --- a/htdocs/core/modules/takepos/mod_takepos_ref_universal.php +++ b/htdocs/core/modules/takepos/mod_takepos_ref_universal.php @@ -81,7 +81,7 @@ class mod_takepos_ref_universal extends ModeleNumRefTakepos $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/ticket/doc/doc_generic_ticket_odt.modules.php b/htdocs/core/modules/ticket/doc/doc_generic_ticket_odt.modules.php index 2e6172d4181..82ce006447e 100644 --- a/htdocs/core/modules/ticket/doc/doc_generic_ticket_odt.modules.php +++ b/htdocs/core/modules/ticket/doc/doc_generic_ticket_odt.modules.php @@ -150,7 +150,7 @@ class doc_generic_ticket_odt extends ModelePDFTicket $texte .= $conf->global->TICKET_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/ticket/mod_ticket_universal.php b/htdocs/core/modules/ticket/mod_ticket_universal.php index f60b1f16481..176af782dc7 100644 --- a/htdocs/core/modules/ticket/mod_ticket_universal.php +++ b/htdocs/core/modules/ticket/mod_ticket_universal.php @@ -83,7 +83,7 @@ class mod_ticket_universal extends ModeleNumRefTicket $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/user/doc/doc_generic_user_odt.modules.php b/htdocs/core/modules/user/doc/doc_generic_user_odt.modules.php index 7ca8d29c380..7e07539aa8e 100644 --- a/htdocs/core/modules/user/doc/doc_generic_user_odt.modules.php +++ b/htdocs/core/modules/user/doc/doc_generic_user_odt.modules.php @@ -159,7 +159,7 @@ class doc_generic_user_odt extends ModelePDFUser $texte .= $conf->global->USER_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/usergroup/doc/doc_generic_usergroup_odt.modules.php b/htdocs/core/modules/usergroup/doc/doc_generic_usergroup_odt.modules.php index 5a1bca6377d..cf91120d3f8 100644 --- a/htdocs/core/modules/usergroup/doc/doc_generic_usergroup_odt.modules.php +++ b/htdocs/core/modules/usergroup/doc/doc_generic_usergroup_odt.modules.php @@ -162,7 +162,7 @@ class doc_generic_usergroup_odt extends ModelePDFUserGroup $texte .= $conf->global->USERGROUP_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/workstation/mod_workstation_advanced.php b/htdocs/core/modules/workstation/mod_workstation_advanced.php index bf783542c75..2f1a8ae9d71 100755 --- a/htdocs/core/modules/workstation/mod_workstation_advanced.php +++ b/htdocs/core/modules/workstation/mod_workstation_advanced.php @@ -82,7 +82,7 @@ class mod_workstation_advanced extends ModeleNumRefWorkstation $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/tpl/bloc_comment.tpl.php b/htdocs/core/tpl/bloc_comment.tpl.php index f30bb0c5c61..a868bb61879 100644 --- a/htdocs/core/tpl/bloc_comment.tpl.php +++ b/htdocs/core/tpl/bloc_comment.tpl.php @@ -49,7 +49,7 @@ if ($action !== 'editcomment') { print ''; print ''; - print ''; + print ''; print ''; } diff --git a/htdocs/core/tpl/commonfields_edit.tpl.php b/htdocs/core/tpl/commonfields_edit.tpl.php index a56ca8d865a..abf3144de8f 100644 --- a/htdocs/core/tpl/commonfields_edit.tpl.php +++ b/htdocs/core/tpl/commonfields_edit.tpl.php @@ -81,7 +81,7 @@ foreach ($object->fields as $key => $val) { } elseif ($val['type'] == 'price') { $value = GETPOSTISSET($key) ? price2num(GETPOST($key)) : price2num($object->$key); } elseif ($key == 'lang') { - $value = GETPOSTISSET($key, 'aZ09') ? GETPOST($key, 'aZ09') : $object->lang; + $value = GETPOSTISSET($key) ? GETPOST($key, 'aZ09') : $object->lang; } else { $value = GETPOSTISSET($key) ? GETPOST($key, 'alpha') : $object->$key; } diff --git a/htdocs/core/tpl/commonfields_view.tpl.php b/htdocs/core/tpl/commonfields_view.tpl.php index b58d0526356..a9f4e084173 100644 --- a/htdocs/core/tpl/commonfields_view.tpl.php +++ b/htdocs/core/tpl/commonfields_view.tpl.php @@ -67,7 +67,11 @@ foreach ($object->fields as $key => $val) { if (!empty($val['help'])) { print $form->textwithpicto($langs->trans($val['label']), $langs->trans($val['help'])); } else { - print $langs->trans($val['label']); + if (isset($val['copytoclipboard']) && $val['copytoclipboard'] == 1) { + print showValueWithClipboardCPButton($value, 0, $langs->transnoentitiesnoconv($val['label'])); + } else { + print $langs->trans($val['label']); + } } print ''; print 'showOutputField($val, $key, $value, '', '', '', 0); + if (isset($val['copytoclipboard']) && $val['copytoclipboard'] == 2) { + $out = $object->showOutputField($val, $key, $value, '', '', '', 0); + print showValueWithClipboardCPButton($out, 0, $out); + } else { + print $object->showOutputField($val, $key, $value, '', '', '', 0); + } } //print dol_escape_htmltag($object->$key, 1, 1); if (in_array($val['type'], array('text', 'html'))) { diff --git a/htdocs/core/tpl/contacts.tpl.php b/htdocs/core/tpl/contacts.tpl.php index d0d4d25740c..00a38fde351 100644 --- a/htdocs/core/tpl/contacts.tpl.php +++ b/htdocs/core/tpl/contacts.tpl.php @@ -90,7 +90,7 @@ if ($permission) { ?>
trans("ThirdParty"); ?>
-
trans("Users").' | '.$langs->trans("Contacts"); ?>
+
trans("Users"), 'user', 'class="optiongrey paddingright"').$langs->trans("Users").' | '.img_picto($langs->trans("Contacts"), 'contact', 'class="optiongrey paddingright"').$langs->trans("Contacts"); ?>
trans("ContactType"); ?>
 
 
diff --git a/htdocs/core/tpl/extrafields_list_search_sql.tpl.php b/htdocs/core/tpl/extrafields_list_search_sql.tpl.php index 8b7ff9ac62c..4ba40384648 100644 --- a/htdocs/core/tpl/extrafields_list_search_sql.tpl.php +++ b/htdocs/core/tpl/extrafields_list_search_sql.tpl.php @@ -33,11 +33,11 @@ if (!empty($extrafieldsobjectkey) && !empty($search_array_options) && is_array($ $sql .= " AND ".$extrafieldsobjectprefix.$tmpkey." = '".$db->idate($crit)."'"; } elseif (is_array($crit)) { if ($crit['start'] !== '' && $crit['end'] !== '') { - $sql .= ' AND ('.$extrafieldsobjectprefix.$tmpkey." BETWEEN '". $db->idate($crit['start']). "' AND '".$db->idate($crit['end']) . "')"; + $sql .= " AND (".$extrafieldsobjectprefix.$tmpkey." BETWEEN '". $db->idate($crit['start']). "' AND '".$db->idate($crit['end']) . "')"; } elseif ($crit['start'] !== '') { - $sql .= ' AND ('.$extrafieldsobjectprefix.$tmpkey." >= '". $db->idate($crit['start'])."')"; + $sql .= " AND (".$extrafieldsobjectprefix.$tmpkey." >= '". $db->idate($crit['start'])."')"; } elseif ($crit['end'] !== '') { - $sql .= ' AND ('.$extrafieldsobjectprefix.$tmpkey." <= '". $db->idate($crit['end'])."')"; + $sql .= " AND (".$extrafieldsobjectprefix.$tmpkey." <= '". $db->idate($crit['end'])."')"; } } } elseif (in_array($typ, array('boolean'))) { diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index e87d6df18dc..3f2ab773b06 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -199,11 +199,13 @@ if (empty($reshook) && isset($extrafields->attributes[$object->table_element]['l if (($isdraft || !empty($extrafields->attributes[$object->table_element]['alwayseditable'][$tmpkeyextra])) && $permok && $enabled != 5 && ($action != 'edit_extras' || GETPOST('attribute') != $tmpkeyextra) && empty($extrafields->attributes[$object->table_element]['computed'][$tmpkeyextra])) { - $fieldid = 'id'; + $fieldid = empty($forcefieldid) ? 'id' : $forcefieldid; + $valueid = empty($forceobjectid) ? $object->id : $forceobjectid; if ($object->table_element == 'societe') { $fieldid = 'socid'; } - print ''.img_edit().''; + + print ''.img_edit().''; } print ''; print ''; diff --git a/htdocs/core/tpl/objectline_view.tpl.php b/htdocs/core/tpl/objectline_view.tpl.php index 3e8ef7ea411..b50ca83c6f6 100644 --- a/htdocs/core/tpl/objectline_view.tpl.php +++ b/htdocs/core/tpl/objectline_view.tpl.php @@ -79,6 +79,7 @@ if (!empty($conf->global->INVOICE_POSITIVE_CREDIT_NOTE_SCREEN) && in_array($obje $sign = -1; } + $coldisplay = 0; ?> @@ -163,32 +164,33 @@ if (($line->info_bits & 2) == 2) { // Show date range if ($line->element == 'facturedetrec') { if ($line->date_start_fill || $line->date_end_fill) { - print '
'; + print '

'; } if ($line->date_start_fill) { - print $langs->trans('AutoFillDateFromShort').': '.yn($line->date_start_fill); + print ''.$langs->trans('AutoFillDateFromShort').': '.yn($line->date_start_fill); } if ($line->date_start_fill && $line->date_end_fill) { print ' - '; } if ($line->date_end_fill) { - print $langs->trans('AutoFillDateToShort').': '.yn($line->date_end_fill); + print ''.$langs->trans('AutoFillDateToShort').': '.yn($line->date_end_fill); } if ($line->date_start_fill || $line->date_end_fill) { print '
'; } } else { if ($line->date_start || $line->date_end) { - print '
'.get_date_range($line->date_start, $line->date_end, $format).'
'; + print '
'.get_date_range($line->date_start, $line->date_end, $format).'
'; } //print get_date_range($line->date_start, $line->date_end, $format); } // Add description in form if ($line->fk_product > 0 && !empty($conf->global->PRODUIT_DESC_IN_FORM)) { - print (!empty($line->description) && $line->description != $line->product_label) ? '
'.dol_htmlentitiesbr($line->description) : ''; + print (!empty($line->description) && $line->description != $line->product_label) ? (($line->date_start || $line->date_end) ? '' : '
').'
'.dol_htmlentitiesbr($line->description) : ''; } - //Line extrafield + + // Line extrafield if (!empty($extrafields)) { $temps = $line->showOptionals($extrafields, 'view', array(), '', '', 1, 'line'); if (!empty($temps)) { diff --git a/htdocs/core/tpl/resource_add.tpl.php b/htdocs/core/tpl/resource_add.tpl.php index 01c3897f991..64d545ba583 100644 --- a/htdocs/core/tpl/resource_add.tpl.php +++ b/htdocs/core/tpl/resource_add.tpl.php @@ -35,7 +35,7 @@ $out .= '
'.$form->se $out .= '
'.$form->selectyesno('mandatory', (GETPOSTISSET('mandatory') ? GETPOST('mandatory') : 0), 1).'
'; $out .= '
'; -$out .= ''; +$out .= ''; $out .= '
'; $out .= ''; diff --git a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php index e5291cab775..7b669578a53 100644 --- a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php +++ b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php @@ -66,6 +66,8 @@ class InterfaceWorkflowManager extends DolibarrTriggers return 0; // Module not active, we do nothing } + $ret = 0; + // Proposals to order if ($action == 'PROPAL_CLOSE_SIGNED') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); @@ -132,7 +134,6 @@ class InterfaceWorkflowManager extends DolibarrTriggers // classify billed order & billed propososal if ($action == 'BILL_VALIDATE') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - $ret = 0; // First classify billed the order to allow the proposal classify process if (!empty($conf->commande->enabled) && !empty($conf->workflow->enabled) && !empty($conf->global->WORKFLOW_INVOICE_AMOUNT_CLASSIFY_BILLED_ORDER)) { diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php index 8ffa69e31ac..97199614ece 100644 --- a/htdocs/core/website.inc.php +++ b/htdocs/core/website.inc.php @@ -96,7 +96,7 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') { // If we browsi $sql .= " WHERE wp.fk_website = ".((int) $website->id); $sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid); if (is_object($websitepage) && $websitepage->fk_page > 0) { - $sql .= " OR wp.fk_page = ".$websitepage->fk_page." OR wp.rowid = ".$websitepage->fk_page; + $sql .= " OR wp.fk_page = ".((int) $websitepage->fk_page)." OR wp.rowid = ".((int) $websitepage->fk_page); } $sql .= ")"; $sql .= " AND wp.lang = '".$db->escape(GETPOST('l', 'aZ09'))."'"; diff --git a/htdocs/cron/admin/cron.php b/htdocs/cron/admin/cron.php index 5afbf30d292..28078242dc6 100644 --- a/htdocs/cron/admin/cron.php +++ b/htdocs/cron/admin/cron.php @@ -110,9 +110,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/cron/card.php b/htdocs/cron/card.php index 7911194603b..727bf56f836 100644 --- a/htdocs/cron/card.php +++ b/htdocs/cron/card.php @@ -532,11 +532,7 @@ if (($action == "create") || ($action == "edit")) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print "
"; + print $form->buttonsSaveCancel(); print "\n"; } else { diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index 2ffce20a924..e069ea7a326 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -557,9 +557,9 @@ class Cronjob extends CommonObject if (is_array($filter) && count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sql .= ' AND '.$key.' = '.((int) $value); + $sql .= " AND ".$key." = ".((int) $value); } else { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/cron/list.php b/htdocs/cron/list.php index 4d829258b2b..aba6558f20d 100644 --- a/htdocs/cron/list.php +++ b/htdocs/cron/list.php @@ -278,12 +278,12 @@ if ($search_lastresult != '') { //Manage filter if (is_array($filter) && count($filter) > 0) { foreach ($filter as $key => $value) { - $sql .= ' AND '.$key.' LIKE \'%'.$db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$db->escape($value)."%'"; } } $sqlwhere = array(); if (!empty($search_module_name)) { - $sqlwhere[] = '(t.module_name='.$db->escape($search_module_name).')'; + $sqlwhere[] = "(t.module_name = '".$db->escape($search_module_name)."')"; } if (count($sqlwhere) > 0) { $sql .= " WHERE ".implode(' AND ', $sqlwhere); diff --git a/htdocs/datapolicy/admin/setupmail.php b/htdocs/datapolicy/admin/setupmail.php index c25d4c2263d..2ec083b0fa8 100644 --- a/htdocs/datapolicy/admin/setupmail.php +++ b/htdocs/datapolicy/admin/setupmail.php @@ -151,7 +151,7 @@ $doleditor->Create(); print ''; print ''; -print '
'; +print '
'; print ''; diff --git a/htdocs/dav/dav.class.php b/htdocs/dav/dav.class.php index 6ff9e58b73a..a4c98eba8a7 100644 --- a/htdocs/dav/dav.class.php +++ b/htdocs/dav/dav.class.php @@ -82,8 +82,8 @@ class CdavLib LEFT OUTER JOIN '.MAIN_DB_PREFIX.'user AS u ON (u.rowid=fk_element) WHERE ar.element_type=\'user\' AND fk_actioncomm=a.id) AS other_users FROM '.MAIN_DB_PREFIX.'actioncomm AS a'; - if (!$this->user->rights->societe->client->voir) {//FIXME si 'voir' on voit plus de chose ? - $sql .= ' LEFT OUTER JOIN '.MAIN_DB_PREFIX.'societe_commerciaux AS sc ON (a.fk_soc = sc.fk_soc AND sc.fk_user='.$this->user->id.') + if (!$this->user->rights->societe->client->voir) { //FIXME si 'voir' on voit plus de chose ? + $sql .= ' LEFT OUTER JOIN '.MAIN_DB_PREFIX.'societe_commerciaux AS sc ON (a.fk_soc = sc.fk_soc AND sc.fk_user='.((int) $this->user->id).') LEFT JOIN '.MAIN_DB_PREFIX.'societe AS s ON (s.rowid = sc.fk_soc) LEFT JOIN '.MAIN_DB_PREFIX.'socpeople AS sp ON (sp.fk_soc = sc.fk_soc AND sp.rowid = a.fk_contact) LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_cdav AS ac ON (a.id = ac.fk_object)'; @@ -95,7 +95,7 @@ class CdavLib $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_country as co ON co.rowid = sp.fk_pays LEFT JOIN '.MAIN_DB_PREFIX.'c_country as cos ON cos.rowid = s.fk_pays - WHERE a.id IN (SELECT ar.fk_actioncomm FROM '.MAIN_DB_PREFIX.'actioncomm_resources ar WHERE ar.element_type=\'user\' AND ar.fk_element='.intval($calid).') + WHERE a.id IN (SELECT ar.fk_actioncomm FROM '.MAIN_DB_PREFIX.'actioncomm_resources ar WHERE ar.element_type=\'user\' AND ar.fk_element='.((int) $calid).') AND a.code IN (SELECT cac.code FROM '.MAIN_DB_PREFIX.'c_actioncomm cac WHERE cac.type<>\'systemauto\') AND a.entity IN ('.getEntity('societe', 1).')'; if ($oid !== false) { diff --git a/htdocs/delivery/card.php b/htdocs/delivery/card.php index a845b7aff95..7d4a3b181e0 100644 --- a/htdocs/delivery/card.php +++ b/htdocs/delivery/card.php @@ -338,7 +338,7 @@ if ($action == 'create') { // Create. Seems to no be used $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($expedition->socid, $expedition->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$expedition->id, $expedition->socid, $expedition->fk_project, 'none', 0, 0, 0, 1); @@ -436,7 +436,7 @@ if ($action == 'create') { // Create. Seems to no be used print ''; print ''; print $form->selectDate($object->date_delivery ? $object->date_delivery : -1, 'liv_', 1, 1, '', "setdate_delivery", 1, 1); - print ''; + print ''; print ''; } else { print $object->date_delivery ? dol_print_date($object->date_delivery, 'dayhour') : ' '; @@ -630,7 +630,7 @@ if ($action == 'create') { // Create. Seems to no be used print dol_get_fiche_end(); //if ($object->statut == 0) // only if draft - // print '
'; + // print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php index 18887a99e28..de991d50f4e 100644 --- a/htdocs/delivery/class/delivery.class.php +++ b/htdocs/delivery/class/delivery.class.php @@ -189,7 +189,7 @@ class Delivery extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."delivery "; $sql .= "SET ref = '".$this->db->escape($numref)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("Delivery::create", LOG_DEBUG); $resql = $this->db->query($sql); @@ -273,10 +273,10 @@ class Delivery extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."deliverydet (fk_delivery, fk_origin_line,"; $sql .= " fk_product, description, qty)"; - $sql .= " VALUES (".$this->id.",".$origin_id.","; - $sql .= " ".($idprod > 0 ? $idprod : "null").","; + $sql .= " VALUES (".$this->id.",".((int) $origin_id).","; + $sql .= " ".($idprod > 0 ? ((int) $idprod) : "null").","; $sql .= " ".($description ? "'".$this->db->escape($description)."'" : "null").","; - $sql .= $qty.")"; + $sql .= (price2num($qty, 'MS')).")"; dol_syslog(get_class($this)."::create_line", LOG_DEBUG); if (!$this->db->query($sql)) { @@ -412,7 +412,7 @@ class Delivery extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."delivery"; $sql .= " WHERE ref = '".$this->db->escape($numref)."'"; $sql .= " AND fk_statut <> 0"; - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if ($resql) { @@ -427,7 +427,7 @@ class Delivery extends CommonObject $sql .= ", fk_statut = 1"; $sql .= ", date_valid = '".$this->db->idate($now)."'"; $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = 0"; $resql = $this->db->query($sql); @@ -453,7 +453,7 @@ class Delivery extends CommonObject if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'expedition/receipt/".$this->db->escape($this->newref)."'"; - $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/receipt/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/receipt/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { $error++; $this->error = $this->db->lasterror(); @@ -641,7 +641,7 @@ class Delivery extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."deliverydet"; - $sql .= " WHERE fk_delivery = ".$this->id; + $sql .= " WHERE fk_delivery = ".((int) $this->id); if ($this->db->query($sql)) { // Delete linked object $res = $this->deleteObjectLinked(); @@ -651,7 +651,7 @@ class Delivery extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."delivery"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->db->commit(); @@ -761,7 +761,7 @@ class Delivery extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd, ".MAIN_DB_PREFIX."deliverydet as ld"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p on p.rowid = ld.fk_product"; $sql .= " WHERE ld.fk_origin_line = cd.rowid"; - $sql .= " AND ld.fk_delivery = ".$this->id; + $sql .= " AND ld.fk_delivery = ".((int) $this->id); dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG); $resql = $this->db->query($sql); @@ -958,8 +958,8 @@ class Delivery extends CommonObject $sql .= " WHERE ld.fk_delivery = l.rowid"; $sql .= " AND ld.fk_origin_line = cd.rowid"; $sql .= " AND cd.fk_".$this->linked_object[0]['type']." = c.rowid"; - $sql .= " AND cd.fk_".$this->linked_object[0]['type']." = ".$this->linked_object[0]['linkid']; - $sql .= " AND ld.fk_origin_line = ".$objSourceLine->rowid; + $sql .= " AND cd.fk_".$this->linked_object[0]['type']." = ".((int) $this->linked_object[0]['linkid']); + $sql .= " AND ld.fk_origin_line = ".((int) $objSourceLine->rowid); $sql .= " GROUP BY ld.fk_origin_line"; $result = $this->db->query($sql); @@ -1001,7 +1001,7 @@ class Delivery extends CommonObject if ($user->rights->expedition->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."delivery"; $sql .= " SET date_delivery = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDeliveryDate", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/document.php b/htdocs/document.php index 59501cc4701..3c06801c9a0 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -194,8 +194,9 @@ if (!in_array($type, array('text/x-javascript')) && !dolIsAllowedForPreview($ori $type = 'application/octet-stream'; } -// Security: Delete string ../ into $original_file -$original_file = str_replace("../", "/", $original_file); +// Security: Delete string ../ or ..\ into $original_file +$original_file = str_replace('../', '/', $original_file); +$original_file = str_replace('..\\', '/', $original_file); // Find the subdirectory name as the reference $refname = basename(dirname($original_file)."/"); diff --git a/htdocs/don/admin/donation.php b/htdocs/don/admin/donation.php index f14fae538ab..d8b06285be4 100644 --- a/htdocs/don/admin/donation.php +++ b/htdocs/don/admin/donation.php @@ -341,7 +341,7 @@ if (!empty($conf->accounting->enabled)) { print ''; } print ''; -print ''; +print ''; print "\n"; print ''; @@ -353,7 +353,7 @@ print ''; print $langs->trans("FreeTextOnDonations").' '.img_info($langs->trans("AddCRIfTooLong")).'
'; print ''; print ''; -print ''; +print ''; print "\n"; print "\n"; diff --git a/htdocs/don/card.php b/htdocs/don/card.php index 1b3c72906b4..c0c81d71aa8 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -500,11 +500,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print "\n"; } @@ -634,7 +630,7 @@ if (!empty($id) && $action == 'edit') { print dol_get_fiche_end(); - print '
   
'; + print $form->buttonsSaveCancel(); print "\n"; } diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index 181b3fc0ca3..85a95905073 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -555,7 +555,7 @@ class Don extends CommonObject // Delete donation if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."don_extrafields"; - $sql .= " WHERE fk_object=".$this->id; + $sql .= " WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1116,7 +1116,7 @@ class Don extends CommonObject return -1; } - $sql = 'SELECT SUM(amount) as sum_amount FROM '.MAIN_DB_PREFIX.'payment_donation WHERE fk_donation = '.$this->id; + $sql = 'SELECT SUM(amount) as sum_amount FROM '.MAIN_DB_PREFIX.'payment_donation WHERE fk_donation = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { dol_print_error($this->db); diff --git a/htdocs/don/index.php b/htdocs/don/index.php index 2a314068830..36323d332b7 100644 --- a/htdocs/don/index.php +++ b/htdocs/don/index.php @@ -106,7 +106,7 @@ if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS)) { // TODO Add a s print ''; print ''; if ($i == 0) { - print ''; + print ''; } print ''; $i++; @@ -174,8 +174,8 @@ foreach ($listofstatus as $status) { print ''; print ''.$donstatic->LibStatut($status, 4).''; print ''.(!empty($nb[$status]) ? $nb[$status] : ' ').''; - print ''.(!empty($nb[$status]) ?price($somme[$status], 'MT') : ' ').''; - print ''.(!empty($nb[$status]) ?price(price2num($somme[$status] / $nb[$status], 'MT')) : ' ').''; + print ''.(!empty($nb[$status]) ? price($somme[$status], 'MT') : ' ').''; + print ''.(!empty($nb[$status]) ?price(price2num($somme[$status] / $nb[$status], 'MT')) : ' ').''; $totalnb += (!empty($nb[$status]) ? $nb[$status] : 0); $total += (!empty($somme[$status]) ? $somme[$status] : 0); print ""; @@ -183,9 +183,9 @@ foreach ($listofstatus as $status) { print ''; print ''.$langs->trans("Total").''; -print ''.$totalnb.''; -print ''.price($total, 'MT').''; -print ''.($totalnb ?price(price2num($total / $totalnb, 'MT')) : ' ').''; +print ''.$totalnb.''; +print ''.price($total, 'MT').''; +print ''.($totalnb ?price(price2num($total / $totalnb, 'MT')) : ' ').''; print ''; print ""; @@ -233,7 +233,7 @@ if ($resql) { print dolGetFirstLastname($obj->lastname, $obj->firstname); print ''; - print ''; + print ''; print price($obj->amount, 1); print ''; diff --git a/htdocs/don/payment/payment.php b/htdocs/don/payment/payment.php index cf6328d15c4..719b6e9951b 100644 --- a/htdocs/don/payment/payment.php +++ b/htdocs/don/payment/payment.php @@ -280,11 +280,7 @@ if ($action == 'create') { print ""; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print "\n"; } diff --git a/htdocs/ecm/class/ecmdirectory.class.php b/htdocs/ecm/class/ecmdirectory.class.php index c2961794bbc..3c7af135922 100644 --- a/htdocs/ecm/class/ecmdirectory.class.php +++ b/htdocs/ecm/class/ecmdirectory.class.php @@ -305,7 +305,7 @@ class EcmDirectory extends CommonObject } else { $sql .= " cachenbofdoc = cachenbofdoc ".$value." 1"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::changeNbOfFiles", LOG_DEBUG); $resql = $this->db->query($sql); @@ -764,7 +764,7 @@ class EcmDirectory extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."ecm_directories SET"; $sql .= " cachenbofdoc = '".count($filelist)."'"; if (empty($all)) { // By default - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); } else { $sql .= " WHERE entity = ".$conf->entity; } diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index 035a7aee9c6..15cfba4c03e 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -303,17 +303,17 @@ class EcmFiles extends CommonObject $sql .= " '".$this->db->escape($ref)."', "; $sql .= ' '.(!isset($this->label) ? 'NULL' : "'".$this->db->escape($this->label)."'").','; $sql .= ' '.(!isset($this->share) ? 'NULL' : "'".$this->db->escape($this->share)."'").','; - $sql .= ' '.$this->entity.','; + $sql .= ' '.((int) $this->entity).','; $sql .= ' '.(!isset($this->filename) ? 'NULL' : "'".$this->db->escape($this->filename)."'").','; $sql .= ' '.(!isset($this->filepath) ? 'NULL' : "'".$this->db->escape($this->filepath)."'").','; $sql .= ' '.(!isset($this->fullpath_orig) ? 'NULL' : "'".$this->db->escape($this->fullpath_orig)."'").','; $sql .= ' '.(!isset($this->description) ? 'NULL' : "'".$this->db->escape($this->description)."'").','; $sql .= ' '.(!isset($this->keywords) ? 'NULL' : "'".$this->db->escape($this->keywords)."'").','; $sql .= ' '.(!isset($this->cover) ? 'NULL' : "'".$this->db->escape($this->cover)."'").','; - $sql .= ' '.$maxposition.','; + $sql .= ' '.((int) $maxposition).','; $sql .= ' '.(!isset($this->gen_or_uploaded) ? 'NULL' : "'".$this->db->escape($this->gen_or_uploaded)."'").','; $sql .= ' '.(!isset($this->extraparams) ? 'NULL' : "'".$this->db->escape($this->extraparams)."'").','; - $sql .= ' '."'".$this->db->idate($this->date_c)."'".','; + $sql .= " '".$this->db->idate($this->date_c)."',"; $sql .= ' '.(!isset($this->date_m) || dol_strlen($this->date_m) == 0 ? 'NULL' : "'".$this->db->idate($this->date_m)."'").','; $sql .= ' '.(!isset($this->fk_user_c) ? $user->id : $this->fk_user_c).','; $sql .= ' '.(!isset($this->fk_user_m) ? 'NULL' : $this->fk_user_m).','; @@ -530,9 +530,9 @@ class EcmFiles extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.src_object_id') { - $sqlwhere[] = $key.' = '.((int) $value); + $sqlwhere[] = $key." = ".((int) $value); } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -548,7 +548,7 @@ class EcmFiles extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $this->lines = array(); @@ -664,7 +664,7 @@ class EcmFiles extends CommonObject // Update request $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET'; - $sql .= " ref = '".dol_hash($this->filepath.'/'.$this->filename, 3)."',"; + $sql .= " ref = '".$this->db->escape(dol_hash($this->filepath."/".$this->filename, 3))."',"; $sql .= ' label = '.(isset($this->label) ? "'".$this->db->escape($this->label)."'" : "null").','; $sql .= ' share = '.(!empty($this->share) ? "'".$this->db->escape($this->share)."'" : "null").','; $sql .= ' entity = '.(isset($this->entity) ? $this->entity : $conf->entity).','; diff --git a/htdocs/ecm/dir_card.php b/htdocs/ecm/dir_card.php index d84a7330e69..fec8151728e 100644 --- a/htdocs/ecm/dir_card.php +++ b/htdocs/ecm/dir_card.php @@ -421,11 +421,7 @@ print $object->showOptionals($extrafields, ($action == 'edit' ? 'edit' : 'view') print ''; if ($action == 'edit') { - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); } print '
'; diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 5ca1667ac9f..44bc91e387e 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -405,11 +405,7 @@ print ajax_autoselect('downloadlink'); print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php index 16df7774470..74d7cc309b9 100644 --- a/htdocs/emailcollector/class/emailcollector.class.php +++ b/htdocs/emailcollector/class/emailcollector.class.php @@ -30,6 +30,16 @@ require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; require_once DOL_DOCUMENT_ROOT.'/ticket/class/ticket.class.php'; require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentcandidature.class.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; // customer proposal +require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php'; // customer order +require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; // Shipment +require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php'; // supplier invoice +require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php'; // supplier order +require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php'; // supplier proposal +require_once DOL_DOCUMENT_ROOT."/reception/class/reception.class.php"; // reception +//require_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php'; // Holidays (leave request) +//require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; // expernse report + /** * Class for EmailCollector @@ -675,7 +685,7 @@ class EmailCollector extends CommonObject $sql = 'SELECT rowid, type, rulevalue, status'; $sql .= ' FROM '.MAIN_DB_PREFIX.'emailcollector_emailcollectorfilter'; - $sql .= ' WHERE fk_emailcollector = '.$this->id; + $sql .= ' WHERE fk_emailcollector = '.((int) $this->id); //$sql.= ' ORDER BY position'; $resql = $this->db->query($sql); @@ -707,7 +717,7 @@ class EmailCollector extends CommonObject $sql = 'SELECT rowid, type, actionparam, status'; $sql .= ' FROM '.MAIN_DB_PREFIX.'emailcollector_emailcollectoraction'; - $sql .= ' WHERE fk_emailcollector = '.$this->id; + $sql .= ' WHERE fk_emailcollector = '.((int) $this->id); $sql .= ' ORDER BY position'; $resql = $this->db->query($sql); @@ -1415,8 +1425,8 @@ class EmailCollector extends CommonObject $reg = array(); if (!empty($headers['References'])) { $arrayofreferences = preg_split('/(,|\s+)/', $headers['References']); - //var_dump($headers['References']); - //var_dump($arrayofreferences); + // var_dump($headers['References']); + // var_dump($arrayofreferences); foreach ($arrayofreferences as $reference) { //print "Process mail ".$iforemailloop." email_msgid ".$msgid.", date ".dol_print_date($date, 'dayhour').", subject ".$subject.", reference ".dol_escape_htmltag($reference)."
\n"; @@ -1432,9 +1442,30 @@ class EmailCollector extends CommonObject if ($reg[1] == 'ctc') { $objectemail = new Contact($this->db); } - if ($reg[1] == 'inv') { + if ($reg[1] == 'inv') { // customer invoices $objectemail = new Facture($this->db); } + if ($reg[1] == 'sinv') { // supplier invoices + $objectemail = new FactureFournisseur($this->db); + } + if ($reg[1] == 'pro') { // customer proposals + $objectemail = new Propal($this->db); + } + if ($reg[1] == 'ord') { // customer orders + $objectemail = new Commande($this->db); + } + if ($reg[1] == 'shi') { // shipments + $objectemail = new Expedition($this->db); + } + if ($reg[1] == 'spro') { // supplier proposal + $objectemail = new SupplierProposal($this->db); + } + if ($reg[1] == 'sord') { // supplier order + $objectemail = new CommandeFournisseur($this->db); + } + if ($reg[1] == 'rec') { // Reception + $objectemail = new Reception($this->db); + } if ($reg[1] == 'proj') { $objectemail = new Project($this->db); } @@ -1456,6 +1487,12 @@ class EmailCollector extends CommonObject if ($reg[1] == 'mem') { $objectemail = new Adherent($this->db); } + /*if ($reg[1] == 'leav') { + $objectemail = new Holiday($db); + } + if ($reg[1] == 'exp') { + $objectemail = new ExpenseReport($db); + }*/ } elseif (preg_match('/<(.*@.*)>/', $reference, $reg)) { // This is an external reference, we check if we have it in our database if (!is_object($objectemail)) { diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php index bb84bbe37bd..9318e3f8465 100644 --- a/htdocs/eventorganization/class/conferenceorbooth.class.php +++ b/htdocs/eventorganization/class/conferenceorbooth.class.php @@ -293,15 +293,15 @@ class ConferenceOrBooth extends ActionComm if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.id' || $key == 't.fk_project' || $key == 't.fk_soc' || $key == 't.fk_action') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -313,7 +313,7 @@ class ConferenceOrBooth extends ActionComm $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/eventorganization/class/conferenceorboothattendee.class.php b/htdocs/eventorganization/class/conferenceorboothattendee.class.php index b6c80feadd4..5169058d41c 100644 --- a/htdocs/eventorganization/class/conferenceorboothattendee.class.php +++ b/htdocs/eventorganization/class/conferenceorboothattendee.class.php @@ -422,7 +422,7 @@ class ConferenceOrBoothAttendee extends CommonObject } elseif (strpos($value, '%') === false) { $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -434,7 +434,7 @@ class ConferenceOrBoothAttendee extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -558,7 +558,7 @@ class ConferenceOrBoothAttendee extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/eventorganization/conferenceorbooth_card.php b/htdocs/eventorganization/conferenceorbooth_card.php index 6ae9ab9664b..be22ed2481b 100644 --- a/htdocs/eventorganization/conferenceorbooth_card.php +++ b/htdocs/eventorganization/conferenceorbooth_card.php @@ -382,11 +382,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -425,9 +421,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/eventorganization/conferenceorbooth_list.php b/htdocs/eventorganization/conferenceorbooth_list.php index 9430d2c52ad..679e0d2d735 100644 --- a/htdocs/eventorganization/conferenceorbooth_list.php +++ b/htdocs/eventorganization/conferenceorbooth_list.php @@ -449,7 +449,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -472,7 +472,7 @@ if ($object->ismultientitymanaged == 1) { $sql .= " WHERE 1 = 1"; } if ($projectid > 0) { - $sql .= ' AND t.fk_project='.$project->id; + $sql .= " AND t.fk_project = ".((int) $project->id); } foreach ($search as $key => $val) { if (array_key_exists($key, $object->fields)) { diff --git a/htdocs/eventorganization/conferenceorboothattendee_card.php b/htdocs/eventorganization/conferenceorboothattendee_card.php index fe5ea292e8b..034df1fcae3 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_card.php +++ b/htdocs/eventorganization/conferenceorboothattendee_card.php @@ -396,11 +396,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -442,9 +438,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/eventorganization/conferenceorboothattendee_list.php b/htdocs/eventorganization/conferenceorboothattendee_list.php index 72d66b7fb87..9184d9ae771 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_list.php +++ b/htdocs/eventorganization/conferenceorboothattendee_list.php @@ -225,7 +225,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks diff --git a/htdocs/eventorganization/eventorganizationindex.php b/htdocs/eventorganization/eventorganizationindex.php index dc66f61daec..d708883c249 100644 --- a/htdocs/eventorganization/eventorganizationindex.php +++ b/htdocs/eventorganization/eventorganizationindex.php @@ -83,8 +83,8 @@ if (! empty($conf->eventorganization->enabled) && $user->rights->eventorganizati $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); if ($resql) @@ -158,7 +158,7 @@ if (! empty($conf->eventorganization->enabled) && $user->rights->eventorganizati $sql.= " FROM ".MAIN_DB_PREFIX."eventorganization_myobject as s"; //if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")"; - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); //if ($socid) $sql.= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index 582b23aec45..46e31740982 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -379,7 +379,11 @@ if (empty($reshook)) { } } } else { - setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("QtyToShip").'/'.$langs->transnoentitiesnoconv("Warehouse")), null, 'errors'); + $labelfieldmissing = $langs->transnoentitiesnoconv("QtyToShip"); + if (!empty($conf->stock->enabled)) { + $labelfieldmissing .= '/'.$langs->transnoentitiesnoconv("Warehouse"); + } + setEventMessages($langs->trans("ErrorFieldRequired", $labelfieldmissing), null, 'errors'); $error++; } @@ -717,6 +721,16 @@ if (empty($reshook)) { unset($_POST[$qty]); } } + } elseif (empty($conf->stock->enabled) && empty($conf->productbatch->enabled)) { // both product batch and stock are not activated. + $qty = "qtyl".$line_id; + $line->id = $line_id; + $line->qty = GETPOST($qty, 'int'); + $line->entrepot_id = 0; + if ($line->update($user) < 0) { + setEventMessages($line->error, $line->errors, 'errors'); + $error++; + } + unset($_POST[$qty]); } } else { // Product no predefined @@ -786,6 +800,10 @@ $help_url = 'EN:Module_Shipments|FR:Module_Expéditions|ES:Módulo_Expedic llxHeader('', $langs->trans('Shipment'), 'Expedition', $help_url); +if (empty($action)) { + $action = 'view'; +} + $form = new Form($db); $formfile = new FormFile($db); $formproduct = new FormProduct($db); @@ -997,9 +1015,9 @@ if ($action == 'create') { $numAsked = count($object->lines); - print ''; + print 'return false; });'."\n"; + print 'jQuery("#autoreset").click(function() { console.log("Reset values to 0"); jQuery(".qtyl").val(0);'."\n"; + print 'return false; });'."\n"; + print '});'."\n"; + print ''."\n"; print '
'; @@ -1172,7 +1191,7 @@ if ($action == 'create') { $deliverableQty = GETPOST('qtyl'.$indiceAsked, 'int'); } print ''; - print ''; + print ''; } else { print $langs->trans("NA"); } @@ -1543,11 +1562,7 @@ if ($action == 'create') { print '
'; - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -1683,7 +1698,7 @@ if ($action == 'create') { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); @@ -1754,7 +1769,7 @@ if ($action == 'create') { print ''; print ''; print $form->selectDate($object->date_delivery ? $object->date_delivery : -1, 'liv_', 1, 1, '', "setdate_livraison", 1, 0); - print ''; + print ''; print ''; } else { print $object->date_delivery ? dol_print_date($object->date_delivery, 'dayhour') : ' '; @@ -1890,7 +1905,7 @@ if ($action == 'create') { if ($user->admin) { print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1); } - print ''; + print ''; print ''; } else { if ($object->shipping_method_id > 0) { @@ -2189,7 +2204,7 @@ if ($action == 'create') { if ($action == 'editline' && $lines[$i]->id == $line_id) { // edit mode - print ''; + print ''; @@ -2369,10 +2394,11 @@ if ($action == 'create') { $line = $lines[$i]; $line->fetch_optionals(); + // TODO Show all in same line by setting $display_type = 'line' if ($action == 'editline' && $line->id == $line_id) { - print $lines[$i]->showOptionals($extrafields, 'edit', array('colspan'=>$colspan), $indiceAsked); + print $lines[$i]->showOptionals($extrafields, 'edit', array('colspan'=>$colspan), $indiceAsked, '', 0, 'card'); } else { - print $lines[$i]->showOptionals($extrafields, 'view', array('colspan'=>$colspan), $indiceAsked); + print $lines[$i]->showOptionals($extrafields, 'view', array('colspan'=>$colspan), $indiceAsked, '', 0, 'card'); } } } diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index ee7324a22c4..049ef7832b0 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -363,7 +363,7 @@ class Expedition extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."expedition"; $sql .= " SET ref = '(PROV".$this->id.")'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); if ($this->db->query($sql)) { @@ -711,7 +711,7 @@ class Expedition extends CommonObject $sql .= ", fk_statut = 1"; $sql .= ", date_valid = '".$this->db->idate($now)."'"; $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::valid update expedition", LOG_DEBUG); $resql = $this->db->query($sql); @@ -733,7 +733,7 @@ class Expedition extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as edb on edb.fk_expeditiondet = ed.rowid"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -811,7 +811,7 @@ class Expedition extends CommonObject if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'expedition/sending/".$this->db->escape($this->newref)."'"; - $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/sending/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/sending/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { $error++; $this->error = $this->db->lasterror(); @@ -1224,7 +1224,7 @@ class Expedition extends CommonObject $sql = "SELECT cd.fk_product, cd.subprice, ed.qty, ed.fk_entrepot, ed.rowid as expeditiondet_id"; $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::delete select details", LOG_DEBUG); @@ -1285,7 +1285,7 @@ class Expedition extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet"; - $sql .= " WHERE fk_expedition = ".$this->id; + $sql .= " WHERE fk_expedition = ".((int) $this->id); if ($this->db->query($sql)) { // Delete linked object @@ -1297,7 +1297,7 @@ class Expedition extends CommonObject // No delete expedition if (!$error) { $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."expedition"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!empty($this->origin) && $this->origin_id > 0) { @@ -1408,7 +1408,7 @@ class Expedition extends CommonObject $sql = "SELECT cd.fk_product, cd.subprice, ed.qty, ed.fk_entrepot, ed.rowid as expeditiondet_id"; $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::delete select details", LOG_DEBUG); @@ -1469,10 +1469,10 @@ class Expedition extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'expeditiondet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_expedition = ".$this->id.")"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_expedition = ".((int) $this->id).")"; $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet"; - $sql .= " WHERE fk_expedition = ".$this->id; + $sql .= " WHERE fk_expedition = ".((int) $this->id); if ($this->db->query($sqlef) && $this->db->query($sql)) { // Delete linked object @@ -1489,7 +1489,7 @@ class Expedition extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."expedition"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!empty($this->origin) && $this->origin_id > 0) { @@ -1577,7 +1577,7 @@ class Expedition extends CommonObject $sql .= ", p.weight, p.weight_units, p.length, p.length_units, p.surface, p.surface_units, p.volume, p.volume_units, p.tosell as product_tosell, p.tobuy as product_tobuy, p.tobatch as product_tobatch"; $sql .= " FROM ".MAIN_DB_PREFIX."expeditiondet as ed, ".MAIN_DB_PREFIX."commandedet as cd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = cd.fk_product"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND ed.fk_origin_line = cd.rowid"; $sql .= " ORDER BY cd.rang, ed.fk_origin_line"; @@ -1973,7 +1973,7 @@ class Expedition extends CommonObject if ($user->rights->expedition->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."expedition"; $sql .= " SET date_delivery = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDeliveryDate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2162,7 +2162,7 @@ class Expedition extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'expedition SET fk_statut='.self::STATUS_CLOSED; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0'; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0'; $resql = $this->db->query($sql); if ($resql) { @@ -2207,7 +2207,7 @@ class Expedition extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as edb on edb.fk_expeditiondet = ed.rowid"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -2307,7 +2307,7 @@ class Expedition extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'expedition SET fk_statut=2, billed=1'; // TODO Update only billed - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0'; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0'; $resql = $this->db->query($sql); if ($resql) { @@ -2356,7 +2356,7 @@ class Expedition extends CommonObject $oldbilled = $this->billed; $sql = 'UPDATE '.MAIN_DB_PREFIX.'expedition SET fk_statut=1'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0'; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0'; $resql = $this->db->query($sql); if ($resql) { @@ -2377,7 +2377,7 @@ class Expedition extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as edb on edb.fk_expeditiondet = ed.rowid"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -2805,7 +2805,7 @@ class ExpeditionLigne extends CommonObjectLine // delete batch expedition line if ($conf->productbatch->enabled) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet_batch"; - $sql .= " WHERE fk_expeditiondet = ".$this->id; + $sql .= " WHERE fk_expeditiondet = ".((int) $this->id); if (!$this->db->query($sql)) { $this->errors[] = $this->db->lasterror()." - sql=$sql"; @@ -2814,7 +2814,7 @@ class ExpeditionLigne extends CommonObjectLine } $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if (!$error && $this->db->query($sql)) { // Remove extrafields @@ -2951,7 +2951,7 @@ class ExpeditionLigne extends CommonObjectLine if (!$error && !empty($expedition_batch_id)) { // delete lot expedition line $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet_batch"; - $sql .= " WHERE fk_expeditiondet = ".$this->id; + $sql .= " WHERE fk_expeditiondet = ".((int) $this->id); $sql .= " AND rowid = ".((int) $expedition_batch_id); if (!$this->db->query($sql)) { diff --git a/htdocs/expedition/class/expeditionstats.class.php b/htdocs/expedition/class/expeditionstats.class.php index d25c7b52098..3c1bef04d09 100644 --- a/htdocs/expedition/class/expeditionstats.class.php +++ b/htdocs/expedition/class/expeditionstats.class.php @@ -74,7 +74,7 @@ class ExpeditionStats extends Stats //$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity; $this->where .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { $this->where .= " AND c.fk_soc = ".((int) $this->socid); diff --git a/htdocs/expedition/contact.php b/htdocs/expedition/contact.php index 164935a1437..aea23298fcf 100644 --- a/htdocs/expedition/contact.php +++ b/htdocs/expedition/contact.php @@ -162,7 +162,7 @@ if ($id > 0 || !empty($ref)) { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); diff --git a/htdocs/expedition/document.php b/htdocs/expedition/document.php index 200a4b67aac..43299dad066 100644 --- a/htdocs/expedition/document.php +++ b/htdocs/expedition/document.php @@ -134,7 +134,7 @@ if ($id > 0 || !empty($ref)) { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); diff --git a/htdocs/expedition/index.php b/htdocs/expedition/index.php index defd1ddf9b4..173cc1889bc 100644 --- a/htdocs/expedition/index.php +++ b/htdocs/expedition/index.php @@ -68,13 +68,13 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande as c ON el.fk_source = c.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc"; if (!$user->rights->societe->client->voir && !$socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc"; - $sql .= $clause." sc.fk_user = ".$user->id; + $sql .= $clause." sc.fk_user = ".((int) $user->id); $clause = " AND "; } $sql .= $clause." e.fk_statut = ".Expedition::STATUS_DRAFT; $sql .= " AND e.entity IN (".getEntity('expedition').")"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -143,11 +143,11 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= " WHERE e.entity IN (".getEntity('expedition').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND e.fk_statut = ".Expedition::STATUS_VALIDATED; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= " ORDER BY e.date_delivery DESC"; $sql .= $db->plimit($max, 0); @@ -215,10 +215,10 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('order').")"; $sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_ACCEPTED.")"; if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid ASC"; diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index 5a110d33f2a..2c0239d44e2 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -58,6 +58,7 @@ $search_ref_exp = GETPOST("search_ref_exp", 'alpha'); $search_ref_liv = GETPOST('search_ref_liv', 'alpha'); $search_ref_customer = GETPOST('search_ref_customer', 'alpha'); $search_company = GETPOST("search_company", 'alpha'); +$search_shipping_method_id = GETPOST('search_shipping_method_id'); $search_tracking = GETPOST("search_tracking", 'alpha'); $search_town = GETPOST('search_town', 'alpha'); $search_zip = GETPOST('search_zip', 'alpha'); @@ -115,6 +116,7 @@ $fieldstosearchall = array( 'e.ref'=>"Ref", 's.nom'=>"ThirdParty", 'e.note_public'=>'NotePublic', + 'e.shipping_method_id'=>'SendingMethod', 'e.tracking_number'=>"TrackingNumber", ); if (empty($user->socid)) { @@ -123,17 +125,18 @@ if (empty($user->socid)) { $checkedtypetiers = 0; $arrayfields = array( - 'e.ref'=>array('label'=>$langs->trans("Ref"), 'checked'=>1), - 'e.ref_customer'=>array('label'=>$langs->trans("RefCustomer"), 'checked'=>1), - 's.nom'=>array('label'=>$langs->trans("ThirdParty"), 'checked'=>1), - 's.town'=>array('label'=>$langs->trans("Town"), 'checked'=>1), - 's.zip'=>array('label'=>$langs->trans("Zip"), 'checked'=>1), - 'state.nom'=>array('label'=>$langs->trans("StateShort"), 'checked'=>0), - 'country.code_iso'=>array('label'=>$langs->trans("Country"), 'checked'=>0), - 'typent.code'=>array('label'=>$langs->trans("ThirdPartyType"), 'checked'=>$checkedtypetiers), - 'e.date_delivery'=>array('label'=>$langs->trans("DateDeliveryPlanned"), 'checked'=>1), - 'e.tracking_number'=>array('label'=>$langs->trans("TrackingNumber"), 'checked'=>1), - 'e.weight'=>array('label'=>$langs->trans("Weight"), 'checked'=>0), + 'e.ref'=>array('label'=>$langs->trans("Ref"), 'checked'=>1, 'position'=>1), + 'e.ref_customer'=>array('label'=>$langs->trans("RefCustomer"), 'checked'=>1, 'position'=>2), + 's.nom'=>array('label'=>$langs->trans("ThirdParty"), 'checked'=>1, 'position'=>3), + 's.town'=>array('label'=>$langs->trans("Town"), 'checked'=>1, 'position'=>4), + 's.zip'=>array('label'=>$langs->trans("Zip"), 'checked'=>1, 'position'=>5), + 'state.nom'=>array('label'=>$langs->trans("StateShort"), 'checked'=>0, 'position'=>6), + 'country.code_iso'=>array('label'=>$langs->trans("Country"), 'checked'=>0, 'position'=>7), + 'typent.code'=>array('label'=>$langs->trans("ThirdPartyType"), 'checked'=>$checkedtypetiers, 'position'=>8), + 'e.date_delivery'=>array('label'=>$langs->trans("DateDeliveryPlanned"), 'checked'=>1, 'position'=>9), + 'e.shipping_method_id'=>array('label'=>$langs->trans('SendingMethod'), 'checked'=>1, 'position'=>10), + 'e.tracking_number'=>array('label'=>$langs->trans("TrackingNumber"), 'checked'=>1, 'position'=>11), + 'e.weight'=>array('label'=>$langs->trans("Weight"), 'checked'=>0, 'position'=>12), 'e.datec'=>array('label'=>$langs->trans("DateCreation"), 'checked'=>0, 'position'=>500), 'e.tms'=>array('label'=>$langs->trans("DateModificationShort"), 'checked'=>0, 'position'=>500), 'e.fk_statut'=>array('label'=>$langs->trans("Status"), 'checked'=>1, 'position'=>1000), @@ -185,6 +188,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_type = ''; $search_country = ''; $search_tracking = ''; + $search_shipping_method_id = ''; $search_type_thirdparty = ''; $search_billed = ''; $search_datedelivery_start = ''; @@ -228,7 +232,7 @@ $sql = 'SELECT'; if ($sall || $search_product_category > 0 || $search_user > 0) { $sql = 'SELECT DISTINCT'; } -$sql .= " e.rowid, e.ref, e.ref_customer, e.date_expedition as date_expedition, e.weight, e.weight_units, e.date_delivery as delivery_date, e.fk_statut, e.billed, e.tracking_number,"; +$sql .= " e.rowid, e.ref, e.ref_customer, e.date_expedition as date_expedition, e.weight, e.weight_units, e.date_delivery as delivery_date, e.fk_statut, e.billed, e.tracking_number, e.fk_shipping_method,"; $sql .= " l.date_delivery as date_reception,"; $sql .= " s.rowid as socid, s.nom as name, s.town, s.zip, s.fk_pays, s.client, s.code_client, "; $sql .= " typent.code as typent_code,"; @@ -241,7 +245,7 @@ if ($search_categ_cus) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -289,7 +293,7 @@ if ($socid > 0) { } if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all $sql .= " AND e.fk_soc = sc.fk_soc"; - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND e.fk_soc = ".((int) $socid); @@ -315,6 +319,9 @@ if ($search_state) { if ($search_country) { $sql .= " AND s.fk_pays IN (".$db->sanitize($search_country).')'; } +if ($search_shipping_method_id > 0) { + $sql .= " AND e.fk_shipping_method = ".((int) $search_shipping_method_id); +} if ($search_tracking) { $sql .= natural_search("e.tracking_number", $search_tracking); } @@ -326,7 +333,7 @@ if ($search_sale > 0) { } if ($search_user > 0) { // The contact on a shipment is also the contact of the order. - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = eesource.fk_source AND ec.fk_socpeople = ".$db->escape($search_user); + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = eesource.fk_source AND ec.fk_socpeople = ".((int) $search_user); } if ($search_ref_exp) { $sql .= natural_search('e.ref', $search_ref_exp); @@ -422,6 +429,9 @@ if ($search_sale > 0) { if ($search_company) { $param .= "&search_company=".urlencode($search_company); } +if ($search_shipping_method_id) { + $param .= "&search_shipping_method_id=".urlencode($search_shipping_method_id); +} if ($search_tracking) { $param .= "&search_tracking=".urlencode($search_tracking); } @@ -628,6 +638,13 @@ if (!empty($arrayfields['e.date_delivery']['checked'])) { print ''; print ''; } +if (!empty($arrayfields['e.shipping_method_id']['checked'])) { + // Delivery method + print '\n"; +} // Tracking number if (!empty($arrayfields['e.tracking_number']['checked'])) { print '\n"; } + if (!empty($arrayfields['e.shipping_method_id']['checked'])) { + // Get code using getLabelFromKey + $code=$langs->getLabelFromKey($db, $shipment->shipping_method_id, 'c_shipment_mode', 'rowid', 'code'); + print ''; + } // Tracking number if (!empty($arrayfields['e.tracking_number']['checked'])) { - print '\n"; + $shipment->getUrlTrackingStatus($obj->tracking_number); + print '\n"; + //print $form->editfieldval("TrackingNumber", 'tracking_number', $obj->tracking_url, $obj, $user->rights->expedition->creer, 'string', $obj->tracking_number); if (!$i) { $totalarray['nbfield']++; } diff --git a/htdocs/expedition/note.php b/htdocs/expedition/note.php index d9282481603..5ebc54193da 100644 --- a/htdocs/expedition/note.php +++ b/htdocs/expedition/note.php @@ -123,7 +123,7 @@ if ($id > 0 || !empty($ref)) { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php index 42b8630bd3c..8510e6f3609 100644 --- a/htdocs/expedition/shipment.php +++ b/htdocs/expedition/shipment.php @@ -379,7 +379,7 @@ if ($id > 0 || !empty($ref)) { print ''; print ''; print $form->selectDate($object->delivery_date ? $object->delivery_date : -1, 'liv_', 1, 1, '', "setdate_livraison", 1, 0); - print ''; + print ''; print ''; } else { print dol_print_date($object->delivery_date, 'dayhour'); diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index 048209fbf7d..86aedebbf34 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -1432,10 +1432,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print '
'; + print $form->buttonsSaveCancel("AddTrip"); print ''; } elseif ($id > 0 || $ref) { @@ -1554,10 +1551,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print '
'; + print $form->buttonsSaveCancel("Modify"); print ''; } else { @@ -2287,11 +2281,8 @@ if ($action == 'create') { //print $line->fk_ecm_files; print ''; - print ''; + print $form->buttonsSaveCancel(); print ''; } @@ -2469,7 +2460,9 @@ if ($action == 'create') { print ''; } - print ''; + print ''; print ''; } // Fin si c'est payé/validé diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index b3601c00deb..a67b447ca9c 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -495,9 +495,9 @@ class ExpenseReport extends CommonObject $sql .= " , note_public = ".(!empty($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "''"); $sql .= " , note_private = ".(!empty($this->note_private) ? "'".$this->db->escape($this->note_private)."'" : "''"); $sql .= " , detail_refuse = ".(!empty($this->detail_refuse) ? "'".$this->db->escape($this->detail_refuse)."'" : "''"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { if (!$notrigger) { @@ -552,7 +552,7 @@ class ExpenseReport extends CommonObject } //$sql.= $restrict; - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -665,7 +665,7 @@ class ExpenseReport extends CommonObject $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", paid=1"; $sql .= " WHERE rowid = ".((int) $id)." AND fk_statut = ".self::STATUS_APPROVED; - dol_syslog(get_class($this)."::set_paid sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::set_paid", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->affected_rows($resql)) { @@ -882,7 +882,7 @@ class ExpenseReport extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as de"; $sql .= " WHERE de.fk_projet = ".((int) $projectid); - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $num = $this->db->num_rows($result); @@ -973,7 +973,7 @@ class ExpenseReport extends CommonObject { $sql = 'SELECT tt.total_ht, tt.total_ttc, tt.total_tva'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as tt'; - $sql .= ' WHERE tt.'.$this->fk_element.' = '.((int) $id); + $sql .= " WHERE tt.".$this->fk_element.' = '.((int) $id); $total_ht = 0; $total_tva = 0; $total_ttc = 0; @@ -981,18 +981,18 @@ class ExpenseReport extends CommonObject if ($result) { $num = $this->db->num_rows($result); $i = 0; - while ($i < $num) : + while ($i < $num) { $objp = $this->db->fetch_object($result); $total_ht += $objp->total_ht; $total_tva += $objp->total_tva; $i++; - endwhile; + } $total_ttc = $total_ht + $total_tva; $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; - $sql .= " total_ht = ".price2num($total_ht, 'MT'); - $sql .= " , total_ttc = ".price2num($total_ttc, 'MT'); - $sql .= " , total_tva = ".price2num($total_tva, 'MT'); + $sql .= " total_ht = ".((float) price2num($total_ht, 'MT')); + $sql .= " , total_ttc = ".((float) price2num($total_ttc, 'MT')); + $sql .= " , total_tva = ".((float) price2num($total_tva, 'MT')); $sql .= " WHERE rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) : @@ -1024,14 +1024,14 @@ class ExpenseReport extends CommonObject $this->lines = array(); $sql = ' SELECT de.rowid, de.comments, de.qty, de.value_unit, de.date, de.rang,'; - $sql .= ' de.'.$this->fk_element.', de.fk_c_type_fees, de.fk_c_exp_tax_cat, de.fk_projet as fk_project, de.tva_tx, de.fk_ecm_files,'; + $sql .= " de.".$this->fk_element.", de.fk_c_type_fees, de.fk_c_exp_tax_cat, de.fk_projet as fk_project, de.tva_tx, de.fk_ecm_files,"; $sql .= ' de.total_ht, de.total_tva, de.total_ttc,'; $sql .= ' ctf.code as code_type_fees, ctf.label as libelle_type_fees,'; $sql .= ' p.ref as ref_projet, p.title as title_projet'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as de'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_type_fees as ctf ON de.fk_c_type_fees = ctf.id'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet as p ON de.fk_projet = p.rowid'; - $sql .= ' WHERE de.'.$this->fk_element.' = '.$this->id; + $sql .= " WHERE de.".$this->fk_element." = ".((int) $this->id); if (!empty($conf->global->EXPENSEREPORT_LINES_SORTED_BY_ROWID)) { $sql .= ' ORDER BY de.rang ASC, de.rowid ASC'; } else { @@ -1252,7 +1252,7 @@ class ExpenseReport extends CommonObject $sql .= " fk_statut = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($this->date_valid)."',"; $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1340,7 +1340,7 @@ class ExpenseReport extends CommonObject // Sélection de la date de début de la NDF $sql = 'SELECT date_debut'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); @@ -1351,9 +1351,9 @@ class ExpenseReport extends CommonObject if ($this->status != self::STATUS_VALIDATED) { $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= " SET fk_statut = ".self::STATUS_VALIDATED; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::set_save_from_refuse sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::set_save_from_refuse", LOG_DEBUG); if ($this->db->query($sql)) { return 1; @@ -1386,7 +1386,7 @@ class ExpenseReport extends CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_APPROVED.", fk_user_approve = ".((int) $fuser->id).","; $sql .= " date_approve='".$this->db->idate($this->date_approve)."'"; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$notrigger) { // Call trigger @@ -1438,7 +1438,7 @@ class ExpenseReport extends CommonObject $sql .= " date_refuse='".$this->db->idate($now)."',"; $sql .= " detail_refuse='".$this->db->escape($details)."',"; $sql .= " fk_user_approve = NULL"; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->fk_statut = 99; // deprecated $this->status = 99; @@ -1507,9 +1507,9 @@ class ExpenseReport extends CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= " SET paid = 0, fk_statut = ".self::STATUS_APPROVED; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::set_unpaid sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::set_unpaid", LOG_DEBUG); if ($this->db->query($sql)) { if (!$notrigger) { @@ -1561,9 +1561,9 @@ class ExpenseReport extends CommonObject $sql .= " SET fk_statut = ".self::STATUS_CANCELED.", fk_user_cancel = ".((int) $fuser->id); $sql .= ", date_cancel='".$this->db->idate($this->date_cancel)."'"; $sql .= " ,detail_cancel='".$this->db->escape($detail)."'"; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::set_cancel sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::set_cancel", LOG_DEBUG); if ($this->db->query($sql)) { if (!$notrigger) { @@ -1746,7 +1746,7 @@ class ExpenseReport extends CommonObject $sql .= " total_ht = ".$this->total_ht; $sql .= " , total_ttc = ".$this->total_ttc; $sql .= " , total_tva = ".$this->total_tva; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) : @@ -1776,7 +1776,7 @@ class ExpenseReport extends CommonObject $sql .= " total_ht = ".$this->total_ht; $sql .= " , total_ttc = ".$this->total_ttc; $sql .= " , total_tva = ".$this->total_tva; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) : @@ -2025,12 +2025,12 @@ class ExpenseReport extends CommonObject public function offsetAlreadyGiven() { $sql = 'SELECT e.rowid FROM '.MAIN_DB_PREFIX.'expensereport e'; - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'expensereport_det d ON (e.rowid = d.fk_expensereport)'; - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'c_type_fees f ON (d.fk_c_type_fees = f.id AND f.code = "EX_KME")'; - $sql .= ' WHERE e.fk_user_author = '.(int) $this->fk_user_author; - $sql .= ' AND YEAR(d.date) = "'.dol_print_date($this->line->date, '%Y').'" AND MONTH(d.date) = "'.dol_print_date($this->line->date, '%m').'"'; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport_det d ON (e.rowid = d.fk_expensereport)"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."c_type_fees f ON (d.fk_c_type_fees = f.id AND f.code = 'EX_KME')"; + $sql .= " WHERE e.fk_user_author = ".(int) $this->fk_user_author; + $sql .= " AND YEAR(d.date) = '".dol_print_date($this->line->date, '%Y')."' AND MONTH(d.date) = '".dol_print_date($this->line->date, '%m')."'"; if (!empty($this->line->id)) { - $sql .= ' AND d.rowid <> '.$this->line->id; + $sql .= ' AND d.rowid <> '.((int) $this->line->id); } dol_syslog(get_class($this)."::offsetAlreadyGiven sql=".$sql); @@ -2525,7 +2525,7 @@ class ExpenseReport extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSumPayments", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2759,15 +2759,15 @@ class ExpenseReportLine $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'expensereport e ON (d.fk_expensereport = e.rowid)'; $sql .= ' WHERE e.fk_user_author = '.((int) $fk_user); if (!empty($this->id)) { - $sql .= ' AND d.rowid <> '.$this->id; + $sql .= ' AND d.rowid <> '.((int) $this->id); } $sql .= ' AND d.fk_c_type_fees = '.((int) $rule->fk_c_type_fees); if ($mode == 'day' || $mode == 'EX_DAY') { $sql .= " AND d.date = '".dol_print_date($this->date, '%Y-%m-%d')."'"; } elseif ($mode == 'mon' || $mode == 'EX_MON') { - $sql .= ' AND DATE_FORMAT(d.date, \'%Y-%m\') = \''.dol_print_date($this->date, '%Y-%m').'\''; // @todo DATE_FORMAT is forbidden + $sql .= " AND DATE_FORMAT(d.date, '%Y-%m') = '".dol_print_date($this->date, '%Y-%m')."'"; // @todo DATE_FORMAT is forbidden } elseif ($mode == 'year' || $mode == 'EX_YEA') { - $sql .= ' AND DATE_FORMAT(d.date, \'%Y\') = \''.dol_print_date($this->date, '%Y').'\''; // @todo DATE_FORMAT is forbidden + $sql .= " AND DATE_FORMAT(d.date, '%Y') = '".dol_print_date($this->date, '%Y')."'"; // @todo DATE_FORMAT is forbidden } dol_syslog('ExpenseReportLine::getExpAmount'); diff --git a/htdocs/expensereport/class/expensereport_rule.class.php b/htdocs/expensereport/class/expensereport_rule.class.php index 03ecab10f6a..6299dd7c5bd 100644 --- a/htdocs/expensereport/class/expensereport_rule.class.php +++ b/htdocs/expensereport/class/expensereport_rule.class.php @@ -157,7 +157,7 @@ class ExpenseReportRule extends CoreObject $sql .= ' FROM '.MAIN_DB_PREFIX.'expensereport_rules er'; $sql .= ' WHERE er.entity IN (0,'.getEntity('').')'; if (!empty($fk_c_type_fees)) { - $sql .= ' AND er.fk_c_type_fees IN (-1, '.$fk_c_type_fees.')'; + $sql .= ' AND er.fk_c_type_fees IN (-1, '.((int) $fk_c_type_fees).')'; } if (!empty($date)) { $sql .= " AND er.dates <= '".dol_print_date($date, '%Y-%m-%d')."'"; @@ -170,7 +170,7 @@ class ExpenseReportRule extends CoreObject } $sql .= ' ORDER BY er.is_for_all, er.fk_usergroup, er.fk_user'; - dol_syslog("ExpenseReportRule::getAllRule sql=".$sql); + dol_syslog("ExpenseReportRule::getAllRule"); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/expensereport/class/expensereportstats.class.php b/htdocs/expensereport/class/expensereportstats.class.php index 8f3574f2952..e36b1c1e49e 100644 --- a/htdocs/expensereport/class/expensereportstats.class.php +++ b/htdocs/expensereport/class/expensereportstats.class.php @@ -71,7 +71,7 @@ class ExpenseReportStats extends Stats //$this->where.= " AND entity = ".$conf->entity; if ($this->socid) { - $this->where .= " AND e.fk_soc = ".$this->socid; + $this->where .= " AND e.fk_soc = ".((int) $this->socid); } // Only me and subordinates @@ -94,7 +94,7 @@ class ExpenseReportStats extends Stats */ public function getNbByYear() { - $sql = "SELECT YEAR(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).") as dm, count(*)"; + $sql = "SELECT YEAR(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).") as dm, count(*)"; $sql .= " FROM ".$this->from; $sql .= " GROUP BY dm DESC"; $sql .= " WHERE ".$this->where; @@ -112,7 +112,7 @@ class ExpenseReportStats extends Stats */ public function getNbByMonth($year, $format = 0) { - $sql = "SELECT MONTH(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).") as dm, count(*)"; + $sql = "SELECT MONTH(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).") as dm, count(*)"; $sql .= " FROM ".$this->from; $sql .= " WHERE YEAR(e.".$this->datetouse.") = ".((int) $year); $sql .= " AND ".$this->where; @@ -134,9 +134,9 @@ class ExpenseReportStats extends Stats */ public function getAmountByMonth($year, $format = 0) { - $sql = "SELECT date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%m') as dm, sum(".$this->field.")"; + $sql = "SELECT date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%m') as dm, sum(".$this->field.")"; $sql .= " FROM ".$this->from; - $sql .= " WHERE date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') = '".$this->db->escape($year)."'"; + $sql .= " WHERE date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%Y') = '".$this->db->escape($year)."'"; $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -154,9 +154,9 @@ class ExpenseReportStats extends Stats */ public function getAverageByMonth($year) { - $sql = "SELECT date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%m') as dm, avg(".$this->field.")"; + $sql = "SELECT date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%m') as dm, avg(".$this->field.")"; $sql .= " FROM ".$this->from; - $sql .= " WHERE date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') = '".$this->db->escape($year)."'"; + $sql .= " WHERE date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%Y') = '".$this->db->escape($year)."'"; $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -171,7 +171,7 @@ class ExpenseReportStats extends Stats */ public function getAllByYear() { - $sql = "SELECT date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg"; + $sql = "SELECT date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg"; $sql .= " FROM ".$this->from; $sql .= " WHERE ".$this->where; $sql .= " GROUP BY year"; diff --git a/htdocs/expensereport/class/paymentexpensereport.class.php b/htdocs/expensereport/class/paymentexpensereport.class.php index 6e3e8d34137..48adeab929d 100644 --- a/htdocs/expensereport/class/paymentexpensereport.class.php +++ b/htdocs/expensereport/class/paymentexpensereport.class.php @@ -359,7 +359,7 @@ class PaymentExpenseReport extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_url"; - $sql .= " WHERE type='payment_expensereport' AND url_id=".$this->id; + $sql .= " WHERE type='payment_expensereport' AND url_id=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index 1f3468d06fc..760c25e4db8 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -277,7 +277,7 @@ $sql .= " u.rowid as id_user, u.firstname, u.lastname, u.login, u.email, u.statu // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -487,9 +487,7 @@ if ($resql) { print ''; } else { - print '
'; - print ''; - print '

