From ca6dd8850ab3cab0a6e70b1e851106f72c7d5653 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Thu, 29 Jul 2021 15:24:08 +0200 Subject: [PATCH 001/215] FIX: Manage credit note on situation invoice for calculate margin --- htdocs/core/class/html.formmargin.class.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formmargin.class.php b/htdocs/core/class/html.formmargin.class.php index 83923ffa6c7..e571f7cc68c 100644 --- a/htdocs/core/class/html.formmargin.class.php +++ b/htdocs/core/class/html.formmargin.class.php @@ -98,7 +98,8 @@ class FormMargin $pv = $line->total_ht; $pa_ht = ($pv < 0 ? -$line->pa_ht : $line->pa_ht); // We choosed to have line->pa_ht always positive in database, so we guess the correct sign - if ($object->element == 'facture' && $object->type == $object::TYPE_SITUATION) { + if ($object->element == 'facture' && $object->type == $object::TYPE_SITUATION + || $object->element == 'facture' && $object->type == $object::TYPE_CREDIT_NOTE && $conf->global->INVOICE_USE_SITUATION_CREDIT_NOTE && $object->situation_counter > 0) { $pa = $line->qty * $pa_ht * ($line->situation_percent / 100); } else { $pa = $line->qty * $pa_ht; From 803722e323801bbc4e3d5b79651bd666cb0835ad Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Wed, 4 Aug 2021 14:48:10 +0200 Subject: [PATCH 002/215] Fix : we only want employee users for holidays --- htdocs/holiday/class/holiday.class.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 2637f3c0eaa..3cd649e11ac 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -1630,6 +1630,7 @@ class Holiday extends CommonObject $sql .= " WHERE u.entity IN (".getEntity('user').")"; } $sql .= " AND u.statut > 0"; + $sql .= " AND u.employee = 1"; // We only want employee users for holidays if ($filters) $sql .= $filters; $resql = $this->db->query($sql); @@ -1720,6 +1721,7 @@ class Holiday extends CommonObject } $sql .= " AND u.statut > 0"; + $sql .= " AND u.employee = 1"; // We only want employee users for holidays if ($filters) $sql .= $filters; $resql = $this->db->query($sql); From 7b702d19d45ef51b2403167e1ddf1878820a122d Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Wed, 4 Aug 2021 17:47:40 +0200 Subject: [PATCH 003/215] NEW : display shipping method and tracking url on shipemnt list --- htdocs/expedition/list.php | 58 +++++++++++++++++++++++++++++--------- 1 file changed, 45 insertions(+), 13 deletions(-) diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index 5a110d33f2a..7640d94cf2b 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -58,6 +58,7 @@ $search_ref_exp = GETPOST("search_ref_exp", 'alpha'); $search_ref_liv = GETPOST('search_ref_liv', 'alpha'); $search_ref_customer = GETPOST('search_ref_customer', 'alpha'); $search_company = GETPOST("search_company", 'alpha'); +$search_shipping_method_id = GETPOST('search_shipping_method_id'); $search_tracking = GETPOST("search_tracking", 'alpha'); $search_town = GETPOST('search_town', 'alpha'); $search_zip = GETPOST('search_zip', 'alpha'); @@ -115,6 +116,7 @@ $fieldstosearchall = array( 'e.ref'=>"Ref", 's.nom'=>"ThirdParty", 'e.note_public'=>'NotePublic', + 'e.shipping_method_id'=>'SendingMethod', 'e.tracking_number'=>"TrackingNumber", ); if (empty($user->socid)) { @@ -123,17 +125,18 @@ if (empty($user->socid)) { $checkedtypetiers = 0; $arrayfields = array( - 'e.ref'=>array('label'=>$langs->trans("Ref"), 'checked'=>1), - 'e.ref_customer'=>array('label'=>$langs->trans("RefCustomer"), 'checked'=>1), - 's.nom'=>array('label'=>$langs->trans("ThirdParty"), 'checked'=>1), - 's.town'=>array('label'=>$langs->trans("Town"), 'checked'=>1), - 's.zip'=>array('label'=>$langs->trans("Zip"), 'checked'=>1), - 'state.nom'=>array('label'=>$langs->trans("StateShort"), 'checked'=>0), - 'country.code_iso'=>array('label'=>$langs->trans("Country"), 'checked'=>0), - 'typent.code'=>array('label'=>$langs->trans("ThirdPartyType"), 'checked'=>$checkedtypetiers), - 'e.date_delivery'=>array('label'=>$langs->trans("DateDeliveryPlanned"), 'checked'=>1), - 'e.tracking_number'=>array('label'=>$langs->trans("TrackingNumber"), 'checked'=>1), - 'e.weight'=>array('label'=>$langs->trans("Weight"), 'checked'=>0), + 'e.ref'=>array('label'=>$langs->trans("Ref"), 'checked'=>1, 'position'=>1), + 'e.ref_customer'=>array('label'=>$langs->trans("RefCustomer"), 'checked'=>1, 'position'=>2), + 's.nom'=>array('label'=>$langs->trans("ThirdParty"), 'checked'=>1, 'position'=>3), + 's.town'=>array('label'=>$langs->trans("Town"), 'checked'=>1, 'position'=>4), + 's.zip'=>array('label'=>$langs->trans("Zip"), 'checked'=>1, 'position'=>5), + 'state.nom'=>array('label'=>$langs->trans("StateShort"), 'checked'=>0, 'position'=>6), + 'country.code_iso'=>array('label'=>$langs->trans("Country"), 'checked'=>0, 'position'=>7), + 'typent.code'=>array('label'=>$langs->trans("ThirdPartyType"), 'checked'=>$checkedtypetiers, 'position'=>8), + 'e.date_delivery'=>array('label'=>$langs->trans("DateDeliveryPlanned"), 'checked'=>1, 'position'=>9), + 'e.shipping_method_id'=>array('label'=>$langs->trans('SendingMethod'), 'checked'=>1, 'position'=>10), + 'e.tracking_number'=>array('label'=>$langs->trans("TrackingNumber"), 'checked'=>1, 'position'=>11), + 'e.weight'=>array('label'=>$langs->trans("Weight"), 'checked'=>0, 'position'=>12), 'e.datec'=>array('label'=>$langs->trans("DateCreation"), 'checked'=>0, 'position'=>500), 'e.tms'=>array('label'=>$langs->trans("DateModificationShort"), 'checked'=>0, 'position'=>500), 'e.fk_statut'=>array('label'=>$langs->trans("Status"), 'checked'=>1, 'position'=>1000), @@ -185,6 +188,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_type = ''; $search_country = ''; $search_tracking = ''; + $search_shipping_method_id = ''; $search_type_thirdparty = ''; $search_billed = ''; $search_datedelivery_start = ''; @@ -228,7 +232,7 @@ $sql = 'SELECT'; if ($sall || $search_product_category > 0 || $search_user > 0) { $sql = 'SELECT DISTINCT'; } -$sql .= " e.rowid, e.ref, e.ref_customer, e.date_expedition as date_expedition, e.weight, e.weight_units, e.date_delivery as delivery_date, e.fk_statut, e.billed, e.tracking_number,"; +$sql .= " e.rowid, e.ref, e.ref_customer, e.date_expedition as date_expedition, e.weight, e.weight_units, e.date_delivery as delivery_date, e.fk_statut, e.billed, e.tracking_number, e.fk_shipping_method,"; $sql .= " l.date_delivery as date_reception,"; $sql .= " s.rowid as socid, s.nom as name, s.town, s.zip, s.fk_pays, s.client, s.code_client, "; $sql .= " typent.code as typent_code,"; @@ -315,6 +319,9 @@ if ($search_state) { if ($search_country) { $sql .= " AND s.fk_pays IN (".$db->sanitize($search_country).')'; } +if ($search_shipping_method_id > 0) { + $sql .= " AND e.fk_shipping_method = ".$search_shipping_method_id; +} if ($search_tracking) { $sql .= natural_search("e.tracking_number", $search_tracking); } @@ -422,6 +429,9 @@ if ($search_sale > 0) { if ($search_company) { $param .= "&search_company=".urlencode($search_company); } +if ($search_shipping_method_id) { + $param .= "&search_shipping_method_id=".urlencode($search_shipping_method_id); +} if ($search_tracking) { $param .= "&search_tracking=".urlencode($search_tracking); } @@ -628,6 +638,14 @@ if (!empty($arrayfields['e.date_delivery']['checked'])) { print ''; print ''; } +if (!empty($arrayfields['e.shipping_method_id']['checked'])) +{ + // Delivery method + print ''; + $shipment->fetch_delivery_methods(); + print $form->selectarray("search_shipping_method_id", $shipment->meths, $search_shipping_method_id, 1, 0, 0, "", 1); + print "\n"; +} // Tracking number if (!empty($arrayfields['e.tracking_number']['checked'])) { print ''; @@ -718,6 +736,9 @@ if (!empty($arrayfields['e.weight']['checked'])) { if (!empty($arrayfields['e.date_delivery']['checked'])) { print_liste_field_titre($arrayfields['e.date_delivery']['label'], $_SERVER["PHP_SELF"], "e.date_delivery", "", $param, '', $sortfield, $sortorder, 'center '); } +if (!empty($arrayfields['e.shipping_method_id']['checked'])) { + print_liste_field_titre($arrayfields['e.shipping_method_id']['label'], $_SERVER["PHP_SELF"], "e.fk_shipping_method", "", $param, '', $sortfield, $sortorder, 'center '); +} if (!empty($arrayfields['e.tracking_number']['checked'])) { print_liste_field_titre($arrayfields['e.tracking_number']['label'], $_SERVER["PHP_SELF"], "e.tracking_number", "", $param, '', $sortfield, $sortorder, 'center '); } @@ -756,6 +777,7 @@ while ($i < min($num, $limit)) { $shipment->id = $obj->rowid; $shipment->ref = $obj->ref; + $shipment->shipping_method_id=$obj->fk_shipping_method; $companystatic->id = $obj->socid; $companystatic->ref = $obj->name; @@ -863,9 +885,19 @@ while ($i < min($num, $limit)) { print dol_print_date($db->jdate($obj->delivery_date), "dayhour"); print "\n"; } + if (!empty($arrayfields['e.shipping_method_id']['checked'])) + { + // Get code using getLabelFromKey + $code=$langs->getLabelFromKey($db, $shipment->shipping_method_id, 'c_shipment_mode', 'rowid', 'code'); + print ''; + if($shipment->shipping_method_id > 0) print $langs->trans("SendingMethod".strtoupper($code)); + print ''; + } // Tracking number if (!empty($arrayfields['e.tracking_number']['checked'])) { - print ''.$obj->tracking_number."\n"; + $shipment->getUrlTrackingStatus($obj->tracking_number); + print ''.$shipment->tracking_url."\n"; + //print $form->editfieldval("TrackingNumber", 'tracking_number', $obj->tracking_url, $obj, $user->rights->expedition->creer, 'string', $obj->tracking_number); if (!$i) { $totalarray['nbfield']++; } From ee55a7de5a362fb8889a82c62ce612a522447910 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Wed, 4 Aug 2021 15:50:59 +0000 Subject: [PATCH 004/215] Fixing style errors. --- htdocs/expedition/list.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index 7640d94cf2b..16963f3fb51 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -638,8 +638,7 @@ if (!empty($arrayfields['e.date_delivery']['checked'])) { print ''; print ''; } -if (!empty($arrayfields['e.shipping_method_id']['checked'])) -{ +if (!empty($arrayfields['e.shipping_method_id']['checked'])) { // Delivery method print ''; $shipment->fetch_delivery_methods(); @@ -885,12 +884,11 @@ while ($i < min($num, $limit)) { print dol_print_date($db->jdate($obj->delivery_date), "dayhour"); print "\n"; } - if (!empty($arrayfields['e.shipping_method_id']['checked'])) - { + if (!empty($arrayfields['e.shipping_method_id']['checked'])) { // Get code using getLabelFromKey $code=$langs->getLabelFromKey($db, $shipment->shipping_method_id, 'c_shipment_mode', 'rowid', 'code'); print ''; - if($shipment->shipping_method_id > 0) print $langs->trans("SendingMethod".strtoupper($code)); + if ($shipment->shipping_method_id > 0) print $langs->trans("SendingMethod".strtoupper($code)); print ''; } // Tracking number From 6b3b6fd50843703e2820906b874e78b655351a7e Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Mon, 9 Aug 2021 18:01:43 +0200 Subject: [PATCH 005/215] ok --- htdocs/admin/pdf_other.php | 10 ++++++++++ .../core/modules/propale/doc/pdf_azur.modules.php | 13 +++++++++---- htdocs/langs/en_US/admin.lang | 1 + 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/htdocs/admin/pdf_other.php b/htdocs/admin/pdf_other.php index ed14f2ac119..c30765f6162 100644 --- a/htdocs/admin/pdf_other.php +++ b/htdocs/admin/pdf_other.php @@ -103,6 +103,16 @@ if ($conf->use_javascript_ajax) { } print ''; +print ''.$langs->trans("PDF_REF_IN_TITLE"); +print ''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('PDF_REF_IN_TITLE'); +} else { + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $form->selectarray("PDF_REF_IN_TITLE", $arrval, $conf->global->PDF_REF_IN_TITLE); +} +print ''; + /* print ''.$langs->trans("MAIN_PDF_PROPAL_USE_ELECTRONIC_SIGNING").''; if ($conf->use_javascript_ajax) { diff --git a/htdocs/core/modules/propale/doc/pdf_azur.modules.php b/htdocs/core/modules/propale/doc/pdf_azur.modules.php index b56fbc758db..49f72381357 100644 --- a/htdocs/core/modules/propale/doc/pdf_azur.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_azur.modules.php @@ -1473,16 +1473,21 @@ class pdf_azur extends ModelePDFPropales $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); + if(!empty($conf->global->PDF_REF_IN_TITLE)){ + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + } $pdf->MultiCell(100, 4, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); $posy += 5; - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + if(empty($conf->global->PDF_REF_IN_TITLE)){ + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); + $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); - $posy += 1; + $posy += 1; + } $pdf->SetFont('', '', $default_font_size - 2); if ($object->ref_client) { diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 98c9e954ac2..135c4d54040 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1992,6 +1992,7 @@ MAIN_PDF_MARGIN_TOP=Top margin on PDF MAIN_PDF_MARGIN_BOTTOM=Bottom margin on PDF MAIN_DOCUMENTS_LOGO_HEIGHT=Height for logo on PDF MAIN_GENERATE_PROPOSALS_WITH_PICTURE=Add picture on proposal line +PDF_REF_IN_TITLE=Document ref in title MAIN_PDF_PROPAL_USE_ELECTRONIC_SIGNING=Add electronic sign in PDF NothingToSetup=There is no specific setup required for this module. SetToYesIfGroupIsComputationOfOtherGroups=Set this to yes if this group is a computation of other groups From adc6f883e2e704beed1fe1bf64b6131bc0cc1eed Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Mon, 9 Aug 2021 16:03:13 +0000 Subject: [PATCH 006/215] Fixing style errors. --- htdocs/core/modules/propale/doc/pdf_azur.modules.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/modules/propale/doc/pdf_azur.modules.php b/htdocs/core/modules/propale/doc/pdf_azur.modules.php index 49f72381357..a3883cea5d5 100644 --- a/htdocs/core/modules/propale/doc/pdf_azur.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_azur.modules.php @@ -1473,7 +1473,7 @@ class pdf_azur extends ModelePDFPropales $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); - if(!empty($conf->global->PDF_REF_IN_TITLE)){ + if (!empty($conf->global->PDF_REF_IN_TITLE)) { $title .= " " . $outputlangs->convToOutputCharset($object->ref); } $pdf->MultiCell(100, 4, $title, '', 'R'); @@ -1481,7 +1481,7 @@ class pdf_azur extends ModelePDFPropales $pdf->SetFont('', 'B', $default_font_size); $posy += 5; - if(empty($conf->global->PDF_REF_IN_TITLE)){ + if (empty($conf->global->PDF_REF_IN_TITLE)) { $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); From 366625f300fc161ac234950928a2fe6940261025 Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Tue, 10 Aug 2021 09:50:14 +0200 Subject: [PATCH 007/215] const --- htdocs/admin/pdf.php | 12 ++++++++++++ htdocs/admin/pdf_other.php | 10 ---------- htdocs/core/modules/propale/doc/pdf_azur.modules.php | 4 ++-- htdocs/langs/en_US/admin.lang | 2 +- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index cee63fd91fd..d966f9546e1 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -349,6 +349,18 @@ if ($conf->use_javascript_ajax) { } print ''; +// Document ref in title + +print ''.$langs->trans("MAIN_PDF_REF_IN_TITLE"); +print ''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('MAIN_PDF_REF_IN_TITLE'); +} else { + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $form->selectarray("MAIN_PDF_REF_IN_TITLE", $arrval, $conf->global->MAIN_PDF_REF_IN_TITLE); +} +print ''; + // Place customer adress to the ISO location print ''.$langs->trans("PlaceCustomerAddressToIsoLocation").''; diff --git a/htdocs/admin/pdf_other.php b/htdocs/admin/pdf_other.php index c30765f6162..ed14f2ac119 100644 --- a/htdocs/admin/pdf_other.php +++ b/htdocs/admin/pdf_other.php @@ -103,16 +103,6 @@ if ($conf->use_javascript_ajax) { } print ''; -print ''.$langs->trans("PDF_REF_IN_TITLE"); -print ''; -if ($conf->use_javascript_ajax) { - print ajax_constantonoff('PDF_REF_IN_TITLE'); -} else { - $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); - print $form->selectarray("PDF_REF_IN_TITLE", $arrval, $conf->global->PDF_REF_IN_TITLE); -} -print ''; - /* print ''.$langs->trans("MAIN_PDF_PROPAL_USE_ELECTRONIC_SIGNING").''; if ($conf->use_javascript_ajax) { diff --git a/htdocs/core/modules/propale/doc/pdf_azur.modules.php b/htdocs/core/modules/propale/doc/pdf_azur.modules.php index a3883cea5d5..a36833a57c6 100644 --- a/htdocs/core/modules/propale/doc/pdf_azur.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_azur.modules.php @@ -1473,7 +1473,7 @@ class pdf_azur extends ModelePDFPropales $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); - if (!empty($conf->global->PDF_REF_IN_TITLE)) { + if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { $title .= " " . $outputlangs->convToOutputCharset($object->ref); } $pdf->MultiCell(100, 4, $title, '', 'R'); @@ -1481,7 +1481,7 @@ class pdf_azur extends ModelePDFPropales $pdf->SetFont('', 'B', $default_font_size); $posy += 5; - if (empty($conf->global->PDF_REF_IN_TITLE)) { + if (empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 135c4d54040..9bd9ba05f42 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1992,7 +1992,7 @@ MAIN_PDF_MARGIN_TOP=Top margin on PDF MAIN_PDF_MARGIN_BOTTOM=Bottom margin on PDF MAIN_DOCUMENTS_LOGO_HEIGHT=Height for logo on PDF MAIN_GENERATE_PROPOSALS_WITH_PICTURE=Add picture on proposal line -PDF_REF_IN_TITLE=Document ref in title +MAIN_PDF_REF_IN_TITLE=Document ref in title MAIN_PDF_PROPAL_USE_ELECTRONIC_SIGNING=Add electronic sign in PDF NothingToSetup=There is no specific setup required for this module. SetToYesIfGroupIsComputationOfOtherGroups=Set this to yes if this group is a computation of other groups From 08f21e3fc46e7314230f15be50895ef9791c349d Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Tue, 10 Aug 2021 10:23:56 +0200 Subject: [PATCH 008/215] FIX: invoice validation: when checking if any vat rate has a negative amount, prevent false positives with -1E-14 amounts --- htdocs/compta/facture/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index fe5d5c3ab0a..d3cddeb6095 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -318,8 +318,8 @@ if (empty($reshook)) //var_dump($array_of_total_ht_per_vat_rate);exit; foreach ($array_of_total_ht_per_vat_rate as $vatrate => $tmpvalue) { - $tmp_total_ht = $array_of_total_ht_per_vat_rate[$vatrate]; - $tmp_total_ht_devise = $array_of_total_ht_devise_per_vat_rate[$vatrate]; + $tmp_total_ht = price2num($array_of_total_ht_per_vat_rate[$vatrate]); + $tmp_total_ht_devise = price2num($array_of_total_ht_devise_per_vat_rate[$vatrate]); if (($tmp_total_ht < 0 || $tmp_total_ht_devise < 0) && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES)) { From 133bb0e699893191e07e4b6647b79a35baa04968 Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Tue, 10 Aug 2021 13:28:36 +0200 Subject: [PATCH 009/215] yes/no save --- htdocs/admin/pdf.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index d966f9546e1..e6dba5357cd 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -88,6 +88,8 @@ if ($action == 'update') { if (GETPOSTISSET('MAIN_DOCUMENTS_LOGO_HEIGHT')) dolibarr_set_const($db, "MAIN_DOCUMENTS_LOGO_HEIGHT", GETPOST("MAIN_DOCUMENTS_LOGO_HEIGHT", 'int'), 'chaine', 0, '', $conf->entity); if (GETPOSTISSET('MAIN_INVERT_SENDER_RECIPIENT')) dolibarr_set_const($db, "MAIN_INVERT_SENDER_RECIPIENT", GETPOST("MAIN_INVERT_SENDER_RECIPIENT"), 'chaine', 0, '', $conf->entity); + if (GETPOSTISSET('MAIN_PDF_REF_IN_TITLE')) dolibarr_set_const($db, "MAIN_PDF_REF_IN_TITLE", GETPOST("MAIN_PDF_REF_IN_TITLE"), 'chaine', 0, '', $conf->entity); + if (GETPOSTISSET('MAIN_PDF_USE_ISO_LOCATION')) dolibarr_set_const($db, "MAIN_PDF_USE_ISO_LOCATION", GETPOST("MAIN_PDF_USE_ISO_LOCATION"), 'chaine', 0, '', $conf->entity); if (GETPOSTISSET('MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS')) dolibarr_set_const($db, "MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS", GETPOST("MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS"), 'chaine', 0, '', $conf->entity); From 40329b9181a53e3eb05027dab70928f06a5b2334 Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Wed, 11 Aug 2021 12:59:34 +0200 Subject: [PATCH 010/215] other_doc --- .../modules/commande/doc/pdf_einstein.modules.php | 13 +++++++++---- .../modules/contract/doc/pdf_strato.modules.php | 11 ++++++++--- .../modules/expedition/doc/pdf_rouget.modules.php | 12 ++++++++---- .../core/modules/facture/doc/pdf_crabe.modules.php | 4 +++- .../modules/fichinter/doc/pdf_soleil.modules.php | 11 ++++++++--- 5 files changed, 36 insertions(+), 15 deletions(-) diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index bd6caafd15a..17fbe9cc9aa 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -1311,16 +1311,21 @@ class pdf_einstein extends ModelePDFCommandes $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities($titlekey); + if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + } $pdf->MultiCell($w, 3, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); $posy += 5; - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + if (empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); + $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); - $posy += 1; + $posy += 1; + } $pdf->SetFont('', '', $default_font_size - 1); if ($object->ref_client) { diff --git a/htdocs/core/modules/contract/doc/pdf_strato.modules.php b/htdocs/core/modules/contract/doc/pdf_strato.modules.php index c440cbf1cba..818a6aae64a 100644 --- a/htdocs/core/modules/contract/doc/pdf_strato.modules.php +++ b/htdocs/core/modules/contract/doc/pdf_strato.modules.php @@ -640,14 +640,19 @@ class pdf_strato extends ModelePDFContract $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("ContractCard"); + if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + } $pdf->MultiCell(100, 4, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size + 2); $posy += 5; - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + if (empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); + $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + } $posy += 1; $pdf->SetFont('', '', $default_font_size); diff --git a/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php b/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php index 79ceb166eed..b38bea345d3 100644 --- a/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php @@ -953,15 +953,19 @@ class pdf_rouget extends ModelePdfExpedition $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("SendingSheet"); + if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + } $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', '', $default_font_size + 1); $posy += 5; - - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $pdf->MultiCell($w, 4, $outputlangs->transnoentities("RefSending")." : ".$object->ref, '', 'R'); + if (empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); + $pdf->MultiCell($w, 4, $outputlangs->transnoentities("RefSending")." : ".$object->ref, '', 'R'); + } // Date planned delivery if (!empty($object->date_delivery)) { diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index a01fab1dacf..0c9abb866a1 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -985,7 +985,9 @@ class pdf_crabe extends ModelePDFFactures if ($object->type == 2) { $title = $outputlangs->transnoentities("PaymentsBackAlreadyDone"); } - + if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + } $pdf->SetFont('', '', $default_font_size - 3); $pdf->SetXY($tab3_posx, $tab3_top - 4); $pdf->MultiCell(60, 3, $title, 0, 'L', 0); diff --git a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php index 08d57587625..23afd0e057a 100644 --- a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php +++ b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php @@ -596,14 +596,19 @@ class pdf_soleil extends ModelePDFFicheinter $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("InterventionCard"); + if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + } $pdf->MultiCell(100, 4, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size + 2); $posy += 5; - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + if (empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); + $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + } $posy += 1; $pdf->SetFont('', '', $default_font_size); From 3e2b4b45c153b29a5a90c593230056a78ed46665 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Wed, 11 Aug 2021 11:00:11 +0000 Subject: [PATCH 011/215] Fixing style errors. --- htdocs/core/modules/contract/doc/pdf_strato.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/contract/doc/pdf_strato.modules.php b/htdocs/core/modules/contract/doc/pdf_strato.modules.php index 818a6aae64a..52533faf056 100644 --- a/htdocs/core/modules/contract/doc/pdf_strato.modules.php +++ b/htdocs/core/modules/contract/doc/pdf_strato.modules.php @@ -652,7 +652,7 @@ class pdf_strato extends ModelePDFContract $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); - } + } $posy += 1; $pdf->SetFont('', '', $default_font_size); From fb42e3f47330f8390a0ccc7fdf0b61332ba790ba Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Wed, 11 Aug 2021 18:25:48 +0200 Subject: [PATCH 012/215] add_doc --- htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php | 3 +++ htdocs/core/modules/expedition/doc/pdf_espadon.modules.php | 3 +++ htdocs/core/modules/facture/doc/pdf_sponge.modules.php | 3 +++ htdocs/core/modules/propale/doc/pdf_cyan.modules.php | 3 +++ 4 files changed, 12 insertions(+) diff --git a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php index 83ccd391bd9..344b5842008 100644 --- a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php @@ -1482,6 +1482,9 @@ class pdf_eratosthene extends ModelePDFCommandes $title .= ' - '; $title .= $outputlangsbis->transnoentities($titlekey); } + if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + } $pdf->MultiCell($w, 3, $title, '', 'R'); diff --git a/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php b/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php index f6f4b0b1a2a..4b20425254e 100644 --- a/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php @@ -1003,6 +1003,9 @@ class pdf_espadon extends ModelePdfExpedition $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("SendingSheet"); + if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + } $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', '', $default_font_size + 1); diff --git a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php index 401309c22e5..069581e496a 100644 --- a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php @@ -986,6 +986,9 @@ class pdf_sponge extends ModelePDFFactures if ($object->type == 2) { $title = $outputlangs->transnoentities("PaymentsBackAlreadyDone"); } + if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + } $pdf->SetFont('', '', $default_font_size - 3); $pdf->SetXY($tab3_posx, $tab3_top - 4); diff --git a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php index f75f5ecab56..d1f86050473 100644 --- a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php @@ -1574,6 +1574,9 @@ class pdf_cyan extends ModelePDFPropales $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); + if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + } $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); From f88abb9a6f80f0df4873f6a11b9001c6c84d7334 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sun, 15 Aug 2021 07:32:46 +0200 Subject: [PATCH 013/215] Add parenthesis --- htdocs/core/class/html.formmargin.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/html.formmargin.class.php b/htdocs/core/class/html.formmargin.class.php index e571f7cc68c..b9ce03a6074 100644 --- a/htdocs/core/class/html.formmargin.class.php +++ b/htdocs/core/class/html.formmargin.class.php @@ -98,8 +98,8 @@ class FormMargin $pv = $line->total_ht; $pa_ht = ($pv < 0 ? -$line->pa_ht : $line->pa_ht); // We choosed to have line->pa_ht always positive in database, so we guess the correct sign - if ($object->element == 'facture' && $object->type == $object::TYPE_SITUATION - || $object->element == 'facture' && $object->type == $object::TYPE_CREDIT_NOTE && $conf->global->INVOICE_USE_SITUATION_CREDIT_NOTE && $object->situation_counter > 0) { + if (($object->element == 'facture' && $object->type == $object::TYPE_SITUATION) + || ($object->element == 'facture' && $object->type == $object::TYPE_CREDIT_NOTE && $conf->global->INVOICE_USE_SITUATION_CREDIT_NOTE && $object->situation_counter > 0)) { $pa = $line->qty * $pa_ht * ($line->situation_percent / 100); } else { $pa = $line->qty * $pa_ht; From ceaaff0186455528c266caf9b1633b0b314d84da Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 17 Aug 2021 18:05:34 +0200 Subject: [PATCH 014/215] Sellby always before Eatby #18361 --- htdocs/reception/card.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 24144365256..40444faacb7 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -1827,12 +1827,12 @@ if ($action == 'create') { print '
'; if (empty($conf->global->PRODUCT_DISABLE_SELLBY)) { - print $langs->trans('EatByDate').' : '; - print $form->selectDate($lines[$i]->eatby, 'dlc'.$line_id, '', '', 1, "").'
'; + print $langs->trans('SellByDate').' : '; + print $form->selectDate($lines[$i]->sellby, 'dlc'.$line_id, '', '', 1, "").'