'; + print $form->buttonsSaveCancel("Save", ''); } } else { $title = $langs->trans("ListTripsAndExpenses"); diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php index b7057af86fc..85c9c813598 100644 --- a/htdocs/expensereport/payment/payment.php +++ b/htdocs/expensereport/payment/payment.php @@ -324,11 +324,7 @@ if ($action == 'create' || empty($action)) { print "
'; if (is_array($lines[$i]->detail_batch) && count($lines[$i]->detail_batch) > 0) { print ''; $line = new ExpeditionLigne($db); @@ -2252,6 +2267,16 @@ if ($action == 'create') { print ''; print ''; } + } elseif (empty($conf->stock->enabled) && empty($conf->productbatch->enabled)) { // both product batch and stock are not activated. + print ''; + print ''; + // Qty to ship or shipped + print ''; + // Warehouse source + print ''; + // Batch number managment + print ''; + print ''; } print '
'; + $shipment->fetch_delivery_methods(); + print $form->selectarray("search_shipping_method_id", $shipment->meths, $search_shipping_method_id, 1, 0, 0, "", 1); + print "'; @@ -718,6 +735,9 @@ if (!empty($arrayfields['e.weight']['checked'])) { if (!empty($arrayfields['e.date_delivery']['checked'])) { print_liste_field_titre($arrayfields['e.date_delivery']['label'], $_SERVER["PHP_SELF"], "e.date_delivery", "", $param, '', $sortfield, $sortorder, 'center '); } +if (!empty($arrayfields['e.shipping_method_id']['checked'])) { + print_liste_field_titre($arrayfields['e.shipping_method_id']['label'], $_SERVER["PHP_SELF"], "e.fk_shipping_method", "", $param, '', $sortfield, $sortorder, 'center '); +} if (!empty($arrayfields['e.tracking_number']['checked'])) { print_liste_field_titre($arrayfields['e.tracking_number']['label'], $_SERVER["PHP_SELF"], "e.tracking_number", "", $param, '', $sortfield, $sortorder, 'center '); } @@ -756,6 +776,7 @@ while ($i < min($num, $limit)) { $shipment->id = $obj->rowid; $shipment->ref = $obj->ref; + $shipment->shipping_method_id=$obj->fk_shipping_method; $companystatic->id = $obj->socid; $companystatic->ref = $obj->name; @@ -863,9 +884,18 @@ while ($i < min($num, $limit)) { print dol_print_date($db->jdate($obj->delivery_date), "dayhour"); print "'; + if ($shipment->shipping_method_id > 0) print $langs->trans("SendingMethod".strtoupper($code)); + print ''.$obj->tracking_number."'.$shipment->tracking_url."'; print ''; - print ''; - print '
'; - print '
'; + print $form->buttonsSaveCancel("Add", '', '', 1); + print '
"; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print "\n"; } diff --git a/htdocs/exports/class/export.class.php b/htdocs/exports/class/export.class.php index b8960572255..50acd166237 100644 --- a/htdocs/exports/class/export.class.php +++ b/htdocs/exports/class/export.class.php @@ -297,20 +297,23 @@ class Export * @param string $TypeField Type of Field to filter * @param string $NameField Name of the field to filter * @param string $ValueField Value of the field for filter. Must not be '' - * @return string sql string of then field ex : "field='xxx'>" + * @return string SQL string of then field ex : "field='xxx'" */ public function build_filterQuery($TypeField, $NameField, $ValueField) { // phpcs:enable + $NameField = checkVal($NameField, 'aZ09'); + $szFilterQuery = ''; + //print $TypeField." ".$NameField." ".$ValueField; $InfoFieldList = explode(":", $TypeField); // build the input field on depend of the type of file switch ($InfoFieldList[0]) { case 'Text': if (!(strpos($ValueField, '%') === false)) { - $szFilterQuery .= " ".$NameField." LIKE '".$ValueField."'"; + $szFilterQuery = " ".$NameField." LIKE '".$this->db->escape($ValueField)."'"; } else { - $szFilterQuery .= " ".$NameField." = '".$ValueField."'"; + $szFilterQuery = " ".$NameField." = '".$this->db->escape($ValueField)."'"; } break; case 'Date': @@ -330,17 +333,17 @@ class Export case 'Duree': break; case 'Numeric': - // si le signe - + // if there is a signe + if (strpos($ValueField, "+") > 0) { // mode plage $ValueArray = explode("+", $ValueField); - $szFilterQuery = "(".$NameField.">=".$ValueArray[0]; - $szFilterQuery .= " AND ".$NameField."<=".$ValueArray[1].")"; + $szFilterQuery = "(".$NameField." >= ".((float) $ValueArray[0]); + $szFilterQuery .= " AND ".$NameField." <= ".((float) $ValueArray[1]).")"; } else { if (is_numeric(substr($ValueField, 0, 1))) { - $szFilterQuery = " ".$NameField."=".$ValueField; + $szFilterQuery = " ".$NameField." = ".((float) $ValueField); } else { - $szFilterQuery = " ".$NameField.substr($ValueField, 0, 1).substr($ValueField, 1); + $szFilterQuery = " ".$NameField.substr($ValueField, 0, 1).((float) substr($ValueField, 1)); } } break; @@ -350,12 +353,12 @@ class Export case 'Status': case 'List': if (is_numeric($ValueField)) { - $szFilterQuery = " ".$NameField."=".$ValueField; + $szFilterQuery = " ".$NameField." = ".((float) $ValueField); } else { if (!(strpos($ValueField, '%') === false)) { - $szFilterQuery = " ".$NameField." LIKE '".$ValueField."'"; + $szFilterQuery = " ".$NameField." LIKE '".$this->db->escape($ValueField)."'"; } else { - $szFilterQuery = " ".$NameField." = '".$ValueField."'"; + $szFilterQuery = " ".$NameField." = '".$this->db->escape($ValueField)."'"; } } break; @@ -452,14 +455,14 @@ class Export } else { $keyList = 'rowid'; } - $sql = 'SELECT '.$keyList.' as rowid, '.$InfoFieldList[2].' as label'.(empty($InfoFieldList[3]) ? '' : ', '.$InfoFieldList[3].' as code'); + $sql = "SELECT ".$keyList." as rowid, ".$InfoFieldList[2]." as label".(empty($InfoFieldList[3]) ? "" : ", ".$InfoFieldList[3]." as code"); if ($InfoFieldList[1] == 'c_stcomm') { - $sql = 'SELECT id as id, '.$keyList.' as rowid, '.$InfoFieldList[2].' as label'.(empty($InfoFieldList[3]) ? '' : ', '.$InfoFieldList[3].' as code'); + $sql = "SELECT id as id, ".$keyList." as rowid, ".$InfoFieldList[2]." as label".(empty($InfoFieldList[3]) ? "" : ", ".$InfoFieldList[3].' as code'); } if ($InfoFieldList[1] == 'c_country') { - $sql = 'SELECT '.$keyList.' as rowid, '.$InfoFieldList[2].' as label, code as code'; + $sql = "SELECT ".$keyList." as rowid, ".$InfoFieldList[2]." as label, code as code"; } - $sql .= ' FROM '.MAIN_DB_PREFIX.$InfoFieldList[1]; + $sql .= " FROM ".MAIN_DB_PREFIX.$InfoFieldList[1]; if (!empty($InfoFieldList[4])) { $sql .= ' WHERE entity IN ('.getEntity($InfoFieldList[4]).')'; } diff --git a/htdocs/externalsite/admin/index.php b/htdocs/externalsite/admin/index.php index a9a41c5e555..d8dbb316593 100644 --- a/htdocs/externalsite/admin/index.php +++ b/htdocs/externalsite/admin/index.php @@ -124,9 +124,7 @@ print ""; print ""; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index 44ff46b233c..72a3fdd654b 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -436,10 +436,8 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); + print "\n"; } else { dol_print_error('', "Error, no fichinter ".$object->id); @@ -457,11 +455,9 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; print ''; print ''; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraftIntervention", ''); print ''; } else { @@ -605,7 +601,7 @@ if ($action == 'create') { print ' '; print $form->selectarray('unit_frequency', array('d'=>$langs->trans('Day'), 'm'=>$langs->trans('Month'), 'y'=>$langs->trans('Year')), ($object->unit_frequency ? $object->unit_frequency : 'm')); print ''; - print ''; + print ''; print ''; } else { if ($object->frequency > 0) { @@ -774,7 +770,7 @@ if ($action == 'create') { $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_ref) { $sql .= natural_search('f.titre', $search_ref); diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index d15f036b963..9f94b94ffc5 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -977,11 +977,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraftIntervention"); // Show origin lines if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { @@ -1017,12 +1013,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraftIntervention"); print ''; } @@ -1288,7 +1279,7 @@ if ($action == 'create') { $sql = 'SELECT ft.rowid, ft.description, ft.fk_fichinter, ft.duree, ft.rang,'; $sql .= ' ft.date as date_intervention'; $sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet as ft'; - $sql .= ' WHERE ft.fk_fichinter = '.$object->id; + $sql .= ' WHERE ft.fk_fichinter = '.((int) $object->id); if (!empty($conf->global->FICHINTER_HIDE_EMPTY_DURATION)) { $sql .= ' AND ft.duree <> 0'; } @@ -1500,7 +1491,7 @@ if ($action == 'create') { } print ''; - print ''; + print ''; print ''; //Line extrafield diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index 0bb5d2522ab..23766a91bbe 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -206,7 +206,7 @@ class Fichinter extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON fi.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." fi.entity IN (".getEntity('intervention').")"; @@ -383,8 +383,8 @@ class Fichinter extends CommonObject $sql .= ", fk_projet = ".((int) $this->fk_project); $sql .= ", note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null"); $sql .= ", note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null"); - $sql .= ", fk_user_modif = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ", fk_user_modif = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); if ($this->db->query($sql)) { @@ -510,7 +510,7 @@ class Fichinter extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -570,11 +570,11 @@ class Fichinter extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter"; $sql .= " SET fk_statut = 1"; - $sql .= ", ref = '".$num."'"; + $sql .= ", ref = '".$this->db->escape($num)."'"; $sql .= ", date_valid = '".$this->db->idate($now)."'"; - $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= ", fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND fk_statut = 0"; dol_syslog(get_class($this)."::setValid", LOG_DEBUG); @@ -975,7 +975,7 @@ class Fichinter extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'fichinterdet'; $ef = $main."_extrafields"; - $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_fichinter = ".$this->id.")"; + $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_fichinter = ".((int) $this->id).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -985,7 +985,7 @@ class Fichinter extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet"; - $sql .= " WHERE fk_fichinter = ".$this->id; + $sql .= " WHERE fk_fichinter = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1004,7 +1004,7 @@ class Fichinter extends CommonObject if (!$error) { // Delete object $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("Fichinter::delete", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1066,7 +1066,7 @@ class Fichinter extends CommonObject if ($user->rights->ficheinter->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter "; $sql .= " SET datei = '".$this->db->idate($date_delivery)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = 0"; if ($this->db->query($sql)) { @@ -1097,7 +1097,7 @@ class Fichinter extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter "; $sql .= " SET description = '".$this->db->escape($description)."',"; $sql .= " fk_user_modif = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->description = $description; @@ -1127,7 +1127,7 @@ class Fichinter extends CommonObject if ($user->rights->ficheinter->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter "; $sql .= " SET fk_contrat = ".((int) $contractid); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->fk_contrat = $contractid; @@ -1322,7 +1322,7 @@ class Fichinter extends CommonObject $sql = 'SELECT rowid, fk_fichinter, description, duree, date, rang'; $sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet'; - $sql .= ' WHERE fk_fichinter = '.$this->id.' ORDER BY rang ASC, date ASC'; + $sql .= ' WHERE fk_fichinter = '.((int) $this->id).' ORDER BY rang ASC, date ASC'; dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1481,7 +1481,7 @@ class FichinterLigne extends CommonObjectLine if ($rangToUse == -1) { // Recupere rang max de la ligne d'intervention dans $rangmax $sql = 'SELECT max(rang) as max FROM '.MAIN_DB_PREFIX.'fichinterdet'; - $sql .= ' WHERE fk_fichinter ='.$this->fk_fichinter; + $sql .= ' WHERE fk_fichinter = '.((int) $this->fk_fichinter); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -1496,7 +1496,7 @@ class FichinterLigne extends CommonObjectLine // Insertion dans base de la ligne $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'fichinterdet'; $sql .= ' (fk_fichinter, description, date, duree, rang)'; - $sql .= " VALUES (".$this->fk_fichinter.","; + $sql .= " VALUES (".((int) $this->fk_fichinter).","; $sql .= " '".$this->db->escape($this->desc)."',"; $sql .= " '".$this->db->idate($this->datei)."',"; $sql .= " ".((int) $this->duration).","; @@ -1568,7 +1568,7 @@ class FichinterLigne extends CommonObjectLine $sql .= ",date='".$this->db->idate($this->datei)."'"; $sql .= ",duree=".$this->duration; $sql .= ",rang='".$this->db->escape($this->rang)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("FichinterLigne::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1680,7 +1680,7 @@ class FichinterLigne extends CommonObjectLine return -1; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php index 4fe35c32a2c..d23c25253ac 100644 --- a/htdocs/fichinter/class/fichinterrec.class.php +++ b/htdocs/fichinter/class/fichinterrec.class.php @@ -356,7 +356,7 @@ class FichinterRec extends Fichinter $sql .= ' p.label as product_label, p.description as product_desc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet_rec as l'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; - $sql .= ' WHERE l.fk_fichinter = '.$this->id; + $sql .= ' WHERE l.fk_fichinter = '.((int) $this->id); dol_syslog('FichInter-rec::fetch_lines', LOG_DEBUG); $result = $this->db->query($sql); @@ -599,7 +599,7 @@ class FichinterRec extends Fichinter $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter_rec "; $sql .= " SET frequency='".$this->db->escape($freq)."'"; $sql .= ", date_last_gen='".$this->db->escape($courant)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); @@ -718,7 +718,7 @@ class FichinterRec extends Fichinter if (!empty($unit)) { $sql .= ', unit_frequency = "'.$this->db->escape($unit).'"'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setFrequencyAndUnit", LOG_DEBUG); if ($this->db->query($sql)) { @@ -751,7 +751,7 @@ class FichinterRec extends Fichinter if ($increment_nb_gen_done > 0) { $sql .= ', nb_gen_done = nb_gen_done + 1'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setNextDate", LOG_DEBUG); if ($this->db->query($sql)) { @@ -844,7 +844,7 @@ class FichinterRec extends Fichinter $sql .= ' , statut = 1'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/fichinter/index.php b/htdocs/fichinter/index.php index 2d69046b4ba..8eca043ef40 100644 --- a/htdocs/fichinter/index.php +++ b/htdocs/fichinter/index.php @@ -80,10 +80,10 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE f.entity IN (".getEntity('intervention').")"; $sql .= " AND f.fk_soc = s.rowid"; if ($user->socid) { - $sql .= ' AND f.fk_soc = '.$user->socid; + $sql .= ' AND f.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY f.fk_statut"; $resql = $db->query($sql); @@ -199,10 +199,10 @@ if (!empty($conf->ficheinter->enabled)) { $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.fk_statut = 0"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -249,10 +249,10 @@ $sql .= " WHERE f.entity IN (".getEntity('intervention').")"; $sql .= " AND f.fk_soc = s.rowid"; //$sql.= " AND c.fk_statut > 2"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.tms DESC"; $sql .= $db->plimit($max, 0); @@ -322,10 +322,10 @@ if (!empty($conf->ficheinter->enabled)) { $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.fk_statut = 1"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.rowid DESC"; diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 3f86fc18795..6f4dccd878d 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -231,7 +231,7 @@ if (!empty($conf->contrat->enabled)) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -286,7 +286,7 @@ if ($search_status != '' && $search_status >= 0) { $sql .= ' AND f.fk_statut = '.urlencode($search_status); } if (!$user->rights->societe->client->voir && empty($socid)) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/fourn/card.php b/htdocs/fourn/card.php index 866fd31318e..599242375d2 100644 --- a/htdocs/fourn/card.php +++ b/htdocs/fourn/card.php @@ -519,7 +519,7 @@ if ($object->id > 0) { $sql .= ' FROM '.MAIN_DB_PREFIX.'product_fournisseur_price as pfp'; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = pfp.fk_product"; $sql .= ' WHERE p.entity IN ('.getEntity('product').')'; - $sql .= ' AND pfp.fk_soc = '.$object->id; + $sql .= ' AND pfp.fk_soc = '.((int) $object->id); $sql .= $db->order('pfp.tms', 'desc'); $sql .= $db->plimit($MAXLIST); @@ -589,7 +589,7 @@ if ($object->id > 0) { $sql = "SELECT p.rowid, p.ref, p.date_valid as dc, p.fk_statut, p.total_ht, p.total_tva, p.total_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p "; - $sql .= " WHERE p.fk_soc =".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " ORDER BY p.date_valid DESC"; $sql .= $db->plimit($MAXLIST); @@ -658,7 +658,7 @@ if ($object->id > 0) { $sql2 .= ', '.MAIN_DB_PREFIX.'commande_fournisseur as c'; $sql2 .= ' WHERE c.fk_soc = s.rowid'; $sql2 .= " AND c.entity IN (".getEntity('commande_fournisseur').")"; - $sql2 .= ' AND s.rowid = '.$object->id; + $sql2 .= ' AND s.rowid = '.((int) $object->id); // Show orders we can bill if (empty($conf->global->SUPPLIER_ORDER_TO_INVOICE_STATUS)) { $sql2 .= " AND c.fk_statut IN (".$db->sanitize(CommandeFournisseur::STATUS_RECEIVED_COMPLETELY).")"; // Must match filter in htdocs/fourn/commande/list.php @@ -681,7 +681,7 @@ if ($object->id > 0) { // TODO move to DAO class $sql = "SELECT count(p.rowid) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as p"; - $sql .= " WHERE p.fk_soc =".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('commande_fournisseur').")"; $resql = $db->query($sql); if ($resql) { @@ -691,7 +691,7 @@ if ($object->id > 0) { $sql = "SELECT p.rowid,p.ref, p.date_commande as dc, p.fk_statut, p.total_ht, p.total_tva, p.total_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as p"; - $sql .= " WHERE p.fk_soc =".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('commande_fournisseur').")"; $sql .= " ORDER BY p.date_commande DESC"; $sql .= $db->plimit($MAXLIST); @@ -758,7 +758,7 @@ if ($object->id > 0) { $sql .= ' SUM(pf.amount) as am'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn as f'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON f.rowid=pf.fk_facturefourn'; - $sql .= ' WHERE f.fk_soc = '.$object->id; + $sql .= ' WHERE f.fk_soc = '.((int) $object->id); $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; $sql .= ' GROUP BY f.rowid,f.libelle,f.ref,f.ref_supplier,f.fk_statut,f.datef,f.total_ht,f.total_tva,f.total_ttc,f.paye'; $sql .= ' ORDER BY f.datef DESC'; diff --git a/htdocs/fourn/class/fournisseur.class.php b/htdocs/fourn/class/fournisseur.class.php index 1ab1095a191..805ed7c1ba6 100644 --- a/htdocs/fourn/class/fournisseur.class.php +++ b/htdocs/fourn/class/fournisseur.class.php @@ -59,7 +59,7 @@ class Fournisseur extends Societe { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as cf"; - $sql .= " WHERE cf.fk_soc = ".$this->id; + $sql .= " WHERE cf.fk_soc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -86,7 +86,7 @@ class Fournisseur extends Societe $sql = "SELECT count(pfp.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; $sql .= " WHERE pfp.entity = ".$conf->entity; - $sql .= " AND pfp.fk_soc = ".$this->id; + $sql .= " AND pfp.fk_soc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -115,7 +115,7 @@ class Fournisseur extends Societe $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." s.fournisseur = 1"; @@ -184,7 +184,7 @@ class Fournisseur extends Societe $sql .= " WHERE s.fournisseur = 1"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index ff84e67122c..9d965ee034e 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -471,9 +471,9 @@ class CommandeFournisseur extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".$this->socid; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".((int) $this->socid); } - $sql .= " WHERE l.fk_commande = ".$this->id; + $sql .= " WHERE l.fk_commande = ".((int) $this->id); if ($only_product) { $sql .= ' AND p.fk_product_type = 0'; } @@ -601,8 +601,8 @@ class CommandeFournisseur extends CommonOrder $sql .= " SET ref='".$this->db->escape($num)."',"; $sql .= " fk_statut = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate(dol_now())."',"; - $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_DRAFT; $resql = $this->db->query($sql); @@ -627,7 +627,7 @@ class CommandeFournisseur extends CommonOrder if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'fournisseur/commande/".$this->db->escape($this->newref)."'"; - $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'fournisseur/commande/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'fournisseur/commande/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { $error++; $this->error = $this->db->lasterror(); @@ -930,7 +930,7 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur SET billed = 1'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT; if ($this->db->query($sql)) { if (!$error) { @@ -1011,7 +1011,7 @@ class CommandeFournisseur extends CommonOrder } else // request a second level approval { $sql .= " date_approve2='".$this->db->idate($now)."',"; - $sql .= " fk_user_approve2 = ".$user->id; + $sql .= " fk_user_approve2 = ".((int) $user->id); if (empty($this->user_approve_id)) { $movetoapprovestatus = false; // first level approval not done } @@ -1023,7 +1023,7 @@ class CommandeFournisseur extends CommonOrder } else { $sql .= ", fk_statut = ".self::STATUS_VALIDATED; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; if ($this->db->query($sql)) { @@ -1121,7 +1121,7 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".self::STATUS_REFUSED; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $result = 0; @@ -1173,7 +1173,7 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".((int) $statut); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::cancel", LOG_DEBUG); if ($this->db->query($sql)) { $result = 0; @@ -2099,7 +2099,7 @@ class CommandeFournisseur extends CommonOrder $main = MAIN_DB_PREFIX.'commande_fournisseurdet'; $ef = $main."_extrafields"; - $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_commande = ".$this->id.")"; + $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_commande = ".((int) $this->id).")"; dol_syslog(get_class($this)."::delete extrafields lines", LOG_DEBUG); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -2107,7 +2107,7 @@ class CommandeFournisseur extends CommonOrder $error++; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseurdet WHERE fk_commande =".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseurdet WHERE fk_commande =".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -2115,7 +2115,7 @@ class CommandeFournisseur extends CommonOrder $error++; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE rowid =".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE rowid =".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if ($resql = $this->db->query($sql)) { if ($this->db->affected_rows($resql) < 1) { @@ -2236,10 +2236,10 @@ class CommandeFournisseur extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."product as p,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as cfd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."entrepot as e ON cfd.fk_entrepot = e.rowid"; - $sql .= " WHERE cfd.fk_commande = ".$this->id; + $sql .= " WHERE cfd.fk_commande = ".((int) $this->id); $sql .= " AND cfd.fk_product = p.rowid"; if ($status >= 0) { - $sql .= " AND cfd.status = ".$status; + $sql .= " AND cfd.status = ".((int) $status); } $sql .= " ORDER BY cfd.rowid ASC"; @@ -2335,7 +2335,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET fk_statut = ".((int) $statut); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut IN (".self::STATUS_ORDERSENT.",".self::STATUS_RECEIVED_PARTIALLY.")"; // Process running or Partially received dol_syslog(get_class($this)."::Livraison", LOG_DEBUG); @@ -2409,7 +2409,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET date_livraison = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2468,7 +2468,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET fk_projet = ".($id_projet > 0 ? (int) $id_projet : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2537,10 +2537,10 @@ class CommandeFournisseur extends CommonOrder $sql = "INSERT INTO ".MAIN_DB_PREFIX."commande_fournisseurdet"; $sql .= " (fk_commande, label, description, fk_product, price, qty, tva_tx, localtax1_tx, localtax2_tx, remise_percent, subprice, remise, ref)"; - $sql .= " VALUES (".$idc.", '".$this->db->escape($label)."', ".$this->db->escape($comclient->lines[$i]->desc); - $sql .= ",".$comclient->lines[$i]->fk_product.", ".price2num($comclient->lines[$i]->price); - $sql .= ", ".$comclient->lines[$i]->qty.", ".$comclient->lines[$i]->tva_tx.", ".$comclient->lines[$i]->localtax1_tx.", ".$comclient->lines[$i]->localtax2_tx.", ".$comclient->lines[$i]->remise_percent; - $sql .= ", '".price2num($comclient->lines[$i]->subprice)."','0', '".$this->db->escape($ref)."');"; + $sql .= " VALUES (".((int) $idc).", '".$this->db->escape($label)."', '".$this->db->escape($comclient->lines[$i]->desc)."'"; + $sql .= ",".$comclient->lines[$i]->fk_product.", ".price2num($comclient->lines[$i]->price, 'MU'); + $sql .= ", ".price2num($comclient->lines[$i]->qty, 'MS').", ".price2num($comclient->lines[$i]->tva_tx, 5).", ".price2num($comclient->lines[$i]->localtax1_tx, 5).", ".price2num($comclient->lines[$i]->localtax2_tx, 5).", ".price2num($comclient->lines[$i]->remise_percent, 3); + $sql .= ", '".price2num($comclient->lines[$i]->subprice, 'MT')."','0', '".$this->db->escape($ref)."');"; if ($this->db->query($sql)) { $this->update_price(); } @@ -2564,8 +2564,8 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur'; - $sql .= ' SET fk_statut='.$status; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " SET fk_statut = ".$status; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setStatus", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2961,10 +2961,10 @@ class CommandeFournisseur extends CommonOrder $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } - $sql .= " ".$clause." co.entity = ".$conf->entity; + $sql .= " ".$clause." co.entity IN (".getEntity('supplier_order').")"; $resql = $this->db->query($sql); if ($resql) { @@ -2999,7 +2999,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as c"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." c.entity = ".$conf->entity; @@ -3009,7 +3009,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " AND c.fk_statut IN (".self::STATUS_VALIDATED.", ".self::STATUS_ACCEPTED.")"; } if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3399,12 +3399,12 @@ class CommandeFournisseur extends CommonOrder $sql .= ' cfd.fk_reception = e.rowid AND'; } $sql .= ' cfd.fk_commandefourndet = cd.rowid'; - $sql .= ' AND cd.fk_commande ='.$this->id; + $sql .= ' AND cd.fk_commande ='.((int) $this->id); if ($this->fk_product > 0) { - $sql .= ' AND cd.fk_product = '.$this->fk_product; + $sql .= ' AND cd.fk_product = '.((int) $this->fk_product); } if ($filtre_statut >= 0) { - $sql .= ' AND e.fk_statut >= '.$filtre_statut; + $sql .= ' AND e.fk_statut >= '.((int) $filtre_statut); } $sql .= ' GROUP BY cd.rowid, cd.fk_product'; @@ -3790,7 +3790,7 @@ class CommandeFournisseurLigne extends CommonOrderLine $sql .= ", multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= ", multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::updateline", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php index cd1ff267fb7..fcf1c6a50f4 100644 --- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php +++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php @@ -666,13 +666,13 @@ class CommandeFournisseurDispatch extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.comment') { - $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere [] = $key." LIKE '%".$this->db->escape($value)."%'"; } elseif ($key == 't.datec' || $key == 't.tms' || $key == 't.eatby' || $key == 't.sellby' || $key == 't.batch') { - $sqlwhere [] = $key.' = \''.$this->db->escape($value).'\''; + $sqlwhere [] = $key." = '".$this->db->escape($value)."'"; } elseif ($key == 'qty') { - $sqlwhere [] = $key.' = '.((float) $value); + $sqlwhere [] = $key." = ".((float) $value); } else { - $sqlwhere [] = $key.' = '.((int) $value); + $sqlwhere [] = $key." = ".((int) $value); } } } @@ -684,7 +684,7 @@ class CommandeFournisseurDispatch extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $this->lines = array(); diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 049bcf89c8b..9980e084789 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -438,19 +438,19 @@ class FactureFournisseur extends CommonInvoice $sql .= " VALUES ("; $sql .= "'(PROV)'"; $sql .= ", '".$this->db->escape($this->ref_supplier)."'"; - $sql .= ", ".$conf->entity; + $sql .= ", ".((int) $conf->entity); $sql .= ", '".$this->db->escape($this->type)."'"; $sql .= ", '".$this->db->escape(isset($this->label) ? $this->label : (isset($this->libelle) ? $this->libelle : ''))."'"; - $sql .= ", ".$this->socid; + $sql .= ", ".((int) $this->socid); $sql .= ", '".$this->db->idate($now)."'"; $sql .= ", '".$this->db->idate($this->date)."'"; - $sql .= ", ".($this->fk_project > 0 ? $this->fk_project : "null"); - $sql .= ", ".($this->cond_reglement_id > 0 ? $this->cond_reglement_id : "null"); - $sql .= ", ".($this->mode_reglement_id > 0 ? $this->mode_reglement_id : "null"); - $sql .= ", ".($this->fk_account > 0 ? $this->fk_account : 'NULL'); + $sql .= ", ".($this->fk_project > 0 ? ((int) $this->fk_project) : "null"); + $sql .= ", ".($this->cond_reglement_id > 0 ? ((int) $this->cond_reglement_id) : "null"); + $sql .= ", ".($this->mode_reglement_id > 0 ? ((int) $this->mode_reglement_id) : "null"); + $sql .= ", ".($this->fk_account > 0 ? ((int) $this->fk_account) : 'NULL'); $sql .= ", '".$this->db->escape($this->note_private)."'"; $sql .= ", '".$this->db->escape($this->note_public)."'"; - $sql .= ", ".$user->id.","; + $sql .= ", ".((int) $user->id).","; $sql .= $this->date_echeance != '' ? "'".$this->db->idate($this->date_echeance)."'" : "null"; $sql .= ", ".(int) $this->fk_incoterms; $sql .= ", '".$this->db->escape($this->location_incoterms)."'"; @@ -506,7 +506,7 @@ class FactureFournisseur extends CommonInvoice dol_syslog("There is ".count($this->lines)." lines that are invoice lines objects"); foreach ($this->lines as $i => $val) { $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'facture_fourn_det (fk_facture_fourn, special_code, fk_remise_except)'; - $sql .= ' VALUES ('.$this->id.','.intval($this->lines[$i]->special_code).','.($this->lines[$i]->fk_remise_except > 0 ? $this->lines[$i]->fk_remise_except : 'NULL').')'; + $sql .= " VALUES (".((int) $this->id).", ".((int) $this->lines[$i]->special_code).", ".($this->lines[$i]->fk_remise_except > 0 ? ((int) $this->lines[$i]->fk_remise_except) : 'NULL').')'; $resql_insert = $this->db->query($sql); if ($resql_insert) { @@ -552,7 +552,7 @@ class FactureFournisseur extends CommonInvoice } $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'facture_fourn_det (fk_facture_fourn, special_code, fk_remise_except)'; - $sql .= ' VALUES ('.$this->id.','.intval($this->lines[$i]->special_code).','.($this->lines[$i]->fk_remise_except > 0 ? $this->lines[$i]->fk_remise_except : 'NULL').')'; + $sql .= " VALUES (".((int) $this->id).", ".((int) $this->lines[$i]->special_code).", ".($this->lines[$i]->fk_remise_except > 0 ? ((int) $this->lines[$i]->fk_remise_except) : 'NULL').')'; $resql_insert = $this->db->query($sql); if ($resql_insert) { @@ -818,7 +818,7 @@ class FactureFournisseur extends CommonInvoice $sql .= ', f.fk_code_ventilation, f.fk_multicurrency, f.multicurrency_code, f.multicurrency_subprice, f.multicurrency_total_ht, f.multicurrency_total_tva, f.multicurrency_total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn_det as f'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON f.fk_product = p.rowid'; - $sql .= ' WHERE fk_facture_fourn='.$this->id; + $sql .= ' WHERE fk_facture_fourn='.((int) $this->id); $sql .= ' ORDER BY f.rang, f.rowid'; dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG); @@ -1375,7 +1375,7 @@ class FactureFournisseur extends CommonInvoice if ($close_note) { $sql .= ", close_note='".$this->db->escape($close_note)."'"; } - $sql .= ', fk_user_closing = '.$user->id; + $sql .= ', fk_user_closing = '.((int) $user->id); $sql .= ", date_closing = '".$this->db->idate($now)."'"; $sql .= ' WHERE rowid = '.((int) $this->id); @@ -1491,7 +1491,7 @@ class FactureFournisseur extends CommonInvoice if ($close_note) { $sql .= ", close_note='".$this->db->escape($close_note)."'"; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1499,7 +1499,7 @@ class FactureFournisseur extends CommonInvoice // as they have not been used since the invoice is abandoned. $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_invoice_supplier = NULL'; - $sql .= ' WHERE fk_invoice_supplier = '.$this->id; + $sql .= ' WHERE fk_invoice_supplier = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1579,7 +1579,7 @@ class FactureFournisseur extends CommonInvoice $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn"; $sql .= " SET ref='".$this->db->escape($num)."', fk_statut = 1, fk_user_valid = ".((int) $user->id).", date_valid = '".$this->db->idate($now)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1706,7 +1706,7 @@ class FactureFournisseur extends CommonInvoice $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -2314,7 +2314,7 @@ class FactureFournisseur extends CommonInvoice $sql .= " AND pf.fk_paiementfourn IS NULL"; // Aucun paiement deja fait $sql .= " AND ff.fk_statut IS NULL"; // Renvoi vrai si pas facture de remplacement if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " ORDER BY f.ref"; @@ -2362,7 +2362,7 @@ class FactureFournisseur extends CommonInvoice $sql .= " AND ff.type=".self::TYPE_REPLACEMENT.")"; $sql .= " AND f.type != ".self::TYPE_CREDIT_NOTE; // Type non 2 si facture non avoir if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " ORDER BY f.ref"; @@ -2411,10 +2411,10 @@ class FactureFournisseur extends CommonInvoice $sql .= ' AND ff.fk_statut > 0'; $sql .= " AND ff.entity = ".$conf->entity; if ($user->socid) { - $sql .= ' AND ff.fk_soc = '.$user->socid; + $sql .= ' AND ff.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $this->db->query($sql); @@ -2761,7 +2761,7 @@ class FactureFournisseur extends CommonInvoice $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." f.entity = ".$conf->entity; @@ -2946,7 +2946,7 @@ class FactureFournisseur extends CommonInvoice { $isUsed = false; - $sql = "SELECT fk_invoice_supplier FROM ".MAIN_DB_PREFIX."societe_remise_except WHERE fk_invoice_supplier_source=".$this->id; + $sql = "SELECT fk_invoice_supplier FROM ".MAIN_DB_PREFIX."societe_remise_except WHERE fk_invoice_supplier_source = ".((int) $this->id); $resql = $this->db->query($sql); if (!empty($resql)) { $obj = $this->db->fetch_object($resql); @@ -3317,7 +3317,7 @@ class SupplierInvoiceLine extends CommonObjectLine if (!$error) { // Supprime ligne $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facture_fourn_det '; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -3387,20 +3387,11 @@ class SupplierInvoiceLine extends CommonObjectLine $this->multicurrency_total_ttc = 0; } + $fk_product = (int) $this->fk_product; + $fk_unit = (int) $this->fk_unit; + $this->db->begin(); - if (empty($this->fk_product)) { - $fk_product = "null"; - } else { - $fk_product = $this->fk_product; - } - - if (empty($this->fk_unit)) { - $fk_unit = "null"; - } else { - $fk_unit = "'".$this->db->escape($this->fk_unit)."'"; - } - $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det SET"; $sql .= " description ='".$this->db->escape($this->description)."'"; $sql .= ", ref ='".$this->db->escape($this->ref_supplier ? $this->ref_supplier : $this->ref)."'"; @@ -3410,7 +3401,7 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", pu_ttc = ".price2num($this->pu_ttc); $sql .= ", qty = ".price2num($this->qty); $sql .= ", remise_percent = ".price2num($this->remise_percent); - if ($this->fk_remise_except) $sql .= ", fk_remise_except=".((int) $this->fk_remise_except); + if ($this->fk_remise_except > 0) $sql .= ", fk_remise_except=".((int) $this->fk_remise_except); else $sql .= ", fk_remise_except=null"; $sql .= ", vat_src_code = '".$this->db->escape(empty($this->vat_src_code) ? '' : $this->vat_src_code)."'"; $sql .= ", tva_tx = ".price2num($this->tva_tx); @@ -3423,7 +3414,7 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", total_localtax1= ".price2num($this->total_localtax1); $sql .= ", total_localtax2= ".price2num($this->total_localtax2); $sql .= ", total_ttc = ".price2num($this->total_ttc); - $sql .= ", fk_product = ".((int) $fk_product); + $sql .= ", fk_product = ".($fk_product > 0 ? (int) $fk_product : 'null'); $sql .= ", product_type = ".((int) $this->product_type); $sql .= ", info_bits = ".((int) $this->info_bits); $sql .= ", fk_unit = ".($fk_unit > 0 ? (int) $fk_unit : 'null'); @@ -3701,12 +3692,12 @@ class SupplierInvoiceLine extends CommonObjectLine // Mise a jour ligne en base $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det SET"; - $sql .= " total_ht='".price2num($this->total_ht)."'"; - $sql .= ", tva='".price2num($this->total_tva)."'"; - $sql .= ", total_localtax1='".price2num($this->total_localtax1)."'"; - $sql .= ", total_localtax2='".price2num($this->total_localtax2)."'"; - $sql .= ", total_ttc='".price2num($this->total_ttc)."'"; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " total_ht = ".price2num($this->total_ht); + $sql .= ", tva= ".price2num($this->total_tva); + $sql .= ", total_localtax1 = ".price2num($this->total_localtax1); + $sql .= ", total_localtax2 = ".price2num($this->total_localtax2); + $sql .= ", total_ttc = ".price2num($this->total_ttc); + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog("FactureFournisseurLigne.class.php::update_total", LOG_DEBUG); diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php index 3eaed8d27b8..b08d9237c63 100644 --- a/htdocs/fourn/class/fournisseur.product.class.php +++ b/htdocs/fourn/class/fournisseur.product.class.php @@ -164,7 +164,7 @@ class ProductFournisseur extends Product $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".((int) $id_fourn); + $sql .= " WHERE fk_product = ".((int) $this->id)." AND fk_soc = ".((int) $id_fourn); dol_syslog(get_class($this)."::remove_fournisseur", LOG_DEBUG); $resql2 = $this->db->query($sql); @@ -438,7 +438,7 @@ class ProductFournisseur extends Product // Delete price for this quantity $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".((float) $qty)." AND entity = ".$conf->entity; + $sql .= " WHERE fk_soc = ".((int) $fourn->id)." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".((float) $qty)." AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if ($resql) { // Add price for this quantity to supplier @@ -459,7 +459,7 @@ class ProductFournisseur extends Product $sql .= " ".((int) $fourn->id).","; $sql .= " '".$this->db->escape($ref_fourn)."',"; $sql .= " '".$this->db->escape($desc_fourn)."',"; - $sql .= " ".$user->id.","; + $sql .= " ".((int) $user->id).","; $sql .= " ".price2num($buyprice).","; $sql .= " ".((float) $qty).","; $sql .= " ".((float) $remise_percent).","; diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php index 9a664489e4f..fa58139b7e7 100644 --- a/htdocs/fourn/class/paiementfourn.class.php +++ b/htdocs/fourn/class/paiementfourn.class.php @@ -201,8 +201,8 @@ class PaiementFourn extends Paiement $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiementfourn ('; $sql .= 'ref, entity, datec, datep, amount, multicurrency_amount, fk_paiement, num_paiement, note, fk_user_author, fk_bank)'; - $sql .= " VALUES ('".$this->db->escape($ref)."', ".$conf->entity.", '".$this->db->idate($now)."',"; - $sql .= " '".$this->db->idate($this->datepaye)."', '".$total."', '".$mtotal."', ".$this->paiementid.", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_private)."', ".$user->id.", 0)"; + $sql .= " VALUES ('".$this->db->escape($ref)."', ".((int) $conf->entity).", '".$this->db->idate($now)."',"; + $sql .= " '".$this->db->idate($this->datepaye)."', ".((float) $total).", ".((float) $mtotal).", ".((int) $this->paiementid).", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_private)."', ".((int) $user->id).", 0)"; $resql = $this->db->query($sql); if ($resql) { @@ -214,7 +214,7 @@ class PaiementFourn extends Paiement if (is_numeric($amount) && $amount <> 0) { $amount = price2num($amount); $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiementfourn_facturefourn (fk_facturefourn, fk_paiementfourn, amount, multicurrency_amount)'; - $sql .= ' VALUES ('.$facid.','.$this->id.',\''.$amount.'\', \''.$this->multicurrency_amounts[$key].'\')'; + $sql .= " VALUES (".((int) $facid).", ".((int) $this->id).", ".((float) $amount).', '.((float) $this->multicurrency_amounts[$key]).')'; $resql = $this->db->query($sql); if ($resql) { $invoice = new FactureFournisseur($this->db); @@ -223,10 +223,10 @@ class PaiementFourn extends Paiement // If we want to closed paid invoices if ($closepaidinvoices) { $paiement = $invoice->getSommePaiement(); - //$creditnotes=$invoice->getSumCreditNotesUsed(); - $creditnotes = 0; - //$deposits=$invoice->getSumDepositsUsed(); - $deposits = 0; + $creditnotes=$invoice->getSumCreditNotesUsed(); + //$creditnotes = 0; + $deposits=$invoice->getSumDepositsUsed(); + //$deposits = 0; $alreadypayed = price2num($paiement + $creditnotes + $deposits, 'MT'); $remaintopay = price2num($invoice->total_ttc - $paiement - $creditnotes - $deposits, 'MT'); if ($remaintopay == 0) { @@ -238,7 +238,7 @@ class PaiementFourn extends Paiement // Insert one discount by VAT rate category require_once DOL_DOCUMENT_ROOT . '/core/class/discount.class.php'; $discount = new DiscountAbsolute($this->db); - $discount->fetch('', $invoice->id); + $discount->fetch('', 0, $invoice->id); if (empty($discount->id)) { // If the invoice was not yet converted into a discount (this may have been done manually before we come here) $discount->discount_type = 1; // Supplier discount $discount->description = '(DEPOSIT)'; @@ -398,11 +398,11 @@ class PaiementFourn extends Paiement // Efface la ligne de paiement (dans paiement_facture et paiement) $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn'; - $sql .= ' WHERE fk_paiementfourn = '.$this->id; + $sql .= ' WHERE fk_paiementfourn = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiementfourn'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { $this->error = $this->db->error(); @@ -484,16 +484,16 @@ class PaiementFourn extends Paiement /** * Return list of supplier invoices the payment point to * - * @param string $filter SQL filter + * @param string $filter SQL filter. Warning: This value must not come from a user input. * @return array Array of supplier invoice id */ public function getBillsArray($filter = '') { $sql = 'SELECT fk_facturefourn'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf, '.MAIN_DB_PREFIX.'facture_fourn as f'; - $sql .= ' WHERE pf.fk_facturefourn = f.rowid AND fk_paiementfourn = '.$this->id; + $sql .= ' WHERE pf.fk_facturefourn = f.rowid AND fk_paiementfourn = '.((int) $this->id); if ($filter) { - $sql .= ' AND '.$filter; + $sql .= " AND ".$filter; } dol_syslog(get_class($this).'::getBillsArray', LOG_DEBUG); diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 0affc7dcce4..6f4a591e567 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -243,9 +243,9 @@ if (empty($reshook)) { // Update supplier $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur'; - $sql .= ' SET fk_soc='.$new_socid; - $sql .= ' WHERE fk_soc='.$object->thirdparty->id; - $sql .= ' AND rowid='.$object->id; + $sql .= ' SET fk_soc = '.((int) $new_socid); + $sql .= ' WHERE fk_soc = '.((int) $object->thirdparty->id); + $sql .= ' AND rowid = '.((int) $object->id); $res = $db->query($sql); @@ -258,8 +258,8 @@ if (empty($reshook)) { foreach ($object->lines as $l) { $sql = 'SELECT price, unitprice, tva_tx, ref_fourn'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_fournisseur_price'; - $sql .= ' WHERE fk_product='.$l->fk_product; - $sql .= ' AND fk_soc='.$new_socid; + $sql .= ' WHERE fk_product = '.((int) $l->fk_product); + $sql .= ' AND fk_soc = '.((int) $new_socid); $sql .= ' ORDER BY unitprice ASC'; $resql = $db->query($sql); @@ -337,14 +337,14 @@ if (empty($reshook)) { // Currently the "Re-open" also remove the billed flag because there is no button "Set unpaid" yet. $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur'; $sql .= ' SET billed = 0'; - $sql .= ' WHERE rowid = '.$object->id; + $sql .= ' WHERE rowid = '.((int) $object->id); $resql = $db->query($sql); if ($newstatus == 0) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur'; $sql .= ' SET fk_user_approve = null, fk_user_approve2 = null, date_approve = null, date_approve2 = null'; - $sql .= ' WHERE rowid = '.$object->id; + $sql .= ' WHERE rowid = '.((int) $object->id); $resql = $db->query($sql); } @@ -1617,7 +1617,7 @@ if ($action == 'create') { print ''; if ($societe->id > 0) { - print $societe->getNomUrl(1); + print $societe->getNomUrl(1, 'supplier'); print ''; } else { print img_picto('', 'company').$form->select_company((empty($socid) ? '' : $socid), 'socid', 's.fournisseur=1', 'SelectThirdParty', 0, 0, null, 0, 'minwidth300'); @@ -1743,7 +1743,7 @@ if ($action == 'create') { print ''; $newclassname = $classname; - print ''.$langs->trans($newclassname).''.$objectsrc->getNomUrl(1).''; + print ''.$langs->trans($newclassname).''.$objectsrc->getNomUrl(1, 'supplier').''; print ''.$langs->trans('AmountHT').''.price($objectsrc->total_ht).''; print ''.$langs->trans('AmountVAT').''.price($objectsrc->total_tva).""; if ($mysoc->localtax1_assuj == "1" || $objectsrc->total_localtax1 != 0) { // Localtax1 RE @@ -1777,13 +1777,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; - - + print $form->buttonsSaveCancel("CreateDraft"); // Show origin lines if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { @@ -1972,7 +1966,7 @@ if ($action == 'create') { if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && $object->statut == CommandeFournisseur::STATUS_DRAFT) { $morehtmlref .= ''.img_edit($langs->transnoentitiesnoconv('SetThirdParty')).''; } - $morehtmlref .= ' : '.$object->thirdparty->getNomUrl(1); + $morehtmlref .= ' : '.$object->thirdparty->getNomUrl(1, 'supplier'); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { $morehtmlref .= ' ('.$langs->trans("OtherOrders").')'; } @@ -2195,7 +2189,7 @@ if ($action == 'create') { $usehourmin = 1; } print $form->selectDate($object->delivery_date ? $object->delivery_date : -1, 'liv_', $usehourmin, $usehourmin, '', "setdate_livraison"); - print ''; + print ''; print ''; } else { $usehourmin = 'day'; @@ -2484,7 +2478,7 @@ if ($action == 'create') { $labelofbutton = $langs->trans('ReceiveProducts'); if ($conf->reception->enabled) { $labelofbutton = $langs->trans("CreateReception"); - if (!empty($object->linkedObjects)) { + if (!empty($object->linkedObjects['reception'])) { foreach ($object->linkedObjects['reception'] as $element) { if ($element->statut >= 0) { $hasreception = 1; @@ -2730,7 +2724,7 @@ if ($action == 'create') { print ''.$langs->trans("Password").''; //Submit button print ''; - print ''; + print ''; print '     '; //Cancel button print ''; @@ -2849,7 +2843,7 @@ if ($action == 'create') { if ($error_occurred) { print "
".$langs->trans("ErrorOccurredReviseAndRetry")."
"; } else { - print ''; + print ''; print '     '; } print ''; diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php index 09588389cb1..ead05251920 100644 --- a/htdocs/fourn/commande/dispatch.php +++ b/htdocs/fourn/commande/dispatch.php @@ -341,11 +341,11 @@ if ($action == 'dispatch' && $user->rights->fournisseur->commande->receptionner) if (GETPOSTISSET($saveprice)) { // TODO Use class $sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " SET unitprice='".GETPOST($pu)."'"; - $sql .= ", price=".GETPOST($pu)."*quantity"; - $sql .= ", remise_percent='".(!empty($dto) ? $dto : 0)."'"; - $sql .= " WHERE fk_soc=".$object->socid; - $sql .= " AND fk_product=".GETPOST($prod, 'int'); + $sql .= " SET unitprice = ".price2num(GETPOST($pu), 'MU', 2); + $sql .= ", price = ".price2num(GETPOST($pu), 'MU', 2)." * quantity"; + $sql .= ", remise_percent = ".price2num((empty($dto) ? 0 : $dto), 3, 2)."'"; + $sql .= " WHERE fk_soc = ".((int) $object->socid); + $sql .= " AND fk_product=".((int) GETPOST($prod, 'int')); $resql = $db->query($sql); } @@ -653,7 +653,7 @@ if ($id > 0 || !empty($ref)) { $sql = "SELECT l.rowid, cfd.fk_product, sum(cfd.qty) as qty"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as cfd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseurdet as l on l.rowid = cfd.fk_commandefourndet"; - $sql .= " WHERE cfd.fk_commande = ".$object->id; + $sql .= " WHERE cfd.fk_commande = ".((int) $object->id); $sql .= " GROUP BY l.rowid, cfd.fk_product"; $resql = $db->query($sql); @@ -689,7 +689,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON l.fk_product=p.rowid"; - $sql .= " WHERE l.fk_commande = ".$object->id; + $sql .= " WHERE l.fk_commande = ".((int) $object->id); if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) { $sql .= " AND l.product_type = 0"; } @@ -1113,7 +1113,7 @@ if ($id > 0 || !empty($ref)) { if ($conf->reception->enabled) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."reception as r ON cfd.fk_reception = r.rowid"; } - $sql .= " WHERE cfd.fk_commande = ".$object->id; + $sql .= " WHERE cfd.fk_commande = ".((int) $object->id); $sql .= " AND cfd.fk_product = p.rowid"; $sql .= " ORDER BY cfd.rowid ASC"; diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index 1ea5db20b59..b4956ea706f 100644 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -73,10 +73,10 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE cf.fk_soc = s.rowid"; $sql .= " AND cf.entity IN (".getEntity('supplier_order').")"; if ($user->socid) { - $sql .= ' AND cf.fk_soc = '.$user->socid; + $sql .= ' AND cf.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cf.fk_statut"; @@ -186,7 +186,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -287,13 +287,13 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; -$sql .= " AND c.entity = ".$conf->entity; +$sql .= " AND c.entity IN (".getEntity('supplier_order').")"; //$sql.= " AND c.fk_statut > 2"; if (!empty($socid)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -350,17 +350,17 @@ if ($resql) { /* * Orders to process -*/ + */ /* $sql = "SELECT c.rowid, c.ref, c.fk_statut, s.nom as name, s.rowid as socid"; $sql.=" FROM ".MAIN_DB_PREFIX."commande_fournisseur as c"; $sql.= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE c.fk_soc = s.rowid"; -$sql.= " AND c.entity = ".$conf->entity; +$sql.= " AND c.entity IN (".getEntity("supplier_order").")"; $sql.= " AND c.fk_statut = 1"; if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); -if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; +if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); $sql.= " ORDER BY c.rowid DESC"; $resql=$db->query($sql); diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index d1946cc9b4c..ef39e7502f6 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -1,14 +1,15 @@ - * Copyright (C) 2004-2016 Laurent Destailleur - * Copyright (C) 2005-2012 Regis Houssin - * Copyright (C) 2013 Cédric Salvador - * Copyright (C) 2014 Marcos García - * Copyright (C) 2014 Juanjo Menent - * Copyright (C) 2016 Ferran Marcet - * Copyright (C) 2018-2021 Frédéric France - * Copyright (C) 2018-2020 Charlene Benke - * Copyright (C) 2019 Nicolas ZABOURI +/* Copyright (C) 2001-2006 Rodolphe Quiedeville + * Copyright (C) 2004-2016 Laurent Destailleur + * Copyright (C) 2005-2012 Regis Houssin + * Copyright (C) 2013 Cédric Salvador + * Copyright (C) 2014 Marcos García + * Copyright (C) 2014 Juanjo Menent + * Copyright (C) 2016 Ferran Marcet + * Copyright (C) 2018-2021 Frédéric France + * Copyright (C) 2018-2020 Charlene Benke + * Copyright (C) 2019 Nicolas Zabouri + * Copyright (C) 2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -52,12 +53,22 @@ $confirm = GETPOST('confirm', 'alpha'); $toselect = GETPOST('toselect', 'array'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'supplierorderlist'; -$search_orderyear = GETPOST("search_orderyear", "int"); -$search_ordermonth = GETPOST("search_ordermonth", "int"); -$search_orderday = GETPOST("search_orderday", "int"); -$search_deliveryyear = GETPOST("search_deliveryyear", "int"); -$search_deliverymonth = GETPOST("search_deliverymonth", "int"); -$search_deliveryday = GETPOST("search_deliveryday", "int"); +$search_date_order_startday = GETPOST('search_date_order_startday', 'int'); +$search_date_order_startmonth = GETPOST('search_date_order_startmonth', 'int'); +$search_date_order_startyear = GETPOST('search_date_order_startyear', 'int'); +$search_date_order_endday = GETPOST('search_date_order_endday', 'int'); +$search_date_order_endmonth = GETPOST('search_date_order_endmonth', 'int'); +$search_date_order_endyear = GETPOST('search_date_order_endyear', 'int'); +$search_date_order_start = dol_mktime(0, 0, 0, $search_date_order_startmonth, $search_date_order_startday, $search_date_order_startyear); // Use tzserver +$search_date_order_end = dol_mktime(23, 59, 59, $search_date_order_endmonth, $search_date_order_endday, $search_date_order_endyear); +$search_date_delivery_startday = GETPOST('search_date_delivery_startday', 'int'); +$search_date_delivery_startmonth = GETPOST('search_date_delivery_startmonth', 'int'); +$search_date_delivery_startyear = GETPOST('search_date_delivery_startyear', 'int'); +$search_date_delivery_endday = GETPOST('search_date_delivery_endday', 'int'); +$search_date_delivery_endmonth = GETPOST('search_date_delivery_endmonth', 'int'); +$search_date_delivery_endyear = GETPOST('search_date_delivery_endyear', 'int'); +$search_date_delivery_start = dol_mktime(0, 0, 0, $search_date_delivery_startmonth, $search_date_delivery_startday, $search_date_delivery_startyear); // Use tzserver +$search_date_delivery_end = dol_mktime(23, 59, 59, $search_date_delivery_endmonth, $search_date_delivery_endday, $search_date_delivery_endyear); $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); @@ -235,12 +246,22 @@ if (empty($reshook)) { $search_multicurrency_montant_ttc = ''; $search_project_ref = ''; $search_status = -1; - $search_orderyear = ''; - $search_ordermonth = ''; - $search_orderday = ''; - $search_deliveryday = ''; - $search_deliverymonth = ''; - $search_deliveryyear = ''; + $search_date_order_startday = ''; + $search_date_order_startmonth = ''; + $search_date_order_startyear = ''; + $search_date_order_endday = ''; + $search_date_order_endmonth = ''; + $search_date_order_endyear = ''; + $search_date_order_start = ''; + $search_date_order_end = ''; + $search_date_delivery_startday = ''; + $search_date_delivery_startmonth = ''; + $search_date_delivery_startyear = ''; + $search_date_delivery_endday = ''; + $search_date_delivery_endmonth = ''; + $search_date_delivery_endyear = ''; + $search_date_delivery_start = ''; + $search_date_delivery_end = ''; $billed = ''; $search_billed = ''; $toselect = ''; @@ -494,23 +515,41 @@ if (empty($reshook)) { if ($search_status != '') { $param .= '&search_status='.urlencode($search_status); } - if ($search_orderday) { - $param .= '&search_orderday='.urlencode($search_orderday); + if ($search_date_order_startday) { + $param .= '&search_date_order_startday='.urlencode($search_date_order_startday); } - if ($search_ordermonth) { - $param .= '&search_ordermonth='.urlencode($search_ordermonth); + if ($search_date_order_startmonth) { + $param .= '&search_date_order_startmonth='.urlencode($search_date_order_startmonth); } - if ($search_orderyear) { - $param .= '&search_orderyear='.urlencode($search_orderyear); + if ($search_date_order_startyear) { + $param .= '&search_date_order_startyear='.urlencode($search_date_order_startyear); } - if ($search_deliveryday) { - $param .= '&search_deliveryday='.urlencode($search_deliveryday); + if ($search_date_order_endday) { + $param .= '&search_date_order_endday='.urlencode($search_date_order_endday); } - if ($search_deliverymonth) { - $param .= '&search_deliverymonth='.urlencode($search_deliverymonth); + if ($search_date_order_endmonth) { + $param .= '&search_date_order_endmonth='.urlencode($search_date_order_endmonth); } - if ($search_deliveryyear) { - $param .= '&search_deliveryyear='.urlencode($search_deliveryyear); + if ($search_date_order_endyear) { + $param .= '&search_date_order_endyear='.urlencode($search_date_order_endyear); + } + if ($search_date_delivery_startday) { + $param .= '&search_date_delivery_startday='.urlencode($search_date_delivery_startday); + } + if ($search_date_delivery_startmonth) { + $param .= '&search_date_delivery_startmonth='.urlencode($search_date_delivery_startmonth); + } + if ($search_date_delivery_startyear) { + $param .= '&search_date_delivery_startyear='.urlencode($search_date_delivery_startyear); + } + if ($search_date_delivery_endday) { + $param .= '&search_date_delivery_endday='.urlencode($search_date_delivery_endday); + } + if ($search_date_delivery_endmonth) { + $param .= '&search_date_delivery_endmonth='.urlencode($search_date_delivery_endmonth); + } + if ($search_date_delivery_endyear) { + $param .= '&search_date_delivery_endyear='.urlencode($search_date_delivery_endyear); } if ($search_ref) { $param .= '&search_ref='.urlencode($search_ref); @@ -614,7 +653,7 @@ $sql .= " u.firstname, u.lastname, u.photo, u.login, u.email as user_email, u.st // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -654,7 +693,7 @@ if ($socid > 0) { $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_ref) { $sql .= natural_search('cf.ref', $search_ref); @@ -684,8 +723,18 @@ if (GETPOST('statut', 'intcomma') !== '') { if ($search_status != '' && $search_status != '-1') { $sql .= " AND cf.fk_statut IN (".$db->sanitize($db->escape($search_status)).")"; } -$sql .= dolSqlDateFilter("cf.date_commande", $search_orderday, $search_ordermonth, $search_orderyear); -$sql .= dolSqlDateFilter("cf.date_livraison", $search_deliveryday, $search_deliverymonth, $search_deliveryyear); +if ($search_date_order_start) { + $sql .= " AND cf.date_commande >= '".$db->idate($search_date_order_start)."'"; +} +if ($search_date_order_end) { + $sql .= " AND cf.date_commande <= '".$db->idate($search_date_order_end)."'"; +} +if ($search_date_delivery_start) { + $sql .= " AND cf.date_livraison >= '".$db->idate($search_date_delivery_start)."'"; +} +if ($search_date_delivery_end) { + $sql .= " AND cf.date_livraison <= '".$db->idate($search_date_delivery_end)."'"; +} if ($search_town) { $sql .= natural_search('s.town', $search_town); } @@ -708,7 +757,7 @@ if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='supplier_order' AND tc.source='internal' AND ec.element_id = cf.rowid AND ec.fk_socpeople = ".$db->escape($search_user); + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='supplier_order' AND tc.source='internal' AND ec.element_id = cf.rowid AND ec.fk_socpeople = ".((int) $search_user); } if ($search_total_ht != '') { $sql .= natural_search('cf.total_ht', $search_total_ht, 1); @@ -720,7 +769,7 @@ if ($search_total_ttc != '') { $sql .= natural_search('cf.total_ttc', $search_total_ttc, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND cf.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND cf.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('cf.multicurrency_tx', $search_multicurrency_tx, 1); @@ -791,23 +840,41 @@ if ($resql) { if ($sall) { $param .= "&search_all=".urlencode($sall); } - if ($search_orderday) { - $param .= '&search_orderday='.urlencode($search_orderday); + if ($search_date_order_startday) { + $param .= '&search_date_order_startday='.urlencode($search_date_order_startday); } - if ($search_ordermonth) { - $param .= '&search_ordermonth='.urlencode($search_ordermonth); + if ($search_date_order_startmonth) { + $param .= '&search_date_order_startmonth='.urlencode($search_date_order_startmonth); } - if ($search_orderyear) { - $param .= '&search_orderyear='.urlencode($search_orderyear); + if ($search_date_order_startyear) { + $param .= '&search_date_order_startyear='.urlencode($search_date_order_startyear); } - if ($search_deliveryday) { - $param .= '&search_deliveryday='.urlencode($search_deliveryday); + if ($search_date_order_endday) { + $param .= '&search_date_order_endday='.urlencode($search_date_order_endday); } - if ($search_deliverymonth) { - $param .= '&search_deliverymonth='.urlencode($search_deliverymonth); + if ($search_date_order_endmonth) { + $param .= '&search_date_order_endmonth='.urlencode($search_date_order_endmonth); } - if ($search_deliveryyear) { - $param .= '&search_deliveryyear='.urlencode($search_deliveryyear); + if ($search_date_order_endyear) { + $param .= '&search_date_order_endyear='.urlencode($search_date_order_endyear); + } + if ($search_date_delivery_startday) { + $param .= '&search_date_delivery_startday='.urlencode($search_date_delivery_startday); + } + if ($search_date_delivery_startmonth) { + $param .= '&search_date_delivery_startmonth='.urlencode($search_date_delivery_startmonth); + } + if ($search_date_delivery_startyear) { + $param .= '&search_date_delivery_startyear='.urlencode($search_date_delivery_startyear); + } + if ($search_date_delivery_endday) { + $param .= '&search_date_delivery_endday='.urlencode($search_date_delivery_endday); + } + if ($search_date_delivery_endmonth) { + $param .= '&search_date_delivery_endmonth='.urlencode($search_date_delivery_endmonth); + } + if ($search_date_delivery_endyear) { + $param .= '&search_date_delivery_endyear='.urlencode($search_date_delivery_endyear); } if ($search_ref) { $param .= '&search_ref='.urlencode($search_ref); @@ -1073,22 +1140,24 @@ if ($resql) { } // Date order if (!empty($arrayfields['cf.date_commande']['checked'])) { - print ''; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - $formother->select_year($search_orderyear ? $search_orderyear : -1, 'search_orderyear', 1, 20, 5); + print ''; + print '
'; + print $form->selectDate($search_date_order_start ? $search_date_order_start : -1, 'search_date_order_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_order_end ? $search_date_order_end : -1, 'search_date_order_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; } // Date delivery if (!empty($arrayfields['cf.date_livraison']['checked'])) { - print ''; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - $formother->select_year($search_deliveryyear ? $search_deliveryyear : -1, 'search_deliveryyear', 1, 20, 5); + print ''; + print '
'; + print $form->selectDate($search_date_delivery_start ? $search_date_delivery_start : -1, 'search_date_delivery_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_delivery_end ? $search_date_delivery_end : -1, 'search_date_delivery_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; } if (!empty($arrayfields['cf.total_ht']['checked'])) { diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php index 3196ffed7ac..9fd4dd30b26 100644 --- a/htdocs/fourn/contact.php +++ b/htdocs/fourn/contact.php @@ -76,7 +76,7 @@ $sql .= " AND s.fournisseur = 1"; $sql .= " AND s.rowid = p.fk_soc"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (dol_strlen($stcomm)) { diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index b39041542eb..582caa3338a 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -578,7 +578,7 @@ if (empty($reshook)) { $sql = 'SELECT SUM(pf.amount) as total_paiements'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf, '.MAIN_DB_PREFIX.'paiementfourn as p'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id AND c.entity IN ('.getEntity('c_paiement').')'; - $sql .= ' WHERE pf.fk_facturefourn = '.$object->id; + $sql .= ' WHERE pf.fk_facturefourn = '.((int) $object->id); $sql .= ' AND pf.fk_paiementfourn = p.rowid'; $sql .= ' AND p.entity IN ('.getEntity('invoice').')'; @@ -595,7 +595,7 @@ if (empty($reshook)) { $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_invoice_supplier_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_invoice_supplier = ".$object->id; + $sql .= " WHERE fk_invoice_supplier = ".((int) $object->id); $resql = $db->query($sql); if (!empty($resql)) { while ($obj = $db->fetch_object($resql)) { @@ -861,7 +861,7 @@ if (empty($reshook)) { } } - // Standard invoice or Deposit invoice, created from a Predefined template invoice + // Standard invoice or Deposit invoice, not from a Predefined template invoice if (GETPOST('type') == FactureFournisseur::TYPE_STANDARD || GETPOST('type') == FactureFournisseur::TYPE_DEPOSIT) { if (GETPOST('socid', 'int') < 1) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('Supplier')), null, 'errors'); @@ -1085,12 +1085,12 @@ if (empty($reshook)) { 1, 0, 0, - 0, null, $object->origin, 0, '', $lines[$i]->special_code, + 0, 0 //,$langs->trans('Deposit') //Deprecated ); @@ -1927,7 +1927,7 @@ if ($action == 'create') { if ($societe->id > 0) { $absolute_discount = $societe->getAvailableDiscounts('', '', 0, 1); - print $societe->getNomUrl(1); + print $societe->getNomUrl(1, 'supplier'); print ''; } else { print img_picto('', 'company').$form->select_company($societe->id, 'socid', 's.fournisseur=1', 'SelectThirdParty', 0, 0, null, 0, 'minwidth300 widthcentpercentminusxx'); @@ -2337,16 +2337,12 @@ if ($action == 'create') { $reshook = $hookmanager->executeHooks('formObjectOptions', $parameters, $object, $action); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; - // Bouton "Create Draft" + print "\n"; print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraft"); print "\n"; @@ -2633,7 +2629,7 @@ if ($action == 'create') { $morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', 0, 1); $morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', null, null, '', 1); // Thirdparty - $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); + $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1, 'supplier'); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { $morehtmlref .= ' ('.$langs->trans("OtherBills").')'; } @@ -3022,7 +3018,7 @@ if ($action == 'create') { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON pf.fk_paiementfourn = p.rowid'; - $sql .= ' WHERE pf.fk_facturefourn = '.$object->id; + $sql .= ' WHERE pf.fk_facturefourn = '.((int) $object->id); $sql .= ' ORDER BY p.datep, p.tms'; $result = $db->query($sql); @@ -3136,11 +3132,10 @@ if ($action == 'create') { $creditnoteamount = 0; $depositamount = 0; - $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_invoice_supplier_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_invoice_supplier = ".$object->id; + $sql .= " WHERE fk_invoice_supplier = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -3236,19 +3231,21 @@ if ($action == 'create') { } print ''; print ''; - print ''.price($resteapayeraffiche).''; + print ''.price($resteapayeraffiche).' '; // Remainder to pay Multicurrency if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { print ''; print ''; - print $langs->trans('MulticurrencyRemainderToPay'); + if ($resteapayeraffiche <= 0) { + print $langs->trans('RemainderToPayBackMulticurrency'); + } else { + print $langs->trans('ExcessPaidMulticurrency'); + } print ''; print ''; - print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).''; + print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).' '; } - - print ' '; } else // Credit note { $cssforamountpaymentcomplete = 'amountpaymentneutral'; @@ -3271,8 +3268,21 @@ if ($action == 'create') { } print ''; print ''; - print ''.price($sign * $resteapayeraffiche).''; - print ' '; + print ''.price($sign * $resteapayeraffiche).' '; + + // Remainder to pay back Multicurrency + if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { + print ''; + print ''; + if ($resteapayeraffiche <= 0) { + print $langs->trans('RemainderToPayBackMulticurrency'); + } else { + print $langs->trans('ExcessPaidMulticurrency'); + } + print ''; + print ''; + print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($sign * $object->multicurrency_tx * $resteapayeraffiche, 'MT')).' '; + } // Sold credit note // print ''.$langs->trans('TotalTTC').' :'; diff --git a/htdocs/fourn/facture/index.php b/htdocs/fourn/facture/index.php index c695eed9285..5479ad22462 100644 --- a/htdocs/fourn/facture/index.php +++ b/htdocs/fourn/facture/index.php @@ -58,19 +58,34 @@ print load_fiche_titre($langs->trans("SupplierInvoicesArea"), '', 'supplier_invo print '
'; print '
'; -print getNumberInvoicesPieChart('suppliers'); -//print getPurchaseInvoicePieChart($socid); -print '
'; -print getDraftSupplierTable($maxDraftCount, $socid); +$tmp = getNumberInvoicesPieChart('suppliers'); +if ($tmp) { + print $tmp; + print '
'; +} + +$tmp = getDraftSupplierTable($maxDraftCount, $socid); +if ($tmp) { + print $tmp; + print '
'; +} print '
'; print '
'; print '
'; -print getPurchaseInvoiceLatestEditTable($maxLatestEditCount, $socid); -print '
'; -print getPurchaseInvoiceUnpaidOpenTable($max, $socid); +$tmp = getPurchaseInvoiceLatestEditTable($maxLatestEditCount, $socid); +if ($tmp) { + print $tmp; + print '
'; +} + +$tmp = getPurchaseInvoiceUnpaidOpenTable($max, $socid); +if ($tmp) { + print $tmp; + print '
'; +} print '
'; print '
'; diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 5e4cc3fc05e..358b1c59c1b 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -170,29 +170,29 @@ if (empty($user->socid)) { $checkedtypetiers = 0; $arrayfields = array( - 'f.ref'=>array('label'=>$langs->trans("Ref"), 'checked'=>1), - 'f.ref_supplier'=>array('label'=>$langs->trans("RefSupplier"), 'checked'=>1), - 'f.type'=>array('label'=>$langs->trans("Type"), 'checked'=>0), - 'f.label'=>array('label'=>$langs->trans("Label"), 'checked'=>0), - 'f.datef'=>array('label'=>$langs->trans("DateInvoice"), 'checked'=>1), - 'f.date_lim_reglement'=>array('label'=>$langs->trans("DateDue"), 'checked'=>1), - 'p.ref'=>array('label'=>$langs->trans("ProjectRef"), 'checked'=>0), - 's.nom'=>array('label'=>$langs->trans("ThirdParty"), 'checked'=>1), - 's.town'=>array('label'=>$langs->trans("Town"), 'checked'=>-1), - 's.zip'=>array('label'=>$langs->trans("Zip"), 'checked'=>1), - 'state.nom'=>array('label'=>$langs->trans("StateShort"), 'checked'=>0), - 'country.code_iso'=>array('label'=>$langs->trans("Country"), 'checked'=>0), - 'typent.code'=>array('label'=>$langs->trans("ThirdPartyType"), 'checked'=>$checkedtypetiers), - 'f.fk_cond_reglement'=>array('label'=>$langs->trans("PaymentTerm"), 'checked'=>1, 'position'=>50), - 'f.fk_mode_reglement'=>array('label'=>$langs->trans("PaymentMode"), 'checked'=>1, 'position'=>52), - 'f.total_ht'=>array('label'=>$langs->trans("AmountHT"), 'checked'=>1, 'position'=>105), - 'f.total_vat'=>array('label'=>$langs->trans("AmountVAT"), 'checked'=>0, 'position'=>110), + 'f.ref'=>array('label'=>"Ref", 'checked'=>1), + 'f.ref_supplier'=>array('label'=>"RefSupplier", 'checked'=>1), + 'f.type'=>array('label'=>"Type", 'checked'=>0), + 'f.label'=>array('label'=>"Label", 'checked'=>0), + 'f.datef'=>array('label'=>"DateInvoice", 'checked'=>1), + 'f.date_lim_reglement'=>array('label'=>"DateDue", 'checked'=>1), + 'p.ref'=>array('label'=>"ProjectRef", 'checked'=>0), + 's.nom'=>array('label'=>"ThirdParty", 'checked'=>1), + 's.town'=>array('label'=>"Town", 'checked'=>-1), + 's.zip'=>array('label'=>"Zip", 'checked'=>1), + 'state.nom'=>array('label'=>"StateShort", 'checked'=>0), + 'country.code_iso'=>array('label'=>"Country", 'checked'=>0), + 'typent.code'=>array('label'=>"ThirdPartyType", 'checked'=>$checkedtypetiers), + 'f.fk_cond_reglement'=>array('label'=>"PaymentTerm", 'checked'=>1, 'position'=>50), + 'f.fk_mode_reglement'=>array('label'=>"PaymentMode", 'checked'=>1, 'position'=>52), + 'f.total_ht'=>array('label'=>"AmountHT", 'checked'=>1, 'position'=>105), + 'f.total_vat'=>array('label'=>"AmountVAT", 'checked'=>0, 'position'=>110), 'f.total_localtax1'=>array('label'=>$langs->transcountry("AmountLT1", $mysoc->country_code), 'checked'=>0, 'enabled'=>$mysoc->localtax1_assuj == "1", 'position'=>95), 'f.total_localtax2'=>array('label'=>$langs->transcountry("AmountLT2", $mysoc->country_code), 'checked'=>0, 'enabled'=>$mysoc->localtax2_assuj == "1", 'position'=>100), - 'f.total_ttc'=>array('label'=>$langs->trans("AmountTTC"), 'checked'=>0, 'position'=>115), + 'f.total_ttc'=>array('label'=>"AmountTTC", 'checked'=>0, 'position'=>115), 'u.login'=>array('label'=>"Author", 'checked'=>1), - 'dynamount_payed'=>array('label'=>$langs->trans("Payed"), 'checked'=>0), - 'rtp'=>array('label'=>$langs->trans("Rest"), 'checked'=>0), + 'dynamount_payed'=>array('label'=>"Paid", 'checked'=>0), + 'rtp'=>array('label'=>"Rest", 'checked'=>0), 'f.multicurrency_code'=>array('label'=>'Currency', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1)), 'f.multicurrency_tx'=>array('label'=>'CurrencyRate', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1)), 'f.multicurrency_total_ht'=>array('label'=>'MulticurrencyAmountHT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1)), @@ -200,9 +200,9 @@ $arrayfields = array( 'f.multicurrency_total_ttc'=>array('label'=>'MulticurrencyAmountTTC', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1)), 'multicurrency_dynamount_payed'=>array('label'=>'MulticurrencyAlreadyPaid', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1)), 'multicurrency_rtp'=>array('label'=>'MulticurrencyRemainderToPay', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1)), // Not enabled by default because slow - 'f.datec'=>array('label'=>$langs->trans("DateCreation"), 'checked'=>0, 'position'=>500), - 'f.tms'=>array('label'=>$langs->trans("DateModificationShort"), 'checked'=>0, 'position'=>500), - 'f.fk_statut'=>array('label'=>$langs->trans("Status"), 'checked'=>1, 'position'=>1000), + 'f.datec'=>array('label'=>"DateCreation", 'checked'=>0, 'position'=>500), + 'f.tms'=>array('label'=>"DateModificationShort", 'checked'=>0, 'position'=>500), + 'f.fk_statut'=>array('label'=>"Status", 'checked'=>1, 'position'=>1000), ); // Extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; @@ -344,7 +344,7 @@ if (empty($reshook)) { $rsql .= " , u.rowid as user_id, u.lastname, u.firstname, u.login"; $rsql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; $rsql .= " , ".MAIN_DB_PREFIX."user as u"; - $rsql .= " WHERE fk_facture_fourn = ".$objecttmp->id; + $rsql .= " WHERE fk_facture_fourn = ".((int) $objecttmp->id); $rsql .= " AND pfd.fk_user_demande = u.rowid"; $rsql .= " AND pfd.traite = 0"; $rsql .= " ORDER BY pfd.date_demande DESC"; @@ -430,7 +430,7 @@ if (!$search_all) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -475,7 +475,7 @@ $sql .= $hookmanager->resPrint; $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('facture_fourn').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_product_category > 0) { $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); @@ -549,7 +549,7 @@ if ($search_montant_ttc != '') { $sql .= natural_search('f.total_ttc', $search_montant_ttc, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND f.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND f.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('f.multicurrency_tx', $search_multicurrency_tx, 1); @@ -594,7 +594,7 @@ if ($search_label) { $sql .= natural_search('f.libelle', $search_label); } if ($search_categ_sup > 0) { - $sql .= " AND cs.fk_categorie = ".$db->escape($search_categ_sup); + $sql .= " AND cs.fk_categorie = ".((int) $search_categ_sup); } if ($search_categ_sup == -2) { $sql .= " AND cs.fk_categorie IS NULL"; @@ -606,14 +606,14 @@ if ($filter && $filter != -1) { $aFilter = explode(',', $filter); foreach ($aFilter as $fil) { $filt = explode(':', $fil); - $sql .= ' AND '.$db->escape(trim($filt[0])).' = '.$db->escape(trim($filt[1])); + $sql .= " AND ".$db->escape(trim($filt[0]))." = '".$db->escape(trim($filt[1]))."'"; } } if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='invoice_supplier' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".$search_user; + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='invoice_supplier' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".((int) $search_user); } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; @@ -655,7 +655,7 @@ if (!$search_all) { // Add HAVING from hooks $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook -$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 ' . $hookmanager->resPrint) : ''; +$sql .= !empty($hookmanager->resPrint) ? (" HAVING 1=1 " . $hookmanager->resPrint) : ""; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php index c7a2149c441..fcbfdcf7b45 100644 --- a/htdocs/fourn/facture/paiement.php +++ b/htdocs/fourn/facture/paiement.php @@ -10,6 +10,7 @@ * Copyright (C) 2015 Juanjo Menent * Copyright (C) 2017 Alexandre Spangaro * Copyright (C) 2018-2020 Frédéric France + * Copyright (C) 2021 Charlene Benke * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -291,8 +292,6 @@ if (empty($reshook)) { $paiement->num_payment = GETPOST('num_paiement', 'alphanohtml'); $paiement->note_private = GETPOST('comment', 'alpha'); - $paiement->num_payment = $paiement->num_payment; - $paiement->note_private = $paiement->note_private; if (!$error) { $paiement_id = $paiement->create($user, (GETPOST('closepaidinvoices') == 'on' ? 1 : 0), $thirdparty); @@ -371,7 +370,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.rowid = '.((int) $facid); if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); if ($resql) { @@ -510,8 +509,8 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie $sql .= ' SUM(pf.amount) as am, SUM(pf.multicurrency_amount) as multicurrency_am'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn as f'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON pf.fk_facturefourn = f.rowid'; - $sql .= " WHERE f.entity = ".$conf->entity; - $sql .= ' AND f.fk_soc = '.$object->socid; + $sql .= " WHERE f.entity = ".((int) $conf->entity); + $sql .= ' AND f.fk_soc = '.((int) $object->socid); $sql .= ' AND f.paye = 0'; $sql .= ' AND f.fk_statut = 1'; // Status=0 => unvalidated, Status=2 => canceled if ($object->type != FactureFournisseur::TYPE_CREDIT_NOTE) { diff --git a/htdocs/fourn/index.php b/htdocs/fourn/index.php index 8d124f46350..2b3017708dc 100644 --- a/htdocs/fourn/index.php +++ b/htdocs/fourn/index.php @@ -65,7 +65,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= " WHERE cf.fk_soc = s.rowid "; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND cf.entity = ".$conf->entity; $sql .= " GROUP BY cf.fk_statut"; @@ -111,12 +111,12 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU } $sql .= " WHERE cf.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND cf.entity = ".$conf->entity; $sql .= " AND cf.fk_statut = 0"; if ($socid) { - $sql .= " AND cf.fk_soc = ".$socid; + $sql .= " AND cf.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -167,7 +167,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S } $sql .= " WHERE s.rowid = ff.fk_soc"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND ff.entity = ".$conf->entity; $sql .= " AND ff.fk_statut = 0"; @@ -240,7 +240,7 @@ $sql .= " WHERE s.fk_stcomm = st.id"; $sql .= " AND s.fournisseur = 1"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/fourn/paiement/card.php b/htdocs/fourn/paiement/card.php index ccc29105e4f..708fa266f0a 100644 --- a/htdocs/fourn/paiement/card.php +++ b/htdocs/fourn/paiement/card.php @@ -259,7 +259,7 @@ if ($result > 0) { $sql .= ' pf.amount, s.nom as name, s.rowid as socid'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf,'.MAIN_DB_PREFIX.'facture_fourn as f,'.MAIN_DB_PREFIX.'societe as s'; $sql .= ' WHERE pf.fk_facturefourn = f.rowid AND f.fk_soc = s.rowid'; - $sql .= ' AND pf.fk_paiementfourn = '.$object->id; + $sql .= ' AND pf.fk_paiementfourn = '.((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/fourn/paiement/list.php b/htdocs/fourn/paiement/list.php index f02c872fb0e..8534ad8bac1 100644 --- a/htdocs/fourn/paiement/list.php +++ b/htdocs/fourn/paiement/list.php @@ -192,7 +192,7 @@ if (!$user->rights->societe->client->voir) { $sql .= ' WHERE f.entity = '.$conf->entity; if (!$user->rights->societe->client->voir) { - $sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.$user->id; + $sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.((int) $user->id); } if ($socid > 0) { $sql .= ' AND f.fk_soc = '.((int) $socid); diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index e8a059b84f8..a58806e2e4f 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -50,7 +50,7 @@ $ref = GETPOST('ref', 'alpha'); $fuserid = (GETPOST('fuserid', 'int') ?GETPOST('fuserid', 'int') : $user->id); // Load translation files required by the page -$langs->loadLangs(array("other", "holiday", "mails")); +$langs->loadLangs(array("other", "holiday", "mails", "trips")); $error = 0; @@ -264,6 +264,7 @@ if (empty($reshook)) { } } + // If update and we are an approver, we can update with another approver if ($action == 'update' && GETPOSTISSET('savevalidator') && !empty($user->rights->holiday->approve)) { $object->fetch($id); @@ -316,6 +317,8 @@ if (empty($reshook)) { // If this is the requestor or has read/write rights if ($cancreate) { $approverid = GETPOST('valideur', 'int'); + // TODO Check this approver user id has the permission for approval + $description = trim(GETPOST('description', 'restricthtml')); // If no start date @@ -743,8 +746,8 @@ if (empty($reshook)) { $object->fetch($id); // If status pending validation and validator = validator or user, or rights to do for others - if (($object->statut == Holiday::STATUS_VALIDATED || $object->statut == Holiday::STATUS_APPROVED) && ($user->id == $object->fk_validator || in_array($object->fk_user, $childids) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance)))) { + if (($object->statut == Holiday::STATUS_VALIDATED || $object->statut == Holiday::STATUS_APPROVED) && + (!empty($user->admin) || $user->id == $object->fk_validator || in_array($object->fk_user, $childids) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance)))) { $db->begin(); $oldstatus = $object->statut; @@ -1438,25 +1441,48 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') { if ($cancreate && $object->statut == Holiday::STATUS_DRAFT) { print ''.$langs->trans("EditCP").''; } + if ($cancreate && $object->statut == Holiday::STATUS_DRAFT) { // If draft print ''.$langs->trans("Validate").''; } + if ($object->statut == Holiday::STATUS_VALIDATED) { // If validated + // Button Approve / Refuse if ($user->id == $object->fk_validator) { print ''.$langs->trans("Approve").''; print ''.$langs->trans("ActionRefuseCP").''; } else { print ''.$langs->trans("Approve").''; print ''.$langs->trans("ActionRefuseCP").''; + + // Button Cancel (because we can't approve) + if (in_array($object->fk_user, $childids) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance))) { + if (($object->date_debut > dol_now()) || !empty($user->admin)) { + print ''.$langs->trans("ActionCancelCP").''; + } else { + print 'trans("NotAllowed").'">'.$langs->trans("ActionCancelCP").''; + } + } } } - if (($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance))) && ($object->statut == 2 || $object->statut == 3)) { // Status validated or approved - if (($object->date_debut > dol_now()) || $user->admin) { - print ''.$langs->trans("ActionCancelCP").''; - } else { - print ''.$langs->trans("ActionCancelCP").''; + if ($object->statut == Holiday::STATUS_APPROVED) { // If validated or approved + if ($user->id == $object->fk_validator + || in_array($object->fk_user, $childids) + || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance))) { + if (($object->date_debut > dol_now()) || !empty($user->admin)) { + print ''.$langs->trans("ActionCancelCP").''; + } else { + print 'trans("NotAllowed").'">'.$langs->trans("ActionCancelCP").''; + } + } else { // I have no rights on the user of the holiday. + if (!empty($user->admin)) { // If current validator can't cancel an approved leave, we allow admin user + print ''.$langs->trans("ActionCancelCP").''; + } else { + print ''.$langs->trans("ActionCancelCP").''; + } } } + if ($cancreate && $object->statut == Holiday::STATUS_CANCELED) { print ''.$langs->trans("SetToDraft").''; } diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 003ac79ede8..ec7b4c463b6 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -719,7 +719,7 @@ class Holiday extends CommonObject $error++; } $sql .= " ref = '".$this->db->escape($num)."'"; - $sql .= " WHERE rowid= ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -828,7 +828,7 @@ class Holiday extends CommonObject } else { $sql .= " detail_refuse = NULL"; } - $sql .= " WHERE rowid= ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -937,7 +937,7 @@ class Holiday extends CommonObject $sql .= " detail_refuse = NULL"; } - $sql .= " WHERE rowid= ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -1664,6 +1664,7 @@ class Holiday extends CommonObject $sql .= " WHERE u.entity IN (".getEntity('user').")"; } $sql .= " AND u.statut > 0"; + $sql .= " AND u.employee = 1"; // We only want employee users for holidays if ($filters) { $sql .= $filters; } @@ -1754,6 +1755,7 @@ class Holiday extends CommonObject } $sql .= " AND u.statut > 0"; + $sql .= " AND u.employee = 1"; // We only want employee users for holidays if ($filters) { $sql .= $filters; } diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index 334f68da404..6aecff5eac0 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -296,7 +296,7 @@ $sql .= " ua.photo as validator_photo"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/hrm/admin/admin_hrm.php b/htdocs/hrm/admin/admin_hrm.php index 455035a6b53..810c0da870d 100644 --- a/htdocs/hrm/admin/admin_hrm.php +++ b/htdocs/hrm/admin/admin_hrm.php @@ -117,7 +117,7 @@ print "\n"; print dol_get_fiche_end(); -print '