'; } if (empty($conf->global->PRODUCT_DISABLE_EATBY)) { - print $langs->trans('SellByDate').' : '; - print $form->selectDate($lines[$i]->sellby, 'dluo'.$line_id, '', '', 1, ""); + print $langs->trans('EatByDate').' : '; + print $form->selectDate($lines[$i]->eatby, 'dluo'.$line_id, '', '', 1, ""); } print ''; } From 797372cac24afb34c52040446fcf3435eef3e690 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 18 Aug 2021 22:30:33 +0200 Subject: [PATCH 015/215] NEW Supplier order - Add From/to input on search date --- htdocs/fourn/commande/list.php | 189 ++++++++++++++++++++++----------- 1 file changed, 129 insertions(+), 60 deletions(-) diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index d1946cc9b4c..0bf70f7da48 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -1,14 +1,15 @@ - * Copyright (C) 2004-2016 Laurent Destailleur - * Copyright (C) 2005-2012 Regis Houssin - * Copyright (C) 2013 Cédric Salvador - * Copyright (C) 2014 Marcos García - * Copyright (C) 2014 Juanjo Menent - * Copyright (C) 2016 Ferran Marcet - * Copyright (C) 2018-2021 Frédéric France - * Copyright (C) 2018-2020 Charlene Benke - * Copyright (C) 2019 Nicolas ZABOURI +/* Copyright (C) 2001-2006 Rodolphe Quiedeville + * Copyright (C) 2004-2016 Laurent Destailleur + * Copyright (C) 2005-2012 Regis Houssin + * Copyright (C) 2013 Cédric Salvador + * Copyright (C) 2014 Marcos García + * Copyright (C) 2014 Juanjo Menent + * Copyright (C) 2016 Ferran Marcet + * Copyright (C) 2018-2021 Frédéric France + * Copyright (C) 2018-2020 Charlene Benke + * Copyright (C) 2019 Nicolas Zabouri + * Copyright (C) 2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -52,12 +53,22 @@ $confirm = GETPOST('confirm', 'alpha'); $toselect = GETPOST('toselect', 'array'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'supplierorderlist'; -$search_orderyear = GETPOST("search_orderyear", "int"); -$search_ordermonth = GETPOST("search_ordermonth", "int"); -$search_orderday = GETPOST("search_orderday", "int"); -$search_deliveryyear = GETPOST("search_deliveryyear", "int"); -$search_deliverymonth = GETPOST("search_deliverymonth", "int"); -$search_deliveryday = GETPOST("search_deliveryday", "int"); +$search_date_order_startday = GETPOST('search_date_order_startday', 'int'); +$search_date_order_startmonth = GETPOST('search_date_order_startmonth', 'int'); +$search_date_order_startyear = GETPOST('search_date_order_startyear', 'int'); +$search_date_order_endday = GETPOST('search_date_order_endday', 'int'); +$search_date_order_endmonth = GETPOST('search_date_order_endmonth', 'int'); +$search_date_order_endyear = GETPOST('search_date_order_endyear', 'int'); +$search_date_order_start = dol_mktime(0, 0, 0, $search_date_order_startmonth, $search_date_order_startday, $search_date_order_startyear); // Use tzserver +$search_date_order_end = dol_mktime(23, 59, 59, $search_date_order_endmonth, $search_date_order_endday, $search_date_order_endyear); +$search_date_delivery_startday = GETPOST('search_date_delivery_startday', 'int'); +$search_date_delivery_startmonth = GETPOST('search_date_delivery_startmonth', 'int'); +$search_date_delivery_startyear = GETPOST('search_date_delivery_startyear', 'int'); +$search_date_delivery_endday = GETPOST('search_date_delivery_endday', 'int'); +$search_date_delivery_endmonth = GETPOST('search_date_delivery_endmonth', 'int'); +$search_date_delivery_endyear = GETPOST('search_date_delivery_endyear', 'int'); +$search_date_delivery_start = dol_mktime(0, 0, 0, $search_date_delivery_startmonth, $search_date_delivery_startday, $search_date_delivery_startyear); // Use tzserver +$search_date_delivery_end = dol_mktime(23, 59, 59, $search_date_delivery_endmonth, $search_date_delivery_endday, $search_date_delivery_endyear); $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); @@ -235,12 +246,22 @@ if (empty($reshook)) { $search_multicurrency_montant_ttc = ''; $search_project_ref = ''; $search_status = -1; - $search_orderyear = ''; - $search_ordermonth = ''; - $search_orderday = ''; - $search_deliveryday = ''; - $search_deliverymonth = ''; - $search_deliveryyear = ''; + $search_date_order_startday = ''; + $search_date_order_startmonth = ''; + $search_date_order_startyear = ''; + $search_date_order_endday = ''; + $search_date_order_endmonth = ''; + $search_date_order_endyear = ''; + $search_date_order_start = ''; + $search_date_order_end = ''; + $search_date_delivery_startday = ''; + $search_date_delivery_startmonth = ''; + $search_date_delivery_startyear = ''; + $search_date_delivery_endday = ''; + $search_date_delivery_endmonth = ''; + $search_date_delivery_endyear = ''; + $search_date_delivery_start = ''; + $search_date_delivery_end = ''; $billed = ''; $search_billed = ''; $toselect = ''; @@ -494,23 +515,41 @@ if (empty($reshook)) { if ($search_status != '') { $param .= '&search_status='.urlencode($search_status); } - if ($search_orderday) { - $param .= '&search_orderday='.urlencode($search_orderday); + if ($search_date_order_startday) { + $param .= '&search_date_order_startday='.urlencode($search_date_order_startday); } - if ($search_ordermonth) { - $param .= '&search_ordermonth='.urlencode($search_ordermonth); + if ($search_date_order_startmonth) { + $param .= '&search_date_order_startmonth='.urlencode($search_date_order_startmonth); } - if ($search_orderyear) { - $param .= '&search_orderyear='.urlencode($search_orderyear); + if ($search_date_order_startyear) { + $param .= '&search_date_order_startyear='.urlencode($search_date_order_startyear); } - if ($search_deliveryday) { - $param .= '&search_deliveryday='.urlencode($search_deliveryday); + if ($search_date_order_endday) { + $param .= '&search_date_order_endday='.urlencode($search_date_order_endday); } - if ($search_deliverymonth) { - $param .= '&search_deliverymonth='.urlencode($search_deliverymonth); + if ($search_date_order_endmonth) { + $param .= '&search_date_order_endmonth='.urlencode($search_date_order_endmonth); } - if ($search_deliveryyear) { - $param .= '&search_deliveryyear='.urlencode($search_deliveryyear); + if ($search_date_order_endyear) { + $param .= '&search_date_order_endyear='.urlencode($search_date_order_endyear); + } + if ($search_date_delivery_startday) { + $param .= '&search_date_delivery_startday='.urlencode($search_date_delivery_startday); + } + if ($search_date_delivery_startmonth) { + $param .= '&search_date_delivery_startmonth='.urlencode($search_date_delivery_startmonth); + } + if ($search_date_delivery_startyear) { + $param .= '&search_date_delivery_startyear='.urlencode($search_date_delivery_startyear); + } + if ($search_date_delivery_endday) { + $param .= '&search_date_delivery_endday='.urlencode($search_date_delivery_endday); + } + if ($search_date_delivery_endmonth) { + $param .= '&search_date_delivery_endmonth='.urlencode($search_date_delivery_endmonth); + } + if ($search_date_delivery_endyear) { + $param .= '&search_date_delivery_endyear='.urlencode($search_date_delivery_endyear); } if ($search_ref) { $param .= '&search_ref='.urlencode($search_ref); @@ -684,8 +723,18 @@ if (GETPOST('statut', 'intcomma') !== '') { if ($search_status != '' && $search_status != '-1') { $sql .= " AND cf.fk_statut IN (".$db->sanitize($db->escape($search_status)).")"; } -$sql .= dolSqlDateFilter("cf.date_commande", $search_orderday, $search_ordermonth, $search_orderyear); -$sql .= dolSqlDateFilter("cf.date_livraison", $search_deliveryday, $search_deliverymonth, $search_deliveryyear); +if ($search_date_order_start) { + $sql .= " AND cf.date_commande >= '".$db->idate($search_date_order_start)."'"; +} +if ($search_date_order_end) { + $sql .= " AND cf.date_commande <= '".$db->idate($search_date_order_end)."'"; +} +if ($search_date_delivery_start) { + $sql .= " AND cf.date_livraison >= '".$db->idate($search_date_delivery_start)."'"; +} +if ($search_date_delivery_end) { + $sql .= " AND cf.date_livraison <= '".$db->idate($search_date_delivery_end)."'"; +} if ($search_town) { $sql .= natural_search('s.town', $search_town); } @@ -791,23 +840,41 @@ if ($resql) { if ($sall) { $param .= "&search_all=".urlencode($sall); } - if ($search_orderday) { - $param .= '&search_orderday='.urlencode($search_orderday); + if ($search_date_order_startday) { + $param .= '&search_date_order_startday='.urlencode($search_date_order_startday); } - if ($search_ordermonth) { - $param .= '&search_ordermonth='.urlencode($search_ordermonth); + if ($search_date_order_startmonth) { + $param .= '&search_date_order_startmonth='.urlencode($search_date_order_startmonth); } - if ($search_orderyear) { - $param .= '&search_orderyear='.urlencode($search_orderyear); + if ($search_date_order_startyear) { + $param .= '&search_date_order_startyear='.urlencode($search_date_order_startyear); } - if ($search_deliveryday) { - $param .= '&search_deliveryday='.urlencode($search_deliveryday); + if ($search_date_order_endday) { + $param .= '&search_date_order_endday='.urlencode($search_date_order_endday); } - if ($search_deliverymonth) { - $param .= '&search_deliverymonth='.urlencode($search_deliverymonth); + if ($search_date_order_endmonth) { + $param .= '&search_date_order_endmonth='.urlencode($search_date_order_endmonth); } - if ($search_deliveryyear) { - $param .= '&search_deliveryyear='.urlencode($search_deliveryyear); + if ($search_date_order_endyear) { + $param .= '&search_date_order_endyear='.urlencode($search_date_order_endyear); + } + if ($search_date_delivery_startday) { + $param .= '&search_date_delivery_startday='.urlencode($search_date_delivery_startday); + } + if ($search_date_delivery_startmonth) { + $param .= '&search_date_delivery_startmonth='.urlencode($search_date_delivery_startmonth); + } + if ($search_date_delivery_startyear) { + $param .= '&search_date_delivery_startyear='.urlencode($search_date_delivery_startyear); + } + if ($search_date_delivery_endday) { + $param .= '&search_date_delivery_endday='.urlencode($search_date_delivery_endday); + } + if ($search_date_delivery_endmonth) { + $param .= '&search_date_delivery_endmonth='.urlencode($search_date_delivery_endmonth); + } + if ($search_date_delivery_endyear) { + $param .= '&search_date_delivery_endyear='.urlencode($search_date_delivery_endyear); } if ($search_ref) { $param .= '&search_ref='.urlencode($search_ref); @@ -1073,22 +1140,24 @@ if ($resql) { } // Date order if (!empty($arrayfields['cf.date_commande']['checked'])) { - print ''; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - $formother->select_year($search_orderyear ? $search_orderyear : -1, 'search_orderyear', 1, 20, 5); + print ''; + print '
'; + print $form->selectDate($search_date_order_start ? $search_date_order_start : -1, 'search_date_order_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_order_end ? $search_date_order_end : -1, 'search_date_order_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; } // Date delivery if (!empty($arrayfields['cf.date_livraison']['checked'])) { - print ''; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - $formother->select_year($search_deliveryyear ? $search_deliveryyear : -1, 'search_deliveryyear', 1, 20, 5); + print ''; + print '
'; + print $form->selectDate($search_date_delivery_start ? $search_date_delivery_start : -1, 'search_date_delivery_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_delivery_end ? $search_date_delivery_end : -1, 'search_date_delivery_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; } if (!empty($arrayfields['cf.total_ht']['checked'])) { From 954676b04b5eda225ec98d8a70c6d1d00e8b81b9 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Thu, 19 Aug 2021 04:47:08 +0200 Subject: [PATCH 016/215] NEW Contract - Add From/to input on search date --- htdocs/contrat/list.php | 67 ++++++++++++++++++++++++++++++----------- 1 file changed, 49 insertions(+), 18 deletions(-) diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index a744b2c1bf7..c533044c3d1 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -7,7 +7,8 @@ * Copyright (C) 2015 Claudio Aschieri * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2016-2018 Ferran Marcet - * Copyright (C) 2019 Nicolas ZABOURI + * Copyright (C) 2019 Nicolas Zabouri + * Copyright (C) 2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -66,9 +67,14 @@ $search_product_category = GETPOST('search_product_category', 'int'); $search_dfmonth = GETPOST('search_dfmonth', 'int'); $search_dfyear = GETPOST('search_dfyear', 'int'); $search_op2df = GETPOST('search_op2df', 'alpha'); -$day = GETPOST("day", "int"); -$year = GETPOST("year", "int"); -$month = GETPOST("month", "int"); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); $optioncss = GETPOST('optioncss', 'alpha'); @@ -171,9 +177,6 @@ include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php'; // Purge search criteria if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers - $day = ''; - $month = ''; - $year = ''; $search_dfmonth = ''; $search_dfyear = ''; $search_op2df = ''; @@ -190,6 +193,14 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_user = ''; $search_sale = ''; $search_product_category = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; $sall = ""; $search_status = ""; $toselect = ''; @@ -273,7 +284,12 @@ if ($socid) { if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } -$sql .= dolSqlDateFilter('c.date_contrat', $day, $month, $year); +if ($search_date_start) { + $sql .= " AND c.date_contrat >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND c.date_contrat <= '".$db->idate($search_date_end)."'"; +} if ($search_name) { $sql .= natural_search('s.nom', $search_name); } @@ -415,6 +431,24 @@ if ($search_ref_supplier != '') { if ($search_op2df != '') { $param .= '&search_op2df='.urlencode($search_op2df); } +if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); +} +if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); +} +if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); +} +if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); +} +if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); +} +if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); +} if ($search_dfyear != '') { $param .= '&search_dfyear='.urlencode($search_dfyear); } @@ -594,16 +628,13 @@ if (!empty($arrayfields['sale_representative']['checked'])) { print ''; } if (!empty($arrayfields['c.date_contrat']['checked'])) { - // Date contract - print ''; - //print $langs->trans('Month').': '; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - //print ' '.$langs->trans('Year').': '; - $syear = $year; - print $formother->selectyear($syear, 'year', 1, 20, 5); + print ''; + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; } // Extra fields From e570c223983deab2c43724da8047aa51d1975f07 Mon Sep 17 00:00:00 2001 From: Erik van Berkum Date: Thu, 19 Aug 2021 17:09:18 +0900 Subject: [PATCH 017/215] Fix: TechnicalID displayed 2 times in both MO and BOM the PR hides 1. --- htdocs/bom/class/bom.class.php | 2 +- htdocs/mrp/class/mo.class.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 3996b5e49bd..583c4b7539c 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -94,7 +94,7 @@ class BOM extends CommonObject * @var array Array with all fields and their property. Do not use it as a static var. It may be modified by constructor. */ public $fields = array( - 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'position'=>1, 'notnull'=>1, 'index'=>1, 'comment'=>"Id",), + 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>0, 'position'=>1, 'notnull'=>1, 'index'=>1, 'comment'=>"Id",), 'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'notnull'=> 1, 'default'=>1, 'index'=>1, 'position'=>5), 'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'noteditable'=>1, 'visible'=>4, 'position'=>10, 'notnull'=>1, 'default'=>'(PROV)', 'index'=>1, 'searchall'=>1, 'comment'=>"Reference of BOM", 'showoncombobox'=>'1',), 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'notnull'=>1, 'searchall'=>1, 'showoncombobox'=>'2', 'autofocusoncreate'=>1, 'css'=>'maxwidth300', 'csslist'=>'tdoverflowmax200'), diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index df5dcba60ad..f02b89648af 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -97,7 +97,7 @@ class Mo extends CommonObject * @var array Array with all fields and their property. Do not use it as a static var. It may be modified by constructor. */ public $fields = array( - 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'position'=>1, 'notnull'=>1, 'index'=>1, 'comment'=>"Id",), + 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>0, 'position'=>1, 'notnull'=>1, 'index'=>1, 'comment'=>"Id",), 'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'position'=>5, 'notnull'=>1, 'default'=>'1', 'index'=>1), 'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>4, 'position'=>10, 'notnull'=>1, 'default'=>'(PROV)', 'index'=>1, 'searchall'=>1, 'comment'=>"Reference of object", 'showoncombobox'=>'1', 'noteditable'=>1), 'fk_bom' => array('type'=>'integer:Bom:bom/class/bom.class.php:0:t.status=1', 'filter'=>'active=1', 'label'=>'BOM', 'enabled'=>1, 'visible'=>1, 'position'=>33, 'notnull'=>-1, 'index'=>1, 'comment'=>"Original BOM", 'css'=>'minwidth100 maxwidth300', 'csslist'=>'nowraponall'), From 10c445cf6a59bc8b36fe7eb5a7bede1222ddd4f9 Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Thu, 19 Aug 2021 16:13:41 +0200 Subject: [PATCH 018/215] default ref in title --- .../commande/doc/pdf_einstein.modules.php | 16 +++------------- .../commande/doc/pdf_eratosthene.modules.php | 5 ++--- .../contract/doc/pdf_strato.modules.php | 18 ++++-------------- .../expedition/doc/pdf_espadon.modules.php | 6 +++--- .../expedition/doc/pdf_rouget.modules.php | 15 ++++----------- .../modules/facture/doc/pdf_crabe.modules.php | 6 +++--- .../modules/facture/doc/pdf_sponge.modules.php | 5 ++--- .../fichinter/doc/pdf_soleil.modules.php | 15 +++------------ .../modules/propale/doc/pdf_azur.modules.php | 6 +++--- .../modules/propale/doc/pdf_cyan.modules.php | 6 ++---- 10 files changed, 29 insertions(+), 69 deletions(-) diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index afa31dac57d..22a6955aa48 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -1311,21 +1311,11 @@ class pdf_einstein extends ModelePDFCommandes $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities($titlekey); - if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - } + + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + $pdf->MultiCell($w, 3, $title, '', 'R'); - $pdf->SetFont('', 'B', $default_font_size); - - $posy += 5; - if (empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); - - $posy += 1; - } $pdf->SetFont('', '', $default_font_size - 1); if ($object->ref_client) { diff --git a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php index 8ddc675925c..f689ed95734 100644 --- a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php @@ -1482,9 +1482,8 @@ class pdf_eratosthene extends ModelePDFCommandes $title .= ' - '; $title .= $outputlangsbis->transnoentities($titlekey); } - if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - } + + $title .= " " . $outputlangs->convToOutputCharset($object->ref); $pdf->MultiCell($w, 3, $title, '', 'R'); diff --git a/htdocs/core/modules/contract/doc/pdf_strato.modules.php b/htdocs/core/modules/contract/doc/pdf_strato.modules.php index e046f829486..d3d0f1905ff 100644 --- a/htdocs/core/modules/contract/doc/pdf_strato.modules.php +++ b/htdocs/core/modules/contract/doc/pdf_strato.modules.php @@ -640,24 +640,14 @@ class pdf_strato extends ModelePDFContract $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("ContractCard"); - if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - } + + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + $pdf->MultiCell(100, 4, $title, '', 'R'); - $pdf->SetFont('', 'B', $default_font_size + 2); - - $posy += 5; - if (empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); - } - - $posy += 1; $pdf->SetFont('', '', $default_font_size); - $posy += 4; + $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell(100, 3, $outputlangs->transnoentities("Date")." : ".dol_print_date($object->date_contrat, "day", false, $outputlangs, true), '', 'R'); diff --git a/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php b/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php index 4042809a870..3ea72178622 100644 --- a/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php @@ -1003,9 +1003,9 @@ class pdf_espadon extends ModelePdfExpedition $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("SendingSheet"); - if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - } + + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', '', $default_font_size + 1); diff --git a/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php b/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php index 6024f07f8be..979b34a4b83 100644 --- a/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php @@ -953,23 +953,16 @@ class pdf_rouget extends ModelePdfExpedition $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("SendingSheet"); - if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - } + + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', '', $default_font_size + 1); - $posy += 5; - if (empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $pdf->MultiCell($w, 4, $outputlangs->transnoentities("RefSending")." : ".$object->ref, '', 'R'); - } - // Date planned delivery if (!empty($object->date_delivery)) { - $posy += 4; + $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell($w, 4, $outputlangs->transnoentities("DateDeliveryPlanned")." : ".dol_print_date($object->date_delivery, "day", false, $outputlangs, true), '', 'R'); diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index 832033cb932..98d62204bd4 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -985,9 +985,9 @@ class pdf_crabe extends ModelePDFFactures if ($object->type == 2) { $title = $outputlangs->transnoentities("PaymentsBackAlreadyDone"); } - if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - } + + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + $pdf->SetFont('', '', $default_font_size - 3); $pdf->SetXY($tab3_posx, $tab3_top - 4); $pdf->MultiCell(60, 3, $title, 0, 'L', 0); diff --git a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php index bf81a83d9ad..65d5e57f9e4 100644 --- a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php @@ -986,9 +986,8 @@ class pdf_sponge extends ModelePDFFactures if ($object->type == 2) { $title = $outputlangs->transnoentities("PaymentsBackAlreadyDone"); } - if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - } + + $title .= " " . $outputlangs->convToOutputCharset($object->ref); $pdf->SetFont('', '', $default_font_size - 3); $pdf->SetXY($tab3_posx, $tab3_top - 4); diff --git a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php index e89d86cacdd..8710c67dda1 100644 --- a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php +++ b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php @@ -596,24 +596,15 @@ class pdf_soleil extends ModelePDFFicheinter $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("InterventionCard"); - if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - } + + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + $pdf->MultiCell(100, 4, $title, '', 'R'); - $pdf->SetFont('', 'B', $default_font_size + 2); - $posy += 5; - if (empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); - } - $posy += 1; $pdf->SetFont('', '', $default_font_size); - $posy += 4; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell(100, 3, $outputlangs->transnoentities("Date")." : ".dol_print_date($object->datec, "day", false, $outputlangs, true), '', 'R'); diff --git a/htdocs/core/modules/propale/doc/pdf_azur.modules.php b/htdocs/core/modules/propale/doc/pdf_azur.modules.php index bd966458b2a..e86d6208bf1 100644 --- a/htdocs/core/modules/propale/doc/pdf_azur.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_azur.modules.php @@ -1473,9 +1473,9 @@ class pdf_azur extends ModelePDFPropales $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); - if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - } + + $title .= " " . $outputlangs->convToOutputCharset($object->ref); + $pdf->MultiCell(100, 4, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); diff --git a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php index 5fe4685a469..39211dde470 100644 --- a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php @@ -1573,10 +1573,8 @@ class pdf_cyan extends ModelePDFPropales $pdf->SetFont('', 'B', $default_font_size + 3); $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); - $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); - if (!empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - } + $title = $outputlangs->transnoentities("PdfCommercialProposalTitle") . " " . $outputlangs->convToOutputCharset($object->ref); + $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); From 58b50d02c752f76f4d7f6f1281594afdc0af9dcd Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Thu, 19 Aug 2021 16:43:35 +0200 Subject: [PATCH 019/215] default ref in title 2 --- .../commande/doc/pdf_einstein.modules.php | 3 ++- .../commande/doc/pdf_eratosthene.modules.php | 16 ++-------------- .../expedition/doc/pdf_espadon.modules.php | 7 ------- .../expedition/doc/pdf_rouget.modules.php | 3 ++- .../modules/propale/doc/pdf_azur.modules.php | 12 +----------- .../modules/propale/doc/pdf_cyan.modules.php | 19 ++++--------------- 6 files changed, 11 insertions(+), 49 deletions(-) diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index 22a6955aa48..2a1f283a02c 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -1317,9 +1317,10 @@ class pdf_einstein extends ModelePDFCommandes $pdf->MultiCell($w, 3, $title, '', 'R'); $pdf->SetFont('', '', $default_font_size - 1); + $posy += 2; if ($object->ref_client) { - $posy += 5; + $posy += 3; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell($w, 3, $outputlangs->transnoentities("RefCustomer")." : ".$outputlangs->convToOutputCharset($object->ref_client), '', 'R'); diff --git a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php index f689ed95734..b8622fe3b26 100644 --- a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php @@ -1487,23 +1487,11 @@ class pdf_eratosthene extends ModelePDFCommandes $pdf->MultiCell($w, 3, $title, '', 'R'); - $pdf->SetFont('', 'B', $default_font_size); - - $posy += 5; - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $textref = $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref); - if ($object->statut == $object::STATUS_DRAFT) { - $pdf->SetTextColor(128, 0, 0); - $textref .= ' - '.$outputlangs->transnoentities("NotValidated"); - } - $pdf->MultiCell($w, 4, $textref, '', 'R'); - - $posy += 1; $pdf->SetFont('', '', $default_font_size - 2); + $posy += 2; if ($object->ref_client) { - $posy += 4; + $posy += 3; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell($w, 3, $outputlangs->transnoentities("RefCustomer")." : ".$outputlangs->convToOutputCharset($object->ref_client), '', 'R'); diff --git a/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php b/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php index 3ea72178622..c20ffec1d72 100644 --- a/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php @@ -1003,19 +1003,12 @@ class pdf_espadon extends ModelePdfExpedition $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("SendingSheet"); - $title .= " " . $outputlangs->convToOutputCharset($object->ref); $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', '', $default_font_size + 1); - $posy += 5; - - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $pdf->MultiCell($w, 4, $outputlangs->transnoentities("RefSending")." : ".$object->ref, '', 'R'); - // Date planned delivery if (!empty($object->date_delivery)) { $posy += 4; diff --git a/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php b/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php index 979b34a4b83..1b2b35e8562 100644 --- a/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php @@ -959,10 +959,11 @@ class pdf_rouget extends ModelePdfExpedition $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', '', $default_font_size + 1); + $posy += 1; // Date planned delivery if (!empty($object->date_delivery)) { - $posy += 5; + $posy += 4; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell($w, 4, $outputlangs->transnoentities("DateDeliveryPlanned")." : ".dol_print_date($object->date_delivery, "day", false, $outputlangs, true), '', 'R'); diff --git a/htdocs/core/modules/propale/doc/pdf_azur.modules.php b/htdocs/core/modules/propale/doc/pdf_azur.modules.php index e86d6208bf1..9ea3e34511c 100644 --- a/htdocs/core/modules/propale/doc/pdf_azur.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_azur.modules.php @@ -1473,22 +1473,12 @@ class pdf_azur extends ModelePDFPropales $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); - $title .= " " . $outputlangs->convToOutputCharset($object->ref); $pdf->MultiCell(100, 4, $title, '', 'R'); - $pdf->SetFont('', 'B', $default_font_size); - - $posy += 5; - if (empty($conf->global->MAIN_PDF_REF_IN_TITLE)) { - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); - - $posy += 1; - } $pdf->SetFont('', '', $default_font_size - 2); + $posy += 1; if ($object->ref_client) { $posy += 4; diff --git a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php index 39211dde470..66096f4679b 100644 --- a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php @@ -1573,27 +1573,16 @@ class pdf_cyan extends ModelePDFPropales $pdf->SetFont('', 'B', $default_font_size + 3); $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); - $title = $outputlangs->transnoentities("PdfCommercialProposalTitle") . " " . $outputlangs->convToOutputCharset($object->ref); + $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); + $title .= " " . $outputlangs->convToOutputCharset($object->ref); $pdf->MultiCell($w, 4, $title, '', 'R'); - $pdf->SetFont('', 'B', $default_font_size); - - $posy += 5; - $pdf->SetXY($posx, $posy); - $pdf->SetTextColor(0, 0, 60); - $textref = $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref); - if ($object->statut == $object::STATUS_DRAFT) { - $pdf->SetTextColor(128, 0, 0); - $textref .= ' - '.$outputlangs->transnoentities("NotValidated"); - } - $pdf->MultiCell($w, 4, $textref, '', 'R'); - - $posy += 1; $pdf->SetFont('', '', $default_font_size - 2); + $posy += 2; if ($object->ref_client) { - $posy += 4; + $posy += 3; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell($w, 3, $outputlangs->transnoentities("RefCustomer")." : ".$outputlangs->convToOutputCharset($object->ref_client), '', 'R'); From c750c5f7cfdf88af490b80255355400ba7b4cb3b Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Thu, 19 Aug 2021 14:45:55 +0000 Subject: [PATCH 020/215] Fixing style errors. --- htdocs/core/modules/propale/doc/pdf_cyan.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php index 66096f4679b..703ebaa62f0 100644 --- a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php @@ -1575,7 +1575,7 @@ class pdf_cyan extends ModelePDFPropales $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); $title .= " " . $outputlangs->convToOutputCharset($object->ref); - + $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', '', $default_font_size - 2); From f50842cdef94a09f358077c2e266f76a05252829 Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Thu, 19 Aug 2021 18:16:58 +0200 Subject: [PATCH 021/215] cop --- htdocs/admin/pdf.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index 5e05e43ed28..ad58cb54137 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -4,6 +4,7 @@ * Copyright (C) 2005-2011 Regis Houssin * Copyright (C) 2012-2107 Juanjo Menent * Copyright (C) 2019 Ferran Marcet + * Copyright (C) 2021 Anthony Berton * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by From d706c3b1ec8130975423915ba9e13f4e018263b4 Mon Sep 17 00:00:00 2001 From: Christian Foellmann Date: Fri, 20 Aug 2021 14:41:30 +0200 Subject: [PATCH 022/215] use Forms::buttonsSaveCreate() to generate most of the Save|Cancel forms combination --- htdocs/accountancy/admin/card.php | 6 +- htdocs/accountancy/admin/fiscalyear_card.php | 6 +- htdocs/adherents/card.php | 16 +---- htdocs/adherents/subscription/card.php | 6 +- htdocs/adherents/type.php | 11 +-- htdocs/adherents/type_translation.php | 14 +--- htdocs/admin/accountant.php | 7 +- htdocs/admin/agenda.php | 4 +- htdocs/admin/agenda_other.php | 2 +- htdocs/admin/agenda_xcal.php | 4 +- htdocs/admin/bank.php | 4 +- htdocs/admin/barcode.php | 3 +- htdocs/admin/boxes.php | 4 +- htdocs/admin/company.php | 5 +- htdocs/admin/company_socialnetworks.php | 4 +- htdocs/admin/contract.php | 4 +- htdocs/admin/delais.php | 4 +- htdocs/admin/emailcollector_card.php | 10 +-- htdocs/admin/eventorganization.php | 6 +- htdocs/admin/expensereport.php | 4 +- htdocs/admin/fckeditor.php | 2 +- htdocs/admin/holiday.php | 5 +- htdocs/admin/mails.php | 6 +- htdocs/admin/mails_emailing.php | 6 +- htdocs/admin/mails_senderprofile_list.php | 16 ++--- htdocs/admin/mails_ticket.php | 6 +- htdocs/admin/menus/edit.php | 13 +--- htdocs/admin/notification.php | 6 +- htdocs/admin/openinghours.php | 5 +- htdocs/admin/payment.php | 6 +- htdocs/admin/paymentbybanktransfer.php | 3 +- htdocs/admin/pdf.php | 4 +- htdocs/admin/pdf_other.php | 4 +- htdocs/admin/prelevement.php | 3 +- htdocs/admin/receiptprinter.php | 4 +- htdocs/admin/ticket.php | 4 +- htdocs/admin/ticket_public.php | 2 +- htdocs/asset/admin/setup.php | 4 +- htdocs/asset/card.php | 10 +-- htdocs/asset/type.php | 10 +-- htdocs/bom/bom_card.php | 10 +-- htdocs/bookmarks/card.php | 3 +- htdocs/categories/traduction.php | 12 +--- htdocs/comm/action/card.php | 16 +---- htdocs/comm/multiprix.php | 2 +- htdocs/comm/propal/card.php | 7 +- htdocs/commande/card.php | 7 +- htdocs/compta/bank/card.php | 12 +--- htdocs/compta/bank/various_payment/card.php | 6 +- htdocs/compta/facture/card-rec.php | 6 +- htdocs/compta/facture/card.php | 6 +- htdocs/compta/localtax/card.php | 6 +- htdocs/compta/tva/card.php | 9 +-- htdocs/contact/card.php | 17 +---- htdocs/contact/perso.php | 6 +- htdocs/contrat/card.php | 6 +- htdocs/core/class/html.form.class.php | 70 +++++++++++++++++++ htdocs/cron/admin/cron.php | 4 +- htdocs/cron/card.php | 6 +- htdocs/don/card.php | 8 +-- htdocs/don/payment/payment.php | 6 +- htdocs/ecm/dir_card.php | 6 +- htdocs/ecm/file_card.php | 6 +- .../conferenceorbooth_card.php | 10 +-- .../conferenceorboothattendee_card.php | 10 +-- htdocs/expedition/card.php | 6 +- htdocs/expensereport/card.php | 19 ++--- htdocs/expensereport/list.php | 4 +- htdocs/expensereport/payment/payment.php | 6 +- htdocs/externalsite/admin/index.php | 4 +- htdocs/fichinter/card-rec.php | 10 +-- htdocs/fichinter/card.php | 13 +--- htdocs/fourn/commande/card.php | 8 +-- htdocs/fourn/facture/card.php | 8 +-- htdocs/hrm/establishment/card.php | 6 +- htdocs/intracommreport/card.php | 4 +- .../knowledgerecord_card.php | 10 +-- htdocs/loan/card.php | 12 +--- htdocs/loan/payment/payment.php | 6 +- htdocs/modulebuilder/admin/setup.php | 2 +- .../modulebuilder/template/myobject_card.php | 10 +-- htdocs/mrp/mo_card.php | 10 +-- htdocs/opensurvey/card.php | 6 +- htdocs/partnership/partnership_card.php | 10 +-- htdocs/product/admin/dynamic_prices.php | 12 ++-- htdocs/product/card.php | 12 +--- htdocs/product/composition/card.php | 5 +- htdocs/product/inventory/card.php | 10 +-- htdocs/product/price.php | 30 ++------ htdocs/product/stock/card.php | 12 +--- htdocs/product/stock/productlot_card.php | 6 +- htdocs/product/traduction.php | 12 +--- htdocs/projet/activity/permonth.php | 4 +- htdocs/projet/activity/perweek.php | 4 +- htdocs/projet/card.php | 16 +---- htdocs/projet/tasks.php | 6 +- htdocs/projet/tasks/task.php | 5 +- htdocs/reception/card.php | 6 +- .../recruitmentcandidature_card.php | 10 +-- .../recruitmentjobposition_applications.php | 10 +-- .../recruitmentjobposition_card.php | 10 +-- htdocs/resource/card.php | 8 +-- htdocs/salaries/card.php | 20 +++--- htdocs/salaries/paiement_salary.php | 9 ++- htdocs/societe/card.php | 17 +---- htdocs/societe/paymentmodes.php | 24 ++----- htdocs/societe/price.php | 16 ++--- htdocs/stripe/admin/stripe.php | 2 +- htdocs/supplier_proposal/card.php | 13 +--- htdocs/takepos/admin/appearance.php | 4 +- htdocs/takepos/admin/bar.php | 2 +- htdocs/takepos/admin/receipt.php | 2 +- htdocs/takepos/admin/setup.php | 2 +- htdocs/takepos/admin/terminal.php | 2 +- htdocs/ticket/card.php | 6 +- htdocs/user/agenda_extsites.php | 10 +-- htdocs/user/bank.php | 6 +- htdocs/user/card.php | 6 +- htdocs/user/group/card.php | 4 +- htdocs/user/note.php | 6 +- htdocs/user/param_ihm.php | 6 +- htdocs/webservices/admin/index.php | 4 +- htdocs/website/websiteaccount_card.php | 10 +-- htdocs/workstation/workstation_card.php | 10 +-- 124 files changed, 281 insertions(+), 732 deletions(-) diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php index 4c99acf4205..46d8dc0dc80 100644 --- a/htdocs/accountancy/admin/card.php +++ b/htdocs/accountancy/admin/card.php @@ -361,11 +361,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/accountancy/admin/fiscalyear_card.php b/htdocs/accountancy/admin/fiscalyear_card.php index 16463ec027b..2aa33f21645 100644 --- a/htdocs/accountancy/admin/fiscalyear_card.php +++ b/htdocs/accountancy/admin/fiscalyear_card.php @@ -242,11 +242,7 @@ if ($action == 'create') { print ''; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 42e0b84228f..e5593ef6107 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -1121,15 +1121,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - if (!empty($backtopage)) { - print ''; - } else { - print ''; - } - print '
'; + print $form->buttonsSaveCancel("AddMember"); print "\n"; } @@ -1396,11 +1388,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php index 575d6d2301b..3f4a3872980 100644 --- a/htdocs/adherents/subscription/card.php +++ b/htdocs/adherents/subscription/card.php @@ -245,11 +245,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '       '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; print "\n"; diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index f640407c570..7ff9c3806a5 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -399,9 +399,8 @@ if ($action == 'create') { print dol_get_fiche_end(); print '
'; - print ''; - print '     '; - print ''; + print ''; + print ''; print '
'; print "\n"; @@ -830,11 +829,7 @@ if ($rowid > 0) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ""; } diff --git a/htdocs/adherents/type_translation.php b/htdocs/adherents/type_translation.php index 6c8f273ae77..63ff01584b0 100644 --- a/htdocs/adherents/type_translation.php +++ b/htdocs/adherents/type_translation.php @@ -228,13 +228,7 @@ if ($action == 'edit') { } } - print '
'; - - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action != 'create') { @@ -297,11 +291,7 @@ if ($action == 'create' && $user->rights->adherent->configurer) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/admin/accountant.php b/htdocs/admin/accountant.php index 24df7e0cb68..c7bd40efa37 100644 --- a/htdocs/admin/accountant.php +++ b/htdocs/admin/accountant.php @@ -177,12 +177,7 @@ print ''; print ''; -print '
'; -print ''; -//print '     '; -//print ''; -print '
'; -//print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php index a3d725bee93..730983ad090 100644 --- a/htdocs/admin/agenda.php +++ b/htdocs/admin/agenda.php @@ -209,9 +209,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print "
"; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php index 54d5158b4ed..463df5475f9 100644 --- a/htdocs/admin/agenda_other.php +++ b/htdocs/admin/agenda_other.php @@ -392,7 +392,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/agenda_xcal.php b/htdocs/admin/agenda_xcal.php index 59dd1bf1ac2..4f2a2bbe917 100644 --- a/htdocs/admin/agenda_xcal.php +++ b/htdocs/admin/agenda_xcal.php @@ -139,9 +139,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print "
"; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/admin/bank.php b/htdocs/admin/bank.php index 79853c9cda9..fb937dc1dbe 100644 --- a/htdocs/admin/bank.php +++ b/htdocs/admin/bank.php @@ -499,9 +499,7 @@ print "\n"; print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print '
'; +$form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/admin/barcode.php b/htdocs/admin/barcode.php index e6211f0b56f..b0eb36d81ac 100644 --- a/htdocs/admin/barcode.php +++ b/htdocs/admin/barcode.php @@ -272,8 +272,7 @@ if ($resql) { print "\n"; if (empty($conf->use_javascript_ajax)) { - print '
'; - print ''; + print $form->buttonsSaveCancel("Save", ''); } print "
"; diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 56971457f76..c4e697bfe00 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -473,9 +473,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL == 2 || !empty($conf->global->MAIN_ACTIVA print ''; print ''; -print '
'; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; print "\n".''."\n"; diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index 0ca1ae7d98e..7420aa17ce9 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -824,10 +824,7 @@ if ($mysoc->useRevenueStamp()) { print ""; - -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/company_socialnetworks.php b/htdocs/admin/company_socialnetworks.php index 2d4b2e6d128..57c75b352f8 100644 --- a/htdocs/admin/company_socialnetworks.php +++ b/htdocs/admin/company_socialnetworks.php @@ -135,9 +135,7 @@ print ''; print '
'; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/contract.php b/htdocs/admin/contract.php index c10a6ed04b4..ea8a80b17d6 100644 --- a/htdocs/admin/contract.php +++ b/htdocs/admin/contract.php @@ -468,9 +468,7 @@ print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/delais.php b/htdocs/admin/delais.php index 4b1e34335e8..2c6f9dc17c9 100644 --- a/htdocs/admin/delais.php +++ b/htdocs/admin/delais.php @@ -448,8 +448,8 @@ if (empty($conf->global->MAIN_DISABLE_METEO) || $conf->global->MAIN_DISABLE_METE if ($action == 'edit') { - print '
'; - print '
'; + print $form->buttonsSaveCancel("Save", ''); + print ''; } else { print '
'; print ''.$langs->trans("Modify").'