'; +print '
'; print ''; diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php index 2cac4a1352b..d26a10a923a 100644 --- a/htdocs/hrm/class/establishment.class.php +++ b/htdocs/hrm/class/establishment.class.php @@ -231,7 +231,7 @@ class Establishment extends CommonObject $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX.'establishment'); $sql = 'UPDATE '.MAIN_DB_PREFIX."establishment SET ref = '".$this->db->escape($this->id)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->query($sql); $this->db->commit(); @@ -269,7 +269,7 @@ class Establishment extends CommonObject $sql .= ", entity = ".((int) $this->entity); $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $this->db->commit(); diff --git a/htdocs/hrm/establishment/card.php b/htdocs/hrm/establishment/card.php index caec6191d0d..9daf1d768b8 100644 --- a/htdocs/hrm/establishment/card.php +++ b/htdocs/hrm/establishment/card.php @@ -326,11 +326,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/hrm/index.php b/htdocs/hrm/index.php index 8a294a47e2c..68bcd78636b 100644 --- a/htdocs/hrm/index.php +++ b/htdocs/hrm/index.php @@ -189,7 +189,7 @@ if (!empty($conf->holiday->enabled) && $user->rights->holiday->read) { if (empty($user->rights->holiday->readall)) { $sql .= ' AND x.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } - //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); //if (!empty($socid)) $sql.= " AND x.fk_soc = ".((int) $socid); $sql .= $db->order("x.tms", "DESC"); $sql .= $db->plimit($max, 0); @@ -270,7 +270,7 @@ if (!empty($conf->expensereport->enabled) && $user->rights->expensereport->lire) if (empty($user->rights->expensereport->readall) && empty($user->rights->expensereport->lire_tous)) { $sql .= ' AND x.fk_user_author IN ('.$db->sanitize(join(',', $childids)).')'; } - //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); //if (!empty($socid)) $sql.= " AND x.fk_soc = ".((int) $socid); $sql .= $db->order("x.tms", "DESC"); $sql .= $db->plimit($max, 0); @@ -344,7 +344,7 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme } $sql .= " WHERE rc.entity IN (".getEntity($staticrecruitmentcandidature->element).")"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND rp.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND rp.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND rp.fk_soc = $socid"; diff --git a/htdocs/install/lib/repair.lib.php b/htdocs/install/lib/repair.lib.php index bd54e55ebde..aa0866fac69 100644 --- a/htdocs/install/lib/repair.lib.php +++ b/htdocs/install/lib/repair.lib.php @@ -88,7 +88,7 @@ function checkLinkedElements($sourcetype, $targettype) $out = $langs->trans('SourceType').': '.$sourcetype.' => '.$langs->trans('TargetType').': '.$targettype.' '; $sql = 'SELECT rowid, fk_source, fk_target FROM '.MAIN_DB_PREFIX.'element_element'; - $sql .= ' WHERE sourcetype="'.$sourcetype.'" AND targettype="'.$targettype.'"'; + $sql .= " WHERE sourcetype='".$db->escape($sourcetype)."' AND targettype='".$db->escape($targettype)."'"; $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index 032504dfa61..d50b6991261 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -459,7 +459,7 @@ CREATE TABLE llx_partnership( fk_soc integer, fk_member integer, date_partnership_start date NOT NULL, - date_partnership_end date NOT NULL, + date_partnership_end date NULL, entity integer DEFAULT 1 NOT NULL, -- multi company id, 0 = all reason_decline_or_cancel text NULL, date_creation datetime NOT NULL, diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index ed4fb8dab13..8160f6e89b8 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -366,20 +366,20 @@ if ($ok && GETPOST('standard', 'alpha')) { $sql2 = "SELECT COUNT(*) as nb"; $sql2 .= " FROM ".MAIN_DB_PREFIX."const as c"; $sql2 .= " WHERE name = 'MAIN_MODULE_".$name."'"; - $sql2 .= " AND entity = ".$obj->entity; + $sql2 .= " AND entity = ".((int) $obj->entity); $resql2 = $db->query($sql2); if ($resql2) { $obj2 = $db->fetch_object($resql2); if ($obj2 && $obj2->nb == 0) { // Module not found, so we can remove entry - $sqldelete = "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$db->escape($obj->name)."' AND entity = ".$obj->entity; + $sqldelete = "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$db->escape($obj->name)."' AND entity = ".((int) $obj->entity); if (GETPOST('standard', 'alpha') == 'confirmed') { $db->query($sqldelete); - print 'Widget '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module '.$name.' not enabled in entity '.$obj->entity.', we delete record'; + print 'Widget '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module '.$name.' not enabled in entity '.((int) $obj->entity).', we delete record'; } else { - print 'Widget '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module '.$name.' not enabled in entity '.$obj->entity.', we should delete record (not done, mode test)'; + print 'Widget '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module '.$name.' not enabled in entity '.((int) $obj->entity).', we should delete record (not done, mode test)'; } } else { //print 'Constant '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module found in entity '.$obj->entity.', we keep record'; @@ -424,23 +424,23 @@ if ($ok && GETPOST('standard', 'alpha')) { $sql2 = "SELECT COUNT(*) as nb"; $sql2 .= " FROM ".MAIN_DB_PREFIX."const as c"; $sql2 .= " WHERE name = 'MAIN_MODULE_".strtoupper($module)."'"; - $sql2 .= " AND entity = ".$obj->entity; + $sql2 .= " AND entity = ".((int) $obj->entity); $sql2 .= " AND value <> 0"; $resql2 = $db->query($sql2); if ($resql2) { $obj2 = $db->fetch_object($resql2); if ($obj2 && $obj2->nb == 0) { // Module not found, so we canremove entry - $sqldeletea = "DELETE FROM ".MAIN_DB_PREFIX."boxes WHERE entity = ".$obj->entity." AND box_id IN (SELECT rowid FROM ".MAIN_DB_PREFIX."boxes_def WHERE file = '".$db->escape($obj->file)."' AND entity = ".$obj->entity.")"; - $sqldeleteb = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def WHERE file = '".$db->escape($obj->file)."' AND entity = ".$obj->entity; + $sqldeletea = "DELETE FROM ".MAIN_DB_PREFIX."boxes WHERE entity = ".((int) $obj->entity)." AND box_id IN (SELECT rowid FROM ".MAIN_DB_PREFIX."boxes_def WHERE file = '".$db->escape($obj->file)."' AND entity = ".((int) $obj->entity).")"; + $sqldeleteb = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def WHERE file = '".$db->escape($obj->file)."' AND entity = ".((int) $obj->entity); if (GETPOST('standard', 'alpha') == 'confirmed') { $db->query($sqldeletea); $db->query($sqldeleteb); - print 'Constant '.$obj->file.' set in boxes_def for entity '.$obj->entity.' but MAIN_MODULE_'.strtoupper($module).' not defined in entity '.$obj->entity.', we delete record'; + print 'Constant '.$obj->file.' set in boxes_def for entity '.$obj->entity.' but MAIN_MODULE_'.strtoupper($module).' not defined in entity '.((int) $obj->entity).', we delete record'; } else { - print 'Constant '.$obj->file.' set in boxes_def for entity '.$obj->entity.' but MAIN_MODULE_'.strtoupper($module).' not defined in entity '.$obj->entity.', we should delete record (not done, mode test)'; + print 'Constant '.$obj->file.' set in boxes_def for entity '.$obj->entity.' but MAIN_MODULE_'.strtoupper($module).' not defined in entity '.((int) $obj->entity).', we should delete record (not done, mode test)'; } } else { //print 'Constant '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module found in entity '.$obj->entity.', we keep record'; @@ -929,7 +929,7 @@ if ($ok && GETPOST('clean_product_stock_batch', 'alpha')) { // TODO If it fails, we must make update //$sql2 ="UPDATE ".MAIN_DB_PREFIX."product_batch"; //$sql2.=" SET ".$obj->psrowid.", '000000', ".($obj->reel - $obj->reelbatch).")"; - //$sql2.=" WHERE fk_product_stock = ".$obj->psrowid" + //$sql2.=" WHERE fk_product_stock = ".((int) $obj->psrowid) } } } @@ -1236,7 +1236,7 @@ if ($ok && GETPOST('force_utf8_on_tables', 'alpha')) { print ''; print $table; - $sql = 'ALTER TABLE '.$table.' CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci'; + $sql = "ALTER TABLE ".$table." CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; print ''; if ($force_utf8_on_tables == 'confirmed') { $resql = $db->query($sql); @@ -1282,8 +1282,8 @@ if ($ok && GETPOST('force_utf8mb4_on_tables', 'alpha')) { print ''; print $table; - $sql1 = 'ALTER TABLE '.$table.' ROW_FORMAT=dynamic;'; - $sql2 = 'ALTER TABLE '.$table.' CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci'; + $sql1 = "ALTER TABLE ".$table." ROW_FORMAT=dynamic"; + $sql2 = "ALTER TABLE ".$table." CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci"; print ''; print ''; if ($force_utf8mb4_on_tables == 'confirmed') { @@ -1407,25 +1407,25 @@ if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) { $first_iteration = false; } else { $sql_attach_values = array( - $obj_dispatch->fk_commande, - $obj_dispatch->fk_product, - $obj_line->rowid, - $qty_for_line, - $obj_dispatch->fk_entrepot, - $obj_dispatch->fk_user, - $obj_dispatch->datec ? '"'.$db->escape($obj_dispatch->datec).'"' : 'NULL', - $obj_dispatch->comment ? '"'.$db->escape($obj_dispatch->comment).'"' : 'NULL', - $obj_dispatch->status ?: 'NULL', - $obj_dispatch->tms ? '"'.$db->escape($obj_dispatch->tms).'"' : 'NULL', - $obj_dispatch->batch ?: 'NULL', - $obj_dispatch->eatby ? '"'.$db->escape($obj_dispatch->eatby).'"' : 'NULL', - $obj_dispatch->sellby ? '"'.$db->escape($obj_dispatch->sellby).'"' : 'NULL' + ((int) $obj_dispatch->fk_commande), + ((int) $obj_dispatch->fk_product), + ((int) $obj_line->rowid), + ((float) $qty_for_line), + ((int) $obj_dispatch->fk_entrepot), + ((int) $obj_dispatch->fk_user), + $obj_dispatch->datec ? "'".$db->idate($db->jdate($obj_dispatch->datec))."'" : 'NULL', + $obj_dispatch->comment ? "'".$db->escape($obj_dispatch->comment)."'" : 'NULL', + $obj_dispatch->status ? ((int) $obj_dispatch->status) : 'NULL', + $obj_dispatch->tms ? "'".$db->idate($db->jdate($obj_dispatch->tms))."'" : 'NULL', + $obj_dispatch->batch ? "'".$db->escape($obj_dispatch->batch)."'" : 'NULL', + $obj_dispatch->eatby ? "'".$db->escape($obj_dispatch->eatby)."'" : 'NULL', + $obj_dispatch->sellby ? "'".$db->escape($obj_dispatch->sellby)."'" : 'NULL' ); $sql_attach_values = join(', ', $sql_attach_values); $sql_attach = 'INSERT INTO '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; $sql_attach .= ' (fk_commande, fk_product, fk_commandefourndet, qty, fk_entrepot, fk_user, datec, comment, status, tms, batch, eatby, sellby)'; - $sql_attach .= ' VALUES ('.$sql_attach_values.')'; + $sql_attach .= " VALUES (".$sql_attach_values.")"; } if ($repair_link_dispatch_lines_supplier_order_lines == 'confirmed') { diff --git a/htdocs/install/step5.php b/htdocs/install/step5.php index 0958ef7bb3b..b434612afcd 100644 --- a/htdocs/install/step5.php +++ b/htdocs/install/step5.php @@ -234,7 +234,7 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) { // Insert MAIN_VERSION_FIRST_INSTALL in a dedicated transaction. So if it fails (when first install was already done), we can do other following requests. $db->begin(); dolibarr_install_syslog('step5: set MAIN_VERSION_FIRST_INSTALL const to '.$targetversion, LOG_DEBUG); - $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_FIRST_INSTALL', 1).",".$db->encrypt($targetversion, 1).",'chaine',0,'Dolibarr version when first install',0)"); + $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name, value, type, visible, note, entity) values('".$db->escape($db->encrypt('MAIN_VERSION_FIRST_INSTALL'))."', '".$db->escape($db->encrypt($targetversion))."', 'chaine', 0, 'Dolibarr version when first install', 0)"); if ($resql) { $conf->global->MAIN_VERSION_FIRST_INSTALL = $targetversion; $db->commit(); @@ -246,11 +246,11 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) { $db->begin(); dolibarr_install_syslog('step5: set MAIN_VERSION_LAST_INSTALL const to '.$targetversion, LOG_DEBUG); - $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_VERSION_LAST_INSTALL'"); + $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')." = 'MAIN_VERSION_LAST_INSTALL'"); if (!$resql) { dol_print_error($db, 'Error in setup program'); } - $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_LAST_INSTALL', 1).",".$db->encrypt($targetversion, 1).",'chaine',0,'Dolibarr version when last install',0)"); + $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values('".$db->escape($db->encrypt('MAIN_VERSION_LAST_INSTALL'))."', '".$db->escape($db->encrypt($targetversion))."', 'chaine', 0, 'Dolibarr version when last install', 0)"); if (!$resql) { dol_print_error($db, 'Error in setup program'); } @@ -258,11 +258,11 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) { if ($useforcedwizard) { dolibarr_install_syslog('step5: set MAIN_REMOVE_INSTALL_WARNING const to 1', LOG_DEBUG); - $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_REMOVE_INSTALL_WARNING'"); + $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')." = 'MAIN_REMOVE_INSTALL_WARNING'"); if (!$resql) { dol_print_error($db, 'Error in setup program'); } - $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_REMOVE_INSTALL_WARNING', 1).",".$db->encrypt(1, 1).",'chaine',1,'Disable install warnings',0)"); + $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values('".$db->escape($db->encrypt('MAIN_REMOVE_INSTALL_WARNING'))."', '".$db->escape($db->encrypt(1))."', 'chaine', 1, 'Disable install warnings', 0)"); if (!$resql) { dol_print_error($db, 'Error in setup program'); } @@ -326,11 +326,11 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) { if ($tagdatabase) { dolibarr_install_syslog('step5: set MAIN_VERSION_LAST_UPGRADE const to value '.$targetversion); - $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_VERSION_LAST_UPGRADE'"); + $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')." = 'MAIN_VERSION_LAST_UPGRADE'"); if (!$resql) { dol_print_error($db, 'Error in setup program'); } - $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) VALUES (".$db->encrypt('MAIN_VERSION_LAST_UPGRADE', 1).",".$db->encrypt($targetversion, 1).",'chaine',0,'Dolibarr version for last upgrade',0)"); + $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name, value, type, visible, note, entity) VALUES ('".$db->escape($db->encrypt('MAIN_VERSION_LAST_UPGRADE'))."', '".$db->escape($db->encrypt($targetversion))."', 'chaine', 0, 'Dolibarr version for last upgrade', 0)"); if (!$resql) { dol_print_error($db, 'Error in setup program'); } @@ -346,7 +346,7 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) { } // May fail if parameter already defined - $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) VALUES (".$db->encrypt('MAIN_LANG_DEFAULT', 1).",".$db->encrypt($setuplang, 1).",'chaine',0,'Default language',1)"); + $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) VALUES ('".$db->escape($db->encrypt('MAIN_LANG_DEFAULT'))."', '".$db->escape($db->encrypt($setuplang))."', 'chaine', 0, 'Default language', 1)"); //if (! $resql) dol_print_error($db,'Error in setup program'); $db->close(); diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php index e349317b0c4..129ee9d7827 100644 --- a/htdocs/install/upgrade.php +++ b/htdocs/install/upgrade.php @@ -270,6 +270,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ $values = $db->fetch_array($resql); $i = 0; $createsql = $values[1]; + $reg = array(); while (preg_match('/CONSTRAINT `(0_[0-9a-zA-Z]+|[_0-9a-zA-Z]+_ibfk_[0-9]+)`/i', $createsql, $reg) && $i < 100) { $sqldrop = "ALTER TABLE ".$val." DROP FOREIGN KEY ".$reg[1]; $resqldrop = $db->query($sqldrop); @@ -282,7 +283,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ $db->free($resql); } else { if ($db->lasterrno() != 'DB_ERROR_NOSUCHTABLE') { - print ''.$sql.' : '.$db->lasterror()."\n"; + print ''.dol_escape_htmltag($sql).' : '.dol_escape_htmltag($db->lasterror())."\n"; } } } diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index 62822bec9ee..368e05c5b04 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -692,7 +692,7 @@ function migrate_paiements($db, $langs, $conf) $num = count($row); for ($i = 0; $i < $num; $i++) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)"; - $sql .= " VALUES (".$row[$i][1].",".$row[$i][0].",".$row[$i][2].")"; + $sql .= " VALUES (".((int) $row[$i][1]).",".((int) $row[$i][0]).",".((float) $row[$i][2]).")"; $res += $db->query($sql); @@ -790,7 +790,7 @@ function migrate_paiements_orphelins_1($db, $langs, $conf) // On cherche facture sans lien paiement et du meme montant et pour meme societe. $sql = " SELECT distinct f.rowid from ".MAIN_DB_PREFIX."facture as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture"; - $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".$row[$i]['socid']." AND total_ttc = ".$row[$i]['pamount']; + $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".((float) $row[$i]['pamount']); $sql .= " AND pf.fk_facture IS NULL"; $sql .= " ORDER BY f.fk_statut"; //print $sql.'
'; @@ -803,7 +803,7 @@ function migrate_paiements_orphelins_1($db, $langs, $conf) $facid = $obj->rowid; $sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)"; - $sql .= " VALUES (".$facid.",".$row[$i]['paymentid'].",".$row[$i]['pamount'].")"; + $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).", ".((float) $row[$i]['pamount']).")"; $res += $db->query($sql); @@ -895,13 +895,13 @@ function migrate_paiements_orphelins_2($db, $langs, $conf) $res = 0; for ($i = 0; $i < $num; $i++) { if ($conf->global->MAIN_FEATURES_LEVEL == 2) { - print '* '.$row[$i]['datec'].' paymentid='.$row[$i]['paymentid'].' '.$row[$i]['pamount'].' fk_bank='.$row[$i]['fk_bank'].' '.$row[$i]['bamount'].' socid='.$row[$i]['socid'].'
'; + print '* '.$row[$i]['datec'].' paymentid='.$row[$i]['paymentid'].' pamount='.$row[$i]['pamount'].' fk_bank='.$row[$i]['fk_bank'].' '.$row[$i]['bamount'].' socid='.$row[$i]['socid'].'
'; } // On cherche facture sans lien paiement et du meme montant et pour meme societe. $sql = " SELECT distinct f.rowid from ".MAIN_DB_PREFIX."facture as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture"; - $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".$row[$i]['socid']." AND total_ttc = ".$row[$i]['pamount']; + $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".((float) $row[$i]['pamount']); $sql .= " AND pf.fk_facture IS NULL"; $sql .= " ORDER BY f.fk_statut"; //print $sql.'
'; @@ -914,7 +914,8 @@ function migrate_paiements_orphelins_2($db, $langs, $conf) $facid = $obj->rowid; $sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)"; - $sql .= " VALUES (".$facid.",".$row[$i]['paymentid'].",".$row[$i]['pamount'].")"; + $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).", ".((float) $row[$i]['pamount']).")"; + $res += $db->query($sql); print $langs->trans('MigrationProcessPaymentUpdate', 'facid='.$facid.'-paymentid='.$row[$i]['paymentid'].'-amount='.$row[$i]['pamount'])."
\n"; @@ -1001,14 +1002,14 @@ function migrate_contracts_det($db, $langs, $conf) $sql .= "date_ouverture_prevue, date_ouverture, date_fin_validite, tva_tx, qty,"; $sql .= "subprice, price_ht, fk_user_author, fk_user_ouverture)"; $sql .= " VALUES ("; - $sql .= $obj->cref.", ".($obj->fk_product ? $obj->fk_product : 0).", "; + $sql .= ((int) $obj->cref).", ".($obj->fk_product ? ((int) $obj->fk_product) : 0).", "; $sql .= "0, "; $sql .= "'".$db->escape($obj->label)."', null, "; - $sql .= ($obj->date_contrat ? "'".$db->escape($obj->date_contrat)."'" : "null").", "; + $sql .= ($obj->date_contrat ? "'".$db->idate($db->jdate($obj->date_contrat))."'" : "null").", "; $sql .= "null, "; $sql .= "null, "; - $sql .= "'".$db->escape($obj->tva_tx)."' , 1, "; - $sql .= "'".$db->escape($obj->price)."', '".$db->escape($obj->price)."', ".$obj->fk_user_author.","; + $sql .= ((float) $obj->tva_tx).", 1, "; + $sql .= ((float) $obj->price).", ".((float) $obj->price).", ".((int) $obj->fk_user_author).","; $sql .= "null"; $sql .= ")"; @@ -2019,7 +2020,7 @@ function migrate_commande_expedition($db, $langs, $conf) $obj = $db->fetch_object($resql); $sql = "INSERT INTO ".MAIN_DB_PREFIX."co_exp (fk_expedition,fk_commande)"; - $sql .= " VALUES (".$obj->rowid.",".$obj->fk_commande.")"; + $sql .= " VALUES (".((int) $obj->rowid).", ".((int) $obj->fk_commande).")"; $resql2 = $db->query($sql); if (!$resql2) { @@ -2087,16 +2088,16 @@ function migrate_commande_livraison($db, $langs, $conf) $obj = $db->fetch_object($resql); $sql = "INSERT INTO ".MAIN_DB_PREFIX."co_liv (fk_livraison,fk_commande)"; - $sql .= " VALUES (".$obj->rowid.",".$obj->fk_commande.")"; + $sql .= " VALUES (".((int) $obj->rowid).", ".((int) $obj->fk_commande).")"; $resql2 = $db->query($sql); if ($resql2) { $delivery_date = $db->jdate($obj->delivery_date); $sqlu = "UPDATE ".MAIN_DB_PREFIX."livraison SET"; - $sqlu .= " ref_client='".$db->escape($obj->ref_client)."'"; - $sqlu .= ", date_livraison='".$db->idate($delivery_date)."'"; - $sqlu .= " WHERE rowid = ".$obj->rowid; + $sqlu .= " ref_client = '".$db->escape($obj->ref_client)."'"; + $sqlu .= ", date_livraison = '".$db->idate($delivery_date)."'"; + $sqlu .= " WHERE rowid = ".((int) $obj->rowid); $resql3 = $db->query($sqlu); if (!$resql3) { $error++; @@ -2169,11 +2170,11 @@ function migrate_detail_livraison($db, $langs, $conf) $obj = $db->fetch_object($resql); $sql = "UPDATE ".MAIN_DB_PREFIX."livraisondet SET"; - $sql .= " fk_product=".$obj->fk_product; - $sql .= ",description='".$db->escape($obj->description)."'"; - $sql .= ",subprice='".$db->escape($obj->subprice)."'"; - $sql .= ",total_ht='".$db->escape($obj->total_ht)."'"; - $sql .= " WHERE fk_commande_ligne = ".$obj->rowid; + $sql .= " fk_product = ".((int) $obj->fk_product); + $sql .= ",description = '".$db->escape($obj->description)."'"; + $sql .= ",subprice = ".price2num($obj->subprice); + $sql .= ",total_ht = ".price2num($obj->total_ht); + $sql .= " WHERE fk_commande_ligne = ".((int) $obj->rowid); $resql2 = $db->query($sql); if ($resql2) { @@ -2187,8 +2188,8 @@ function migrate_detail_livraison($db, $langs, $conf) $total_ht = $obju->total_ht + $obj->total_ht; $sqlu = "UPDATE ".MAIN_DB_PREFIX."livraison SET"; - $sqlu .= " total_ht='".$db->escape($total_ht)."'"; - $sqlu .= " WHERE rowid=".$obj->fk_livraison; + $sqlu .= " total_ht = ".price2num($total_ht, 'MT'); + $sqlu .= " WHERE rowid = ".((int) $obj->fk_livraison); $resql4 = $db->query($sqlu); if (!$resql4) { $error++; @@ -2265,8 +2266,8 @@ function migrate_stocks($db, $langs, $conf) $obj = $db->fetch_object($resql); $sql = "UPDATE ".MAIN_DB_PREFIX."product SET"; - $sql .= " stock = '".$db->escape($obj->total)."'"; - $sql .= " WHERE rowid=".$obj->fk_product; + $sql .= " stock = ".price2num($obj->total, 'MS'); + $sql .= " WHERE rowid = ".((int) $obj->fk_product); $resql2 = $db->query($sql); if ($resql2) { @@ -2329,7 +2330,7 @@ function migrate_menus($db, $langs, $conf) $sql = "UPDATE ".MAIN_DB_PREFIX."menu SET"; $sql .= " enabled = '".$db->escape($obj->action)."'"; - $sql .= " WHERE rowid=".$obj->rowid; + $sql .= " WHERE rowid = ".((int) $obj->rowid); $sql .= " AND enabled = '1'"; $resql2 = $db->query($sql); @@ -2399,7 +2400,7 @@ function migrate_commande_deliveryaddress($db, $langs, $conf) $sql = "UPDATE ".MAIN_DB_PREFIX."expedition SET"; $sql .= " fk_adresse_livraison = '".$db->escape($obj->fk_adresse_livraison)."'"; - $sql .= " WHERE rowid=".$obj->fk_expedition; + $sql .= " WHERE rowid = ".((int) $obj->fk_expedition); $resql2 = $db->query($sql); if (!$resql2) { @@ -3048,7 +3049,7 @@ function migrate_shipping_delivery($db, $langs, $conf) $result = $db->query($sqlInsert); if ($result) { $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."livraison SET fk_expedition = NULL"; - $sqlUpdate .= " WHERE rowid = ".$obj->rowid; + $sqlUpdate .= " WHERE rowid = ".((int) $obj->rowid); $result = $db->query($sqlUpdate); if (!$result) { @@ -3136,7 +3137,7 @@ function migrate_shipping_delivery2($db, $langs, $conf) $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."livraison SET"; $sqlUpdate .= " ref_customer = '".$db->escape($obj->ref_customer)."',"; $sqlUpdate .= " date_delivery = ".($obj->date_delivery ? "'".$db->escape($obj->date_delivery)."'" : 'null'); - $sqlUpdate .= " WHERE rowid = ".$obj->delivery_id; + $sqlUpdate .= " WHERE rowid = ".((int) $obj->delivery_id); $result = $db->query($sqlUpdate); if (!$result) { @@ -3360,7 +3361,7 @@ function migrate_clean_association($db, $langs, $conf) // And we insert only each record once foreach ($couples as $key => $val) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie_association(fk_categorie_mere,fk_categorie_fille)"; - $sql .= " VALUES(".$val['mere'].", ".$val['fille'].")"; + $sql .= " VALUES(".((int) $val['mere']).", ".((int) $val['fille']).")"; dolibarr_install_syslog("upgrade: insert association"); $resqli = $db->query($sql); if (!$resqli) { @@ -3492,7 +3493,7 @@ function migrate_event_assignement($db, $langs, $conf) $obj = $db->fetch_object($resql); $sqlUpdate = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element) "; - $sqlUpdate .= "VALUES(".$obj->id.", 'user', ".$obj->fk_user_action.")"; + $sqlUpdate .= "VALUES(".((int) $obj->id).", 'user', ".((int) $obj->fk_user_action).")"; $result = $db->query($sqlUpdate); if (!$result) { @@ -3558,7 +3559,7 @@ function migrate_event_assignement_contact($db, $langs, $conf) $obj = $db->fetch_object($resql); $sqlUpdate = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element) "; - $sqlUpdate .= "VALUES(".$obj->id.", 'socpeople', ".$obj->fk_contact.")"; + $sqlUpdate .= "VALUES(".((int) $obj->id).", 'socpeople', ".((int) $obj->fk_contact).")"; $result = $db->query($sqlUpdate); if (!$result) { @@ -3628,7 +3629,7 @@ function migrate_reset_blocked_log($db, $langs, $conf) print 'Process entity '.$obj->entity; - $sqlSearch = "SELECT count(rowid) as nb FROM ".MAIN_DB_PREFIX."blockedlog WHERE action = 'MODULE_SET' and entity = ".$obj->entity; + $sqlSearch = "SELECT count(rowid) as nb FROM ".MAIN_DB_PREFIX."blockedlog WHERE action = 'MODULE_SET' and entity = ".((int) $obj->entity); $resqlSearch = $db->query($sqlSearch); if ($resqlSearch) { $objSearch = $db->fetch_object($resqlSearch); @@ -3637,7 +3638,7 @@ function migrate_reset_blocked_log($db, $langs, $conf) print ' - Record for entity must be reset...'; $sqlUpdate = "DELETE FROM ".MAIN_DB_PREFIX."blockedlog"; - $sqlUpdate .= " WHERE entity = ".$obj->entity; + $sqlUpdate .= " WHERE entity = ".((int) $obj->entity); $resqlUpdate = $db->query($sqlUpdate); if (!$resqlUpdate) { $error++; @@ -3724,7 +3725,7 @@ function migrate_remise_entity($db, $langs, $conf) $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."societe_remise SET"; $sqlUpdate .= " entity = ".$obj->entity; - $sqlUpdate .= " WHERE rowid = ".$obj->rowid; + $sqlUpdate .= " WHERE rowid = ".((int) $obj->rowid); $result = $db->query($sqlUpdate); if (!$result) { @@ -3809,8 +3810,8 @@ function migrate_remise_except_entity($db, $langs, $conf) $obj2 = $db->fetch_object($resql2); $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."societe_remise_except SET"; - $sqlUpdate .= " entity = ".$obj2->entity; - $sqlUpdate .= " WHERE rowid = ".$obj->rowid; + $sqlUpdate .= " entity = ".((int) $obj2->entity); + $sqlUpdate .= " WHERE rowid = ".((int) $obj->rowid); $result = $db->query($sqlUpdate); if (!$result) { @@ -3879,8 +3880,8 @@ function migrate_user_rights_entity($db, $langs, $conf) $obj = $db->fetch_object($resql); $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."user_rights SET"; - $sqlUpdate .= " entity = ".$obj->entity; - $sqlUpdate .= " WHERE fk_user = ".$obj->rowid; + $sqlUpdate .= " entity = ".((int) $obj->entity); + $sqlUpdate .= " WHERE fk_user = ".((int) $obj->rowid); $result = $db->query($sqlUpdate); if (!$result) { @@ -3944,8 +3945,8 @@ function migrate_usergroup_rights_entity($db, $langs, $conf) $obj = $db->fetch_object($resql); $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."usergroup_rights SET"; - $sqlUpdate .= " entity = ".$obj->entity; - $sqlUpdate .= " WHERE fk_usergroup = ".$obj->rowid; + $sqlUpdate .= " entity = ".((int) $obj->entity); + $sqlUpdate .= " WHERE fk_usergroup = ".((int) $obj->rowid); $result = $db->query($sqlUpdate); if (!$result) { @@ -4604,7 +4605,7 @@ function migrate_users_socialnetworks() $sqlupd .= ', googleplus=null'; $sqlupd .= ', youtube=null'; $sqlupd .= ', whatsapp=null'; - $sqlupd .= ' WHERE rowid='.$obj->rowid; + $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid); //print $sqlupd."
"; $resqlupd = $db->query($sqlupd); if (!$resqlupd) { @@ -4695,7 +4696,7 @@ function migrate_members_socialnetworks() $sqlupd .= ', googleplus=null'; $sqlupd .= ', youtube=null'; $sqlupd .= ', whatsapp=null'; - $sqlupd .= ' WHERE rowid='.$obj->rowid; + $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid); //print $sqlupd."
"; $resqlupd = $db->query($sqlupd); if (!$resqlupd) { @@ -4790,7 +4791,7 @@ function migrate_contacts_socialnetworks() $sqlupd .= ', googleplus=null'; $sqlupd .= ', youtube=null'; $sqlupd .= ', whatsapp=null'; - $sqlupd .= ' WHERE rowid='.$obj->rowid; + $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid); //print $sqlupd."
"; $resqlupd = $db->query($sqlupd); if (!$resqlupd) { @@ -4880,7 +4881,7 @@ function migrate_thirdparties_socialnetworks() $sqlupd .= ', googleplus=null'; $sqlupd .= ', youtube=null'; $sqlupd .= ', whatsapp=null'; - $sqlupd .= ' WHERE rowid='.$obj->rowid; + $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid); //print $sqlupd."
"; $resqlupd = $db->query($sqlupd); if (!$resqlupd) { @@ -4944,7 +4945,7 @@ function migrate_export_import_profiles($mode = 'export') if ($mode == 'export') { $sqlupd .= ", filter = '".$db->escape($newfilter)."'"; } - $sqlupd .= ' WHERE rowid='.$obj->rowid; + $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid); $resultstring .= ''.$sqlupd."\n"; $resqlupd = $db->query($sqlupd); if (!$resqlupd) { diff --git a/htdocs/intracommreport/card.php b/htdocs/intracommreport/card.php index 24b8797a670..4dfc3250014 100644 --- a/htdocs/intracommreport/card.php +++ b/htdocs/intracommreport/card.php @@ -166,9 +166,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print '     '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/intracommreport/class/intracommreport.class.php b/htdocs/intracommreport/class/intracommreport.class.php index 9675d1f3860..d3f34fc149b 100644 --- a/htdocs/intracommreport/class/intracommreport.class.php +++ b/htdocs/intracommreport/class/intracommreport.class.php @@ -437,7 +437,7 @@ class IntracommReport extends CommonObject */ public function getNextDeclarationNumber() { - $resql = $this->db->query('SELECT MAX(numero_declaration) as max_declaration_number FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE exporttype="'.$this->exporttype.'"'); + $resql = $this->db->query('SELECT MAX(numero_declaration) as max_declaration_number FROM '.MAIN_DB_PREFIX.$this->table_element." WHERE exporttype='".$this->db->escape($this->exporttype)."'"); if ($resql) { $res = $this->db->fetch_object($resql); } diff --git a/htdocs/intracommreport/list.php b/htdocs/intracommreport/list.php index 686bd16d5de..a4fed4def2d 100644 --- a/htdocs/intracommreport/list.php +++ b/htdocs/intracommreport/list.php @@ -207,7 +207,7 @@ $sql = 'SELECT DISTINCT i.rowid, i.type_declaration, i.type_export, i.periods, i /* // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { - foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql.=($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql.=($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } */ // Add fields from hooks diff --git a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php new file mode 100644 index 00000000000..16429060a17 --- /dev/null +++ b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php @@ -0,0 +1,393 @@ + + * Copyright (C) 2021 SuperAdmin + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +use Luracast\Restler\RestException; + +dol_include_once('/knowledgemanagement/class/knowledgerecord.class.php'); + + + +/** + * \file knowledgemanagement/class/api_knowledgemanagement.class.php + * \ingroup knowledgemanagement + * \brief File for API management of knowledgerecord. + */ + +/** + * API class for knowledgemanagement knowledgerecord + * + * @access protected + * @class DolibarrApiAccess {@requires user,external} + */ +class KnowledgeManagement extends DolibarrApi +{ + /** + * @var KnowledgeRecord $knowledgerecord {@type KnowledgeRecord} + */ + public $knowledgerecord; + + /** + * Constructor + * + * @url GET / + * + */ + public function __construct() + { + global $db, $conf; + $this->db = $db; + $this->knowledgerecord = new KnowledgeRecord($this->db); + } + + /** + * Get properties of a knowledgerecord object + * + * Return an array with knowledgerecord informations + * + * @param int $id ID of knowledgerecord + * @return array|mixed data without useless information + * + * @url GET knowledgerecords/{id} + * + * @throws RestException 401 Not allowed + * @throws RestException 404 Not found + */ + public function get($id) + { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->read) { + throw new RestException(401); + } + + $result = $this->knowledgerecord->fetch($id); + if (!$result) { + throw new RestException(404, 'KnowledgeRecord not found'); + } + + if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) { + throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login); + } + + return $this->_cleanObjectDatas($this->knowledgerecord); + } + + + /** + * List knowledgerecords + * + * Get a list of knowledgerecords + * + * @param string $sortfield Sort field + * @param string $sortorder Sort order + * @param int $limit Limit for list + * @param int $page Page number + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of order objects + * + * @throws RestException + * + * @url GET /knowledgerecords/ + */ + public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '') + { + global $db, $conf; + + $obj_ret = array(); + $tmpobject = new KnowledgeRecord($this->db); + + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->read) { + throw new RestException(401); + } + + $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : ''; + + $restrictonsocid = 0; // Set to 1 if there is a field socid in table of object + + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if ($restrictonsocid && !DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) { + $search_sale = DolibarrApiAccess::$user->id; + } + + $sql = "SELECT t.rowid"; + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) + } + $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." as t"; + + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale + } + $sql .= " WHERE 1 = 1"; + + // Example of use $mode + //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; + //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; + + if ($tmpobject->ismultientitymanaged) { + $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; + } + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= " AND t.fk_soc = sc.fk_soc"; + } + if ($restrictonsocid && $socid) { + $sql .= " AND t.fk_soc = ".((int) $socid); + } + if ($restrictonsocid && $search_sale > 0) { + $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale + } + // Insert sale filter + if ($restrictonsocid && $search_sale > 0) { + $sql .= " AND sc.fk_user = ".((int) $search_sale); + } + if ($sqlfilters) { + if (!DolibarrApi::_checkFilters($sqlfilters)) { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)'; + $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; + } + + $sql .= $this->db->order($sortfield, $sortorder); + if ($limit) { + if ($page < 0) { + $page = 0; + } + $offset = $limit * $page; + + $sql .= $this->db->plimit($limit + 1, $offset); + } + + $result = $this->db->query($sql); + $i = 0; + if ($result) { + $num = $this->db->num_rows($result); + while ($i < $num) { + $obj = $this->db->fetch_object($result); + $tmp_object = new KnowledgeRecord($this->db); + if ($tmp_object->fetch($obj->rowid)) { + $obj_ret[] = $this->_cleanObjectDatas($tmp_object); + } + $i++; + } + } else { + throw new RestException(503, 'Error when retrieving knowledgerecord list: '.$this->db->lasterror()); + } + if (!count($obj_ret)) { + throw new RestException(404, 'No knowledgerecord found'); + } + return $obj_ret; + } + + /** + * Create knowledgerecord object + * + * @param array $request_data Request datas + * @return int ID of knowledgerecord + * + * @throws RestException + * + * @url POST knowledgerecords/ + */ + public function post($request_data = null) + { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->write) { + throw new RestException(401); + } + + // Check mandatory fields + $result = $this->_validate($request_data); + + foreach ($request_data as $field => $value) { + $this->knowledgerecord->$field = $this->_checkValForAPI($field, $value, $this->knowledgerecord); + } + + // Clean data + // $this->knowledgerecord->abc = checkVal($this->knowledgerecord->abc, 'alphanohtml'); + + if ($this->knowledgerecord->create(DolibarrApiAccess::$user)<0) { + throw new RestException(500, "Error creating KnowledgeRecord", array_merge(array($this->knowledgerecord->error), $this->knowledgerecord->errors)); + } + return $this->knowledgerecord->id; + } + + /** + * Update knowledgerecord + * + * @param int $id Id of knowledgerecord to update + * @param array $request_data Datas + * @return int + * + * @throws RestException + * + * @url PUT knowledgerecords/{id} + */ + public function put($id, $request_data = null) + { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->write) { + throw new RestException(401); + } + + $result = $this->knowledgerecord->fetch($id); + if (!$result) { + throw new RestException(404, 'KnowledgeRecord not found'); + } + + if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) { + throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login); + } + + foreach ($request_data as $field => $value) { + if ($field == 'id') { + continue; + } + $this->knowledgerecord->$field = $this->_checkValForAPI($field, $value, $this->knowledgerecord); + } + + // Clean data + // $this->knowledgerecord->abc = checkVal($this->knowledgerecord->abc, 'alphanohtml'); + + if ($this->knowledgerecord->update(DolibarrApiAccess::$user, false) > 0) { + return $this->get($id); + } else { + throw new RestException(500, $this->knowledgerecord->error); + } + } + + /** + * Delete knowledgerecord + * + * @param int $id KnowledgeRecord ID + * @return array + * + * @throws RestException + * + * @url DELETE knowledgerecords/{id} + */ + public function delete($id) + { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->delete) { + throw new RestException(401); + } + $result = $this->knowledgerecord->fetch($id); + if (!$result) { + throw new RestException(404, 'KnowledgeRecord not found'); + } + + if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) { + throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login); + } + + if (!$this->knowledgerecord->delete(DolibarrApiAccess::$user)) { + throw new RestException(500, 'Error when deleting KnowledgeRecord : '.$this->knowledgerecord->error); + } + + return array( + 'success' => array( + 'code' => 200, + 'message' => 'KnowledgeRecord deleted' + ) + ); + } + + + // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore + /** + * Clean sensible object datas + * + * @param Object $object Object to clean + * @return Object Object with cleaned properties + */ + protected function _cleanObjectDatas($object) + { + // phpcs:enable + $object = parent::_cleanObjectDatas($object); + + unset($object->rowid); + unset($object->canvas); + + /*unset($object->name); + unset($object->lastname); + unset($object->firstname); + unset($object->civility_id); + unset($object->statut); + unset($object->state); + unset($object->state_id); + unset($object->state_code); + unset($object->region); + unset($object->region_code); + unset($object->country); + unset($object->country_id); + unset($object->country_code); + unset($object->barcode_type); + unset($object->barcode_type_code); + unset($object->barcode_type_label); + unset($object->barcode_type_coder); + unset($object->total_ht); + unset($object->total_tva); + unset($object->total_localtax1); + unset($object->total_localtax2); + unset($object->total_ttc); + unset($object->fk_account); + unset($object->comments); + unset($object->note); + unset($object->mode_reglement_id); + unset($object->cond_reglement_id); + unset($object->cond_reglement); + unset($object->shipping_method_id); + unset($object->fk_incoterms); + unset($object->label_incoterms); + unset($object->location_incoterms); + */ + + // If object has lines, remove $db property + if (isset($object->lines) && is_array($object->lines) && count($object->lines) > 0) { + $nboflines = count($object->lines); + for ($i = 0; $i < $nboflines; $i++) { + $this->_cleanObjectDatas($object->lines[$i]); + + unset($object->lines[$i]->lines); + unset($object->lines[$i]->note); + } + } + + return $object; + } + + /** + * Validate fields before create or update object + * + * @param array $data Array of data to validate + * @return array + * + * @throws RestException + */ + private function _validate($data) + { + $knowledgerecord = array(); + foreach ($this->knowledgerecord->fields as $field => $propfield) { + if (in_array($field, array('rowid', 'entity', 'date_creation', 'tms', 'fk_user_creat')) || $propfield['notnull'] != 1) { + continue; // Not a mandatory field + } + if (!isset($data[$field])) { + throw new RestException(400, "$field field missing"); + } + $knowledgerecord[$field] = $data[$field]; + } + return $knowledgerecord; + } +} diff --git a/htdocs/knowledgemanagement/class/knowledgerecord.class.php b/htdocs/knowledgemanagement/class/knowledgerecord.class.php index baaa374a0cf..559e6f21cf0 100644 --- a/htdocs/knowledgemanagement/class/knowledgerecord.class.php +++ b/htdocs/knowledgemanagement/class/knowledgerecord.class.php @@ -90,6 +90,7 @@ class KnowledgeRecord extends CommonObject * 'arraykeyval' to set list of value if type is a list of predefined values. For example: array("0"=>"Draft","1"=>"Active","-1"=>"Cancel") * 'autofocusoncreate' to have field having the focus on a create form. Only 1 field should have this property set to 1. * 'comment' is not used. You can store here any text of your choice. It is not used by application. + * 'copytoclipboard' is 1 or 2 to allow to add a picto to copy value into clipboard (1=picto after label, 2=picto after value) * * Note: To have value dynamic, you can set value to 0 in definition and edit the value on the fly into the constructor. */ @@ -101,9 +102,9 @@ class KnowledgeRecord extends CommonObject public $fields=array( 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>1, 'notnull'=>1, 'visible'=>0, 'noteditable'=>'1', 'index'=>1, 'css'=>'left', 'comment'=>"Id"), 'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>'1', 'position'=>10, 'notnull'=>1, 'default'=>'(PROV)', 'visible'=>5, 'index'=>1, 'searchall'=>1, 'comment'=>"Reference of object"), - 'question' => array('type'=>'text', 'label'=>'Question', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'csslist'=>'tdoverflow300'), - 'answer' => array('type'=>'html', 'label'=>'Solution', 'enabled'=>'1', 'position'=>50, 'notnull'=>0, 'visible'=>3, 'csslist'=>'tdoverflow300'), - 'lang' => array('type'=>'varchar(6)', 'label'=>'Language', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>1), + 'question' => array('type'=>'text', 'label'=>'Question', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'csslist'=>'tdoverflow300', 'copytoclipboard'=>1), + 'lang' => array('type'=>'varchar(6)', 'label'=>'Language', 'enabled'=>'1', 'position'=>40, 'notnull'=>0, 'visible'=>1), + 'answer' => array('type'=>'html', 'label'=>'Solution', 'enabled'=>'1', 'position'=>50, 'notnull'=>0, 'visible'=>3, 'csslist'=>'tdoverflow300', 'copytoclipboard'=>1), 'date_creation' => array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>'1', 'position'=>500, 'notnull'=>1, 'visible'=>-2,), 'tms' => array('type'=>'timestamp', 'label'=>'DateModification', 'enabled'=>'1', 'position'=>501, 'notnull'=>0, 'visible'=>-2,), 'last_main_doc' => array('type'=>'varchar(255)', 'label'=>'LastMainDoc', 'enabled'=>'1', 'position'=>600, 'notnull'=>0, 'visible'=>0,), @@ -113,7 +114,7 @@ class KnowledgeRecord extends CommonObject 'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>'1', 'position'=>1000, 'notnull'=>-1, 'visible'=>-2,), 'model_pdf' => array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>'1', 'position'=>1010, 'notnull'=>-1, 'visible'=>0,), //'url' => array('type'=>'varchar(255)', 'label'=>'URL', 'enabled'=>'1', 'position'=>55, 'notnull'=>0, 'visible'=>-1, 'csslist'=>'tdoverflow200', 'help'=>'UrlForInfoPage'), - 'fk_c_ticket_category' => array('type'=>'integer:CTicketCategory:ticket/class/cticketcategory.class.php', 'label'=>'GroupOfTicket', 'enabled'=>'$conf->ticket->enabled', 'position'=>512, 'notnull'=>0, 'visible'=>-1, 'help'=>'YouCanLinkArticleToATicketCategory'), + 'fk_c_ticket_category' => array('type'=>'integer:CTicketCategory:ticket/class/cticketcategory.class.php', 'label'=>'SuggestedForTicketsInGroup', 'enabled'=>'$conf->ticket->enabled', 'position'=>512, 'notnull'=>0, 'visible'=>-1, 'help'=>'YouCanLinkArticleToATicketCategory'), 'status' => array('type'=>'integer', 'label'=>'Status', 'enabled'=>'1', 'position'=>1000, 'notnull'=>1, 'visible'=>1, 'default'=>0, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Validated'),), ); public $rowid; @@ -386,15 +387,15 @@ class KnowledgeRecord extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -406,7 +407,7 @@ class KnowledgeRecord extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/knowledgemanagement/core/modules/knowledgemanagement/mod_knowledgerecord_advanced.php b/htdocs/knowledgemanagement/core/modules/knowledgemanagement/mod_knowledgerecord_advanced.php index 48efbfbc8eb..70cda7254c8 100644 --- a/htdocs/knowledgemanagement/core/modules/knowledgemanagement/mod_knowledgerecord_advanced.php +++ b/htdocs/knowledgemanagement/core/modules/knowledgemanagement/mod_knowledgerecord_advanced.php @@ -81,7 +81,7 @@ class mod_knowledgerecord_advanced extends ModeleNumRefKnowledgeRecord $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/knowledgemanagement/knowledgemanagementindex.php b/htdocs/knowledgemanagement/knowledgemanagementindex.php index adb7052316f..d9b1f07e6e0 100644 --- a/htdocs/knowledgemanagement/knowledgemanagementindex.php +++ b/htdocs/knowledgemanagement/knowledgemanagementindex.php @@ -84,7 +84,7 @@ if (! empty($conf->knowledgemanagement->enabled) && $user->rights->knowledgemana $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); @@ -158,7 +158,7 @@ if (! empty($conf->knowledgemanagement->enabled) && $user->rights->knowledgemana $sql.= " FROM ".MAIN_DB_PREFIX."knowledgemanagement_myobject as s"; //if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")"; - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); //if ($socid) $sql.= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/knowledgemanagement/knowledgerecord_card.php b/htdocs/knowledgemanagement/knowledgerecord_card.php index 1500de628e7..08092696cab 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_card.php +++ b/htdocs/knowledgemanagement/knowledgerecord_card.php @@ -120,7 +120,7 @@ if (empty($reshook)) { // Upadate / add for lang if (($action == 'update' || $action == 'add') && !empty($permissiontoadd)) { - $object->lang = GETPOSTISSET('langkm', 'aZ09')?GETPOST('langkm', 'aZ09'):$object->lang; + $object->lang = (GETPOSTISSET('langkm') ? GETPOST('langkm', 'aZ09') : $object->lang); } // Actions cancel, add, update, update_extras, confirm_validate, confirm_delete, confirm_deleteline, confirm_clone, confirm_close, confirm_setdraft, confirm_reopen @@ -200,11 +200,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel('Create'); print ''; @@ -241,9 +237,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/knowledgemanagement/knowledgerecord_list.php b/htdocs/knowledgemanagement/knowledgerecord_list.php index 828137556ce..868c64e8786 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_list.php +++ b/htdocs/knowledgemanagement/knowledgerecord_list.php @@ -220,7 +220,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ",ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ",ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -284,7 +284,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 31556d499ef..7bc7dabf093 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1218,7 +1218,7 @@ SystemAreaForAdminOnly=This area is available to administrator users only. Dolib CompanyFundationDesc=Edit the information of your company/organization. Click on "%s" button at the bottom of the page when done. AccountantDesc=If you have an external accountant/bookkeeper, you can edit here its information. AccountantFileNumber=Accountant code -DisplayDesc=Parameters affecting the look and behaviour of Dolibarr can be modified here. +DisplayDesc=Parameters affecting the look and behaviour of the application can be modified here. AvailableModules=Available app/modules ToActivateModule=To activate modules, go on setup Area (Home->Setup->Modules). SessionTimeOut=Time out for session @@ -1421,7 +1421,7 @@ WAREHOUSE_ASK_WAREHOUSE_DURING_ORDER=Ask for Warehouse Source for order ##### Suppliers Orders ##### BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER=Ask for bank account destination of purchase order ##### Orders ##### -SuggestedPaymentModesIfNotDefinedInOrder=Suggested payments mode on sale order by default if not defined on the order +SuggestedPaymentModesIfNotDefinedInOrder=Suggested payments mode on sales order by default if not defined on the order OrdersSetup=Sales Orders management setup OrdersNumberingModules=Orders numbering models OrdersModelModule=Order documents models @@ -2163,6 +2163,7 @@ APIsAreNotEnabled=APIs modules are not enabled YouShouldSetThisToOff=You should set this to 0 or off InstallAndUpgradeLockedBy=Install and upgrades are locked by the file %s OldImplementation=Old implementation +PDF_SHOW_LINK_TO_ONLINE_PAYMENT=If some online payment modules are enabled (Paypal, Stripe, ...), add a link on the PDF to make the online payment DashboardDisableGlobal=Disable totally dashboard BoxstatsDisableGlobal=Disable totally box statistics DashboardDisableBlocks=Dashboard - Blocks to disable diff --git a/htdocs/langs/en_US/bills.lang b/htdocs/langs/en_US/bills.lang index a921aac9e48..e475a815ac9 100644 --- a/htdocs/langs/en_US/bills.lang +++ b/htdocs/langs/en_US/bills.lang @@ -234,12 +234,17 @@ AlreadyPaidBack=Already paid back AlreadyPaidNoCreditNotesNoDeposits=Already paid (without credit notes and down payments) Abandoned=Abandoned RemainderToPay=Remaining unpaid +RemainderToPayMulticurrency=Remaining unpaid, original currency RemainderToTake=Remaining amount to take +RemainderToTakeMulticurrency=Remaining amount to take, original currency RemainderToPayBack=Remaining amount to refund +RemainderToPayBackMulticurrency=Remaining amount to refund, original currency Rest=Pending AmountExpected=Amount claimed ExcessReceived=Excess received +ExcessReceivedMulticurrency=Excess received, original currency ExcessPaid=Excess paid +ExcessPaidMulticurrency=Excess paid, original currency EscompteOffered=Discount offered (payment before term) EscompteOfferedShort=Discount SendBillRef=Submission of invoice %s @@ -570,7 +575,7 @@ ToCreateARecurringInvoiceGene=To generate future invoices regularly and manually ToCreateARecurringInvoiceGeneAuto=If you need to have such invoices generated automatically, ask your administrator to enable and setup module %s. Note that both methods (manual and automatic) can be used together with no risk of duplication. DeleteRepeatableInvoice=Delete template invoice ConfirmDeleteRepeatableInvoice=Are your sure you want to delete the template invoice? -CreateOneBillByThird=Create one invoice per third party (otherwise, one invoice per order) +CreateOneBillByThird=Create one invoice per third party (otherwise, one invoice per selected object) BillCreated=%s invoice(s) generated BillXCreated=Invoice %s generated StatusOfGeneratedDocuments=Status of document generation @@ -591,6 +596,5 @@ SituationTotalRayToRest=Remainder to pay without taxe PDFSituationTitle=Situation n° %d SituationTotalProgress=Total progress %d %% SearchUnpaidInvoicesWithDueDate=Search unpaid invoices with a due date = %s -RegisterPaymentAndClasiffiedPayed=Enter payment and classify 'Paid' NoPaymentAvailable=No payment available for %s -RegisterPaymentAndClasiffiedPayedDone=Payment registered and classify 'Paid' done for invoice %s +PaymentRegisteredAndInvoiceSetToPaid=Payment registered and invoice %s set to paid diff --git a/htdocs/langs/en_US/cashdesk.lang b/htdocs/langs/en_US/cashdesk.lang index 80e6c564767..52dc71d140c 100644 --- a/htdocs/langs/en_US/cashdesk.lang +++ b/htdocs/langs/en_US/cashdesk.lang @@ -129,3 +129,4 @@ WeighingScale=Weighing scale ShowPriceHT = Display the column with the price excluding tax (on screen) ShowPriceHTOnReceipt = Display the column with the price excluding tax (on the receipt) CustomerDisplay=Customer display +SplitSale=Split sale diff --git a/htdocs/langs/en_US/exports.lang b/htdocs/langs/en_US/exports.lang index cb652229825..f2f2d2cf587 100644 --- a/htdocs/langs/en_US/exports.lang +++ b/htdocs/langs/en_US/exports.lang @@ -96,8 +96,8 @@ DataComeFromFileFieldNb=Value to insert comes from field number %s in sou DataComeFromIdFoundFromRef=Value that comes from field number %s of source file will be used to find the id of the parent object to use (so the object %s that has the ref. from source file must exist in the database). DataComeFromIdFoundFromCodeId=Code that comes from field number %s of source file will be used to find the id of the parent object to use (so the code from source file must exist in the dictionary %s). Note that if you know the id, you can also use it in the source file instead of the code. Import should work in both cases. DataIsInsertedInto=Data coming from source file will be inserted into the following field: -DataIDSourceIsInsertedInto=The id of parent object was found using the data in the source file, will be inserted into the following field: -DataCodeIDSourceIsInsertedInto=The id of parent line found from code, will be inserted into following field: +DataIDSourceIsInsertedInto=The id of the parent object, that was found using the data in the source file, will be inserted into the following field: +DataCodeIDSourceIsInsertedInto=The id of the parent line, that was found from code, will be inserted into the following field: SourceRequired=Data value is mandatory SourceExample=Example of possible data value ExampleAnyRefFoundIntoElement=Any ref found for element %s diff --git a/htdocs/langs/en_US/knowledgemanagement.lang b/htdocs/langs/en_US/knowledgemanagement.lang index 757ab01fc35..1f5e9d3905b 100644 --- a/htdocs/langs/en_US/knowledgemanagement.lang +++ b/htdocs/langs/en_US/knowledgemanagement.lang @@ -46,4 +46,5 @@ KnowledgeRecords = Articles KnowledgeRecord = Article KnowledgeRecordExtraFields = Extrafields for Article GroupOfTicket=Group of tickets -YouCanLinkArticleToATicketCategory=You can link an article to a ticket group (so the article will be suggested during qualification of new tickets) \ No newline at end of file +YouCanLinkArticleToATicketCategory=You can link an article to a ticket group (so the article will be suggested during qualification of new tickets) +SuggestedForTicketsInGroup=Suggested for tickets when group is \ No newline at end of file diff --git a/htdocs/langs/en_US/members.lang b/htdocs/langs/en_US/members.lang index 2c4409caa88..b193e1f34b6 100644 --- a/htdocs/langs/en_US/members.lang +++ b/htdocs/langs/en_US/members.lang @@ -155,7 +155,7 @@ DescADHERENT_CARD_TEXT_RIGHT=Text printed on member cards (align on right) DescADHERENT_CARD_FOOTER_TEXT=Text printed on bottom of member cards ShowTypeCard=Show type '%s' HTPasswordExport=htpassword file generation -NoThirdPartyAssociatedToMember=No third party associated to this member +NoThirdPartyAssociatedToMember=No third party associated with this member MembersAndSubscriptions= Members and Subscriptions MoreActions=Complementary action on recording MoreActionsOnSubscription=Complementary action, suggested by default when recording a subscription diff --git a/htdocs/langs/en_US/orders.lang b/htdocs/langs/en_US/orders.lang index 5dab5b99bf1..aad0010b4af 100644 --- a/htdocs/langs/en_US/orders.lang +++ b/htdocs/langs/en_US/orders.lang @@ -17,7 +17,7 @@ ToOrder=Make order MakeOrder=Make order SupplierOrder=Purchase order SuppliersOrders=Purchase orders -SaleOrderLines=Sale order lines +SaleOrderLines=Sales order lines PurchaseOrderLines=Puchase order lines SuppliersOrdersRunning=Current purchase orders CustomerOrder=Sales Order @@ -151,6 +151,7 @@ PDFEdisonDescription=A simple order model PDFProformaDescription=A complete Proforma invoice template CreateInvoiceForThisCustomer=Bill orders CreateInvoiceForThisSupplier=Bill orders +CreateInvoiceForThisReceptions=Bill receptions NoOrdersToInvoice=No orders billable CloseProcessedOrdersAutomatically=Classify "Processed" all selected orders. OrderCreation=Order creation diff --git a/htdocs/langs/en_US/receptions.lang b/htdocs/langs/en_US/receptions.lang index 338602e722e..4ee0555c396 100644 --- a/htdocs/langs/en_US/receptions.lang +++ b/htdocs/langs/en_US/receptions.lang @@ -36,7 +36,7 @@ StatsOnReceptionsOnlyValidated=Statistics conducted on receptions only validated SendReceptionByEMail=Send reception by email SendReceptionRef=Submission of reception %s ActionsOnReception=Events on reception -ReceptionCreationIsDoneFromOrder=For the moment, creation of a new reception is done from the order card. +ReceptionCreationIsDoneFromOrder=For the moment, creation of a new reception is done from the Purchase Order record. ReceptionLine=Reception line ProductQtyInReceptionAlreadySent=Product quantity from open sales order already sent ProductQtyInSuppliersReceptionAlreadyRecevied=Product quantity from open supplier order already received diff --git a/htdocs/langs/en_US/sendings.lang b/htdocs/langs/en_US/sendings.lang index b94891d79c5..8f10b1e9404 100644 --- a/htdocs/langs/en_US/sendings.lang +++ b/htdocs/langs/en_US/sendings.lang @@ -53,7 +53,7 @@ SendShippingByEMail=Send shipment by email SendShippingRef=Submission of shipment %s ActionsOnShipping=Events on shipment LinkToTrackYourPackage=Link to track your package -ShipmentCreationIsDoneFromOrder=For the moment, creation of a new shipment is done from the order card. +ShipmentCreationIsDoneFromOrder=For the moment, creation of a new shipment is done from the Sales Order record. ShipmentLine=Shipment line ProductQtyInCustomersOrdersRunning=Product quantity from open sales orders ProductQtyInSuppliersOrdersRunning=Product quantity from open purchase orders diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index 4396139f1f9..78b095d9f11 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -62,7 +62,7 @@ AllowAddLimitStockByWarehouse=Manage also value for minimum and desired stock pe RuleForWarehouse=Rule for warehouses WarehouseAskWarehouseOnThirparty=Set a warehouse on Third-parties WarehouseAskWarehouseDuringPropal=Set a warehouse on Commercial proposals -WarehouseAskWarehouseDuringOrder=Set a warehouse on Sale orders +WarehouseAskWarehouseDuringOrder=Set a warehouse on Sales Orders UserDefaultWarehouse=Set a warehouse on Users MainDefaultWarehouse=Default warehouse MainDefaultWarehouseUser=Use a default warehouse for each user diff --git a/htdocs/langs/en_US/users.lang b/htdocs/langs/en_US/users.lang index 841ee0f3daf..888c9f52161 100644 --- a/htdocs/langs/en_US/users.lang +++ b/htdocs/langs/en_US/users.lang @@ -62,8 +62,8 @@ ListOfUsersInGroup=List of users in this group ListOfGroupsForUser=List of groups for this user LinkToCompanyContact=Link to third party / contact LinkedToDolibarrMember=Link to member -LinkedToDolibarrUser=Link to Dolibarr user -LinkedToDolibarrThirdParty=Link to Dolibarr third party +LinkedToDolibarrUser=Link to user +LinkedToDolibarrThirdParty=Link to third party CreateDolibarrLogin=Create a user CreateDolibarrThirdParty=Create a third party LoginAccountDisableInDolibarr=Account disabled in Dolibarr. diff --git a/htdocs/loan/card.php b/htdocs/loan/card.php index c3c08b6cf2f..f54da087731 100644 --- a/htdocs/loan/card.php +++ b/htdocs/loan/card.php @@ -380,11 +380,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Add"); print ''; } @@ -706,11 +702,7 @@ if ($id > 0) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index b5c0ffc0add..0ec7786fc20 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -307,7 +307,7 @@ class Loan extends CommonObject // Delete payments if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_loan where fk_loan=".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_loan where fk_loan=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -404,7 +404,7 @@ class Loan extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."loan SET"; $sql .= " paid = ".$this::STATUS_PAID; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -440,7 +440,7 @@ class Loan extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."loan SET"; $sql .= " paid = ".$this::STATUS_STARTED; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -475,7 +475,7 @@ class Loan extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."loan SET"; $sql .= " paid = ".$this::STATUS_UNPAID; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -651,7 +651,7 @@ class Loan extends CommonObject $sql = 'SELECT sum(amount_capital) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSumPayment", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/loan/class/loanschedule.class.php b/htdocs/loan/class/loanschedule.class.php index 126002eb47a..9beff9dd22e 100644 --- a/htdocs/loan/class/loanschedule.class.php +++ b/htdocs/loan/class/loanschedule.class.php @@ -498,7 +498,7 @@ class LoanSchedule extends CommonObject $toinsert = array(); $sql = "SELECT l.rowid"; - $sql .= " FROM ".MAIN_DB_PREFIX."loan as l "; + $sql .= " FROM ".MAIN_DB_PREFIX."loan as l"; $sql .= " WHERE l.paid = 0"; $resql = $this->db->query($sql); @@ -511,7 +511,8 @@ class LoanSchedule extends CommonObject $this->db->begin(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."payment_loan "; $sql .= "(fk_loan,datec,tms,datep,amount_capital,amount_insurance,amount_interest,fk_typepayment,num_payment,note_private,note_public,fk_bank,fk_user_creat,fk_user_modif) "; - $sql .= "SELECT fk_loan,datec,tms,datep,amount_capital,amount_insurance,amount_interest,fk_typepayment,num_payment,note_private,note_public,fk_bank,fk_user_creat,fk_user_modif FROM ".MAIN_DB_PREFIX."loan_schedule WHERE rowid =".$echid; + $sql .= "SELECT fk_loan,datec,tms,datep,amount_capital,amount_insurance,amount_interest,fk_typepayment,num_payment,note_private,note_public,fk_bank,fk_user_creat,fk_user_modif"; + $sql .= " FROM ".MAIN_DB_PREFIX."loan_schedule WHERE rowid =".((int) $echid); $res = $this->db->query($sql); if ($res) { $this->db->commit(); diff --git a/htdocs/loan/class/paymentloan.class.php b/htdocs/loan/class/paymentloan.class.php index fd4dbf42081..841ffa7b373 100644 --- a/htdocs/loan/class/paymentloan.class.php +++ b/htdocs/loan/class/paymentloan.class.php @@ -332,7 +332,6 @@ class PaymentLoan extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."payment_loan SET"; - $sql .= " fk_loan=".(isset($this->fk_loan) ? $this->fk_loan : "null").","; $sql .= " datec=".(dol_strlen($this->datec) != 0 ? "'".$this->db->idate($this->datec)."'" : 'null').","; $sql .= " tms=".(dol_strlen($this->tms) != 0 ? "'".$this->db->idate($this->tms)."'" : 'null').","; @@ -347,7 +346,6 @@ class PaymentLoan extends CommonObject $sql .= " fk_bank=".(isset($this->fk_bank) ? $this->fk_bank : "null").","; $sql .= " fk_user_creat=".(isset($this->fk_user_creat) ? $this->fk_user_creat : "null").","; $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -389,7 +387,7 @@ class PaymentLoan extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_url"; - $sql .= " WHERE type='payment_loan' AND url_id=".$this->id; + $sql .= " WHERE type='payment_loan' AND url_id=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/loan/payment/card.php b/htdocs/loan/payment/card.php index 675401e34f9..0292fbf5b2c 100644 --- a/htdocs/loan/payment/card.php +++ b/htdocs/loan/payment/card.php @@ -156,8 +156,8 @@ $disable_delete = 0; $sql = 'SELECT l.rowid as id, l.label, l.paid, l.capital as capital, pl.amount_capital, pl.amount_insurance, pl.amount_interest'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_loan as pl,'.MAIN_DB_PREFIX.'loan as l'; $sql .= ' WHERE pl.fk_loan = l.rowid'; -$sql .= ' AND l.entity = '.$conf->entity; -$sql .= ' AND pl.rowid = '.$payment->id; +$sql .= ' AND l.entity = '.((int) $conf->entity); +$sql .= ' AND pl.rowid = '.((int) $payment->id); dol_syslog("loan/payment/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/loan/payment/payment.php b/htdocs/loan/payment/payment.php index 58783be181e..47fa5b37846 100644 --- a/htdocs/loan/payment/payment.php +++ b/htdocs/loan/payment/payment.php @@ -372,11 +372,7 @@ if ($action == 'create') { print ''; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print "\n"; } diff --git a/htdocs/loan/schedule.php b/htdocs/loan/schedule.php index 67be217f0d2..6dae3383d47 100644 --- a/htdocs/loan/schedule.php +++ b/htdocs/loan/schedule.php @@ -335,7 +335,7 @@ if (count($echeances->lines) == 0) { } else { $label = $langs->trans("Save"); } -print '
'; +print '
'; print ''; // End of page diff --git a/htdocs/mailmanspip/class/mailmanspip.class.php b/htdocs/mailmanspip/class/mailmanspip.class.php index d08f6f65094..c5ce2292f6a 100644 --- a/htdocs/mailmanspip/class/mailmanspip.class.php +++ b/htdocs/mailmanspip/class/mailmanspip.class.php @@ -232,7 +232,7 @@ class MailmanSpip $mydb = $this->connectSpip(); if ($mydb) { - $query = "DELETE FROM spip_auteurs WHERE login='".$object->login."'"; + $query = "DELETE FROM spip_auteurs WHERE login = '".$mydb->escape($object->login)."'"; $result = $mydb->query($query); @@ -271,7 +271,7 @@ class MailmanSpip $mydb = $this->connectSpip(); if ($mydb) { - $query = "SELECT login FROM spip_auteurs WHERE login='".$object->login."'"; + $query = "SELECT login FROM spip_auteurs WHERE login = '".$mydb->escape($object->login)."'"; $result = $mydb->query($query); diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index b712879f2fa..6bb5b39507b 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -442,7 +442,7 @@ if ((!empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_VE } // Creation of a token against CSRF vulnerabilities -if (!defined('NOTOKENRENEWAL')) { +if (!defined('NOTOKENRENEWAL') && !defined('NOSESSION')) { // No token renewal on .css.php, .js.php and .json.php if (!preg_match('/\.(css|js|json)\.php$/', $_SERVER["PHP_SELF"])) { // Rolling token at each call ($_SESSION['token'] contains token of previous page) diff --git a/htdocs/margin/admin/margin.php b/htdocs/margin/admin/margin.php index 4df01332eb1..2c224678f60 100644 --- a/htdocs/margin/admin/margin.php +++ b/htdocs/margin/admin/margin.php @@ -140,7 +140,7 @@ print '/> '; print $langs->trans('MargeType3'); print ''; print ''; -print ''; +print ''; print ''; print ''.$langs->trans('MarginTypeDesc'); print ''; @@ -215,7 +215,7 @@ print ''; print Form::selectarray('MARGIN_METHODE_FOR_DISCOUNT', $methods, $conf->global->MARGIN_METHODE_FOR_DISCOUNT); print ''; print ''; -print ''; +print ''; print ''; print ''.$langs->trans('MARGIN_METHODE_FOR_DISCOUNT_DETAILS').''; print ''; @@ -233,7 +233,7 @@ $facture = new Facture($db); print $formcompany->selectTypeContact($facture, $conf->global->AGENT_CONTACT_TYPE, "AGENT_CONTACT_TYPE", "internal", "code", 1); print ''; print ''; -print ''; +print ''; print ''; print ''.$langs->trans('AgentContactTypeDetails').''; print ''; diff --git a/htdocs/margin/checkMargins.php b/htdocs/margin/checkMargins.php index d12c827cc3e..1349e02d2d8 100644 --- a/htdocs/margin/checkMargins.php +++ b/htdocs/margin/checkMargins.php @@ -106,8 +106,8 @@ if (empty($reshook)) { $invoicedet_id = $tmp_array[1]; if (!empty($invoicedet_id)) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'facturedet'; - $sql .= ' SET buy_price_ht=\''.price2num($value).'\''; - $sql .= ' WHERE rowid='.$invoicedet_id; + $sql .= " SET buy_price_ht = ".((float) price2num($value)); + $sql .= ' WHERE rowid = '.((int) $invoicedet_id); $result = $db->query($sql); if (!$result) { setEventMessages($db->lasterror, null, 'errors'); diff --git a/htdocs/margin/customerMargins.php b/htdocs/margin/customerMargins.php index 7fed219ffcd..6861f67db0d 100644 --- a/htdocs/margin/customerMargins.php +++ b/htdocs/margin/customerMargins.php @@ -237,7 +237,7 @@ if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND f.fk_statut NOT IN (".$db->sanitize(implode(', ', $invoice_status_except_list)).")"; $sql .= ' AND s.entity IN ('.getEntity('societe').')'; diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index d2c9a1bca76..3b14f1db808 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -158,7 +158,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND d.fk_facture = f.rowid"; $sql .= " AND d.fk_product = ".((int) $object->id); if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { $sql .= " AND f.fk_soc = $socid"; diff --git a/htdocs/modulebuilder/admin/setup.php b/htdocs/modulebuilder/admin/setup.php index 62eccc5be18..5aaae9f93eb 100644 --- a/htdocs/modulebuilder/admin/setup.php +++ b/htdocs/modulebuilder/admin/setup.php @@ -193,7 +193,7 @@ print ''; print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); if (GETPOST('withtab', 'alpha')) { print dol_get_fiche_end(); diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 0a05266b6ff..db8bc85816e 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -383,7 +383,7 @@ if ($dirins && $action == 'initphpunit' && !empty($module)) { $modulename = ucfirst($module); // Force first letter in uppercase $objectname = $tabobj; - dol_mkdir($dirins.'/'.strtolower($module).'/class'); + dol_mkdir($dirins.'/'.strtolower($module).'/test/phpunit'); $srcdir = DOL_DOCUMENT_ROOT.'/modulebuilder/template'; $srcfile = $srcdir.'/test/phpunit/MyObjectTest.php'; $destfile = $dirins.'/'.strtolower($module).'/test/phpunit/'.strtolower($objectname).'Test.php'; @@ -2219,7 +2219,8 @@ if ($module == 'initmodule') { if ($action != 'editfile' || empty($file)) { print ''; - $htmlhelp = $langs->trans("DictionariesDefDescTooltip", ''.$langs->trans('Setup').' - '.$langs->trans('Dictionaries').''); + $htmlhelp = $langs->trans("DictionariesDefDescTooltip", '{s1}'); + $htmlhelp = str_replace('{s1}', ''.$langs->trans('Setup').' - '.$langs->trans('Dictionaries').'', $htmlhelp); print $form->textwithpicto($langs->trans("DictionariesDefDesc"), $htmlhelp, 1, 'help', '', 0, 2, 'helpondesc').'
'; print ''; print '
'; @@ -2717,7 +2718,7 @@ if ($module == 'initmodule') { print ''; print ''; print ''; - print ''; + print ''; print ''; // List of existing properties @@ -3012,7 +3013,8 @@ if ($module == 'initmodule') { if ($action != 'editfile' || empty($file)) { print ''; - $htmlhelp = $langs->trans("MenusDefDescTooltip", ''.$langs->trans('Setup').' - '.$langs->trans('Menus').''); + $htmlhelp = $langs->trans("MenusDefDescTooltip", '{s1}'); + $htmlhelp = str_replace('{s1}', ''.$langs->trans('Setup').' - '.$langs->trans('Menus').'', $htmlhelp); print $form->textwithpicto($langs->trans("MenusDefDesc"), $htmlhelp, 1, 'help', '', 0, 2, 'helpondesc').'
'; print ''; print '
'; @@ -3144,7 +3146,8 @@ if ($module == 'initmodule') { if ($action != 'editfile' || empty($file)) { print ''; - $htmlhelp = $langs->trans("PermissionsDefDescTooltip", ''.$langs->trans('DefaultPermissions').''); + $htmlhelp = $langs->trans("PermissionsDefDescTooltip", '{s1}'); + $htmlhelp = str_replace('{s1}', ''.$langs->trans('DefaultRights').'', $htmlhelp); print $form->textwithpicto($langs->trans("PermissionsDefDesc"), $htmlhelp, 1, 'help', '', 0, 2, 'helpondesc').'
'; print ''; print '
'; @@ -3611,7 +3614,7 @@ if ($module == 'initmodule') { $cronjobs = $moduleobj->cronjobs; if ($action != 'editfile' || empty($file)) { - print ''.str_replace('{s1}', ''.$langs->transnoentities('CronList').'', $langs->trans("CronJobDefDesc", '{s1}')).'
'; + print ''.str_replace('{s1}', ''.$langs->transnoentities('CronList').'', $langs->trans("CronJobDefDesc", '{s1}')).'
'; print '
'; print ' '.$langs->trans("DescriptorFile").' : '.$pathtofile.''; diff --git a/htdocs/modulebuilder/template/class/api_mymodule.class.php b/htdocs/modulebuilder/template/class/api_mymodule.class.php index faeb22a095b..cb2fbda68a6 100644 --- a/htdocs/modulebuilder/template/class/api_mymodule.class.php +++ b/htdocs/modulebuilder/template/class/api_mymodule.class.php @@ -69,7 +69,7 @@ class MyModuleApi extends DolibarrApi */ public function get($id) { - if (!DolibarrApiAccess::$user->rights->mymodule->read) { + if (!DolibarrApiAccess::$user->rights->mymodule->myobject->read) { throw new RestException(401); } @@ -205,7 +205,7 @@ class MyModuleApi extends DolibarrApi */ public function post($request_data = null) { - if (!DolibarrApiAccess::$user->rights->mymodule->write) { + if (!DolibarrApiAccess::$user->rights->mymodule->myobject->write) { throw new RestException(401); } @@ -238,7 +238,7 @@ class MyModuleApi extends DolibarrApi */ public function put($id, $request_data = null) { - if (!DolibarrApiAccess::$user->rights->mymodule->write) { + if (!DolibarrApiAccess::$user->rights->mymodule->myobject->write) { throw new RestException(401); } @@ -280,7 +280,7 @@ class MyModuleApi extends DolibarrApi */ public function delete($id) { - if (!DolibarrApiAccess::$user->rights->mymodule->delete) { + if (!DolibarrApiAccess::$user->rights->mymodule->myobject->delete) { throw new RestException(401); } $result = $this->myobject->fetch($id); diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index 86546aa05a7..dc72b81a96a 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -92,6 +92,8 @@ class MyObject extends CommonObject * 'autofocusoncreate' to have field having the focus on a create form. Only 1 field should have this property set to 1. * 'comment' is not used. You can store here any text of your choice. It is not used by application. * 'validate' is 1 if need to validate with $this->validateField() + * 'copytoclipboard' is 1 or 2 to allow to add a picto to copy value into clipboard (1=picto after label, 2=picto after value) + * * Note: To have value dynamic, you can set value to 0 in definition and edit the value on the fly into the constructor. */ @@ -441,27 +443,27 @@ class MyObject extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')'; + $sql .= " AND (".implode(" ".$filtermode." ", $sqlwhere).")"; } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php index 9db4bcb9854..de9188e714d 100644 --- a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php +++ b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php @@ -456,10 +456,10 @@ class modMyModule extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php b/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php index f3228915592..4e154b5665d 100644 --- a/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php +++ b/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php @@ -158,7 +158,7 @@ class doc_generic_myobject_odt extends ModelePDFMyObject $texte .= $conf->global->MYMODULE_MYOBJECT_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/modulebuilder/template/core/modules/mymodule/mod_myobject_advanced.php b/htdocs/modulebuilder/template/core/modules/mymodule/mod_myobject_advanced.php index 72b46b96416..b7fd7085783 100644 --- a/htdocs/modulebuilder/template/core/modules/mymodule/mod_myobject_advanced.php +++ b/htdocs/modulebuilder/template/core/modules/mymodule/mod_myobject_advanced.php @@ -81,7 +81,7 @@ class mod_myobject_advanced extends ModeleNumRefMyObject $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/modulebuilder/template/mymoduleindex.php b/htdocs/modulebuilder/template/mymoduleindex.php index 990a6d91bfa..c0c98d88e8f 100644 --- a/htdocs/modulebuilder/template/mymoduleindex.php +++ b/htdocs/modulebuilder/template/mymoduleindex.php @@ -112,7 +112,7 @@ if (! empty($conf->mymodule->enabled) && $user->rights->mymodule->read) $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); @@ -187,7 +187,7 @@ if (! empty($conf->mymodule->enabled) && $user->rights->mymodule->read) $sql.= " FROM ".MAIN_DB_PREFIX."mymodule_myobject as s"; //if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")"; - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); //if ($socid) $sql.= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index b074412b6b3..87a28615806 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -158,7 +158,7 @@ if (empty($reshook)) { if (empty($id) && (($action != 'add' && $action != 'create') || $cancel)) { $backtopage = $backurlforlist; } else { - $backtopage = dol_buildpath('/mymodule/myobject_card.php', 1).'?id='.($id > 0 ? $id : '__ID__'); + $backtopage = dol_buildpath('/mymodule/myobject_card.php', 1).'?id='.((!empty($id) && $id > 0) ? $id : '__ID__'); } } } @@ -258,11 +258,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -298,9 +294,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index d8c5f84d3de..3319ca1909d 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -42,6 +42,7 @@ //if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification +//if (! defined('NOSESSION')) define('NOSESSION', '1'); // On CLI mode, no need to use web sessions // Load Dolibarr environment $res = 0; @@ -265,7 +266,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -329,7 +330,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql .= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { @@ -344,6 +345,13 @@ $sql .= $hookmanager->resPrint; $sql = preg_replace('/,\s*$/', '', $sql); */ +// Add HAVING from hooks +/* +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook +$sql .= !empty($hookmanager->resPrint) ? (" HAVING 1=1 " . $hookmanager->resPrint) : ""; +*/ + // Count total nb of records $nbtotalofrecords = ''; if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { diff --git a/htdocs/mrp/class/api_mos.class.php b/htdocs/mrp/class/api_mos.class.php index ed17db03db6..a59a7247338 100644 --- a/htdocs/mrp/class/api_mos.class.php +++ b/htdocs/mrp/class/api_mos.class.php @@ -370,12 +370,12 @@ class Mos extends DolibarrApi $qtytoprocess = $value["qty"]; if (isset($value["fk_warehouse"])) { // If there is a warehouse to set if (!($value["fk_warehouse"] > 0)) { // If there is no warehouse set. - throw new RestException(500, "Field fk_warehouse must be > 0 in ".$arrayname); $error++; + throw new RestException(500, "Field fk_warehouse must be > 0 in ".$arrayname); } if ($tmpproduct->status_batch) { - throw new RestException(500, "Product ".$tmpproduct->ref."must be in batch"); $error++; + throw new RestException(500, "Product ".$tmpproduct->ref."must be in batch"); } } $idstockmove = 0; diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index df5dcba60ad..c88f0f44b48 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -97,7 +97,7 @@ class Mo extends CommonObject * @var array Array with all fields and their property. Do not use it as a static var. It may be modified by constructor. */ public $fields = array( - 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'position'=>1, 'notnull'=>1, 'index'=>1, 'comment'=>"Id",), + 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-2, 'position'=>1, 'notnull'=>1, 'index'=>1, 'comment'=>"Id",), 'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'position'=>5, 'notnull'=>1, 'default'=>'1', 'index'=>1), 'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>4, 'position'=>10, 'notnull'=>1, 'default'=>'(PROV)', 'index'=>1, 'searchall'=>1, 'comment'=>"Reference of object", 'showoncombobox'=>'1', 'noteditable'=>1), 'fk_bom' => array('type'=>'integer:Bom:bom/class/bom.class.php:0:t.status=1', 'filter'=>'active=1', 'label'=>'BOM', 'enabled'=>1, 'visible'=>1, 'position'=>33, 'notnull'=>-1, 'index'=>1, 'comment'=>"Original BOM", 'css'=>'minwidth100 maxwidth300', 'csslist'=>'nowraponall'), @@ -437,13 +437,13 @@ class Mo extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -455,7 +455,7 @@ class Mo extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -502,7 +502,7 @@ class Mo extends CommonObject if ($lineid > 0) { $sql .= ' AND t.fk_mrp_production = '.((int) $lineid); } else { - $sql .= 'AND t.fk_mo = '.$this->id; + $sql .= 'AND t.fk_mo = '.((int) $this->id); } $resql = $this->db->query($sql); @@ -546,7 +546,7 @@ class Mo extends CommonObject $result = 0; $sql = 'SELECT COUNT(rowid) as nb FROM '.MAIN_DB_PREFIX.'stock_mouvement as sm'; - $sql .= " WHERE sm.origintype = 'mo' and sm.fk_origin = ".$this->id; + $sql .= " WHERE sm.origintype = 'mo' and sm.fk_origin = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -627,7 +627,7 @@ class Mo extends CommonObject if (!$error) { // TODO Check that production has not started. If yes, we stop here. - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'mrp_production WHERE fk_mo = '.$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'mrp_production WHERE fk_mo = '.((int) $this->id); $this->db->query($sql); $moline = new MoLine($this->db); @@ -838,7 +838,7 @@ class Mo extends CommonObject $sql .= " status = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($now)."',"; $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1546,13 +1546,13 @@ class MoLine extends CommonObjectLine if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -1564,7 +1564,7 @@ class MoLine extends CommonObjectLine $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/mrp/mo_card.php b/htdocs/mrp/mo_card.php index 732cde2ef2f..6eaf42ed833 100644 --- a/htdocs/mrp/mo_card.php +++ b/htdocs/mrp/mo_card.php @@ -286,11 +286,7 @@ if ($action == 'create') { '; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print ''; + print $form->buttonsSaveCancel("Create"); if (GETPOST('fk_bom', 'int') > 0) { print load_fiche_titre($langs->trans("ToConsume")); @@ -341,9 +337,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/mrp/mo_list.php b/htdocs/mrp/mo_list.php index 012b43ff61a..5b4215f91db 100644 --- a/htdocs/mrp/mo_list.php +++ b/htdocs/mrp/mo_list.php @@ -207,7 +207,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -272,7 +272,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/mrp/mo_movements.php b/htdocs/mrp/mo_movements.php index 803fb3bf5b7..bab57db22ea 100644 --- a/htdocs/mrp/mo_movements.php +++ b/htdocs/mrp/mo_movements.php @@ -423,7 +423,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Add fields from extrafields if (!empty($extrafields->attributes[$objectlist->table_element]['label'])) { foreach ($extrafields->attributes[$objectlist->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$objectlist->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$objectlist->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/mrp/mo_production.php b/htdocs/mrp/mo_production.php index ca9480eb1ae..678865805d7 100644 --- a/htdocs/mrp/mo_production.php +++ b/htdocs/mrp/mo_production.php @@ -661,7 +661,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''; print $langs->trans("MovementLabel").':