'; diff --git a/htdocs/admin/emailcollector_card.php b/htdocs/admin/emailcollector_card.php index fdc0b893087..fe1a61c686c 100644 --- a/htdocs/admin/emailcollector_card.php +++ b/htdocs/admin/emailcollector_card.php @@ -276,11 +276,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } @@ -309,9 +305,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/admin/eventorganization.php b/htdocs/admin/eventorganization.php index d01aece1ca0..c37c5ccd41f 100644 --- a/htdocs/admin/eventorganization.php +++ b/htdocs/admin/eventorganization.php @@ -298,11 +298,7 @@ if ($action == 'edit') { } print ''; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; print '
'; diff --git a/htdocs/admin/expensereport.php b/htdocs/admin/expensereport.php index 7ff30242336..0b6beb2abc6 100644 --- a/htdocs/admin/expensereport.php +++ b/htdocs/admin/expensereport.php @@ -460,9 +460,7 @@ print ''."\n"; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php index 3388b649a67..9d3fd768647 100644 --- a/htdocs/admin/fckeditor.php +++ b/htdocs/admin/fckeditor.php @@ -215,7 +215,7 @@ if (empty($conf->use_javascript_ajax)) { print $conf->global->FCKEDITOR_TEST; print ''; } - print '
'."\n"; + print $form->buttonsSaveCancel("Save", ''); print '
'; print ''."\n"; diff --git a/htdocs/admin/holiday.php b/htdocs/admin/holiday.php index c9214742d13..9dfb15477cc 100644 --- a/htdocs/admin/holiday.php +++ b/htdocs/admin/holiday.php @@ -556,10 +556,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2) { print ''; print ''; - -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/mails.php b/htdocs/admin/mails.php index e86c78763ee..de160a1c946 100644 --- a/htdocs/admin/mails.php +++ b/htdocs/admin/mails.php @@ -536,11 +536,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/admin/mails_emailing.php b/htdocs/admin/mails_emailing.php index 511f5dde698..436ffa3d003 100644 --- a/htdocs/admin/mails_emailing.php +++ b/htdocs/admin/mails_emailing.php @@ -405,11 +405,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/admin/mails_senderprofile_list.php b/htdocs/admin/mails_senderprofile_list.php index d8c827337ad..f91b9685c88 100644 --- a/htdocs/admin/mails_senderprofile_list.php +++ b/htdocs/admin/mails_senderprofile_list.php @@ -395,12 +395,8 @@ if ($action != 'create') { print $form->selectarray('active', $object->fields['active']['arrayofkeyval'], (GETPOSTISSET('active') ? GETPOST('active', 'int') : $object->active), 0, 0, 0, '', 1); print ''; print ''; - print '
'; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + + print $form->buttonsSaveCancel(); } } else { /*print '
'; @@ -428,12 +424,8 @@ if ($action != 'create') { print $form->selectarray('active', $object->fields['active']['arrayofkeyval'], GETPOST('active', 'int'), 0); print ''; print ''; - print '
'; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + + print $form->buttonsSaveCancel(); //print '
'; } diff --git a/htdocs/admin/mails_ticket.php b/htdocs/admin/mails_ticket.php index 939273c1da2..667f58807dc 100644 --- a/htdocs/admin/mails_ticket.php +++ b/htdocs/admin/mails_ticket.php @@ -380,11 +380,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 2e84efbfb06..aaadde965a2 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -391,11 +391,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action == 'edit') { @@ -516,12 +512,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - // Bouton - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/admin/notification.php b/htdocs/admin/notification.php index 4c1df0fa938..8137c34e1e6 100644 --- a/htdocs/admin/notification.php +++ b/htdocs/admin/notification.php @@ -201,7 +201,7 @@ print ''; print ''; print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; @@ -280,7 +280,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2) { } print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); } else { print ''; print ''; @@ -463,7 +463,7 @@ print '
'; print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/openinghours.php b/htdocs/admin/openinghours.php index 2e262a1bb7e..e6bc6ee8f1d 100644 --- a/htdocs/admin/openinghours.php +++ b/htdocs/admin/openinghours.php @@ -131,10 +131,7 @@ if (empty($action) || $action == 'edit' || $action == 'updateedit') { print ''; - print '
'; - print ''; - print '
'; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } diff --git a/htdocs/admin/payment.php b/htdocs/admin/payment.php index 9b380b676b4..b4b06d62e5e 100644 --- a/htdocs/admin/payment.php +++ b/htdocs/admin/payment.php @@ -273,11 +273,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print '
'; -print ''; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/paymentbybanktransfer.php b/htdocs/admin/paymentbybanktransfer.php index 43ad8c15929..e130f0479c4 100644 --- a/htdocs/admin/paymentbybanktransfer.php +++ b/htdocs/admin/paymentbybanktransfer.php @@ -200,9 +200,8 @@ if (!$conf->global->PAYMENTBYBANKTRANSFER_ADDDAYS) { print ''; print ''; print ''; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index 3f58353320e..5030c487537 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -466,9 +466,7 @@ print ''; print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/pdf_other.php b/htdocs/admin/pdf_other.php index 7dec909ecb6..3883e885619 100644 --- a/htdocs/admin/pdf_other.php +++ b/htdocs/admin/pdf_other.php @@ -128,9 +128,7 @@ print ''; print ''; /* -print '
'; -print ''; -print '
'; + print $form->buttonsSaveCancel(); */ print ''; diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index 01e3b6d4913..739709410ce 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -214,9 +214,8 @@ print ''; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/receiptprinter.php b/htdocs/admin/receiptprinter.php index 883a6ff6f03..988023175db 100644 --- a/htdocs/admin/receiptprinter.php +++ b/htdocs/admin/receiptprinter.php @@ -341,7 +341,7 @@ if ($mode == 'config' && $user->admin) { print ''.$printer->profileresprint.''; print ''; print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; print ''; } else { @@ -432,7 +432,7 @@ if ($mode == 'template' && $user->admin) { print ''; print ''; print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } else { print ''.$printer->listprinterstemplates[$line]['name'].''; diff --git a/htdocs/admin/ticket.php b/htdocs/admin/ticket.php index 320857de887..bfd2ae4b09b 100644 --- a/htdocs/admin/ticket.php +++ b/htdocs/admin/ticket.php @@ -580,9 +580,7 @@ print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/ticket_public.php b/htdocs/admin/ticket_public.php index 98ce554c363..22e4a4a1b42 100644 --- a/htdocs/admin/ticket_public.php +++ b/htdocs/admin/ticket_public.php @@ -390,7 +390,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print ''; print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } diff --git a/htdocs/asset/admin/setup.php b/htdocs/asset/admin/setup.php index c6cd45a0cc5..07da0541619 100644 --- a/htdocs/asset/admin/setup.php +++ b/htdocs/asset/admin/setup.php @@ -81,9 +81,7 @@ if ($action == 'edit') { print ''; - print '
'; - print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; print '
'; diff --git a/htdocs/asset/card.php b/htdocs/asset/card.php index 3d722bca400..4a2e98fc666 100644 --- a/htdocs/asset/card.php +++ b/htdocs/asset/card.php @@ -169,11 +169,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -210,9 +206,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/asset/type.php b/htdocs/asset/type.php index 6103b963e21..6f743172617 100644 --- a/htdocs/asset/type.php +++ b/htdocs/asset/type.php @@ -396,11 +396,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + $form->buttonsSaveCancel("Add"); print "\n"; } @@ -600,9 +596,7 @@ if ($rowid > 0) { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ""; } diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index cd530994b9b..235336d4f73 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -267,11 +267,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } @@ -302,9 +298,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php index f7795a14f47..045e656de50 100644 --- a/htdocs/bookmarks/card.php +++ b/htdocs/bookmarks/card.php @@ -301,7 +301,8 @@ if ($id > 0 && !preg_match('/^add/i', $action)) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
   
'; + print $form->buttonsSaveCancel(); + print ''; } diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index cd5d7ad8214..80f64210bf5 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -274,11 +274,7 @@ if ($action == 'edit') { print '
'; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action != 'add') { @@ -334,11 +330,7 @@ if ($action == 'add' && ($user->rights->produit->creer || $user->rights->service print ''; print ''; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 97a573ce86f..a403a1cdf40 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -1317,15 +1317,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - if (empty($backtopage)) { - print ''; - } else { - print ''; - } - print '
'; + print $form->buttonsSaveCancel("Add"); print ""; } @@ -1804,11 +1796,7 @@ if ($id > 0) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php index fb10c6435af..25ef23dd7de 100644 --- a/htdocs/comm/multiprix.php +++ b/htdocs/comm/multiprix.php @@ -121,7 +121,7 @@ if ($_socid > 0) { print dol_get_fiche_end(); - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ""; diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 163581221a8..3020f9af822 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -1860,11 +1860,8 @@ if ($action == 'create') { print dol_get_fiche_end(); $langs->load("bills"); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + + print $form->buttonsSaveCancel("CreateDraft"); print ""; diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 8420a5e7f87..004b5a3c205 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1822,12 +1822,7 @@ if ($action == 'create' && $usercancreate) { print dol_get_fiche_end(); - // Button "Create Draft" - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraft"); // Show origin lines if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index d1cc0413bfd..02b967f6fdb 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -565,11 +565,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateAccount"); print ''; } else { @@ -1081,11 +1077,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); print ''; } diff --git a/htdocs/compta/bank/various_payment/card.php b/htdocs/compta/bank/various_payment/card.php index 2b4a68bec90..68c6ed20458 100644 --- a/htdocs/compta/bank/various_payment/card.php +++ b/htdocs/compta/bank/various_payment/card.php @@ -512,11 +512,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php index affdd2e8991..0da621efd97 100644 --- a/htdocs/compta/facture/card-rec.php +++ b/htdocs/compta/facture/card-rec.php @@ -1144,10 +1144,8 @@ if ($action == 'create') { } print "\n"; - print '
'; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); + print "\n"; } else { dol_print_error('', "Error, no invoice ".$object->id); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 5d81da90088..0e1ff6b405b 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -3785,11 +3785,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - // Button "Create Draft" - print '
'; - print ''; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraft"); // Show origin lines if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { diff --git a/htdocs/compta/localtax/card.php b/htdocs/compta/localtax/card.php index 451007932d7..e2a96f4fb5b 100644 --- a/htdocs/compta/localtax/card.php +++ b/htdocs/compta/localtax/card.php @@ -196,11 +196,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index daf5afb025e..a093a086050 100755 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -726,12 +726,9 @@ if ($id) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '   '; - print ''; - print '
'; - print "\n"; + print $form->buttonsSaveCancel(); + + print ""; } /* diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 469869f00e9..13096ddcd40 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -883,16 +883,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - if (!empty($backtopage)) { - print '     '; - print ''; - } else { - print '     '; - print ''; - } - print '
'; + print $form->buttonsSaveCancel("Add"); print ""; } elseif ($action == 'edit' && !empty($id)) { @@ -1220,11 +1211,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ""; } diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index 261ffebf29c..a5b64e37998 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -205,11 +205,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ""; } else { diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index d5187c6a040..470895a2c22 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -1174,11 +1174,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); if (is_object($objectsrc)) { print ''; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 07abdb4b465..d7576981cea 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -9250,4 +9250,74 @@ class Form return $retstring; } + + /** + * Output the buttons to submit a creation/edit form + * + * @param string $save_label Alternative label for save button + * @param string $cancel_label Alternative label for cancel button + * @param array $morefields Add additional buttons between save and cancel + * @param bool $withoutdiv Option to remove enclosing centered div + * + * @return string + */ + /** + * @param string $save_label + * @param string $cancel_label + * @param array $morefields + * @param false $withoutdiv + * + * @return string + */ + public function buttonsSaveCancel( $save_label = 'Save', $cancel_label = 'Cancel', $morefields = array(), $withoutdiv = 0 ) + { + global $langs; + + $buttons = array(); + + $save = array( + 'name' => 'save', + 'label_key' => $save_label, + ); + + if ($save_label == 'Create' || $save_label == 'Add' ) { + $save['name'] = 'add'; + $save['label_key'] = $save_label; + } + + $cancel = array( + 'name' => 'cancel', + 'label_key' => 'Cancel', + ); + + !empty($save_label) ? $buttons[] = $save : ''; + + if (!empty($morefields)) { + $buttons[] = $morefields; + } + + !empty($cancel_label) ? $buttons[] = $cancel : ''; + + $retstring = $withoutdiv ? '': '
'; + + foreach ($buttons as $button) { + $retstring .= $this->button($button['name'], $langs->trans($button['label_key']), $button['addclass']); + } + $retstring .= $withoutdiv ? '': '
'; + + return $retstring; + } + + /** + * Return a button (input submit) + * + * @param string $name + * @param string $label + * @param string $addclass + * + * @return string + */ + public function button($name, $label, $addclass = '') { + return ''; + } } diff --git a/htdocs/cron/admin/cron.php b/htdocs/cron/admin/cron.php index 5afbf30d292..28078242dc6 100644 --- a/htdocs/cron/admin/cron.php +++ b/htdocs/cron/admin/cron.php @@ -110,9 +110,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/cron/card.php b/htdocs/cron/card.php index 7911194603b..727bf56f836 100644 --- a/htdocs/cron/card.php +++ b/htdocs/cron/card.php @@ -532,11 +532,7 @@ if (($action == "create") || ($action == "edit")) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print "
"; + print $form->buttonsSaveCancel(); print "\n"; } else { diff --git a/htdocs/don/card.php b/htdocs/don/card.php index 1b3c72906b4..c0c81d71aa8 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -500,11 +500,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print "\n"; } @@ -634,7 +630,7 @@ if (!empty($id) && $action == 'edit') { print dol_get_fiche_end(); - print '
   
'; + print $form->buttonsSaveCancel(); print "\n"; } diff --git a/htdocs/don/payment/payment.php b/htdocs/don/payment/payment.php index cf6328d15c4..719b6e9951b 100644 --- a/htdocs/don/payment/payment.php +++ b/htdocs/don/payment/payment.php @@ -280,11 +280,7 @@ if ($action == 'create') { print ""; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print "\n"; } diff --git a/htdocs/ecm/dir_card.php b/htdocs/ecm/dir_card.php index d84a7330e69..fec8151728e 100644 --- a/htdocs/ecm/dir_card.php +++ b/htdocs/ecm/dir_card.php @@ -421,11 +421,7 @@ print $object->showOptionals($extrafields, ($action == 'edit' ? 'edit' : 'view') print ''; if ($action == 'edit') { - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); } print ''; diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 5ca1667ac9f..44bc91e387e 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -405,11 +405,7 @@ print ajax_autoselect('downloadlink'); print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/eventorganization/conferenceorbooth_card.php b/htdocs/eventorganization/conferenceorbooth_card.php index 6ae9ab9664b..be22ed2481b 100644 --- a/htdocs/eventorganization/conferenceorbooth_card.php +++ b/htdocs/eventorganization/conferenceorbooth_card.php @@ -382,11 +382,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -425,9 +421,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/eventorganization/conferenceorboothattendee_card.php b/htdocs/eventorganization/conferenceorboothattendee_card.php index fe5ea292e8b..034df1fcae3 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_card.php +++ b/htdocs/eventorganization/conferenceorboothattendee_card.php @@ -396,11 +396,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -442,9 +438,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index 582b23aec45..676a5cae22c 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -1543,11 +1543,7 @@ if ($action == 'create') { print '
'; - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index 048209fbf7d..86aedebbf34 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -1432,10 +1432,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print '
'; + print $form->buttonsSaveCancel("AddTrip"); print ''; } elseif ($id > 0 || $ref) { @@ -1554,10 +1551,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print '
'; + print $form->buttonsSaveCancel("Modify"); print ''; } else { @@ -2287,11 +2281,8 @@ if ($action == 'create') { //print $line->fk_ecm_files; print ''; - print ''; print ''; - print ''; - print '
'; - print ''; + print $form->buttonsSaveCancel(); print ''; } @@ -2469,7 +2460,9 @@ if ($action == 'create') { print ''; } - print ''; + print ''; + print $form->buttonsSaveCancel("Add", '', '', 1); + print ''; print ''; } // Fin si c'est payé/validé diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index 1f3468d06fc..610713d6f48 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -487,9 +487,7 @@ if ($resql) { print ''; } else { - print '
'; - print ''; - print '

'; + print $form->buttonsSaveCancel("Save", ''); } } else { $title = $langs->trans("ListTripsAndExpenses"); diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php index b7057af86fc..85c9c813598 100644 --- a/htdocs/expensereport/payment/payment.php +++ b/htdocs/expensereport/payment/payment.php @@ -324,11 +324,7 @@ if ($action == 'create' || empty($action)) { print ""; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print "\n"; } diff --git a/htdocs/externalsite/admin/index.php b/htdocs/externalsite/admin/index.php index a9a41c5e555..d8dbb316593 100644 --- a/htdocs/externalsite/admin/index.php +++ b/htdocs/externalsite/admin/index.php @@ -124,9 +124,7 @@ print ""; print ""; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index 44ff46b233c..e35736b648f 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -436,10 +436,8 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); + print "\n"; } else { dol_print_error('', "Error, no fichinter ".$object->id); @@ -457,11 +455,9 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; print ''; print ''; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraftIntervention", ''); print ''; } else { diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index d15f036b963..1b647af00a6 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -977,11 +977,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraftIntervention"); // Show origin lines if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { @@ -1017,12 +1013,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraftIntervention"); print ''; } diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 0affc7dcce4..2614c5cede0 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1777,13 +1777,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; - - + print $form->buttonsSaveCancel("CreateDraft"); // Show origin lines if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index b39041542eb..6a7d2d44725 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -2337,16 +2337,12 @@ if ($action == 'create') { $reshook = $hookmanager->executeHooks('formObjectOptions', $parameters, $object, $action); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; - // Bouton "Create Draft" + print "\n"; print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraft"); print "\n"; diff --git a/htdocs/hrm/establishment/card.php b/htdocs/hrm/establishment/card.php index caec6191d0d..9daf1d768b8 100644 --- a/htdocs/hrm/establishment/card.php +++ b/htdocs/hrm/establishment/card.php @@ -326,11 +326,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/intracommreport/card.php b/htdocs/intracommreport/card.php index 24b8797a670..4dfc3250014 100644 --- a/htdocs/intracommreport/card.php +++ b/htdocs/intracommreport/card.php @@ -166,9 +166,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print '     '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/knowledgemanagement/knowledgerecord_card.php b/htdocs/knowledgemanagement/knowledgerecord_card.php index 1500de628e7..68ab9fe98f4 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_card.php +++ b/htdocs/knowledgemanagement/knowledgerecord_card.php @@ -200,11 +200,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel('Create'); print ''; @@ -241,9 +237,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/loan/card.php b/htdocs/loan/card.php index c3c08b6cf2f..f54da087731 100644 --- a/htdocs/loan/card.php +++ b/htdocs/loan/card.php @@ -380,11 +380,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Add"); print ''; } @@ -706,11 +702,7 @@ if ($id > 0) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/loan/payment/payment.php b/htdocs/loan/payment/payment.php index 58783be181e..47fa5b37846 100644 --- a/htdocs/loan/payment/payment.php +++ b/htdocs/loan/payment/payment.php @@ -372,11 +372,7 @@ if ($action == 'create') { print ''; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print "\n"; } diff --git a/htdocs/modulebuilder/admin/setup.php b/htdocs/modulebuilder/admin/setup.php index 62eccc5be18..5aaae9f93eb 100644 --- a/htdocs/modulebuilder/admin/setup.php +++ b/htdocs/modulebuilder/admin/setup.php @@ -193,7 +193,7 @@ print ''; print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); if (GETPOST('withtab', 'alpha')) { print dol_get_fiche_end(); diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index b074412b6b3..d928fd3f76a 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -258,11 +258,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -298,9 +294,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/mrp/mo_card.php b/htdocs/mrp/mo_card.php index 732cde2ef2f..6eaf42ed833 100644 --- a/htdocs/mrp/mo_card.php +++ b/htdocs/mrp/mo_card.php @@ -286,11 +286,7 @@ if ($action == 'create') { '; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print ''; + print $form->buttonsSaveCancel("Create"); if (GETPOST('fk_bom', 'int') > 0) { print load_fiche_titre($langs->trans("ToConsume")); @@ -341,9 +337,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php index fd9fa3e0456..db3f54901b9 100644 --- a/htdocs/opensurvey/card.php +++ b/htdocs/opensurvey/card.php @@ -342,11 +342,7 @@ print ''; print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); } print ''."\n"; diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index e0fa5b90f4c..bf980ab9cda 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -288,11 +288,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -328,9 +324,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/product/admin/dynamic_prices.php b/htdocs/product/admin/dynamic_prices.php index d90ea7090f7..9a354a8dcdb 100644 --- a/htdocs/product/admin/dynamic_prices.php +++ b/htdocs/product/admin/dynamic_prices.php @@ -228,10 +228,8 @@ if ($action == 'create_variable' || $action == 'edit_variable') { print ''; //Form Buttons - print '
'; - print '  '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); + print ''; } @@ -349,10 +347,8 @@ if ($action == 'create_updater' || $action == 'edit_updater') { print ''; //Form Buttons - print '
'; - print '  '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); + print ''; } diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 3f2833fde52..9558f004bdb 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -1564,11 +1564,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } elseif ($object->id > 0) { @@ -2024,11 +2020,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php index e2539dae31c..000e5da6cbc 100644 --- a/htdocs/product/composition/card.php +++ b/htdocs/product/composition/card.php @@ -650,9 +650,8 @@ if ($id > 0 || !empty($ref)) { print ''; if ($num > 0) { - print '
'; - print 'trans("Update").'">'; - print '     '; + print '
'; + print 'trans("Update").'">'; print ''; print '
'; } diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index 067869ba5ba..539456351cb 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -204,11 +204,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -244,9 +240,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 03867bb65e9..62d4532080f 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -1207,11 +1207,7 @@ if ($action == 'edit_vat' && ($user->rights->produit->creer || $user->rights->se print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print '

'; } @@ -1321,13 +1317,9 @@ if ($action == 'edit_price' && $object->getRights()->creer) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); - print '
'; + print ''; } else { print ''."\n"; ?> @@ -1444,10 +1436,8 @@ if ($action == 'edit_price' && $object->getRights()->creer) { //print dol_get_fiche_end(); - print '
'; - print ''; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); + print ''; } } @@ -1776,10 +1766,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''; print '
'; - print ''; - print '     '; - print ''; - print ''; + print $form->buttonsSaveCancel(); print ''; } elseif ($action == 'edit_customer_price') { @@ -1861,10 +1848,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''; print ""; - print ''; - print '     '; - print ''; - print ''; + print $form->buttonsSaveCancel(); print '
'; } elseif ($action == 'showlog_customer_price') { diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php index 5ea58da6deb..6760da10cb0 100644 --- a/htdocs/product/stock/card.php +++ b/htdocs/product/stock/card.php @@ -358,11 +358,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } else { @@ -913,11 +909,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php index 22f32f0c8b9..7a75019c8d1 100644 --- a/htdocs/product/stock/productlot_card.php +++ b/htdocs/product/stock/productlot_card.php @@ -401,11 +401,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; diff --git a/htdocs/product/traduction.php b/htdocs/product/traduction.php index 0cae81e36c7..170544e0e6d 100644 --- a/htdocs/product/traduction.php +++ b/htdocs/product/traduction.php @@ -282,11 +282,7 @@ if ($action == 'edit') { print '
'; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action != 'add') { @@ -356,11 +352,7 @@ if ($action == 'add' && ($user->rights->produit->creer || $user->rights->service print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/projet/activity/permonth.php b/htdocs/projet/activity/permonth.php index 6e474ea8568..97c54b73675 100644 --- a/htdocs/projet/activity/permonth.php +++ b/htdocs/projet/activity/permonth.php @@ -596,9 +596,7 @@ print ''; print ''."\n"; print ''."\n"; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''."\n\n"; diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php index ecb2a0bdaf5..08304cecaab 100644 --- a/htdocs/projet/activity/perweek.php +++ b/htdocs/projet/activity/perweek.php @@ -852,9 +852,7 @@ print ''; print ''."\n"; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''."\n\n"; diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index b14fcfc73fd..4299028d621 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -690,16 +690,7 @@ if ($action == 'create' && $user->rights->projet->creer) { print dol_get_fiche_end(); - print '
'; - print ''; - if (!empty($backtopage)) { - print '     '; - print ''; - } else { - print '     '; - print ''; - } - print '
'; + print $form->buttonsSaveCancel('CreateDraft'); print ''; @@ -1150,10 +1141,7 @@ if ($action == 'create' && $user->rights->projet->creer) { print dol_get_fiche_end(); if ($action == 'edit' && $userWrite > 0) { - print '
'; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); } print ''; diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index d4b5bf89bbf..367f7a27681 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -674,11 +674,7 @@ if ($action == 'create' && $user->rights->projet->creer && (empty($object->third print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Add"); print ''; } elseif ($id > 0 || !empty($ref)) { diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 780d387512e..99b390870a8 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -458,10 +458,7 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_end(); - print '
'; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); print ''; } else { diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 57ef8981393..68f314cdd03 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -1199,11 +1199,7 @@ if ($action == 'create') { print '
'; - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; diff --git a/htdocs/recruitment/recruitmentcandidature_card.php b/htdocs/recruitment/recruitmentcandidature_card.php index a84644d30cb..db51171a04a 100644 --- a/htdocs/recruitment/recruitmentcandidature_card.php +++ b/htdocs/recruitment/recruitmentcandidature_card.php @@ -338,11 +338,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -378,9 +374,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/recruitment/recruitmentjobposition_applications.php b/htdocs/recruitment/recruitmentjobposition_applications.php index 95daeae54a6..e5740fb203c 100644 --- a/htdocs/recruitment/recruitmentjobposition_applications.php +++ b/htdocs/recruitment/recruitmentjobposition_applications.php @@ -240,11 +240,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -280,9 +276,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/recruitment/recruitmentjobposition_card.php b/htdocs/recruitment/recruitmentjobposition_card.php index 58ee9260617..e2a848e9760 100644 --- a/htdocs/recruitment/recruitmentjobposition_card.php +++ b/htdocs/recruitment/recruitmentjobposition_card.php @@ -265,11 +265,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -305,9 +301,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/resource/card.php b/htdocs/resource/card.php index 1b4c71b158b..88b3d0fdb03 100644 --- a/htdocs/resource/card.php +++ b/htdocs/resource/card.php @@ -252,11 +252,9 @@ if ($action == 'create' || $object->fetch($id, $ref) > 0) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + $button_label = ($action == "create" ? "Create" : "Modify"); + print $form->buttonsSaveCancel($button_label); + print ''; print ''; diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index d3c7ba504cb..ca111adf4d1 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -549,16 +549,16 @@ if ($action == 'create') { print '
'; print ''.$langs->trans("ClosePaidSalaryAutomatically"); - print '
'; print '
'; - print ''; - print '     '; - print ''; - print '     '; - print ''; print ''; + $addition_button = array( + 'name' => 'saveandnew', + 'label_key' => 'SaveAndNew', + ); + print $form->buttonsSaveCancel("Save", "Cancel", $addition_button); + print ''; } @@ -886,12 +886,8 @@ if ($id) { if ($action == 'edit') { - print '
'; - print ''; - print '   '; - print ''; - print '
'; - print "\n"; + print $form->buttonsSaveCancel(); + print ""; } print dol_get_fiche_end(); diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php index a266a2ed88b..895226d0207 100644 --- a/htdocs/salaries/paiement_salary.php +++ b/htdocs/salaries/paiement_salary.php @@ -313,14 +313,13 @@ if ($action == 'create') { } print ""; - // Bouton Save payment - print '
'.$langs->trans("ClosePaidSalaryAutomatically"); - print '
'; - print '     '; - print ''; + print '
'; + print ' '.$langs->trans("ClosePaidSalaryAutomatically"); + print $form->buttonsSaveCancel("Save", "Cancel", '', true); print '
'; + print "\n"; } diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index b62c277cdf2..d9bffec142a 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -1701,16 +1701,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - if (!empty($backtopage)) { - print '     '; - print ''; - } else { - print '     '; - print ''; - } - print '
'."\n"; + print $form->buttonsSaveCancel("AddThirdParty"); print ''."\n"; } elseif ($action == 'edit') { @@ -2419,11 +2410,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index 97d92007885..d88351aabc3 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -1651,11 +1651,7 @@ if ($socid && $action == 'edit' && $user->rights->societe->creer) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); } // Edit Card @@ -1697,11 +1693,7 @@ if ($socid && $action == 'editcard' && $user->rights->societe->creer) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); } @@ -1817,11 +1809,7 @@ if ($socid && $action == 'create' && $user->rights->societe->creer) { dol_set_focus('#label'); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Add"); } // Create Card @@ -1866,11 +1854,7 @@ if ($socid && $action == 'createcard' && $user->rights->societe->creer) { dol_set_focus('#label'); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Add"); } if ($socid && ($action == 'edit' || $action == 'editcard') && $user->rights->societe->creer) { diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index b46a6124396..da4ca1c0cd7 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -355,13 +355,9 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); - print '
'; + print ''; } elseif ($action == 'edit_customer_price') { // Edit mode @@ -437,13 +433,9 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); - print '
'; + print ''; } } elseif ($action == 'showlog_customer_price') { print '
'; diff --git a/htdocs/stripe/admin/stripe.php b/htdocs/stripe/admin/stripe.php index e582cdaf63e..0bb351bf977 100644 --- a/htdocs/stripe/admin/stripe.php +++ b/htdocs/stripe/admin/stripe.php @@ -526,7 +526,7 @@ print '
'; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 5d22ea05684..cc553555b5b 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -1330,11 +1330,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraft"); print ""; @@ -1808,11 +1804,8 @@ if ($action == 'create') { $form_close .= $object->note_private; $form_close .= ''; $form_close .= ''; - $form_close .= '
'; - $form_close .= ''; - $form_close .= '   '; - $form_close .= ' '; - $form_close .= '
'; + $form_close .= $form->buttonsSaveCancel();; + $form_close .= ' '; $form_close .= ''; print $form_close; diff --git a/htdocs/takepos/admin/appearance.php b/htdocs/takepos/admin/appearance.php index ef448607b10..135a3b2a9e7 100644 --- a/htdocs/takepos/admin/appearance.php +++ b/htdocs/takepos/admin/appearance.php @@ -119,9 +119,7 @@ print "\n"; print ''; -print '
'; - -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/takepos/admin/bar.php b/htdocs/takepos/admin/bar.php index 796c98de5cb..794cb47290e 100644 --- a/htdocs/takepos/admin/bar.php +++ b/htdocs/takepos/admin/bar.php @@ -200,7 +200,7 @@ if ($conf->global->TAKEPOS_BAR_RESTAURANT) { print '
'; - print '
'; + print $form->buttonsSaveCancel("Save", ''); } if (!empty($conf->global->TAKEPOS_BAR_RESTAURANT)) { diff --git a/htdocs/takepos/admin/receipt.php b/htdocs/takepos/admin/receipt.php index 74a54400fef..ec05dd89796 100644 --- a/htdocs/takepos/admin/receipt.php +++ b/htdocs/takepos/admin/receipt.php @@ -267,7 +267,7 @@ print ''; print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/takepos/admin/setup.php b/htdocs/takepos/admin/setup.php index 0364ff4e64f..e75321e263b 100644 --- a/htdocs/takepos/admin/setup.php +++ b/htdocs/takepos/admin/setup.php @@ -474,7 +474,7 @@ if ($conf->global->TAKEPOS_ENABLE_SUMUP) { print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/takepos/admin/terminal.php b/htdocs/takepos/admin/terminal.php index 922a5c5032c..f6562d81693 100644 --- a/htdocs/takepos/admin/terminal.php +++ b/htdocs/takepos/admin/terminal.php @@ -409,7 +409,7 @@ if ($atleastonefound == 0 && !empty($conf->banque->enabled)) { print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index 8a11ac23e23..a7e491bd4c6 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -756,11 +756,7 @@ if ($action == 'create' || $action == 'presend') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; */ } elseif (empty($action) || $action == 'view' || $action == 'addlink' || $action == 'dellink' || $action == 'presend' || $action == 'presend_addmessage' || $action == 'close' || $action == 'abandon' || $action == 'delete' || $action == 'editcustomer' || $action == 'progression' || $action == 'reopen' diff --git a/htdocs/user/agenda_extsites.php b/htdocs/user/agenda_extsites.php index 928db5449d8..5921f7d84cd 100644 --- a/htdocs/user/agenda_extsites.php +++ b/htdocs/user/agenda_extsites.php @@ -226,10 +226,12 @@ while ($i <= $MAXAGENDA) { print ''; print ''; - -print '
'; -print ''; -print "
"; +$addition_button = array( + 'name' => 'save', + 'label_key' => 'Save', + 'addclass' => 'hideifnotset', +); +print $form->buttonsSaveCancel("", "", $addition_button); print dol_get_fiche_end(); diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php index 0eaf3d533a9..aa6f97a6c05 100644 --- a/htdocs/user/bank.php +++ b/htdocs/user/bank.php @@ -700,11 +700,7 @@ if ($id && ($action == 'edit' || $action == 'create') && $user->rights->user->us print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); } if ($id && $action == 'edit' && $user->rights->user->user->creer) { diff --git a/htdocs/user/card.php b/htdocs/user/card.php index cb7aa69949c..ad1007f3c52 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1267,11 +1267,7 @@ if ($action == 'create' || $action == 'adduserldap') { print dol_get_fiche_end(); - print '
'; - print ''; - //print '     '; - //print ''; - print '
'; + print $form->buttonsSaveCancel("CreateUser"); print ""; } else { diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 5c1e16e4a0c..1f20b018f2e 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -535,9 +535,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/user/note.php b/htdocs/user/note.php index 1ce397626e6..da8c57f918f 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -137,11 +137,7 @@ if ($id) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); } diff --git a/htdocs/user/param_ihm.php b/htdocs/user/param_ihm.php index 72f9b075be9..76734c26886 100644 --- a/htdocs/user/param_ihm.php +++ b/htdocs/user/param_ihm.php @@ -328,11 +328,7 @@ if ($action == 'edit') { showSkins($object, (($user->admin || empty($dolibarr_main_demo)) ? 1 : 0), true); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); } else { print dol_get_fiche_head($head, 'guisetup', $title, -1, 'user'); diff --git a/htdocs/webservices/admin/index.php b/htdocs/webservices/admin/index.php index 1c78acae84d..eec667c8a74 100644 --- a/htdocs/webservices/admin/index.php +++ b/htdocs/webservices/admin/index.php @@ -91,9 +91,7 @@ print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/website/websiteaccount_card.php b/htdocs/website/websiteaccount_card.php index cf4d26b2c33..398affc8cb2 100644 --- a/htdocs/website/websiteaccount_card.php +++ b/htdocs/website/websiteaccount_card.php @@ -140,11 +140,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } @@ -172,9 +168,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/workstation/workstation_card.php b/htdocs/workstation/workstation_card.php index 5b63ca2d481..0cf0f628492 100755 --- a/htdocs/workstation/workstation_card.php +++ b/htdocs/workstation/workstation_card.php @@ -231,11 +231,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -288,9 +284,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } From e93dbcd0c0c311d6c61a44b380779f27525506af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Fri, 20 Aug 2021 14:47:51 +0200 Subject: [PATCH 023/215] make public url more readable --- htdocs/product/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 3f2833fde52..c466e5e5d54 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -2249,7 +2249,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Public URL if (empty($conf->global->PRODUCT_DISABLE_PUBLIC_URL)) { print ''.$langs->trans("PublicUrl").''; - print dol_print_url($object->url); + print dol_print_url($object->url, '_blank', 128); print ''; } From 9d285ea232ed292dd1bd9c6c27219e998914d109 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 20 Aug 2021 21:11:20 +0200 Subject: [PATCH 024/215] Fix: Can delete a price when date is in future to fix corrupted data --- htdocs/product/price.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 61b2be4f837..1b55d6ade64 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -1617,13 +1617,13 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action == 'showlog_defaul elseif ($i > 0) $candelete = 1; print ''; - if ($candelete) - { + if ($candelete || $db->jdate($objp->dp >= dol_now())) { // Test on date is to be able to delete a corrupted record print 'id.'&lineid='.$objp->rowid.'">'; print img_delete(); print ''; - } else + } else { print ' '; // Can not delete last price (it's current price) + } print ''; } From 8bdf58b94263dd0feb7fb152367f2df4b98b5f50 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 20 Aug 2021 21:42:43 +0200 Subject: [PATCH 025/215] FIX #18353 Invoice list translation issue --- htdocs/compta/facture/class/facture.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 9cbfb33e5bd..53c5fe81ee0 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -293,7 +293,7 @@ class Facture extends CommonInvoice 'rowid' =>array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>1), 'ref' =>array('type'=>'varchar(30)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>1, 'position'=>5), 'entity' =>array('type'=>'integer', 'label'=>'Entity', 'default'=>1, 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'position'=>20, 'index'=>1), - 'ref_client' =>array('type'=>'varchar(255)', 'label'=>'Ref client', 'enabled'=>1, 'visible'=>-1, 'position'=>10), + 'ref_client' =>array('type'=>'varchar(255)', 'label'=>'RefCustomer', 'enabled'=>1, 'visible'=>-1, 'position'=>10), 'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'Ref ext', 'enabled'=>1, 'visible'=>0, 'position'=>12), //'ref_int' =>array('type'=>'varchar(255)', 'label'=>'Ref int', 'enabled'=>1, 'visible'=>0, 'position'=>30), // deprecated 'type' =>array('type'=>'smallint(6)', 'label'=>'Type', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>15), From 53af4b007644bfba2460f063af1e6088bee2d56c Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 20 Aug 2021 22:11:26 +0200 Subject: [PATCH 026/215] FIX #18375 SQL Error on tasks statistics --- htdocs/projet/class/taskstats.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/projet/class/taskstats.class.php b/htdocs/projet/class/taskstats.class.php index 8a5234b956f..ac2999aaee7 100644 --- a/htdocs/projet/class/taskstats.class.php +++ b/htdocs/projet/class/taskstats.class.php @@ -60,7 +60,7 @@ class TaskStats extends Stats $sql .= " COUNT(t.rowid), t.priority"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet"; if (!$user->rights->societe->client->voir && !$user->soc_id) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=p.fk_soc AND sc.fk_user=".$user->id; } $sql .= $this->buildWhere(); //$sql .= " AND t.fk_statut <> 0"; // We want historic also, so all task not draft @@ -119,7 +119,7 @@ class TaskStats extends Stats $sql = "SELECT date_format(t.datec,'%Y') as year, COUNT(t.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet"; if (!$user->rights->societe->client->voir && !$user->soc_id) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=p.fk_soc AND sc.fk_user=".$user->id; } $sql .= $this->buildWhere(); $sql .= " GROUP BY year"; @@ -181,7 +181,7 @@ class TaskStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, COUNT(t.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet"; if (!$user->rights->societe->client->voir && !$user->soc_id) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=p.fk_soc AND sc.fk_user=".$user->id; } $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; From bdf8c3ddc6b17e15c828fefb2a4a8be3adb4e999 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 20 Aug 2021 23:26:56 +0200 Subject: [PATCH 027/215] Fix test --- htdocs/product/price.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 1b55d6ade64..0560e4e6fd4 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -1617,7 +1617,7 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action == 'showlog_defaul elseif ($i > 0) $candelete = 1; print ''; - if ($candelete || $db->jdate($objp->dp >= dol_now())) { // Test on date is to be able to delete a corrupted record + if ($candelete || ($db->jdate($objp->dp) >= dol_now())) { // Test on date is to be able to delete a corrupted record with a a date in future print 'id.'&lineid='.$objp->rowid.'">'; print img_delete(); print ''; From 7ca490088a59f8744c9f412f5e5b09f171772b75 Mon Sep 17 00:00:00 2001 From: Christian Foellmann Date: Sat, 21 Aug 2021 19:51:31 +0200 Subject: [PATCH 028/215] fix codestyle issues --- htdocs/core/class/html.form.class.php | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index d7576981cea..fe4d9bd28d3 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -9261,14 +9261,6 @@ class Form * * @return string */ - /** - * @param string $save_label - * @param string $cancel_label - * @param array $morefields - * @param false $withoutdiv - * - * @return string - */ public function buttonsSaveCancel( $save_label = 'Save', $cancel_label = 'Cancel', $morefields = array(), $withoutdiv = 0 ) { global $langs; @@ -9317,7 +9309,8 @@ class Form * * @return string */ - public function button($name, $label, $addclass = '') { + public function button($name, $label, $addclass = '') + { return ''; } } From 3f895f7dc5a3067a5c4c48b8f354298d171a6d2e Mon Sep 17 00:00:00 2001 From: Christian Foellmann Date: Sat, 21 Aug 2021 19:57:52 +0200 Subject: [PATCH 029/215] correct codestyle --- htdocs/core/class/html.form.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index fe4d9bd28d3..459aa248219 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -9261,7 +9261,7 @@ class Form * * @return string */ - public function buttonsSaveCancel( $save_label = 'Save', $cancel_label = 'Cancel', $morefields = array(), $withoutdiv = 0 ) + public function buttonsSaveCancel($save_label = 'Save', $cancel_label = 'Cancel', $morefields = array(), $withoutdiv = 0) { global $langs; @@ -9303,9 +9303,9 @@ class Form /** * Return a button (input submit) * - * @param string $name - * @param string $label - * @param string $addclass + * @param string $name Name + * @param string $label Label of the button + * @param string $addclass Additional css classes * * @return string */ From f020a7dba2627a1bc5a59b16d6f8309a445986d0 Mon Sep 17 00:00:00 2001 From: andreubisquerra Date: Sat, 21 Aug 2021 22:29:18 +0200 Subject: [PATCH 030/215] Update index.php --- htdocs/takepos/index.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index d11a081280c..02f68479750 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -481,6 +481,12 @@ function CloseBill() { $.colorbox({href:"pay.php?place="+place+"&invoiceid="+invoiceid, width:"80%", height:"90%", transition:"none", iframe:"true", title:""}); } +function Split() { + invoiceid = $("#invoiceid").val(); + console.log("Open popup to split on invoiceid="+invoiceid); + $.colorbox({href:"split.php?place="+place+"&invoiceid="+invoiceid, width:"80%", height:"90%", transition:"none", iframe:"true", title:""}); +} + function Floors() { console.log("Open box to select floor place="+place); $.colorbox({href:"floors.php?place="+place, width:"90%", height:"90%", transition:"none", iframe:"true", title:"trans("Floors"); ?>"}); @@ -1040,6 +1046,8 @@ if (getDolGlobalString('TAKEPOS_DIRECT_PAYMENT')) { $menus[$r++] = array('title'=>'
'.$langs->trans("DirectPayment").' ('.$langs->trans("Cash").')
', 'action'=>'DirectPayment();'); } +$menus[$r++] = array('title'=>'
'.$langs->trans("SplitSale").'