'; print '
'; - print ''; + print ''; print '   '; print ''; print '

'; diff --git a/htdocs/multicurrency/class/multicurrency.class.php b/htdocs/multicurrency/class/multicurrency.class.php index 5067a6e91d5..a811a396811 100644 --- a/htdocs/multicurrency/class/multicurrency.class.php +++ b/htdocs/multicurrency/class/multicurrency.class.php @@ -130,7 +130,7 @@ class MultiCurrency extends CommonObject if (empty($this->entity) || $this->entity <= 0) { $this->entity = $conf->entity; } - $now = date('Y-m-d H:i:s'); + $now = dol_now(); // Insert request $sql = 'INSERT INTO '.MAIN_DB_PREFIX.$this->table_element.'('; @@ -140,11 +140,11 @@ class MultiCurrency extends CommonObject $sql .= ' date_create,'; $sql .= ' fk_user'; $sql .= ') VALUES ('; - $sql .= ' \''.$this->db->escape($this->code).'\','; - $sql .= ' \''.$this->db->escape($this->name).'\','; - $sql .= ' \''.$this->entity.'\','; - $sql .= ' \''.$now.'\','; - $sql .= ' \''.$user->id.'\''; + $sql .= " '".$this->db->escape($this->code)."',"; + $sql .= " '".$this->db->escape($this->name)."',"; + $sql .= " ".((int) $this->entity).","; + $sql .= " '".$this->db->idate($now)."',"; + $sql .= " ".((int) $user->id); $sql .= ')'; $this->db->begin(); @@ -245,7 +245,7 @@ class MultiCurrency extends CommonObject { $sql = 'SELECT cr.rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as cr'; - $sql .= ' WHERE cr.fk_multicurrency = '.$this->id; + $sql .= ' WHERE cr.fk_multicurrency = '.((int) $this->id); $sql .= ' ORDER BY cr.date_sync DESC'; $this->rates = array(); @@ -479,8 +479,8 @@ class MultiCurrency extends CommonObject { $sql = 'SELECT cr.rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as cr'; - $sql .= ' WHERE cr.fk_multicurrency = '.$this->id; - $sql .= ' AND cr.date_sync = (SELECT MAX(cr2.date_sync) FROM '.MAIN_DB_PREFIX.$this->table_element_line.' AS cr2 WHERE cr2.fk_multicurrency = '.$this->id.')'; + $sql .= " WHERE cr.fk_multicurrency = ".((int) $this->id); + $sql .= " AND cr.date_sync = (SELECT MAX(cr2.date_sync) FROM ".MAIN_DB_PREFIX.$this->table_element_line." AS cr2 WHERE cr2.fk_multicurrency = ".((int) $this->id).")"; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -781,7 +781,7 @@ class CurrencyRate extends CommonObjectLine $sql .= ' fk_multicurrency,'; $sql .= ' entity'; $sql .= ') VALUES ('; - $sql .= ' '.$this->rate.','; + $sql .= ' '.((float) $this->rate).','; $sql .= " '".$this->db->idate($now)."',"; $sql .= " ".((int) $fk_multicurrency).","; $sql .= " ".((int) $this->entity); @@ -880,13 +880,13 @@ class CurrencyRate extends CommonObjectLine $this->rate = price2num($this->rate); // Update request - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET'; - $sql .= ' rate='.$this->rate; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; + $sql .= "SET rate =".((float) $this->rate); if (!empty($this->date_sync)) { $sql .= ", date_sync='".$this->db->idate($this->date_sync)."'"; } if (!empty($this->fk_multicurrency)) { - $sql .= ', fk_multicurrency='.$this->fk_multicurrency; + $sql .= ', fk_multicurrency='.((int) $this->fk_multicurrency); } $sql .= ' WHERE rowid='.((int) $this->id); diff --git a/htdocs/multicurrency/multicurrency_rate.php b/htdocs/multicurrency/multicurrency_rate.php index 3a8c1be819e..35b7544ccbc 100644 --- a/htdocs/multicurrency/multicurrency_rate.php +++ b/htdocs/multicurrency/multicurrency_rate.php @@ -264,7 +264,7 @@ if (!in_array($action, array("updateRate", "deleteRate"))) { print ''; print ' '.$langs->trans('Currency').''; - print ''.$form->selectMultiCurrency((GETPOSTISSET('multicurrency_code') ? GETPOST('multicurrency_code', 'alpha') : $multicurrency_code), 'multicurrency_code', 1, " code != '".$conf->currency."'", true).''; + print ''.$form->selectMultiCurrency((GETPOSTISSET('multicurrency_code') ? GETPOST('multicurrency_code', 'alpha') : $multicurrency_code), 'multicurrency_code', 1, " code != '".$db->escape($conf->currency)."'", true).''; print ' '.$langs->trans('Rate').''; print ' '; diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php index fd9fa3e0456..db3f54901b9 100644 --- a/htdocs/opensurvey/card.php +++ b/htdocs/opensurvey/card.php @@ -342,11 +342,7 @@ print ''; print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); } print ''."\n"; diff --git a/htdocs/partnership/admin/setup.php b/htdocs/partnership/admin/setup.php index 25567b137db..100dc7027a3 100644 --- a/htdocs/partnership/admin/setup.php +++ b/htdocs/partnership/admin/setup.php @@ -65,8 +65,10 @@ if ($action == 'setting') { $error += $partnership->delete_menus(); $error += $partnership->insert_menus(); - if (GETPOST("PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL", 'int')) + if (GETPOSTISSET("PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL")) { dolibarr_set_const($db, "PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL", GETPOST("PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL", 'int'), 'chaine', 0, '', $conf->entity); + } + dolibarr_set_const($db, "PARTNERSHIP_BACKLINKS_TO_CHECK", GETPOST("PARTNERSHIP_BACKLINKS_TO_CHECK"), 'chaine', 0, '', $conf->entity); } @@ -131,16 +133,16 @@ print ''.$langs->trans("partnershipforthirdparty print ''; -if (!empty($conf->global->PARTNERSHIP_IS_MANAGED_FOR) && $conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'member') { - print ''.$langs->trans("PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL").''; - print ''; - $dnbdays = '15'; - $backlinks = (!empty($conf->global->PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL)) ? $conf->global->PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL : $dnbdays; - print ''; - print ''; - print ''.$dnbdays.''; - print ''; -} +//if (!empty($conf->global->PARTNERSHIP_IS_MANAGED_FOR) && $conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'member') { +print ''.$langs->trans("PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL").''; +print ''; +$dnbdays = '30'; +$backlinks = (!empty($conf->global->PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL)) ? $conf->global->PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL : $dnbdays; +print ''; +print ''; +print ''.$dnbdays.''; +print ''; +//} print ''; print ''; diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index feef3c7e81f..121b53007df 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -483,15 +483,15 @@ class Partnership extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -503,7 +503,7 @@ class Partnership extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -627,7 +627,7 @@ class Partnership extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); @@ -751,7 +751,7 @@ class Partnership extends CommonObject // if (!empty($this->fields['fk_user_valid'])) { // $sql .= ", fk_user_valid = ".$user->id; // } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::accept()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/partnership/core/modules/partnership/mod_partnership_advanced.php b/htdocs/partnership/core/modules/partnership/mod_partnership_advanced.php index a536bb59600..5d348843941 100644 --- a/htdocs/partnership/core/modules/partnership/mod_partnership_advanced.php +++ b/htdocs/partnership/core/modules/partnership/mod_partnership_advanced.php @@ -81,7 +81,7 @@ class mod_partnership_advanced extends ModeleNumRefPartnership $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index e0fa5b90f4c..bf980ab9cda 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -288,11 +288,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -328,9 +324,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/partnership/partnership_list.php b/htdocs/partnership/partnership_list.php index e36e94d39c7..e9c577213d6 100644 --- a/htdocs/partnership/partnership_list.php +++ b/htdocs/partnership/partnership_list.php @@ -260,7 +260,7 @@ if ($managedfor == 'member') { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -342,7 +342,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/partnership/partnershipindex.php b/htdocs/partnership/partnershipindex.php index 264134c67d9..f1a9f8c507b 100644 --- a/htdocs/partnership/partnershipindex.php +++ b/htdocs/partnership/partnershipindex.php @@ -83,7 +83,7 @@ if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) { $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); @@ -146,7 +146,7 @@ if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) { $sql.= " FROM ".MAIN_DB_PREFIX."partnership_myobject as s"; //if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")"; - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); //if ($socid) $sql.= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/paybox/admin/paybox.php b/htdocs/paybox/admin/paybox.php index a14729f30ef..bcad50de457 100644 --- a/htdocs/paybox/admin/paybox.php +++ b/htdocs/paybox/admin/paybox.php @@ -285,7 +285,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/paypal/admin/paypal.php b/htdocs/paypal/admin/paypal.php index 46877f6db8a..f4edec7630c 100644 --- a/htdocs/paypal/admin/paypal.php +++ b/htdocs/paypal/admin/paypal.php @@ -333,7 +333,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/product/admin/dynamic_prices.php b/htdocs/product/admin/dynamic_prices.php index d90ea7090f7..9a354a8dcdb 100644 --- a/htdocs/product/admin/dynamic_prices.php +++ b/htdocs/product/admin/dynamic_prices.php @@ -228,10 +228,8 @@ if ($action == 'create_variable' || $action == 'edit_variable') { print ''; //Form Buttons - print '
'; - print '  '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); + print ''; } @@ -349,10 +347,8 @@ if ($action == 'create_updater' || $action == 'edit_updater') { print ''; //Form Buttons - print '
'; - print '  '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); + print ''; } diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 3f2833fde52..44c7fd9ca51 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -1564,11 +1564,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } elseif ($object->id > 0) { @@ -1814,7 +1810,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (!$object->isService() && !empty($conf->bom->enabled)) { print ''.$form->textwithpicto($langs->trans("DefaultBOM"), $langs->trans("DefaultBOMDesc", $langs->transnoentitiesnoconv("Finished"))).''; - $bomkey = "Bom:bom/class/bom.class.php:0:t.status=1 AND t.fk_product=".$object->id; + $bomkey = "Bom:bom/class/bom.class.php:0:t.status=1 AND t.fk_product=".((int) $object->id); print $form->selectForForms($bomkey, 'fk_default_bom', $object->fk_default_bom, 1); print ''; } @@ -2024,11 +2020,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { @@ -2249,7 +2241,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Public URL if (empty($conf->global->PRODUCT_DISABLE_PUBLIC_URL)) { print ''.$langs->trans("PublicUrl").''; - print dol_print_url($object->url); + print dol_print_url($object->url, '_blank', 128); print ''; } @@ -2615,7 +2607,7 @@ if (!empty($conf->global->PRODUCT_ADD_FORM_ADD_TO) && $object->id && ($action == print ''; print '
'; - print ''; + print ''; print '
'; print dol_get_fiche_end(); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 773a10164ca..e51c553809d 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -770,7 +770,7 @@ class Product extends CommonObject // update accountancy for this entity if (!$error && !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = " . $this->id . " AND entity = " . $conf->entity); + $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = " .((int) $this->id) . " AND entity = " . ((int) $conf->entity)); $sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_perentity ("; $sql .= " fk_product"; @@ -1051,7 +1051,7 @@ class Product extends CommonObject foreach ($ObjW->detail_batch as $detail) { // Each lines of detail in product_batch of the current $ObjW = product_stock if ($detail->batch == $valueforundefinedlot || $detail->batch == 'Undefined') { // We discard this line, we will create it later - $sqlclean = "DELETE FROM ".MAIN_DB_PREFIX."product_batch WHERE batch in('Undefined', '".$this->db->escape($valueforundefinedlot)."') AND fk_product_stock = ".$ObjW->id; + $sqlclean = "DELETE FROM ".MAIN_DB_PREFIX."product_batch WHERE batch in('Undefined', '".$this->db->escape($valueforundefinedlot)."') AND fk_product_stock = ".((int) $ObjW->id); $result = $this->db->query($sqlclean); if (!$result) { dol_print_error($this->db); @@ -1171,7 +1171,7 @@ class Product extends CommonObject // update accountancy for this entity if (!$error && !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = " . $this->id . " AND entity = " . $conf->entity); + $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = " . ((int) $this->id) . " AND entity = " . ((int) $conf->entity)); $sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_perentity ("; $sql .= " fk_product"; @@ -1319,7 +1319,7 @@ class Product extends CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX.'product_batch'; $sql .= " WHERE fk_product_stock IN ("; $sql .= "SELECT rowid FROM ".MAIN_DB_PREFIX.'product_stock'; - $sql .= " WHERE fk_product = ".(int) $this->id.")"; + $sql .= " WHERE fk_product = ".((int) $this->id).")"; $result = $this->db->query($sql); if (!$result) { @@ -1446,8 +1446,8 @@ class Product extends CommonObject if ($key == $current_lang) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$this->id; - $sql .= " AND lang='".$this->db->escape($key)."'"; + $sql .= " WHERE fk_product = ".((int) $this->id); + $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); @@ -1459,7 +1459,7 @@ class Product extends CommonObject if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) { $sql2 .= ", note='".$this->db->escape($this->other)."'"; } - $sql2 .= " WHERE fk_product=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " WHERE fk_product = ".((int) $this->id)." AND lang = '".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."product_lang (fk_product, lang, label, description"; if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) { @@ -1486,20 +1486,20 @@ class Product extends CommonObject $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$this->id; - $sql .= " AND lang='".$this->db->escape($key)."'"; + $sql .= " WHERE fk_product = ".((int) $this->id); + $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); if ($this->db->num_rows($result)) { // if there is already a description line for this language $sql2 = "UPDATE ".MAIN_DB_PREFIX."product_lang"; $sql2 .= " SET "; - $sql2 .= " label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; - $sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; + $sql2 .= " label = '".$this->db->escape($this->multilangs["$key"]["label"])."',"; + $sql2 .= " description = '".$this->db->escape($this->multilangs["$key"]["description"])."'"; if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) { - $sql2 .= ", note='".$this->db->escape($this->multilangs["$key"]["other"])."'"; + $sql2 .= ", note = '".$this->db->escape($this->multilangs["$key"]["other"])."'"; } - $sql2 .= " WHERE fk_product=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " WHERE fk_product = ".((int) $this->id)." AND lang = '".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."product_lang (fk_product, lang, label, description"; if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) { @@ -1548,7 +1548,7 @@ class Product extends CommonObject public function delMultiLangs($langtodelete, $user) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$this->id." AND lang='".$this->db->escape($langtodelete)."'"; + $sql .= " WHERE fk_product = ".((int) $this->id)." AND lang = '".$this->db->escape($langtodelete)."'"; dol_syslog(get_class($this).'::delMultiLangs', LOG_DEBUG); $result = $this->db->query($sql); @@ -1603,9 +1603,9 @@ class Product extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET "; $sql .= "$field = '".$this->db->escape($value)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__."", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1645,7 +1645,7 @@ class Product extends CommonObject $sql = "SELECT lang, label, description, note as other"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$this->id; + $sql .= " WHERE fk_product = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -1722,8 +1722,8 @@ class Product extends CommonObject // Add new price $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_price(price_level,date_price, fk_product, fk_user_author, price, price_ttc, price_base_type,tosell, tva_tx, default_vat_code, recuperableonly,"; $sql .= " localtax1_tx, localtax2_tx, localtax1_type, localtax2_type, price_min,price_min_ttc,price_by_qty,entity,fk_price_expression) "; - $sql .= " VALUES(".($level ? $level : 1).", '".$this->db->idate($now)."', ".$this->id.", ".$user->id.", ".price2num($this->price).", ".price2num($this->price_ttc).",'".$this->db->escape($this->price_base_type)."',".((int) $this->status).", ".price2num($this->tva_tx).", ".($this->default_vat_code ? ("'".$this->db->escape($this->default_vat_code)."'") : "null").", ".((int) $this->tva_npr).","; - $sql .= " ".price2num($this->localtax1_tx).", ".price2num($this->localtax2_tx).", '".$this->db->escape($this->localtax1_type)."', '".$this->db->escape($this->localtax2_type)."', ".price2num($this->price_min).", ".price2num($this->price_min_ttc).", ".price2num($this->price_by_qty).", ".$conf->entity.",".($this->fk_price_expression > 0 ? ((int) $this->fk_price_expression) : 'null'); + $sql .= " VALUES(".($level ? ((int) $level) : 1).", '".$this->db->idate($now)."', ".((int) $this->id).", ".((int) $user->id).", ".((float) price2num($this->price)).", ".((float) price2num($this->price_ttc)).",'".$this->db->escape($this->price_base_type)."',".((int) $this->status).", ".((float) price2num($this->tva_tx)).", ".($this->default_vat_code ? ("'".$this->db->escape($this->default_vat_code)."'") : "null").", ".((int) $this->tva_npr).","; + $sql .= " ".price2num($this->localtax1_tx).", ".price2num($this->localtax2_tx).", '".$this->db->escape($this->localtax1_type)."', '".$this->db->escape($this->localtax2_type)."', ".price2num($this->price_min).", ".price2num($this->price_min_ttc).", ".price2num($this->price_by_qty).", ".((int) $conf->entity).",".($this->fk_price_expression > 0 ? ((int) $this->fk_price_expression) : 'null'); $sql .= ")"; dol_syslog(get_class($this)."::_log_price", LOG_DEBUG); @@ -1750,7 +1750,7 @@ class Product extends CommonObject { // phpcs:enable $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price=".((int) $rowid); + $sql .= " WHERE fk_product_price = ".((int) $rowid); $resql = $this->db->query($sql); $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price"; @@ -2265,7 +2265,7 @@ class Product extends CommonObject $separatedStock = false; // Set to true will count stock from subtable llx_product_stock. It is slower than using denormalized field 'stock', but it is required when using multientity and shared warehouses. if (!empty($conf->global->MULTICOMPANY_PRODUCT_SHARING_ENABLED)) { if (!empty($conf->global->MULTICOMPANY_PMP_PER_ENTITY_ENABLED)) { - $checkPMPPerEntity = $this->db->query("SELECT pmp FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = ".((int) $id)." AND entity = ".(int) $conf->entity); + $checkPMPPerEntity = $this->db->query("SELECT pmp FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = ".((int) $id)." AND entity = ".(int) $conf->entity); if ($this->db->num_rows($checkPMPPerEntity)>0) { $separatedEntityPMP = true; } @@ -2470,7 +2470,7 @@ class Product extends CommonObject { $sql = "SELECT rowid, price, unitprice, quantity, remise_percent, remise, price_base_type"; $sql.= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql.= " WHERE fk_product_price = ".$this->prices_by_qty_id[$i]; + $sql.= " WHERE fk_product_price = ".((int) $this->prices_by_qty_id[$i]); $sql.= " ORDER BY quantity ASC"; $resultat=array(); $resql = $this->db->query($sql); @@ -2555,7 +2555,7 @@ class Product extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; $sql .= " WHERE entity IN (".getEntity('productprice').")"; $sql .= " AND price_level=".((int) $i); - $sql .= " AND fk_product = ".$this->id; + $sql .= " AND fk_product = ".((int) $this->id); $sql .= " ORDER BY date_price DESC, rowid DESC"; $sql .= " LIMIT 1"; $resql = $this->db->query($sql); @@ -2578,7 +2578,7 @@ class Product extends CommonObject if ($this->prices_by_qty[$i] == 1) { $sql = "SELECT rowid, price, unitprice, quantity, remise_percent, remise, price_base_type"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price = ".$this->prices_by_qty_id[$i]; + $sql .= " WHERE fk_product_price = ".((int) $this->prices_by_qty_id[$i]); $sql .= " ORDER BY quantity ASC"; $resultat = array(); $resql = $this->db->query($sql); @@ -2658,12 +2658,12 @@ class Product extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."mrp_mo as c"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."mrp_production as mp ON mp.fk_mo=c.rowid"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= "INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=c.fk_soc AND sc.fk_user = ".$user->id; + $sql .= "INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=c.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " WHERE "; $sql .= " c.entity IN (".getEntity('mo').")"; - $sql .= " AND mp.fk_product =".$this->id; + $sql .= " AND mp.fk_product = ".((int) $this->id); $sql .= " AND mp.role ='".$this->db->escape($role)."'"; if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -2786,9 +2786,9 @@ class Product extends CommonObject $sql .= " WHERE p.rowid = pd.fk_propal"; $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; - $sql .= " AND pd.fk_product = ".$this->id; + $sql .= " AND pd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND pr.fk_statut != 0"; if ($socid > 0) { @@ -2861,9 +2861,9 @@ class Product extends CommonObject $sql .= " WHERE p.rowid = pd.fk_supplier_proposal"; $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; - $sql .= " AND pd.fk_product = ".$this->id; + $sql .= " AND pd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND pr.fk_statut != 0"; if ($socid > 0) { @@ -2917,9 +2917,9 @@ class Product extends CommonObject $sql .= " WHERE c.rowid = cd.fk_commande"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'commande').")"; - $sql .= " AND cd.fk_product = ".$this->id; + $sql .= " AND cd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3019,9 +3019,9 @@ class Product extends CommonObject $sql .= " WHERE c.rowid = cd.fk_commande"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'supplier_order').")"; - $sql .= " AND cd.fk_product = ".$this->id; + $sql .= " AND cd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3081,9 +3081,9 @@ class Product extends CommonObject $sql .= " AND e.fk_soc = s.rowid"; $sql .= " AND e.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'expedition').")"; $sql .= " AND ed.fk_origin_line = cd.rowid"; - $sql .= " AND cd.fk_product = ".$this->id; + $sql .= " AND cd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND e.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND e.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND e.fk_soc = ".((int) $socid); @@ -3162,9 +3162,9 @@ class Product extends CommonObject $sql .= " WHERE cf.rowid = fd.fk_commande"; $sql .= " AND cf.fk_soc = s.rowid"; $sql .= " AND cf.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'supplier_order').")"; - $sql .= " AND fd.fk_product = ".$this->id; + $sql .= " AND fd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND cf.fk_soc = ".((int) $socid); @@ -3218,9 +3218,9 @@ class Product extends CommonObject } $sql .= " WHERE m.rowid = mp.fk_mo"; $sql .= " AND m.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'mrp').")"; - $sql .= " AND mp.fk_product = ".$this->id; + $sql .= " AND mp.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND m.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND m.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND m.fk_soc = ".((int) $socid); @@ -3312,9 +3312,9 @@ class Product extends CommonObject $sql .= " WHERE c.rowid = cd.fk_contrat"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('contract').")"; - $sql .= " AND cd.fk_product = ".$this->id; + $sql .= " AND cd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND c.statut != 0"; if ($socid > 0) { @@ -3386,9 +3386,9 @@ class Product extends CommonObject $sql .= " WHERE f.rowid = fd.fk_facture"; $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; - $sql .= " AND fd.fk_product = ".$this->id; + $sql .= " AND fd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND f.fk_statut != 0"; if ($socid > 0) { @@ -3460,9 +3460,9 @@ class Product extends CommonObject $sql .= " WHERE f.rowid = fd.fk_facture_fourn"; $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; - $sql .= " AND fd.fk_product = ".$this->id; + $sql .= " AND fd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND f.fk_statut != 0"; if ($socid > 0) { @@ -3591,7 +3591,7 @@ class Product extends CommonObject } $sql .= " WHERE f.rowid = d.fk_facture"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3601,7 +3601,7 @@ class Product extends CommonObject $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND f.fk_soc = $socid"; @@ -3644,7 +3644,7 @@ class Product extends CommonObject } $sql .= " WHERE f.rowid = d.fk_facture_fourn"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3654,7 +3654,7 @@ class Product extends CommonObject $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND f.fk_soc = $socid"; @@ -3695,7 +3695,7 @@ class Product extends CommonObject } $sql .= " WHERE p.rowid = d.fk_propal"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3705,7 +3705,7 @@ class Product extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND p.fk_soc = ".((int) $socid); @@ -3747,7 +3747,7 @@ class Product extends CommonObject } $sql .= " WHERE p.rowid = d.fk_supplier_proposal"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3757,7 +3757,7 @@ class Product extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND p.fk_soc = ".((int) $socid); @@ -3798,7 +3798,7 @@ class Product extends CommonObject } $sql .= " WHERE c.rowid = d.fk_commande"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3808,7 +3808,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('commande').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3849,7 +3849,7 @@ class Product extends CommonObject } $sql .= " WHERE c.rowid = d.fk_commande"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3859,7 +3859,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3903,7 +3903,7 @@ class Product extends CommonObject $sql .= " AND c.rowid = d.fk_contrat"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3913,7 +3913,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = s.rowid"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3957,7 +3957,7 @@ class Product extends CommonObject $sql .= " AND d.status > 0"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3966,7 +3966,7 @@ class Product extends CommonObject } if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND d.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND d.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND d.fk_soc = ".((int) $socid); @@ -4062,9 +4062,9 @@ class Product extends CommonObject } $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_association SET '; - $sql .= 'qty='.$qty; - $sql .= ',incdec='.$incdec; - $sql .= ' WHERE fk_product_pere='.$id_pere.' AND fk_product_fils='.$id_fils; + $sql .= 'qty = '.price2num($qty, 'MS'); + $sql .= ',incdec = '.price2num($incdec, 'MS'); + $sql .= ' WHERE fk_product_pere = '.((int) $id_pere).' AND fk_product_fils = '.((int) $id_fils); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -4257,8 +4257,8 @@ class Product extends CommonObject $sql = "SELECT DISTINCT p.fk_soc"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as p"; - $sql .= " WHERE p.fk_product = ".$this->id; - $sql .= " AND p.entity = ".$conf->entity; + $sql .= " WHERE p.fk_product = ".((int) $this->id); + $sql .= " AND p.entity = ".((int) $conf->entity); $result = $this->db->query($sql); if ($result) { @@ -4541,11 +4541,11 @@ class Product extends CommonObject $sql = "SELECT COUNT(pa.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."product_association as pa"; if ($mode == 0) { - $sql .= " WHERE pa.fk_product_fils = ".$this->id." OR pa.fk_product_pere = ".$this->id; + $sql .= " WHERE pa.fk_product_fils = ".((int) $this->id)." OR pa.fk_product_pere = ".((int) $this->id); } elseif ($mode == -1) { - $sql .= " WHERE pa.fk_product_fils = ".$this->id; // We are a child, so we found lines that link to parents (can have several parents) + $sql .= " WHERE pa.fk_product_fils = ".((int) $this->id); // We are a child, so we found lines that link to parents (can have several parents) } elseif ($mode == 1) { - $sql .= " WHERE pa.fk_product_pere = ".$this->id; // We are a parent, so we found lines that link to children (can have several children) + $sql .= " WHERE pa.fk_product_pere = ".((int) $this->id); // We are a parent, so we found lines that link to children (can have several children) } $resql = $this->db->query($sql); @@ -4569,7 +4569,7 @@ class Product extends CommonObject public function hasVariants() { $nb = 0; - $sql = "SELECT count(rowid) as nb FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE fk_product_parent = ".$this->id; + $sql = "SELECT count(rowid) as nb FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE fk_product_parent = ".((int) $this->id); $sql .= " AND entity IN (".getEntity('product').")"; $resql = $this->db->query($sql); @@ -4593,7 +4593,7 @@ class Product extends CommonObject { global $conf; if (!empty($conf->variants->enabled)) { - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE fk_product_child = ".$this->id." AND entity IN (".getEntity('product').")"; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE fk_product_child = ".((int) $this->id)." AND entity IN (".getEntity('product').")"; $query = $this->db->query($sql); @@ -4624,7 +4624,7 @@ class Product extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."product_association as pa,"; $sql .= " ".MAIN_DB_PREFIX."product as p"; $sql .= " WHERE p.rowid = pa.fk_product_pere"; - $sql .= " AND pa.fk_product_fils = ".$this->id; + $sql .= " AND pa.fk_product_fils = ".((int) $this->id); $res = $this->db->query($sql); if ($res) { @@ -5200,7 +5200,7 @@ class Product extends CommonObject $sql .= ", ".MAIN_DB_PREFIX."entrepot as w"; $sql .= " WHERE w.entity IN (".getEntity('stock').")"; $sql .= " AND w.rowid = ps.fk_entrepot"; - $sql .= " AND ps.fk_product = ".$this->id; + $sql .= " AND ps.fk_product = ".((int) $this->id); if (count($warehouseStatus)) { $sql .= " AND w.statut IN (".$this->db->sanitize(implode(',', $warehouseStatus)).")"; } @@ -5361,7 +5361,7 @@ class Product extends CommonObject $result = array(); $sql = "SELECT pb.batch, pb.eatby, pb.sellby, SUM(pb.qty) AS qty FROM ".MAIN_DB_PREFIX."product_batch as pb, ".MAIN_DB_PREFIX."product_stock as ps"; - $sql .= " WHERE pb.fk_product_stock = ps.rowid AND ps.fk_product = ".$this->id." AND pb.batch = '".$this->db->escape($batch)."'"; + $sql .= " WHERE pb.fk_product_stock = ps.rowid AND ps.fk_product = ".((int) $this->id)." AND pb.batch = '".$this->db->escape($batch)."'"; $sql .= " GROUP BY pb.batch, pb.eatby, pb.sellby"; dol_syslog(get_class($this)."::loadBatchInfo load first entry found for lot/serial = ".$batch, LOG_DEBUG); $resql = $this->db->query($sql); @@ -5742,7 +5742,8 @@ class Product extends CommonObject $label_type = 'short_label'; } - $sql = 'select '.$label_type.', code from '.MAIN_DB_PREFIX.'c_units where rowid='.$this->fk_unit; + $sql = "SELECT ".$label_type.", code from ".MAIN_DB_PREFIX."c_units where rowid = ".((int) $this->fk_unit); + $resql = $this->db->query($sql); if ($resql && $this->db->num_rows($resql) > 0) { $res = $this->db->fetch_array($resql); @@ -5750,7 +5751,7 @@ class Product extends CommonObject $this->db->free($resql); return $label; } else { - $this->error = $this->db->error().' sql='.$sql; + $this->error = $this->db->error(); dol_syslog(get_class($this)."::getLabelOfUnit Error ".$this->error, LOG_ERR); return -1; } diff --git a/htdocs/product/class/productbatch.class.php b/htdocs/product/class/productbatch.class.php index 4408afd9ff1..f7f604b5399 100644 --- a/htdocs/product/class/productbatch.class.php +++ b/htdocs/product/class/productbatch.class.php @@ -530,12 +530,12 @@ class Productbatch extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_batch AS pb ON pl.batch = pb.batch"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock AS ps ON ps.rowid = pb.fk_product_stock"; $sql .= " WHERE p.entity IN (".getEntity('product').")"; - $sql .= " AND pl.fk_product = ".$fk_product; + $sql .= " AND pl.fk_product = ".((int) $fk_product); if ($fk_warehouse > 0) { - $sql .= " AND ps.fk_entrepot = ".$fk_warehouse; + $sql .= " AND ps.fk_entrepot = ".((int) $fk_warehouse); } if ($qty_min !== null) { - $sql .= " AND pb.qty > ".$qty_min; + $sql .= " AND pb.qty > ".((float) price2num($qty_min, 'MS')); } $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 0683732d6cb..61cba58c374 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -404,21 +404,21 @@ class Productcustomerprice extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year - $sql .= ' AND '.$key.' = \''.$this->db->escape($value).'\''; + $sql .= " AND ".$key." = '".$this->db->escape($value)."'"; } elseif ($key == 'soc.nom') { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } elseif ($key == 'prod.ref' || $key == 'prod.label') { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } elseif ($key == 't.price' || $key == 't.price_ttc') { - $sql .= ' AND '.$key.' LIKE \'%'.price2num($value).'%\''; + $sql .= " AND ".$key." LIKE '%".price2num($value)."%'"; } else { - $sql .= ' AND '.$key.' = '.((int) $value); + $sql .= " AND ".$key." = ".((int) $value); } } } $sql .= $this->db->order($sortfield, $sortorder); if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } dol_syslog(get_class($this)."::fetch_all", LOG_DEBUG); @@ -521,17 +521,17 @@ class Productcustomerprice extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year - $sql .= ' AND '.$key.' = \''.$value.'\''; + $sql .= " AND ".$key." = '".$this->db->escape($value)."'"; } elseif ($key == 'soc.nom') { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } else { - $sql .= ' AND '.$key.' = '.((int) $value); + $sql .= " AND ".$key." = ".((int) $value); } } } $sql .= $this->db->order($sortfield, $sortorder); if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } dol_syslog(get_class($this)."::fetch_all_log", LOG_DEBUG); @@ -721,7 +721,7 @@ class Productcustomerprice extends CommonObject $sql .= " t.import_key"; $sql .= " FROM ".MAIN_DB_PREFIX."product_customer_price as t"; - $sql .= " WHERE t.rowid = ".$this->id; + $sql .= " WHERE t.rowid = ".((int) $this->id); $this->db->begin(); dol_syslog(get_class($this)."::update", LOG_DEBUG); diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php index 41e1d2d0f6b..7597b32f21a 100644 --- a/htdocs/product/class/productfournisseurprice.class.php +++ b/htdocs/product/class/productfournisseurprice.class.php @@ -326,15 +326,15 @@ class ProductFournisseurPrice extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -346,7 +346,7 @@ class ProductFournisseurPrice extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index 67c24ac37c8..9663bea4756 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -233,7 +233,7 @@ class Propalmergepdfproduct extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t"; $sql .= " WHERE t.fk_product = ".((int) $product_id); - if ($conf->global->MAIN_MULTILANGS && !empty($lang)) { + if (!empty($conf->global->MAIN_MULTILANGS) && !empty($lang)) { $sql .= " AND t.lang = '".$this->db->escape($lang)."'"; } @@ -248,7 +248,7 @@ class Propalmergepdfproduct extends CommonObject $line->fk_product = $obj->fk_product; $line->file_name = $obj->file_name; - if ($conf->global->MAIN_MULTILANGS) { + if (!empty($conf->global->MAIN_MULTILANGS)) { $line->lang = $obj->lang; } $line->fk_user_author = $obj->fk_user_author; @@ -258,7 +258,7 @@ class Propalmergepdfproduct extends CommonObject $line->import_key = $obj->import_key; - if ($conf->global->MAIN_MULTILANGS) { + if (!empty($conf->global->MAIN_MULTILANGS)) { $this->lines[$obj->file_name.'_'.$obj->lang] = $line; } else { $this->lines[$obj->file_name] = $line; @@ -445,7 +445,7 @@ class Propalmergepdfproduct extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product"; - $sql .= " WHERE fk_product=".$this->fk_product." AND file_name='".$this->db->escape($this->file_name)."'"; + $sql .= " WHERE fk_product = ".((int) $this->fk_product)." AND file_name = '".$this->db->escape($this->file_name)."'"; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php index e2539dae31c..000e5da6cbc 100644 --- a/htdocs/product/composition/card.php +++ b/htdocs/product/composition/card.php @@ -650,9 +650,8 @@ if ($id > 0 || !empty($ref)) { print ''; if ($num > 0) { - print '
'; - print 'trans("Update").'">'; - print '     '; + print '
'; + print 'trans("Update").'">'; print ''; print '
'; } diff --git a/htdocs/product/dynamic_price/class/price_expression.class.php b/htdocs/product/dynamic_price/class/price_expression.class.php index db0c427c334..2a7f35a436b 100644 --- a/htdocs/product/dynamic_price/class/price_expression.class.php +++ b/htdocs/product/dynamic_price/class/price_expression.class.php @@ -257,7 +257,7 @@ class PriceExpression $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " title = ".(isset($this->title) ? "'".$this->db->escape($this->title)."'" : "''").","; $sql .= " expression = ".(isset($this->expression) ? "'".$this->db->escape($this->expression)."'" : "''").""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php index 87cb8dea2c5..217ab25463a 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php @@ -183,7 +183,7 @@ class PriceGlobalVariable $sql .= " code = ".(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "''").","; $sql .= " description = ".(isset($this->description) ? "'".$this->db->escape($this->description)."'" : "''").","; $sql .= " value = ".((float) $this->value); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php index 331a65971b6..e24ff2c6769 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php @@ -207,7 +207,7 @@ class PriceGlobalVariableUpdater $sql .= " update_interval = ".((int) $this->update_interval).","; $sql .= " next_update = ".((int) $this->next_update).","; $sql .= " last_status = ".(isset($this->last_status) ? "'".$this->db->escape($this->last_status)."'" : "''"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -570,7 +570,7 @@ class PriceGlobalVariableUpdater // Update request $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " next_update = ".$this->next_update; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -614,7 +614,7 @@ class PriceGlobalVariableUpdater // Update request $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " last_status = ".(isset($this->last_status) ? "'".$this->db->escape($this->last_status)."'" : "''"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 97f29de72f6..938e8d0655c 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -272,23 +272,23 @@ if (empty($reshook)) { $extralabels = $extrafields->fetch_name_optionals_label("product_fournisseur_price"); $extrafield_values = $extrafields->getOptionalsFromPost("product_fournisseur_price"); if (!empty($extrafield_values)) { - $resql = $db->query("SELECT fk_object FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields WHERE fk_object = ".$object->product_fourn_price_id); + $resql = $db->query("SELECT fk_object FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields WHERE fk_object = ".((int) $object->product_fourn_price_id)); // Insert a new extrafields row, if none exists if ($db->num_rows($resql) != 1) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields (fk_object, "; foreach ($extrafield_values as $key => $value) { $sql .= str_replace('options_', '', $key).', '; } - $sql = substr($sql, 0, strlen($sql) - 2).") VALUES (".$object->product_fourn_price_id.", "; + $sql = substr($sql, 0, strlen($sql) - 2).") VALUES (".((int) $object->product_fourn_price_id).", "; foreach ($extrafield_values as $key => $value) { - $sql .= '"'.$value.'", '; + $sql .= "'".$db->escape($value)."', "; } $sql = substr($sql, 0, strlen($sql) - 2).')'; } else { // update the existing one $sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields SET "; foreach ($extrafield_values as $key => $value) { - $sql .= str_replace('options_', '', $key).' = "'.$value.'", '; + $sql .= str_replace('options_', '', $key)." = '".$db->escape($value)."', "; } $sql = substr($sql, 0, strlen($sql) - 2).' WHERE fk_object = '.((int) $object->product_fourn_price_id); } diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index 067869ba5ba..539456351cb 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -204,11 +204,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -244,9 +240,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/product/inventory/class/inventory.class.php b/htdocs/product/inventory/class/inventory.class.php index 9fb74c96f83..a6d1504a42c 100644 --- a/htdocs/product/inventory/class/inventory.class.php +++ b/htdocs/product/inventory/class/inventory.class.php @@ -266,7 +266,7 @@ class Inventory extends CommonObject if ($this->status == self::STATUS_DRAFT) { // Delete inventory - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'inventorydet WHERE fk_inventory = '.$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'inventorydet WHERE fk_inventory = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -286,10 +286,10 @@ class Inventory extends CommonObject $sql .= " AND p.fk_product_type = 0"; } if ($this->fk_product > 0) { - $sql .= ' AND ps.fk_product = '.$this->fk_product; + $sql .= ' AND ps.fk_product = '.((int) $this->fk_product); } if ($this->fk_warehouse > 0) { - $sql .= ' AND ps.fk_entrepot = '.$this->fk_warehouse; + $sql .= ' AND ps.fk_entrepot = '.((int) $this->fk_warehouse); } $inventoryline = new InventoryLine($this->db); @@ -349,7 +349,7 @@ class Inventory extends CommonObject $this->db->begin(); // Delete inventory - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'inventorydet WHERE fk_inventory = '.$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'inventorydet WHERE fk_inventory = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index 01968855836..1147869a716 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -116,7 +116,7 @@ if ($action == 'update' && !empty($user->rights->stock->mouvement->creer)) { $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; - $sql .= ' WHERE id.fk_inventory = '.$object->id; + $sql .= ' WHERE id.fk_inventory = '.((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -168,7 +168,7 @@ if ($action =='updateinventorylines' && $permissiontoadd) { $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; - $sql .= ' WHERE id.fk_inventory = '.$object->id; + $sql .= ' WHERE id.fk_inventory = '.((int) $object->id); $db->begin(); diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php index 2d6b5374caa..36910c75fb2 100644 --- a/htdocs/product/inventory/list.php +++ b/htdocs/product/inventory/list.php @@ -205,7 +205,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -271,7 +271,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/product/list.php b/htdocs/product/list.php index a975dc2c21b..4d208133759 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -394,7 +394,7 @@ if (!empty($conf->variants->enabled) && (!empty($conf->global->PRODUIT_ATTRIBUTE // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -1253,8 +1253,8 @@ if ($resql) { if (!empty($conf->global->MAIN_MULTILANGS)) { // If multilang is enabled $sql = "SELECT label"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$obj->rowid; - $sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'"; + $sql .= " WHERE fk_product = ".((int) $obj->rowid); + $sql .= " AND lang = '".$db->escape($langs->getDefaultLang())."'"; $sql .= " LIMIT 1"; $result = $db->query($sql); diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 03867bb65e9..5d426485769 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -304,7 +304,7 @@ if (empty($reshook)) { $sql = "SELECT t.rowid, t.code, t.recuperableonly, t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c"; $sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($mysoc->country_code)."'"; - $sql .= " AND t.taux = ".$tva_tx." AND t.active = 1"; + $sql .= " AND t.taux = ".((float) $tva_tx)." AND t.active = 1"; $sql .= " AND t.code ='".$db->escape($vatratecode)."'"; $resql = $db->query($sql); if ($resql) { @@ -527,7 +527,7 @@ if (empty($reshook)) { $sql = "SELECT t.rowid, t.code, t.recuperableonly, t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c"; $sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($mysoc->country_code)."'"; - $sql .= " AND t.taux = ".$tva_tx." AND t.active = 1"; + $sql .= " AND t.taux = ".((float) $tva_tx)." AND t.active = 1"; $sql .= " AND t.code ='".$db->escape($vatratecode)."'"; $resql = $db->query($sql); if ($resql) { @@ -620,7 +620,7 @@ if (empty($reshook)) { $sql = "SELECT t.rowid, t.code, t.recuperableonly, t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c"; $sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($mysoc->country_code)."'"; - $sql .= " AND t.taux = ".$tva_tx." AND t.active = 1"; + $sql .= " AND t.taux = ".((float) $tva_tx)." AND t.active = 1"; $sql .= " AND t.code ='".$db->escape($vatratecode)."'"; $resql = $db->query($sql); if ($resql) { @@ -1207,11 +1207,7 @@ if ($action == 'edit_vat' && ($user->rights->produit->creer || $user->rights->se print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print '