', 'action'=>'Split();'); + // BAR RESTAURANT specific menu if (getDolGlobalString('TAKEPOS_BAR_RESTAURANT')) { if ($conf->global->TAKEPOS_ORDER_PRINTERS) { From fc06c557c2d843a9347fb8144bd8465dfb235c16 Mon Sep 17 00:00:00 2001 From: andreubisquerra Date: Sat, 21 Aug 2021 22:30:13 +0200 Subject: [PATCH 031/215] New split.php --- htdocs/takepos/split.php | 225 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 225 insertions(+) create mode 100644 htdocs/takepos/split.php diff --git a/htdocs/takepos/split.php b/htdocs/takepos/split.php new file mode 100644 index 00000000000..4de053513f5 --- /dev/null +++ b/htdocs/takepos/split.php @@ -0,0 +1,225 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/takepos/split.php + * \ingroup takepos + * \brief Page with the content of the popup to split sale + */ + +//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language +//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language +//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); +if (!defined('NOCSRFCHECK')) { + define('NOCSRFCHECK', '1'); +} +if (!defined('NOTOKENRENEWAL')) { + define('NOTOKENRENEWAL', '1'); +} +if (!defined('NOREQUIREMENU')) { + define('NOREQUIREMENU', '1'); +} +if (!defined('NOREQUIREHTML')) { + define('NOREQUIREHTML', '1'); +} +if (!defined('NOREQUIREAJAX')) { + define('NOREQUIREAJAX', '1'); +} + +require '../main.inc.php'; // Load $user and permissions +require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; + +$langs->loadLangs(array("main", "bills", "cashdesk", "banks")); + +$action = GETPOST('action', 'aZ09'); +$place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : 0); + +if (empty($user->rights->takepos->run)) { + accessforbidden(); +} + +if ($action=="split") { + $line = GETPOST('line', 'int'); + $split = GETPOST('split', 'int'); + if ($split==1) { // Split line + $invoice = new Facture($db); + $ret = $invoice->fetch('', '(PROV-POS'.$_SESSION["takeposterminal"].'-SPLIT)'); + if ($ret > 0) { + $placeid = $invoice->id; + } else { + $constforcompanyid = 'CASHDESK_ID_THIRDPARTY'.$_SESSION["takeposterminal"]; + $invoice->socid = $conf->global->$constforcompanyid; + $invoice->date = dol_now(); + $invoice->module_source = 'takepos'; + $invoice->pos_source = $_SESSION["takeposterminal"]; + $invoice->entity = !empty($_SESSION["takeposinvoiceentity"]) ? $_SESSION["takeposinvoiceentity"] : $conf->entity; + if ($invoice->socid <= 0) { + $langs->load('errors'); + dol_htmloutput_errors($langs->trans("ErrorModuleSetupNotComplete", "TakePos"), null, 1); + } else { + $placeid = $invoice->create($user); + if ($placeid < 0) { + dol_htmloutput_errors($invoice->error, $invoice->errors, 1); + } + $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-SPLIT)' where rowid=".$placeid; + $db->query($sql); + } + } + $sql = "UPDATE ".MAIN_DB_PREFIX."facturedet set fk_facture=".$placeid." where rowid=".$line; + $db->query($sql); + } elseif ($split==0) { // Unsplit line + $invoice = new Facture($db); + $ret = $invoice->fetch('', '(PROV-POS'.$_SESSION["takeposterminal"].'-'.$place.')'); + if ($ret > 0) { + $placeid = $invoice->id; + } else { + $constforcompanyid = 'CASHDESK_ID_THIRDPARTY'.$_SESSION["takeposterminal"]; + $invoice->socid = $conf->global->$constforcompanyid; + $invoice->date = dol_now(); + $invoice->module_source = 'takepos'; + $invoice->pos_source = $_SESSION["takeposterminal"]; + $invoice->entity = !empty($_SESSION["takeposinvoiceentity"]) ? $_SESSION["takeposinvoiceentity"] : $conf->entity; + if ($invoice->socid <= 0) { + $langs->load('errors'); + dol_htmloutput_errors($langs->trans("ErrorModuleSetupNotComplete", "TakePos"), null, 1); + } else { + $placeid = $invoice->create($user); + if ($placeid < 0) { + dol_htmloutput_errors($invoice->error, $invoice->errors, 1); + } + $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")' where rowid=".$placeid; + echo $sql; + $db->query($sql); + } + } + $sql = "UPDATE ".MAIN_DB_PREFIX."facturedet set fk_facture=".$placeid." where rowid=".$line; + echo $sql; + $db->query($sql); + } + $invoice->fetch('', '(PROV-POS'.$_SESSION["takeposterminal"].'-SPLIT)'); + $invoice->update_price(); + $invoice->fetch('', '(PROV-POS'.$_SESSION["takeposterminal"].'-'.$place.')'); + $invoice->update_price(); +} + + +/* + * View + */ + +$invoice = new Facture($db); +if ($invoiceid > 0) { + $invoice->fetch($invoiceid); +} else { + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."facture where ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")'"; + $resql = $db->query($sql); + $obj = $db->fetch_object($resql); + if ($obj) { + $invoiceid = $obj->rowid; + } + if (!$invoiceid) { + $invoiceid = 0; // Invoice does not exist yet + } else { + $invoice->fetch($invoiceid); + } +} + +$arrayofcss = array('/takepos/css/pos.css.php', '/takepos/css/split.css.php'); +$arrayofjs = array(); + +$head = ''; +$title = ''; +$disablejs = 0; +$disablehead = 0; + +top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss); + +// Define list of possible payments +$arrayOfValidPaymentModes = array(); +$arrayOfValidBankAccount = array(); + + +?> + +global->TAKEPOS_COLOR_THEME == 1) { + print ''; +} +?> + + + + + +
+
+
+ +
+
+
+ +
+
+
+ +
+
+
+ + + \ No newline at end of file From c4075605dad8fb329ba8f4cacac5cdbbfe4b1c2e Mon Sep 17 00:00:00 2001 From: andreubisquerra Date: Sat, 21 Aug 2021 22:31:03 +0200 Subject: [PATCH 032/215] CSS --- htdocs/takepos/css/pos.css.php | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/htdocs/takepos/css/pos.css.php b/htdocs/takepos/css/pos.css.php index 66c65edb622..5e2afdf0094 100644 --- a/htdocs/takepos/css/pos.css.php +++ b/htdocs/takepos/css/pos.css.php @@ -757,3 +757,36 @@ div#moreinfo, div#infowarehouse { text-align: center; margin: 2px; } + +.splitsale { + float: left; + width: 100%; + height: 100%; + overflow: auto; +} + +.rowsplit { + width: 100%; + height: 40%; +} + +.headersplit { + height: 10%; + width: 100%; + padding: 10px; +} + +.headercontent { + margin: auto; + width: 50%; + border: 3px solid black; + text-align: center; + font-size: 150%; + background-color: rgb(233,234,237); +} + +.row:after { + content: ""; + display: table; + clear: both; +} From a6bdff59c9a4d0868d74c9aa2585a082dd22fde5 Mon Sep 17 00:00:00 2001 From: andreubisquerra Date: Sat, 21 Aug 2021 22:31:54 +0200 Subject: [PATCH 033/215] Update lang --- htdocs/langs/en_US/cashdesk.lang | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/langs/en_US/cashdesk.lang b/htdocs/langs/en_US/cashdesk.lang index 80e6c564767..52dc71d140c 100644 --- a/htdocs/langs/en_US/cashdesk.lang +++ b/htdocs/langs/en_US/cashdesk.lang @@ -129,3 +129,4 @@ WeighingScale=Weighing scale ShowPriceHT = Display the column with the price excluding tax (on screen) ShowPriceHTOnReceipt = Display the column with the price excluding tax (on the receipt) CustomerDisplay=Customer display +SplitSale=Split sale From ff3f85b2148b2b97b9ec3cde92d380fea61ff702 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 22 Aug 2021 01:44:52 +0200 Subject: [PATCH 034/215] Fix case sensitive --- htdocs/core/lib/functions.lib.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 9a6a8b9b140..3e6bcd9d5d1 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1320,8 +1320,8 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta if (count($tmparrayoftags)) { foreach ($tmparrayoftags as $tagtoreplace) { - $tmp = str_replace('<'.$tagtoreplace.'>', '__BEGINTAGTOREPLACE'.$tagtoreplace.'__', $tmp); - $tmp = str_replace('', '__ENDTAGTOREPLACE'.$tagtoreplace.'__', $tmp); + $tmp = str_ireplace('<'.$tagtoreplace.'>', '__BEGINTAGTOREPLACE'.$tagtoreplace.'__', $tmp); + $tmp = str_ireplace('', '__ENDTAGTOREPLACE'.$tagtoreplace.'__', $tmp); } } @@ -1329,8 +1329,8 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta if (count($tmparrayoftags)) { foreach ($tmparrayoftags as $tagtoreplace) { - $result = str_replace('__BEGINTAGTOREPLACE'.$tagtoreplace.'__', '<'.$tagtoreplace.'>', $result); - $result = str_replace('__ENDTAGTOREPLACE'.$tagtoreplace.'__', '', $result); + $result = str_ireplace('__BEGINTAGTOREPLACE'.$tagtoreplace.'__', '<'.$tagtoreplace.'>', $result); + $result = str_ireplace('__ENDTAGTOREPLACE'.$tagtoreplace.'__', '', $result); } } From b4096dc057bfef44770802854e17ec90ef1a859a Mon Sep 17 00:00:00 2001 From: henrynopo Date: Sun, 22 Aug 2021 13:26:46 +0800 Subject: [PATCH 035/215] Fix error of supplier invoice (variable amount) This update fixed the coding error for addline of deposit invoice for variable amount. In addition, there is no invoice template for supplier invoice, so I also corrected the respective description. --- htdocs/fourn/facture/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index b39041542eb..491090a5d3e 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -861,7 +861,7 @@ if (empty($reshook)) { } } - // Standard invoice or Deposit invoice, created from a Predefined template invoice + // Standard invoice or Deposit invoice, not from a Predefined template invoice if (GETPOST('type') == FactureFournisseur::TYPE_STANDARD || GETPOST('type') == FactureFournisseur::TYPE_DEPOSIT) { if (GETPOST('socid', 'int') < 1) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('Supplier')), null, 'errors'); @@ -1085,12 +1085,12 @@ if (empty($reshook)) { 1, 0, 0, - 0, null, $object->origin, 0, '', $lines[$i]->special_code, + 0, 0 //,$langs->trans('Deposit') //Deprecated ); From 665dfb48e44a2b5339edb13a765773ead8467baf Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Sun, 22 Aug 2021 11:40:32 +0200 Subject: [PATCH 036/215] fix : Undefined property: stdClass:: in C:\wamp64\www\dolibarr-140\htdocs\comm\propal\card.php on line 125 --- htdocs/comm/propal/card.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 163581221a8..e77910d784d 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -6,7 +6,7 @@ * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2006 Andre Cianfarani * Copyright (C) 2010-2016 Juanjo Menent - * Copyright (C) 2010-2018 Philippe Grand + * Copyright (C) 2010-2021 Philippe Grand * Copyright (C) 2012-2013 Christophe Battarel * Copyright (C) 2012 Cedric Salvador * Copyright (C) 2013-2014 Florian Henry @@ -121,7 +121,9 @@ $usercansend = (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights-> $usercancreateorder = $user->rights->commande->creer; $usercancreateinvoice = $user->rights->facture->creer; $usercancreatecontract = $user->rights->contrat->creer; -$usercancreateintervention = $user->rights->ficheinter->creer; +if (!empty($conf->ficheinter->enabled)) { + $usercancreateintervention = $user->rights->ficheinter->creer; +} $usercancreatepurchaseorder = ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer); $permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc.php From 6619099be9518de92b6c02f53b11515e8308e1ef Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Sun, 22 Aug 2021 12:05:30 +0200 Subject: [PATCH 037/215] fix : Undefined property: stdClass:: in C:\wamp64\www\dolibarr-140\htdocs\core\actions_builddoc.inc.php on line 69 --- htdocs/core/actions_builddoc.inc.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/core/actions_builddoc.inc.php b/htdocs/core/actions_builddoc.inc.php index 63cac253976..7cde7e6f886 100644 --- a/htdocs/core/actions_builddoc.inc.php +++ b/htdocs/core/actions_builddoc.inc.php @@ -66,13 +66,13 @@ if ($action == 'builddoc' && $permissiontoadd) { $outputlangs = $langs; $newlang = ''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id', 'aZ09')) { + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang) && GETPOST('lang_id', 'aZ09')) { $newlang = GETPOST('lang_id', 'aZ09'); } - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && isset($object->thirdparty->default_lang)) { + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang) && isset($object->thirdparty->default_lang)) { $newlang = $object->thirdparty->default_lang; // for proposal, order, invoice, ... } - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && isset($object->default_lang)) { + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang) && isset($object->default_lang)) { $newlang = $object->default_lang; // for thirdparty } if (!empty($newlang)) { From 2e3b9fce49ddcbbc8301d35ae91b20d2b6feb9ea Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Sun, 22 Aug 2021 12:18:26 +0200 Subject: [PATCH 038/215] fix : Undefined array key 4 in C:\wamp64\www\dolibarr-140\htdocs\core\class\extrafields.class.php on line 1721 --- htdocs/core/class/extrafields.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index f6a5ba93d61..f64a1b44eb0 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1718,7 +1718,7 @@ class ExtraFields $sql = 'SELECT '.$keyList; $sql .= ' FROM '.MAIN_DB_PREFIX.$InfoFieldList[0]; - if (strpos($InfoFieldList[4], 'extra') !== false) { + if (!empty($InfoFieldList[4]) && strpos($InfoFieldList[4], 'extra') !== false) { $sql .= ' as main'; } if ($selectkey == 'rowid' && empty($value)) { From dd51e24afc5586889c14065856a4459e4941db69 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sun, 22 Aug 2021 14:01:29 +0200 Subject: [PATCH 039/215] FIX Field already present in SQL request --- htdocs/compta/facture/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index f25b2b05975..c2094cbc7ed 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -723,7 +723,7 @@ if (!$sall) { $sql .= ' f.paye, f.fk_statut, f.close_code,'; $sql .= ' f.datec, f.tms, f.date_closing,'; $sql .= ' f.retained_warranty, f.retained_warranty_date_limit, f.situation_final, f.situation_cycle_ref, f.situation_counter,'; - $sql .= ' f.fk_user_author, f.fk_multicurrency, f.multicurrency_code, f.multicurrency_tx, f.multicurrency_total_ht, f.multicurrency_total_tva,'; + $sql .= ' f.fk_user_author, f.fk_multicurrency, f.multicurrency_code, f.multicurrency_tx, f.multicurrency_total_ht,'; $sql .= ' f.multicurrency_total_tva, f.multicurrency_total_ttc,'; $sql .= ' s.rowid, s.nom, s.name_alias, s.email, s.phone, s.fax, s.address, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur,'; $sql .= ' typent.code,'; From 56c23b79e0c917f921dab742fb28b27d5202621d Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sun, 22 Aug 2021 14:02:33 +0200 Subject: [PATCH 040/215] FIX Invoice list - Wrong name for column total_tva --- htdocs/compta/facture/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index c2094cbc7ed..b85440c37f3 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -1868,7 +1868,7 @@ if ($resql) { } // Amount VAT if (!empty($arrayfields['f.total_tva']['checked'])) { - print ''.price($obj->total_vat)."\n"; + print ''.price($obj->total_tva)."\n"; if (!$i) { $totalarray['nbfield']++; } From fe17c13a5f20d16cc3958864c477ad855676343c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 22 Aug 2021 19:22:47 +0200 Subject: [PATCH 041/215] FIX an approved holiday can be canceled by an admin. --- htdocs/holiday/card.php | 58 +++++++++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 16 deletions(-) diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index ffbd3204459..729b4653f64 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -49,7 +49,7 @@ $ref = GETPOST('ref', 'alpha'); $fuserid = (GETPOST('fuserid', 'int') ?GETPOST('fuserid', 'int') : $user->id); // Load translation files required by the page -$langs->loadLangs(array("other", "holiday", "mails")); +$langs->loadLangs(array("other", "holiday", "mails", "trips")); $now = dol_now(); @@ -255,6 +255,7 @@ if (empty($reshook)) } } + // If update and we are an approver, we can update with another approver if ($action == 'update' && GETPOSTISSET('savevalidator') && !empty($user->rights->holiday->approve)) { $object->fetch($id); @@ -310,6 +311,8 @@ if (empty($reshook)) if ($cancreate) { $valideur = GETPOST('valideur', 'int'); + // TODO Check this user id has the permission for approval + $description = trim(GETPOST('description', 'restricthtml')); // If no start date @@ -760,7 +763,7 @@ if (empty($reshook)) } } - // Si confirmation of cancellation + // If confirmation of cancellation if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes') { $error = 0; @@ -768,8 +771,8 @@ if (empty($reshook)) $object->fetch($id); // Si statut en attente de validation et valideur = valideur ou utilisateur, ou droits de faire pour les autres - if (($object->statut == Holiday::STATUS_VALIDATED || $object->statut == Holiday::STATUS_APPROVED) && ($user->id == $object->fk_validator || in_array($object->fk_user, $childids) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance)))) + if (($object->statut == Holiday::STATUS_VALIDATED || $object->statut == Holiday::STATUS_APPROVED) && + (!empty($user->admin) || $user->id == $object->fk_validator || in_array($object->fk_user, $childids) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance)))) { $db->begin(); @@ -1468,30 +1471,53 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') print '
'; - if ($cancreate && $object->statut == Holiday::STATUS_DRAFT) - { + if ($cancreate && $object->statut == Holiday::STATUS_DRAFT) { print ''.$langs->trans("EditCP").''; } - if ($cancreate && $object->statut == Holiday::STATUS_DRAFT) // If draft - { + + if ($cancreate && $object->statut == Holiday::STATUS_DRAFT) { // If draft print ''.$langs->trans("Validate").''; } - if ($object->statut == Holiday::STATUS_VALIDATED) // If validated - { - if ($user->id == $object->fk_validator) - { + + if ($object->statut == Holiday::STATUS_VALIDATED) { // If validated + // Button Approve / Refuse + if ($user->id == $object->fk_validator) { print ''.$langs->trans("Approve").''; print ''.$langs->trans("ActionRefuseCP").''; } else { print ''.$langs->trans("Approve").''; print ''.$langs->trans("ActionRefuseCP").''; + + // Button Cancel + if (in_array($object->fk_user, $childids) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance))) { + if (($object->date_debut > dol_now()) || !empty($user->admin)) { + print ''.$langs->trans("ActionCancelCP").''; + } else { + print 'trans("NotAllowed").'">'.$langs->trans("ActionCancelCP").''; + } + } } } - if (($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance))) && ($object->statut == 2 || $object->statut == 3)) // Status validated or approved - { - if (($object->date_debut > dol_now()) || $user->admin) print ''.$langs->trans("ActionCancelCP").''; - else print ''.$langs->trans("ActionCancelCP").''; + + if ($object->statut == Holiday::STATUS_APPROVED) { // If validated or approved + if ($user->id == $object->fk_validator + || in_array($object->fk_user, $childids) + || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance))) { + if (($object->date_debut > dol_now()) || !empty($user->admin)) { + print ''.$langs->trans("ActionCancelCP").''; + } else { + print 'trans("NotAllowed").'">'.$langs->trans("ActionCancelCP").''; + } + } else { // I have no rights on the user of the holiday. + if (!empty($user->admin)) { // If current validator can't cancel an approved leave, we allow admin user + print ''.$langs->trans("ActionCancelCP").''; + } else { + print ''.$langs->trans("ActionCancelCP").''; + } + } } + + if ($cancreate && $object->statut == Holiday::STATUS_CANCELED) { print ''.$langs->trans("SetToDraft").''; From 538b2e2a5f1a780973d4102690ba0a40f36556af Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Sun, 22 Aug 2021 19:47:06 +0200 Subject: [PATCH 042/215] fix : Undefined property: stdClass:: in C:\wamp64\www\dolibarr-140\htdocs\core\class\commonobject.class.php on line 1705 --- htdocs/core/class/commonobject.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 4d3c39027ac..00306939cdb 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1701,7 +1701,7 @@ abstract class CommonObject $idtype = $this->barcode_type; if (empty($idtype) && $idtype != '0') { // If type of barcode no set, we try to guess. If set to '0' it means we forced to have type remain not defined - if ($this->element == 'product') { + if ($this->element == 'product' && !empty($conf->global->PRODUIT_DEFAULT_BARCODE_TYPE)) { $idtype = $conf->global->PRODUIT_DEFAULT_BARCODE_TYPE; } elseif ($this->element == 'societe') { $idtype = $conf->global->GENBARCODE_BARCODETYPE_THIRDPARTY; From 16f2a53fb8e3e94b6bdec4ffea3b52d3fe7880e5 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Sun, 22 Aug 2021 21:52:57 +0200 Subject: [PATCH 043/215] fix : Undefined property: stdClass:: in C:\wamp64\www\dolibarr-140\htdocs\product\class\propalmergepdfproduct.class.php on line 236 --- htdocs/product/class/propalmergepdfproduct.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index 67c24ac37c8..a37ca09101b 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -233,7 +233,7 @@ class Propalmergepdfproduct extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t"; $sql .= " WHERE t.fk_product = ".((int) $product_id); - if ($conf->global->MAIN_MULTILANGS && !empty($lang)) { + if (!empty($conf->global->MAIN_MULTILANGS) && !empty($lang)) { $sql .= " AND t.lang = '".$this->db->escape($lang)."'"; } From e439e0f14dd1d85cc5d99dfbbc36191a3e92ef36 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Sun, 22 Aug 2021 21:55:00 +0200 Subject: [PATCH 044/215] fix : Undefined property: stdClass:: in C:\wamp64\www\dolibarr-140\htdocs\product\class\propalmergepdfproduct.class.php on line 251 --- htdocs/product/class/propalmergepdfproduct.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index a37ca09101b..6d15968af83 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -248,7 +248,7 @@ class Propalmergepdfproduct extends CommonObject $line->fk_product = $obj->fk_product; $line->file_name = $obj->file_name; - if ($conf->global->MAIN_MULTILANGS) { + if (!empty($conf->global->MAIN_MULTILANGS)) { $line->lang = $obj->lang; } $line->fk_user_author = $obj->fk_user_author; From ba9ede39bfa08ed26b425b0c6d6da8d854ed235d Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Sun, 22 Aug 2021 22:28:53 +0200 Subject: [PATCH 045/215] fix : Undefined property: stdClass:: in C:\wamp64\www\dolibarr-140\htdocs\comm\propal\card.php on line 265 --- htdocs/comm/propal/card.php | 4 ++-- htdocs/product/class/propalmergepdfproduct.class.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index e77910d784d..f69f41400c7 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -262,10 +262,10 @@ if (empty($reshook)) { if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) { $outputlangs = $langs; $newlang = ''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id', 'aZ09')) { + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang) && GETPOST('lang_id', 'aZ09')) { $newlang = GETPOST('lang_id', 'aZ09'); } - if ($conf->global->MAIN_MULTILANGS && empty($newlang)) { + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang)) { $newlang = $object->thirdparty->default_lang; } if (!empty($newlang)) { diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index 6d15968af83..5892a4fe810 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -258,7 +258,7 @@ class Propalmergepdfproduct extends CommonObject $line->import_key = $obj->import_key; - if ($conf->global->MAIN_MULTILANGS) { + if (!empty($conf->global->MAIN_MULTILANGS)) { $this->lines[$obj->file_name.'_'.$obj->lang] = $line; } else { $this->lines[$obj->file_name] = $line; From b5a4c5810643280d0c2359b1008bc961c24a420c Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sun, 22 Aug 2021 22:42:40 +0200 Subject: [PATCH 046/215] FIX Supplier invoice list - Wrong language key used --- htdocs/fourn/facture/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 5e4cc3fc05e..cee4f7eca9b 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -191,7 +191,7 @@ $arrayfields = array( 'f.total_localtax2'=>array('label'=>$langs->transcountry("AmountLT2", $mysoc->country_code), 'checked'=>0, 'enabled'=>$mysoc->localtax2_assuj == "1", 'position'=>100), 'f.total_ttc'=>array('label'=>$langs->trans("AmountTTC"), 'checked'=>0, 'position'=>115), 'u.login'=>array('label'=>"Author", 'checked'=>1), - 'dynamount_payed'=>array('label'=>$langs->trans("Payed"), 'checked'=>0), + 'dynamount_payed'=>array('label'=>$langs->trans("Paid"), 'checked'=>0), 'rtp'=>array('label'=>$langs->trans("Rest"), 'checked'=>0), 'f.multicurrency_code'=>array('label'=>'Currency', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1)), 'f.multicurrency_tx'=>array('label'=>'CurrencyRate', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1)), From 7baf98dbfa8d43b93fff85e12d2e9eb8748daac0 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Sun, 22 Aug 2021 23:15:36 +0200 Subject: [PATCH 047/215] fix : Undefined property: Conf:: in C:\wamp64\www\dolibarr-140\htdocs\core\class\html.form.class.php on line 7957 --- htdocs/core/class/html.form.class.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 07abdb4b465..f452216d93f 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -10,7 +10,7 @@ * Copyright (C) 2007 Franky Van Liedekerke * Copyright (C) 2007 Patrick Raguin * Copyright (C) 2010 Juanjo Menent - * Copyright (C) 2010-2019 Philippe Grand + * Copyright (C) 2010-2021 Philippe Grand * Copyright (C) 2011 Herve Prot * Copyright (C) 2012-2016 Marcos García * Copyright (C) 2012 Cedric Salvador @@ -7855,6 +7855,11 @@ class Form if (empty($conf->expedition->enabled)) { continue; // Do not show if module disabled } + } elseif ($objecttype == 'ficheinter') { + $tplpath = 'fichinter'; + if (empty($conf->ficheinter->enabled)) { + continue; // Do not show if module disabled + } } elseif ($objecttype == 'invoice_supplier') { $tplpath = 'fourn/facture'; } elseif ($objecttype == 'order_supplier') { From f88fdbe71d89b6007c212ccf6e55b192ddde00e0 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Mon, 23 Aug 2021 10:12:28 +0200 Subject: [PATCH 048/215] FIX : for php8 compliance --- htdocs/core/modules/modFicheinter.class.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/htdocs/core/modules/modFicheinter.class.php b/htdocs/core/modules/modFicheinter.class.php index af99e6f646f..c8f9add05f6 100644 --- a/htdocs/core/modules/modFicheinter.class.php +++ b/htdocs/core/modules/modFicheinter.class.php @@ -77,6 +77,11 @@ class modFicheinter extends DolibarrModules $this->const = array(); $r = 0; + if (!isset($conf->ficheinter) || !isset($conf->ficheinter->enabled)) { + $conf->ficheinter = new stdClass(); + $conf->ficheinter->enabled = 0; + } + $this->const[$r][0] = "FICHEINTER_ADDON_PDF"; $this->const[$r][1] = "chaine"; $this->const[$r][2] = "soleil"; From 0325b68bfbe23586ee0efb7018acf16a6bd11e4a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 10:17:36 +0200 Subject: [PATCH 049/215] Fix missing autoselect --- htdocs/admin/agenda_xcal.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/htdocs/admin/agenda_xcal.php b/htdocs/admin/agenda_xcal.php index 59dd1bf1ac2..f42cb5c842f 100644 --- a/htdocs/admin/agenda_xcal.php +++ b/htdocs/admin/agenda_xcal.php @@ -165,24 +165,27 @@ $urlvcal = ''.$langs->trans("WebCalUrlForVCalExport", 'vcal', '').''); $message .= '
'; -$message .= ''; +$message .= ''; $message .= '
'; +$message .= ajax_autoselect('onlinepaymenturl1'); $message .= '
'; $urlical = ''; $urlical .= $urlwithroot.'/public/agenda/agendaexport.php?format=ical&type=event'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : 'KEYNOTDEFINED').''; $message .= img_picto('', 'globe').' '.str_replace('{url}', $urlical, ''.$langs->trans("WebCalUrlForVCalExport", 'ical/ics', '').''); $message .= '
'; -$message .= ''; +$message .= ''; $message .= '
'; +$message .= ajax_autoselect('onlinepaymenturl2'); $message .= '
'; $urlrss = ''; $urlrss .= $urlwithroot.'/public/agenda/agendaexport.php?format=rss'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : 'KEYNOTDEFINED').''; $message .= img_picto('', 'globe').' '.str_replace('{url}', $urlrss, ''.$langs->trans("WebCalUrlForVCalExport", 'rss', '').''); $message .= '
'; -$message .= ''; +$message .= ''; $message .= '
'; +$message .= ajax_autoselect('onlinepaymenturl3'); $message .= '
'; print $message; From 7c2d19ffafac11cc9afa0dc31d70eafcfc3fed67 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Mon, 23 Aug 2021 10:20:22 +0200 Subject: [PATCH 050/215] FIX : indentation --- htdocs/core/modules/modBlockedLog.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/modules/modBlockedLog.class.php b/htdocs/core/modules/modBlockedLog.class.php index 9a90fa945bb..0c645099f56 100644 --- a/htdocs/core/modules/modBlockedLog.class.php +++ b/htdocs/core/modules/modBlockedLog.class.php @@ -170,9 +170,9 @@ class modBlockedLog extends DolibarrModules $sql = array(); // If already used, we add an entry to show we enable module - require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/blockedlog.class.php'; + require_once DOL_DOCUMENT_ROOT . '/blockedlog/class/blockedlog.class.php'; - $object = new stdClass(); + $object = new stdClass(); $object->id = 1; $object->element = 'module'; $object->ref = 'systemevent'; From 34c199173096686b01f65af9d59b4d2fcdfd23df Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 11:32:25 +0200 Subject: [PATCH 051/215] NEW Add param $nolog to avoid logging into dol_delete_recursive_dir() --- htdocs/core/lib/files.lib.php | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index fd830d47eb1..a9c9d7b8b5b 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1159,10 +1159,11 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable * @param object $object Current object in use * @param boolean $allowdotdot Allow to delete file path with .. inside. Never use this, it is reserved for migration purpose. * @param int $indexdatabase Try to remove also index entries. + * @param int $nolog Disable log file * @return boolean True if no error (file is deleted or if glob is used and there's nothing to delete), False if error * @see dol_delete_dir() */ -function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1) +function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1, $nolog = 0) { global $db, $conf, $user, $langs; global $hookmanager; @@ -1170,7 +1171,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, // Load translation files required by the page $langs->loadLangs(array('other', 'errors')); - dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook); + if (empty($nolog)) { + dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook); + } // Security: // We refuse transversal using .. and pipes into filenames. @@ -1304,11 +1307,15 @@ function dol_delete_dir($dir, $nophperrors = 0) * @param int $nophperrors Disable all PHP output errors * @param int $onlysub Delete only files and subdir, not main directory * @param int $countdeleted Counter to count nb of elements found really deleted + * @param int $indexdatabase Try to remove also index entries. + * @param int $nolog Disable log files (too verbose when making recursive directories) * @return int Number of files and directory we try to remove. NB really removed is returned into var by reference $countdeleted. */ -function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0) +function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0, $indexdatabase = 1, $nolog = 0) { - dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG); + } if (dol_is_dir($dir)) { $dir_osencoded = dol_osencode($dir); if ($handle = opendir("$dir_osencoded")) { @@ -1319,9 +1326,9 @@ function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = if ($item != "." && $item != "..") { if (is_dir(dol_osencode("$dir/$item")) && !is_link(dol_osencode("$dir/$item"))) { - $count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted); + $count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted, $indexdatabase, $nolog); } else { - $result = dol_delete_file("$dir/$item", 1, $nophperrors); + $result = dol_delete_file("$dir/$item", 1, $nophperrors, 0, null, false, $indexdatabase, $nolog); $count++; if ($result) { $countdeleted++; @@ -1332,6 +1339,7 @@ function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = } closedir($handle); + // Delete also the main directory if (empty($onlysub)) { $result = dol_delete_dir($dir, $nophperrors); $count++; From eec5fba3333104bc06a221f0f4cf527cb283f46a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 11:51:01 +0200 Subject: [PATCH 052/215] Fix can add a redirection into the executeCLI method. --- htdocs/core/class/utils.class.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index bdd6cc2b83a..7902b069b94 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -593,12 +593,14 @@ class Utils /** * Execute a CLI command. * - * @param string $command Command line to execute. - * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; - * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method - * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. + * @param string $command Command line to execute. + * Warning: The command line is sanitize so can't contains any redirection char '>'. Use param $redirectionfile if you need it. + * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; + * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method + * @param string $redirectionfile If defined, file to redirect output to. + * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. */ - public function executeCLI($command, $outputfile, $execmethod = 0) + public function executeCLI($command, $outputfile, $execmethod = 0, $redirectionfile = null) { global $conf, $langs; @@ -607,6 +609,9 @@ class Utils $error = ''; $command = escapeshellcmd($command); + if ($redirectionfile) { + $command .= " > ".dol_sanitizePathName($redirectionfile); + } $command .= " 2>&1"; if (!empty($conf->global->MAIN_EXEC_USE_POPEN)) { From cced15e50ab430bb9ce9d2a8e763787cb3523296 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 11:58:14 +0200 Subject: [PATCH 053/215] Fix option $nolog --- htdocs/core/lib/files.lib.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index a9c9d7b8b5b..330e260a327 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1229,7 +1229,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, } if ($ok) { - dol_syslog("Removed file ".$filename, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("Removed file ".$filename, LOG_DEBUG); + } // Delete entry into ecm database $rel_filetodelete = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filename); @@ -1267,7 +1269,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $ok = unlink($file_osencoded); } if ($ok) { - dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG); + } } else { dol_syslog("Failed to remove file ".$file_osencoded, LOG_WARNING); } From 8c017b940641cd4afdd1e1e226573af5f15d8303 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 12:18:04 +0200 Subject: [PATCH 054/215] Sanitize $ and ; for filesystem path (like files). --- htdocs/core/lib/functions.lib.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 01c199b4ffd..2f3d534d7cc 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1069,7 +1069,7 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1) // List of special chars for filenames in windows are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file // Char '>' '<' '|' '$' and ';' are special chars for shells. // Char '/' and '\' are file delimiters. - // -- car can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command + // Chars '--' can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command $filesystem_forbidden_chars = array('<', '>', '/', '\\', '?', '*', '|', '"', ':', '°', '$', ';'); $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); @@ -1090,7 +1090,10 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1) */ function dol_sanitizePathName($str, $newstr = '_', $unaccent = 1) { - $filesystem_forbidden_chars = array('<', '>', '?', '*', '|', '"', '°'); + // List of special chars for filenames in windows are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file + // Char '>' '<' '|' '$' and ';' are special chars for shells. + // Chars '--' can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command + $filesystem_forbidden_chars = array('<', '>', '?', '*', '|', '"', '°', '$', ';'); $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); $tmp = preg_replace('/\s+\-/', ' _', $tmp); From b0817e132f5aebc932e823203a42fb06672b6f21 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 12:19:16 +0200 Subject: [PATCH 055/215] FIX Add option $noescapecommand in executeCLI for better compatibility --- htdocs/core/class/utils.class.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index 7902b069b94..5371d917022 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -597,10 +597,12 @@ class Utils * Warning: The command line is sanitize so can't contains any redirection char '>'. Use param $redirectionfile if you need it. * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method - * @param string $redirectionfile If defined, file to redirect output to. + * @param string $redirectionfile If defined, a redirection of output to this files is added. + * @param int $noescapecommand 1=Do not escape command. Warning: Using this parameter need you alreay sanitized the command. if not, it will lead to security vulnerability. + * This parameter is provided for backward compatibility with external modules. Always use 0 in core. * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. */ - public function executeCLI($command, $outputfile, $execmethod = 0, $redirectionfile = null) + public function executeCLI($command, $outputfile, $execmethod = 0, $redirectionfile = null, $noescapecommand = 0) { global $conf, $langs; @@ -608,7 +610,9 @@ class Utils $output = ''; $error = ''; - $command = escapeshellcmd($command); + if (empty($noescapecommand)) { + $command = escapeshellcmd($command); + } if ($redirectionfile) { $command .= " > ".dol_sanitizePathName($redirectionfile); } From fdffc0c13a55cc2c4e6b877af5c736e075a5d449 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 11:32:25 +0200 Subject: [PATCH 056/215] NEW Add param $nolog to avoid logging into dol_delete_recursive_dir() --- htdocs/core/lib/files.lib.php | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 3c35bcda2a9..a5f61a60aac 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1159,10 +1159,11 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable * @param object $object Current object in use * @param boolean $allowdotdot Allow to delete file path with .. inside. Never use this, it is reserved for migration purpose. * @param int $indexdatabase Try to remove also index entries. + * @param int $nolog Disable log file * @return boolean True if no error (file is deleted or if glob is used and there's nothing to delete), False if error * @see dol_delete_dir() */ -function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1) +function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1, $nolog = 0) { global $db, $conf, $user, $langs; global $hookmanager; @@ -1170,7 +1171,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, // Load translation files required by the page $langs->loadLangs(array('other', 'errors')); - dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook); + if (empty($nolog)) { + dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook); + } // Security: // We refuse transversal using .. and pipes into filenames. @@ -1304,11 +1307,15 @@ function dol_delete_dir($dir, $nophperrors = 0) * @param int $nophperrors Disable all PHP output errors * @param int $onlysub Delete only files and subdir, not main directory * @param int $countdeleted Counter to count nb of elements found really deleted + * @param int $indexdatabase Try to remove also index entries. + * @param int $nolog Disable log files (too verbose when making recursive directories) * @return int Number of files and directory we try to remove. NB really removed is returned into var by reference $countdeleted. */ -function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0) +function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0, $indexdatabase = 1, $nolog = 0) { - dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG); + } if (dol_is_dir($dir)) { $dir_osencoded = dol_osencode($dir); if ($handle = opendir("$dir_osencoded")) { @@ -1319,9 +1326,9 @@ function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = if ($item != "." && $item != "..") { if (is_dir(dol_osencode("$dir/$item")) && !is_link(dol_osencode("$dir/$item"))) { - $count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted); + $count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted, $indexdatabase, $nolog); } else { - $result = dol_delete_file("$dir/$item", 1, $nophperrors); + $result = dol_delete_file("$dir/$item", 1, $nophperrors, 0, null, false, $indexdatabase, $nolog); $count++; if ($result) { $countdeleted++; @@ -1332,6 +1339,7 @@ function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = } closedir($handle); + // Delete also the main directory if (empty($onlysub)) { $result = dol_delete_dir($dir, $nophperrors); $count++; From 227f01b0006adb62cd5697ca5e537bc8463337bc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 11:51:01 +0200 Subject: [PATCH 057/215] Fix can add a redirection into the executeCLI method. --- htdocs/core/class/utils.class.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index bdd6cc2b83a..7902b069b94 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -593,12 +593,14 @@ class Utils /** * Execute a CLI command. * - * @param string $command Command line to execute. - * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; - * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method - * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. + * @param string $command Command line to execute. + * Warning: The command line is sanitize so can't contains any redirection char '>'. Use param $redirectionfile if you need it. + * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; + * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method + * @param string $redirectionfile If defined, file to redirect output to. + * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. */ - public function executeCLI($command, $outputfile, $execmethod = 0) + public function executeCLI($command, $outputfile, $execmethod = 0, $redirectionfile = null) { global $conf, $langs; @@ -607,6 +609,9 @@ class Utils $error = ''; $command = escapeshellcmd($command); + if ($redirectionfile) { + $command .= " > ".dol_sanitizePathName($redirectionfile); + } $command .= " 2>&1"; if (!empty($conf->global->MAIN_EXEC_USE_POPEN)) { From 041784876d92e721c1d3a3c20b1f3e3f9e67c667 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 11:58:14 +0200 Subject: [PATCH 058/215] Fix option $nolog --- htdocs/core/lib/files.lib.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index a5f61a60aac..9db9379523e 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1229,7 +1229,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, } if ($ok) { - dol_syslog("Removed file ".$filename, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("Removed file ".$filename, LOG_DEBUG); + } // Delete entry into ecm database $rel_filetodelete = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filename); @@ -1267,7 +1269,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $ok = unlink($file_osencoded); } if ($ok) { - dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG); + } } else { dol_syslog("Failed to remove file ".$file_osencoded, LOG_WARNING); } From 983d7e51774de945468d16ea575c1179070b9659 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 12:19:16 +0200 Subject: [PATCH 059/215] FIX Add option $noescapecommand in executeCLI for better compatibility --- htdocs/core/class/utils.class.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index 7902b069b94..5371d917022 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -597,10 +597,12 @@ class Utils * Warning: The command line is sanitize so can't contains any redirection char '>'. Use param $redirectionfile if you need it. * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method - * @param string $redirectionfile If defined, file to redirect output to. + * @param string $redirectionfile If defined, a redirection of output to this files is added. + * @param int $noescapecommand 1=Do not escape command. Warning: Using this parameter need you alreay sanitized the command. if not, it will lead to security vulnerability. + * This parameter is provided for backward compatibility with external modules. Always use 0 in core. * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. */ - public function executeCLI($command, $outputfile, $execmethod = 0, $redirectionfile = null) + public function executeCLI($command, $outputfile, $execmethod = 0, $redirectionfile = null, $noescapecommand = 0) { global $conf, $langs; @@ -608,7 +610,9 @@ class Utils $output = ''; $error = ''; - $command = escapeshellcmd($command); + if (empty($noescapecommand)) { + $command = escapeshellcmd($command); + } if ($redirectionfile) { $command .= " > ".dol_sanitizePathName($redirectionfile); } From a25346e30244aca0d86a36e9f982aad06cc6f247 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 15:00:29 +0200 Subject: [PATCH 060/215] FIX Date of payment of subscription must not be set to 1970-01-01. Fix look and feel v14 --- htdocs/adherents/card.php | 4 ++-- htdocs/adherents/subscription.php | 19 ++++++++++--------- htdocs/core/lib/company.lib.php | 13 +++++++++++++ htdocs/core/lib/member.lib.php | 16 +--------------- htdocs/societe/partnership.php | 3 +++ 5 files changed, 29 insertions(+), 26 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 7c5d074d51e..fc019ae53f5 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -1822,7 +1822,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $result = $company->fetch($object->socid); print $company->getNomUrl(1); } else { - print $langs->trans("NoThirdPartyAssociatedToMember"); + print ''.$langs->trans("NoThirdPartyAssociatedToMember").''; } } print ''; @@ -1846,7 +1846,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { } print ''; - //VCard + // VCard print ''; print $langs->trans("VCard").''; print ''; diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 7f8da3a33b3..14b71a3c950 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -209,7 +209,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! // Subscription informations $datesubscription = 0; $datesubend = 0; - $paymentdate = 0; + $paymentdate = ''; // Do not use 0 here, default value is '' that means not filled where 0 means 1970-01-01 if (GETPOST("reyear", "int") && GETPOST("remonth", "int") && GETPOST("reday", "int")) { $datesubscription = dol_mktime(0, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int")); } @@ -602,7 +602,7 @@ if ($rowid > 0) { $result = $company->fetch($object->fk_soc); print $company->getNomUrl(1); } else { - print $langs->trans("NoThirdPartyAssociatedToMember"); + print ''.$langs->trans("NoThirdPartyAssociatedToMember").''; } } print ''; @@ -628,7 +628,7 @@ if ($rowid > 0) { if ($object->user_id) { $form->form_users($_SERVER['PHP_SELF'].'?rowid='.$object->id, $object->user_id, 'none'); } else { - print $langs->trans("NoDolibarrAccess"); + print ''.$langs->trans("NoDolibarrAccess").''; } } print ''; @@ -970,17 +970,18 @@ if ($rowid > 0) { print ''.$langs->trans('MoreActions'); print ''; print ''; - print ' '.$langs->trans("None").'
'; + print ''; + print '
'; // Add entry into bank accoun if (!empty($conf->banque->enabled)) { print ' '.$langs->trans("MoreActionBankDirect").'