'; } @@ -1321,13 +1317,9 @@ if ($action == 'edit_price' && $object->getRights()->creer) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); - print '
'; + print ''; } else { print ''."\n"; ?> @@ -1444,10 +1436,8 @@ if ($action == 'edit_price' && $object->getRights()->creer) { //print dol_get_fiche_end(); - print '
'; - print ''; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); + print ''; } } @@ -1647,7 +1637,7 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action == 'showlog_defaul } print ''; - if ($candelete) { + if ($candelete || ($db->jdate($objp->dp) >= dol_now())) { // Test on date is to be able to delete a corrupted record with a date in future print 'id.'&lineid='.$objp->rowid.'">'; print img_delete(); print ''; @@ -1776,10 +1766,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''; print '
'; - print ''; - print '     '; - print ''; - print ''; + print $form->buttonsSaveCancel(); print ''; } elseif ($action == 'edit_customer_price') { @@ -1861,10 +1848,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''; print ""; - print ''; - print '     '; - print ''; - print ''; + print $form->buttonsSaveCancel(); print '
'; } elseif ($action == 'showlog_customer_price') { diff --git a/htdocs/product/reassortlot.php b/htdocs/product/reassortlot.php index 65e69b91384..2380b4103a2 100644 --- a/htdocs/product/reassortlot.php +++ b/htdocs/product/reassortlot.php @@ -393,8 +393,8 @@ if ($resql) { if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sql = "SELECT label"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$objp->rowid; - $sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'"; + $sql .= " WHERE fk_product = ".((int) $objp->rowid); + $sql .= " AND lang = '".$db->escape($langs->getDefaultLang())."'"; $sql .= " LIMIT 1"; $result = $db->query($sql); @@ -406,7 +406,6 @@ if ($resql) { } } - $product_static->ref = $objp->ref; $product_static->id = $objp->rowid; $product_static->label = $objp->label; diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php index f71c907a430..65302ef2c7d 100644 --- a/htdocs/product/stats/contrat.php +++ b/htdocs/product/stats/contrat.php @@ -127,10 +127,10 @@ if ($id > 0 || !empty($ref)) { $now = dol_now(); $sql = "SELECT"; - $sql .= ' sum('.$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; - $sql .= ' sum('.$db->ifsql("cd.statut=4 AND cd.date_fin_validite > '".$db->idate($now)."'", 1, 0).") as nb_running,"; - $sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite <= '".$db->idate($now)."')", 1, 0).') as nb_late,'; - $sql .= ' sum('.$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,'; + $sql .= " sum(".$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; + $sql .= " sum(".$db->ifsql("cd.statut=4 AND cd.date_fin_validite > '".$db->idate($now)."'", 1, 0).") as nb_running,"; + $sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite <= '".$db->idate($now)."')", 1, 0).') as nb_late,'; + $sql .= " sum(".$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,'; $sql .= " c.rowid as rowid, c.ref, c.ref_customer, c.ref_supplier, c.date_contrat, c.statut as statut,"; $sql .= " s.nom as name, s.rowid as socid, s.code_client"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; @@ -144,7 +144,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND c.entity IN (".getEntity('contract').")"; $sql .= " AND cd.fk_product = ".((int) $product->id); if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index b8a83e847c2..b3e5571ac5a 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -176,7 +176,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(f.datef) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/facture_fournisseur.php b/htdocs/product/stats/facture_fournisseur.php index 6eaf5a33e22..212674582f9 100644 --- a/htdocs/product/stats/facture_fournisseur.php +++ b/htdocs/product/stats/facture_fournisseur.php @@ -159,7 +159,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(f.datef) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/mo.php b/htdocs/product/stats/mo.php index 5a5c33312ca..9ad400fe0de 100644 --- a/htdocs/product/stats/mo.php +++ b/htdocs/product/stats/mo.php @@ -127,10 +127,10 @@ if ($id > 0 || !empty($ref)) { $now = dol_now(); $sql = "SELECT"; - $sql .= ' sum('.$db->ifsql("cd.role='toconsume'", "cd.qty", 0).') as nb_toconsume,'; - $sql .= ' sum('.$db->ifsql("cd.role='consumed'", "cd.qty", 0).') as nb_consumed,'; - $sql .= ' sum('.$db->ifsql("cd.role='toproduce'", "cd.qty", 0).') as nb_toproduce,'; - $sql .= ' sum('.$db->ifsql("cd.role='produced'", "cd.qty", 0).') as nb_produced,'; + $sql .= " sum(".$db->ifsql("cd.role='toconsume'", "cd.qty", 0).') as nb_toconsume,'; + $sql .= " sum(".$db->ifsql("cd.role='consumed'", "cd.qty", 0).') as nb_consumed,'; + $sql .= " sum(".$db->ifsql("cd.role='toproduce'", "cd.qty", 0).') as nb_toproduce,'; + $sql .= " sum(".$db->ifsql("cd.role='produced'", "cd.qty", 0).') as nb_produced,'; $sql .= " c.rowid as rowid, c.ref, c.date_valid, c.status"; //$sql .= " s.nom as name, s.rowid as socid, s.code_client"; $sql .= " FROM ".MAIN_DB_PREFIX."mrp_mo as c"; diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index f2a26d4af73..b83d0368b75 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -161,7 +161,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(p.datep) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND p.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/supplier_proposal.php b/htdocs/product/stats/supplier_proposal.php index b30983bbda5..d583d58bff8 100644 --- a/htdocs/product/stats/supplier_proposal.php +++ b/htdocs/product/stats/supplier_proposal.php @@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(p.datep) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND p.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php index 5ea58da6deb..7defecb7c62 100644 --- a/htdocs/product/stock/card.php +++ b/htdocs/product/stock/card.php @@ -358,11 +358,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } else { @@ -666,8 +662,8 @@ if ($action == 'create') { if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sql = "SELECT label"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$objp->rowid; - $sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'"; + $sql .= " WHERE fk_product = ".((int) $objp->rowid); + $sql .= " AND lang = '".$db->escape($langs->getDefaultLang())."'"; $sql .= " LIMIT 1"; $result = $db->query($sql); @@ -913,11 +909,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/product/stock/class/api_warehouses.class.php b/htdocs/product/stock/class/api_warehouses.class.php index 806114b73ec..3bddbaff8f9 100644 --- a/htdocs/product/stock/class/api_warehouses.class.php +++ b/htdocs/product/stock/class/api_warehouses.class.php @@ -111,7 +111,7 @@ class Warehouses extends DolibarrApi $sql .= ' WHERE t.entity IN ('.getEntity('stock').')'; // Select warehouses of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category); + $sql .= " AND c.fk_categorie = ".((int) $category); $sql .= " AND c.fk_warehouse = t.rowid "; } // Add sql filters diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 92df16fa867..37f6f76d216 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -205,7 +205,7 @@ class Entrepot extends CommonObject $this->db->begin(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."entrepot (ref, entity, datec, fk_user_author, fk_parent, fk_project)"; - $sql .= " VALUES ('".$this->db->escape($this->label)."', ".$conf->entity.", '".$this->db->idate($now)."', ".$user->id.", ".($this->fk_parent > 0 ? $this->fk_parent : "NULL").", ".($this->fk_project > 0 ? $this->fk_project : "NULL").")"; + $sql .= " VALUES ('".$this->db->escape($this->label)."', ".((int) $conf->entity).", '".$this->db->idate($now)."', ".((int) $user->id).", ".($this->fk_parent > 0 ? ((int) $this->fk_parent) : "NULL").", ".($this->fk_project > 0 ? ((int) $this->fk_project) : "NULL").")"; dol_syslog(get_class($this)."::create", LOG_DEBUG); $result = $this->db->query($sql); @@ -366,7 +366,7 @@ class Entrepot extends CommonObject foreach ($elements as $table) { if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE fk_entrepot = ".$this->id; + $sql .= " WHERE fk_entrepot = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -389,7 +389,7 @@ class Entrepot extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."entrepot"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql1 = $this->db->query($sql); if (!$resql1) { $error++; @@ -585,7 +585,7 @@ class Entrepot extends CommonObject $sql = "SELECT count(distinct p.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."product_stock as ps"; $sql .= ", ".MAIN_DB_PREFIX."product as p"; - $sql .= " WHERE ps.fk_entrepot = ".$this->id; + $sql .= " WHERE ps.fk_entrepot = ".((int) $this->id); $sql .= " AND ps.fk_product = p.rowid"; //print $sql; @@ -630,7 +630,7 @@ class Entrepot extends CommonObject if ($separatedPMP) { $sql .= ", ".MAIN_DB_PREFIX."product_perentity as pa"; } - $sql .= " WHERE ps.fk_entrepot = ".$this->id; + $sql .= " WHERE ps.fk_entrepot = ".((int) $this->id); if ($separatedPMP) { $sql .= " AND pa.fk_product = p.rowid AND pa.entity = ". (int) $conf->entity; } diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index f0c7d51c86b..dd1b2202956 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -428,7 +428,7 @@ class MouvementStock extends CommonObject $sql .= " datem, fk_product, batch, eatby, sellby,"; $sql .= " fk_entrepot, value, type_mouvement, fk_user_author, label, inventorycode, price, fk_origin, origintype, fk_projet"; $sql .= ")"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$this->product_id.", "; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $this->product_id).", "; $sql .= " ".($batch ? "'".$this->db->escape($batch)."'" : "null").", "; $sql .= " ".($eatby ? "'".$this->db->idate($eatby)."'" : "null").", "; $sql .= " ".($sellby ? "'".$this->db->idate($sellby)."'" : "null").", "; @@ -436,7 +436,7 @@ class MouvementStock extends CommonObject $sql .= " ".((int) $user->id).","; $sql .= " '".$this->db->escape($label)."',"; $sql .= " ".($inventorycode ? "'".$this->db->escape($inventorycode)."'" : "null").","; - $sql .= " ".price2num($price).","; + $sql .= " ".((float) price2num($price)).","; $sql .= " ".((int) $fk_origin).","; $sql .= " '".$this->db->escape($origintype)."',"; $sql .= " ".((int) $fk_project); @@ -634,12 +634,7 @@ class MouvementStock extends CommonObject $sql .= " t.sellby,"; $sql .= " t.fk_projet as fk_project"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE 1 = 1'; - //if (null !== $ref) { - //$sql .= ' AND t.ref = ' . '\'' . $ref . '\''; - //} else { - $sql .= ' AND t.rowid = '.((int) $id); - //} + $sql .= ' WHERE t.rowid = '.((int) $id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index d8138c7f149..0a9636c0290 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -273,7 +273,7 @@ class ProductStockEntrepot extends CommonObject $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { - $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere [] = $key." LIKE '%".$this->db->escape($value)."%'"; } } if (count($sqlwhere) > 0) { @@ -291,7 +291,7 @@ class ProductStockEntrepot extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $lines = array(); diff --git a/htdocs/product/stock/list.php b/htdocs/product/stock/list.php index b8f998c0ec0..a6fef44bb05 100644 --- a/htdocs/product/stock/list.php +++ b/htdocs/product/stock/list.php @@ -200,12 +200,12 @@ $title = $langs->trans("ListOfWarehouses"); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } @@ -259,7 +259,7 @@ foreach ($search as $key => $val) { $mode_search = 2; } if ($search[$key] != '') { - $sql .= natural_search((($key == 'ref') ? 't.ref' : 't.'.$class_key), $search[$key], (($key == 'status') ? 2 : $mode_search)); + $sql .= natural_search((($key == "ref") ? "t.ref" : "t.".$class_key), $search[$key], (($key == 'status') ? 2 : $mode_search)); } } if ($search_all) { @@ -273,7 +273,7 @@ $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $objec $sql .= $hookmanager->resPrint; $sql .= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index 9f3390d34af..da8ef2e5b37 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -662,7 +662,7 @@ if (count($listofdata)) { print '
'; print '
'; - print '
'; + print '
'; print '
'; print ''; diff --git a/htdocs/product/stock/movement_card.php b/htdocs/product/stock/movement_card.php index b6d5ae78407..24e5ae2b689 100644 --- a/htdocs/product/stock/movement_card.php +++ b/htdocs/product/stock/movement_card.php @@ -439,7 +439,7 @@ $sql .= " u.login, u.photo, u.lastname, u.firstname"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/product/stock/movement_list.php b/htdocs/product/stock/movement_list.php index 1096d8b9e09..3a162cc640f 100644 --- a/htdocs/product/stock/movement_list.php +++ b/htdocs/product/stock/movement_list.php @@ -488,7 +488,7 @@ $sql .= " u.login, u.photo, u.lastname, u.firstname, u.email as user_email, u.st // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php index 22f32f0c8b9..7a75019c8d1 100644 --- a/htdocs/product/stock/productlot_card.php +++ b/htdocs/product/stock/productlot_card.php @@ -401,11 +401,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index 78a18ca960b..25c9921ce18 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -201,12 +201,12 @@ $title = $langs->trans('LotSerialList'); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -253,7 +253,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 8dc40c3c78c..d5bf172f5b3 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -229,7 +229,7 @@ if ($action == 'order' && GETPOST('valid')) { // Check if an order for the supplier exists $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " WHERE fk_soc = ".((int) $suppliersid[$i]); - $sql .= " AND source = ".((int) $order::SOURCE_ID_REPLENISHMENT)." AND fk_statut = ".$order::STATUS_DRAFT; + $sql .= " AND source = ".((int) $order::SOURCE_ID_REPLENISHMENT)." AND fk_statut = ".((int) $order::STATUS_DRAFT); $sql .= " AND entity IN (".getEntity('commande_fournisseur').")"; $sql .= " ORDER BY date_creation DESC"; $resql = $db->query($sql); @@ -345,11 +345,11 @@ $sql .= ' p.desiredstock, p.seuil_stock_alerte,'; if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0) { $sql .= ' pse.desiredstock as desiredstockpse, pse.seuil_stock_alerte as seuil_stock_alertepse,'; } -$sql .= ' '.$sqldesiredtock.' as desiredstockcombined, '.$sqlalertstock.' as seuil_stock_alertecombined,'; +$sql .= " ".$sqldesiredtock." as desiredstockcombined, ".$sqlalertstock." as seuil_stock_alertecombined,"; $sql .= ' s.fk_product,'; -$sql .= ' SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").') as stock_physique'; +$sql .= " SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").') as stock_physique'; if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0) { - $sql .= ', SUM('.$db->ifsql("s.reel IS NULL OR s.fk_entrepot <> ".$fk_entrepot, "0", "s.reel").') as stock_real_warehouse'; + $sql .= ", SUM(".$db->ifsql("s.reel IS NULL OR s.fk_entrepot <> ".$fk_entrepot, "0", "s.reel").') as stock_real_warehouse'; } // Add fields from hooks @@ -478,45 +478,45 @@ if ($usevirtualstock) { } $sql .= ' HAVING ('; - $sql .= ' ('.$sqldesiredtock.' >= 0 AND ('.$sqldesiredtock.' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; - $sql .= ' - ('.$sqlCommandesCli.' - '.$sqlExpeditionsCli.') + ('.$sqlCommandesFourn.' - '.$sqlReceptionFourn.') + ('.$sqlProductionToProduce.' - '.$sqlProductionToConsume.')))'; + $sql .= " (".$sqldesiredtock." >= 0 AND (".$sqldesiredtock." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; + $sql .= " - (".$sqlCommandesCli." - ".$sqlExpeditionsCli.") + (".$sqlCommandesFourn." - ".$sqlReceptionFourn.") + (".$sqlProductionToProduce." - ".$sqlProductionToConsume.")))"; $sql .= ' OR'; if ($includeproductswithoutdesiredqty == 'on') { - $sql .= ' (('.$sqlalertstock.' >= 0 OR '.$sqlalertstock.' IS NULL) AND ('.$db->ifsql("$sqlalertstock IS NULL", "0", $sqlalertstock).' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; + $sql .= " ((".$sqlalertstock." >= 0 OR ".$sqlalertstock." IS NULL) AND (".$db->ifsql($sqlalertstock." IS NULL", "0", $sqlalertstock)." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").")"; } else { - $sql .= ' ('.$sqlalertstock.' >= 0 AND ('.$sqlalertstock.' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; + $sql .= " (".$sqlalertstock." >= 0 AND (".$sqlalertstock." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; } - $sql .= ' - ('.$sqlCommandesCli.' - '.$sqlExpeditionsCli.') + ('.$sqlCommandesFourn.' - '.$sqlReceptionFourn.') + ('.$sqlProductionToProduce.' - '.$sqlProductionToConsume.')))'; - $sql .= ')'; + $sql .= " - (".$sqlCommandesCli." - ".$sqlExpeditionsCli.") + (".$sqlCommandesFourn." - ".$sqlReceptionFourn.") + (".$sqlProductionToProduce." - ".$sqlProductionToConsume.")))"; + $sql .= ")"; if ($salert == 'on') { // Option to see when stock is lower than alert $sql .= ' AND ('; if ($includeproductswithoutdesiredqty == 'on') { - $sql .= '('.$sqlalertstock.' >= 0 OR '.$sqlalertstock.' IS NULL) AND ('.$db->ifsql("$sqlalertstock IS NULL", "0", $sqlalertstock).' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; + $sql .= "(".$sqlalertstock." >= 0 OR ".$sqlalertstock." IS NULL) AND (".$db->ifsql($sqlalertstock." IS NULL", "0", $sqlalertstock)." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").")"; } else { - $sql .= $sqlalertstock.' >= 0 AND ('.$sqlalertstock.' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; + $sql .= $sqlalertstock." >= 0 AND (".$sqlalertstock." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").")"; } - $sql .= ' - ('.$sqlCommandesCli.' - '.$sqlExpeditionsCli.') + ('.$sqlCommandesFourn.' - '.$sqlReceptionFourn.') + ('.$sqlProductionToProduce.' - '.$sqlProductionToConsume.'))'; - $sql .= ')'; + $sql .= " - (".$sqlCommandesCli." - ".$sqlExpeditionsCli.") + (".$sqlCommandesFourn." - ".$sqlReceptionFourn.") + (".$sqlProductionToProduce." - ".$sqlProductionToConsume."))"; + $sql .= ")"; $alertchecked = 'checked'; } } else { $sql .= ' HAVING ('; - $sql .= '('.$sqldesiredtock.' >= 0 AND ('.$sqldesiredtock.' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')))'; + $sql .= "(".$sqldesiredtock." >= 0 AND (".$sqldesiredtock." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").")))"; $sql .= ' OR'; if ($includeproductswithoutdesiredqty == 'on') { - $sql .= ' (('.$sqlalertstock.' >= 0 OR '.$sqlalertstock.' IS NULL) AND ('.$db->ifsql("$sqlalertstock IS NULL", "0", $sqlalertstock).' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')))'; + $sql .= " ((".$sqlalertstock." >= 0 OR ".$sqlalertstock." IS NULL) AND (".$db->ifsql($sqlalertstock." IS NULL", "0", $sqlalertstock)." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").')))'; } else { - $sql .= ' ('.$sqlalertstock.' >= 0 AND ('.$sqlalertstock.' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')))'; + $sql .= " (".$sqlalertstock." >= 0 AND (".$sqlalertstock." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").')))'; } $sql .= ')'; if ($salert == 'on') { // Option to see when stock is lower than alert - $sql .= ' AND ('; + $sql .= " AND ("; if ($includeproductswithoutdesiredqty == 'on') { - $sql .= ' ('.$sqlalertstock.' >= 0 OR '.$sqlalertstock.' IS NULL) AND ('.$db->ifsql("$sqlalertstock IS NULL", "0", $sqlalertstock).' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").'))'; + $sql .= " (".$sqlalertstock." >= 0 OR ".$sqlalertstock." IS NULL) AND (".$db->ifsql($sqlalertstock." IS NULL", "0", $sqlalertstock)." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel")."))"; } else { - $sql .= ' '.$sqlalertstock.' >= 0 AND ('.$sqlalertstock.' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").'))'; + $sql .= " ".$sqlalertstock." >= 0 AND (".$sqlalertstock." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").'))'; } $sql .= ')'; $alertchecked = 'checked'; @@ -623,7 +623,7 @@ if (empty($reshook)) { } print '
'; -print ''; +print ''; print '
'; print ''; @@ -802,7 +802,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $sql = 'SELECT label,description'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang'; $sql .= ' WHERE fk_product = '.((int) $objp->rowid); - $sql .= ' AND lang = "'.$langs->getDefaultLang().'"'; + $sql .= " AND lang = '".$db->escape($langs->getDefaultLang())."'"; $sql .= ' LIMIT 1'; $resqlm = $db->query($sql); @@ -958,7 +958,7 @@ print dol_get_fiche_end(); $value = $langs->trans("CreateOrders"); -print '
'; +print '
'; print ''; diff --git a/htdocs/product/stock/replenishorders.php b/htdocs/product/stock/replenishorders.php index 17490e330bb..01a7e2dd1a3 100644 --- a/htdocs/product/stock/replenishorders.php +++ b/htdocs/product/stock/replenishorders.php @@ -135,7 +135,7 @@ if ($conf->global->STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER) { $sql .= ' AND cf.fk_statut < 5'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.$user->id; + $sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.((int) $user->id); } if ($sref) { $sql .= natural_search('cf.ref', $sref); diff --git a/htdocs/product/stock/stockatdate.php b/htdocs/product/stock/stockatdate.php index 4892004db72..940acdb551d 100644 --- a/htdocs/product/stock/stockatdate.php +++ b/htdocs/product/stock/stockatdate.php @@ -272,7 +272,7 @@ if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) { $sql .= " AND p.fk_product_type = 0"; } if (!empty($canvas)) { - $sql .= ' AND p.canvas = "'.$db->escape($canvas).'"'; + $sql .= " AND p.canvas = '".$db->escape($canvas)."'"; } if ($fk_warehouse > 0) { $sql .= ' GROUP BY p.rowid, p.ref, p.label, p.description, p.price, p.price_ttc, p.price_base_type, p.fk_product_type, p.desiredstock, p.seuil_stock_alerte,'; @@ -373,7 +373,7 @@ if (empty($reshook)) { } print '
'; -print ''; +print ''; print '
'; //print ''; @@ -488,7 +488,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $sql = 'SELECT label,description'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang'; $sql .= ' WHERE fk_product = '.((int) $objp->rowid); - $sql .= ' AND lang = "'.$langs->getDefaultLang().'"'; + $sql .= " AND lang = '".$db->escape($langs->getDefaultLang())."'"; $sql .= ' LIMIT 1'; $resqlm = $db->query($sql); diff --git a/htdocs/product/traduction.php b/htdocs/product/traduction.php index 2bd92f40e78..9ee6365d2fd 100644 --- a/htdocs/product/traduction.php +++ b/htdocs/product/traduction.php @@ -282,11 +282,7 @@ if ($action == 'edit') { print '
'; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action != 'add') { @@ -356,11 +352,7 @@ if ($action == 'add' && ($user->rights->produit->creer || $user->rights->service print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/projet/activity/index.php b/htdocs/projet/activity/index.php index 60484eb4f17..bdce4353faf 100644 --- a/htdocs/projet/activity/index.php +++ b/htdocs/projet/activity/index.php @@ -122,9 +122,9 @@ $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql .= ", ".MAIN_DB_PREFIX."projet_task as t"; $sql .= ", ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql .= " WHERE t.fk_projet = p.rowid"; -$sql .= " AND p.entity = ".$conf->entity; +$sql .= " AND p.entity = ".((int) $conf->entity); $sql .= " AND tt.fk_task = t.rowid"; -$sql .= " AND tt.fk_user = ".$user->id; +$sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND task_date BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $month, $day, $year))."' AND '".$db->idate(dol_mktime(23, 59, 59, $month, $day, $year))."'"; $sql .= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql .= " GROUP BY p.rowid, p.ref, p.title, p.public"; @@ -175,9 +175,9 @@ $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql .= ", ".MAIN_DB_PREFIX."projet_task as t"; $sql .= ", ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql .= " WHERE t.fk_projet = p.rowid"; -$sql .= " AND p.entity = ".$conf->entity; +$sql .= " AND p.entity = ".((int) $conf->entity); $sql .= " AND tt.fk_task = t.rowid"; -$sql .= " AND tt.fk_user = ".$user->id; +$sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND task_date BETWEEN '".$db->idate(dol_time_plus_duree(dol_mktime(0, 0, 0, $month, $day, $year), -1, 'd'))."' AND '".$db->idate(dol_time_plus_duree(dol_mktime(23, 59, 59, $month, $day, $year), -1, 'd'))."'"; $sql .= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql .= " GROUP BY p.rowid, p.ref, p.title, p.public"; @@ -231,9 +231,9 @@ if ($db->type != 'pgsql') $sql.= " , ".MAIN_DB_PREFIX."projet_task as t"; $sql.= " , ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql.= " WHERE t.fk_projet = p.rowid"; - $sql.= " AND p.entity = ".$conf->entity; + $sql.= " AND p.entity = ".((int) $conf->entity); $sql.= " AND tt.fk_task = t.rowid"; - $sql.= " AND tt.fk_user = ".$user->id; + $sql.= " AND tt.fk_user = ".((int) $user->id); $sql.= " AND task_date >= '".$db->idate(dol_get_first_day($year, $month)).'" AND ..."; $sql.= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql.= " GROUP BY p.rowid, p.ref, p.title"; @@ -287,9 +287,9 @@ if (!empty($conf->global->PROJECT_TASK_TIME_MONTH)) { $sql .= ", ".MAIN_DB_PREFIX."projet_task as t"; $sql .= ", ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql .= " WHERE t.fk_projet = p.rowid"; - $sql .= " AND p.entity = ".$conf->entity; + $sql .= " AND p.entity = ".((int) $conf->entity); $sql .= " AND tt.fk_task = t.rowid"; - $sql .= " AND tt.fk_user = ".$user->id; + $sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND task_date BETWEEN '".$db->idate(dol_get_first_day($year, $month))."' AND '".$db->idate(dol_get_last_day($year, $month))."'"; $sql .= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql .= " GROUP BY p.rowid, p.ref, p.title, p.public"; @@ -333,9 +333,9 @@ if (!empty($conf->global->PROJECT_TASK_TIME_YEAR)) { $sql .= ", ".MAIN_DB_PREFIX."projet_task as t"; $sql .= ", ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql .= " WHERE t.fk_projet = p.rowid"; - $sql .= " AND p.entity = ".$conf->entity; + $sql .= " AND p.entity = ".((int) $conf->entity); $sql .= " AND tt.fk_task = t.rowid"; - $sql .= " AND tt.fk_user = ".$user->id; + $sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND YEAR(task_date) = '".strftime("%Y", $now)."'"; $sql .= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql .= " GROUP BY p.rowid, p.ref, p.title, p.public"; @@ -422,7 +422,7 @@ if (empty($conf->global->PROJECT_HIDE_TASKS) && !empty($conf->global->PROJECT_SH $sql .= " AND p.rowid IN (".$db->sanitize($projectsListId).")"; // project i have permission on } if ($mine) { // this may duplicate record if we are contact twice - $sql .= " AND ect.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listoftaskcontacttype))).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".$user->id; + $sql .= " AND ect.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listoftaskcontacttype))).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".((int) $user->id); } if ($socid) { $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; diff --git a/htdocs/projet/activity/perday.php b/htdocs/projet/activity/perday.php index 8897f9550a3..29a3c40209c 100644 --- a/htdocs/projet/activity/perday.php +++ b/htdocs/projet/activity/perday.php @@ -310,7 +310,7 @@ if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('formfilterac setEventMessages($langs->trans("RecordSaved"), null, 'mesgs'); // Redirect to avoid submit twice on back - header('Location: '.$_SERVER["PHP_SELF"].'?'.($projectid ? 'id='.$projectid : '').($search_usertoprocessid ? '&search_usertoprocessid='.$search_usertoprocessid : '').($mode ? '&mode='.$mode : '').'&year='.$yearofday.'&month='.$monthofday.'&day='.$dayofday); + header('Location: '.$_SERVER["PHP_SELF"].'?'.($projectid ? 'id='.$projectid : '').($search_usertoprocessid ? '&search_usertoprocessid='.urlencode($search_usertoprocessid) : '').($mode ? '&mode='.$mode : '').'&year='.$yearofday.'&month='.$monthofday.'&day='.$dayofday); exit; } } else { diff --git a/htdocs/projet/activity/permonth.php b/htdocs/projet/activity/permonth.php index 6e474ea8568..1fae2fe0300 100644 --- a/htdocs/projet/activity/permonth.php +++ b/htdocs/projet/activity/permonth.php @@ -334,12 +334,12 @@ llxHeader("", $title, "", '', '', '', array('/core/js/timesheet.js')); //print_barre_liste($title, $page, $_SERVER["PHP_SELF"], "", $sortfield, $sortorder, "", $num, '', 'title_project'); $param = ''; -$param .= ($mode ? '&mode='.$mode : ''); -$param .= ($search_project_ref ? '&search_project_ref='.$search_project_ref : ''); -$param .= ($search_usertoprocessid > 0 ? '&search_usertoprocessid='.$search_usertoprocessid : ''); -$param .= ($search_thirdparty ? '&search_thirdparty='.$search_thirdparty : ''); -$param .= ($search_task_ref ? '&search_task_ref='.$search_task_ref : ''); -$param .= ($search_task_label ? '&search_task_label='.$search_task_label : ''); +$param .= ($mode ? '&mode='.urlencode($mode) : ''); +$param .= ($search_project_ref ? '&search_project_ref='.urlencode($search_project_ref) : ''); +$param .= ($search_usertoprocessid > 0 ? '&search_usertoprocessid='.urlencode($search_usertoprocessid) : ''); +$param .= ($search_thirdparty ? '&search_thirdparty='.urlencode($search_thirdparty) : ''); +$param .= ($search_task_ref ? '&search_task_ref='.urlencode($search_task_ref) : ''); +$param .= ($search_task_label ? '&search_task_label='.urlencode($search_task_label) : ''); // Show navigation bar $nav = ''.img_previous($langs->trans("Previous"))."\n"; @@ -596,9 +596,7 @@ print ''; print ''."\n"; print ''."\n"; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''."\n\n"; diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php index ecb2a0bdaf5..08304cecaab 100644 --- a/htdocs/projet/activity/perweek.php +++ b/htdocs/projet/activity/perweek.php @@ -852,9 +852,7 @@ print ''; print ''."\n"; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''."\n\n"; diff --git a/htdocs/projet/admin/website.php b/htdocs/projet/admin/website.php index 04acbaa44aa..893c3765736 100644 --- a/htdocs/projet/admin/website.php +++ b/htdocs/projet/admin/website.php @@ -134,7 +134,7 @@ if (!empty($conf->global->PROJECT_ENABLE_PUBLIC)) { print ''; print '
'; - print ''; + print ''; print '
'; } */ diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index b14fcfc73fd..4299028d621 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -690,16 +690,7 @@ if ($action == 'create' && $user->rights->projet->creer) { print dol_get_fiche_end(); - print '
'; - print ''; - if (!empty($backtopage)) { - print '     '; - print ''; - } else { - print '     '; - print ''; - } - print '
'; + print $form->buttonsSaveCancel('CreateDraft'); print ''; @@ -1150,10 +1141,7 @@ if ($action == 'create' && $user->rights->projet->creer) { print dol_get_fiche_end(); if ($action == 'edit' && $userWrite > 0) { - print '
'; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); } print ''; diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 4f52dd48057..02939ead090 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -867,7 +867,7 @@ class Project extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."projet_extrafields"; - $sql .= " WHERE fk_object=".$this->id; + $sql .= " WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -944,11 +944,11 @@ class Project extends CommonObject } if ($type == 'agenda') { - $sql = "SELECT COUNT(id) as nb FROM ".MAIN_DB_PREFIX."actioncomm WHERE fk_project = ".$this->id." AND entity IN (".getEntity('agenda').")"; + $sql = "SELECT COUNT(id) as nb FROM ".MAIN_DB_PREFIX."actioncomm WHERE fk_project = ".((int) $this->id)." AND entity IN (".getEntity('agenda').")"; } elseif ($type == 'expensereport') { $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".((int) $this->id); } elseif ($type == 'project_task') { - $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt WHERE pt.fk_projet = ".$this->id; + $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt WHERE pt.fk_projet = ".((int) $this->id); } elseif ($type == 'project_task_time') { // Case we want to duplicate line foreach user $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet = ".((int) $this->id); } elseif ($type == 'stock_mouvement') { @@ -1028,8 +1028,8 @@ class Project extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."projet"; $sql .= " SET fk_statut = 1"; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); dol_syslog(get_class($this)."::setValid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1080,7 +1080,7 @@ class Project extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."projet"; $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", fk_user_close = ".((int) $user->id).", date_close = '".$this->db->idate($now)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) { @@ -1408,9 +1408,9 @@ class Project extends CommonObject } $sql .= " WHERE p.entity IN (".getEntity('project').")"; // Internal users must see project he is contact to even if project linked to a third party he can't see. - //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; if ($socid > 0) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } // Get id of types of contacts for projects (This list never contains a lot of elements) @@ -1433,13 +1433,13 @@ class Project extends CommonObject if ($mode == 0) { $sql .= " AND ( p.public = 1"; $sql .= " OR ( ec.fk_c_type_contact IN (".$this->db->sanitize(join(',', array_keys($listofprojectcontacttype))).")"; - $sql .= " AND ec.fk_socpeople = ".$user->id.")"; + $sql .= " AND ec.fk_socpeople = ".((int) $user->id).")"; $sql .= " )"; } elseif ($mode == 1) { $sql .= " AND ec.element_id = p.rowid"; $sql .= " AND ("; $sql .= " ( ec.fk_c_type_contact IN (".$this->db->sanitize(join(',', array_keys($listofprojectcontacttype))).")"; - $sql .= " AND ec.fk_socpeople = ".$user->id.")"; + $sql .= " AND ec.fk_socpeople = ".((int) $user->id).")"; $sql .= " )"; } elseif ($mode == 2) { // No filter. Use this if user has permission to see all project @@ -1887,7 +1887,7 @@ class Project extends CommonObject $sql = "SELECT ptt.rowid as taskid, ptt.task_duration, ptt.task_date, ptt.task_datehour, ptt.fk_task"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time AS ptt, ".MAIN_DB_PREFIX."projet_task as pt"; $sql .= " WHERE ptt.fk_task = pt.rowid"; - $sql .= " AND pt.fk_projet = ".$this->id; + $sql .= " AND pt.fk_projet = ".((int) $this->id); $sql .= " AND (ptt.task_date >= '".$this->db->idate($datestart)."' "; $sql .= " AND ptt.task_date <= '".$this->db->idate(dol_time_plus_duree($datestart, 1, 'w') - 1)."')"; if ($taskid) { @@ -1950,7 +1950,7 @@ class Project extends CommonObject $sql = "SELECT ptt.rowid as taskid, ptt.task_duration, ptt.task_date, ptt.task_datehour, ptt.fk_task"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time AS ptt, ".MAIN_DB_PREFIX."projet_task as pt"; $sql .= " WHERE ptt.fk_task = pt.rowid"; - $sql .= " AND pt.fk_projet = ".$this->id; + $sql .= " AND pt.fk_projet = ".((int) $this->id); $sql .= " AND (ptt.task_date >= '".$this->db->idate($datestart)."' "; $sql .= " AND ptt.task_date <= '".$this->db->idate(dol_time_plus_duree($datestart, 1, 'm') - 1)."')"; if ($task_id) { @@ -2026,9 +2026,9 @@ class Project extends CommonObject $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser - //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; // For external user, no check is done on company permission because readability is managed by public status of project and assignement. - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; //print $sql; $resql = $this->db->query($sql); diff --git a/htdocs/projet/class/projectstats.class.php b/htdocs/projet/class/projectstats.class.php index 1845e303704..1439ecd5f20 100644 --- a/htdocs/projet/class/projectstats.class.php +++ b/htdocs/projet/class/projectstats.class.php @@ -64,13 +64,13 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t"; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->socid) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= ", ".MAIN_DB_PREFIX."c_lead_status as cls"; $sql .= $this->buildWhere(); // For external user, no check is done on company permission because readability is managed by public status of project and assignement. //if ($socid > 0) $sql.= " AND t.fk_soc = ".((int) $socid); // No check is done on company permission because readability is managed by public status of project and assignement. - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; $sql .= " AND t.fk_opp_status = cls.rowid"; $sql .= " AND t.fk_statut <> 0"; // We want historic also, so all projects not draft $sql .= " GROUP BY t.fk_opp_status, cls.code, cls.label"; @@ -130,12 +130,12 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t LEFT JOIN ".MAIN_DB_PREFIX."c_lead_status as cls ON cls.rowid = t.fk_opp_status"; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->soc_id) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= $this->buildWhere(); // For external user, no check is done on company permission because readability is managed by public status of project and assignement. //if ($socid > 0) $sql.= " AND t.fk_soc = ".((int) $socid); // No check is done on company permission because readability is managed by public status of project and assignement. - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; $sql .= " GROUP BY year"; $sql .= $this->db->order('year', 'DESC'); @@ -165,15 +165,15 @@ class ProjectStats extends Stats $sqlwhere[] = ' t.entity IN ('.getEntity('project').')'; if (!empty($this->userid)) { - $sqlwhere[] = ' t.fk_user_resp='.$this->userid; + $sqlwhere[] = ' t.fk_user_resp = '.((int) $this->userid); } // Forced filter on socid is similar to forced filter on project. TODO Use project assignement to allow to not use filter on project if (!empty($this->socid)) { - $sqlwhere[] = ' t.fk_soc='.$this->socid; + $sqlwhere[] = ' t.fk_soc = '.((int) $this->socid); } if (!empty($this->year) && empty($this->yearmonth)) { - $sqlwhere[] = " date_format(t.datec,'%Y')='".$this->db->escape($this->year)."'"; + $sqlwhere[] = " date_format(t.datec,'%Y') = '".$this->db->escape($this->year)."'"; } if (!empty($this->yearmonth)) { $sqlwhere[] = " t.datec BETWEEN '".$this->db->idate(dol_get_first_day($this->yearmonth))."' AND '".$this->db->idate(dol_get_last_day($this->yearmonth))."'"; @@ -211,7 +211,7 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t"; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->soc_id) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -240,7 +240,7 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t"; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->soc_id) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -358,7 +358,7 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t LEFT JOIN ".MAIN_DB_PREFIX.'c_lead_status as cls ON t.fk_opp_status = cls.rowid'; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->soc_id) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -470,7 +470,7 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t"; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->soc_id) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -483,7 +483,7 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t"; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->soc_id) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 5b92b9cccdf..c05f726031c 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -519,7 +519,7 @@ class Task extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."projet_task_time"; - $sql .= " WHERE fk_task=".$this->id; + $sql .= " WHERE fk_task = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -529,7 +529,7 @@ class Task extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."projet_task_extrafields"; - $sql .= " WHERE fk_object=".$this->id; + $sql .= " WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -603,7 +603,7 @@ class Task extends CommonObject $sql = "SELECT COUNT(*) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task"; - $sql .= " WHERE fk_task_parent=".$this->id; + $sql .= " WHERE fk_task_parent = ".((int) $this->id); dol_syslog(get_class($this)."::hasChildren", LOG_DEBUG); $resql = $this->db->query($sql); @@ -636,7 +636,7 @@ class Task extends CommonObject $sql = "SELECT COUNT(*) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time"; - $sql .= " WHERE fk_task=".$this->id; + $sql .= " WHERE fk_task = ".((int) $this->id); dol_syslog(get_class($this)."::hasTimeSpent", LOG_DEBUG); $resql = $this->db->query($sql); @@ -795,12 +795,12 @@ class Task extends CommonObject $sql .= " p.fk_opp_status, p.opp_amount, p.opp_percent, p.budget_amount"; if (!empty($extrafields->attributes['projet']['label'])) { foreach ($extrafields->attributes['projet']['label'] as $key => $val) { - $sql .= ($extrafields->attributes['projet']['type'][$key] != 'separate' ? ",efp.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes['projet']['type'][$key] != 'separate' ? ",efp.".$key." as options_".$key : ''); } } if (!empty($extrafields->attributes['projet_task']['label'])) { foreach ($extrafields->attributes['projet_task']['label'] as $key => $val) { - $sql .= ($extrafields->attributes['projet_task']['type'][$key] != 'separate' ? ",efpt.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes['projet_task']['type'][$key] != 'separate' ? ",efpt.".$key." as options_".$key : ''); } } if ($includebilltime) { @@ -1044,10 +1044,10 @@ class Task extends CommonObject $sql .= ", ".MAIN_DB_PREFIX."c_type_contact as ctc"; $sql .= " WHERE pt.rowid = ec.element_id"; if ($userp && $filteronprojstatus > -1) { - $sql .= " AND pt.fk_statut = ".$filteronprojstatus; + $sql .= " AND pt.fk_statut = ".((int) $filteronprojstatus); } if ($usert && $filteronprojstatus > -1) { - $sql .= " AND pt.fk_projet = p.rowid AND p.fk_statut = ".$filteronprojstatus; + $sql .= " AND pt.fk_projet = p.rowid AND p.fk_statut = ".((int) $filteronprojstatus); } if ($userp) { $sql .= " AND ctc.element = 'project'"; @@ -1057,10 +1057,10 @@ class Task extends CommonObject } $sql .= " AND ctc.rowid = ec.fk_c_type_contact"; if ($userp) { - $sql .= " AND ec.fk_socpeople = ".$userp->id; + $sql .= " AND ec.fk_socpeople = ".((int) $userp->id); } if ($usert) { - $sql .= " AND ec.fk_socpeople = ".$usert->id; + $sql .= " AND ec.fk_socpeople = ".((int) $usert->id); } $sql .= " AND ec.statut = 4"; $sql .= " AND ctc.source = 'internal'"; @@ -1639,7 +1639,7 @@ class Task extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."projet_task_time"; - $sql .= " WHERE rowid = ".$this->timespent_id; + $sql .= " WHERE rowid = ".((int) $this->timespent_id); dol_syslog(get_class($this)."::delTimeSpent", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1661,7 +1661,7 @@ class Task extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task"; $sql .= " SET duration_effective = duration_effective - ".$this->db->escape($this->timespent_duration ? $this->timespent_duration : 0); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delTimeSpent", LOG_DEBUG); if ($this->db->query($sql)) { @@ -2062,7 +2062,7 @@ class Task extends CommonObject // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser - // if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; + // if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; //print $sql; $resql = $this->db->query($sql); @@ -2131,12 +2131,12 @@ class Task extends CommonObject $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser - //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; if ($socid) { $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id.") OR (s.rowid IS NULL))"; + $sql .= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; } $resql = $this->db->query($sql); diff --git a/htdocs/projet/class/taskstats.class.php b/htdocs/projet/class/taskstats.class.php index 8a5234b956f..594ad38d723 100644 --- a/htdocs/projet/class/taskstats.class.php +++ b/htdocs/projet/class/taskstats.class.php @@ -60,7 +60,7 @@ class TaskStats extends Stats $sql .= " COUNT(t.rowid), t.priority"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet"; if (!$user->rights->societe->client->voir && !$user->soc_id) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=p.fk_soc AND sc.fk_user=".((int) $user->id); } $sql .= $this->buildWhere(); //$sql .= " AND t.fk_statut <> 0"; // We want historic also, so all task not draft @@ -119,7 +119,7 @@ class TaskStats extends Stats $sql = "SELECT date_format(t.datec,'%Y') as year, COUNT(t.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet"; if (!$user->rights->societe->client->voir && !$user->soc_id) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=p.fk_soc AND sc.fk_user=".((int) $user->id); } $sql .= $this->buildWhere(); $sql .= " GROUP BY year"; @@ -142,11 +142,11 @@ class TaskStats extends Stats $sqlwhere[] = ' t.entity IN ('.getEntity('project').')'; if (!empty($this->userid)) { - $sqlwhere[] = ' t.fk_user_resp='.$this->userid; + $sqlwhere[] = ' t.fk_user_resp = '.((int) $this->userid); } // Forced filter on socid is similar to forced filter on project. TODO Use project assignement to allow to not use filter on project if (!empty($this->socid)) { - $sqlwhere[] = ' p.fk_soc='.$this->socid; // Link on thirdparty is on project, not on task + $sqlwhere[] = ' p.fk_soc = '.((int) $this->socid); // Link on thirdparty is on project, not on task } if (!empty($this->year) && empty($this->yearmonth)) { $sqlwhere[] = " date_format(t.datec,'%Y')='".$this->db->escape($this->year)."'"; @@ -181,7 +181,7 @@ class TaskStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, COUNT(t.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet"; if (!$user->rights->societe->client->voir && !$user->soc_id) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=p.fk_soc AND sc.fk_user=".((int) $user->id); } $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 6d7ec7d351e..f9910813720 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -353,7 +353,7 @@ $sql .= " cls.code as opp_status_code"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -444,9 +444,9 @@ if ($search_sale > 0) { $sql .= " AND sc.fk_user = ".((int) $search_sale); } // No check is done on company permission because readability is managed by public status of project and assignement. -//if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; +//if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; if ($search_project_user > 0) { - $sql .= " AND ecp.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listofprojectcontacttype))).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".$search_project_user; + $sql .= " AND ecp.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listofprojectcontacttype))).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".((int) $search_project_user); } if ($search_opp_amount != '') { $sql .= natural_search('p.opp_amount', $search_opp_amount, 1); diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index d4b5bf89bbf..367f7a27681 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -674,11 +674,7 @@ if ($action == 'create' && $user->rights->projet->creer && (empty($object->third print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Add"); print ''; } elseif ($id > 0 || !empty($ref)) { diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php index 3aa5c3b8830..f693d0bf94a 100644 --- a/htdocs/projet/tasks/contact.php +++ b/htdocs/projet/tasks/contact.php @@ -407,7 +407,7 @@ if ($id > 0 || !empty($ref)) { print ''; $formcompany->selectTypeContact($object, '', 'type', 'internal', 'rowid'); print ''; - print ''; + print ''; print ''; // Line to add an external contact. Only if project linked to a third party. diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index d053866fd62..e6d8e5c6dfa 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -3,6 +3,7 @@ * Copyright (C) 2006-2019 Laurent Destailleur * Copyright (C) 2006-2010 Regis Houssin * Copyright (C) 2018 Ferran Marcet + * Copyright (C) 2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -45,7 +46,6 @@ $id = GETPOST('id', 'int'); $search_all = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); $search_categ = GETPOST("search_categ", 'alpha'); -$search_project = GETPOST('search_project'); $search_projectstatus = GETPOST('search_projectstatus'); if (!isset($search_projectstatus) || $search_projectstatus === '') { @@ -62,8 +62,8 @@ $search_task_ref = GETPOST('search_task_ref'); $search_task_label = GETPOST('search_task_label'); $search_task_description = GETPOST('search_task_description'); $search_task_ref_parent = GETPOST('search_task_ref_parent'); -$search_project_user = GETPOST('search_project_user'); -$search_task_user = GETPOST('search_task_user'); +$search_project_user = GETPOST('search_project_user', 'int'); +$search_task_user = GETPOST('search_task_user', 'int'); $search_task_progress = GETPOST('search_task_progress'); $search_societe = GETPOST('search_societe'); @@ -72,12 +72,22 @@ if ($mine) { $search_task_user = $user->id; $mine = 0; } -$search_sday = GETPOST('search_sday', 'int'); -$search_smonth = GETPOST('search_smonth', 'int'); -$search_syear = GETPOST('search_syear', 'int'); -$search_eday = GETPOST('search_eday', 'int'); -$search_emonth = GETPOST('search_emonth', 'int'); -$search_eyear = GETPOST('search_eyear', 'int'); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); +$search_datelimit_startday = GETPOST('search_datelimit_startday', 'int'); +$search_datelimit_startmonth = GETPOST('search_datelimit_startmonth', 'int'); +$search_datelimit_startyear = GETPOST('search_datelimit_startyear', 'int'); +$search_datelimit_endday = GETPOST('search_datelimit_endday', 'int'); +$search_datelimit_endmonth = GETPOST('search_datelimit_endmonth', 'int'); +$search_datelimit_endyear = GETPOST('search_datelimit_endyear', 'int'); +$search_datelimit_start = dol_mktime(0, 0, 0, $search_datelimit_startmonth, $search_datelimit_startday, $search_datelimit_startyear); +$search_datelimit_end = dol_mktime(23, 59, 59, $search_datelimit_endmonth, $search_datelimit_endday, $search_datelimit_endyear); // Initialize context for list $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'tasklist'; @@ -182,7 +192,6 @@ if (empty($reshook)) { if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All tests are required to be compatible with all browsers $search_all = ""; $search_categ = ""; - $search_project = ""; $search_projectstatus = -1; $search_project_ref = ""; $search_project_title = ""; @@ -193,12 +202,22 @@ if (empty($reshook)) { $search_task_progress = ""; $search_task_user = -1; $search_project_user = -1; - $search_sday = ''; - $search_smonth = ''; - $search_syear = ''; - $search_eday = ''; - $search_emonth = ''; - $search_eyear = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; + $search_datelimit_startday = ''; + $search_datelimit_startmonth = ''; + $search_datelimit_startyear = ''; + $search_datelimit_endday = ''; + $search_datelimit_endmonth = ''; + $search_datelimit_endyear = ''; + $search_datelimit_start = ''; + $search_datelimit_end = ''; $toselect = ''; $search_array_options = array(); } @@ -306,7 +325,7 @@ if (!empty($arrayfields['t.tobill']['checked']) || !empty($arrayfields['t.billed // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -374,8 +393,18 @@ if ($search_task_progress) { if ($search_societe) { $sql .= natural_search('s.nom', $search_societe); } -$sql .= dolSqlDateFilter('t.dateo', $search_sday, $search_smonth, $search_syear); -$sql .= dolSqlDateFilter('t.datee', $search_eday, $search_emonth, $search_eyear); +if ($search_date_start) { + $sql .= " AND t.dateo >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND t.dateo <= '".$db->idate($search_date_end)."'"; +} +if ($search_datelimit_start) { + $sql .= " AND t.datee >= '".$db->idate($search_datelimit_start)."'"; +} +if ($search_datelimit_end) { + $sql .= " AND t.datee <= '".$db->idate($search_datelimit_end)."'"; +} if ($search_all) { $sql .= natural_search(array_keys($fieldstosearchall), $search_all); } @@ -387,10 +416,10 @@ if ($search_projectstatus >= 0) { } } if ($search_project_user > 0) { - $sql .= " AND ecp.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listofprojectcontacttype))).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".$search_project_user; + $sql .= " AND ecp.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listofprojectcontacttype))).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".((int) $search_project_user); } if ($search_task_user > 0) { - $sql .= " AND ect.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listoftaskcontacttype))).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".$search_task_user; + $sql .= " AND ect.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listoftaskcontacttype))).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".((int) $search_task_user); } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; @@ -456,23 +485,41 @@ if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) { if ($limit > 0 && $limit != $conf->liste_limit) { $param .= '&limit='.urlencode($limit); } -if ($search_sday) { - $param .= '&search_sday='.urlencode($search_sday); +if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); } -if ($search_smonth) { - $param .= '&search_smonth='.urlencode($search_smonth); +if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); } -if ($search_syear) { - $param .= '&search_syear='.urlencode($search_syear); +if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); } -if ($search_eday) { - $param .= '&search_eday='.urlencode($search_eday); +if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); } -if ($search_emonth) { - $param .= '&search_emonth='.urlencode($search_emonth); +if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); } -if ($search_eyear) { - $param .= '&search_eyear='.urlencode($search_eyear); +if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); +} +if ($search_datelimit_startday) { + $param .= '&search_datelimit_startday='.urlencode($search_datelimit_startday); +} +if ($search_datelimit_startmonth) { + $param .= '&search_datelimit_startmonth='.urlencode($search_datelimit_startmonth); +} +if ($search_datelimit_startyear) { + $param .= '&search_datelimit_startyear='.urlencode($search_datelimit_startyear); +} +if ($search_datelimit_endday) { + $param .= '&search_datelimit_endday='.urlencode($search_datelimit_endday); +} +if ($search_datelimit_endmonth) { + $param .= '&search_datelimit_endmonth='.urlencode($search_datelimit_endmonth); +} +if ($search_datelimit_endyear) { + $param .= '&search_datelimit_endyear='.urlencode($search_datelimit_endyear); } if ($socid) { $param .= '&socid='.urlencode($socid); @@ -487,13 +534,13 @@ if ($search_project_title != '') { $param .= '&search_project_title='.urlencode($search_project_title); } if ($search_task_ref != '') { - $param .= '&search_task_ref='.urlencode($search_ref); + $param .= '&search_task_ref='.urlencode($search_task_ref); } if ($search_task_label != '') { - $param .= '&search_task_label='.urlencode($search_label); + $param .= '&search_task_label='.urlencode($search_task_label); } if ($search_task_description != '') { - $param .= '&search_task_description='.urlencode($search_description); + $param .= '&search_task_description='.urlencode($search_task_description); } if ($search_task_ref_parent != '') { $param .= '&search_task_ref_parent='.urlencode($search_task_ref_parent); @@ -648,22 +695,26 @@ if (!empty($arrayfields['t.description']['checked'])) { } // Start date if (!empty($arrayfields['t.dateo']['checked'])) { - print ''; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - print $formother->selectyear($search_syear ? $search_syear : -1, 'search_syear', 1, 20, 5, 0, 0, '', 'valignmiddle width75', 1); + print ''; + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; } // End date if (!empty($arrayfields['t.datee']['checked'])) { - print ''; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - print $formother->selectyear($search_eyear ? $search_eyear : -1, 'search_eyear', 1, 20, 5, 0, 0, '', 'valignmiddle width75', 1); + print ''; + print '
'; + print $form->selectDate($search_datelimit_start ? $search_datelimit_start : -1, 'search_datelimit_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_datelimit_end ? $search_datelimit_end : -1, 'search_datelimit_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + // TODO Add option late + //print '
'.$langs->trans("Alert"); + print '
'; print ''; } if (!empty($arrayfields['p.ref']['checked'])) { diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 780d387512e..99b390870a8 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -458,10 +458,7 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_end(); - print '
'; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); print ''; } else { diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 11913957bc5..634b3c136d9 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -462,6 +462,15 @@ if ($action == 'confirm_generateinvoice') { $arrayoftasks[$object->timespent_id]['timespent'] = $object->timespent_duration; $arrayoftasks[$object->timespent_id]['totalvaluetodivideby3600'] = $object->timespent_duration * $object->timespent_thm; $arrayoftasks[$object->timespent_id]['note'] = $ftask->ref.' - '.$ftask->label.' - '.$username.($object->timespent_note ? ' - '.$object->timespent_note : ''); // TODO Add user name in note + if (!empty($conf->global->PROJECT_TIME_SPENT_INTO_INVOICE_ADD_TIME_DT)) { + $arrayoftasks[$object->timespent_id]['note'] .= "\n"; + if (!empty($object->timespent_withhour)) { + $arrayoftasks[$object->timespent_id]['note'] .= $langs->trans("Date") . ': ' . dol_print_date($object->timespent_datehour); + } else { + $arrayoftasks[$object->timespent_id]['note'] .= $langs->trans("Date") . ': ' . dol_print_date($object->timespent_date); + } + $arrayoftasks[$object->timespent_id]['note'] .= ' - '.$langs->trans("Duration").': '.convertSecondToTime($object->timespent_duration, 'all', $conf->global->MAIN_DURATION_OF_WORKDAY); + } $arrayoftasks[$object->timespent_id]['user'] = $object->timespent_fk_user; } @@ -471,7 +480,6 @@ if ($action == 'confirm_generateinvoice') { // Define qty per hour $qtyhour = $value['timespent'] / 3600; - $qtyhourtext = convertSecondToTime($value['timespent'], 'all', $conf->global->MAIN_DURATION_OF_WORKDAY); // If no unit price known if (empty($pu_ht)) { @@ -851,6 +859,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0) { } $massactionbutton = ''; + $arrayofmassactions = array(); if ($projectstatic->usage_bill_time) { $arrayofmassactions = array( 'generateinvoice'=>$langs->trans("GenerateBill"), diff --git a/htdocs/public/cron/cron_run_jobs_by_url.php b/htdocs/public/cron/cron_run_jobs_by_url.php index 133c5d1b18a..9369a9d78a7 100644 --- a/htdocs/public/cron/cron_run_jobs_by_url.php +++ b/htdocs/public/cron/cron_run_jobs_by_url.php @@ -67,6 +67,10 @@ global $langs, $conf; // Language Management $langs->loadLangs(array("admin", "cron", "dict")); +// Security check +if (empty($conf->cron->enabled)) { + accessforbidden('', 0, 0, 1); +} diff --git a/htdocs/public/cron/index.html b/htdocs/public/cron/index.html deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/htdocs/public/cron/index.php b/htdocs/public/cron/index.php new file mode 100644 index 00000000000..a62d2d1ba68 --- /dev/null +++ b/htdocs/public/cron/index.php @@ -0,0 +1,27 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/public/cron/index.php + * \ingroup core + * \brief A redirect page to an error + */ + +require '../../master.inc.php'; + +header("Location: ".DOL_URL_ROOT.'/public/error-404.php'); +exit; diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php index ea9eeb377e7..7fac6ff323e 100644 --- a/htdocs/public/emailing/mailing-read.php +++ b/htdocs/public/emailing/mailing-read.php @@ -128,13 +128,13 @@ if (!empty($tag)) { //Update status communication of thirdparty prospect if ($obj->source_id > 0 && $obj->source_type == 'thirdparty' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.((int) $obj->source_id); + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.((int) $obj->entity).' AND rowid = '.((int) $obj->source_id); $resql = $db->query($sql); } //Update status communication of contact prospect if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.((int) $obj->source_id).')'; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.((int) $obj->entity).' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.((int) $obj->source_id).')'; $resql = $db->query($sql); } } diff --git a/htdocs/public/emailing/mailing-unsubscribe.php b/htdocs/public/emailing/mailing-unsubscribe.php index 6648bafd07a..76a73e8de05 100644 --- a/htdocs/public/emailing/mailing-unsubscribe.php +++ b/htdocs/public/emailing/mailing-unsubscribe.php @@ -149,7 +149,7 @@ if (!empty($tag) && ($unsuscrib == '1')) { */ // Update status communication of email (new usage) - $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe (date_creat, entity, email, unsubscribegroup, ip) VALUES ('".$db->idate(dol_now())."', ".$db->escape($obj->entity).", '".$db->escape($obj->email)."', '', '".$db->escape(getUserRemoteIP())."')"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe (date_creat, entity, email, unsubscribegroup, ip) VALUES ('".$db->idate(dol_now())."', ".((int) $obj->entity).", '".$db->escape($obj->email)."', '', '".$db->escape(getUserRemoteIP())."')"; $resql = $db->query($sql); //if (! $resql) dol_print_error($db); No test on errors, may fail if already unsubscribed diff --git a/htdocs/public/index.php b/htdocs/public/index.php index a9de01f35ca..6e80d99430f 100644 --- a/htdocs/public/index.php +++ b/htdocs/public/index.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2009-2021 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -18,7 +18,7 @@ /** * \file htdocs/public/index.php * \ingroup core - * \brief A redirect page to an error + * \brief A redirect page to an error page */ require '../master.inc.php'; diff --git a/htdocs/public/notice.php b/htdocs/public/notice.php index c41bf81bea4..d5ac4070ff0 100644 --- a/htdocs/public/notice.php +++ b/htdocs/public/notice.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2016-2021 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,10 +17,10 @@ /** * \file htdocs/public/notice.php - * \brief Dolibarr page to show a notice. - * Default notice is a message to say network connection is off or show another message. - * You can also call this page with URL: - * /public/notice.php?lang=xx_XX&transkey=translation_key (key must be inside file main.lang, error.lang or other.lang) + * \brief Dolibarr public page to show a notice. + * Default notice is a message to say network connection is off. Some parameters can be used to show another message. + * You can call this page with URL: + * /public/notice.php?lang=xx_XX&transkey=translation_key (key must be inside file main.lang, error.lang or other.lang) * /public/notice.php?transphrase=url_encoded_sentence_to_show */ diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index 2a361f03c24..d462acd4ce7 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -1516,7 +1516,7 @@ if ($source == 'member' || $source == 'membersubscription') { $oldtypeid = $member->typeid; $newtypeid = (int) (GETPOSTISSET("typeid") ? GETPOST("typeid", 'int') : $member->typeid); - if ($oldtypeid != $newtypeid && !empty($conf->global->MEMBER_ALLOW_CHANGE_OF_TYPE)) { + if (!empty($conf->global->MEMBER_ALLOW_CHANGE_OF_TYPE)) { require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php'; $adht = new AdherentType($db); // Amount by member type diff --git a/htdocs/public/payment/paymentok.php b/htdocs/public/payment/paymentok.php index e65f3ef31fc..f39d6735dad 100644 --- a/htdocs/public/payment/paymentok.php +++ b/htdocs/public/payment/paymentok.php @@ -585,7 +585,7 @@ if ($ispaymentok) { } } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_account (fk_soc, login, key_account, site, site_account, status, entity, date_creation, fk_user_creat)"; - $sql .= " VALUES (".$object->fk_soc.", '', '".$db->escape($stripecu)."', 'stripe', '".$db->escape($stripearrayofkeysbyenv[$servicestatus]['publishable_key'])."', ".$servicestatus.", ".$conf->entity.", '".$db->idate(dol_now())."', 0)"; + $sql .= " VALUES (".((int) $object->fk_soc).", '', '".$db->escape($stripecu)."', 'stripe', '".$db->escape($stripearrayofkeysbyenv[$servicestatus]['publishable_key'])."', ".((int) $servicestatus).", ".((int) $conf->entity).", '".$db->idate(dol_now())."', 0)"; $resql = $db->query($sql); if (!$resql) { // should not happen $error++; diff --git a/htdocs/public/project/index.php b/htdocs/public/project/index.php index 70e546cdbd9..5426d7761e3 100644 --- a/htdocs/public/project/index.php +++ b/htdocs/public/project/index.php @@ -196,7 +196,7 @@ print ''."\n"; $text = ''."\n"; $text .= ''."\n"; -$text .= ''."\n";; +$text .= ''."\n"; print $text; diff --git a/htdocs/public/project/suggestbooth.php b/htdocs/public/project/suggestbooth.php index c695ea9cec1..4598859b7b6 100644 --- a/htdocs/public/project/suggestbooth.php +++ b/htdocs/public/project/suggestbooth.php @@ -542,7 +542,7 @@ print '
'; // Welcome message $text = '