'; + print '>
'; } // Add invoice with no payments if (!empty($conf->societe->enabled) && !empty($conf->facture->enabled)) { print 'fk_soc)) print ' disabled'; - print '> '.$langs->trans("MoreActionInvoiceOnly"); + print '>
'; } // Add invoice with payments if (!empty($conf->banque->enabled) && !empty($conf->societe->enabled) && !empty($conf->facture->enabled)) { print 'fk_soc)) print ' disabled'; - print '> '.$langs->trans("MoreActionBankViaInvoice"); + print '>
'; } print ''; diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 7d261f2d5ab..0204fd28922 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -272,6 +272,19 @@ function societe_prepare_head(Societe $object) $h++; } + if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') == 'thirdparty') { + if (!empty($user->rights->partnership->read)) { + $nbPartnership = is_array($object->partnerships) ? count($object->partnerships) : 0; + $head[$h][0] = DOL_URL_ROOT.'/societe/partnership.php?socid='.$object->id; + $head[$h][1] = $langs->trans("Partnership"); + $head[$h][2] = 'partnership'; + if ($nbPartnership > 0) { + $head[$h][1] .= ''.$nbPartnership.''; + } + $h++; + } + } + // Show more tabs from modules // Entries must be declared in modules descriptor with line // $this->tabs = array('entity:+tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to add new tab diff --git a/htdocs/core/lib/member.lib.php b/htdocs/core/lib/member.lib.php index fc274e0d624..ed3b69752f1 100644 --- a/htdocs/core/lib/member.lib.php +++ b/htdocs/core/lib/member.lib.php @@ -63,9 +63,7 @@ function member_prepare_head(Adherent $object) $h++; } - $tabtoadd = (!empty(getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR')) && getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') == 'member') ? 'member' : 'thirdparty'; - - if ($tabtoadd == 'member') { + if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') == 'member') { if (!empty($user->rights->partnership->read)) { $nbPartnership = is_array($object->partnerships) ? count($object->partnerships) : 0; $head[$h][0] = DOL_URL_ROOT.'/adherents/partnership.php?rowid='.$object->id; @@ -76,20 +74,8 @@ function member_prepare_head(Adherent $object) } $h++; } - } else { - if (!empty($user->rights->partnership->read)) { - $nbPartnership = is_array($object->partnerships) ? count($object->partnerships) : 0; - $head[$h][0] = DOL_URL_ROOT.'/societe/partnership.php?socid='.$object->id; - $head[$h][1] = $langs->trans("Partnership"); - $head[$h][2] = 'partnership'; - if ($nbPartnership > 0) { - $head[$h][1] .= ''.$nbPartnership.''; - } - $h++; - } } - // Show more tabs from modules // Entries must be declared in modules descriptor with line // $this->tabs = array('entity:+tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to add new tab diff --git a/htdocs/societe/partnership.php b/htdocs/societe/partnership.php index 9cb065d2c3b..b1f0f24fbe1 100644 --- a/htdocs/societe/partnership.php +++ b/htdocs/societe/partnership.php @@ -50,6 +50,9 @@ $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha'); $socid = GETPOST('socid', 'int'); if (!empty($user->socid)) { $socid = $user->socid; +} + +if (empty($id) && $socid && (empty($conf->global->PARTNERSHIP_IS_MANAGED_FOR) || $conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'thirdparty')) { $id = $socid; } From 5f16de81500a10cc27cf335b1cf29864a515862e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 15:08:29 +0200 Subject: [PATCH 061/215] Code comment --- htdocs/adherents/subscription.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 14b71a3c950..2ea8c62dd03 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -268,6 +268,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! $error++; $action = 'addsubscription'; } else { + // If an amount has been provided, we check also fields that becomes mandatory when amount is not null. if (!empty($conf->banque->enabled) && GETPOST("paymentsave") != 'none') { if (GETPOST("subscription")) { if (!GETPOST("label")) { @@ -280,7 +281,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("FinancialAccount")); } } else { - if (GETPOST("accountid")) { + if (GETPOST("accountid", 'int')) { $errmsg = $langs->trans("ErrorDoNotProvideAccountsIfNullAmount"); } } From a0378549b8da05ce1f18a3db824ae328660521c5 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Mon, 23 Aug 2021 15:19:27 +0200 Subject: [PATCH 062/215] FIX Accountancy - Some problems of length with general & subledger account --- htdocs/accountancy/journal/expensereportsjournal.php | 4 ++-- htdocs/accountancy/journal/purchasesjournal.php | 12 ++++++------ htdocs/accountancy/journal/sellsjournal.php | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/htdocs/accountancy/journal/expensereportsjournal.php b/htdocs/accountancy/journal/expensereportsjournal.php index 9d8d13b2aec..dd4ce841c3d 100644 --- a/htdocs/accountancy/journal/expensereportsjournal.php +++ b/htdocs/accountancy/journal/expensereportsjournal.php @@ -3,7 +3,7 @@ * Copyright (C) 2007-2010 Jean Heimburger * Copyright (C) 2011 Juanjo Menent * Copyright (C) 2012 Regis Houssin - * Copyright (C) 2013-2018 Alexandre Spangaro + * Copyright (C) 2013-2021 Alexandre Spangaro * Copyright (C) 2013-2016 Olivier Geffroy * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2018 Frédéric France @@ -608,7 +608,7 @@ if (empty($action) || $action == 'view') { print "".$expensereportstatic->getNomUrl(1).""; // Account print ""; - $accountoshow = length_accounta($conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT); + $accountoshow = length_accountg($conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT); if (($accountoshow == "") || $accountoshow == 'NotDefined') { print ''.$langs->trans("MainAccountForUsersNotDefined").''; diff --git a/htdocs/accountancy/journal/purchasesjournal.php b/htdocs/accountancy/journal/purchasesjournal.php index 5238ee993e1..a23c22346ba 100644 --- a/htdocs/accountancy/journal/purchasesjournal.php +++ b/htdocs/accountancy/journal/purchasesjournal.php @@ -3,7 +3,7 @@ * Copyright (C) 2007-2010 Jean Heimburger * Copyright (C) 2011 Juanjo Menent * Copyright (C) 2012 Regis Houssin - * Copyright (C) 2013-2017 Alexandre Spangaro + * Copyright (C) 2013-2021 Alexandre Spangaro * Copyright (C) 2013-2016 Olivier Geffroy * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2018 Frédéric France @@ -628,7 +628,7 @@ if ($action == 'exportcsv') { // ISO and not UTF8 ! print '"'.$val["refsologest"].'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 32)).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.$conf->global->ACCOUNTING_ACCOUNT_SUPPLIER.'"'.$sep; + print '"'.length_accountg($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; print '"'.$langs->trans("Thirdparty").'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 16)).' - '.$val["refsuppliersologest"].' - '.$langs->trans("Thirdparty").'"'.$sep; @@ -694,9 +694,9 @@ if ($action == 'exportcsv') { // ISO and not UTF8 ! print '"'.$date.'"'.$sep; print '"'.$val["refsologest"].'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 32)).'"'.$sep; - print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; + print '"'.length_accountg(html_entity_decode($k)).'"'.$sep; + print '"'.length_accountg(html_entity_decode($k)).'"'.$sep; + print '"'.length_accountg(html_entity_decode($k)).'"'.$sep; print '"'.$langs->trans("Thirdparty").'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 16)).' - '.$val["refsuppliersologest"].' - '.$langs->trans("VAT").' NPR"'.$sep; print '"'.($mt < 0 ? price(-$mt) : '').'"'.$sep; @@ -867,7 +867,7 @@ if (empty($action) || $action == 'view') { print "".$invoicestatic->getNomUrl(1).""; // Account print ""; - $accountoshow = length_accounta($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER); + $accountoshow = length_accountg($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER); if (($accountoshow == "") || $accountoshow == 'NotDefined') { print ''.$langs->trans("MainAccountForSuppliersNotDefined").''; diff --git a/htdocs/accountancy/journal/sellsjournal.php b/htdocs/accountancy/journal/sellsjournal.php index c3c9f45ed5a..f4839cfea24 100644 --- a/htdocs/accountancy/journal/sellsjournal.php +++ b/htdocs/accountancy/journal/sellsjournal.php @@ -4,7 +4,7 @@ * Copyright (C) 2011 Juanjo Menent * Copyright (C) 2012 Regis Houssin * Copyright (C) 2013 Christophe Battarel - * Copyright (C) 2013-2018 Alexandre Spangaro + * Copyright (C) 2013-2021 Alexandre Spangaro * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2013-2016 Olivier Geffroy * Copyright (C) 2014 Raphaël Doursenaud @@ -586,7 +586,7 @@ if ($action == 'exportcsv') { // ISO and not UTF8 ! print '"'.$val["ref"].'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 32)).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.$conf->global->ACCOUNTING_ACCOUNT_CUSTOMER.'"'.$sep; + print '"'.length_accountg($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; print '"'.$langs->trans("Thirdparty").'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 16)).' - '.$invoicestatic->ref.' - '.$langs->trans("Thirdparty").'"'.$sep; @@ -803,7 +803,7 @@ if (empty($action) || $action == 'view') { print "".$invoicestatic->getNomUrl(1).""; // Account print ""; - $accountoshow = length_accounta($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER); + $accountoshow = length_accountg($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER); if (($accountoshow == "") || $accountoshow == 'NotDefined') { print ''.$langs->trans("MainAccountForCustomersNotDefined").''; From 21852bd16bbc5274880633423b9d3c06f3731b96 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 15:25:41 +0200 Subject: [PATCH 063/215] Show link to invoices on member record --- htdocs/adherents/card.php | 8 ++++++++ htdocs/adherents/subscription.php | 28 +++++++++++++++++++++------- 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index fc019ae53f5..b33e03d5855 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -1821,6 +1821,14 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $company = new Societe($db); $result = $company->fetch($object->socid); print $company->getNomUrl(1); + + // Show link to invoices + $tmparray = $company->getOutstandingBills('customer'); + if (!empty($tmparray['refs'])) { + print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').''.$langs->trans("Invoices").': '.count($tmparray['refs']); + // TODO Add alert if warning on at least one invoice late + print ''; + } } else { print ''.$langs->trans("NoThirdPartyAssociatedToMember").''; } diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 2ea8c62dd03..3a967677e17 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -260,7 +260,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! } // Check if a payment is mandatory or not - if (!$error && $adht->subscription) { // Member type need subscriptions + if ($adht->subscription) { // Member type need subscriptions if (!is_numeric($amount)) { // If field is '' or not a numeric value $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Amount")); @@ -273,24 +273,30 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! if (GETPOST("subscription")) { if (!GETPOST("label")) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } if (GETPOST("paymentsave") != 'invoiceonly' && !GETPOST("operation")) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } if (GETPOST("paymentsave") != 'invoiceonly' && !(GETPOST("accountid", 'int') > 0)) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("FinancialAccount")); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } } else { if (GETPOST("accountid", 'int')) { $errmsg = $langs->trans("ErrorDoNotProvideAccountsIfNullAmount"); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } } - if ($errmsg) { - $error++; - setEventMessages($errmsg, null, 'errors'); - $error++; - $action = 'addsubscription'; - } } } } @@ -602,6 +608,14 @@ if ($rowid > 0) { $company = new Societe($db); $result = $company->fetch($object->fk_soc); print $company->getNomUrl(1); + + // Show link to invoices + $tmparray = $company->getOutstandingBills('customer'); + if (!empty($tmparray['refs'])) { + print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').''.$langs->trans("Invoices").': '.count($tmparray['refs']); + // TODO Add alert if warning on at least one invoice late + print ''; + } } else { print ''.$langs->trans("NoThirdPartyAssociatedToMember").''; } From fc6a0dfcaae12e70c08775ea989046cd6ec3d4b1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 15:47:18 +0200 Subject: [PATCH 064/215] FIX #yogosha6944 Protection against traversal path. --- htdocs/core/lib/functions.lib.php | 8 ++++---- test/phpunit/SecurityTest.php | 15 ++++++++++++--- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 3e6bcd9d5d1..4334aa9a12d 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -753,9 +753,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = $out = dol_string_nohtmltag($out, 0); // Remove also other dangerous string sequences // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals + // '../' or '..\' is dangerous because it allows dir transversals // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. - $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '\', '\', '/', '../', '..\\'), '', $out); } while ($oldstringtoclean != $out); // keep lines feed } @@ -768,9 +768,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = // Remove html tags $out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8'); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals + // '../' or '..\' is dangerous because it allows dir transversals // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. - $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '\', '\', '/', '../', '..\\'), '', $out); } while ($oldstringtoclean != $out); } break; diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 87edca884e4..81eff830b49 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -349,7 +349,8 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_POST["param1"]="333"; $_GET["param2"]='a/b#e(pr)qq-rr\cc'; $_GET["param3"]='"na/b#e(pr)qq-rr\cc'; // Same than param2 + " and n - $_GET["param4"]='../dir'; + $_GET["param4a"]='../../dir'; + $_GET["param4b"]='..\..\dirwindows'; $_GET["param5"]="a_1-b"; $_POST["param6"]="">assertEquals($result, 'na/b#e(pr)qq-rr\cc', 'Test on param3'); - $result=GETPOST("param4", 'alpha'); // Must return string sanitized from ../ + $result=GETPOST("param4a", 'alpha'); // Must return string sanitized from ../ print __METHOD__." result=".$result."\n"; $this->assertEquals($result, 'dir'); + $result=GETPOST("param4b", 'alpha'); // Must return string sanitized from ../ + print __METHOD__." result=".$result."\n"; + $this->assertEquals($result, 'dirwindows'); + // Test with aZ09 $result=GETPOST("param1", 'aZ09'); @@ -412,7 +417,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase print __METHOD__." result=".$result."\n"; $this->assertEquals($result, ''); - $result=GETPOST("param4", 'aZ09'); // Must return '' as string contains car not in aZ09 definition + $result=GETPOST("param4a", 'aZ09'); // Must return '' as string contains car not in aZ09 definition + print __METHOD__." result=".$result."\n"; + $this->assertEquals('', $result); + + $result=GETPOST("param4b", 'aZ09'); // Must return '' as string contains car not in aZ09 definition print __METHOD__." result=".$result."\n"; $this->assertEquals('', $result); From d46dfd017a9490eb6b6e0dfed24fb71a102262d8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 15:47:18 +0200 Subject: [PATCH 065/215] FIX #yogosha6944 Protection against traversal path. --- htdocs/core/lib/functions.lib.php | 8 ++++---- htdocs/document.php | 3 ++- test/phpunit/SecurityTest.php | 15 ++++++++++++--- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 3e6bcd9d5d1..4334aa9a12d 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -753,9 +753,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = $out = dol_string_nohtmltag($out, 0); // Remove also other dangerous string sequences // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals + // '../' or '..\' is dangerous because it allows dir transversals // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. - $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '\', '\', '/', '../', '..\\'), '', $out); } while ($oldstringtoclean != $out); // keep lines feed } @@ -768,9 +768,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = // Remove html tags $out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8'); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals + // '../' or '..\' is dangerous because it allows dir transversals // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. - $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '\', '\', '/', '../', '..\\'), '', $out); } while ($oldstringtoclean != $out); } break; diff --git a/htdocs/document.php b/htdocs/document.php index 59501cc4701..046eb9b14bf 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -195,7 +195,8 @@ if (!in_array($type, array('text/x-javascript')) && !dolIsAllowedForPreview($ori } // Security: Delete string ../ into $original_file -$original_file = str_replace("../", "/", $original_file); +$original_file = str_replace('../', '/', $original_file); +$original_file = str_replace('..\\', '/', $original_file); // Find the subdirectory name as the reference $refname = basename(dirname($original_file)."/"); diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 87edca884e4..81eff830b49 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -349,7 +349,8 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_POST["param1"]="333"; $_GET["param2"]='a/b#e(pr)qq-rr\cc'; $_GET["param3"]='"na/b#e(pr)qq-rr\cc'; // Same than param2 + " and n - $_GET["param4"]='../dir'; + $_GET["param4a"]='../../dir'; + $_GET["param4b"]='..\..\dirwindows'; $_GET["param5"]="a_1-b"; $_POST["param6"]="">assertEquals($result, 'na/b#e(pr)qq-rr\cc', 'Test on param3'); - $result=GETPOST("param4", 'alpha'); // Must return string sanitized from ../ + $result=GETPOST("param4a", 'alpha'); // Must return string sanitized from ../ print __METHOD__." result=".$result."\n"; $this->assertEquals($result, 'dir'); + $result=GETPOST("param4b", 'alpha'); // Must return string sanitized from ../ + print __METHOD__." result=".$result."\n"; + $this->assertEquals($result, 'dirwindows'); + // Test with aZ09 $result=GETPOST("param1", 'aZ09'); @@ -412,7 +417,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase print __METHOD__." result=".$result."\n"; $this->assertEquals($result, ''); - $result=GETPOST("param4", 'aZ09'); // Must return '' as string contains car not in aZ09 definition + $result=GETPOST("param4a", 'aZ09'); // Must return '' as string contains car not in aZ09 definition + print __METHOD__." result=".$result."\n"; + $this->assertEquals('', $result); + + $result=GETPOST("param4b", 'aZ09'); // Must return '' as string contains car not in aZ09 definition print __METHOD__." result=".$result."\n"; $this->assertEquals('', $result); From edb239837c5b498430e82648121f05961714d66a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 16:03:34 +0200 Subject: [PATCH 066/215] FIX #yogosha6944 Protection against traversal path. --- htdocs/document.php | 2 +- htdocs/viewimage.php | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/document.php b/htdocs/document.php index 046eb9b14bf..3c06801c9a0 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -194,7 +194,7 @@ if (!in_array($type, array('text/x-javascript')) && !dolIsAllowedForPreview($ori $type = 'application/octet-stream'; } -// Security: Delete string ../ into $original_file +// Security: Delete string ../ or ..\ into $original_file $original_file = str_replace('../', '/', $original_file); $original_file = str_replace('..\\', '/', $original_file); diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 9c584f5b8bb..f514c7c0302 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -221,8 +221,9 @@ if (preg_match('/\.noexe$/i', $original_file)) { accessforbidden('Error: Using the image wrapper to output a file ending with .noexe is not allowed.', 0, 0, 1); } -// Security: Delete string ../ into $original_file -$original_file = str_replace("../", "/", $original_file); +// Security: Delete string ../ or ..\ into $original_file +$original_file = str_replace('../', '/', $original_file); +$original_file = str_replace('..\\', '/', $original_file); // Find the subdirectory name as the reference $refname = basename(dirname($original_file)."/"); From d4b5ee6c859c228b1f6206b186cce040d48aaaf8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 17:41:11 +0200 Subject: [PATCH 067/215] Fix cast into variable into sql request. --- .../accountancy/class/bookkeeping.class.php | 2 +- .../adherents/class/adherentstats.class.php | 2 +- htdocs/admin/mails_templates.php | 4 +- htdocs/categories/class/categorie.class.php | 26 ++++++------- htdocs/comm/action/class/actioncomm.class.php | 10 ++--- htdocs/comm/action/index.php | 2 +- htdocs/comm/action/list.php | 2 +- htdocs/comm/action/pertype.php | 2 +- htdocs/comm/action/peruser.php | 2 +- htdocs/comm/card.php | 16 ++++---- htdocs/comm/contact.php | 2 +- htdocs/comm/index.php | 20 +++++----- htdocs/comm/mailing/cibles.php | 6 ++- htdocs/comm/propal/class/propal.class.php | 8 ++-- .../comm/propal/class/propalestats.class.php | 4 +- htdocs/comm/propal/index.php | 10 ++--- htdocs/comm/propal/list.php | 2 +- htdocs/commande/class/commande.class.php | 8 ++-- htdocs/commande/class/commandestats.class.php | 6 +-- htdocs/commande/customer.php | 2 +- htdocs/commande/index.php | 8 ++-- htdocs/commande/list.php | 4 +- htdocs/compta/bank/class/account.class.php | 4 +- htdocs/compta/bank/releve.php | 14 +++---- htdocs/compta/cashcontrol/report.php | 6 +-- htdocs/compta/clients.php | 2 +- htdocs/compta/deplacement/index.php | 2 +- htdocs/compta/deplacement/list.php | 2 +- htdocs/compta/facture/class/facture.class.php | 8 ++-- .../facture/class/facturestats.class.php | 6 +-- htdocs/compta/facture/list.php | 2 +- htdocs/compta/index.php | 6 +-- .../cheque/class/remisecheque.class.php | 14 +++---- .../compta/paiement/class/paiement.class.php | 2 +- htdocs/compta/paiement/list.php | 2 +- htdocs/compta/paymentbybanktransfer/index.php | 2 +- .../class/bonprelevement.class.php | 2 +- htdocs/compta/prelevement/demandes.php | 2 +- htdocs/compta/prelevement/index.php | 2 +- htdocs/compta/resultat/clientfourn.php | 4 +- .../class/paymentsocialcontribution.class.php | 2 +- htdocs/contact/class/contact.class.php | 26 ++++++------- htdocs/contact/list.php | 6 +-- htdocs/contrat/class/contrat.class.php | 18 ++++----- htdocs/contrat/index.php | 14 +++---- htdocs/contrat/list.php | 2 +- htdocs/contrat/services_list.php | 2 +- htdocs/core/boxes/box_actions.php | 6 +-- htdocs/core/boxes/box_activity.php | 12 +++--- htdocs/core/boxes/box_clients.php | 4 +- htdocs/core/boxes/box_commandes.php | 4 +- htdocs/core/boxes/box_contacts.php | 4 +- htdocs/core/boxes/box_contracts.php | 4 +- ...box_customers_outstanding_bill_reached.php | 2 +- htdocs/core/boxes/box_factures.php | 4 +- htdocs/core/boxes/box_factures_fourn.php | 4 +- htdocs/core/boxes/box_factures_fourn_imp.php | 4 +- htdocs/core/boxes/box_factures_imp.php | 4 +- htdocs/core/boxes/box_ficheinter.php | 4 +- htdocs/core/boxes/box_fournisseurs.php | 4 +- htdocs/core/boxes/box_propales.php | 4 +- htdocs/core/boxes/box_prospect.php | 4 +- htdocs/core/boxes/box_services_contracts.php | 4 +- htdocs/core/boxes/box_services_expired.php | 2 +- htdocs/core/boxes/box_shipments.php | 4 +- htdocs/core/boxes/box_supplier_orders.php | 4 +- ...box_supplier_orders_awaiting_reception.php | 4 +- htdocs/core/class/commonobject.class.php | 10 ++--- htdocs/core/class/discount.class.php | 8 ++-- htdocs/core/class/html.form.class.php | 10 ++--- htdocs/core/class/html.formmail.class.php | 6 +-- htdocs/core/class/html.formother.class.php | 2 +- htdocs/core/lib/agenda.lib.php | 4 +- htdocs/core/lib/company.lib.php | 18 ++++----- htdocs/core/lib/invoice.lib.php | 16 ++++---- htdocs/core/lib/order.lib.php | 2 +- htdocs/core/lib/propal.lib.php | 2 +- htdocs/core/lib/security.lib.php | 10 ++--- htdocs/core/lib/ticket.lib.php | 16 ++++---- .../modules/rapport/pdf_paiement.class.php | 4 +- .../eventorganizationindex.php | 2 +- .../class/expeditionstats.class.php | 2 +- htdocs/expedition/index.php | 12 +++--- htdocs/expedition/list.php | 2 +- .../class/expensereportstats.class.php | 2 +- htdocs/fichinter/card-rec.php | 2 +- htdocs/fichinter/class/fichinter.class.php | 2 +- htdocs/fichinter/index.php | 14 +++---- htdocs/fichinter/list.php | 2 +- htdocs/fourn/class/fournisseur.class.php | 6 +-- .../class/fournisseur.commande.class.php | 8 ++-- .../fourn/class/fournisseur.facture.class.php | 8 ++-- htdocs/fourn/commande/index.php | 6 +-- htdocs/fourn/commande/list.php | 2 +- htdocs/fourn/contact.php | 2 +- htdocs/fourn/facture/list.php | 2 +- htdocs/fourn/facture/paiement.php | 2 +- htdocs/fourn/index.php | 10 ++--- htdocs/hrm/index.php | 2 +- htdocs/install/upgrade2.php | 4 +- htdocs/margin/customerMargins.php | 2 +- htdocs/margin/tabs/productMargins.php | 2 +- htdocs/product/class/product.class.php | 38 +++++++++---------- htdocs/product/stats/contrat.php | 2 +- htdocs/product/stats/facture.php | 2 +- htdocs/product/stats/facture_fournisseur.php | 2 +- htdocs/product/stats/propal.php | 2 +- htdocs/product/stats/supplier_proposal.php | 2 +- htdocs/projet/activity/index.php | 10 ++--- htdocs/projet/class/project.class.php | 6 +-- htdocs/projet/class/task.class.php | 4 +- .../reception/class/receptionstats.class.php | 6 +-- htdocs/reception/index.php | 6 +-- htdocs/reception/list.php | 2 +- htdocs/recruitment/recruitmentindex.php | 4 +- htdocs/societe/class/client.class.php | 2 +- htdocs/societe/class/societe.class.php | 4 +- htdocs/societe/index.php | 4 +- htdocs/societe/list.php | 4 +- htdocs/societe/paymentmodes.php | 8 ++-- .../class/supplier_proposal.class.php | 8 ++-- htdocs/supplier_proposal/index.php | 8 ++-- htdocs/supplier_proposal/list.php | 2 +- htdocs/ticket/class/ticket.class.php | 10 ++--- htdocs/ticket/class/ticketstats.class.php | 2 +- htdocs/ticket/index.php | 2 +- htdocs/user/class/user.class.php | 2 +- htdocs/user/notify/card.php | 2 +- htdocs/user/perms.php | 4 +- test/phpunit/CodingPhpTest.php | 37 ++++++++++++------ 130 files changed, 396 insertions(+), 379 deletions(-) diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 0c9b4113c2a..2c715aa9fd6 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -297,7 +297,7 @@ class BookKeeping extends CommonObject $sql .= " AND fk_doc = ".((int) $this->fk_doc); if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) { // DO NOT USE THIS IN PRODUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries. - $sql .= " AND fk_docdet = ".$this->fk_docdet; // This field can be 0 if record is for several lines + $sql .= " AND fk_docdet = ".((int) $this->fk_docdet); // This field can be 0 if record is for several lines } $sql .= " AND numero_compte = '".$this->db->escape($this->numero_compte)."'"; $sql .= " AND label_operation = '".$this->db->escape($this->label_operation)."'"; diff --git a/htdocs/adherents/class/adherentstats.class.php b/htdocs/adherents/class/adherentstats.class.php index 489ed20d6c2..e777108c491 100644 --- a/htdocs/adherents/class/adherentstats.class.php +++ b/htdocs/adherents/class/adherentstats.class.php @@ -70,7 +70,7 @@ class AdherentStats extends Stats $this->where .= " m.statut != -1"; $this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")"; - //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .((int) $user->id); if ($this->memberid) { $this->where .= " AND m.rowid = ".((int) $this->memberid); } diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index db3c45a0776..1ea8564808e 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -564,8 +564,8 @@ $sql = "SELECT rowid as rowid, module, label, type_template, lang, fk_user, priv $sql .= " FROM ".MAIN_DB_PREFIX."c_email_templates"; $sql .= " WHERE entity IN (".getEntity('email_template').")"; if (!$user->admin) { - $sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".$user->id."))"; // Show only public and private to me - $sql .= " AND (active = 1 OR fk_user = ".$user->id.")"; // Show only active or owned by me + $sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".((int) $user->id)."))"; // Show only public and private to me + $sql .= " AND (active = 1 OR fk_user = ".((int) $user->id).")"; // Show only active or owned by me } if (empty($conf->global->MAIN_MULTILANGS)) { $sql .= " AND (lang = '".$db->escape($langs->defaultlang)."' OR lang IS NULL OR lang = '')"; diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index fccea96e5ad..3ddfaa4d92b 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -540,7 +540,7 @@ class Categorie extends CommonObject $sql .= ", visible = ".(int) $this->visible; $sql .= ", fk_parent = ".(int) $this->fk_parent; $sql .= ", fk_user_modif = ".(int) $user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); if ($this->db->query($sql)) { @@ -686,7 +686,7 @@ class Categorie extends CommonObject if ($this->db->query($sql)) { if (!empty($conf->global->CATEGORIE_RECURSIV_ADD)) { $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'categorie'; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::add_type", LOG_DEBUG); $resql = $this->db->query($sql); @@ -774,7 +774,7 @@ class Categorie extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id; + $sql .= " WHERE fk_categorie = ".((int) $this->id); $sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $obj->id); dol_syslog(get_class($this).'::del_type', LOG_DEBUG); @@ -826,11 +826,11 @@ class Categorie extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type])." as c"; $sql .= ", ".MAIN_DB_PREFIX.(empty($this->MAP_OBJ_TABLE[$type]) ? $type : $this->MAP_OBJ_TABLE[$type])." as o"; $sql .= " WHERE o.entity IN (".getEntity($obj->element).")"; - $sql .= " AND c.fk_categorie = ".$this->id; + $sql .= " AND c.fk_categorie = ".((int) $this->id); $sql .= " AND c.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = o.rowid"; // Protection for external users if (($type == 'customer' || $type == 'supplier') && $user->socid > 0) { - $sql .= " AND o.rowid = ".$user->socid; + $sql .= " AND o.rowid = ".((int) $user->socid); } if ($limit > 0 || $offset > 0) { $sql .= $this->db->plimit($limit + 1, $offset); @@ -870,7 +870,7 @@ class Categorie extends CommonObject public function containsObject($type, $object_id) { $sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); + $sql .= " WHERE fk_categorie = ".((int) $this->id)." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); dol_syslog(get_class($this)."::containsObject", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1501,7 +1501,7 @@ class Categorie extends CommonObject $sql .= " WHERE ct.fk_categorie = c.rowid AND ct.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".(int) $id; // This seems useless because the table already contains id of category of 1 unique type. So commented. // So now it works also with external added categories. - //$sql .= " AND c.type = ".$this->MAP_ID[$type]; + //$sql .= " AND c.type = ".((int) $this->MAP_ID[$type]); $sql .= " AND c.entity IN (".getEntity('category').")"; $res = $this->db->query($sql); @@ -1796,7 +1796,7 @@ class Categorie extends CommonObject foreach ($langs_available as $key => $value) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang"; - $sql .= " WHERE fk_category=".$this->id; + $sql .= " WHERE fk_category=".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); @@ -1806,10 +1806,10 @@ class Categorie extends CommonObject $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; $sql2 .= " SET label='".$this->db->escape($this->label)."',"; $sql2 .= " description='".$this->db->escape($this->description)."'"; - $sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->label); + $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label); $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; } dol_syslog(get_class($this).'::setMultiLangs', LOG_DEBUG); @@ -1822,10 +1822,10 @@ class Categorie extends CommonObject $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; $sql2 .= " SET label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; $sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; - $sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->multilangs["$key"]["label"]); + $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->multilangs["$key"]["label"]); $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; } @@ -1864,7 +1864,7 @@ class Categorie extends CommonObject $sql = "SELECT lang, label, description"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang"; - $sql .= " WHERE fk_category=".$this->id; + $sql .= " WHERE fk_category=".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index c6c0d277edd..94c512675ef 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -919,7 +919,7 @@ class ActionComm extends CommonObject // phpcs:enable $sql = "SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_resources"; - $sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".$this->id; + $sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".((int) $this->id); $resql2 = $this->db->query($sql); if ($resql2) { @@ -1320,7 +1320,7 @@ class ActionComm extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; } if (!$user->rights->agenda->allactions->read) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".$user->id; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".((int) $user->id); } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; $sql .= " WHERE 1 = 1"; @@ -1329,13 +1329,13 @@ class ActionComm extends CommonObject } $sql .= " AND a.entity IN (".getEntity('agenda').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($user->socid) { - $sql .= " AND a.fk_soc = ".$user->socid; + $sql .= " AND a.fk_soc = ".((int) $user->socid); } if (!$user->rights->agenda->allactions->read) { - $sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id; + $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id); $sql .= " OR ar.fk_element = ".$user->id; // Added by PV $sql .= ")"; } diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index c87af9558e8..9b9525925c5 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -689,7 +689,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.$socid; diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 9c587a934e2..8dd8c1b9f58 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -447,7 +447,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index b39d6c3141d..b1fecbf6475 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -558,7 +558,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.((int) $socid); diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 10d9871c4c9..413de33db1f 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -579,7 +579,7 @@ if ($pid) { $sql .= " AND a.fk_project = ".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.((int) $socid); diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index fefee1c07dd..015e06df36a 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -826,7 +826,7 @@ if ($object->id > 0) { $sql .= ", p.datep as dp, p.fin_validite as date_limit"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c"; $sql .= " WHERE p.fk_soc = s.rowid AND p.fk_statut = c.id"; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('propal').")"; $sql .= " ORDER BY p.datep DESC"; @@ -891,7 +891,7 @@ if ($object->id > 0) { $sql .= ", c.facture as billed"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; $sql .= " WHERE c.fk_soc = s.rowid "; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('commande').')'; $sql .= " ORDER BY c.date_commande DESC"; @@ -907,7 +907,7 @@ if ($object->id > 0) { $sql2 .= ' FROM '.MAIN_DB_PREFIX.'societe as s'; $sql2 .= ', '.MAIN_DB_PREFIX.'commande as c'; $sql2 .= ' WHERE c.fk_soc = s.rowid'; - $sql2 .= ' AND s.rowid = '.$object->id; + $sql2 .= ' AND s.rowid = '.((int) $object->id); // Show orders with status validated, shipping started and delivered (well any order we can bill) $sql2 .= " AND ((c.fk_statut IN (1,2)) OR (c.fk_statut = 3 AND c.facture = 0))"; @@ -967,7 +967,7 @@ if ($object->id > 0) { $sql .= ', s.nom'; $sql .= ', s.rowid as socid'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."expedition as e"; - $sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND e.entity IN (".getEntity('expedition').")"; $sql .= ' GROUP BY e.rowid'; $sql .= ', e.ref'; @@ -1032,7 +1032,7 @@ if ($object->id > 0) { $sql = "SELECT s.nom, s.rowid, c.rowid as id, c.ref as ref, c.statut as contract_status, c.datec as dc, c.date_contrat as dcon, c.ref_customer as refcus, c.ref_supplier as refsup"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c"; $sql .= " WHERE c.fk_soc = s.rowid "; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('contract').")"; $sql .= " ORDER BY c.datec DESC"; @@ -1106,7 +1106,7 @@ if ($object->id > 0) { $sql = "SELECT s.nom, s.rowid, f.rowid as id, f.ref, f.fk_statut, f.duree as duration, f.datei as startdate"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f"; $sql .= " WHERE f.fk_soc = s.rowid"; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('intervention').")"; $sql .= " ORDER BY f.tms DESC"; @@ -1171,7 +1171,7 @@ if ($object->id > 0) { $sql .= ', f.suspended as suspended'; $sql .= ', s.nom, s.rowid as socid'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_rec as f"; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= ' GROUP BY f.rowid, f.titre, f.total_ht, f.total_tva, f.total_ttc,'; $sql .= ' f.date_last_gen, f.datec, f.frequency, f.unit_frequency,'; @@ -1263,7 +1263,7 @@ if ($object->id > 0) { $sql .= ', SUM(pf.amount) as am'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON f.rowid=pf.fk_facture'; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= ' GROUP BY f.rowid, f.ref, f.type, f.total_ht, f.total_tva, f.total_ttc,'; $sql .= ' f.datef, f.datec, f.paye, f.fk_statut,'; diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 1d74cba61cd..52f6e675c5f 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -90,7 +90,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc"; $sql .= " WHERE s.fk_stcomm = st.id"; $sql .= " AND p.entity IN (".getEntity('socpeople').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($type == "c") { $sql .= " AND s.client IN (1, 3)"; diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index 2fafb5636e2..0087c68bb08 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -130,7 +130,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = ".Propal::STATUS_DRAFT; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -227,7 +227,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa $sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT; $sql .= " AND p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -323,7 +323,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -420,10 +420,10 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT; $sql .= " AND cf.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { - $sql .= " AND cf.fk_soc = ".$socid; + $sql .= " AND cf.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -517,7 +517,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) { $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = $socid"; @@ -613,7 +613,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.fournisseur = ".Societe::SUPPLIER; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -719,7 +719,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_product = p.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -794,7 +794,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -910,7 +910,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_SHIPMENTONPROCESS.")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 3f2cfc2974c..08ab8b6c8d7 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -60,7 +60,7 @@ $search_lastname = GETPOST("search_lastname", 'alphanohtml'); $search_firstname = GETPOST("search_firstname", 'alphanohtml'); $search_email = GETPOST("search_email", 'alphanohtml'); $search_other = GETPOST("search_other", 'alphanohtml'); -$search_dest_status = GETPOST('search_dest_status', 'alphanohtml'); +$search_dest_status = GETPOST('search_dest_status', 'int'); // Search modules dirs $modulesdir = dolGetModulesDirs('/mailings'); @@ -473,7 +473,7 @@ if ($object->fetch($id) >= 0) { $asearchcriteriahasbeenset++; } if ($search_dest_status != '' && $search_dest_status >= -1) { - $sql .= " AND mc.statut=".$db->escape($search_dest_status)." "; + $sql .= " AND mc.statut = ".((int) $search_dest_status); $asearchcriteriahasbeenset++; } $sql .= $db->order($sortfield, $sortorder); @@ -539,6 +539,8 @@ if ($object->fetch($id) >= 0) { } $morehtmlcenter .= '   id.'">'.$langs->trans("Download").''; + $massactionbutton = ''; + print_barre_liste($langs->trans("MailSelectedRecipients"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $morehtmlcenter, $num, $nbtotalofrecords, 'generic', 0, '', '', $limit); print ''; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 3bc30d7d729..0f73746b03a 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2780,7 +2780,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = c.id"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -3285,7 +3285,7 @@ class Propal extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('propal').")"; @@ -3296,7 +3296,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_statut = ".self::STATUS_SIGNED; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3462,7 +3462,7 @@ class Propal extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('propal').")"; diff --git a/htdocs/comm/propal/class/propalestats.class.php b/htdocs/comm/propal/class/propalestats.class.php index a06945a09a6..181e5b545f8 100644 --- a/htdocs/comm/propal/class/propalestats.class.php +++ b/htdocs/comm/propal/class/propalestats.class.php @@ -94,10 +94,10 @@ class PropaleStats extends Stats //$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity; $this->where .= ($this->where ? ' AND ' : '')."p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND p.fk_soc = ".$this->socid; + $this->where .= " AND p.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { $this->where .= ' AND fk_user_author = '.((int) $this->userid); diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 7ff3e405499..e080e36b49c 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -85,7 +85,7 @@ if (!empty($conf->propal->enabled)) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut =".Propal::STATUS_DRAFT; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND p.fk_soc = ".((int) $socid); @@ -163,7 +163,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -236,7 +236,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { $sql .= " AND p.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -319,7 +319,7 @@ if (! empty($conf->propal->enabled)) $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 1"; if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); $sql.= " ORDER BY c.rowid DESC"; $resql=$db->query($sql); @@ -394,7 +394,7 @@ if (! empty($conf->propal->enabled)) $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 2 "; if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); $sql.= " ORDER BY c.rowid DESC"; $resql=$db->query($sql); diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index fda7b76ed91..75b5f5eb633 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -520,7 +520,7 @@ if ($search_user > 0) { $sql .= ' WHERE p.fk_soc = s.rowid'; $sql .= ' AND p.entity IN ('.getEntity('propal').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_town) { diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 65b446727e5..f2feb3ed444 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -2688,7 +2688,7 @@ class Commande extends CommonOrder $sql .= " WHERE c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -3507,14 +3507,14 @@ class Commande extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."commande as c"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." c.entity IN (".getEntity('commande').")"; //$sql.= " AND c.fk_statut IN (1,2,3) AND c.facture = 0"; $sql .= " AND ((c.fk_statut IN (".self::STATUS_VALIDATED.",".self::STATUS_SHIPMENTONPROCESS.")) OR (c.fk_statut = ".self::STATUS_CLOSED." AND c.facture = 0))"; // If status is 2 and facture=1, it must be selected if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3917,7 +3917,7 @@ class Commande extends CommonOrder $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." co.entity IN (".getEntity('commande').")"; diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php index 6bd6067dcf7..8ac89d5a18f 100644 --- a/htdocs/commande/class/commandestats.class.php +++ b/htdocs/commande/class/commandestats.class.php @@ -94,13 +94,13 @@ class CommandeStats extends Stats $this->where .= ($this->where ? ' AND ' : '').'c.entity IN ('.getEntity('commande').')'; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } if ($typentid) { diff --git a/htdocs/commande/customer.php b/htdocs/commande/customer.php index 62f8c4772f6..3ecaa0fbee1 100644 --- a/htdocs/commande/customer.php +++ b/htdocs/commande/customer.php @@ -87,7 +87,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.fk_stcomm = st.id AND c.fk_soc = s.rowid"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (GETPOST("search_nom")) { $sql .= natural_search("s.nom", GETPOST("search_nom")); diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index 73f40668cea..f7dee2b4062 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -101,7 +101,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -169,7 +169,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -253,7 +253,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid DESC"; @@ -342,7 +342,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid DESC"; diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index 73413d1070f..0404c6a595c 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -479,7 +479,7 @@ if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_ref) { $sql .= natural_search('c.ref', $search_ref); @@ -558,7 +558,7 @@ if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".$search_user; + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".((int) $search_user); } if ($search_total_ht != '') { $sql .= natural_search('c.total_ht', $search_total_ht, 1); diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index ed61da3592e..c3628e12b7c 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -1992,7 +1992,7 @@ class AccountLine extends CommonObject // Protection to avoid any delete of accounted lines. Protection on by default if (empty($conf->global->BANK_ALLOW_TRANSACTION_DELETION_EVEN_IF_IN_ACCOUNTING)) { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -2379,7 +2379,7 @@ class AccountLine extends CommonObject $result .= yn($this->rappro); } if ($option == 'showall' || $option == 'showconciliatedandaccounted') { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index 167c809a8b1..97184c1b8eb 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -116,7 +116,7 @@ if ($_GET["rel"] == 'prev') { $sql = "SELECT DISTINCT(b.num_releve) as num"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " ORDER BY b.num_releve DESC"; dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG); @@ -134,7 +134,7 @@ if ($_GET["rel"] == 'prev') { $sql = "SELECT DISTINCT(b.num_releve) as num"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve > '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " ORDER BY b.num_releve ASC"; dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG); @@ -165,7 +165,7 @@ $sql .= " WHERE b.num_releve='".$db->escape($numref)."'"; if (empty($numref)) { $sql .= " OR b.num_releve is null"; } -$sql .= " AND b.fk_account = ".$object->id; +$sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " AND b.fk_account = ba.rowid"; $sql .= $db->order("b.datev, b.datec", "ASC"); // We add date of creation to have correct order when everything is done the same day @@ -340,7 +340,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($objp->numr)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -353,7 +353,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve = '".$db->escape($objp->numr)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -421,7 +421,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { @@ -605,7 +605,7 @@ if (empty($numref)) { $sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as ct"; $sql .= ", ".MAIN_DB_PREFIX."bank_class as cl"; $sql .= " WHERE ct.rowid = cl.fk_categ"; - $sql .= " AND ct.entity = ".$conf->entity; + $sql .= " AND ct.entity = ".((int) $conf->entity); $sql .= " AND cl.lineid = ".((int) $objp->rowid); $resc = $db->query($sql); diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index 0bc18e31bde..af61af5e836 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -115,9 +115,9 @@ elseif ($syear && $smonth && ! $sday) $sql.= " AND dateo BETWEEN '".$db->idate(d elseif ($syear && $smonth && $sday) $sql.= " AND dateo BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $smonth, $sday, $syear))."' AND '".$db->idate(dol_mktime(23, 59, 59, $smonth, $sday, $syear))."'"; else dol_print_error('', 'Year not defined'); // Define filter on bank account -$sql.=" AND (b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CASH; -$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CB; -$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; +$sql.=" AND (b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CASH); +$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CB); +$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE); $sql.=")"; */ $sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code"; diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index b0a4716b7e1..504e5638abc 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -104,7 +104,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.fk_stcomm = st.id AND s.client in (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (dol_strlen($stcomm)) { $sql .= " AND s.fk_stcomm=".((int) $stcomm); diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php index 547f0676b7b..12351032b53 100644 --- a/htdocs/compta/deplacement/index.php +++ b/htdocs/compta/deplacement/index.php @@ -159,7 +159,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND d.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php index 61d30ea1345..428eacbc93a 100644 --- a/htdocs/compta/deplacement/list.php +++ b/htdocs/compta/deplacement/list.php @@ -105,7 +105,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id." OR d.fk_soc IS NULL) "; + $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR d.fk_soc IS NULL) "; } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 9cbfb33e5bd..d0d14b02abb 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -4042,7 +4042,7 @@ class Facture extends CommonInvoice $sql .= " WHERE f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -4233,14 +4233,14 @@ class Facture extends CommonInvoice $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON f.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." f.paye=0"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_statut = ".self::STATUS_VALIDATED; if ($user->socid) { - $sql .= " AND f.fk_soc = ".$user->socid; + $sql .= " AND f.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -4480,7 +4480,7 @@ class Facture extends CommonInvoice $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." f.entity IN (".getEntity('invoice').")"; diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index e6547cc9f89..96c8e88b97e 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -86,16 +86,16 @@ class FactureStats extends Stats $this->where = " f.fk_statut >= 0"; $this->where .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($mode == 'customer') { $this->where .= " AND (f.fk_statut <> 3 OR f.close_code <> 'replaced')"; // Exclude replaced invoices as they are duplicated (we count closed invoices for other reasons) } if ($this->socid) { - $this->where .= " AND f.fk_soc = ".$this->socid; + $this->where .= " AND f.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND f.fk_user_author = '.$this->userid; + $this->where .= ' AND f.fk_user_author = '.((int) $this->userid); } if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { $this->where .= " AND f.type IN (0,1,2,5)"; diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index f25b2b05975..ccee2403e79 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -555,7 +555,7 @@ $sql .= $hookmanager->resPrint; $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_product_category > 0) { $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index b1ad18e6461..ca7cd08a6fe 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -135,7 +135,7 @@ if (!empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) { $sql .= " WHERE s.rowid = f.fk_soc"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); @@ -280,7 +280,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " WHERE s.rowid = ff.fk_soc"; $sql .= " AND ff.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND ff.fk_soc = ".((int) $socid); @@ -592,7 +592,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 0c05a1bc03a..683b2fd0423 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -290,7 +290,7 @@ class RemiseCheque extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -344,7 +344,7 @@ class RemiseCheque extends CommonObject if ($this->errno == 0 && $numref) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET statut = 1, ref = '".$this->db->escape($numref)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $sql .= " AND statut = 0"; @@ -585,7 +585,7 @@ class RemiseCheque extends CommonObject $sql .= ", ".MAIN_DB_PREFIX."bordereau_cheque as bc"; $sql .= " WHERE b.fk_account = ba.rowid"; $sql .= " AND b.fk_bordereau = bc.rowid"; - $sql .= " AND bc.rowid = ".$this->id; + $sql .= " AND bc.rowid = ".((int) $this->id); $sql .= " AND bc.entity = ".$conf->entity; $sql .= " ORDER BY b.dateo ASC, b.rowid ASC"; @@ -661,7 +661,7 @@ class RemiseCheque extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET amount = ".price2num($total); $sql .= ", nbcheque = ".((int) $nb); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -851,7 +851,7 @@ class RemiseCheque extends CommonObject if ($user->rights->banque->cheque) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET date_bordereau = ".($date ? "'".$this->db->idate($date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("RemiseCheque::set_date", LOG_DEBUG); $resql = $this->db->query($sql); @@ -880,8 +880,8 @@ class RemiseCheque extends CommonObject // phpcs:enable if ($user->rights->banque->cheque) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql .= " SET ref = '".$ref."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET ref = '".$this->db->escape($ref)."'"; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("RemiseCheque::set_number", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index f31d66a2f6d..971400afa5e 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -800,7 +800,7 @@ class Paiement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.'bank'; $sql .= " SET dateo = '".$this->db->idate($date)."', datev = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".$this->id.")"; + $sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".((int) $this->id).")"; $sql .= " AND rappro = 0"; $result = $this->db->query($sql); diff --git a/htdocs/compta/paiement/list.php b/htdocs/compta/paiement/list.php index 1e99cf8676f..5f2d4d9a2cd 100644 --- a/htdocs/compta/paiement/list.php +++ b/htdocs/compta/paiement/list.php @@ -197,7 +197,7 @@ if (GETPOST("orphelins", "alpha")) { } $sql .= " WHERE p.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/paymentbybanktransfer/index.php b/htdocs/compta/paymentbybanktransfer/index.php index 5d76ae4d8b4..25763dd8339 100644 --- a/htdocs/compta/paymentbybanktransfer/index.php +++ b/htdocs/compta/paymentbybanktransfer/index.php @@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; $sql .= " AND pfd.fk_facture_fourn = f.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 1b6afa3cffe..d9f93dd0a08 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -646,7 +646,7 @@ class BonPrelevement extends CommonObject $sql .= " , ".MAIN_DB_PREFIX."prelevement_facture as pf"; $sql .= " WHERE pf.fk_prelevement_lignes = pl.rowid"; $sql .= " AND pl.fk_prelevement_bons = p.rowid"; - $sql .= " AND p.rowid = ".$this->id; + $sql .= " AND p.rowid = ".((int) $this->id); $sql .= " AND p.entity = ".$conf->entity; if ($amounts) { if ($this->type == 'bank-transfer') { diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php index 266097f7a2d..0230e4cb726 100644 --- a/htdocs/compta/prelevement/demandes.php +++ b/htdocs/compta/prelevement/demandes.php @@ -138,7 +138,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.rowid = f.fk_soc"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php index 11c38bbb044..c0f89a7e046 100644 --- a/htdocs/compta/prelevement/index.php +++ b/htdocs/compta/prelevement/index.php @@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; $sql .= " AND pfd.fk_facture = f.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index 5aca25466a3..f2f192271ac 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -614,9 +614,9 @@ if ($modecompta == 'BOOKKEEPING') { } } - $sql .= " AND f.entity = ".$conf->entity; + $sql .= " AND f.entity = ".((int) $conf->entity); if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY name, socid"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index 48ba4b06d30..fa95b08faca 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -777,7 +777,7 @@ class PaymentSocialContribution extends CommonObject $type = 'bank'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->bank_line; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->bank_line); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 165a7bf7bc3..83bc4202b9d 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -385,13 +385,13 @@ class Contact extends CommonObject if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= ", ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')'; - $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))"; + $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".((int) $user->id)."))"; if ($user->socid > 0) { - $sql .= " AND sp.fk_soc = ".$user->socid; + $sql .= " AND sp.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -1068,7 +1068,7 @@ class Contact extends CommonObject // Search Dolibarr user linked to this contact $sql = "SELECT u.rowid "; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE u.fk_socpeople = ".$this->id; + $sql .= " WHERE u.fk_socpeople = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1091,7 +1091,7 @@ class Contact extends CommonObject if ($user) { $sql = "SELECT fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."user_alert"; - $sql .= " WHERE fk_user = ".$user->id." AND fk_contact = ".$this->db->escape($id); + $sql .= " WHERE fk_user = ".((int) $user->id)." AND fk_contact = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { @@ -1162,7 +1162,7 @@ class Contact extends CommonObject $sql = "SELECT tc.element, count(ec.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as tc"; $sql .= " WHERE ec.fk_c_type_contact = tc.rowid"; - $sql .= " AND fk_socpeople = ".$this->id; + $sql .= " AND fk_socpeople = ".((int) $this->id); $sql .= " AND tc.source = 'external'"; $sql .= " GROUP BY tc.element"; @@ -1211,7 +1211,7 @@ class Contact extends CommonObject $sql = "SELECT ec.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."element_contact ec,"; $sql .= " ".MAIN_DB_PREFIX."c_type_contact tc"; - $sql .= " WHERE ec.fk_socpeople=".$this->id; + $sql .= " WHERE ec.fk_socpeople=".((int) $this->id); $sql .= " AND ec.fk_c_type_contact=tc.rowid"; $sql .= " AND tc.source='external'"; dol_syslog(__METHOD__, LOG_DEBUG); @@ -1242,7 +1242,7 @@ class Contact extends CommonObject if (!$error) { // Remove Roles - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1254,7 +1254,7 @@ class Contact extends CommonObject if (!$error) { // Remove Roles - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1266,7 +1266,7 @@ class Contact extends CommonObject if (!$error) { // Remove category - $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1727,7 +1727,7 @@ class Contact extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."societe_contacts as sc, ".MAIN_DB_PREFIX."c_type_contact as tc"; $sql .= " WHERE tc.rowid = sc.fk_c_type_contact"; $sql .= " AND tc.source = 'external' AND tc.active=1"; - $sql .= " AND sc.fk_socpeople = ".$this->id; + $sql .= " AND sc.fk_socpeople = ".((int) $this->id); $sql .= " AND sc.entity IN (".getEntity('societe').')'; $resql = $this->db->query($sql); @@ -2040,7 +2040,7 @@ class Contact extends CommonObject $obj = $this->db->fetch_object($resql); $noemail = $obj->nb; if (empty($noemail)) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".$this->db->escape(getEntity('mailing', 0)).", '".$this->db->idate(dol_now())."')"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".getEntity('mailing', 0).", '".$this->db->idate(dol_now())."')"; $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -2054,7 +2054,7 @@ class Contact extends CommonObject $this->errors[] = $this->error; } } else { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity = ".$this->db->escape(getEntity('mailing', 0)); + $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity IN (".getEntity('mailing', 0).")"; $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index e5a9ab3f0d6..a63a1bf7e49 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -389,7 +389,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= ' WHERE p.entity IN ('.getEntity('socpeople').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND (sc.fk_user = ".$user->id." OR p.fk_soc IS NULL)"; + $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR p.fk_soc IS NULL)"; } if (!empty($userid)) { // propre au commercial $sql .= " AND p.fk_user_creat=".((int) $userid); @@ -403,13 +403,13 @@ if ($search_stcomm != '' && $search_stcomm != -2) { // Filter to exclude not owned private contacts if ($search_priv != '0' && $search_priv != '1') { - $sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".$user->id."))"; + $sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".((int) $user->id)."))"; } else { if ($search_priv == '0') { $sql .= " AND p.priv='0'"; } if ($search_priv == '1') { - $sql .= " AND (p.priv='1' AND p.fk_user_creat=".$user->id.")"; + $sql .= " AND (p.priv='1' AND p.fk_user_creat=".((int) $user->id).")"; } } diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 5436c55faeb..a0016f3fe47 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -1150,11 +1150,11 @@ class Contrat extends CommonObject /* $sql = "DELETE cdl"; $sql.= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd"; - $sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id; + $sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id); */ $sql = "SELECT cdl.rowid as cdlrowid "; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd"; - $sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id; + $sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id); dol_syslog(get_class($this)."::delete contratdet_log", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1201,7 +1201,7 @@ class Contrat extends CommonObject if (!$error) { // Delete contratdet $sql = "DELETE FROM ".MAIN_DB_PREFIX."contratdet"; - $sql .= " WHERE fk_contrat=".$this->id; + $sql .= " WHERE fk_contrat=".((int) $this->id); dol_syslog(get_class($this)."::delete contratdet", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1213,7 +1213,7 @@ class Contrat extends CommonObject // Delete llx_ecm_files if (!$error) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -2105,7 +2105,7 @@ class Contrat extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd"; $sql .= " WHERE fk_contrat =".$this->id; if ($status >= 0) { - $sql .= " AND statut = ".$status; + $sql .= " AND statut = ".((int) $status); } dol_syslog(get_class($this)."::array_detail()", LOG_DEBUG); @@ -2205,12 +2205,12 @@ class Contrat extends CommonObject //$sql.= " AND cd.date_fin_validite < '".$this->db->idate($datetouse)."'"; } $sql .= " AND c.fk_soc = s.rowid"; - $sql .= " AND c.entity = ".$conf->entity; + $sql .= " AND c.entity = ".((int) $conf->entity); if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $this->db->query($sql); @@ -2279,7 +2279,7 @@ class Contrat extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." c.entity = ".$conf->entity; diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index a5e3da943b7..cc3bc87ca54 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -102,7 +102,7 @@ if ($user->socid) { $sql .= ' AND c.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cd.statut"; $resql = $db->query($sql); @@ -139,7 +139,7 @@ if ($user->socid) { $sql .= ' AND c.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cd.statut"; $resql = $db->query($sql); @@ -247,7 +247,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) { $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND c.statut = 0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -320,7 +320,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND c.statut > 0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -395,7 +395,7 @@ $sql .= " WHERE c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -477,7 +477,7 @@ $sql .= " AND cd.statut = 0"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -559,7 +559,7 @@ $sql .= " AND cd.date_fin_validite < '".$db->idate($now)."'"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index a744b2c1bf7..2438505a13c 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -271,7 +271,7 @@ if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= dolSqlDateFilter('c.date_contrat', $day, $month, $year); if ($search_name) { diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index 5a93f3fde33..d6aec7155d6 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -262,7 +262,7 @@ if ($search_product_category > 0) { } $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($mode == "0") { $sql .= " AND cd.statut = 0"; diff --git a/htdocs/core/boxes/box_actions.php b/htdocs/core/boxes/box_actions.php index 121137fd1a6..64a2314560c 100644 --- a/htdocs/core/boxes/box_actions.php +++ b/htdocs/core/boxes/box_actions.php @@ -100,13 +100,13 @@ class box_actions extends ModeleBoxes $sql .= " AND a.entity IN (".getEntity('actioncomm').")"; $sql .= " AND a.percent >= 0 AND a.percent < 100"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!$user->rights->agenda->allactions->read) { - $sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id.")"; + $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id).")"; } $sql .= " ORDER BY a.datec DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_activity.php b/htdocs/core/boxes/box_activity.php index 18c1f28c590..a858111d76d 100644 --- a/htdocs/core/boxes/box_activity.php +++ b/htdocs/core/boxes/box_activity.php @@ -120,10 +120,10 @@ class box_activity extends ModeleBoxes $sql .= " WHERE p.entity IN (".getEntity('propal').")"; $sql .= " AND p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND p.datep >= '".$this->db->idate($tmpdate)."'"; $sql .= " AND p.date_cloture IS NULL"; // just unclosed @@ -210,10 +210,10 @@ class box_activity extends ModeleBoxes $sql .= " WHERE c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND c.date_commande >= '".$this->db->idate($tmpdate)."'"; $sql .= " GROUP BY c.fk_statut"; @@ -297,10 +297,10 @@ class box_activity extends ModeleBoxes $sql .= ")"; $sql .= " WHERE f.entity IN (".getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.datef >= '".$this->db->idate($tmpdate)."' AND f.paye=1"; diff --git a/htdocs/core/boxes/box_clients.php b/htdocs/core/boxes/box_clients.php index 3c83d7521f2..995f017f5f1 100644 --- a/htdocs/core/boxes/box_clients.php +++ b/htdocs/core/boxes/box_clients.php @@ -98,10 +98,10 @@ class box_clients extends ModeleBoxes $sql .= " WHERE s.client IN (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_commandes.php b/htdocs/core/boxes/box_commandes.php index 6583673f8ca..4d47f703fff 100644 --- a/htdocs/core/boxes/box_commandes.php +++ b/htdocs/core/boxes/box_commandes.php @@ -110,10 +110,10 @@ class box_commandes extends ModeleBoxes $sql .= " AND c.fk_statut = 1"; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php index fada6a93bfd..6aefc1f2d74 100644 --- a/htdocs/core/boxes/box_contacts.php +++ b/htdocs/core/boxes/box_contacts.php @@ -98,10 +98,10 @@ class box_contacts extends ModeleBoxes } $sql .= " WHERE sp.entity IN (".getEntity('socpeople').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND sp.fk_soc = ".$user->socid; + $sql .= " AND sp.fk_soc = ".((int) $user->socid); } $sql .= " ORDER BY sp.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_contracts.php b/htdocs/core/boxes/box_contracts.php index 9d7b625db91..9bb794b94fa 100644 --- a/htdocs/core/boxes/box_contracts.php +++ b/htdocs/core/boxes/box_contracts.php @@ -92,10 +92,10 @@ class box_contracts extends ModeleBoxes $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (! empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_contrat DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php index d0117526515..b61fe66f064 100644 --- a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php +++ b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php @@ -99,7 +99,7 @@ class box_customers_outstanding_bill_reached extends ModeleBoxes $sql .= " WHERE s.client IN (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { $sql .= " AND s.rowid = $user->socid"; diff --git a/htdocs/core/boxes/box_factures.php b/htdocs/core/boxes/box_factures.php index 12382ccb583..6bdeabda212 100644 --- a/htdocs/core/boxes/box_factures.php +++ b/htdocs/core/boxes/box_factures.php @@ -107,10 +107,10 @@ class box_factures extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY f.datef DESC, f.ref DESC "; diff --git a/htdocs/core/boxes/box_factures_fourn.php b/htdocs/core/boxes/box_factures_fourn.php index a5d63c7b9c3..70640efeb78 100644 --- a/htdocs/core/boxes/box_factures_fourn.php +++ b/htdocs/core/boxes/box_factures_fourn.php @@ -106,10 +106,10 @@ class box_factures_fourn extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY f.datef DESC, f.ref DESC "; diff --git a/htdocs/core/boxes/box_factures_fourn_imp.php b/htdocs/core/boxes/box_factures_fourn_imp.php index 9c35055011d..fac13c654a4 100644 --- a/htdocs/core/boxes/box_factures_fourn_imp.php +++ b/htdocs/core/boxes/box_factures_fourn_imp.php @@ -102,10 +102,10 @@ class box_factures_fourn_imp extends ModeleBoxes $sql .= " AND f.paye = 0"; $sql .= " AND fk_statut = 1"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY datelimite DESC, f.ref_supplier DESC "; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_factures_imp.php b/htdocs/core/boxes/box_factures_imp.php index 400ae910749..3b6e857b058 100644 --- a/htdocs/core/boxes/box_factures_imp.php +++ b/htdocs/core/boxes/box_factures_imp.php @@ -110,10 +110,10 @@ class box_factures_imp extends ModeleBoxes $sql .= " AND f.paye = 0"; $sql .= " AND fk_statut = 1"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " GROUP BY s.rowid, s.nom, s.name_alias, s.code_client, s.code_compta, s.client, s.logo, s.email, s.entity, s.tva_intra, s.siren, s.siret, s.ape, s.idprof4, s.idprof5, s.idprof6,"; $sql .= " f.ref, f.date_lim_reglement,"; diff --git a/htdocs/core/boxes/box_ficheinter.php b/htdocs/core/boxes/box_ficheinter.php index 7179be0cfbb..3b62361343a 100644 --- a/htdocs/core/boxes/box_ficheinter.php +++ b/htdocs/core/boxes/box_ficheinter.php @@ -96,10 +96,10 @@ class box_ficheinter extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid "; $sql .= " AND f.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY f.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_fournisseurs.php b/htdocs/core/boxes/box_fournisseurs.php index b0d5a0774fc..c0516c1cf4c 100644 --- a/htdocs/core/boxes/box_fournisseurs.php +++ b/htdocs/core/boxes/box_fournisseurs.php @@ -93,10 +93,10 @@ class box_fournisseurs extends ModeleBoxes $sql .= " WHERE s.fournisseur = 1"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC "; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_propales.php b/htdocs/core/boxes/box_propales.php index 9c6376351e7..6599116a980 100644 --- a/htdocs/core/boxes/box_propales.php +++ b/htdocs/core/boxes/box_propales.php @@ -96,10 +96,10 @@ class box_propales extends ModeleBoxes $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY p.datep DESC, p.ref DESC "; diff --git a/htdocs/core/boxes/box_prospect.php b/htdocs/core/boxes/box_prospect.php index 7489cc997ea..06d42e34b18 100644 --- a/htdocs/core/boxes/box_prospect.php +++ b/htdocs/core/boxes/box_prospect.php @@ -99,10 +99,10 @@ class box_prospect extends ModeleBoxes $sql .= " WHERE s.client IN (2, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_services_contracts.php b/htdocs/core/boxes/box_services_contracts.php index 98e2b82bb37..320932a0c6f 100644 --- a/htdocs/core/boxes/box_services_contracts.php +++ b/htdocs/core/boxes/box_services_contracts.php @@ -96,12 +96,12 @@ class box_services_contracts extends ModeleBoxes $sql .= " INNER JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= ")"; $sql .= " WHERE c.entity = ".$conf->entity; if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= $this->db->order("c.tms", "DESC"); $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_services_expired.php b/htdocs/core/boxes/box_services_expired.php index 75cc1cde413..95086cdf2a3 100644 --- a/htdocs/core/boxes/box_services_expired.php +++ b/htdocs/core/boxes/box_services_expired.php @@ -96,7 +96,7 @@ class box_services_expired extends ModeleBoxes $sql .= ' AND c.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY c.rowid, c.ref, c.statut, c.date_contrat, c.ref_customer, c.ref_supplier, s.nom, s.rowid"; $sql .= ", s.email, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur"; diff --git a/htdocs/core/boxes/box_shipments.php b/htdocs/core/boxes/box_shipments.php index abb639ddb94..2b6adfe3bdc 100644 --- a/htdocs/core/boxes/box_shipments.php +++ b/htdocs/core/boxes/box_shipments.php @@ -109,10 +109,10 @@ class box_shipments extends ModeleBoxes $sql .= " AND e.fk_statut = 1"; } if ($user->socid > 0) { - $sql.= " AND s.rowid = ".$user->socid; + $sql.= " AND s.rowid = ".((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } else { $sql .= " ORDER BY e.date_delivery, e.ref DESC "; } diff --git a/htdocs/core/boxes/box_supplier_orders.php b/htdocs/core/boxes/box_supplier_orders.php index 0c2b97ce6b5..b3451d9b6c3 100644 --- a/htdocs/core/boxes/box_supplier_orders.php +++ b/htdocs/core/boxes/box_supplier_orders.php @@ -98,10 +98,10 @@ class box_supplier_orders extends ModeleBoxes $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php index 04dabbd0ff3..8125a848fd0 100644 --- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php +++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php @@ -99,10 +99,10 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; $sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC"; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index c42e1b1b4f4..bed73be9d46 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1983,7 +1983,7 @@ abstract class CommonObject /** * Load properties id_previous and id_next by comparing $fieldid with $this->ref * - * @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')" + * @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')". Do not allow user input data here. * @param string $fieldid Name of field to use for the select MAX and MIN * @param int $nodbprefix Do not include DB prefix to forge table name * @return int <0 if KO, >0 if OK @@ -2032,10 +2032,10 @@ abstract class CommonObject } $sql .= " WHERE te.".$fieldid." < '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists) if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)'; + $sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)'; } if (!empty($filter)) { if (!preg_match('/^\s*AND/i', $filter)) { @@ -2102,10 +2102,10 @@ abstract class CommonObject } $sql .= " WHERE te.".$fieldid." > '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists) if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)'; + $sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)'; } if (!empty($filter)) { if (!preg_match('/^\s*AND/i', $filter)) { diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 2aa829f4090..46658851179 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -488,7 +488,7 @@ class DiscountAbsolute * * @param Societe $company Object third party for filter * @param User $user Filtre sur un user auteur des remises - * @param string $filter Filtre autre + * @param string $filter Filter other. Warning: Do not use a user input value here. * @param int $maxvalue Filter on max value for discount * @param int $discount_type 0 => customer discount, 1 => supplier discount * @param int $multicurrency Return multicurrency_amount instead of amount @@ -503,17 +503,17 @@ class DiscountAbsolute $sql = "SELECT SUM(rc.amount_ttc) as amount, SUM(rc.multicurrency_amount_ttc) as multicurrency_amount"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " WHERE rc.entity = ".$conf->entity; - $sql .= " AND rc.discount_type=".intval($discount_type); + $sql .= " AND rc.discount_type=".((int) $discount_type); if (!empty($discount_type)) { $sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; // Available from supplier } else { $sql .= " AND (rc.fk_facture IS NULL AND rc.fk_facture_line IS NULL)"; // Available to customer } if (is_object($company)) { - $sql .= " AND rc.fk_soc = ".$company->id; + $sql .= " AND rc.fk_soc = ".((int) $company->id); } if (is_object($user)) { - $sql .= " AND rc.fk_user = ".$user->id; + $sql .= " AND rc.fk_user = ".((int) $user->id); } if ($filter) { $sql .= ' AND ('.$filter.')'; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 33d2f70caa4..19a53921819 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1347,13 +1347,13 @@ class Form } $sql .= " WHERE s.entity IN (".getEntity('societe').")"; if (!empty($user->socid)) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if ($filter) { $sql .= " AND (".$filter.")"; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($conf->global->COMPANY_HIDE_INACTIVE_IN_COMBOBOX)) { $sql .= " AND s.status <> 0"; @@ -6794,9 +6794,9 @@ class Form } if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) { if ($objecttmp->element == 'societe') { - $sql .= " AND t.rowid = ".$user->socid; + $sql .= " AND t.rowid = ".((int) $user->socid); } else { - $sql .= " AND t.fk_soc = ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } } if ($searchkey != '') { @@ -6804,7 +6804,7 @@ class Form } if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') { if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } } if ($objecttmp->filter) { // Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 9da814f3369..3dc2743adf1 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -1276,7 +1276,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE (type_template='".$db->escape($type_template)."' OR type_template='all')"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned + $sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // Get all public or private owned if ($active >= 0) { $sql .= " AND active = ".((int) $active); } @@ -1399,7 +1399,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE type_template='".$this->db->escape($type_template)."'"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".$user->id.")"; + $sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".((int) $user->id).")"; if (is_object($outputlangs)) { $sql .= " AND (lang = '".$this->db->escape($outputlangs->defaultlang)."' OR lang IS NULL OR lang = '')"; } @@ -1435,7 +1435,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE type_template IN ('".$this->db->escape($type_template)."', 'all')"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own. + $sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // See all public templates or templates I own. if ($active >= 0) { $sql .= " AND active = ".((int) $active); } diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index 991e3cb37cc..dbeef627375 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -497,7 +497,7 @@ class FormOther $sql_usr .= " AND u.rowid = ".$user->id; } if (!empty($user->socid)) { - $sql_usr .= " AND u.fk_soc = ".$user->socid; + $sql_usr .= " AND u.fk_soc = ".((int) $user->socid); } //Add hook to filter on user (for exemple on usergroup define in custom modules) diff --git a/htdocs/core/lib/agenda.lib.php b/htdocs/core/lib/agenda.lib.php index 9796c49cf59..048335201ee 100644 --- a/htdocs/core/lib/agenda.lib.php +++ b/htdocs/core/lib/agenda.lib.php @@ -168,7 +168,7 @@ function show_array_actions_to_do($max = 5) $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; $sql .= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep2 > '".$db->idate($now)."'))"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -284,7 +284,7 @@ function show_array_last_actions_done($max = 5) $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; $sql .= " AND (a.percent >= 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 0204fd28922..7ada15bcaeb 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1489,46 +1489,46 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; if ($force_filter_contact === false) { if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) { - $sql .= " AND a.fk_soc = ".$filterobj->id; + $sql .= " AND a.fk_soc = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Dolresource') { /* Nothing */ } elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) { - $sql .= " AND a.fk_project = ".$filterobj->id; + $sql .= " AND a.fk_project = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') { $sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Product') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && is_array($filterobj->fields) && is_array($filterobj->fields['rowid']) && is_array($filterobj->fields['ref']) && $filterobj->table_element && $filterobj->element) { // Generic case $sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? '@'.$module : '')."'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } } diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index 3838829f8cd..4be6aa8379e 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -242,7 +242,7 @@ function getCustomerInvoicePieChart($socid = 0) $sql .= ' AND f.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY f.fk_statut"; @@ -362,7 +362,7 @@ function getPurchaseInvoicePieChart($socid = 0) $sql .= ' AND f.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY f.fk_statut"; @@ -600,7 +600,7 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0) $sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".Facture::STATUS_DRAFT; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -743,7 +743,7 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0) $sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".FactureFournisseur::STATUS_DRAFT; $sql .= " AND f.entity IN (".getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); @@ -867,7 +867,7 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0) $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.tms DESC"; $sql .= $db->plimit($maxCount, 0); @@ -969,7 +969,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0) $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.tms DESC"; $sql .= $db->plimit($maxCount, 0); @@ -1079,7 +1079,7 @@ function getCustomerInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0) $sql .= " WHERE s.rowid = f.fk_soc AND f.paye = 0 AND f.fk_statut = ".Facture::STATUS_VALIDATED; $sql .= " AND f.entity IN (".getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); @@ -1267,7 +1267,7 @@ function getPurchaseInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0) $sql .= " AND ff.paye = 0"; $sql .= " AND ff.fk_statut = ".FactureFournisseur::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND ff.fk_soc = ".((int) $socid); diff --git a/htdocs/core/lib/order.lib.php b/htdocs/core/lib/order.lib.php index 7e02450160a..6dcb40e1cc7 100644 --- a/htdocs/core/lib/order.lib.php +++ b/htdocs/core/lib/order.lib.php @@ -208,7 +208,7 @@ function getCustomerOrderPieChart($socid = 0) $sql .= ' AND c.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY c.fk_statut"; diff --git a/htdocs/core/lib/propal.lib.php b/htdocs/core/lib/propal.lib.php index 38589c9e610..f7dc3970dcb 100644 --- a/htdocs/core/lib/propal.lib.php +++ b/htdocs/core/lib/propal.lib.php @@ -187,7 +187,7 @@ function getCustomerProposalPieChart($socid = 0) $sql .= ' AND p.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")"; $sql .= " GROUP BY p.fk_statut"; diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index d64069aa923..318cebd0249 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -668,7 +668,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta $sql .= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= ", ".MAIN_DB_PREFIX."societe as s)"; $sql .= " WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).")"; - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); $sql .= " AND sc.fk_soc = s.rowid"; $sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")"; } elseif (!empty($conf->multicompany->enabled)) { @@ -684,7 +684,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; - $sql .= " AND dbt.fk_soc = ".$user->socid; + $sql .= " AND dbt.fk_soc = ".((int) $user->socid); } elseif (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) { // If internal user: Check permission for internal users that are restricted on their objects $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; @@ -767,15 +767,15 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; $sql .= " AND sc.fk_soc = dbt.".$dbt_keyfield; - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } else { // On ticket, the thirdparty is not mandatory, so we need a special test to accept record with no thirdparties. $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".$user->id; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".((int) $user->id); $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; - $sql .= " AND (sc.fk_user = ".$user->id." OR sc.fk_user IS NULL)"; + $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR sc.fk_user IS NULL)"; } } elseif (!empty($conf->multicompany->enabled)) { // If multicompany and internal users with all permissions, check user is in correct entity diff --git a/htdocs/core/lib/ticket.lib.php b/htdocs/core/lib/ticket.lib.php index f2a6194ab06..c7eb8ed6cb0 100644 --- a/htdocs/core/lib/ticket.lib.php +++ b/htdocs/core/lib/ticket.lib.php @@ -369,38 +369,38 @@ function show_ticket_messaging($conf, $langs, $db, $filterobj, $objcon = '', $no $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; if ($force_filter_contact === false) { if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) { - $sql .= " AND a.fk_soc = ".$filterobj->id; + $sql .= " AND a.fk_soc = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) { - $sql .= " AND a.fk_project = ".$filterobj->id; + $sql .= " AND a.fk_project = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') { $sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Product') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } } diff --git a/htdocs/core/modules/rapport/pdf_paiement.class.php b/htdocs/core/modules/rapport/pdf_paiement.class.php index 9f85aca1aff..cfbddcd8206 100644 --- a/htdocs/core/modules/rapport/pdf_paiement.class.php +++ b/htdocs/core/modules/rapport/pdf_paiement.class.php @@ -206,7 +206,7 @@ class pdf_paiement $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { $sql .= " AND s.rowid = ".((int) $socid); @@ -244,7 +244,7 @@ class pdf_paiement $sql .= " AND f.entity = ".$conf->entity; $sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { $sql .= " AND s.rowid = ".$socid; diff --git a/htdocs/eventorganization/eventorganizationindex.php b/htdocs/eventorganization/eventorganizationindex.php index dc66f61daec..ebeaa11e659 100644 --- a/htdocs/eventorganization/eventorganizationindex.php +++ b/htdocs/eventorganization/eventorganizationindex.php @@ -84,7 +84,7 @@ if (! empty($conf->eventorganization->enabled) && $user->rights->eventorganizati $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); if ($resql) diff --git a/htdocs/expedition/class/expeditionstats.class.php b/htdocs/expedition/class/expeditionstats.class.php index d25c7b52098..3c1bef04d09 100644 --- a/htdocs/expedition/class/expeditionstats.class.php +++ b/htdocs/expedition/class/expeditionstats.class.php @@ -74,7 +74,7 @@ class ExpeditionStats extends Stats //$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity; $this->where .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { $this->where .= " AND c.fk_soc = ".((int) $this->socid); diff --git a/htdocs/expedition/index.php b/htdocs/expedition/index.php index defd1ddf9b4..173cc1889bc 100644 --- a/htdocs/expedition/index.php +++ b/htdocs/expedition/index.php @@ -68,13 +68,13 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande as c ON el.fk_source = c.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc"; if (!$user->rights->societe->client->voir && !$socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc"; - $sql .= $clause." sc.fk_user = ".$user->id; + $sql .= $clause." sc.fk_user = ".((int) $user->id); $clause = " AND "; } $sql .= $clause." e.fk_statut = ".Expedition::STATUS_DRAFT; $sql .= " AND e.entity IN (".getEntity('expedition').")"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -143,11 +143,11 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= " WHERE e.entity IN (".getEntity('expedition').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND e.fk_statut = ".Expedition::STATUS_VALIDATED; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= " ORDER BY e.date_delivery DESC"; $sql .= $db->plimit($max, 0); @@ -215,10 +215,10 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('order').")"; $sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_ACCEPTED.")"; if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid ASC"; diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index 5a110d33f2a..3661661d357 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -289,7 +289,7 @@ if ($socid > 0) { } if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all $sql .= " AND e.fk_soc = sc.fk_soc"; - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND e.fk_soc = ".((int) $socid); diff --git a/htdocs/expensereport/class/expensereportstats.class.php b/htdocs/expensereport/class/expensereportstats.class.php index 8f3574f2952..13e7a44bc7f 100644 --- a/htdocs/expensereport/class/expensereportstats.class.php +++ b/htdocs/expensereport/class/expensereportstats.class.php @@ -71,7 +71,7 @@ class ExpenseReportStats extends Stats //$this->where.= " AND entity = ".$conf->entity; if ($this->socid) { - $this->where .= " AND e.fk_soc = ".$this->socid; + $this->where .= " AND e.fk_soc = ".((int) $this->socid); } // Only me and subordinates diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index 44ff46b233c..260bff00016 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -774,7 +774,7 @@ if ($action == 'create') { $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_ref) { $sql .= natural_search('f.titre', $search_ref); diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index 0bb5d2522ab..a15ebfffeb8 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -206,7 +206,7 @@ class Fichinter extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON fi.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." fi.entity IN (".getEntity('intervention').")"; diff --git a/htdocs/fichinter/index.php b/htdocs/fichinter/index.php index 2d69046b4ba..8513238b385 100644 --- a/htdocs/fichinter/index.php +++ b/htdocs/fichinter/index.php @@ -83,7 +83,7 @@ if ($user->socid) { $sql .= ' AND f.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY f.fk_statut"; $resql = $db->query($sql); @@ -199,10 +199,10 @@ if (!empty($conf->ficheinter->enabled)) { $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.fk_statut = 0"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -249,10 +249,10 @@ $sql .= " WHERE f.entity IN (".getEntity('intervention').")"; $sql .= " AND f.fk_soc = s.rowid"; //$sql.= " AND c.fk_statut > 2"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.tms DESC"; $sql .= $db->plimit($max, 0); @@ -322,10 +322,10 @@ if (!empty($conf->ficheinter->enabled)) { $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.fk_statut = 1"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.rowid DESC"; diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 3f86fc18795..508eb984307 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -286,7 +286,7 @@ if ($search_status != '' && $search_status >= 0) { $sql .= ' AND f.fk_statut = '.urlencode($search_status); } if (!$user->rights->societe->client->voir && empty($socid)) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/fourn/class/fournisseur.class.php b/htdocs/fourn/class/fournisseur.class.php index 1ab1095a191..121e699757c 100644 --- a/htdocs/fourn/class/fournisseur.class.php +++ b/htdocs/fourn/class/fournisseur.class.php @@ -86,7 +86,7 @@ class Fournisseur extends Societe $sql = "SELECT count(pfp.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; $sql .= " WHERE pfp.entity = ".$conf->entity; - $sql .= " AND pfp.fk_soc = ".$this->id; + $sql .= " AND pfp.fk_soc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -115,7 +115,7 @@ class Fournisseur extends Societe $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." s.fournisseur = 1"; @@ -184,7 +184,7 @@ class Fournisseur extends Societe $sql .= " WHERE s.fournisseur = 1"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index c31071b0474..4605510d539 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -470,7 +470,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".$this->socid; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".((int) $this->socid); } $sql .= " WHERE l.fk_commande = ".$this->id; if ($only_product) { @@ -2958,7 +2958,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." co.entity = ".$conf->entity; @@ -2996,7 +2996,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as c"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." c.entity = ".$conf->entity; @@ -3006,7 +3006,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " AND c.fk_statut IN (".self::STATUS_VALIDATED.", ".self::STATUS_ACCEPTED.")"; } if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 049bcf89c8b..abb5b01fb2c 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -2314,7 +2314,7 @@ class FactureFournisseur extends CommonInvoice $sql .= " AND pf.fk_paiementfourn IS NULL"; // Aucun paiement deja fait $sql .= " AND ff.fk_statut IS NULL"; // Renvoi vrai si pas facture de remplacement if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " ORDER BY f.ref"; @@ -2362,7 +2362,7 @@ class FactureFournisseur extends CommonInvoice $sql .= " AND ff.type=".self::TYPE_REPLACEMENT.")"; $sql .= " AND f.type != ".self::TYPE_CREDIT_NOTE; // Type non 2 si facture non avoir if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " ORDER BY f.ref"; @@ -2414,7 +2414,7 @@ class FactureFournisseur extends CommonInvoice $sql .= ' AND ff.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $this->db->query($sql); @@ -2761,7 +2761,7 @@ class FactureFournisseur extends CommonInvoice $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." f.entity = ".$conf->entity; diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index 1ea5db20b59..0717c0b74f4 100644 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -76,7 +76,7 @@ if ($user->socid) { $sql .= ' AND cf.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cf.fk_statut"; @@ -186,7 +186,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -293,7 +293,7 @@ if (!empty($socid)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index d1946cc9b4c..be47df4631d 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -654,7 +654,7 @@ if ($socid > 0) { $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_ref) { $sql .= natural_search('cf.ref', $search_ref); diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php index 3196ffed7ac..9fd4dd30b26 100644 --- a/htdocs/fourn/contact.php +++ b/htdocs/fourn/contact.php @@ -76,7 +76,7 @@ $sql .= " AND s.fournisseur = 1"; $sql .= " AND s.rowid = p.fk_soc"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (dol_strlen($stcomm)) { diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 5e4cc3fc05e..f6052fceffe 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -475,7 +475,7 @@ $sql .= $hookmanager->resPrint; $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('facture_fourn').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_product_category > 0) { $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php index c7a2149c441..f0967453701 100644 --- a/htdocs/fourn/facture/paiement.php +++ b/htdocs/fourn/facture/paiement.php @@ -371,7 +371,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.rowid = '.((int) $facid); if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/fourn/index.php b/htdocs/fourn/index.php index 8d124f46350..2b3017708dc 100644 --- a/htdocs/fourn/index.php +++ b/htdocs/fourn/index.php @@ -65,7 +65,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= " WHERE cf.fk_soc = s.rowid "; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND cf.entity = ".$conf->entity; $sql .= " GROUP BY cf.fk_statut"; @@ -111,12 +111,12 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU } $sql .= " WHERE cf.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND cf.entity = ".$conf->entity; $sql .= " AND cf.fk_statut = 0"; if ($socid) { - $sql .= " AND cf.fk_soc = ".$socid; + $sql .= " AND cf.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -167,7 +167,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S } $sql .= " WHERE s.rowid = ff.fk_soc"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND ff.entity = ".$conf->entity; $sql .= " AND ff.fk_statut = 0"; @@ -240,7 +240,7 @@ $sql .= " WHERE s.fk_stcomm = st.id"; $sql .= " AND s.fournisseur = 1"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/hrm/index.php b/htdocs/hrm/index.php index 8a294a47e2c..ca02c1d776a 100644 --- a/htdocs/hrm/index.php +++ b/htdocs/hrm/index.php @@ -344,7 +344,7 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme } $sql .= " WHERE rc.entity IN (".getEntity($staticrecruitmentcandidature->element).")"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND rp.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND rp.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND rp.fk_soc = $socid"; diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index a11de7c447e..6b0b9c69134 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -790,7 +790,7 @@ function migrate_paiements_orphelins_1($db, $langs, $conf) // On cherche facture sans lien paiement et du meme montant et pour meme societe. $sql = " SELECT distinct f.rowid from ".MAIN_DB_PREFIX."facture as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture"; - $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".$row[$i]['socid']." AND total_ttc = ".$row[$i]['pamount']; + $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".$row[$i]['pamount']; $sql .= " AND pf.fk_facture IS NULL"; $sql .= " ORDER BY f.fk_statut"; //print $sql.'