'; $text .= ''."\n"; -$text .= ''."\n";; +$text .= ''."\n"; print $text; print ''; diff --git a/htdocs/public/project/suggestconference.php b/htdocs/public/project/suggestconference.php index 399969bc80d..dc79346b427 100644 --- a/htdocs/public/project/suggestconference.php +++ b/htdocs/public/project/suggestconference.php @@ -473,7 +473,7 @@ print '
'; // Welcome message $text = '

'; $text .= ''."\n"; -$text .= ''."\n";; +$text .= ''."\n"; print $text; print ''; diff --git a/htdocs/public/project/viewandvote.php b/htdocs/public/project/viewandvote.php index e78176a5f56..017dda834c6 100644 --- a/htdocs/public/project/viewandvote.php +++ b/htdocs/public/project/viewandvote.php @@ -271,7 +271,7 @@ if (!empty($conf->global->PROJECT_IMAGE_PUBLIC_SUGGEST_BOOTH)) { print '

'.$langs->trans("EvntOrgRegistrationWelcomeMessage").'
'.$langs->trans("EvntOrgRegistrationHelpMessage").' '.$id.'.

'.$project->note_public.'

'.$project->note_public.'

'.$langs->trans("EvntOrgRegistrationBoothWelcomeMessage").'
'.$langs->trans("EvntOrgRegistrationBoothHelpMessage").' '.$id.'.

'.$project->note_public.'
'.$project->note_public.'
'.$langs->trans("EvntOrgRegistrationConfWelcomeMessage").'
'.$langs->trans("EvntOrgRegistrationConfHelpMessage").' '.$id.'.

'.$project->note_public.'
'.$project->note_public.'
'."\n"; $text = ''."\n"; $text .= ''."\n"; -$text .= ''."\n";; +$text .= ''."\n"; print $text; print '

'.$langs->trans("EvntOrgRegistrationWelcomeMessage").'
'.$langs->trans("EvntOrgVoteHelpMessage").' : "'.$project->title.'".

'.$project->note_public.'
'.$project->note_public.'
'."\n"; diff --git a/htdocs/public/recruitment/index.php b/htdocs/public/recruitment/index.php index f3d84ec996f..840fd1f4d8f 100644 --- a/htdocs/public/recruitment/index.php +++ b/htdocs/public/recruitment/index.php @@ -247,7 +247,7 @@ if ($display_ticket_list) { // Add fields for extrafields if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } $sql .= " FROM ".MAIN_DB_PREFIX."recruitment_recruitmentjobposition as t"; @@ -261,25 +261,25 @@ if ($display_ticket_list) { if (!empty($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year - $sql .= ' AND '.$key.' = \''.$db->escape($value).'\''; + $sql .= " AND ".$key." = '".$db->escape($value)."'"; } elseif ($key == 't.fk_statut') { if (is_array($value) && count($value) > 0) { - $sql .= 'AND '.$key.' IN ('.$db->sanitize(implode(',', $value)).')'; + $sql .= " AND ".$key.' IN ('.$db->sanitize(implode(',', $value)).')'; } else { - $sql .= ' AND '.$key.' = '.((int) $value); + $sql .= " AND ".$key." = ".((int) $value); } } else { - $sql .= ' AND '.$key.' LIKE \'%'.$db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$db->escape($value)."%'"; } } } - $sql .= " ORDER BY ".$sortfield.' '.$sortorder; + $sql .= $db->order($sortfield, $sortorder); $resql = $db->query($sql); if ($resql) { $num_total = $db->num_rows($resql); if (!empty($limit)) { - $sql .= ' '.$db->plimit($limit + 1, $offset); + $sql .= $db->plimit($limit + 1, $offset); } $resql = $db->query($sql); diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index b911e7480d3..70f652ebc05 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -75,6 +75,10 @@ $extrafields = new ExtraFields($db); $extrafields->fetch_name_optionals_label($object->table_element); +if (empty($conf->ticket->enabled)) { + accessforbidden('', 0, 0, 1); +} + /* * Actions diff --git a/htdocs/public/ticket/index.php b/htdocs/public/ticket/index.php index 31ee838f6f5..6abeb5f8b12 100644 --- a/htdocs/public/ticket/index.php +++ b/htdocs/public/ticket/index.php @@ -61,6 +61,10 @@ $langs->loadLangs(array('companies', 'other', 'ticket', 'errors')); $track_id = GETPOST('track_id', 'alpha'); $action = GETPOST('action', 'aZ09'); +if (empty($conf->ticket->enabled)) { + accessforbidden('', 0, 0, 1); +} + /* * View diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 3c5dfffba17..db5f5d8d754 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -70,6 +70,9 @@ if (isset($_SESSION['email_customer'])) { $object = new Ticket($db); +if (empty($conf->ticket->enabled)) { + accessforbidden('', 0, 0, 1); +} @@ -332,7 +335,7 @@ if ($action == "view_ticketlist") { // Add fields for extrafields if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } $sql .= " FROM ".MAIN_DB_PREFIX."ticket as t"; @@ -359,28 +362,28 @@ if ($action == "view_ticketlist") { if (!empty($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year - $sql .= ' AND '.$key.' = \''.$db->escape($value).'\''; + $sql .= " AND ".$key." = '".$db->escape($value)."'"; } elseif (($key == 't.fk_user_assign') || ($key == 't.type_code') || ($key == 't.category_code') || ($key == 't.severity_code')) { $sql .= " AND ".$key." = '".$db->escape($value)."'"; } elseif ($key == 't.fk_statut') { if (is_array($value) && count($value) > 0) { - $sql .= 'AND '.$key.' IN ('.$db->sanitize(implode(',', $value)).')'; + $sql .= " AND ".$key." IN (".$db->sanitize(implode(',', $value)).")"; } else { - $sql .= ' AND '.$key.' = '.((int) $value); + $sql .= " AND ".$key." = ".((int) $value); } } else { - $sql .= ' AND '.$key.' LIKE \'%'.$db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$db->escape($value)."%'"; } } } //$sql .= " GROUP BY t.track_id"; - $sql .= " ORDER BY ".$sortfield.' '.$sortorder; + $sql .= $db->order($sortfield, $sortorder); $resql = $db->query($sql); if ($resql) { $num_total = $db->num_rows($resql); if (!empty($limit)) { - $sql .= ' '.$db->plimit($limit + 1, $offset); + $sql .= $db->plimit($limit + 1, $offset); } $resql = $db->query($sql); @@ -710,7 +713,7 @@ if ($action == "view_ticketlist") { print '

'; print '

'; - print ''; + print ''; print "

\n"; print "\n"; diff --git a/htdocs/public/ticket/view.php b/htdocs/public/ticket/view.php index 6485f9fcee2..b914ed0631e 100644 --- a/htdocs/public/ticket/view.php +++ b/htdocs/public/ticket/view.php @@ -68,6 +68,10 @@ if (isset($_SESSION['email_customer'])) { $object = new ActionsTicket($db); +if (empty($conf->ticket->enabled)) { + accessforbidden('', 0, 0, 1); +} + /* * Actions @@ -395,7 +399,7 @@ if ($action == "view_ticket" || $action == "presend" || $action == "close" || $a print '

'; print '

'; - print ''; + print ''; print "