'; @@ -901,7 +901,7 @@ function migrate_paiements_orphelins_2($db, $langs, $conf) // On cherche facture sans lien paiement et du meme montant et pour meme societe. $sql = " SELECT distinct f.rowid from ".MAIN_DB_PREFIX."facture as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture"; - $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".$row[$i]['socid']." AND total_ttc = ".$row[$i]['pamount']; + $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".$row[$i]['pamount']; $sql .= " AND pf.fk_facture IS NULL"; $sql .= " ORDER BY f.fk_statut"; //print $sql.'
'; diff --git a/htdocs/margin/customerMargins.php b/htdocs/margin/customerMargins.php index 7fed219ffcd..6861f67db0d 100644 --- a/htdocs/margin/customerMargins.php +++ b/htdocs/margin/customerMargins.php @@ -237,7 +237,7 @@ if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND f.fk_statut NOT IN (".$db->sanitize(implode(', ', $invoice_status_except_list)).")"; $sql .= ' AND s.entity IN ('.getEntity('societe').')'; diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index d2c9a1bca76..3b14f1db808 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -158,7 +158,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND d.fk_facture = f.rowid"; $sql .= " AND d.fk_product = ".((int) $object->id); if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { $sql .= " AND f.fk_soc = $socid"; diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 28bf0288c7b..ae925e8824b 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -2647,7 +2647,7 @@ class Product extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."mrp_mo as c"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."mrp_production as mp ON mp.fk_mo=c.rowid"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= "INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=c.fk_soc AND sc.fk_user = ".$user->id; + $sql .= "INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=c.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " WHERE "; $sql .= " c.entity IN (".getEntity('mo').")"; @@ -2777,7 +2777,7 @@ class Product extends CommonObject $sql .= " AND p.entity IN (".getEntity('propal').")"; $sql .= " AND pd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND pr.fk_statut != 0"; if ($socid > 0) { @@ -2852,7 +2852,7 @@ class Product extends CommonObject $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " AND pd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND pr.fk_statut != 0"; if ($socid > 0) { @@ -2908,7 +2908,7 @@ class Product extends CommonObject $sql .= " AND c.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'commande').")"; $sql .= " AND cd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3010,7 +3010,7 @@ class Product extends CommonObject $sql .= " AND c.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'supplier_order').")"; $sql .= " AND cd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3072,7 +3072,7 @@ class Product extends CommonObject $sql .= " AND ed.fk_origin_line = cd.rowid"; $sql .= " AND cd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND e.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND e.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND e.fk_soc = ".((int) $socid); @@ -3153,7 +3153,7 @@ class Product extends CommonObject $sql .= " AND cf.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'supplier_order').")"; $sql .= " AND fd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND cf.fk_soc = ".((int) $socid); @@ -3209,7 +3209,7 @@ class Product extends CommonObject $sql .= " AND m.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'mrp').")"; $sql .= " AND mp.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND m.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND m.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND m.fk_soc = ".((int) $socid); @@ -3303,7 +3303,7 @@ class Product extends CommonObject $sql .= " AND c.entity IN (".getEntity('contract').")"; $sql .= " AND cd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND c.statut != 0"; if ($socid > 0) { @@ -3377,7 +3377,7 @@ class Product extends CommonObject $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND fd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND f.fk_statut != 0"; if ($socid > 0) { @@ -3451,7 +3451,7 @@ class Product extends CommonObject $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; $sql .= " AND fd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND f.fk_statut != 0"; if ($socid > 0) { @@ -3590,7 +3590,7 @@ class Product extends CommonObject $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND f.fk_soc = $socid"; @@ -3643,7 +3643,7 @@ class Product extends CommonObject $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND f.fk_soc = $socid"; @@ -3694,7 +3694,7 @@ class Product extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND p.fk_soc = ".((int) $socid); @@ -3746,7 +3746,7 @@ class Product extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND p.fk_soc = ".((int) $socid); @@ -3797,7 +3797,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('commande').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3848,7 +3848,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3902,7 +3902,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = s.rowid"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3955,7 +3955,7 @@ class Product extends CommonObject } if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND d.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND d.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND d.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php index f71c907a430..cb7c84fc863 100644 --- a/htdocs/product/stats/contrat.php +++ b/htdocs/product/stats/contrat.php @@ -144,7 +144,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND c.entity IN (".getEntity('contract').")"; $sql .= " AND cd.fk_product = ".((int) $product->id); if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index b8a83e847c2..b3e5571ac5a 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -176,7 +176,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(f.datef) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/facture_fournisseur.php b/htdocs/product/stats/facture_fournisseur.php index 6eaf5a33e22..212674582f9 100644 --- a/htdocs/product/stats/facture_fournisseur.php +++ b/htdocs/product/stats/facture_fournisseur.php @@ -159,7 +159,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(f.datef) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index f2a26d4af73..b83d0368b75 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -161,7 +161,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(p.datep) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND p.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/supplier_proposal.php b/htdocs/product/stats/supplier_proposal.php index b30983bbda5..d583d58bff8 100644 --- a/htdocs/product/stats/supplier_proposal.php +++ b/htdocs/product/stats/supplier_proposal.php @@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(p.datep) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND p.fk_soc = ".((int) $socid); diff --git a/htdocs/projet/activity/index.php b/htdocs/projet/activity/index.php index 60484eb4f17..eb9985b4de5 100644 --- a/htdocs/projet/activity/index.php +++ b/htdocs/projet/activity/index.php @@ -124,7 +124,7 @@ $sql .= ", ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql .= " WHERE t.fk_projet = p.rowid"; $sql .= " AND p.entity = ".$conf->entity; $sql .= " AND tt.fk_task = t.rowid"; -$sql .= " AND tt.fk_user = ".$user->id; +$sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND task_date BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $month, $day, $year))."' AND '".$db->idate(dol_mktime(23, 59, 59, $month, $day, $year))."'"; $sql .= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql .= " GROUP BY p.rowid, p.ref, p.title, p.public"; @@ -177,7 +177,7 @@ $sql .= ", ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql .= " WHERE t.fk_projet = p.rowid"; $sql .= " AND p.entity = ".$conf->entity; $sql .= " AND tt.fk_task = t.rowid"; -$sql .= " AND tt.fk_user = ".$user->id; +$sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND task_date BETWEEN '".$db->idate(dol_time_plus_duree(dol_mktime(0, 0, 0, $month, $day, $year), -1, 'd'))."' AND '".$db->idate(dol_time_plus_duree(dol_mktime(23, 59, 59, $month, $day, $year), -1, 'd'))."'"; $sql .= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql .= " GROUP BY p.rowid, p.ref, p.title, p.public"; @@ -233,7 +233,7 @@ if ($db->type != 'pgsql') $sql.= " WHERE t.fk_projet = p.rowid"; $sql.= " AND p.entity = ".$conf->entity; $sql.= " AND tt.fk_task = t.rowid"; - $sql.= " AND tt.fk_user = ".$user->id; + $sql.= " AND tt.fk_user = ".((int) $user->id); $sql.= " AND task_date >= '".$db->idate(dol_get_first_day($year, $month)).'" AND ..."; $sql.= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql.= " GROUP BY p.rowid, p.ref, p.title"; @@ -289,7 +289,7 @@ if (!empty($conf->global->PROJECT_TASK_TIME_MONTH)) { $sql .= " WHERE t.fk_projet = p.rowid"; $sql .= " AND p.entity = ".$conf->entity; $sql .= " AND tt.fk_task = t.rowid"; - $sql .= " AND tt.fk_user = ".$user->id; + $sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND task_date BETWEEN '".$db->idate(dol_get_first_day($year, $month))."' AND '".$db->idate(dol_get_last_day($year, $month))."'"; $sql .= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql .= " GROUP BY p.rowid, p.ref, p.title, p.public"; @@ -335,7 +335,7 @@ if (!empty($conf->global->PROJECT_TASK_TIME_YEAR)) { $sql .= " WHERE t.fk_projet = p.rowid"; $sql .= " AND p.entity = ".$conf->entity; $sql .= " AND tt.fk_task = t.rowid"; - $sql .= " AND tt.fk_user = ".$user->id; + $sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND YEAR(task_date) = '".strftime("%Y", $now)."'"; $sql .= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql .= " GROUP BY p.rowid, p.ref, p.title, p.public"; diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index a570e8ed7bb..3d5c89b9dc7 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -1407,9 +1407,9 @@ class Project extends CommonObject } $sql .= " WHERE p.entity IN (".getEntity('project').")"; // Internal users must see project he is contact to even if project linked to a third party he can't see. - //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; if ($socid > 0) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } // Get id of types of contacts for projects (This list never contains a lot of elements) @@ -2025,7 +2025,7 @@ class Project extends CommonObject $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser - //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; // For external user, no check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 574fb534b2c..9a80eb060e9 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -2097,12 +2097,12 @@ class Task extends CommonObject $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser - //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; if ($socid) { $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id.") OR (s.rowid IS NULL))"; + $sql .= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; } $resql = $this->db->query($sql); diff --git a/htdocs/reception/class/receptionstats.class.php b/htdocs/reception/class/receptionstats.class.php index 3e28d96bc49..4055d5d5dfe 100644 --- a/htdocs/reception/class/receptionstats.class.php +++ b/htdocs/reception/class/receptionstats.class.php @@ -71,13 +71,13 @@ class ReceptionStats extends Stats //$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity; $this->where .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/reception/index.php b/htdocs/reception/index.php index 7cb26dee0ca..948489aa843 100644 --- a/htdocs/reception/index.php +++ b/htdocs/reception/index.php @@ -88,7 +88,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseur as c ON el.fk_source $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc"; if (!$user->rights->societe->client->voir && !$socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc"; - $sql .= $clause." sc.fk_user = ".$user->id; + $sql .= $clause." sc.fk_user = ".((int) $user->id); $clause = " AND "; } $sql .= $clause." e.fk_statut = 0"; @@ -156,7 +156,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= " WHERE e.entity IN (".getEntity('reception').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND e.fk_statut = 1"; if ($socid) { @@ -222,7 +222,7 @@ if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid ASC"; $resql = $db->query($sql); diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index a6ecd37cc6d..dd9f365c39a 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -451,7 +451,7 @@ if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no $sql .= " WHERE e.entity IN (".getEntity('reception').")"; if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all $sql .= " AND e.fk_soc = sc.fk_soc"; - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND e.fk_soc = ".((int) $socid); diff --git a/htdocs/recruitment/recruitmentindex.php b/htdocs/recruitment/recruitmentindex.php index 6e9ee616327..8c3e2f236a5 100644 --- a/htdocs/recruitment/recruitmentindex.php +++ b/htdocs/recruitment/recruitmentindex.php @@ -336,7 +336,7 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme } $sql .= " WHERE s.entity IN (".getEntity($staticrecruitmentjobposition->element).")"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.fk_soc = $socid"; @@ -407,7 +407,7 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme } $sql .= " WHERE rc.entity IN (".getEntity($staticrecruitmentjobposition->element).")"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.fk_soc = $socid"; diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index eefb71b6772..91e8cbc290b 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -66,7 +66,7 @@ class Client extends Societe $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." s.client IN (1,2,3)"; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index dc074c817f8..fa19b23e6cd 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -2306,7 +2306,7 @@ class Societe extends CommonObject $sql .= " WHERE entity in (0, ".$conf->entity.")"; } - $sql .= " AND u.rowid = sc.fk_user AND sc.fk_soc = ".$this->id; + $sql .= " AND u.rowid = sc.fk_user AND sc.fk_soc = ".((int) $this->id); if (empty($sortfield) && empty($sortorder)) { $sortfield = 'u.lastname,u.firstname'; $sortorder = 'ASC,ASC'; @@ -3034,7 +3034,7 @@ class Societe extends CommonObject { // phpcs:enable require_once DOL_DOCUMENT_ROOT.'/societe/class/companybankaccount.class.php'; - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_rib WHERE type='ban' AND fk_soc = ".$this->id; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_rib WHERE type='ban' AND fk_soc = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { $this->error++; diff --git a/htdocs/societe/index.php b/htdocs/societe/index.php index e7d3ba09db8..1433435a8e6 100644 --- a/htdocs/societe/index.php +++ b/htdocs/societe/index.php @@ -99,7 +99,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= ' WHERE s.entity IN ('.getEntity('societe').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND s.rowid = ".((int) $socid); @@ -273,7 +273,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= ' WHERE s.entity IN ('.getEntity('societe').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index db1934bfc23..0b363f560f3 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -513,9 +513,9 @@ $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; $sql .= " WHERE s.entity IN (".getEntity('societe').")"; -//if (empty($user->rights->societe->client->voir) && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->societe->client->readallthirdparties_advance)) && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; +//if (empty($user->rights->societe->client->voir) && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->societe->client->readallthirdparties_advance)) && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_sale && $search_sale != '-1' && $search_sale != '-2') { $sql .= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index 97d92007885..873795c938e 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -516,7 +516,7 @@ if (empty($reshook)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; } else { $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX."societe_account"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".((int) $object->id)." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! } $resql = $db->query($sql); @@ -538,7 +538,7 @@ if (empty($reshook)) { } else { $sql = 'UPDATE '.MAIN_DB_PREFIX."societe_account"; $sql .= " SET key_account = '".$db->escape(GETPOST('key_account', 'alpha'))."', site_account = '".$db->escape($site_account)."'"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".((int) $object->id)." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! $resql = $db->query($sql); } } @@ -562,7 +562,7 @@ if (empty($reshook)) { if (empty($newsup)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."oauth_token WHERE fk_soc = ".$object->id." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; // TODO Add site and site_account on oauth_token table - //$sql = "DELETE FROM ".MAIN_DB_PREFIX."oauth_token WHERE site = 'stripe' AND (site_account IS NULL or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; + //$sql = "DELETE FROM ".MAIN_DB_PREFIX."oauth_token WHERE site = 'stripe' AND (site_account IS NULL or site_account = '".$db->escape($site_account)."') AND fk_soc = ".((int) $object->id)." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; } else { try { $stripesup = \Stripe\Account::retrieve($db->escape(GETPOST('key_account_supplier', 'alpha'))); @@ -570,7 +570,7 @@ if (empty($reshook)) { $tokenstring['type'] = $stripesup->type; $sql = "UPDATE ".MAIN_DB_PREFIX."oauth_token"; $sql .= " SET tokenstring = '".$db->escape(json_encode($tokenstring))."'"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '".$db->escape($site_account)."') AND fk_soc = ".((int) $object->id)." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! // TODO Add site and site_account on oauth_token table $sql .= " WHERE fk_soc = ".$object->id." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! } catch (Exception $e) { diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 6d43222bcf2..bc44ad200d5 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1946,7 +1946,7 @@ class SupplierProposal extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = c.id"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -2220,7 +2220,7 @@ class SupplierProposal extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('supplier_proposal').")"; @@ -2231,7 +2231,7 @@ class SupplierProposal extends CommonObject $sql .= " AND p.fk_statut = 2"; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -2377,7 +2377,7 @@ class SupplierProposal extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('supplier_proposal').")"; diff --git a/htdocs/supplier_proposal/index.php b/htdocs/supplier_proposal/index.php index 85f5f96c1af..45501ed9b2b 100644 --- a/htdocs/supplier_proposal/index.php +++ b/htdocs/supplier_proposal/index.php @@ -75,7 +75,7 @@ if ($user->socid) { $sql .= ' AND p.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND p.fk_statut IN (0,1,2,3,4)"; $sql .= " GROUP BY p.fk_statut"; @@ -176,7 +176,7 @@ if (!empty($conf->supplier_proposal->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -234,7 +234,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -312,7 +312,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " AND p.fk_statut = 1"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 3c89be6bfe4..97fa7fbd713 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -317,7 +317,7 @@ if ($search_user > 0) { $sql .= ' WHERE sp.fk_soc = s.rowid'; $sql .= ' AND sp.entity IN ('.getEntity('supplier_proposal').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_town) { $sql .= natural_search('s.town', $search_town); diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index d29a4913b6b..9d2a193cf8c 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -729,9 +729,9 @@ class Ticket extends CommonObject } } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } elseif ($user->socid) { - $sql .= " AND t.fk_soc = ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } $sql .= " ORDER BY ".$sortfield.' '.$sortorder; @@ -2920,7 +2920,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."ticket as p"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('ticket').")"; @@ -2928,7 +2928,7 @@ class Ticket extends CommonObject $sql .= " AND p.fk_statut NOT IN (".Ticket::STATUS_CLOSED.", ".Ticket::STATUS_CANCELED.")"; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -2986,7 +2986,7 @@ class Ticket extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('ticket').")"; diff --git a/htdocs/ticket/class/ticketstats.class.php b/htdocs/ticket/class/ticketstats.class.php index 2bcd0fe89fc..9f8122b0b9a 100644 --- a/htdocs/ticket/class/ticketstats.class.php +++ b/htdocs/ticket/class/ticketstats.class.php @@ -64,7 +64,7 @@ class TicketStats extends Stats $this->where = " fk_statut > 0"; $this->where .= " AND entity = ".$conf->entity; if ($this->socid > 0) { - $this->where .= " AND fk_soc = ".$this->socid; + $this->where .= " AND fk_soc = ".((int) $this->socid); } if (is_array($this->userid) && count($this->userid) > 0) { $this->where .= ' AND fk_user_create IN ('.$this->db->sanitize(join(',', $this->userid)).')'; diff --git a/htdocs/ticket/index.php b/htdocs/ticket/index.php index c3027e5044b..1c565b79b45 100644 --- a/htdocs/ticket/index.php +++ b/htdocs/ticket/index.php @@ -324,7 +324,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= ' WHERE t.entity IN ('.getEntity('ticket').')'; $sql .= " AND t.fk_statut=0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid > 0) { diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 816d3dc3e27..4c253e4a4a8 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1030,7 +1030,7 @@ class User extends CommonObject $sql .= " AND r.entity = ".$conf->entity; } $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; - $sql .= " AND gu.fk_user = ".$this->id; + $sql .= " AND gu.fk_user = ".((int) $this->id); $sql .= " AND r.perms IS NOT NULL"; if ($moduletag) { $sql .= " AND r.module = '".$this->db->escape($moduletag)."'"; diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 73c9d817ae8..9bb8ab66c38 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -409,7 +409,7 @@ if ($result > 0) { $sql .= " ".MAIN_DB_PREFIX."notify as n"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as c ON n.fk_user = c.rowid"; $sql .= " WHERE a.rowid = n.fk_action"; - $sql .= " AND n.fk_user = ".$object->id; + $sql .= " AND n.fk_user = ".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); // Count total nb of records diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 5e96a76119c..692b3dc08af 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -217,9 +217,9 @@ $permsgroupbyentity = array(); $sql = "SELECT DISTINCT gr.fk_id, gu.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."usergroup_rights as gr,"; $sql .= " ".MAIN_DB_PREFIX."usergroup_user as gu"; -$sql .= " WHERE gr.entity = ".$entity; +$sql .= " WHERE gr.entity = ".((int) $entity); $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; -$sql .= " AND gu.fk_user = ".$object->id; +$sql .= " AND gu.fk_user = ".((int) $object->id); dol_syslog("get user perms", LOG_DEBUG); $result = $db->query($sql); diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 37fc7eee703..6a3a0219119 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -225,7 +225,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Must must not found $db-> $ok=true; $matches=array(); - // Check string get_class... + // Check string $db-> inside a class.php file (it should be $this->db-> insto such classes) preg_match_all('/'.preg_quote('$db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; @@ -243,7 +243,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Must must not found $this->db-> $ok=true; $matches=array(); - // Check string get_class... + // Check string $this->db-> into a non class.php file (it shoud be $db-> into such classes) preg_match_all('/'.preg_quote('$this->db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; @@ -286,6 +286,25 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $ok=true; $matches=array(); + // Check sql string AND ... yyy = ".$xxx + // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string or an (int) if int when forging sql request. + preg_match_all('/AND.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); + foreach ($matches as $key => $val) { + if ($val[1] == 'ity' && $val[2] == 'con') { + continue; + } + //if ($val[2] != 'thi' && $val[2] != 'db-') { + var_dump($matches); + $ok=false; + break; + //} + //if ($reg[0] != 'db') $ok=false; + } + //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; + $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); + //exit; + + // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/=\s*\'"\s*\.\s*\$this->(....)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { @@ -299,10 +318,10 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].' - Bad.'); //exit; - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. - preg_match_all('/sql.+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); + // Check string sql|set...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. + preg_match_all('/(sql|SET).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { - if (! in_array($val[1], array('this->db-', 'this->esc', 'db->escap', 'dbsession', 'db->idate', 'excludeGr', 'includeGr'))) { + if (! in_array($val[2], array('this->db-', 'this->esc', 'db->escap', 'dbsession', 'db->idate', 'excludeGr', 'includeGr'))) { $ok=false; break; } @@ -341,7 +360,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped. $ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/(..............)\$_SERVER\[\'QUERY_STRING\'\]/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($val[1] != 'scape_htmltag(' && $val[1] != 'ing_nohtmltag(' && $val[1] != 'dol_escape_js(') { @@ -355,7 +373,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test that first param of print_liste_field_titre is a translation key and not the translated value $ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. + // Check string ='print_liste_field_titre\(\$langs'. preg_match_all('/print_liste_field_titre\(\$langs/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; @@ -367,8 +385,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test we don't have
$ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. - preg_match_all('/
/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('//', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($file['name'] != 'functions.lib.php') { $ok=false; @@ -381,7 +398,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test we don't have name="token" value="'.$_SESSION['newtoken'], we must use name="token" value="'.newToken() instead. $ok=true; $matches=array(); - // Check string name="token" value="'.$_SESSINON preg_match_all('/name="token" value="\'\s*\.\s*\$_SESSION/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($file['name'] != 'excludefile.php') { @@ -395,7 +411,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test we don't have @var array( $ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/@var\s+array\(/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; From 6d5329bbf807746e7905fefea83c3715a821de74 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 17:45:16 +0200 Subject: [PATCH 068/215] Fix phpunit --- htdocs/multicurrency/multicurrency_rate.php | 2 +- test/phpunit/CodingPhpTest.php | 10 +++------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/htdocs/multicurrency/multicurrency_rate.php b/htdocs/multicurrency/multicurrency_rate.php index 3a8c1be819e..35b7544ccbc 100644 --- a/htdocs/multicurrency/multicurrency_rate.php +++ b/htdocs/multicurrency/multicurrency_rate.php @@ -264,7 +264,7 @@ if (!in_array($action, array("updateRate", "deleteRate"))) { print ''; print ' '.$langs->trans('Currency').''; - print ''.$form->selectMultiCurrency((GETPOSTISSET('multicurrency_code') ? GETPOST('multicurrency_code', 'alpha') : $multicurrency_code), 'multicurrency_code', 1, " code != '".$conf->currency."'", true).''; + print ''.$form->selectMultiCurrency((GETPOSTISSET('multicurrency_code') ? GETPOST('multicurrency_code', 'alpha') : $multicurrency_code), 'multicurrency_code', 1, " code != '".$db->escape($conf->currency)."'", true).''; print ' '.$langs->trans('Rate').''; print ' '; diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 6a3a0219119..018585f64e6 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -293,15 +293,11 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase if ($val[1] == 'ity' && $val[2] == 'con') { continue; } - //if ($val[2] != 'thi' && $val[2] != 'db-') { - var_dump($matches); - $ok=false; - break; - //} - //if ($reg[0] != 'db') $ok=false; +// $ok=false; + break; } //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; - $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); +// $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); //exit; From 4dc542acad1b3c30110418e67bde59c4a56ed15e Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Mon, 23 Aug 2021 18:29:04 +0200 Subject: [PATCH 069/215] fix: php 8 warning --- htdocs/core/boxes/box_comptes.php | 7 ++++++- htdocs/core/boxes/box_factures_fourn_imp.php | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/htdocs/core/boxes/box_comptes.php b/htdocs/core/boxes/box_comptes.php index 7166ebb713e..f42b7a2ef7c 100644 --- a/htdocs/core/boxes/box_comptes.php +++ b/htdocs/core/boxes/box_comptes.php @@ -122,7 +122,12 @@ class box_comptes extends ModeleBoxes $account_static->accountancy_journal = $objp->accountancy_journal; $solde = $account_static->solde(0); - $solde_total[$objp->currency_code] += $solde; + if (!array_key_exists($objp->currency_code, $solde_total)) { + $solde_total[$objp->currency_code] = $solde; + } else { + $solde_total[$objp->currency_code] += $solde; + } + $this->info_box_contents[$line][] = array( 'td' => '', diff --git a/htdocs/core/boxes/box_factures_fourn_imp.php b/htdocs/core/boxes/box_factures_fourn_imp.php index 9c35055011d..c6ea0e3c20d 100644 --- a/htdocs/core/boxes/box_factures_fourn_imp.php +++ b/htdocs/core/boxes/box_factures_fourn_imp.php @@ -92,6 +92,7 @@ class box_factures_fourn_imp extends ModeleBoxes $sql .= ", f.tva as total_tva"; $sql .= ", f.total_ttc"; $sql .= ", f.paye, f.fk_statut as status, f.type"; + $sql .= ", f.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ",".MAIN_DB_PREFIX."facture_fourn as f"; if (!$user->rights->societe->client->voir && !$user->socid) { From 23829ae637be4454dc9634c63895f1e40b25ef36 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 18:56:46 +0200 Subject: [PATCH 070/215] Cast numeric into on sql request --- .../core/boxes/box_last_modified_ticket.php | 8 +-- htdocs/core/boxes/box_last_ticket.php | 7 +- htdocs/core/boxes/box_project.php | 5 +- htdocs/core/boxes/box_validated_projects.php | 2 +- htdocs/core/class/commoninvoice.class.php | 2 +- htdocs/core/class/commonobject.class.php | 30 ++++----- htdocs/core/class/discount.class.php | 8 +-- htdocs/core/class/html.form.class.php | 12 ++-- htdocs/core/class/html.formcontract.class.php | 2 +- htdocs/core/class/html.formother.class.php | 4 +- htdocs/core/class/html.formprojet.class.php | 2 +- htdocs/core/class/notify.class.php | 2 +- htdocs/core/lib/company.lib.php | 2 +- htdocs/core/lib/project.lib.php | 6 +- htdocs/core/lib/security.lib.php | 2 +- htdocs/core/lib/ticket.lib.php | 2 +- .../modules/facture/doc/pdf_crabe.modules.php | 4 +- .../facture/doc/pdf_sponge.modules.php | 4 +- .../modules/mailings/contacts1.modules.php | 2 +- .../core/modules/mailings/fraise.modules.php | 2 +- .../modules/printing/printgcp.modules.php | 2 +- .../modules/printing/printipp.modules.php | 2 +- .../modules/rapport/pdf_paiement.class.php | 4 +- htdocs/delivery/class/delivery.class.php | 18 +++--- .../eventorganizationindex.php | 4 +- htdocs/expedition/list.php | 2 +- .../class/paymentexpensereport.class.php | 2 +- htdocs/exports/class/export.class.php | 25 ++++---- .../class/fournisseur.commande.class.php | 4 +- htdocs/fourn/commande/index.php | 8 +-- htdocs/fourn/commande/list.php | 2 +- htdocs/fourn/facture/list.php | 6 +- htdocs/hrm/index.php | 4 +- htdocs/install/repair.php | 18 +++--- htdocs/install/upgrade2.php | 11 ++-- .../knowledgemanagementindex.php | 4 +- htdocs/loan/class/paymentloan.class.php | 2 +- .../modulebuilder/template/mymoduleindex.php | 4 +- htdocs/partnership/partnershipindex.php | 4 +- htdocs/product/class/product.class.php | 64 +++++++++---------- htdocs/product/class/productbatch.class.php | 6 +- htdocs/product/price.php | 6 +- .../stock/class/api_warehouses.class.php | 2 +- htdocs/product/stock/replenish.php | 2 +- htdocs/projet/activity/index.php | 12 ++-- htdocs/projet/class/project.class.php | 16 ++--- htdocs/projet/class/projectstats.class.php | 18 +++--- htdocs/projet/class/task.class.php | 10 +-- htdocs/projet/class/taskstats.class.php | 6 +- htdocs/projet/list.php | 4 +- htdocs/projet/tasks/list.php | 4 +- htdocs/recruitment/recruitmentindex.php | 2 +- test/phpunit/CodingPhpTest.php | 5 +- 53 files changed, 198 insertions(+), 193 deletions(-) diff --git a/htdocs/core/boxes/box_last_modified_ticket.php b/htdocs/core/boxes/box_last_modified_ticket.php index 33d2bab0485..57e54594255 100644 --- a/htdocs/core/boxes/box_last_modified_ticket.php +++ b/htdocs/core/boxes/box_last_modified_ticket.php @@ -94,14 +94,14 @@ class box_last_modified_ticket extends ModeleBoxes $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc"; - $sql .= " WHERE t.entity = ".$conf->entity; + $sql .= " WHERE t.entity IN (".getEntity('ticket').')'; // $sql.= " AND e.rowid = er.fk_event"; - //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); if ($user->socid) { - $sql .= " AND t.fk_soc= ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } - $sql .= " ORDER BY t.tms DESC, t.rowid DESC "; + $sql .= " ORDER BY t.tms DESC, t.rowid DESC"; $sql .= $this->db->plimit($max, 0); $resql = $this->db->query($sql); diff --git a/htdocs/core/boxes/box_last_ticket.php b/htdocs/core/boxes/box_last_ticket.php index e08a54f1c87..39086464f73 100644 --- a/htdocs/core/boxes/box_last_ticket.php +++ b/htdocs/core/boxes/box_last_ticket.php @@ -93,12 +93,11 @@ class box_last_ticket extends ModeleBoxes $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_category as category ON category.code=t.category_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc"; - - $sql .= " WHERE t.entity = ".$conf->entity; + $sql .= " WHERE t.entity IN (".getEntity('ticket').")"; // $sql.= " AND e.rowid = er.fk_event"; - //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if ($user->socid) { - $sql .= " AND t.fk_soc= ".$user->socid; + $sql .= " AND t.fk_soc= ".((int) $user->socid); } //$sql.= " AND t.fk_statut > 9"; diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php index 9f1204c4dc4..f14ab699690 100644 --- a/htdocs/core/boxes/box_project.php +++ b/htdocs/core/boxes/box_project.php @@ -136,8 +136,9 @@ class box_project extends ModeleBoxes $sql = "SELECT count(*) as nb, sum(progress) as totprogress"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as p LEFT JOIN ".MAIN_DB_PREFIX."projet_task as pt on pt.fk_projet = p.rowid"; - $sql .= " WHERE p.entity IN (".getEntity('project').')'; - $sql .= " AND p.rowid = ".$objp->rowid; + $sql .= " WHERE p.entity IN (".getEntity('project').')'; + $sql .= " AND p.rowid = ".((int) $objp->rowid); + $resultTask = $this->db->query($sql); if ($resultTask) { $objTask = $this->db->fetch_object($resultTask); diff --git a/htdocs/core/boxes/box_validated_projects.php b/htdocs/core/boxes/box_validated_projects.php index 66a4f76f1b3..f1fb55878aa 100644 --- a/htdocs/core/boxes/box_validated_projects.php +++ b/htdocs/core/boxes/box_validated_projects.php @@ -118,7 +118,7 @@ class box_validated_projects extends ModeleBoxes if ($projectsListId) { $sql .= ' AND p.rowid IN ('.$this->db->sanitize($projectsListId).')'; // Only project we ara allowed } - $sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user =".$user->id.")"; + $sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user = ".((int) $user->id).")"; $sql .= " GROUP BY p.rowid, p.ref, p.fk_soc, p.dateo"; $sql .= " ORDER BY p.dateo ASC"; diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index 81f2b529f1d..605ffec63bd 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -462,7 +462,7 @@ abstract class CommonInvoice extends CommonObject $type = 'supplier_invoice'; } - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index bed73be9d46..fccbfa6ed7f 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1834,7 +1834,7 @@ abstract class CommonObject if (!empty($element)) { $sql .= " AND entity IN (".getEntity($element).")"; } else { - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); } dol_syslog(get_class($this).'::fetchObjectFrom', LOG_DEBUG); @@ -3886,14 +3886,14 @@ abstract class CommonObject $sql = "UPDATE " . MAIN_DB_PREFIX . "element_element SET "; if ($updatesource) { - $sql .= "fk_source = " . $sourceid; + $sql .= "fk_source = " . ((int) $sourceid); $sql .= ", sourcetype = '" . $this->db->escape($sourcetype) . "'"; - $sql .= " WHERE fk_target = " . $this->id; + $sql .= " WHERE fk_target = " . ((int) $this->id); $sql .= " AND targettype = '" . $this->db->escape($this->element) . "'"; } elseif ($updatetarget) { - $sql .= "fk_target = " . $targetid; + $sql .= "fk_target = " . ((int) $targetid); $sql .= ", targettype = '" . $this->db->escape($targettype) . "'"; - $sql .= " WHERE fk_source = " . $this->id; + $sql .= " WHERE fk_source = " . ((int) $this->id); $sql .= " AND sourcetype = '" . $this->db->escape($this->element) . "'"; } @@ -3979,15 +3979,15 @@ abstract class CommonObject $sql .= " rowid = " . ((int) $rowid); } else { if ($deletesource) { - $sql .= " fk_source = " . $sourceid . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'"; - $sql .= " AND fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "'"; + $sql .= " fk_source = " . ((int) $sourceid) . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'"; + $sql .= " AND fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "'"; } elseif ($deletetarget) { - $sql .= " fk_target = " . $targetid . " AND targettype = '" . $this->db->escape($targettype) . "'"; - $sql .= " AND fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "'"; + $sql .= " fk_target = " . ((int) $targetid) . " AND targettype = '" . $this->db->escape($targettype) . "'"; + $sql .= " AND fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "'"; } else { - $sql .= " (fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "')"; + $sql .= " (fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "')"; $sql .= " OR"; - $sql .= " (fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "')"; + $sql .= " (fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "')"; } } @@ -5488,7 +5488,7 @@ abstract class CommonObject $sql = "SELECT rowid, property, lang , value"; $sql .= " FROM ".MAIN_DB_PREFIX."object_lang"; $sql .= " WHERE type_object = '".$this->db->escape($element)."'"; - $sql .= " AND fk_object = ".$this->id; + $sql .= " AND fk_object = ".