\n"; print "\n"; diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 57ef8981393..3317288a4e1 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -1199,11 +1199,7 @@ if ($action == 'create') { print '
'; - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -1329,7 +1325,7 @@ if ($action == 'create') { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); @@ -1407,7 +1403,7 @@ if ($action == 'create') { print ''; print ''; print $form->selectDate($object->date_delivery ? $object->date_delivery : -1, 'liv_', 1, 1, '', "setdate_livraison", 1, 0); - print ''; + print ''; print ''; } else { print $object->date_delivery ? dol_print_date($object->date_delivery, 'dayhour') : ' '; @@ -1544,7 +1540,7 @@ if ($action == 'create') { if ($user->admin) { print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1); } - print ''; + print ''; print ''; } else { if ($object->shipping_method_id > 0) { diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index 33034f290d1..6a4301d86df 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -288,7 +288,7 @@ class Reception extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."reception"; $sql .= " SET ref = '(PROV".$this->id.")'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); if ($this->db->query($sql)) { @@ -543,7 +543,7 @@ class Reception extends CommonObject $sql .= ", fk_statut = 1"; $sql .= ", date_valid = '".$this->db->idate($now)."'"; $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::valid update reception", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -564,7 +564,7 @@ class Reception extends CommonObject $sql .= " ed.eatby, ed.sellby, ed.batch"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -915,7 +915,7 @@ class Reception extends CommonObject $sql = "SELECT cd.fk_product, cd.subprice, ed.qty, ed.fk_entrepot, ed.eatby, ed.sellby, ed.batch, ed.rowid as commande_fournisseur_dispatch_id"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::delete select details", LOG_DEBUG); @@ -940,10 +940,10 @@ class Reception extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_reception = ".$this->id.")"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_reception = ".((int) $this->id).")"; $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur_dispatch"; - $sql .= " WHERE fk_reception = ".$this->id; + $sql .= " WHERE fk_reception = ".((int) $this->id); if ($this->db->query($sqlef) && $this->db->query($sql)) { // Delete linked object @@ -954,7 +954,7 @@ class Reception extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."reception"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { // Call trigger @@ -1034,7 +1034,7 @@ class Reception extends CommonObject { // phpcs:enable dol_include_once('/fourn/class/fournisseur.commande.dispatch.class.php'); - $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch WHERE fk_reception='.$this->id; + $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch WHERE fk_reception='.((int) $this->id); $resql = $this->db->query($sql); if (!empty($resql)) { @@ -1260,7 +1260,7 @@ class Reception extends CommonObject if ($user->rights->reception->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."reception"; $sql .= " SET date_delivery = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDeliveryDate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1445,7 +1445,7 @@ class Reception extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'reception SET fk_statut='.self::STATUS_CLOSED; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0'; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0'; $resql = $this->db->query($sql); if ($resql) { @@ -1489,7 +1489,7 @@ class Reception extends CommonObject $sql .= " ed.eatby, ed.sellby, ed.batch"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -1590,7 +1590,7 @@ class Reception extends CommonObject $this->setClosed(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'reception SET billed=1'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0'; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0'; $resql = $this->db->query($sql); if ($resql) { @@ -1630,7 +1630,7 @@ class Reception extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'reception SET fk_statut=1, billed=0'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0'; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0'; $resql = $this->db->query($sql); if ($resql) { @@ -1650,7 +1650,7 @@ class Reception extends CommonObject $sql .= " ed.eatby, ed.sellby, ed.batch"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -1755,7 +1755,7 @@ class Reception extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."reception"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); if ($this->db->query($sql)) { @@ -1772,7 +1772,7 @@ class Reception extends CommonObject $sql .= " ed.eatby, ed.sellby, ed.batch"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); diff --git a/htdocs/reception/class/receptionstats.class.php b/htdocs/reception/class/receptionstats.class.php index 3e28d96bc49..4055d5d5dfe 100644 --- a/htdocs/reception/class/receptionstats.class.php +++ b/htdocs/reception/class/receptionstats.class.php @@ -71,13 +71,13 @@ class ReceptionStats extends Stats //$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity; $this->where .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/reception/contact.php b/htdocs/reception/contact.php index 609cb0d12b7..ddc28c72896 100644 --- a/htdocs/reception/contact.php +++ b/htdocs/reception/contact.php @@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); diff --git a/htdocs/reception/index.php b/htdocs/reception/index.php index 7cb26dee0ca..948489aa843 100644 --- a/htdocs/reception/index.php +++ b/htdocs/reception/index.php @@ -88,7 +88,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseur as c ON el.fk_source $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc"; if (!$user->rights->societe->client->voir && !$socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc"; - $sql .= $clause." sc.fk_user = ".$user->id; + $sql .= $clause." sc.fk_user = ".((int) $user->id); $clause = " AND "; } $sql .= $clause." e.fk_statut = 0"; @@ -156,7 +156,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= " WHERE e.entity IN (".getEntity('reception').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND e.fk_statut = 1"; if ($socid) { @@ -222,7 +222,7 @@ if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid ASC"; $resql = $db->query($sql); diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index a6ecd37cc6d..33a32cea0a8 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -171,87 +171,102 @@ if (empty($reshook)) { $createbills_onebythird = GETPOST('createbills_onebythird', 'int'); $validate_invoices = GETPOST('validate_invoices', 'int'); + $errors = array(); + $TFact = array(); $TFactThird = array(); $nb_bills_created = 0; + $lastid= 0; + $lastref = ''; $db->begin(); - $errors = array(); + foreach ($receptions as $id_reception) { $rcp = new Reception($db); - // On ne facture que les réceptions validées - if ($rcp->fetch($id_reception) <= 0 || $rcp->statut != 1) { + // We only invoice reception that are validated + if ($rcp->fetch($id_reception) <= 0 || $rcp->statut != $rcp::STATUS_VALIDATED) { $errors[] = $langs->trans('StatusOfRefMustBe', $rcp->ref, $langs->transnoentities("StatusSupplierOrderValidatedShort")); $error++; continue; } - $object = new FactureFournisseur($db); + $objecttmp = new FactureFournisseur($db); if (!empty($createbills_onebythird) && !empty($TFactThird[$rcp->socid])) { - $object = $TFactThird[$rcp->socid]; // If option "one bill per third" is set, we use already created reception. - if (empty($object->rowid) && $object->id != null) { - $object->rowid = $object->id; - } - if (!empty($object->rowid)) { - $object->fetchObjectLinked(); - } - $rcp->fetchObjectLinked(); + // If option "one bill per third" is set, and an invoice for this thirdparty was already created, we re-use it. + $objecttmp = $TFactThird[$rcp->socid]; - if (count($rcp->linkedObjectsIds['reception']) > 0) { - foreach ($rcp->linkedObjectsIds['reception'] as $key => $value) { - if (empty($object->linkedObjectsIds['reception']) || !in_array($value, $object->linkedObjectsIds['reception'])) { //Dont try to link if already linked - $object->add_object_linked('reception', $value); // add supplier order linked object + // Add all links of this new reception to the existing invoice + $objecttmp->fetchObjectLinked(); + $rcp->fetchObjectLinked(); + if (count($rcp->linkedObjectsIds['order_supplier']) > 0) { + foreach ($rcp->linkedObjectsIds['order_supplier'] as $key => $value) { + if (empty($objecttmp->linkedObjectsIds['order_supplier']) || !in_array($value, $objecttmp->linkedObjectsIds['order_supplier'])) { //Dont try to link if already linked + $objecttmp->add_object_linked('order_supplier', $value); // add supplier order linked object } } } } else { - $object->socid = $rcp->socid; - $object->type = FactureFournisseur::TYPE_STANDARD; - $object->cond_reglement_id = $rcp->thirdparty->cond_reglement_supplier_id; - $object->mode_reglement_id = $rcp->thirdparty->mode_reglement_supplier_id; - $object->fk_account = !empty($rcp->thirdparty->fk_account) ? $rcp->thirdparty->fk_account : 0; - $object->remise_percent = !empty($rcp->thirdparty->remise_percent) ? $rcp->thirdparty->remise_percent : 0; - $object->remise_absolue = !empty($rcp->thirdparty->remise_absolue) ? $rcp->thirdparty->remise_absolue : 0; + // If we want one invoice per reception or if there is no first invoice yet for this thirdparty. + $objecttmp->socid = $rcp->socid; + $objecttmp->type = $objecttmp::TYPE_STANDARD; + $objecttmp->cond_reglement_id = $rcp->cond_reglement_id || $rcp->thirdparty->cond_reglement_supplier_id; + $objecttmp->mode_reglement_id = $rcp->mode_reglement_id || $rcp->thirdparty->mode_reglement_supplier_id; - $object->fk_project = $rcp->fk_project; - $object->ref_supplier = $rcp->ref_supplier; + $objecttmp->fk_account = !empty($rcp->thirdparty->fk_account) ? $rcp->thirdparty->fk_account : 0; + $objecttmp->remise_percent = !empty($rcp->thirdparty->remise_percent) ? $rcp->thirdparty->remise_percent : 0; + $objecttmp->remise_absolue = !empty($rcp->thirdparty->remise_absolue) ? $rcp->thirdparty->remise_absolue : 0; - $datefacture = dol_mktime(12, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear')); - if (empty($datefacture)) { - $datefacture = dol_mktime(date("h"), date("M"), 0, date("m"), date("d"), date("Y")); + $objecttmp->fk_project = $rcp->fk_project; + //$objecttmp->multicurrency_code = $rcp->multicurrency_code; + if (empty($createbills_onebythird)) { + $objecttmp->ref_supplier = $rcp->ref; + } else { + // Set a unique value for the invoice for the n reception + $objecttmp->ref_supplier = $langs->trans("Reception").' '.dol_print_date(dol_now(), 'dayhourlog').'-'.$rcp->socid; } - $object->date = $datefacture; - $object->origin = 'reception'; - $object->origin_id = $id_reception; + $datefacture = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); + if (empty($datefacture)) { + $datefacture = dol_now(); + } + $objecttmp->date = $datefacture; + $objecttmp->origin = 'reception'; + $objecttmp->origin_id = $id_reception; + + $objecttmp->array_options = $rcp->array_options; // Copy extrafields + + // Set $objecttmp->linked_objects with all links order_supplier existing on reception, so same links will be added to the generated supplier invoice $rcp->fetchObjectLinked(); - if (count($rcp->linkedObjectsIds['reception']) > 0) { - foreach ($rcp->linkedObjectsIds['reception'] as $key => $value) { - $object->linked_objects['reception'] = $value; + if (count($rcp->linkedObjectsIds['order_supplier']) > 0) { + foreach ($rcp->linkedObjectsIds['order_supplier'] as $key => $value) { + $objecttmp->linked_objects['order_supplier'] = $value; } } - $res = $object->create($user); - //var_dump($object->error);exit; + $res = $objecttmp->create($user); // This should create the supplier invoice + links into $objecttmp->linked_objects + add a link to ->origin_id + + //var_dump($objecttmp->error);exit; if ($res > 0) { $nb_bills_created++; - $object->id = $res; + $lastref = $objecttmp->ref; + $lastid = $objecttmp->id; + + $TFactThird[$rcp->socid] = $objecttmp; } else { - $errors[] = $rcp->ref.' : '.$langs->trans($object->error); + $langs->load("errors"); + $errors[] = $rcp->ref.' : '.$langs->trans($objecttmp->error); $error++; } } - if ($object->id > 0) { - if (!empty($createbills_onebythird) && !empty($TFactThird[$rcp->socid])) { //cause function create already add object linked for facturefournisseur - $res = $object->add_object_linked($object->origin, $id_reception); + if ($objecttmp->id > 0) { + $res = $objecttmp->add_object_linked($objecttmp->origin, $id_reception); - if ($res == 0) { - $errors[] = $object->error; - $error++; - } + if ($res == 0) { + $errors[] = $objecttmp->error; + $error++; } if (!$error) { @@ -266,10 +281,15 @@ if (empty($reshook)) { for ($i = 0; $i < $num; $i++) { $desc = ($lines[$i]->desc ? $lines[$i]->desc : $lines[$i]->libelle); + // If we build one invoice for several reception, we must put the ref of reception on the invoice line + if (!empty($createbills_onebythird)) { + $desc = dol_concatdesc($desc, $langs->trans("Reception").' '.$rcp->ref.' - '.dol_print_date($rcp->date, 'day')); + } + if ($lines[$i]->subprice < 0) { // Negative line, we create a discount line $discount = new DiscountAbsolute($db); - $discount->fk_soc = $object->socid; + $discount->fk_soc = $objecttmp->socid; $discount->amount_ht = abs($lines[$i]->total_ht); $discount->amount_tva = abs($lines[$i]->total_tva); $discount->amount_ttc = abs($lines[$i]->total_ttc); @@ -278,7 +298,7 @@ if (empty($reshook)) { $discount->description = $desc; $discountid = $discount->create($user); if ($discountid > 0) { - $result = $object->insert_discount($discountid); + $result = $objecttmp->insert_discount($discountid); //$result=$discount->link_to_invoice($lineid,$id); } else { setEventMessages($discount->error, $discount->errors, 'errors'); @@ -314,7 +334,16 @@ if (empty($reshook)) { if (($lines[$i]->product_type != 9 && empty($lines[$i]->fk_parent_line)) || $lines[$i]->product_type == 9) { $fk_parent_line = 0; } - $result = $object->addline( + + // Extrafields + if (method_exists($lines[$i], 'fetch_optionals')) { + $lines[$i]->fetch_optionals(); + $array_options = $lines[$i]->array_options; + } + + $objecttmp->context['createfromclone']; + + $result = $objecttmp->addline( $desc, $lines[$i]->subprice, $lines[$i]->tva_tx, @@ -359,9 +388,9 @@ if (empty($reshook)) { //$rcp->classifyBilled($user); // Disabled. This behavior must be set or not using the workflow module. if (!empty($createbills_onebythird) && empty($TFactThird[$rcp->socid])) { - $TFactThird[$rcp->socid] = $object; + $TFactThird[$rcp->socid] = $objecttmp; } else { - $TFact[$object->id] = $object; + $TFact[$objecttmp->id] = $objecttmp; } } @@ -371,21 +400,27 @@ if (empty($reshook)) { if (!$error && $validate_invoices) { $massaction = $action = 'builddoc'; - foreach ($TAllFact as &$object) { - $result = $object->validate($user); + foreach ($TAllFact as &$objecttmp) { + $result = $objecttmp->validate($user); if ($result <= 0) { $error++; - setEventMessages($object->error, $object->errors, 'errors'); + setEventMessages($objecttmp->error, $objecttmp->errors, 'errors'); break; } - $id = $object->id; // For builddoc action + $id = $objecttmp->id; // For builddoc action + $object =$objecttmp; // Fac builddoc $donotredirect = 1; $upload_dir = $conf->fournisseur->facture->dir_output; $permissiontoadd = ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer); + + // Call action to build doc + $savobject = $object; + $object = $objecttmp; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; + $object = $savobject; } $massaction = $action = 'confirm_createbills'; @@ -393,9 +428,17 @@ if (empty($reshook)) { if (!$error) { $db->commit(); - setEventMessage($langs->trans('BillCreated', $nb_bills_created)); + + if ($nb_bills_created == 1) { + $texttoshow = $langs->trans('BillXCreated', '{s1}'); + $texttoshow = str_replace('{s1}', ''.$lastref.'', $texttoshow); + setEventMessages($texttoshow, null, 'mesgs'); + } else { + setEventMessages($langs->trans('BillCreated', $nb_bills_created), null, 'mesgs'); + } } else { $db->rollback(); + $action = 'create'; $_GET["origin"] = $_POST["origin"]; $_GET["originid"] = $_POST["originid"]; @@ -428,7 +471,7 @@ $sql .= ' e.date_creation as date_creation, e.tms as date_update'; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -448,10 +491,16 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."delivery as l ON l.rowid = ee.fk_target"; if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } + +// Add joins from hooks +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; + $sql .= " WHERE e.entity IN (".getEntity('reception').")"; if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all $sql .= " AND e.fk_soc = sc.fk_soc"; - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND e.fk_soc = ".((int) $socid); @@ -506,7 +555,7 @@ foreach ($search_array_options as $key => $val) { $mode = 2; // Search on a foreign key int } if ($crit != '' && (!in_array($typ, array('select', 'sellist')) || $crit != '0')) { - $sql .= natural_search('ef.'.$tmpkey, $crit, $mode); + $sql .= natural_search("ef.".$tmpkey, $crit, $mode); } } // Add where from hooks @@ -597,7 +646,7 @@ $arrayofmassactions = array( ); if ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer) { - $arrayofmassactions['createbills'] = $langs->trans("CreateInvoiceForThisSupplier"); + $arrayofmassactions['createbills'] = $langs->trans("CreateInvoiceForThisReceptions"); } if ($massaction == 'createbills') { $arrayofmassactions = array(); @@ -656,7 +705,7 @@ if ($massaction == 'createbills') { print '
'; print '
'; - print ' '; + print ' '; print ''; print '
'; print '
'; diff --git a/htdocs/reception/note.php b/htdocs/reception/note.php index 2c1eb55d7b3..bbf2c80be2f 100644 --- a/htdocs/reception/note.php +++ b/htdocs/reception/note.php @@ -137,7 +137,7 @@ if ($id > 0 || !empty($ref)) { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); diff --git a/htdocs/recruitment/admin/public_interface.php b/htdocs/recruitment/admin/public_interface.php index 7b2d72cb835..01a79a87dd8 100644 --- a/htdocs/recruitment/admin/public_interface.php +++ b/htdocs/recruitment/admin/public_interface.php @@ -167,7 +167,7 @@ if (!empty($conf->global->RECRUITMENT_ENABLE_PUBLIC_INTERFACE)) { print ''; print '
'; - print ''; + print ''; print '
'; } */ diff --git a/htdocs/recruitment/class/recruitmentcandidature.class.php b/htdocs/recruitment/class/recruitmentcandidature.class.php index 0069ce2d30f..e0008d1a694 100644 --- a/htdocs/recruitment/class/recruitmentcandidature.class.php +++ b/htdocs/recruitment/class/recruitmentcandidature.class.php @@ -375,15 +375,15 @@ class RecruitmentCandidature extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -395,7 +395,7 @@ class RecruitmentCandidature extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -519,7 +519,7 @@ class RecruitmentCandidature extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php index 892ba4121e9..94ce1f8683d 100644 --- a/htdocs/recruitment/class/recruitmentjobposition.class.php +++ b/htdocs/recruitment/class/recruitmentjobposition.class.php @@ -384,15 +384,15 @@ class RecruitmentJobPosition extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -404,7 +404,7 @@ class RecruitmentJobPosition extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -528,7 +528,7 @@ class RecruitmentJobPosition extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); @@ -672,7 +672,7 @@ class RecruitmentJobPosition extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET status = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."'"; //$sql .= ", date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/recruitment/core/modules/recruitment/doc/doc_generic_recruitmentjobposition_odt.modules.php b/htdocs/recruitment/core/modules/recruitment/doc/doc_generic_recruitmentjobposition_odt.modules.php index 06b24ec8b65..c037e11f8db 100644 --- a/htdocs/recruitment/core/modules/recruitment/doc/doc_generic_recruitmentjobposition_odt.modules.php +++ b/htdocs/recruitment/core/modules/recruitment/doc/doc_generic_recruitmentjobposition_odt.modules.php @@ -157,7 +157,7 @@ class doc_generic_recruitmentjobposition_odt extends ModelePDFRecruitmentJobPosi $texte .= $conf->global->RECRUITMENT_RECRUITMENTJOBPOSITION_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/recruitment/core/modules/recruitment/mod_recruitmentjobposition_advanced.php b/htdocs/recruitment/core/modules/recruitment/mod_recruitmentjobposition_advanced.php index 35f5616da68..fcc476abacf 100644 --- a/htdocs/recruitment/core/modules/recruitment/mod_recruitmentjobposition_advanced.php +++ b/htdocs/recruitment/core/modules/recruitment/mod_recruitmentjobposition_advanced.php @@ -81,7 +81,7 @@ class mod_recruitmentjobposition_advanced extends ModeleNumRefRecruitmentJobPosi $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/recruitment/recruitmentcandidature_card.php b/htdocs/recruitment/recruitmentcandidature_card.php index a84644d30cb..db51171a04a 100644 --- a/htdocs/recruitment/recruitmentcandidature_card.php +++ b/htdocs/recruitment/recruitmentcandidature_card.php @@ -338,11 +338,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -378,9 +374,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/recruitment/recruitmentcandidature_list.php b/htdocs/recruitment/recruitmentcandidature_list.php index 7a5a88bc6c4..70b5366aec7 100644 --- a/htdocs/recruitment/recruitmentcandidature_list.php +++ b/htdocs/recruitment/recruitmentcandidature_list.php @@ -238,12 +238,12 @@ $title = $langs->trans('ListOfCandidatures'); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -290,7 +290,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/recruitment/recruitmentindex.php b/htdocs/recruitment/recruitmentindex.php index 6e9ee616327..5473572f842 100644 --- a/htdocs/recruitment/recruitmentindex.php +++ b/htdocs/recruitment/recruitmentindex.php @@ -254,7 +254,7 @@ if (! empty($conf->recruitment->enabled) && $user->rights->recruitment->read) $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); @@ -336,7 +336,7 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme } $sql .= " WHERE s.entity IN (".getEntity($staticrecruitmentjobposition->element).")"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.fk_soc = $socid"; @@ -407,7 +407,7 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme } $sql .= " WHERE rc.entity IN (".getEntity($staticrecruitmentjobposition->element).")"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.fk_soc = $socid"; diff --git a/htdocs/recruitment/recruitmentjobposition_applications.php b/htdocs/recruitment/recruitmentjobposition_applications.php index 95daeae54a6..e5740fb203c 100644 --- a/htdocs/recruitment/recruitmentjobposition_applications.php +++ b/htdocs/recruitment/recruitmentjobposition_applications.php @@ -240,11 +240,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -280,9 +276,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/recruitment/recruitmentjobposition_card.php b/htdocs/recruitment/recruitmentjobposition_card.php index 58ee9260617..e2a848e9760 100644 --- a/htdocs/recruitment/recruitmentjobposition_card.php +++ b/htdocs/recruitment/recruitmentjobposition_card.php @@ -265,11 +265,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -305,9 +301,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/recruitment/recruitmentjobposition_list.php b/htdocs/recruitment/recruitmentjobposition_list.php index c82c8312b40..8f45caed040 100644 --- a/htdocs/recruitment/recruitmentjobposition_list.php +++ b/htdocs/recruitment/recruitmentjobposition_list.php @@ -246,7 +246,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -312,7 +312,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required */ $sql .= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/resource/card.php b/htdocs/resource/card.php index 1b4c71b158b..88b3d0fdb03 100644 --- a/htdocs/resource/card.php +++ b/htdocs/resource/card.php @@ -252,11 +252,9 @@ if ($action == 'create' || $object->fetch($id, $ref) > 0) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + $button_label = ($action == "create" ? "Create" : "Modify"); + print $form->buttonsSaveCancel($button_label); + print ''; print ''; diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index 91f68951842..7020beced48 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -360,7 +360,7 @@ class Dolresource extends CommonObject $sql .= " t.fk_user_create,"; $sql .= " t.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as t"; - $sql .= " WHERE t.rowid = ".$this->db->escape($id); + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -499,7 +499,7 @@ class Dolresource extends CommonObject // Add fields from extrafields if (!empty($extrafields->attributes[$this->table_element]['label'])) { foreach ($extrafields->attributes[$this->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$this->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$this->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } $sql .= " ty.label as type_label"; @@ -511,11 +511,11 @@ class Dolresource extends CommonObject if (!empty($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { - $sql .= ' AND '.$key.' = \''.$this->db->idate($value).'\''; + $sql .= " AND ".$key." = '".$this->db->idate($value)."'"; } elseif (strpos($key, 'ef.') !== false) { $sql .= $value; } else { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -591,9 +591,9 @@ class Dolresource extends CommonObject if (!empty($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { - $sql .= ' AND '.$key.' = \''.$this->db->idate($value).'\''; + $sql .= " AND ".$key." = '".$this->db->idate($value)."'"; } else { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -675,9 +675,9 @@ class Dolresource extends CommonObject if (!empty($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { - $sql .= ' AND '.$key.' = \''.$this->db->idate($value).'\''; + $sql .= " AND ".$key." = '".$this->db->idate($value)."'"; } else { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/resource/element_resource.php b/htdocs/resource/element_resource.php index 83a8d58d410..4d0736c5f64 100644 --- a/htdocs/resource/element_resource.php +++ b/htdocs/resource/element_resource.php @@ -281,6 +281,8 @@ $form = new Form($db); $pagetitle = $langs->trans('ResourceElementPage'); llxHeader('', $pagetitle, ''); +$now = dol_now(); +$delay_warning = $conf->global->MAIN_DELAY_ACTIONS_TODO * 24 * 60 * 60; // Load available resource, declared by modules $ret = count($object->available_resources); diff --git a/htdocs/salaries/admin/salaries.php b/htdocs/salaries/admin/salaries.php index dc0cc5b14a0..f8ed3f3f7ce 100644 --- a/htdocs/salaries/admin/salaries.php +++ b/htdocs/salaries/admin/salaries.php @@ -133,7 +133,7 @@ print "\n"; //print dol_get_fiche_end(); -print '
'; +print '
'; print '
'; diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index d3c7ba504cb..ca111adf4d1 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -549,16 +549,16 @@ if ($action == 'create') { print '
'; print ''.$langs->trans("ClosePaidSalaryAutomatically"); - print '
'; print '
'; - print ''; - print '     '; - print ''; - print '     '; - print ''; print ''; + $addition_button = array( + 'name' => 'saveandnew', + 'label_key' => 'SaveAndNew', + ); + print $form->buttonsSaveCancel("Save", "Cancel", $addition_button); + print ''; } @@ -886,12 +886,8 @@ if ($id) { if ($action == 'edit') { - print '
'; - print ''; - print '   '; - print ''; - print '
'; - print "\n"; + print $form->buttonsSaveCancel(); + print ""; } print dol_get_fiche_end(); diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index cc50c57ec84..8fdd741efee 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -286,7 +286,7 @@ class Salary extends CommonObject /*if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."salary_extrafields"; - $sql .= " WHERE fk_object=".$this->id; + $sql .= " WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) @@ -468,7 +468,7 @@ class Salary extends CommonObject { // phpcs:enable $sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.((int) $id_bank); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { return 1; @@ -570,7 +570,7 @@ class Salary extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); @@ -639,7 +639,7 @@ class Salary extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."salary SET"; $sql .= " paye = 1"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) return 1; else return -1; @@ -657,7 +657,7 @@ class Salary extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."salary SET"; $sql .= " paye = 0"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) return 1; else return -1; diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php index a266a2ed88b..895226d0207 100644 --- a/htdocs/salaries/paiement_salary.php +++ b/htdocs/salaries/paiement_salary.php @@ -313,14 +313,13 @@ if ($action == 'create') { } print ""; - // Bouton Save payment - print '
'.$langs->trans("ClosePaidSalaryAutomatically"); - print '
'; - print '     '; - print ''; + print '
'; + print ' '.$langs->trans("ClosePaidSalaryAutomatically"); + print $form->buttonsSaveCancel("Save", "Cancel", '', true); print '
'; + print "\n"; } diff --git a/htdocs/salaries/payment_salary/card.php b/htdocs/salaries/payment_salary/card.php index 5f05c1d98b7..e4364f6727f 100644 --- a/htdocs/salaries/payment_salary/card.php +++ b/htdocs/salaries/payment_salary/card.php @@ -180,7 +180,7 @@ $sql = 'SELECT f.rowid as scid, f.label, f.paye, f.amount as sc_amount, ps.amoun $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_salary as ps,'.MAIN_DB_PREFIX.'salary as f'; $sql .= ' WHERE ps.fk_salary = f.rowid'; $sql .= ' AND f.entity = '.$conf->entity; -$sql .= ' AND ps.rowid = '.$object->id; +$sql .= ' AND ps.rowid = '.((int) $object->id); dol_syslog("payment_salary/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/societe/admin/societe.php b/htdocs/societe/admin/societe.php index c87289da390..b9b2046fd90 100644 --- a/htdocs/societe/admin/societe.php +++ b/htdocs/societe/admin/societe.php @@ -115,7 +115,7 @@ if ($action == 'set') { $type = 'company'; $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)"; - $sql .= " VALUES ('".$db->escape($value)."','".$db->escape($type)."',".$conf->entity.", "; + $sql .= " VALUES ('".$db->escape($value)."', '".$db->escape($type)."', ".((int) $conf->entity).", "; $sql .= ($label ? "'".$db->escape($label)."'" : 'null').", "; $sql .= (!empty($scandir) ? "'".$db->escape($scandir)."'" : "null"); $sql .= ")"; @@ -130,7 +130,7 @@ if ($action == 'set') { if ($action == 'del') { $type = 'company'; $sql = "DELETE FROM ".MAIN_DB_PREFIX."document_model"; - $sql .= " WHERE nom='".$db->escape($value)."' AND type='".$db->escape($type)."' AND entity=".$conf->entity; + $sql .= " WHERE nom='".$db->escape($value)."' AND type='".$db->escape($type)."' AND entity=".((int) $conf->entity); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -151,12 +151,12 @@ if ($action == 'setdoc') { $sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model"; $sql_del .= " WHERE nom = '".$db->escape(GETPOST('value', 'alpha'))."'"; $sql_del .= " AND type = '".$db->escape($type)."'"; - $sql_del .= " AND entity = ".$conf->entity; + $sql_del .= " AND entity = ".((int) $conf->entity); dol_syslog("societe.php ".$sql); $result1 = $db->query($sql_del); $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)"; - $sql .= " VALUES ('".$db->escape($value)."', '".$db->escape($type)."', ".$conf->entity.", "; + $sql .= " VALUES ('".$db->escape($value)."', '".$db->escape($type)."', ".((int) $conf->entity).", "; $sql .= ($label ? "'".$db->escape($label)."'" : 'null').", "; $sql .= (!empty($scandir) ? "'".$db->escape($scandir)."'" : "null"); $sql .= ")"; diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index b62c277cdf2..8e8ab5c2d1f 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -154,12 +154,27 @@ if ($reshook < 0) { } if (empty($reshook)) { + $backurlforlist = DOL_URL_ROOT.'/societe/list.php'; + + if (empty($backtopage) || ($cancel && empty($id))) { + if (empty($backtopage) || ($cancel && strpos($backtopage, '__ID__'))) { + if (empty($id) && (($action != 'add' && $action != 'create') || $cancel)) { + $backtopage = $backurlforlist; + } else { + $backtopage = DOL_URL_ROOT.'/societe/card.php?id='.((!empty($id) && $id > 0) ? $id : '__ID__'); + } + } + } + if ($cancel) { - $action = ''; - if (!empty($backtopage)) { + if (!empty($backtopageforcancel)) { + header("Location: ".$backtopageforcancel); + exit; + } elseif (!empty($backtopage)) { header("Location: ".$backtopage); exit; } + $action = ''; } if ($action == 'confirm_merge' && $confirm == 'yes' && $user->rights->societe->creer) { @@ -1701,16 +1716,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - if (!empty($backtopage)) { - print '     '; - print ''; - } else { - print '     '; - print ''; - } - print '
'."\n"; + print $form->buttonsSaveCancel("AddThirdParty"); print ''."\n"; } elseif ($action == 'edit') { @@ -2419,11 +2425,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } @@ -2593,7 +2595,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if ($action == 'editRE') { print ''; $formcompany->select_localtax(1, $object->localtax1_value, "lt1"); - print ''; + print ''; } else { print ''.$object->localtax1_value.''; } @@ -2607,7 +2609,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if ($action == 'editIRPF') { print ''; $formcompany->select_localtax(2, $object->localtax2_value, "lt2"); - print ''; + print ''; } else { print ''.$object->localtax2_value.''; } @@ -2625,7 +2627,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if ($action == 'editRE') { print ''; $formcompany->select_localtax(1, $object->localtax1_value, "lt1"); - print ''; + print ''; } else { print ''.$object->localtax1_value.''; } @@ -2643,7 +2645,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if ($action == 'editIRPF') { print ''; $formcompany->select_localtax(2, $object->localtax2_value, "lt2"); - print ''; + print ''; } else { print ''.$object->localtax2_value.''; } diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index eefb71b6772..91e8cbc290b 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -66,7 +66,7 @@ class Client extends Societe $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." s.client IN (1,2,3)"; diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index 9b767cde34c..24e8c40165b 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -171,7 +171,7 @@ class CompanyBankAccount extends Account } else { $sql .= ",label = NULL"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -292,7 +292,7 @@ class CompanyBankAccount extends Account if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_rib"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if (!$this->db->query($sql)) { $error++; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index dc074c817f8..74e08914f3f 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -890,7 +890,7 @@ class Societe extends CommonObject $sql .= ", accountancy_code_buy"; $sql .= ", accountancy_code_sell"; } - $sql .= ") VALUES ('".$this->db->escape($this->name)."', '".$this->db->escape($this->name_alias)."', ".$this->db->escape($this->entity).", '".$this->db->idate($now)."'"; + $sql .= ") VALUES ('".$this->db->escape($this->name)."', '".$this->db->escape($this->name_alias)."', ".((int) $this->entity).", '".$this->db->idate($now)."'"; $sql .= ", ".(!empty($user->id) ? ((int) $user->id) : "null"); $sql .= ", ".(!empty($this->typent_id) ? ((int) $this->typent_id) : "null"); $sql .= ", ".(!empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'" : "null"); @@ -917,7 +917,7 @@ class Societe extends CommonObject // update accountancy for this entity if (!$error && !empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED)) { - $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "societe_perentity WHERE fk_soc = " . $this->id . " AND entity = " . $conf->entity); + $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "societe_perentity WHERE fk_soc = " . ((int) $this->id) . " AND entity = " . ((int) $conf->entity)); $sql = "INSERT INTO " . MAIN_DB_PREFIX . "societe_perentity ("; $sql .= " fk_soc"; @@ -1535,7 +1535,7 @@ class Societe extends CommonObject // update accountancy for this entity if (!$error && !empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED)) { - $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "societe_perentity WHERE fk_soc = " . $this->id . " AND entity = " . $conf->entity); + $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "societe_perentity WHERE fk_soc = " . ((int) $this->id) . " AND entity = " . ((int) $conf->entity)); $sql = "INSERT INTO " . MAIN_DB_PREFIX . "societe_perentity ("; $sql .= " fk_soc"; @@ -2058,7 +2058,7 @@ class Societe extends CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; $sql .= " SET client = ".((int) $newclient); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2102,7 +2102,7 @@ class Societe extends CommonObject // Position current discount $sql = "UPDATE ".MAIN_DB_PREFIX."societe "; $sql .= " SET remise_client = '".$this->db->escape($remise)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->db->rollback(); @@ -2161,7 +2161,7 @@ class Societe extends CommonObject // Position current discount $sql = "UPDATE ".MAIN_DB_PREFIX."societe "; $sql .= " SET remise_supplier = '".$this->db->escape($remise)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->db->rollback(); @@ -2306,7 +2306,7 @@ class Societe extends CommonObject $sql .= " WHERE entity in (0, ".$conf->entity.")"; } - $sql .= " AND u.rowid = sc.fk_user AND sc.fk_soc = ".$this->id; + $sql .= " AND u.rowid = sc.fk_user AND sc.fk_soc = ".((int) $this->id); if (empty($sortfield) && empty($sortorder)) { $sortfield = 'u.lastname,u.firstname'; $sortorder = 'ASC,ASC'; @@ -2372,7 +2372,7 @@ class Societe extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_prices"; $sql .= " (datec, fk_soc, price_level, fk_user_author)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$this->id.", ".((int) $price_level).", ".$user->id.")"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $this->id).", ".((int) $price_level).", ".((int) $user->id).")"; if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -2401,7 +2401,7 @@ class Societe extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux"; - $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid); + $sql .= " WHERE fk_soc = ".((int) $this->id)." AND fk_user = ".((int) $commid); $resql = $this->db->query($sql); if (!$resql) { @@ -2413,7 +2413,7 @@ class Societe extends CommonObject if (!$error) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_commerciaux"; $sql .= " (fk_soc, fk_user)"; - $sql .= " VALUES (".$this->id.", ".$commid.")"; + $sql .= " VALUES (".((int) $this->id).", ".((int) $commid).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -2423,7 +2423,7 @@ class Societe extends CommonObject } if (!$error) { - $this->context = array('commercial_modified'=>$commid); + $this->context = array('commercial_modified' => $commid); $result = $this->call_trigger('COMPANY_LINK_SALE_REPRESENTATIVE', $user); if ($result < 0) { @@ -2464,7 +2464,7 @@ class Societe extends CommonObject if ($this->id > 0 && $commid > 0) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux "; - $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid); + $sql .= " WHERE fk_soc = ".((int) $this->id)." AND fk_user = ".((int) $commid); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::del_commercial Erreur"); @@ -2837,7 +2837,7 @@ class Societe extends CommonObject $sql = "SELECT rowid, email, statut as status, phone_mobile, lastname, poste, firstname"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople"; - $sql .= " WHERE fk_soc = ".$this->id; + $sql .= " WHERE fk_soc = ".((int) $this->id); $sql .= " ORDER BY lastname, firstname"; $resql = $this->db->query($sql); @@ -2897,7 +2897,7 @@ class Societe extends CommonObject // phpcs:enable $contacts = array(); - $sql = "SELECT rowid, lastname, firstname FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".$this->id; + $sql = "SELECT rowid, lastname, firstname FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $nump = $this->db->num_rows($resql); @@ -2927,7 +2927,7 @@ class Societe extends CommonObject require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; $contacts = array(); - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".$this->id; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $nump = $this->db->num_rows($resql); @@ -3034,7 +3034,7 @@ class Societe extends CommonObject { // phpcs:enable require_once DOL_DOCUMENT_ROOT.'/societe/class/companybankaccount.class.php'; - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_rib WHERE type='ban' AND fk_soc = ".$this->id; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_rib WHERE type='ban' AND fk_soc = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { $this->error++; @@ -3388,7 +3388,7 @@ class Societe extends CommonObject $sql = 'SELECT s.parent'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe as s'; - $sql .= ' WHERE rowid = '.$idparent; + $sql .= ' WHERE rowid = '.((int) $idparent); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -3743,7 +3743,7 @@ class Societe extends CommonObject public function has_projects() { // phpcs:enable - $sql = 'SELECT COUNT(*) as numproj FROM '.MAIN_DB_PREFIX.'projet WHERE fk_soc = '.$this->id; + $sql = 'SELECT COUNT(*) as numproj FROM '.MAIN_DB_PREFIX.'projet WHERE fk_soc = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -3875,7 +3875,7 @@ class Societe extends CommonObject // phpcs:enable if ($categorie_id > 0 && $this->id > 0) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie_fournisseur (fk_categorie, fk_soc) "; - $sql .= " VALUES (".$categorie_id.", ".$this->id.")"; + $sql .= " VALUES (".((int) $categorie_id).", ".((int) $this->id).")"; if ($resql = $this->db->query($sql)) { return 0; @@ -4685,7 +4685,7 @@ class Societe extends CommonObject if ($this->id) { $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; $sql .= " SET fk_typent = ".($typent_id > 0 ? $typent_id : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::setThirdpartyType', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -4761,6 +4761,7 @@ class Societe extends CommonObject $this->db->begin(); + $field = 'accountancy_code_sell'; if ($type == 'buy') { $field = 'accountancy_code_buy'; } elseif ($type == 'sell') { @@ -4770,10 +4771,10 @@ class Societe extends CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET "; - $sql.= "$field = '".$this->db->escape($value)."'"; - $sql.= " WHERE rowid = ".$this->id; + $sql.= $field." = '".$this->db->escape($value)."'"; + $sql.= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::".__FUNCTION__." sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::".__FUNCTION__."", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/societe/consumption.php b/htdocs/societe/consumption.php index cb2802da385..5f996e6f37d 100644 --- a/htdocs/societe/consumption.php +++ b/htdocs/societe/consumption.php @@ -384,7 +384,7 @@ if (empty($elementTypeArray) && !$object->client && !$object->fournisseur) { // Define type of elements $typeElementString = $form->selectarray("type_element", $elementTypeArray, GETPOST('type_element'), $showempty, 0, 0, '', 0, 0, $disabled, '', 'maxwidth150onsmartphone'); -$button = ''; +$button = ''; $param = ''; $param .= "&sref=".urlencode($sref); diff --git a/htdocs/societe/index.php b/htdocs/societe/index.php index fcbe7b16cdc..3d645d41bf5 100644 --- a/htdocs/societe/index.php +++ b/htdocs/societe/index.php @@ -99,7 +99,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= ' WHERE s.entity IN ('.getEntity('societe').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND s.rowid = ".((int) $socid); @@ -274,7 +274,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= ' WHERE s.entity IN ('.getEntity('societe').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 160440c2394..fff3aa11592 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -454,7 +454,7 @@ $sql = "SELECT s.rowid, s.nom as name, s.name_alias, s.barcode, s.address, s.tow $sql .= " s.entity,"; $sql .= " st.libelle as stcomm, st.picto as stcomm_picto, s.fk_stcomm as stcomm_id, s.fk_prospectlevel, s.prefix_comm, s.client, s.fournisseur, s.canvas, s.status as status,"; $sql .= " s.email, s.phone, s.fax, s.url, s.siren as idprof1, s.siret as idprof2, s.ape as idprof3, s.idprof4 as idprof4, s.idprof5 as idprof5, s.idprof6 as idprof6, s.tva_intra, s.fk_pays,"; -$sql .= " s.tms as date_update, s.datec as date_creation,"; +$sql .= " s.tms as date_update, s.datec as date_creation, s.import_key,"; $sql .= " s.code_compta, s.code_compta_fournisseur, s.parent as fk_parent,s.price_level,"; $sql .= " s2.nom as name2,"; $sql .= " typent.code as typent_code,"; @@ -476,7 +476,7 @@ if ($search_categ_sup && $search_categ_sup!=-1) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -513,9 +513,9 @@ $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; $sql .= " WHERE s.entity IN (".getEntity('societe').")"; -//if (empty($user->rights->societe->client->voir) && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->societe->client->readallthirdparties_advance)) && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; +//if (empty($user->rights->societe->client->voir) && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->societe->client->readallthirdparties_advance)) && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_sale && $search_sale != '-1' && $search_sale != '-2') { $sql .= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale diff --git a/htdocs/societe/notify/card.php b/htdocs/societe/notify/card.php index d62ca943fb1..b52b8b4a650 100644 --- a/htdocs/societe/notify/card.php +++ b/htdocs/societe/notify/card.php @@ -288,7 +288,7 @@ if ($result > 0) { $type = array('email'=>$langs->trans("EMail")); print $form->selectarray("typeid", $type, '', 0, 0, 0, '', 0, 0, 0, '', 'minwidth75imp'); print ''; - print ''; + print ''; print ''; } else { print ''; diff --git a/htdocs/societe/partnership.php b/htdocs/societe/partnership.php index 9cb065d2c3b..a5393e500e3 100644 --- a/htdocs/societe/partnership.php +++ b/htdocs/societe/partnership.php @@ -50,6 +50,9 @@ $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha'); $socid = GETPOST('socid', 'int'); if (!empty($user->socid)) { $socid = $user->socid; +} + +if (empty($id) && $socid && (empty($conf->global->PARTNERSHIP_IS_MANAGED_FOR) || $conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'thirdparty')) { $id = $socid; } @@ -242,7 +245,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $socid = $object->id; - // TODO Replace this card with the list of all partnerships. + // TODO Replace this card with a table of list of all partnerships. $object = new Partnership($db); $partnershipid = $object->fetch(0, '', 0, $socid); @@ -254,10 +257,11 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''."\n"; // Common attributes - //$keyforbreak='fieldkeytoswitchonsecondcolumn'; // We change column just before this field - //unset($object->fields['fk_project']); // Hide field already shown in banner - //unset($object->fields['fk_member']); // Hide field already shown in banner + unset($object->fields['fk_soc']); // Hide field already shown in banner include DOL_DOCUMENT_ROOT.'/core/tpl/commonfields_view.tpl.php'; + $forcefieldid = 'socid'; + $forceobjectid = $object->fk_soc; + include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_view.tpl.php'; print '
'; print '
'; diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index 97d92007885..f80bebd9bf5 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -516,7 +516,7 @@ if (empty($reshook)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; } else { $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX."societe_account"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".((int) $object->id)." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! } $resql = $db->query($sql); @@ -538,7 +538,7 @@ if (empty($reshook)) { } else { $sql = 'UPDATE '.MAIN_DB_PREFIX."societe_account"; $sql .= " SET key_account = '".$db->escape(GETPOST('key_account', 'alpha'))."', site_account = '".$db->escape($site_account)."'"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".((int) $object->id)." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! $resql = $db->query($sql); } } @@ -562,7 +562,7 @@ if (empty($reshook)) { if (empty($newsup)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."oauth_token WHERE fk_soc = ".$object->id." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; // TODO Add site and site_account on oauth_token table - //$sql = "DELETE FROM ".MAIN_DB_PREFIX."oauth_token WHERE site = 'stripe' AND (site_account IS NULL or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; + //$sql = "DELETE FROM ".MAIN_DB_PREFIX."oauth_token WHERE site = 'stripe' AND (site_account IS NULL or site_account = '".$db->escape($site_account)."') AND fk_soc = ".((int) $object->id)." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; } else { try { $stripesup = \Stripe\Account::retrieve($db->escape(GETPOST('key_account_supplier', 'alpha'))); @@ -570,7 +570,7 @@ if (empty($reshook)) { $tokenstring['type'] = $stripesup->type; $sql = "UPDATE ".MAIN_DB_PREFIX."oauth_token"; $sql .= " SET tokenstring = '".$db->escape(json_encode($tokenstring))."'"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '".$db->escape($site_account)."') AND fk_soc = ".((int) $object->id)." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! // TODO Add site and site_account on oauth_token table $sql .= " WHERE fk_soc = ".$object->id." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! } catch (Exception $e) { @@ -587,7 +587,7 @@ if (empty($reshook)) { $tokenstring['stripe_user_id'] = $stripesup->id; $tokenstring['type'] = $stripesup->type; $sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token (service, fk_soc, entity, tokenstring)"; - $sql .= " VALUES ('".$db->escape($service)."', ".$object->id.", ".$conf->entity.", '".$db->escape(json_encode($tokenstring))."')"; + $sql .= " VALUES ('".$db->escape($service)."', ".((int) $object->id).", ".((int) $conf->entity).", '".$db->escape(json_encode($tokenstring))."')"; // TODO Add site and site_account on oauth_token table } catch (Exception $e) { $error++; @@ -1651,11 +1651,7 @@ if ($socid && $action == 'edit' && $user->rights->societe->creer) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); } // Edit Card @@ -1697,11 +1693,7 @@ if ($socid && $action == 'editcard' && $user->rights->societe->creer) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); } @@ -1817,11 +1809,7 @@ if ($socid && $action == 'create' && $user->rights->societe->creer) { dol_set_focus('#label'); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Add"); } // Create Card @@ -1866,11 +1854,7 @@ if ($socid && $action == 'createcard' && $user->rights->societe->creer) { dol_set_focus('#label'); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Add"); } if ($socid && ($action == 'edit' || $action == 'editcard') && $user->rights->societe->creer) { diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index b46a6124396..da4ca1c0cd7 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -355,13 +355,9 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); - print '
'; + print ''; } elseif ($action == 'edit_customer_price') { // Edit mode @@ -437,13 +433,9 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); - print '
'; + print ''; } } elseif ($action == 'showlog_customer_price') { print '
'; diff --git a/htdocs/societe/website.php b/htdocs/societe/website.php index 0740200867d..0ea53355629 100644 --- a/htdocs/societe/website.php +++ b/htdocs/societe/website.php @@ -261,12 +261,12 @@ print '
'; // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($objectwebsiteaccount->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -304,7 +304,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY " foreach($objectwebsiteaccount->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/stripe/admin/stripe.php b/htdocs/stripe/admin/stripe.php index e582cdaf63e..0bb351bf977 100644 --- a/htdocs/stripe/admin/stripe.php +++ b/htdocs/stripe/admin/stripe.php @@ -526,7 +526,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/stripe/class/actions_stripe.class.php b/htdocs/stripe/class/actions_stripe.class.php index e44f3480042..f1a7a5c7877 100644 --- a/htdocs/stripe/class/actions_stripe.class.php +++ b/htdocs/stripe/class/actions_stripe.class.php @@ -173,7 +173,7 @@ class ActionsStripeconnect // On verifie si la facture a des paiements $sql = 'SELECT pf.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf'; - $sql .= ' WHERE pf.fk_facture = '.$object->id; + $sql .= ' WHERE pf.fk_facture = '.((int) $object->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php index 5614b3c6138..9324d7d3a5d 100644 --- a/htdocs/stripe/class/stripe.class.php +++ b/htdocs/stripe/class/stripe.class.php @@ -170,7 +170,7 @@ class Stripe extends CommonObject $sql = "SELECT sa.key_account as key_account, sa.entity"; // key_account is cus_.... $sql .= " FROM ".MAIN_DB_PREFIX."societe_account as sa"; - $sql .= " WHERE sa.fk_soc = ".$object->id; + $sql .= " WHERE sa.fk_soc = ".((int) $object->id); $sql .= " AND sa.entity IN (".getEntity('societe').")"; $sql .= " AND sa.site = 'stripe' AND sa.status = ".((int) $status); $sql .= " AND (sa.site_account IS NULL OR sa.site_account = '' OR sa.site_account = '".$this->db->escape($stripearrayofkeysbyenv[$status]['publishable_key'])."')"; @@ -246,7 +246,7 @@ class Stripe extends CommonObject // Create customer in Dolibarr $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_account (fk_soc, login, key_account, site, site_account, status, entity, date_creation, fk_user_creat)"; - $sql .= " VALUES (".$object->id.", '', '".$this->db->escape($customer->id)."', 'stripe', '".$this->db->escape($stripearrayofkeysbyenv[$status]['publishable_key'])."', ".$status.", ".$conf->entity.", '".$this->db->idate(dol_now())."', ".$user->id.")"; + $sql .= " VALUES (".((int) $object->id).", '', '".$this->db->escape($customer->id)."', 'stripe', '".$this->db->escape($stripearrayofkeysbyenv[$status]['publishable_key'])."', ".((int) $status).", ".((int) $conf->entity).", '".$this->db->idate(dol_now())."', ".((int) $user->id).")"; $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -359,7 +359,7 @@ class Stripe extends CommonObject $sql = "SELECT pi.ext_payment_id, pi.entity, pi.fk_facture, pi.sourcetype, pi.ext_payment_site"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pi"; - $sql .= " WHERE pi.fk_facture = ".$object->id; + $sql .= " WHERE pi.fk_facture = ".((int) $object->id); $sql .= " AND pi.sourcetype = '".$this->db->escape($object->element)."'"; $sql .= " AND pi.entity IN (".getEntity('societe').")"; $sql .= " AND pi.ext_payment_site = '".$this->db->escape($service)."'"; @@ -509,7 +509,7 @@ class Stripe extends CommonObject if (!$paymentintentalreadyexists) { $now = dol_now(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."prelevement_facture_demande (date_demande, fk_user_demande, ext_payment_id, fk_facture, sourcetype, entity, ext_payment_site, amount)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$user->id.", '".$this->db->escape($paymentintent->id)."', ".$object->id.", '".$this->db->escape($object->element)."', ".$conf->entity.", '".$this->db->escape($service)."', ".$amount.")"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $user->id).", '".$this->db->escape($paymentintent->id)."', ".((int) $object->id).", '".$this->db->escape($object->element)."', ".((int) $conf->entity).", '".$this->db->escape($service)."', ".((float) $amount).")"; $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -675,7 +675,7 @@ class Stripe extends CommonObject { $now=dol_now(); $sql = "INSERT INTO " . MAIN_DB_PREFIX . "prelevement_facture_demande (date_demande, fk_user_demande, ext_payment_id, fk_facture, sourcetype, entity, ext_payment_site)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$user->id.", '".$this->db->escape($setupintent->id)."', ".$object->id.", '".$this->db->escape($object->element)."', " . $conf->entity . ", '" . $this->db->escape($service) . "', ".$amount.")"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $user->id).", '".$this->db->escape($setupintent->id)."', ".((int) $object->id).", '".$this->db->escape($object->element)."', " . ((int) $conf->entity) . ", '" . $this->db->escape($service) . "', ".((float) $amount).")"; $resql = $this->db->query($sql); if (! $resql) { @@ -728,7 +728,7 @@ class Stripe extends CommonObject $sql = "SELECT sa.stripe_card_ref, sa.proprio, sa.exp_date_month, sa.exp_date_year, sa.number, sa.cvn"; // stripe_card_ref is card_.... $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib as sa"; - $sql .= " WHERE sa.rowid = ".$object->id; // We get record from ID, no need for filter on entity + $sql .= " WHERE sa.rowid = ".((int) $object->id); // We get record from ID, no need for filter on entity $sql .= " AND sa.type = 'card'"; dol_syslog(get_class($this)."::fetch search stripe card id for paymentmode id=".$object->id.", stripeacc=".$stripeacc.", status=".$status.", createifnotlinkedtostripe=".$createifnotlinkedtostripe, LOG_DEBUG); @@ -826,7 +826,7 @@ class Stripe extends CommonObject $sql .= " SET stripe_card_ref = '".$this->db->escape($card->id)."', card_type = '".$this->db->escape($card->brand)."',"; $sql .= " country_code = '".$this->db->escape($card->country)."',"; $sql .= " approved = ".($card->cvc_check == 'pass' ? 1 : 0); - $sql .= " WHERE rowid = ".$object->id; + $sql .= " WHERE rowid = ".((int) $object->id); $sql .= " AND type = 'card'"; $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 5d22ea05684..65d509854e4 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -1126,7 +1126,7 @@ if ($action == 'create') { print ''.$langs->trans('Supplier').''; if ($socid > 0) { print ''; - print $soc->getNomUrl(1); + print $soc->getNomUrl(1, 'supplier'); print ''; print ''; } else { @@ -1330,11 +1330,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraft"); print ""; @@ -1441,7 +1437,7 @@ if ($action == 'create') { //$morehtmlref.=$form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreateorder, 'string', '', 0, 1); //$morehtmlref.=$form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreateorder, 'string', '', null, null, '', 1); // Thirdparty - $morehtmlref .= $langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); + $morehtmlref .= $langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1, 'supplier'); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { $morehtmlref .= ' ('.$langs->trans("OtherProposals").')'; } @@ -1545,7 +1541,7 @@ if ($action == 'create') { print ''; print ''; print $form->selectDate($object->delivery_date, 'liv_', '', '', '', "editdate_livraison"); - print ''; + print ''; print ''; } else { print dol_print_date($object->delivery_date, 'daytext'); @@ -1808,11 +1804,8 @@ if ($action == 'create') { $form_close .= $object->note_private; $form_close .= ''; $form_close .= ''; - $form_close .= '
'; - $form_close .= ''; - $form_close .= '   '; - $form_close .= ' '; - $form_close .= '
'; + $form_close .= $form->buttonsSaveCancel(); + $form_close .= ' '; $form_close .= ''; print $form_close; diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 6d43222bcf2..e35051829cb 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1294,7 +1294,7 @@ class SupplierProposal extends CommonObject $sql .= ' d.fk_multicurrency, d.multicurrency_code, d.multicurrency_subprice, d.multicurrency_total_ht, d.multicurrency_total_tva, d.multicurrency_total_ttc, d.fk_unit'; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposaldet as d"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid"; - $sql .= " WHERE d.fk_supplier_proposal = ".$this->id; + $sql .= " WHERE d.fk_supplier_proposal = ".((int) $this->id); $sql .= " ORDER by d.rang"; $result = $this->db->query($sql); @@ -1417,8 +1417,8 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET ref = '".$this->db->escape($num)."',"; - $sql .= " fk_statut = 1, date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " fk_statut = 1, date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1517,7 +1517,7 @@ class SupplierProposal extends CommonObject if (!empty($user->rights->supplier_proposal->creer)) { $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal "; $sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->date_livraison = $delivery_date; @@ -1549,7 +1549,7 @@ class SupplierProposal extends CommonObject $remise = price2num($remise, 2); $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->remise_percent = ((float) $remise); @@ -1584,7 +1584,7 @@ class SupplierProposal extends CommonObject if (!empty($user->rights->supplier_proposal->creer)) { $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal "; $sql .= " SET remise_absolue = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->remise_absolue = $remise; @@ -1622,7 +1622,7 @@ class SupplierProposal extends CommonObject $sql .= " note_private = '".$this->db->escape($note)."',"; } $sql .= " date_cloture=NULL, fk_user_cloture=NULL"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -1681,7 +1681,7 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1881,7 +1881,7 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { @@ -1946,7 +1946,7 @@ class SupplierProposal extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = c.id"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -2016,10 +2016,10 @@ class SupplierProposal extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'supplier_proposaldet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_supplier_proposal = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE fk_supplier_proposal = ".$this->id; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_supplier_proposal = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE fk_supplier_proposal = ".((int) $this->id); if ($this->db->query($sql)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposal WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposal WHERE rowid = ".((int) $this->id); if ($this->db->query($sqlef) && $this->db->query($sql)) { // Delete linked object $res = $this->deleteObjectLinked(); @@ -2220,7 +2220,7 @@ class SupplierProposal extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('supplier_proposal').")"; @@ -2231,7 +2231,7 @@ class SupplierProposal extends CommonObject $sql .= " AND p.fk_statut = 2"; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -2377,7 +2377,7 @@ class SupplierProposal extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('supplier_proposal').")"; @@ -2565,7 +2565,7 @@ class SupplierProposal extends CommonObject $sql .= ' pt.fk_multicurrency, pt.multicurrency_code, pt.multicurrency_subprice, pt.multicurrency_total_ht, pt.multicurrency_total_tva, pt.multicurrency_total_ttc, pt.fk_unit'; $sql .= ' FROM '.MAIN_DB_PREFIX.'supplier_proposaldet as pt'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON pt.fk_product=p.rowid'; - $sql .= ' WHERE pt.fk_supplier_proposal = '.$this->id; + $sql .= ' WHERE pt.fk_supplier_proposal = '.((int) $this->id); $sql .= ' ORDER BY pt.rang ASC, pt.rowid'; dol_syslog(get_class($this).'::getLinesArray', LOG_DEBUG); @@ -3045,8 +3045,8 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " ".price2num($this->total_ttc).","; $sql .= " ".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null").","; $sql .= " ".(isset($this->pa_ht) ? "'".price2num($this->pa_ht)."'" : "null").","; - $sql .= ' '.$this->special_code.','; - $sql .= ' '.$this->rang.','; + $sql .= ' '.((int) $this->special_code).','; + $sql .= ' '.((int) $this->rang).','; $sql .= " '".$this->db->escape($this->ref_fourn)."'"; $sql .= ", ".($this->fk_multicurrency > 0 ? $this->fk_multicurrency : 'null'); $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; @@ -3100,7 +3100,7 @@ class SupplierProposalLine extends CommonObjectLine $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE rowid = ".((int) $this->id); dol_syslog("SupplierProposalLine::delete", LOG_DEBUG); if ($this->db->query($sql)) { // Remove extrafields @@ -3248,7 +3248,7 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " , multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= " , multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3296,7 +3296,7 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " total_ht=".price2num($this->total_ht, 'MT'); $sql .= ",total_tva=".price2num($this->total_tva, 'MT'); $sql .= ",total_ttc=".price2num($this->total_ttc, 'MT'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("SupplierProposalLine::update_total", LOG_DEBUG); diff --git a/htdocs/supplier_proposal/index.php b/htdocs/supplier_proposal/index.php index 85f5f96c1af..ac937fe480d 100644 --- a/htdocs/supplier_proposal/index.php +++ b/htdocs/supplier_proposal/index.php @@ -72,10 +72,10 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; if ($user->socid) { - $sql .= ' AND p.fk_soc = '.$user->socid; + $sql .= ' AND p.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND p.fk_statut IN (0,1,2,3,4)"; $sql .= " GROUP BY p.fk_statut"; @@ -176,7 +176,7 @@ if (!empty($conf->supplier_proposal->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -234,7 +234,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -312,7 +312,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " AND p.fk_statut = 1"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 196f3cd629f..71cd1c1fa69 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -306,7 +306,7 @@ $sql .= " u.firstname, u.lastname, u.photo, u.login"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -340,7 +340,7 @@ if ($search_user > 0) { $sql .= ' WHERE sp.fk_soc = s.rowid'; $sql .= ' AND sp.entity IN ('.getEntity('supplier_proposal').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_town) { $sql .= natural_search('s.town', $search_town); @@ -376,7 +376,7 @@ if ($search_montant_ttc != '') { $sql .= natural_search("sp.total_ttc", $search_montant_ttc, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND sp.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND sp.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('sp.multicurrency_tx', $search_multicurrency_tx, 1); diff --git a/htdocs/takepos/admin/appearance.php b/htdocs/takepos/admin/appearance.php index ef448607b10..135a3b2a9e7 100644 --- a/htdocs/takepos/admin/appearance.php +++ b/htdocs/takepos/admin/appearance.php @@ -119,9 +119,7 @@ print "\n"; print ''; -print '
'; - -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/takepos/admin/bar.php b/htdocs/takepos/admin/bar.php index 796c98de5cb..794cb47290e 100644 --- a/htdocs/takepos/admin/bar.php +++ b/htdocs/takepos/admin/bar.php @@ -200,7 +200,7 @@ if ($conf->global->TAKEPOS_BAR_RESTAURANT) { print '
'; - print '
'; + print $form->buttonsSaveCancel("Save", ''); } if (!empty($conf->global->TAKEPOS_BAR_RESTAURANT)) { diff --git a/htdocs/takepos/admin/receipt.php b/htdocs/takepos/admin/receipt.php index 74a54400fef..ec05dd89796 100644 --- a/htdocs/takepos/admin/receipt.php +++ b/htdocs/takepos/admin/receipt.php @@ -267,7 +267,7 @@ print ''; print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/takepos/admin/setup.php b/htdocs/takepos/admin/setup.php index 0364ff4e64f..e75321e263b 100644 --- a/htdocs/takepos/admin/setup.php +++ b/htdocs/takepos/admin/setup.php @@ -474,7 +474,7 @@ if ($conf->global->TAKEPOS_ENABLE_SUMUP) { print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/takepos/admin/terminal.php b/htdocs/takepos/admin/terminal.php index 922a5c5032c..f6562d81693 100644 --- a/htdocs/takepos/admin/terminal.php +++ b/htdocs/takepos/admin/terminal.php @@ -409,7 +409,7 @@ if ($atleastonefound == 0 && !empty($conf->banque->enabled)) { print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/takepos/css/phone.css b/htdocs/takepos/css/phone.css index bdfdf45e116..2b0cf62797f 100644 --- a/htdocs/takepos/css/phone.css +++ b/htdocs/takepos/css/phone.css @@ -151,7 +151,7 @@ button.publicphonebutton { float:left; width: 50%; text-align:center; - height:150px;; + height:150px; overflow:hidden; margin-bottom:5px; font-size:18px; diff --git a/htdocs/takepos/css/pos.css.php b/htdocs/takepos/css/pos.css.php index 66c65edb622..5e2afdf0094 100644 --- a/htdocs/takepos/css/pos.css.php +++ b/htdocs/takepos/css/pos.css.php @@ -757,3 +757,36 @@ div#moreinfo, div#infowarehouse { text-align: center; margin: 2px; } + +.splitsale { + float: left; + width: 100%; + height: 100%; + overflow: auto; +} + +.rowsplit { + width: 100%; + height: 40%; +} + +.headersplit { + height: 10%; + width: 100%; + padding: 10px; +} + +.headercontent { + margin: auto; + width: 50%; + border: 3px solid black; + text-align: center; + font-size: 150%; + background-color: rgb(233,234,237); +} + +.row:after { + content: ""; + display: table; + clear: both; +} diff --git a/htdocs/takepos/floors.php b/htdocs/takepos/floors.php index 508d6e670b3..b3ba955f4e8 100644 --- a/htdocs/takepos/floors.php +++ b/htdocs/takepos/floors.php @@ -93,9 +93,9 @@ if ($action == "update") { $top = 95; } if ($left > 3 or $top > 4) { - $db->query("UPDATE ".MAIN_DB_PREFIX."takepos_floor_tables set leftpos=".$left.", toppos=".$top." WHERE rowid='".$place."'"); + $db->query("UPDATE ".MAIN_DB_PREFIX."takepos_floor_tables set leftpos = ".((int) $left).", toppos = ".((int) $top)." WHERE rowid = ".((int) $place)); } else { - $db->query("DELETE from ".MAIN_DB_PREFIX."takepos_floor_tables where rowid='".$place."'"); + $db->query("DELETE from ".MAIN_DB_PREFIX."takepos_floor_tables where rowid = ".((int) $place)); } } @@ -104,11 +104,11 @@ if ($action == "updatename") { if (strlen($newname) > 3) { $newname = substr($newname, 0, 3); // Only 3 chars } - $db->query("UPDATE ".MAIN_DB_PREFIX."takepos_floor_tables set label='".$db->escape($newname)."' WHERE rowid='".$place."'"); + $db->query("UPDATE ".MAIN_DB_PREFIX."takepos_floor_tables set label='".$db->escape($newname)."' WHERE rowid = ".((int) $place)); } if ($action == "add") { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."takepos_floor_tables(entity, label, leftpos, toppos, floor) VALUES (".$conf->entity.", '', '45', '45', ".$floor.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."takepos_floor_tables(entity, label, leftpos, toppos, floor) VALUES (".$conf->entity.", '', '45', '45', ".((int) $floor).")"; $asdf = $db->query($sql); $db->query("update ".MAIN_DB_PREFIX."takepos_floor_tables set label=rowid where label=''"); // No empty table names } diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index d11a081280c..02f68479750 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -481,6 +481,12 @@ function CloseBill() { $.colorbox({href:"pay.php?place="+place+"&invoiceid="+invoiceid, width:"80%", height:"90%", transition:"none", iframe:"true", title:""}); } +function Split() { + invoiceid = $("#invoiceid").val(); + console.log("Open popup to split on invoiceid="+invoiceid); + $.colorbox({href:"split.php?place="+place+"&invoiceid="+invoiceid, width:"80%", height:"90%", transition:"none", iframe:"true", title:""}); +} + function Floors() { console.log("Open box to select floor place="+place); $.colorbox({href:"floors.php?place="+place, width:"90%", height:"90%", transition:"none", iframe:"true", title:"trans("Floors"); ?>"}); @@ -1040,6 +1046,8 @@ if (getDolGlobalString('TAKEPOS_DIRECT_PAYMENT')) { $menus[$r++] = array('title'=>'
'.$langs->trans("DirectPayment").' ('.$langs->trans("Cash").')
', 'action'=>'DirectPayment();'); } +$menus[$r++] = array('title'=>'
'.$langs->trans("SplitSale").'
', 'action'=>'Split();'); + // BAR RESTAURANT specific menu if (getDolGlobalString('TAKEPOS_BAR_RESTAURANT')) { if ($conf->global->TAKEPOS_ORDER_PRINTERS) { diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 5526a5607d1..96b06d09271 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -629,9 +629,10 @@ if ($action == "delete") { } $sql = "UPDATE ".MAIN_DB_PREFIX."facture"; - $sql .= " SET fk_soc=".$conf->global->{'CASHDESK_ID_THIRDPARTY'.$_SESSION["takeposterminal"]}.", "; + $varforconst = 'CASHDESK_ID_THIRDPARTY'.$_SESSION["takeposterminal"]; + $sql .= " SET fk_soc = ".((int) $conf->global->$varforconst).", "; $sql .= " datec = '".$db->idate(dol_now())."'"; - $sql .= " WHERE ref='(PROV-POS".$db->escape($_SESSION["takeposterminal"]."-".$place).")'"; + $sql .= " WHERE ref = '(PROV-POS".$db->escape($_SESSION["takeposterminal"]."-".$place).")'"; $resql1 = $db->query($sql); if ($resdeletelines && $resql1) { @@ -1487,7 +1488,7 @@ if ($placeid > 0) { $sql .= " WHERE ps.reel != 0"; $sql .= " AND ps.fk_entrepot = ".((int) $conf->global->$constantforkey); $sql .= " AND e.entity IN (".getEntity('stock').")"; - $sql .= " AND ps.fk_product = ".$line->fk_product; + $sql .= " AND ps.fk_product = ".((int) $line->fk_product); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/takepos/split.php b/htdocs/takepos/split.php new file mode 100644 index 00000000000..4de053513f5 --- /dev/null +++ b/htdocs/takepos/split.php @@ -0,0 +1,225 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/takepos/split.php + * \ingroup takepos + * \brief Page with the content of the popup to split sale + */ + +//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language +//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language +//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); +if (!defined('NOCSRFCHECK')) { + define('NOCSRFCHECK', '1'); +} +if (!defined('NOTOKENRENEWAL')) { + define('NOTOKENRENEWAL', '1'); +} +if (!defined('NOREQUIREMENU')) { + define('NOREQUIREMENU', '1'); +} +if (!defined('NOREQUIREHTML')) { + define('NOREQUIREHTML', '1'); +} +if (!defined('NOREQUIREAJAX')) { + define('NOREQUIREAJAX', '1'); +} + +require '../main.inc.php'; // Load $user and permissions +require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; + +$langs->loadLangs(array("main", "bills", "cashdesk", "banks")); + +$action = GETPOST('action', 'aZ09'); +$place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : 0); + +if (empty($user->rights->takepos->run)) { + accessforbidden(); +} + +if ($action=="split") { + $line = GETPOST('line', 'int'); + $split = GETPOST('split', 'int'); + if ($split==1) { // Split line + $invoice = new Facture($db); + $ret = $invoice->fetch('', '(PROV-POS'.$_SESSION["takeposterminal"].'-SPLIT)'); + if ($ret > 0) { + $placeid = $invoice->id; + } else { + $constforcompanyid = 'CASHDESK_ID_THIRDPARTY'.$_SESSION["takeposterminal"]; + $invoice->socid = $conf->global->$constforcompanyid; + $invoice->date = dol_now(); + $invoice->module_source = 'takepos'; + $invoice->pos_source = $_SESSION["takeposterminal"]; + $invoice->entity = !empty($_SESSION["takeposinvoiceentity"]) ? $_SESSION["takeposinvoiceentity"] : $conf->entity; + if ($invoice->socid <= 0) { + $langs->load('errors'); + dol_htmloutput_errors($langs->trans("ErrorModuleSetupNotComplete", "TakePos"), null, 1); + } else { + $placeid = $invoice->create($user); + if ($placeid < 0) { + dol_htmloutput_errors($invoice->error, $invoice->errors, 1); + } + $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-SPLIT)' where rowid=".$placeid; + $db->query($sql); + } + } + $sql = "UPDATE ".MAIN_DB_PREFIX."facturedet set fk_facture=".$placeid." where rowid=".$line; + $db->query($sql); + } elseif ($split==0) { // Unsplit line + $invoice = new Facture($db); + $ret = $invoice->fetch('', '(PROV-POS'.$_SESSION["takeposterminal"].'-'.$place.')'); + if ($ret > 0) { + $placeid = $invoice->id; + } else { + $constforcompanyid = 'CASHDESK_ID_THIRDPARTY'.$_SESSION["takeposterminal"]; + $invoice->socid = $conf->global->$constforcompanyid; + $invoice->date = dol_now(); + $invoice->module_source = 'takepos'; + $invoice->pos_source = $_SESSION["takeposterminal"]; + $invoice->entity = !empty($_SESSION["takeposinvoiceentity"]) ? $_SESSION["takeposinvoiceentity"] : $conf->entity; + if ($invoice->socid <= 0) { + $langs->load('errors'); + dol_htmloutput_errors($langs->trans("ErrorModuleSetupNotComplete", "TakePos"), null, 1); + } else { + $placeid = $invoice->create($user); + if ($placeid < 0) { + dol_htmloutput_errors($invoice->error, $invoice->errors, 1); + } + $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")' where rowid=".$placeid; + echo $sql; + $db->query($sql); + } + } + $sql = "UPDATE ".MAIN_DB_PREFIX."facturedet set fk_facture=".$placeid." where rowid=".$line; + echo $sql; + $db->query($sql); + } + $invoice->fetch('', '(PROV-POS'.$_SESSION["takeposterminal"].'-SPLIT)'); + $invoice->update_price(); + $invoice->fetch('', '(PROV-POS'.$_SESSION["takeposterminal"].'-'.$place.')'); + $invoice->update_price(); +} + + +/* + * View + */ + +$invoice = new Facture($db); +if ($invoiceid > 0) { + $invoice->fetch($invoiceid); +} else { + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."facture where ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")'"; + $resql = $db->query($sql); + $obj = $db->fetch_object($resql); + if ($obj) { + $invoiceid = $obj->rowid; + } + if (!$invoiceid) { + $invoiceid = 0; // Invoice does not exist yet + } else { + $invoice->fetch($invoiceid); + } +} + +$arrayofcss = array('/takepos/css/pos.css.php', '/takepos/css/split.css.php'); +$arrayofjs = array(); + +$head = ''; +$title = ''; +$disablejs = 0; +$disablehead = 0; + +top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss); + +// Define list of possible payments +$arrayOfValidPaymentModes = array(); +$arrayOfValidBankAccount = array(); + + +?> + +global->TAKEPOS_COLOR_THEME == 1) { + print ''; +} +?> + + + + + +
+
+
+ +
+
+
+ +
+
+
+ +
+
+
+ + + \ No newline at end of file diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 28d05964390..ea0efcbbde7 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -297,6 +297,10 @@ input.buttonpayment, button.buttonpayment, div.buttonpayment { cursor: pointer; max-width: 350px; } +.nofocusvisible:focus-visible { + outline: none; +} + div.buttonpayment input:focus { color: #008; } @@ -6815,7 +6819,7 @@ div.phpdebugbar-widgets-templates a.phpdebugbar-widgets-editor-link:before /* For copy-paste feature */ /* ============================================================================== */ -span.clipboardCPValueToPrint { +span.clipboardCPValueToPrint, div.clipboardCPValueToPrint { display: inline-block; } span.clipboardCPValue.hidewithsize { @@ -6824,6 +6828,12 @@ span.clipboardCPValue.hidewithsize { color: transparent; white-space: nowrap; } +div.clipboardCPValue.hidewithsize { + width: 0 !important; + display: none; + color: transparent; + white-space: nowrap; +} .clipboardCPShowOnHover .clipboardCPButton { display: none; diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index ef7e69c0538..702e3959443 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -473,6 +473,10 @@ input.buttonpayment, button.buttonpayment, div.buttonpayment { white-space: normal; color: #888 !important; } +.nofocusvisible:focus-visible { + outline: none; +} + div.buttonpayment input { background-color: unset; border-bottom: unset; @@ -6690,7 +6694,7 @@ div.phpdebugbar-widgets-templates a.phpdebugbar-widgets-editor-link:before /* For copy-paste feature */ /* ============================================================================== */ -span.clipboardCPValueToPrint { +span.clipboardCPValueToPrint, div.clipboardCPValueToPrint { display: inline-block; } span.clipboardCPValue.hidewithsize { @@ -6699,6 +6703,12 @@ span.clipboardCPValue.hidewithsize { color: transparent; white-space: nowrap; } +div.clipboardCPValue.hidewithsize { + width: 0 !important; + display: none; + color: transparent; + white-space: nowrap; +} .clipboardCPShowOnHover .clipboardCPButton { display: none; diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index 8a11ac23e23..e2872004323 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -756,11 +756,7 @@ if ($action == 'create' || $action == 'presend') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; */ } elseif (empty($action) || $action == 'view' || $action == 'addlink' || $action == 'dellink' || $action == 'presend' || $action == 'presend_addmessage' || $action == 'close' || $action == 'abandon' || $action == 'delete' || $action == 'editcustomer' || $action == 'progression' || $action == 'reopen' @@ -1024,7 +1020,7 @@ if ($action == 'create' || $action == 'presend') { print ''; print ' '; print $form->select_dolusers($user->id, 'fk_user_assign', 1); - print ' '; + print ' '; print ''; } print ''; @@ -1045,7 +1041,7 @@ if ($action == 'create' || $action == 'presend') { print ''; print ''; print ''; - print ' '; + print ' '; print ''; } else { print($object->progress > 0 ? $object->progress : '0').'%'; @@ -1109,7 +1105,7 @@ if ($action == 'create' || $action == 'presend') { print ''; print ''; if (GETPOST('set', 'alpha') == 'properties' && $user->rights->ticket->write) { - print ''; + print ''; } else { // Button to edit Properties if ($object->fk_statut < $object::STATUS_NEED_MORE_INFO && $user->rights->ticket->write) { diff --git a/htdocs/ticket/class/actions_ticket.class.php b/htdocs/ticket/class/actions_ticket.class.php index d7d971b4edc..643c2f34b11 100644 --- a/htdocs/ticket/class/actions_ticket.class.php +++ b/htdocs/ticket/class/actions_ticket.class.php @@ -233,7 +233,7 @@ class ActionsTicket } if (!empty($user->rights->ticket->manage) && $action == 'edit_message_init') { print '
'; - print ' '; + print ' '; print ' '; print '
'; } diff --git a/htdocs/ticket/class/api_tickets.class.php b/htdocs/ticket/class/api_tickets.class.php index e104d425bf4..f3a9c738aac 100644 --- a/htdocs/ticket/class/api_tickets.class.php +++ b/htdocs/ticket/class/api_tickets.class.php @@ -17,7 +17,7 @@ use Luracast\Restler\RestException; -require 'ticket.class.php'; +require_once DOL_DOCUMENT_ROOT.'/ticket/class/ticket.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/ticket.lib.php'; diff --git a/htdocs/ticket/class/cticketcategory.class.php b/htdocs/ticket/class/cticketcategory.class.php index 4e3e6311354..34321b5b898 100644 --- a/htdocs/ticket/class/cticketcategory.class.php +++ b/htdocs/ticket/class/cticketcategory.class.php @@ -395,15 +395,15 @@ class CTicketCategory extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -415,7 +415,7 @@ class CTicketCategory extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index e8a1b53ed82..9bf53fb5271 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -472,7 +472,7 @@ class Ticket extends CommonObject $this->db->begin(); - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -582,7 +582,7 @@ class Ticket extends CommonObject } } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -692,7 +692,7 @@ class Ticket extends CommonObject $sql .= ", type.label as type_label, category.label as category_label, severity.label as severity_label"; // Add fields for extrafields foreach ($extrafields->attributes[$this->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$this->table_element]['type'][$key] != 'separate' ? ",ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$this->table_element]['type'][$key] != 'separate' ? ",ef.".$key." as options_".$key : ''); } $sql .= " FROM ".MAIN_DB_PREFIX."ticket as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_type as type ON type.code=t.type_code"; @@ -714,32 +714,32 @@ class Ticket extends CommonObject if (!empty($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year - $sql .= ' AND '.$key." = '".$this->db->escape($value)."'"; + $sql .= " AND ".$key." = '".$this->db->escape($value)."'"; } elseif (($key == 't.fk_user_assign') || ($key == 't.type_code') || ($key == 't.category_code') || ($key == 't.severity_code') || ($key == 't.fk_soc')) { $sql .= " AND ".$key." = '".$this->db->escape($value)."'"; } elseif ($key == 't.fk_statut') { if (is_array($value) && count($value) > 0) { - $sql .= 'AND '.$key.' IN ('.$this->db->sanitize(implode(',', $value)).')'; + $sql .= " AND ".$key." IN (".$this->db->sanitize(implode(',', $value)).")"; } else { - $sql .= ' AND '.$key.' = '.((int) $value); + $sql .= " AND ".$key.' = '.((int) $value); } } else { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } } } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } elseif ($user->socid) { - $sql .= " AND t.fk_soc = ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } - $sql .= " ORDER BY ".$sortfield.' '.$sortorder; + $sql .= $this->db->order($sortfield, $sortorder); if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } - dol_syslog(get_class($this)."::fetch_all sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch_all", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1143,7 +1143,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_type"; $sql .= " WHERE active > 0"; $sql .= " ORDER BY pos"; - dol_syslog(get_class($this)."::load_cache_type_tickets sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::load_cache_type_tickets", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -1183,7 +1183,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_category"; $sql .= " WHERE active > 0"; $sql .= " ORDER BY pos"; - dol_syslog(get_class($this)."::load_cache_categories_tickets sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::load_cache_categories_tickets", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -1227,7 +1227,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_severity"; $sql .= " WHERE active > 0"; $sql .= " ORDER BY pos"; - dol_syslog(get_class($this)."::loadCacheSeveritiesTickets sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::loadCacheSeveritiesTickets", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -1402,7 +1402,7 @@ class Ticket extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."ticket"; $sql .= " SET fk_statut = ".Ticket::STATUS_READ.", date_read='".$this->db->idate(dol_now())."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::markAsRead"); $resql = $this->db->query($sql); @@ -1460,7 +1460,7 @@ class Ticket extends CommonObject } else { $sql .= " SET fk_user_assign=null, fk_statut = ".Ticket::STATUS_READ; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::assignUser sql=".$sql); $resql = $this->db->query($sql); @@ -1725,7 +1725,7 @@ class Ticket extends CommonObject $sql .= " AND elementtype = 'ticket'"; $sql .= " ORDER BY datec DESC"; - dol_syslog(get_class($this)."::load_cache_actions_ticket sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::load_cache_actions_ticket", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -1944,7 +1944,7 @@ class Ticket extends CommonObject if ($this->id) { $sql = "UPDATE ".MAIN_DB_PREFIX."ticket"; $sql .= " SET fk_soc = ".($id > 0 ? $id : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::setCustomer sql='.$sql); $resql = $this->db->query($sql); if ($resql) { @@ -1968,7 +1968,7 @@ class Ticket extends CommonObject if ($this->id) { $sql = "UPDATE ".MAIN_DB_PREFIX."ticket"; $sql .= " SET progress = ".($percent > 0 ? $percent : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::set_progression sql='.$sql); $resql = $this->db->query($sql); if ($resql) { @@ -2132,124 +2132,6 @@ class Ticket extends CommonObject return $array_contact; } - /** - * Send message - * - * @param string $subject Subject - * @param string $texte Message to send - * @return int <0 if KO, or number of changes if OK - */ - public function messageSend($subject, $texte) - { - global $conf, $langs, $mysoc, $dolibarr_main_url_root; - - $langs->load("other"); - - dol_syslog(get_class($this)."::message_send action=$action, socid=$socid, texte=$texte, objet_type=$objet_type, objet_id=$objet_id, file=$file"); - - $internal_contacts = $this->getIdContact('internal', 'SUPPORTTEC'); - $external_contacts = $this->getIdContact('external', 'SUPPORTTEC'); - - if ($result) { - $num = $this->db->num_rows($result); - $i = 0; - while ($i < $num) { // For each notification couple defined (third party/actioncode) - $obj = $this->db->fetch_object($result); - - $sendto = $obj->firstname." ".$obj->lastname." <".$obj->email.">"; - $actiondefid = $obj->adid; - - if (dol_strlen($sendto)) { - include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - $application = ($conf->global->MAIN_APPLICATION_TITLE ? $conf->global->MAIN_APPLICATION_TITLE : 'Dolibarr ERP/CRM'); - - $subject = '['.$application.'] '.$langs->transnoentitiesnoconv("DolibarrNotification"); - - $message = $langs->transnoentities("YouReceiveMailBecauseOfNotification", $application, $mysoc->name)."\n"; - $message .= $langs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n"; - $message .= "\n"; - $message .= $texte; - // Add link - $link = ''; - switch ($objet_type) { - case 'ficheinter': - $link = '/fichinter/card.php?id='.$objet_id; - break; - case 'propal': - $link = '/comm/propal.php?id='.$objet_id; - break; - case 'facture': - $link = '/compta/facture/card.php?facid='.$objet_id; - break; - case 'order': - $link = '/commande/card.php?facid='.$objet_id; - break; - case 'order_supplier': - $link = '/fourn/commande/card.php?facid='.$objet_id; - break; - } - // Define $urlwithroot - $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); - $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file - //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current - if ($link) { - $message .= "\n".$urlwithroot.$link; - } - - $filename = basename($file); - - $mimefile = dol_mimetype($file); - - $msgishtml = 0; - - $replyto = $conf->notification->email_from; - - $message = dol_nl2br($message); - - if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { - $old_MAIN_MAIL_AUTOCOPY_TO = $conf->global->MAIN_MAIL_AUTOCOPY_TO; - $conf->global->MAIN_MAIL_AUTOCOPY_TO = ''; - } - $mailfile = new CMailFile( - $subject, - $sendto, - $replyto, - $message, - array($file), - array($mimefile), - array($filename[count($filename) - 1]), - '', - '', - 0, - $msgishtml - ); - - if ($mailfile->sendfile()) { - $now = dol_now(); - $sendto = htmlentities($sendto); - - $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_contact, objet_type, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$actiondefid.", ".$obj->cid.", '".$this->db->escape($objet_type)."', ".$objet_id.", '".$this->db->escape($obj->email)."')"; - dol_syslog("Notify::send sql=".$sql); - if (!$this->db->query($sql)) { - dol_print_error($this->db); - } - } else { - $this->error = $mailfile->error; - //dol_syslog("Notify::send ".$this->error, LOG_ERR); - } - if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { - $conf->global->MAIN_MAIL_AUTOCOPY_TO = $old_MAIN_MAIL_AUTOCOPY_TO; - } - } - $i++; - } - return $i; - } else { - $this->error = $this->db->error(); - return -1; - } - } /** * Get array of all contacts for a ticket @@ -2296,7 +2178,7 @@ class Ticket extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople t on ec.fk_socpeople = t.rowid"; } - $sql .= " WHERE ec.element_id =".$this->id; + $sql .= " WHERE ec.element_id = ".((int) $this->id); $sql .= " AND ec.fk_c_type_contact=tc.rowid"; $sql .= " AND tc.element='".$this->db->escape($this->element)."'"; if ($source == 'internal') { @@ -2967,7 +2849,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."ticket as p"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('ticket').")"; @@ -2975,7 +2857,7 @@ class Ticket extends CommonObject $sql .= " AND p.fk_statut NOT IN (".Ticket::STATUS_CLOSED.", ".Ticket::STATUS_CANCELED.")"; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3033,7 +2915,7 @@ class Ticket extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('ticket').")"; diff --git a/htdocs/ticket/class/ticketstats.class.php b/htdocs/ticket/class/ticketstats.class.php index 2bcd0fe89fc..9f8122b0b9a 100644 --- a/htdocs/ticket/class/ticketstats.class.php +++ b/htdocs/ticket/class/ticketstats.class.php @@ -64,7 +64,7 @@ class TicketStats extends Stats $this->where = " fk_statut > 0"; $this->where .= " AND entity = ".$conf->entity; if ($this->socid > 0) { - $this->where .= " AND fk_soc = ".$this->socid; + $this->where .= " AND fk_soc = ".((int) $this->socid); } if (is_array($this->userid) && count($this->userid) > 0) { $this->where .= ' AND fk_user_create IN ('.$this->db->sanitize(join(',', $this->userid)).')'; diff --git a/htdocs/ticket/index.php b/htdocs/ticket/index.php index 756f8e10879..315e93f153f 100644 --- a/htdocs/ticket/index.php +++ b/htdocs/ticket/index.php @@ -326,7 +326,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= ' WHERE t.entity IN ('.getEntity('ticket').')'; $sql .= " AND t.fk_statut=0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid > 0) { @@ -334,7 +334,7 @@ if ($user->socid > 0) { } else { // Restricted to assigned user only if (!empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) && !$user->rights->ticket->manage) { - $sql .= " AND t.fk_user_assign=".$user->id; + $sql .= " AND t.fk_user_assign = ".((int) $user->id); } } $sql .= $db->order("t.datec", "DESC"); diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 5a55a1ab324..625503538b5 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -335,12 +335,12 @@ $title = $langs->trans('TicketList'); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -425,9 +425,9 @@ if ($search_dateclose_end) { if (!$user->socid && ($mode == "mine" || (!$user->admin && $conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY))) { - $sql .= " AND (t.fk_user_assign = ".$user->id; + $sql .= " AND (t.fk_user_assign = ".((int) $user->id); if (empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY)) { - $sql .= " OR t.fk_user_create = ".$user->id; + $sql .= " OR t.fk_user_create = ".((int) $user->id); } $sql .= ")"; } diff --git a/htdocs/user/agenda_extsites.php b/htdocs/user/agenda_extsites.php index 928db5449d8..5921f7d84cd 100644 --- a/htdocs/user/agenda_extsites.php +++ b/htdocs/user/agenda_extsites.php @@ -226,10 +226,12 @@ while ($i <= $MAXAGENDA) { print ''; print ''; - -print '
'; -print ''; -print "
"; +$addition_button = array( + 'name' => 'save', + 'label_key' => 'Save', + 'addclass' => 'hideifnotset', +); +print $form->buttonsSaveCancel("", "", $addition_button); print dol_get_fiche_end(); diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php index 0eaf3d533a9..00b85dc23a6 100644 --- a/htdocs/user/bank.php +++ b/htdocs/user/bank.php @@ -369,7 +369,7 @@ if ($action != 'edit' && $action != 'create') { // If not bank account yet, $ac $sql = "SELECT s.rowid as sid, s.ref as sref, s.label, s.datesp, s.dateep, s.paye, s.amount, SUM(ps.amount) as alreadypaid"; $sql .= " FROM ".MAIN_DB_PREFIX."salary as s"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."payment_salary as ps ON (s.rowid = ps.fk_salary)"; - $sql .= " WHERE s.fk_user = ".$object->id; + $sql .= " WHERE s.fk_user = ".((int) $object->id); $sql .= " AND s.entity IN (".getEntity('salary').")"; $sql .= " GROUP BY s.rowid, s.ref, s.label, s.datesp, s.dateep, s.paye, s.amount"; $sql .= " ORDER BY s.dateep DESC"; @@ -433,7 +433,7 @@ if ($action != 'edit' && $action != 'create') { // If not bank account yet, $ac $sql = "SELECT h.rowid, h.statut as status, h.fk_type, h.date_debut, h.date_fin, h.halfday"; $sql .= " FROM ".MAIN_DB_PREFIX."holiday as h"; - $sql .= " WHERE h.fk_user = ".$object->id; + $sql .= " WHERE h.fk_user = ".((int) $object->id); $sql .= " AND h.entity IN (".getEntity('holiday').")"; $sql .= " ORDER BY h.date_debut DESC"; @@ -485,8 +485,8 @@ if ($action != 'edit' && $action != 'create') { // If not bank account yet, $ac $sql = "SELECT e.rowid, e.ref, e.fk_statut as status, e.date_debut, e.total_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as e"; - $sql .= " WHERE e.fk_user_author = ".$object->id; - $sql .= " AND e.entity = ".$conf->entity; + $sql .= " WHERE e.fk_user_author = ".((int) $object->id); + $sql .= " AND e.entity = ".((int) $conf->entity); $sql .= " ORDER BY e.date_debut DESC"; $resql = $db->query($sql); @@ -700,11 +700,7 @@ if ($id && ($action == 'edit' || $action == 'create') && $user->rights->user->us print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); } if ($id && $action == 'edit' && $user->rights->user->user->creer) { diff --git a/htdocs/user/card.php b/htdocs/user/card.php index cb7aa69949c..be91f302b97 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -512,15 +512,15 @@ if (empty($reshook)) { if (!empty($contact->socid)) { $sql .= ", fk_soc=".((int) $contact->socid); } - $sql .= " WHERE rowid=".$object->id; + $sql .= " WHERE rowid = ".((int) $object->id); } elseif ($socid > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql .= " SET fk_socpeople=NULL, fk_soc=".((int) $socid); - $sql .= " WHERE rowid=".$object->id; + $sql .= " WHERE rowid = ".((int) $object->id); } else { $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql .= " SET fk_socpeople=NULL, fk_soc=NULL"; - $sql .= " WHERE rowid=".$object->id; + $sql .= " WHERE rowid = ".((int) $object->id); } dol_syslog("usercard::update", LOG_DEBUG); $resql = $db->query($sql); @@ -1267,11 +1267,7 @@ if ($action == 'create' || $action == 'adduserldap') { print dol_get_fiche_end(); - print '
'; - print ''; - //print '     '; - //print ''; - print '
'; + print $form->buttonsSaveCancel("CreateUser"); print ""; } else { diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 816d3dc3e27..db2d4583177 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -576,8 +576,8 @@ class User extends CommonObject if ($loadpersonalconf) { // Load user->conf for user $sql = "SELECT param, value FROM ".MAIN_DB_PREFIX."user_param"; - $sql .= " WHERE fk_user = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE fk_user = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); //dol_syslog(get_class($this).'::fetch load personalized conf', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -652,6 +652,36 @@ class User extends CommonObject return 1; } + /** + * Return if a user has a permission. + * You can use it like this: if ($user->hasRight('module', 'level11')). + * It replaces old syntax: if ($user->rights->module->level1) + * + * @param int $module Id of permission to add or 0 to add several permissions + * @param string $permlevel1 Permission level1 + * @param string $permlevel2 Permission level2 + * @return int 1 if user has permission, 0 if not. + * @see clearrights(), delrights(), getrights(), hasRight() + */ + public function hasRight($module, $permlevel1, $permlevel2 = '') + { + if (empty($module) || empty($this->rights) || empty($this->rights->$module) || empty($permlevel1)) { + return 0; + } + + if ($permlevel2) { + if (!empty($this->rights->$module->$permlevel1) && !empty($this->rights->$module->$permlevel1->$permlevel2)) { + return $this->rights->$module->$permlevel1->$permlevel2; + } + } else { + if (!empty($this->rights->$module->$permlevel1)) { + return $this->rights->$module->$permlevel1; + } + } + + return 0; + } + /** * Add a right to the user * @@ -661,7 +691,7 @@ class User extends CommonObject * @param int $entity Entity to use * @param int $notrigger 1=Does not execute triggers, 0=Execute triggers * @return int > 0 if OK, < 0 if KO - * @see clearrights(), delrights(), getrights() + * @see clearrights(), delrights(), getrights(), hasRight() */ public function addrights($rid, $allmodule = '', $allperms = '', $entity = 0, $notrigger = 0) { @@ -727,7 +757,7 @@ class User extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($whereforadd) && $whereforadd != 'allmodules') { $sql .= " AND ".$whereforadd; } @@ -740,11 +770,11 @@ class User extends CommonObject $obj = $this->db->fetch_object($result); $nid = $obj->id; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".$this->id." AND fk_id=".$nid." AND entity = ".$entity; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".((int) $this->id)." AND fk_id = ".((int) $nid)." AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (entity, fk_user, fk_id) VALUES (".$entity.", ".$this->id.", ".$nid.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (entity, fk_user, fk_id) VALUES (".((int) $entity).", ".((int) $this->id).", ".((int) $nid).")"; if (!$this->db->query($sql)) { $error++; } @@ -788,7 +818,7 @@ class User extends CommonObject * @param int $entity Entity to use * @param int $notrigger 1=Does not execute triggers, 0=Execute triggers * @return int > 0 if OK, < 0 if OK - * @see clearrights(), addrights(), getrights() + * @see clearrights(), addrights(), getrights(), hasRight() */ public function delrights($rid, $allmodule = '', $allperms = '', $entity = 0, $notrigger = 0) { @@ -808,7 +838,7 @@ class User extends CommonObject $sql = "SELECT module, perms, subperms"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; $sql .= " WHERE id = '".$this->db->escape($rid)."'"; - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); if ($result) { @@ -853,7 +883,7 @@ class User extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($wherefordel) && $wherefordel != 'allmodules') { $sql .= " AND ".$wherefordel; } @@ -875,8 +905,8 @@ class User extends CommonObject $nid = $obj->id; $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights"; - $sql .= " WHERE fk_user = ".$this->id." AND fk_id = ".((int) $nid); - $sql .= " AND entity = ".$entity; + $sql .= " WHERE fk_user = ".((int) $this->id)." AND fk_id = ".((int) $nid); + $sql .= " AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } @@ -915,7 +945,7 @@ class User extends CommonObject * Clear all permissions array of user * * @return void - * @see getrights() + * @see getrights(), hasRight() */ public function clearrights() { @@ -933,7 +963,7 @@ class User extends CommonObject * @param string $moduletag Limit permission for a particular module ('' by default means load all permissions) * @param int $forcereload Force reload of permissions even if they were already loaded (ignore cache) * @return void - * @see clearrights(), delrights(), addrights() + * @see clearrights(), delrights(), addrights(), hasRight() */ public function getrights($moduletag = '', $forcereload = 0) { @@ -1022,15 +1052,15 @@ class User extends CommonObject if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $sql .= " AND gu.entity IN (0,".$conf->entity.")"; } else { - $sql .= " AND r.entity = ".$conf->entity; + $sql .= " AND r.entity = ".((int) $conf->entity); } } else { - $sql .= " AND gr.entity = ".$conf->entity; - $sql .= " AND gu.entity = ".$conf->entity; - $sql .= " AND r.entity = ".$conf->entity; + $sql .= " AND gr.entity = ".((int) $conf->entity); + $sql .= " AND gu.entity = ".((int) $conf->entity); + $sql .= " AND r.entity = ".((int) $conf->entity); } $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; - $sql .= " AND gu.fk_user = ".$this->id; + $sql .= " AND gu.fk_user = ".((int) $this->id); $sql .= " AND r.perms IS NOT NULL"; if ($moduletag) { $sql .= " AND r.module = '".$this->db->escape($moduletag)."'"; @@ -1180,7 +1210,7 @@ class User extends CommonObject dol_syslog(get_class($this)."::delete", LOG_DEBUG); // Remove rights - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".((int) $this->id); if (!$error && !$this->db->query($sql)) { $error++; @@ -1188,14 +1218,14 @@ class User extends CommonObject } // Remove group - $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user WHERE fk_user = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user WHERE fk_user = ".((int) $this->id); if (!$error && !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); } // Remove params - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_param WHERE fk_user = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_param WHERE fk_user = ".((int) $this->id); if (!$error && !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -1221,7 +1251,7 @@ class User extends CommonObject // Remove user if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { $error++; @@ -1325,7 +1355,7 @@ class User extends CommonObject // Insert into database $sql = "INSERT INTO ".MAIN_DB_PREFIX."user (datec, login, ldap_sid, entity)"; - $sql .= " VALUES('".$this->db->idate($this->datec)."','".$this->db->escape($this->login)."','".$this->db->escape($this->ldap_sid)."',".$this->db->escape($this->entity).")"; + $sql .= " VALUES('".$this->db->idate($this->datec)."', '".$this->db->escape($this->login)."', '".$this->db->escape($this->ldap_sid)."', ".((int) $this->entity).")"; $result = $this->db->query($sql); dol_syslog(get_class($this)."::create", LOG_DEBUG); @@ -1574,7 +1604,7 @@ class User extends CommonObject $num = 0; $sql = "SELECT id FROM ".MAIN_DB_PREFIX."rights_def"; $sql .= " WHERE bydefault = 1"; - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if ($resql) { @@ -1769,7 +1799,7 @@ class User extends CommonObject $sql .= ", default_c_exp_tax_cat = ".($this->default_c_exp_tax_cat > 0 ? $this->default_c_exp_tax_cat : 'null'); $sql .= ", fk_warehouse = ".($this->fk_warehouse > 0 ? $this->fk_warehouse : "null"); $sql .= ", lang = ".($this->lang ? "'".$this->db->escape($this->lang)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1960,7 +1990,7 @@ class User extends CommonObject $sql .= " datepreviouslogin = datelastlogin,"; $sql .= " datelastlogin = '".$this->db->idate($now)."',"; $sql .= " tms = tms"; // La date de derniere modif doit changer sauf pour la mise a jour de date de derniere connexion - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_last_login_date user->id=".$this->id." ".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2021,7 +2051,7 @@ class User extends CommonObject } else { $sql .= ", pass = '".$this->db->escape($password)."'"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setPassword", LOG_DEBUG); $result = $this->db->query($sql); @@ -2079,7 +2109,7 @@ class User extends CommonObject // After receiving confirmation link, we will erase and store it in pass_crypted $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql .= " SET pass_temp = '".$this->db->escape($password)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setPassword", LOG_DEBUG); // No log $result = $this->db->query($sql); @@ -2225,7 +2255,7 @@ class User extends CommonObject // phpcs:enable $sql = "SELECT url, login, pass, poste "; $sql .= " FROM ".MAIN_DB_PREFIX."user_clicktodial as u"; - $sql .= " WHERE u.fk_user = ".$this->id; + $sql .= " WHERE u.fk_user = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2260,7 +2290,7 @@ class User extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_clicktodial"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); dol_syslog(get_class($this).'::update_clicktodial', LOG_DEBUG); $result = $this->db->query($sql); @@ -2305,14 +2335,14 @@ class User extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); $sql .= " AND fk_usergroup = ".((int) $group); - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_user (entity, fk_user, fk_usergroup)"; - $sql .= " VALUES (".$entity.",".$this->id.",".$group.")"; + $sql .= " VALUES (".((int) $entity).",".((int) $this->id).",".((int) $group).")"; $result = $this->db->query($sql); if ($result) { @@ -2362,9 +2392,9 @@ class User extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); $sql .= " AND fk_usergroup = ".((int) $group); - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); if ($result) { @@ -3093,9 +3123,9 @@ class User extends CommonObject { // phpcs:enable $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."user"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); - dol_syslog(get_class($this)."::get_children sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::get_children", LOG_DEBUG); $res = $this->db->query($sql); if ($res) { $users = array(); @@ -3485,13 +3515,13 @@ class User extends CommonObject if (!empty($filter)) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; - } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = ".((int) $value); + } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -3557,13 +3587,11 @@ class User extends CommonObject $sql = 'SELECT rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.'user'; - if (!empty($conf->global->AGENDA_DISABLE_EXACT_USER_EMAIL_COMPARE_FOR_EXTERNAL_CALENDAR)) { - $sql .= ' WHERE email LIKE "%'.$email.'%"'; + $sql .= " WHERE email LIKE '%".$this->db->escape($email)."%'"; } else { - $sql .= ' WHERE email = "'.$email.'"'; + $sql .= " WHERE email = '".$this->db->escape($email)."'"; } - $sql .= ' LIMIT 1'; $resql = $this->db->query($sql); diff --git a/htdocs/user/class/userbankaccount.class.php b/htdocs/user/class/userbankaccount.class.php index 7323fb93ab2..d9392ade9d7 100644 --- a/htdocs/user/class/userbankaccount.class.php +++ b/htdocs/user/class/userbankaccount.class.php @@ -140,7 +140,7 @@ class UserBankAccount extends Account } else { $sql .= ",label = NULL"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php index 1f0bb2891c6..b1b3175aaa9 100644 --- a/htdocs/user/class/usergroup.class.php +++ b/htdocs/user/class/usergroup.class.php @@ -227,7 +227,7 @@ class UserGroup extends CommonObject /** * Return array of User objects for group this->id (or all if this->id not defined) * - * @param string $excludefilter Filter to exclude + * @param string $excludefilter Filter to exclude. Do not use here a string coming from user input. * @param int $mode 0=Return array of user instance, 1=Return array of users id only * @return mixed Array of users or -1 on error */ @@ -250,7 +250,7 @@ class UserGroup extends CommonObject $sql .= " AND ug.fk_user = u.rowid"; } if (!empty($this->id)) { - $sql .= " AND ug.fk_usergroup = ".$this->id; + $sql .= " AND ug.fk_usergroup = ".((int) $this->id); } if (!empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && !$user->entity) { $sql .= " AND u.entity IS NOT NULL"; @@ -372,11 +372,11 @@ class UserGroup extends CommonObject $obj = $this->db->fetch_object($result); $nid = $obj->id; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights WHERE fk_usergroup = $this->id AND fk_id=".$nid." AND entity = ".$entity; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights WHERE fk_usergroup = ".((int) $this->id)." AND fk_id=".((int) $nid)." AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_rights (entity, fk_usergroup, fk_id) VALUES (".$entity.", ".$this->id.", ".$nid.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_rights (entity, fk_usergroup, fk_id) VALUES (".((int) $entity).", ".((int) $this->id).", ".((int) $nid).")"; if (!$this->db->query($sql)) { $error++; } @@ -486,7 +486,7 @@ class UserGroup extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($wherefordel) && $wherefordel != 'allmodules') { $sql .= " AND ".$wherefordel; } @@ -505,7 +505,7 @@ class UserGroup extends CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights"; $sql .= " WHERE fk_usergroup = $this->id AND fk_id=".((int) $nid); - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } @@ -566,9 +566,9 @@ class UserGroup extends CommonObject $sql = "SELECT r.module, r.perms, r.subperms "; $sql .= " FROM ".MAIN_DB_PREFIX."usergroup_rights as u, ".MAIN_DB_PREFIX."rights_def as r"; $sql .= " WHERE r.id = u.fk_id"; - $sql .= " AND r.entity = ".$conf->entity; - $sql .= " AND u.entity = ".$conf->entity; - $sql .= " AND u.fk_usergroup = ".$this->id; + $sql .= " AND r.entity = ".((int) $conf->entity); + $sql .= " AND u.entity = ".((int) $conf->entity); + $sql .= " AND u.fk_usergroup = ".((int) $this->id); $sql .= " AND r.perms IS NOT NULL"; if ($moduletag) { $sql .= " AND r.module = '".$this->db->escape($moduletag)."'"; diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 5c1e16e4a0c..1f20b018f2e 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -535,9 +535,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/user/group/ldap.php b/htdocs/user/group/ldap.php index 458978d25ea..e02eb3e25d0 100644 --- a/htdocs/user/group/ldap.php +++ b/htdocs/user/group/ldap.php @@ -189,7 +189,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } $ldap->unbind(); $ldap->close(); diff --git a/htdocs/user/ldap.php b/htdocs/user/ldap.php index e6cee6f6f73..e8ceef77b0a 100644 --- a/htdocs/user/ldap.php +++ b/htdocs/user/ldap.php @@ -194,7 +194,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } $ldap->unbind(); diff --git a/htdocs/user/list.php b/htdocs/user/list.php index a3b69d1dff8..89f9191751b 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -336,7 +336,7 @@ $sql .= " s.nom as name, s.canvas,"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -858,7 +858,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $canreadhrmdata = 1; } $canreadsecretapi = 0; - if ($user->id = $obj->rowid || !empty($user->admin)) { // Current user or admin + if ($user->id == $obj->rowid || !empty($user->admin)) { // Current user or admin $canreadsecretapi = 1; } diff --git a/htdocs/user/note.php b/htdocs/user/note.php index 1ce397626e6..da8c57f918f 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -137,11 +137,7 @@ if ($id) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); } diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 73c9d817ae8..5ff285972df 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -38,7 +38,7 @@ $id = GETPOST("id", 'int'); $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -$actionid = GETPOST('actionid'); +$actionid = GETPOST('actionid', 'int'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -99,8 +99,8 @@ if ($action == 'add') { $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; $sql .= " WHERE fk_user=".((int) $id)." AND fk_action=".((int) $actionid); if ($db->query($sql)) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec,fk_user, fk_action)"; - $sql .= " VALUES ('".$db->idate($now)."',".$id.",".$actionid.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec, fk_user, fk_action)"; + $sql .= " VALUES ('".$db->idate($now)."', ".((int) $id).", ".((int) $actionid).")"; if (!$db->query($sql)) { $error++; @@ -232,7 +232,7 @@ if ($result > 0) { $sql .= " ".MAIN_DB_PREFIX."user c"; $sql .= " WHERE a.rowid = n.fk_action"; $sql .= " AND c.rowid = n.fk_user"; - $sql .= " AND c.rowid = ".$object->id; + $sql .= " AND c.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('user').')'; $resql = $db->query($sql); @@ -290,7 +290,7 @@ if ($result > 0) { print $form->selectarray("typeid", $type); print ''; print ''; - print ''; + print ''; print ' '; print ''; print ''; @@ -409,7 +409,7 @@ if ($result > 0) { $sql .= " ".MAIN_DB_PREFIX."notify as n"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as c ON n.fk_user = c.rowid"; $sql .= " WHERE a.rowid = n.fk_action"; - $sql .= " AND n.fk_user = ".$object->id; + $sql .= " AND n.fk_user = ".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); // Count total nb of records diff --git a/htdocs/user/param_ihm.php b/htdocs/user/param_ihm.php index 72f9b075be9..76734c26886 100644 --- a/htdocs/user/param_ihm.php +++ b/htdocs/user/param_ihm.php @@ -328,11 +328,7 @@ if ($action == 'edit') { showSkins($object, (($user->admin || empty($dolibarr_main_demo)) ? 1 : 0), true); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); } else { print dol_get_fiche_head($head, 'guisetup', $title, -1, 'user'); diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 5e96a76119c..391682b2d6d 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -217,9 +217,9 @@ $permsgroupbyentity = array(); $sql = "SELECT DISTINCT gr.fk_id, gu.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."usergroup_rights as gr,"; $sql .= " ".MAIN_DB_PREFIX."usergroup_user as gu"; -$sql .= " WHERE gr.entity = ".$entity; +$sql .= " WHERE gr.entity = ".((int) $entity); $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; -$sql .= " AND gu.fk_user = ".$object->id; +$sql .= " AND gu.fk_user = ".((int) $object->id); dol_syslog("get user perms", LOG_DEBUG); $result = $db->query($sql); @@ -258,8 +258,8 @@ print '
'; if ($user->admin) { print info_admin($langs->trans("WarningOnlyPermissionOfActivatedModules")); } -// Show warning about external users -if (empty($user->socid)) { +// If edited user is an extern user, we show warning for external users +if (! empty($object->socid)) { print info_admin(showModulesExludedForExternal($modules))."\n"; } diff --git a/htdocs/variants/class/ProductAttributeValue.class.php b/htdocs/variants/class/ProductAttributeValue.class.php index e91542f90c5..5ee341526bb 100644 --- a/htdocs/variants/class/ProductAttributeValue.class.php +++ b/htdocs/variants/class/ProductAttributeValue.class.php @@ -160,8 +160,7 @@ class ProductAttributeValue extends CommonObject $this->value = $this->db->escape($this->value); $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_attribute_value (fk_product_attribute, ref, value, entity) - VALUES ('".(int) $this->fk_product_attribute."', '".$this->db->escape($this->ref)."', - '".$this->value."', ".(int) $this->entity.")"; + VALUES (".(int) $this->fk_product_attribute.", '".$this->db->escape($this->ref)."', '".$this->db->escape($this->value)."', ".(int) $this->entity.")"; $query = $this->db->query($sql); diff --git a/htdocs/variants/class/ProductCombination.class.php b/htdocs/variants/class/ProductCombination.class.php index 29cfdf731f9..d4fc03724d0 100644 --- a/htdocs/variants/class/ProductCombination.class.php +++ b/htdocs/variants/class/ProductCombination.class.php @@ -942,7 +942,7 @@ class ProductCombination $sql .= ' FROM '.MAIN_DB_PREFIX.'product_attribute_combination pac'; $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'product_attribute_combination2val pac2v ON pac2v.fk_prod_combination=pac.rowid'; $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'product_attribute_value pav ON pav.rowid=pac2v.fk_prod_attr_val'; - $sql .= ' WHERE pac.fk_product_child='.$prod_child; + $sql .= ' WHERE pac.fk_product_child='.((int) $prod_child); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 9c584f5b8bb..f514c7c0302 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -221,8 +221,9 @@ if (preg_match('/\.noexe$/i', $original_file)) { accessforbidden('Error: Using the image wrapper to output a file ending with .noexe is not allowed.', 0, 0, 1); } -// Security: Delete string ../ into $original_file -$original_file = str_replace("../", "/", $original_file); +// Security: Delete string ../ or ..\ into $original_file +$original_file = str_replace('../', '/', $original_file); +$original_file = str_replace('..\\', '/', $original_file); // Find the subdirectory name as the reference $refname = basename(dirname($original_file)."/"); diff --git a/htdocs/webservices/admin/index.php b/htdocs/webservices/admin/index.php index 1c78acae84d..eec667c8a74 100644 --- a/htdocs/webservices/admin/index.php +++ b/htdocs/webservices/admin/index.php @@ -91,9 +91,7 @@ print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 7e70bfddc6d..ff06eff74b6 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -415,7 +415,7 @@ class Website extends CommonObject $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { - $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } if (count($sqlwhere) > 0) { @@ -426,7 +426,7 @@ class Website extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $this->records = array(); @@ -1091,8 +1091,8 @@ class Website extends CommonObject } } - $line .= "\n-- For Dolibarr v14+ --\n"; - $line .= "UPDATE llx_website SET fk_default_lang = '".$this->db->escape($this->fk_default_lang)."' WHERE rowid = __WEBSITE_ID__;\n"; + $line = "\n-- For Dolibarr v14+ --;\n"; + $line .= "UPDATE llx_website SET lang = '".$this->db->escape($this->fk_default_lang)."' WHERE rowid = __WEBSITE_ID__;\n"; $line .= "UPDATE llx_website SET otherlang = '".$this->db->escape($this->otherlang)."' WHERE rowid = __WEBSITE_ID__;\n"; $line .= "\n"; fputs($fp, $line); @@ -1138,7 +1138,7 @@ class Website extends CommonObject return -1; } - dol_delete_dir_recursive($conf->website->dir_temp.'/'.$object->ref); + dol_delete_dir_recursive($conf->website->dir_temp."/".$object->ref); dol_mkdir($conf->website->dir_temp.'/'.$object->ref); $filename = basename($pathtofile); @@ -1183,7 +1183,7 @@ class Website extends CommonObject dolCopyDir($conf->website->dir_temp.'/'.$object->ref.'/medias/image/websitekey', $conf->website->dir_output.'/'.$object->ref.'/medias/image/'.$object->ref, 0, 1); // Medias can be shared, do not overwrite if exists dolCopyDir($conf->website->dir_temp.'/'.$object->ref.'/medias/js/websitekey', $conf->website->dir_output.'/'.$object->ref.'/medias/js/'.$object->ref, 0, 1); // Medias can be shared, do not overwrite if exists - $sqlfile = $conf->website->dir_temp.'/'.$object->ref.'/website_pages.sql'; + $sqlfile = $conf->website->dir_temp."/".$object->ref.'/website_pages.sql'; $result = dolReplaceInFile($sqlfile, $arrayreplacement); @@ -1252,7 +1252,7 @@ class Website extends CommonObject // Read record of website that has been updated by the run_sql function previously called so we can get the // value of fk_default_home that is ID of home page - $sql = 'SELECT fk_default_home FROM '.MAIN_DB_PREFIX.'website WHERE rowid = '.$object->id; + $sql = 'SELECT fk_default_home FROM '.MAIN_DB_PREFIX.'website WHERE rowid = '.((int) $object->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index 16053069d30..275c3c94afe 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -417,7 +417,7 @@ class WebsitePage extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || $key == 't.fk_website' || $key == 'status') { - $sqlwhere[] = $key.' = '.((int) $value); + $sqlwhere[] = $key." = ".((int) $value); } elseif ($key == 'type_container') { $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } elseif ($key == 'lang' || $key == 't.lang') { @@ -432,23 +432,23 @@ class WebsitePage extends CommonObject } $stringtouse = $key." IN (".$this->db->sanitize(join(',', $listoflang), 1).")"; if ($foundnull) { - $stringtouse = '('.$stringtouse.' OR '.$key.' IS NULL)'; + $stringtouse = "(".$stringtouse." OR ".$key." IS NULL)"; } $sqlwhere[] = $stringtouse; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')'; + $sql .= " AND (".implode(' '.$filtermode.' ', $sqlwhere).')'; } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -519,7 +519,7 @@ class WebsitePage extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || $key == 't.fk_website' || $key == 'status') { - $sqlwhere[] = $key.' = '.((int) $value); + $sqlwhere[] = $key." = ".((int) $value); } elseif ($key == 'type_container') { $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } elseif ($key == 'lang' || $key == 't.lang') { @@ -534,11 +534,11 @@ class WebsitePage extends CommonObject } $stringtouse = $key." IN (".$this->db->sanitize(join(',', $listoflang), 1).")"; if ($foundnull) { - $stringtouse = '('.$stringtouse.' OR '.$key.' IS NULL)'; + $stringtouse = "(".$stringtouse." OR ".$key." IS NULL)"; } $sqlwhere[] = $stringtouse; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 23be98a3b8c..d8a479d5923 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -2378,7 +2378,7 @@ if ($action == 'generatesitemaps' && $usercanedit) { // Add "has translation pages" $sql = 'SELECT rowid as id, lang, pageurl from '.MAIN_DB_PREFIX.'website_page'; - $sql .= ' WHERE status = '.WebsitePage::STATUS_VALIDATED.' AND fk_page IN ('.$db->sanitize($objp->rowid.($translationof ? ', '.$translationof : '')).")"; + $sql .= " WHERE status = ".((int) WebsitePage::STATUS_VALIDATED).' AND fk_page IN ('.$db->sanitize($objp->rowid.($translationof ? ", ".$translationof : "")).")"; $resqlhastrans = $db->query($sql); if ($resqlhastrans) { $num_rows_hastrans = $db->num_rows($resqlhastrans); @@ -2857,7 +2857,7 @@ if (!GETPOST('hide_websitemenu')) { $pagepreviousid = 0; $pagenextid = 0; if ($pageid) { - $sql = 'SELECT MAX(rowid) as pagepreviousid FROM '.MAIN_DB_PREFIX.'website_page WHERE rowid < '.$pageid.' AND fk_website = '.$object->id; + $sql = "SELECT MAX(rowid) as pagepreviousid FROM ".MAIN_DB_PREFIX."website_page WHERE rowid < ".((int) $pageid)." AND fk_website = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -2867,7 +2867,7 @@ if (!GETPOST('hide_websitemenu')) { } else { dol_print_error($db); } - $sql = 'SELECT MIN(rowid) as pagenextid FROM '.MAIN_DB_PREFIX.'website_page WHERE rowid > '.$pageid.' AND fk_website = '.$object->id; + $sql = "SELECT MIN(rowid) as pagenextid FROM ".MAIN_DB_PREFIX."website_page WHERE rowid > ".((int) $pageid)." AND fk_website = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -3542,7 +3542,7 @@ if ($action == 'createsite') { if ($action == 'createsite') { print '
'; - print ''; + print ''; print ''; print '
'; @@ -3829,7 +3829,7 @@ if ($action == 'editmeta' || $action == 'createcontainer') { // Edit properties print ''; if ($action != 'createcontainer') { // Has translation pages - $sql = 'SELECT rowid, lang from '.MAIN_DB_PREFIX.'website_page where fk_page = '.$objectpage->id; + $sql = 'SELECT rowid, lang from '.MAIN_DB_PREFIX.'website_page where fk_page = '.((int) $objectpage->id); $resql = $db->query($sql); if ($resql) { $num_rows = $db->num_rows($resql); @@ -3980,7 +3980,7 @@ if ($action == 'editmeta' || $action == 'createcontainer') { // Edit properties if ($action == 'createcontainer') { print '
'; - print ''; + print ''; print ''; print '
'; diff --git a/htdocs/website/websiteaccount_card.php b/htdocs/website/websiteaccount_card.php index cf4d26b2c33..398affc8cb2 100644 --- a/htdocs/website/websiteaccount_card.php +++ b/htdocs/website/websiteaccount_card.php @@ -140,11 +140,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } @@ -172,9 +168,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/workstation/class/workstation.class.php b/htdocs/workstation/class/workstation.class.php index 5cb6baf3565..8b550add124 100755 --- a/htdocs/workstation/class/workstation.class.php +++ b/htdocs/workstation/class/workstation.class.php @@ -427,15 +427,15 @@ class Workstation extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -447,7 +447,7 @@ class Workstation extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -599,7 +599,7 @@ class Workstation extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/workstation/workstation_card.php b/htdocs/workstation/workstation_card.php index 5b63ca2d481..0cf0f628492 100755 --- a/htdocs/workstation/workstation_card.php +++ b/htdocs/workstation/workstation_card.php @@ -231,11 +231,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -288,9 +284,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/workstation/workstation_list.php b/htdocs/workstation/workstation_list.php index d305e0c2c33..b395c5e5a1b 100755 --- a/htdocs/workstation/workstation_list.php +++ b/htdocs/workstation/workstation_list.php @@ -220,7 +220,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -300,7 +300,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/zapier/class/hook.class.php b/htdocs/zapier/class/hook.class.php index ba04f504da6..fc03942d978 100644 --- a/htdocs/zapier/class/hook.class.php +++ b/htdocs/zapier/class/hook.class.php @@ -419,13 +419,13 @@ class Hook extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.' = '.((int) $value); + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -437,7 +437,7 @@ class Hook extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 37fc7eee703..a9f6221ea58 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -225,7 +225,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Must must not found $db-> $ok=true; $matches=array(); - // Check string get_class... + // Check string $db-> inside a class.php file (it should be $this->db-> insto such classes) preg_match_all('/'.preg_quote('$db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; @@ -243,7 +243,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Must must not found $this->db-> $ok=true; $matches=array(); - // Check string get_class... + // Check string $this->db-> into a non class.php file (it shoud be $db-> into such classes) preg_match_all('/'.preg_quote('$this->db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; @@ -286,6 +286,38 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $ok=true; $matches=array(); + // Check sql string DELETE|OR|AND|WHERE|INSERT ... yyy = ".$xxx + // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string, or an (int) if int, when forging sql request. + preg_match_all('/(DELETE|OR|AND|WHERE|INSERT)\s.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); + foreach ($matches as $key => $val) { + if ($val[2] == 'ity' && $val[3] == 'con') { // exclude entity = $conf->entity + continue; + } + var_dump($matches); + $ok=false; + break; + } + //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; + $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); + //exit; + + // Check sql string VALUES ... , ".$xxx + // with xxx that is not 'db-' (for $db->escape). It means we forget a ' if string, or an (int) if int, when forging sql request. + preg_match_all('/(VALUES).*,\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); + foreach ($matches as $key => $val) { + if ($val[2] == 'VALUES' && $val[3] == 'db-') { // exclude $db->escape( + continue; + } + var_dump($matches); + $ok=false; + break; + } + //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; + $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); + //exit; + + // Check '".$xxx non escaped + // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/=\s*\'"\s*\.\s*\$this->(....)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { @@ -293,25 +325,39 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $ok=false; break; } - //if ($reg[0] != 'db') $ok=false; } //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; - $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].' - Bad.'); - //exit; + $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 1) in '.$file['relativename'].' - Bad.'); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. - preg_match_all('/sql.+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); + // Check string sql|set...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. + preg_match_all('/(sql|SET|WHERE|INSERT|VALUES).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { - if (! in_array($val[1], array('this->db-', 'this->esc', 'db->escap', 'dbsession', 'db->idate', 'excludeGr', 'includeGr'))) { + if (! in_array($val[2], array('this->db-', 'this->esc', 'db->escap', 'mydb->esc', 'dbsession', 'db->idate', 'escapedli', 'excludeGr', 'includeGr'))) { $ok=false; break; } //if ($reg[0] != 'db') $ok=false; } //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; - $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].': '.$val[0].' - Bad.'); + $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 2) in '.$file['relativename'].': '.$val[0].' - Bad.'); //exit; + // Check string sql|set...'.$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. + preg_match_all('/(\$sql|SET\s|WHERE\s|INSERT\s|VALUES\s|VALUES\().+\s*\'\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); + foreach ($matches as $key => $val) { + if (! in_array($val[2], array('this->db-', 'db->sanit', 'conf->ent', 'key : \'\')', 'key])."\')', 'excludefi', 'regexstri', 'filtermod'))) { + $ok=false; + var_dump($matches); + break; + } + //if ($reg[0] != 'db') $ok=false; + } + //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; + $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 3) in '.$file['relativename'].': '.$val[0].' - Bad.'); + //exit; + + // Checks with IN + // Check string 'IN (".xxx' or 'IN (\'.xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request. preg_match_all('/ IN \([\'"]\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { @@ -341,7 +387,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped. $ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/(..............)\$_SERVER\[\'QUERY_STRING\'\]/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($val[1] != 'scape_htmltag(' && $val[1] != 'ing_nohtmltag(' && $val[1] != 'dol_escape_js(') { @@ -355,7 +400,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test that first param of print_liste_field_titre is a translation key and not the translated value $ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. + // Check string ='print_liste_field_titre\(\$langs'. preg_match_all('/print_liste_field_titre\(\$langs/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; @@ -367,8 +412,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test we don't have
$ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. - preg_match_all('/
/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('//', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($file['name'] != 'functions.lib.php') { $ok=false; @@ -381,7 +425,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test we don't have name="token" value="'.$_SESSION['newtoken'], we must use name="token" value="'.newToken() instead. $ok=true; $matches=array(); - // Check string name="token" value="'.$_SESSINON preg_match_all('/name="token" value="\'\s*\.\s*\$_SESSION/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($file['name'] != 'excludefile.php') { @@ -395,7 +438,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test we don't have @var array( $ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/@var\s+array\(/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 87edca884e4..81eff830b49 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -349,7 +349,8 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_POST["param1"]="333"; $_GET["param2"]='a/b#e(pr)qq-rr\cc'; $_GET["param3"]='"na/b#e(pr)qq-rr\cc'; // Same than param2 + " and n - $_GET["param4"]='../dir'; + $_GET["param4a"]='../../dir'; + $_GET["param4b"]='..\..\dirwindows'; $_GET["param5"]="a_1-b"; $_POST["param6"]="">assertEquals($result, 'na/b#e(pr)qq-rr\cc', 'Test on param3'); - $result=GETPOST("param4", 'alpha'); // Must return string sanitized from ../ + $result=GETPOST("param4a", 'alpha'); // Must return string sanitized from ../ print __METHOD__." result=".$result."\n"; $this->assertEquals($result, 'dir'); + $result=GETPOST("param4b", 'alpha'); // Must return string sanitized from ../ + print __METHOD__." result=".$result."\n"; + $this->assertEquals($result, 'dirwindows'); + // Test with aZ09 $result=GETPOST("param1", 'aZ09'); @@ -412,7 +417,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase print __METHOD__." result=".$result."\n"; $this->assertEquals($result, ''); - $result=GETPOST("param4", 'aZ09'); // Must return '' as string contains car not in aZ09 definition + $result=GETPOST("param4a", 'aZ09'); // Must return '' as string contains car not in aZ09 definition + print __METHOD__." result=".$result."\n"; + $this->assertEquals('', $result); + + $result=GETPOST("param4b", 'aZ09'); // Must return '' as string contains car not in aZ09 definition print __METHOD__." result=".$result."\n"; $this->assertEquals('', $result); diff --git a/test/phpunit/WebservicesInvoicesTest.php b/test/phpunit/WebservicesInvoicesTest.php index f6f499357a4..a077b34e208 100644 --- a/test/phpunit/WebservicesInvoicesTest.php +++ b/test/phpunit/WebservicesInvoicesTest.php @@ -414,7 +414,7 @@ class WebservicesInvoicesTest extends PHPUnit\Framework\TestCase $result=0; } if (! $result || ! empty($result['faultstring'])) { - print $this->soapclient->error_str; + print 'Error: '.$this->soapclient->error_str; print "\n
\n"; print $this->soapclient->request; print "\n
\n"; @@ -422,6 +422,7 @@ class WebservicesInvoicesTest extends PHPUnit\Framework\TestCase print "\n"; } + print __METHOD__." count(result)=".(is_array($result) ? count($result) : 0)."\n"; print __METHOD__." result=".$result['result']['result_code'].$result['result']['result_label']."\n"; $this->assertEquals('OK', $result['result']['result_code']); $this->assertEquals('ref-phpunit-2', $result['ref_ext']); diff --git a/test/phpunit/WebservicesOrdersTest.php b/test/phpunit/WebservicesOrdersTest.php index 9ffa00226e0..45d0bdcccbe 100644 --- a/test/phpunit/WebservicesOrdersTest.php +++ b/test/phpunit/WebservicesOrdersTest.php @@ -175,7 +175,7 @@ class WebservicesOrdersTest extends PHPUnit\Framework\TestCase } if (! $result || ! empty($result['faultstring'])) { //var_dump($soapclient); - print $soapclient->error_str; + print 'Error: '.$soapclient->error_str; print "\n
\n"; print $soapclient->request; print "\n
\n"; @@ -183,7 +183,7 @@ class WebservicesOrdersTest extends PHPUnit\Framework\TestCase print "\n"; } - print __METHOD__." count(result)=".count($result)."\n"; + print __METHOD__." count(result)=".(is_array($result) ? count($result) : 0)."\n"; $this->assertEquals('OK', $result['result']['result_code']); return $result; diff --git a/test/phpunit/WebservicesOtherTest.php b/test/phpunit/WebservicesOtherTest.php index 0e788a195a7..df1e0fa76a1 100644 --- a/test/phpunit/WebservicesOtherTest.php +++ b/test/phpunit/WebservicesOtherTest.php @@ -180,7 +180,7 @@ class WebservicesOtherTest extends PHPUnit\Framework\TestCase } if (! $result) { //var_dump($soapclient); - print $soapclient->error_str; + print 'Error: '.$soapclient->error_str; print "\n
\n"; print $soapclient->request; print "\n
\n"; @@ -212,7 +212,7 @@ class WebservicesOtherTest extends PHPUnit\Framework\TestCase print "\n"; } - print __METHOD__." count(result)=".count($result)."\n"; + print __METHOD__." count(result)=".(is_array($result) ? count($result) : 0)."\n"; $this->assertEquals("SOAP-ENV:Client: Operation 'methodthatdoesnotexists' is not defined in the WSDL for this service", $soapclient->error_str); return $result; diff --git a/test/phpunit/WebservicesProductsTest.php b/test/phpunit/WebservicesProductsTest.php index a31d147b9d7..c12323dbec7 100644 --- a/test/phpunit/WebservicesProductsTest.php +++ b/test/phpunit/WebservicesProductsTest.php @@ -322,7 +322,7 @@ class WebservicesProductsTest extends PHPUnit\Framework\TestCase } if (! $result || ! empty($result['faultstring']) || $result['result']['result_code'] != 'OK') { //var_dump($soapclient); - print $soapclient->error_str; + print 'Error: '.$soapclient->error_str; print "\n
\n"; print $soapclient->request; print "\n
\n"; @@ -330,7 +330,7 @@ class WebservicesProductsTest extends PHPUnit\Framework\TestCase print "\n"; } - print __METHOD__." count(result)=".count($result)."\n"; + print __METHOD__." count(result)=".(is_array($result) ? count($result) : 0)."\n"; $this->assertEquals('OK', $result['result']['result_code']); return 0; diff --git a/test/phpunit/WebservicesThirdpartyTest.php b/test/phpunit/WebservicesThirdpartyTest.php index fe9b15cee50..285b8456ffb 100644 --- a/test/phpunit/WebservicesThirdpartyTest.php +++ b/test/phpunit/WebservicesThirdpartyTest.php @@ -394,7 +394,7 @@ class WebservicesThirdpartyTest extends PHPUnit\Framework\TestCase $result=0; } if (! $result || ! empty($result['faultstring'])) { - print $this->soapclient->error_str; + print 'Error: '.$this->soapclient->error_str; print "\n
\n"; print $this->soapclient->request; print "\n
\n"; @@ -402,7 +402,7 @@ class WebservicesThirdpartyTest extends PHPUnit\Framework\TestCase print "\n"; } - print __METHOD__." result=".$result['result']['result_code']."\n"; + print __METHOD__." count(result)=".(is_array($result) ? count($result) : 0)."\n"; $this->assertEquals('OK', $result['result']['result_code']); return $result; diff --git a/test/phpunit/WebservicesUserTest.php b/test/phpunit/WebservicesUserTest.php index e3072844580..8b9ae2739a6 100644 --- a/test/phpunit/WebservicesUserTest.php +++ b/test/phpunit/WebservicesUserTest.php @@ -182,7 +182,7 @@ class WebservicesUserTest extends PHPUnit\Framework\TestCase } if (! $result) { //var_dump($soapclient); - print $soapclient->error_str; + print 'Error: '.$soapclient->error_str; print "\n
\n"; print $soapclient->request; print "\n
\n"; @@ -213,7 +213,7 @@ class WebservicesUserTest extends PHPUnit\Framework\TestCase print "\n"; } - print __METHOD__." count(result)=".count($result)."\n"; + print __METHOD__." count(result)=".(is_array($result) ? count($result) : 0)."\n"; $this->assertEquals('NOT_FOUND', $result['result']['result_code'], 'Test on ref that does not exists'); return $result;