((int) $this->id); //dol_syslog(get_class($this)."::fetch_optionals get extrafields data for ".$this->table_element, LOG_DEBUG); // Too verbose $resql = $this->db->query($sql); @@ -9248,7 +9248,7 @@ abstract class CommonObject // Delete ecm_files extrafields $sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files_extrafields WHERE fk_object IN ("; $sql .= " SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE filename LIKE '".$this->db->escape($this->ref)."%'"; - $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here + $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here $sql .= ")"; if (!$this->db->query($sql)) { @@ -9260,7 +9260,7 @@ abstract class CommonObject // Delete ecm_files $sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files"; $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%'"; - $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here + $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -9272,7 +9272,7 @@ abstract class CommonObject // Delete in database with mode 1 if ($mode == 1) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files_extrafields"; - $sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id.")"; + $sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id).")"; $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 46658851179..eaf4bc511c8 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -144,7 +144,7 @@ class DiscountAbsolute $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fsup ON sr.fk_invoice_supplier_source = fsup.rowid"; $sql .= " WHERE sr.entity IN (".getEntity('invoice').")"; if ($rowid) { - $sql .= " AND sr.rowid=".((int) $rowid); + $sql .= " AND sr.rowid = ".((int) $rowid); } if ($fk_facture_source) { $sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source); @@ -315,7 +315,7 @@ class DiscountAbsolute $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except"; $sql .= " WHERE (fk_invoice_supplier_line IS NOT NULL"; // Not used as absolute simple discount $sql .= " OR fk_invoice_supplier IS NOT NULL)"; // Not used as credit note and not used as deposit - $sql .= " AND fk_invoice_supplier_source = ".$this->fk_invoice_supplier_source; + $sql .= " AND fk_invoice_supplier_source = ".((int) $this->fk_invoice_supplier_source); //$sql.=" AND rowid != ".$this->id; dol_syslog(get_class($this)."::delete Check if we can remove discount", LOG_DEBUG); @@ -355,7 +355,7 @@ class DiscountAbsolute if ($this->fk_facture_source) { $sql = "UPDATE ".MAIN_DB_PREFIX."facture"; $sql .= " set paye=0, fk_statut=1"; - $sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_facture_source; + $sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_facture_source); dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG); $result = $this->db->query($sql); @@ -370,7 +370,7 @@ class DiscountAbsolute } elseif ($this->fk_invoice_supplier_source) { $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn"; $sql .= " set paye=0, fk_statut=1"; - $sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_invoice_supplier_source; + $sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_invoice_supplier_source); dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 19a53921819..4ff3dacb537 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1663,7 +1663,7 @@ class Form } $sql .= " WHERE sp.entity IN (".getEntity('socpeople').")"; if ($socid > 0 || $socid == -1) { - $sql .= " AND sp.fk_soc=".$socid; + $sql .= " AND sp.fk_soc = ".((int) $socid); } if (!empty($conf->global->CONTACT_HIDE_INACTIVE_IN_COMBOBOX)) { $sql .= " AND sp.statut <> 0"; @@ -2445,13 +2445,13 @@ class Form if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY) || !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) { $sql .= ", (SELECT pp.rowid FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid"; if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) { - $sql .= " AND price_level=".$price_level; + $sql .= " AND price_level = ".((int) $price_level); } $sql .= " ORDER BY date_price"; $sql .= " DESC LIMIT 1) as price_rowid"; $sql .= ", (SELECT pp.price_by_qty FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid"; // price_by_qty is 1 if some prices by qty exists in subtable if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) { - $sql .= " AND price_level=".$price_level; + $sql .= " AND price_level = ".((int) $price_level); } $sql .= " ORDER BY date_price"; $sql .= " DESC LIMIT 1) as price_by_qty"; @@ -2471,7 +2471,7 @@ class Form //Price by customer if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES) && !empty($socid)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".$socid." AND pcp.fk_product=p.rowid"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".((int) $socid)." AND pcp.fk_product=p.rowid"; } // Units if (!empty($conf->global->PRODUCT_USE_UNITS)) { @@ -3461,7 +3461,7 @@ class Form $sql .= " WHERE pfp.entity IN (".getEntity('productsupplierprice').")"; $sql .= " AND p.tobuy = 1"; $sql .= " AND s.fournisseur = 1"; - $sql .= " AND p.rowid = ".$productid; + $sql .= " AND p.rowid = ".((int) $productid); $sql .= " ORDER BY s.nom, pfp.ref_fourn DESC"; dol_syslog(get_class($this)."::select_product_fourn_price", LOG_DEBUG); @@ -8814,7 +8814,7 @@ class Form $sql .= " AND f.fk_projet = p.rowid AND f.fk_statut=0"; //Brouillons seulement //if ($projectsListId) $sql.= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; //if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; - //if ($socid > 0) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; + //if ($socid > 0) $sql.= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)"; $sql .= " ORDER BY p.ref, f.ref ASC"; $resql = $this->db->query($sql); diff --git a/htdocs/core/class/html.formcontract.class.php b/htdocs/core/class/html.formcontract.class.php index eb0f1baaef1..5db615f4654 100644 --- a/htdocs/core/class/html.formcontract.class.php +++ b/htdocs/core/class/html.formcontract.class.php @@ -80,7 +80,7 @@ class FormContract if ($socid > 0) { // CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY is 'all' or a list of ids separated by coma. if (empty($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) { - $sql .= " AND (c.fk_soc=".$socid." OR c.fk_soc IS NULL)"; + $sql .= " AND (c.fk_soc=".((int) $socid)." OR c.fk_soc IS NULL)"; } elseif ($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY != 'all') { $sql .= " AND (c.fk_soc IN (".$this->db->sanitize($socid.", ".$conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY).") "; $sql .= " OR c.fk_soc IS NULL)"; diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index dbeef627375..038f93d34c6 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -494,7 +494,7 @@ class FormOther } if (empty($user->rights->user->user->lire)) { - $sql_usr .= " AND u.rowid = ".$user->id; + $sql_usr .= " AND u.rowid = ".((int) $user->id); } if (!empty($user->socid)) { $sql_usr .= " AND u.fk_soc = ".((int) $user->socid); @@ -521,7 +521,7 @@ class FormOther $sql_usr .= " WHERE u2.entity IN (".getEntity('user').")"; } - $sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc=".$user->socid; + $sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc = ".((int) $user->socid); //Add hook to filter on user (for exemple on usergroup define in custom modules) if (!empty($reshook)) { diff --git a/htdocs/core/class/html.formprojet.class.php b/htdocs/core/class/html.formprojet.class.php index 4177c4237b8..9696dca7183 100644 --- a/htdocs/core/class/html.formprojet.class.php +++ b/htdocs/core/class/html.formprojet.class.php @@ -350,7 +350,7 @@ class FormProjets $sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; } if ($socid > 0) { - $sql .= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; + $sql .= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)"; } $sql .= " ORDER BY p.ref, t.ref ASC"; diff --git a/htdocs/core/class/notify.class.php b/htdocs/core/class/notify.class.php index 557d76b05f1..e865f9bd0e8 100644 --- a/htdocs/core/class/notify.class.php +++ b/htdocs/core/class/notify.class.php @@ -398,7 +398,7 @@ class Notify $sql .= " WHERE n.fk_user = c.rowid AND a.rowid = n.fk_action"; $sql .= " AND c.statut = 1"; if (is_numeric($notifcode)) { - $sql .= " AND n.fk_action = ".$notifcode; // Old usage + $sql .= " AND n.fk_action = ".((int) $notifcode); // Old usage } else { $sql .= " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage } diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 7ada15bcaeb..4b536ccb2ad 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1085,7 +1085,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '') $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople_extrafields as ef on (t.rowid = ef.fk_object)"; $sql .= " WHERE t.fk_soc = ".$object->id; if ($search_status != '' && $search_status != '-1') { - $sql .= " AND t.statut = ".$db->escape($search_status); + $sql .= " AND t.statut = ".((int) $search_status); } if ($search_name) { $sql .= natural_search(array('t.lastname', 't.firstname'), $search_name); diff --git a/htdocs/core/lib/project.lib.php b/htdocs/core/lib/project.lib.php index 93c061310a5..5432ff18095 100644 --- a/htdocs/core/lib/project.lib.php +++ b/htdocs/core/lib/project.lib.php @@ -100,7 +100,7 @@ function project_prepare_head(Project $project) //$sql .= " WHERE t.fk_user = u.rowid AND t.fk_task = pt.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t, ".MAIN_DB_PREFIX."projet_task as pt"; $sql .= " WHERE t.fk_task = pt.rowid"; - $sql .= " AND pt.fk_projet =".$project->id; + $sql .= " AND pt.fk_projet =".((int) $project->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -113,7 +113,7 @@ function project_prepare_head(Project $project) } } - $head[$h][0] = DOL_URL_ROOT.'/projet/tasks/time.php?withproject=1&projectid='.$project->id; + $head[$h][0] = DOL_URL_ROOT.'/projet/tasks/time.php?withproject=1&projectid='.urlencode($project->id); $head[$h][1] = $langs->trans("TimeSpent"); if ($nbTimeSpent > 0) { $head[$h][1] .= '...'; @@ -2407,7 +2407,7 @@ function print_projecttasks_array($db, $form, $socid, $projectsListId, $mytasks if ($mytasks) { $sql .= " AND p.rowid = t.fk_projet"; $sql .= " AND ec.element_id = t.rowid"; - $sql .= " AND ec.fk_socpeople = ".$user->id; + $sql .= " AND ec.fk_socpeople = ".((int) $user->id); $sql .= " AND ec.fk_c_type_contact = ctc.rowid"; // Replace the 2 lines with ec.fk_c_type_contact in $arrayidtypeofcontact $sql .= " AND ctc.element = 'project_task'"; } diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 318cebd0249..b297c81035e 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -754,7 +754,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta $sql = "SELECT COUNT(dbt.".$dbt_keyfield.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql .= " WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).")"; - $sql .= " AND dbt.".$dbt_keyfield." = ".$user->socid; + $sql .= " AND dbt.".$dbt_keyfield." = ".((int) $user->socid); } elseif (!empty($conf->societe->enabled) && !$user->rights->societe->client->voir) { // If internal user: Check permission for internal users that are restricted on their objects if ($feature != 'ticket') { diff --git a/htdocs/core/lib/ticket.lib.php b/htdocs/core/lib/ticket.lib.php index c7eb8ed6cb0..3aededf6a81 100644 --- a/htdocs/core/lib/ticket.lib.php +++ b/htdocs/core/lib/ticket.lib.php @@ -351,7 +351,7 @@ function show_ticket_messaging($conf, $langs, $db, $filterobj, $objcon = '', $no $sql .= " INNER JOIN ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " ON er.resource_type = 'dolresource'"; $sql .= " AND er.element_id = a.id"; - $sql .= " AND er.resource_id = ".$filterobj->id; + $sql .= " AND er.resource_id = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') { $sql .= ", ".MAIN_DB_PREFIX."adherent as m"; } elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') { diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index a01fab1dacf..b172cb3b5cf 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -854,7 +854,7 @@ class pdf_crabe extends ModelePDFFactures $sql .= " re.description, re.fk_facture_source,"; $sql .= " f.type, f.datef"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f"; - $sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".$object->id; + $sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".((int) $object->id); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -914,7 +914,7 @@ class pdf_crabe extends ModelePDFFactures $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id; + $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id); //$sql.= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = 1"; $sql .= " ORDER BY p.datep"; diff --git a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php index 401309c22e5..bc4c536a2e6 100644 --- a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php @@ -1015,7 +1015,7 @@ class pdf_sponge extends ModelePDFFactures $sql .= " re.description, re.fk_facture_source,"; $sql .= " f.type, f.datef"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f"; - $sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".$object->id; + $sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".((int) $object->id); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -1061,7 +1061,7 @@ class pdf_sponge extends ModelePDFFactures $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id; + $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id); //$sql.= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = 1"; $sql .= " ORDER BY p.datep"; diff --git a/htdocs/core/modules/mailings/contacts1.modules.php b/htdocs/core/modules/mailings/contacts1.modules.php index 0ca62392c82..2d41dfd9725 100644 --- a/htdocs/core/modules/mailings/contacts1.modules.php +++ b/htdocs/core/modules/mailings/contacts1.modules.php @@ -395,7 +395,7 @@ class mailing_contacts1 extends MailingTargets $sql .= " AND (SELECT count(*) FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = sp.email) = 0"; // Exclude unsubscribed email adresses $sql .= " AND sp.statut = 1"; - $sql .= " AND sp.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")"; + $sql .= " AND sp.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; // Filter on category if ($filter_category <> 'all') { $sql .= " AND cs.fk_categorie = c.rowid AND cs.fk_socpeople = sp.rowid"; diff --git a/htdocs/core/modules/mailings/fraise.modules.php b/htdocs/core/modules/mailings/fraise.modules.php index 34a5bd34a1e..09445264dc7 100644 --- a/htdocs/core/modules/mailings/fraise.modules.php +++ b/htdocs/core/modules/mailings/fraise.modules.php @@ -252,7 +252,7 @@ class mailing_fraise extends MailingTargets } $sql .= " , ".MAIN_DB_PREFIX."adherent_type as ta"; $sql .= " WHERE a.entity IN (".getEntity('member').") AND a.email <> ''"; // Note that null != '' is false - $sql .= " AND a.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$this->db->escape($mailing_id).")"; + $sql .= " AND a.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; // Filter on status if (GETPOST("filter") == '-1') { $sql .= " AND a.statut=-1"; diff --git a/htdocs/core/modules/printing/printgcp.modules.php b/htdocs/core/modules/printing/printgcp.modules.php index ace8a5da188..ec53b523336 100644 --- a/htdocs/core/modules/printing/printgcp.modules.php +++ b/htdocs/core/modules/printing/printgcp.modules.php @@ -334,7 +334,7 @@ class printing_printgcp extends PrintingDriver $fileprint .= '/'.$file; $mimetype = dol_mimetype($fileprint); // select printer uri for module order, propal,... - $sql = "SELECT rowid, printer_id, copy FROM ".MAIN_DB_PREFIX."printing WHERE module='".$this->db->escape($module)."' AND driver='printgcp' AND userid=".$user->id; + $sql = "SELECT rowid, printer_id, copy FROM ".MAIN_DB_PREFIX."printing WHERE module='".$this->db->escape($module)."' AND driver='printgcp' AND userid=".((int) $user->id); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); diff --git a/htdocs/core/modules/printing/printipp.modules.php b/htdocs/core/modules/printing/printipp.modules.php index b4d4c89b47f..6c4403e2593 100644 --- a/htdocs/core/modules/printing/printipp.modules.php +++ b/htdocs/core/modules/printing/printipp.modules.php @@ -148,7 +148,7 @@ class printing_printipp extends PrintingDriver } // select printer uri for module order, propal,... - $sql = "SELECT rowid,printer_id,copy FROM ".MAIN_DB_PREFIX."printing WHERE module = '".$this->db->escape($module)."' AND driver = 'printipp' AND userid = ".$user->id; + $sql = "SELECT rowid,printer_id,copy FROM ".MAIN_DB_PREFIX."printing WHERE module = '".$this->db->escape($module)."' AND driver = 'printipp' AND userid = ".((int) $user->id); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); diff --git a/htdocs/core/modules/rapport/pdf_paiement.class.php b/htdocs/core/modules/rapport/pdf_paiement.class.php index cfbddcd8206..5904db84398 100644 --- a/htdocs/core/modules/rapport/pdf_paiement.class.php +++ b/htdocs/core/modules/rapport/pdf_paiement.class.php @@ -241,13 +241,13 @@ class pdf_paiement if (!empty($conf->banque->enabled)) { $sql .= " AND p.fk_bank = b.rowid AND b.fk_account = ba.rowid "; } - $sql .= " AND f.entity = ".$conf->entity; + $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'"; if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } // If global param PAYMENTS_FOURN_REPORT_GROUP_BY_MOD is set, payement fourn are ordered by paiement_code if (!empty($conf->global->PAYMENTS_FOURN_REPORT_GROUP_BY_MOD)) { diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php index 18887a99e28..019187fca28 100644 --- a/htdocs/delivery/class/delivery.class.php +++ b/htdocs/delivery/class/delivery.class.php @@ -273,10 +273,10 @@ class Delivery extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."deliverydet (fk_delivery, fk_origin_line,"; $sql .= " fk_product, description, qty)"; - $sql .= " VALUES (".$this->id.",".$origin_id.","; - $sql .= " ".($idprod > 0 ? $idprod : "null").","; + $sql .= " VALUES (".$this->id.",".((int) $origin_id).","; + $sql .= " ".($idprod > 0 ? ((int) $idprod) : "null").","; $sql .= " ".($description ? "'".$this->db->escape($description)."'" : "null").","; - $sql .= $qty.")"; + $sql .= (price2num($qty, 'MS')).")"; dol_syslog(get_class($this)."::create_line", LOG_DEBUG); if (!$this->db->query($sql)) { @@ -412,7 +412,7 @@ class Delivery extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."delivery"; $sql .= " WHERE ref = '".$this->db->escape($numref)."'"; $sql .= " AND fk_statut <> 0"; - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if ($resql) { @@ -453,7 +453,7 @@ class Delivery extends CommonObject if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'expedition/receipt/".$this->db->escape($this->newref)."'"; - $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/receipt/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/receipt/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { $error++; $this->error = $this->db->lasterror(); @@ -641,7 +641,7 @@ class Delivery extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."deliverydet"; - $sql .= " WHERE fk_delivery = ".$this->id; + $sql .= " WHERE fk_delivery = ".((int) $this->id); if ($this->db->query($sql)) { // Delete linked object $res = $this->deleteObjectLinked(); @@ -761,7 +761,7 @@ class Delivery extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd, ".MAIN_DB_PREFIX."deliverydet as ld"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p on p.rowid = ld.fk_product"; $sql .= " WHERE ld.fk_origin_line = cd.rowid"; - $sql .= " AND ld.fk_delivery = ".$this->id; + $sql .= " AND ld.fk_delivery = ".((int) $this->id); dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG); $resql = $this->db->query($sql); @@ -958,8 +958,8 @@ class Delivery extends CommonObject $sql .= " WHERE ld.fk_delivery = l.rowid"; $sql .= " AND ld.fk_origin_line = cd.rowid"; $sql .= " AND cd.fk_".$this->linked_object[0]['type']." = c.rowid"; - $sql .= " AND cd.fk_".$this->linked_object[0]['type']." = ".$this->linked_object[0]['linkid']; - $sql .= " AND ld.fk_origin_line = ".$objSourceLine->rowid; + $sql .= " AND cd.fk_".$this->linked_object[0]['type']." = ".((int) $this->linked_object[0]['linkid']); + $sql .= " AND ld.fk_origin_line = ".((int) $objSourceLine->rowid); $sql .= " GROUP BY ld.fk_origin_line"; $result = $this->db->query($sql); diff --git a/htdocs/eventorganization/eventorganizationindex.php b/htdocs/eventorganization/eventorganizationindex.php index ebeaa11e659..d708883c249 100644 --- a/htdocs/eventorganization/eventorganizationindex.php +++ b/htdocs/eventorganization/eventorganizationindex.php @@ -83,7 +83,7 @@ if (! empty($conf->eventorganization->enabled) && $user->rights->eventorganizati $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); @@ -158,7 +158,7 @@ if (! empty($conf->eventorganization->enabled) && $user->rights->eventorganizati $sql.= " FROM ".MAIN_DB_PREFIX."eventorganization_myobject as s"; //if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")"; - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); //if ($socid) $sql.= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index 3661661d357..fd056a75056 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -326,7 +326,7 @@ if ($search_sale > 0) { } if ($search_user > 0) { // The contact on a shipment is also the contact of the order. - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = eesource.fk_source AND ec.fk_socpeople = ".$db->escape($search_user); + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = eesource.fk_source AND ec.fk_socpeople = ".((int) $search_user); } if ($search_ref_exp) { $sql .= natural_search('e.ref', $search_ref_exp); diff --git a/htdocs/expensereport/class/paymentexpensereport.class.php b/htdocs/expensereport/class/paymentexpensereport.class.php index 6e3e8d34137..48adeab929d 100644 --- a/htdocs/expensereport/class/paymentexpensereport.class.php +++ b/htdocs/expensereport/class/paymentexpensereport.class.php @@ -359,7 +359,7 @@ class PaymentExpenseReport extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_url"; - $sql .= " WHERE type='payment_expensereport' AND url_id=".$this->id; + $sql .= " WHERE type='payment_expensereport' AND url_id=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/exports/class/export.class.php b/htdocs/exports/class/export.class.php index b8960572255..483935c7fdf 100644 --- a/htdocs/exports/class/export.class.php +++ b/htdocs/exports/class/export.class.php @@ -297,20 +297,23 @@ class Export * @param string $TypeField Type of Field to filter * @param string $NameField Name of the field to filter * @param string $ValueField Value of the field for filter. Must not be '' - * @return string sql string of then field ex : "field='xxx'>" + * @return string SQL string of then field ex : "field='xxx'" */ public function build_filterQuery($TypeField, $NameField, $ValueField) { // phpcs:enable + $NameField = checkVal($NameField, 'aZ09'); + $szFilterQuery = ''; + //print $TypeField." ".$NameField." ".$ValueField; $InfoFieldList = explode(":", $TypeField); // build the input field on depend of the type of file switch ($InfoFieldList[0]) { case 'Text': if (!(strpos($ValueField, '%') === false)) { - $szFilterQuery .= " ".$NameField." LIKE '".$ValueField."'"; + $szFilterQuery = " ".$NameField." LIKE '".$this->db->escape($ValueField)."'"; } else { - $szFilterQuery .= " ".$NameField." = '".$ValueField."'"; + $szFilterQuery = " ".$NameField." = '".$this->db->escape($ValueField)."'"; } break; case 'Date': @@ -330,17 +333,17 @@ class Export case 'Duree': break; case 'Numeric': - // si le signe - + // if there is a signe + if (strpos($ValueField, "+") > 0) { // mode plage $ValueArray = explode("+", $ValueField); - $szFilterQuery = "(".$NameField.">=".$ValueArray[0]; - $szFilterQuery .= " AND ".$NameField."<=".$ValueArray[1].")"; + $szFilterQuery = "(".$NameField." >= ".((float) $ValueArray[0]); + $szFilterQuery .= " AND ".$NameField." <= ".((float) $ValueArray[1]).")"; } else { if (is_numeric(substr($ValueField, 0, 1))) { - $szFilterQuery = " ".$NameField."=".$ValueField; + $szFilterQuery = " ".$NameField." = ".((float) $ValueField); } else { - $szFilterQuery = " ".$NameField.substr($ValueField, 0, 1).substr($ValueField, 1); + $szFilterQuery = " ".$NameField.substr($ValueField, 0, 1).((float) substr($ValueField, 1)); } } break; @@ -350,12 +353,12 @@ class Export case 'Status': case 'List': if (is_numeric($ValueField)) { - $szFilterQuery = " ".$NameField."=".$ValueField; + $szFilterQuery = " ".$NameField." = ".((float) $ValueField); } else { if (!(strpos($ValueField, '%') === false)) { - $szFilterQuery = " ".$NameField." LIKE '".$ValueField."'"; + $szFilterQuery = " ".$NameField." LIKE '".$this->db->escape($ValueField)."'"; } else { - $szFilterQuery = " ".$NameField." = '".$ValueField."'"; + $szFilterQuery = " ".$NameField." = '".$this->db->escape($ValueField)."'"; } } break; diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 4605510d539..94015875599 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -2236,7 +2236,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " WHERE cfd.fk_commande = ".$this->id; $sql .= " AND cfd.fk_product = p.rowid"; if ($status >= 0) { - $sql .= " AND cfd.status = ".$status; + $sql .= " AND cfd.status = ".((int) $status); } $sql .= " ORDER BY cfd.rowid ASC"; @@ -2961,7 +2961,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } - $sql .= " ".$clause." co.entity = ".$conf->entity; + $sql .= " ".$clause." co.entity IN (".getEntity('supplier_order').")"; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index 0717c0b74f4..866063382bb 100644 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -287,7 +287,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; -$sql .= " AND c.entity = ".$conf->entity; +$sql .= " AND c.entity IN (".getEntity('supplier_order').")"; //$sql.= " AND c.fk_statut > 2"; if (!empty($socid)) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -350,17 +350,17 @@ if ($resql) { /* * Orders to process -*/ + */ /* $sql = "SELECT c.rowid, c.ref, c.fk_statut, s.nom as name, s.rowid as socid"; $sql.=" FROM ".MAIN_DB_PREFIX."commande_fournisseur as c"; $sql.= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE c.fk_soc = s.rowid"; -$sql.= " AND c.entity = ".$conf->entity; +$sql.= " AND c.entity IN (".getEntity("supplier_order").")"; $sql.= " AND c.fk_statut = 1"; if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); -if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; +if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); $sql.= " ORDER BY c.rowid DESC"; $resql=$db->query($sql); diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index be47df4631d..5d16f779090 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -708,7 +708,7 @@ if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='supplier_order' AND tc.source='internal' AND ec.element_id = cf.rowid AND ec.fk_socpeople = ".$db->escape($search_user); + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='supplier_order' AND tc.source='internal' AND ec.element_id = cf.rowid AND ec.fk_socpeople = ".((int) $search_user); } if ($search_total_ht != '') { $sql .= natural_search('cf.total_ht', $search_total_ht, 1); diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index f6052fceffe..d92cdd8ce05 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -594,7 +594,7 @@ if ($search_label) { $sql .= natural_search('f.libelle', $search_label); } if ($search_categ_sup > 0) { - $sql .= " AND cs.fk_categorie = ".$db->escape($search_categ_sup); + $sql .= " AND cs.fk_categorie = ".((int) $search_categ_sup); } if ($search_categ_sup == -2) { $sql .= " AND cs.fk_categorie IS NULL"; @@ -606,14 +606,14 @@ if ($filter && $filter != -1) { $aFilter = explode(',', $filter); foreach ($aFilter as $fil) { $filt = explode(':', $fil); - $sql .= ' AND '.$db->escape(trim($filt[0])).' = '.$db->escape(trim($filt[1])); + $sql .= ' AND '.$db->escape(trim($filt[0]))." = '".$db->escape(trim($filt[1]))."'"; } } if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='invoice_supplier' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".$search_user; + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='invoice_supplier' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".((int) $search_user); } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/hrm/index.php b/htdocs/hrm/index.php index ca02c1d776a..68bcd78636b 100644 --- a/htdocs/hrm/index.php +++ b/htdocs/hrm/index.php @@ -189,7 +189,7 @@ if (!empty($conf->holiday->enabled) && $user->rights->holiday->read) { if (empty($user->rights->holiday->readall)) { $sql .= ' AND x.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } - //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); //if (!empty($socid)) $sql.= " AND x.fk_soc = ".((int) $socid); $sql .= $db->order("x.tms", "DESC"); $sql .= $db->plimit($max, 0); @@ -270,7 +270,7 @@ if (!empty($conf->expensereport->enabled) && $user->rights->expensereport->lire) if (empty($user->rights->expensereport->readall) && empty($user->rights->expensereport->lire_tous)) { $sql .= ' AND x.fk_user_author IN ('.$db->sanitize(join(',', $childids)).')'; } - //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); //if (!empty($socid)) $sql.= " AND x.fk_soc = ".((int) $socid); $sql .= $db->order("x.tms", "DESC"); $sql .= $db->plimit($max, 0); diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index ed4fb8dab13..5cfe9f66846 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -366,20 +366,20 @@ if ($ok && GETPOST('standard', 'alpha')) { $sql2 = "SELECT COUNT(*) as nb"; $sql2 .= " FROM ".MAIN_DB_PREFIX."const as c"; $sql2 .= " WHERE name = 'MAIN_MODULE_".$name."'"; - $sql2 .= " AND entity = ".$obj->entity; + $sql2 .= " AND entity = ".((int) $obj->entity); $resql2 = $db->query($sql2); if ($resql2) { $obj2 = $db->fetch_object($resql2); if ($obj2 && $obj2->nb == 0) { // Module not found, so we can remove entry - $sqldelete = "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$db->escape($obj->name)."' AND entity = ".$obj->entity; + $sqldelete = "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$db->escape($obj->name)."' AND entity = ".((int) $obj->entity); if (GETPOST('standard', 'alpha') == 'confirmed') { $db->query($sqldelete); - print 'Widget '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module '.$name.' not enabled in entity '.$obj->entity.', we delete record'; + print 'Widget '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module '.$name.' not enabled in entity '.((int) $obj->entity).', we delete record'; } else { - print 'Widget '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module '.$name.' not enabled in entity '.$obj->entity.', we should delete record (not done, mode test)'; + print 'Widget '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module '.$name.' not enabled in entity '.((int) $obj->entity).', we should delete record (not done, mode test)'; } } else { //print 'Constant '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module found in entity '.$obj->entity.', we keep record'; @@ -424,23 +424,23 @@ if ($ok && GETPOST('standard', 'alpha')) { $sql2 = "SELECT COUNT(*) as nb"; $sql2 .= " FROM ".MAIN_DB_PREFIX."const as c"; $sql2 .= " WHERE name = 'MAIN_MODULE_".strtoupper($module)."'"; - $sql2 .= " AND entity = ".$obj->entity; + $sql2 .= " AND entity = ".((int) $obj->entity); $sql2 .= " AND value <> 0"; $resql2 = $db->query($sql2); if ($resql2) { $obj2 = $db->fetch_object($resql2); if ($obj2 && $obj2->nb == 0) { // Module not found, so we canremove entry - $sqldeletea = "DELETE FROM ".MAIN_DB_PREFIX."boxes WHERE entity = ".$obj->entity." AND box_id IN (SELECT rowid FROM ".MAIN_DB_PREFIX."boxes_def WHERE file = '".$db->escape($obj->file)."' AND entity = ".$obj->entity.")"; - $sqldeleteb = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def WHERE file = '".$db->escape($obj->file)."' AND entity = ".$obj->entity; + $sqldeletea = "DELETE FROM ".MAIN_DB_PREFIX."boxes WHERE entity = ".((int) $obj->entity)." AND box_id IN (SELECT rowid FROM ".MAIN_DB_PREFIX."boxes_def WHERE file = '".$db->escape($obj->file)."' AND entity = ".((int) $obj->entity).")"; + $sqldeleteb = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def WHERE file = '".$db->escape($obj->file)."' AND entity = ".((int) $obj->entity); if (GETPOST('standard', 'alpha') == 'confirmed') { $db->query($sqldeletea); $db->query($sqldeleteb); - print 'Constant '.$obj->file.' set in boxes_def for entity '.$obj->entity.' but MAIN_MODULE_'.strtoupper($module).' not defined in entity '.$obj->entity.', we delete record'; + print 'Constant '.$obj->file.' set in boxes_def for entity '.$obj->entity.' but MAIN_MODULE_'.strtoupper($module).' not defined in entity '.((int) $obj->entity).', we delete record'; } else { - print 'Constant '.$obj->file.' set in boxes_def for entity '.$obj->entity.' but MAIN_MODULE_'.strtoupper($module).' not defined in entity '.$obj->entity.', we should delete record (not done, mode test)'; + print 'Constant '.$obj->file.' set in boxes_def for entity '.$obj->entity.' but MAIN_MODULE_'.strtoupper($module).' not defined in entity '.((int) $obj->entity).', we should delete record (not done, mode test)'; } } else { //print 'Constant '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module found in entity '.$obj->entity.', we keep record'; diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index 6b0b9c69134..83be835b64a 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -790,7 +790,7 @@ function migrate_paiements_orphelins_1($db, $langs, $conf) // On cherche facture sans lien paiement et du meme montant et pour meme societe. $sql = " SELECT distinct f.rowid from ".MAIN_DB_PREFIX."facture as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture"; - $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".$row[$i]['pamount']; + $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".((float) $row[$i]['pamount']); $sql .= " AND pf.fk_facture IS NULL"; $sql .= " ORDER BY f.fk_statut"; //print $sql.'
'; @@ -803,7 +803,7 @@ function migrate_paiements_orphelins_1($db, $langs, $conf) $facid = $obj->rowid; $sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)"; - $sql .= " VALUES (".$facid.",".$row[$i]['paymentid'].",".$row[$i]['pamount'].")"; + $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).",".$row[$i]['pamount'].")"; $res += $db->query($sql); @@ -895,13 +895,13 @@ function migrate_paiements_orphelins_2($db, $langs, $conf) $res = 0; for ($i = 0; $i < $num; $i++) { if ($conf->global->MAIN_FEATURES_LEVEL == 2) { - print '* '.$row[$i]['datec'].' paymentid='.$row[$i]['paymentid'].' '.$row[$i]['pamount'].' fk_bank='.$row[$i]['fk_bank'].' '.$row[$i]['bamount'].' socid='.$row[$i]['socid'].'
'; + print '* '.$row[$i]['datec'].' paymentid='.$row[$i]['paymentid'].' pamount='.$row[$i]['pamount'].' fk_bank='.$row[$i]['fk_bank'].' '.$row[$i]['bamount'].' socid='.$row[$i]['socid'].'
'; } // On cherche facture sans lien paiement et du meme montant et pour meme societe. $sql = " SELECT distinct f.rowid from ".MAIN_DB_PREFIX."facture as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture"; - $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".$row[$i]['pamount']; + $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".((float) $row[$i]['pamount']); $sql .= " AND pf.fk_facture IS NULL"; $sql .= " ORDER BY f.fk_statut"; //print $sql.'
'; @@ -914,7 +914,8 @@ function migrate_paiements_orphelins_2($db, $langs, $conf) $facid = $obj->rowid; $sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)"; - $sql .= " VALUES (".$facid.",".$row[$i]['paymentid'].",".$row[$i]['pamount'].")"; + $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).",".$row[$i]['pamount'].")"; + $res += $db->query($sql); print $langs->trans('MigrationProcessPaymentUpdate', 'facid='.$facid.'-paymentid='.$row[$i]['paymentid'].'-amount='.$row[$i]['pamount'])."
\n"; diff --git a/htdocs/knowledgemanagement/knowledgemanagementindex.php b/htdocs/knowledgemanagement/knowledgemanagementindex.php index adb7052316f..d9b1f07e6e0 100644 --- a/htdocs/knowledgemanagement/knowledgemanagementindex.php +++ b/htdocs/knowledgemanagement/knowledgemanagementindex.php @@ -84,7 +84,7 @@ if (! empty($conf->knowledgemanagement->enabled) && $user->rights->knowledgemana $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); @@ -158,7 +158,7 @@ if (! empty($conf->knowledgemanagement->enabled) && $user->rights->knowledgemana $sql.= " FROM ".MAIN_DB_PREFIX."knowledgemanagement_myobject as s"; //if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")"; - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); //if ($socid) $sql.= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/loan/class/paymentloan.class.php b/htdocs/loan/class/paymentloan.class.php index fd4dbf42081..8139e25c87c 100644 --- a/htdocs/loan/class/paymentloan.class.php +++ b/htdocs/loan/class/paymentloan.class.php @@ -389,7 +389,7 @@ class PaymentLoan extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_url"; - $sql .= " WHERE type='payment_loan' AND url_id=".$this->id; + $sql .= " WHERE type='payment_loan' AND url_id=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/modulebuilder/template/mymoduleindex.php b/htdocs/modulebuilder/template/mymoduleindex.php index 990a6d91bfa..c0c98d88e8f 100644 --- a/htdocs/modulebuilder/template/mymoduleindex.php +++ b/htdocs/modulebuilder/template/mymoduleindex.php @@ -112,7 +112,7 @@ if (! empty($conf->mymodule->enabled) && $user->rights->mymodule->read) $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); @@ -187,7 +187,7 @@ if (! empty($conf->mymodule->enabled) && $user->rights->mymodule->read) $sql.= " FROM ".MAIN_DB_PREFIX."mymodule_myobject as s"; //if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")"; - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); //if ($socid) $sql.= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/partnership/partnershipindex.php b/htdocs/partnership/partnershipindex.php index 264134c67d9..f1a9f8c507b 100644 --- a/htdocs/partnership/partnershipindex.php +++ b/htdocs/partnership/partnershipindex.php @@ -83,7 +83,7 @@ if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) { $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); @@ -146,7 +146,7 @@ if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) { $sql.= " FROM ".MAIN_DB_PREFIX."partnership_myobject as s"; //if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")"; - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); //if ($socid) $sql.= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index ae925e8824b..bb80dcba862 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -763,7 +763,7 @@ class Product extends CommonObject // update accountancy for this entity if (!$error && !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = " . $this->id . " AND entity = " . $conf->entity); + $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = " .((int) $this->id) . " AND entity = " . ((int) $conf->entity)); $sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_perentity ("; $sql .= " fk_product"; @@ -1044,7 +1044,7 @@ class Product extends CommonObject foreach ($ObjW->detail_batch as $detail) { // Each lines of detail in product_batch of the current $ObjW = product_stock if ($detail->batch == $valueforundefinedlot || $detail->batch == 'Undefined') { // We discard this line, we will create it later - $sqlclean = "DELETE FROM ".MAIN_DB_PREFIX."product_batch WHERE batch in('Undefined', '".$this->db->escape($valueforundefinedlot)."') AND fk_product_stock = ".$ObjW->id; + $sqlclean = "DELETE FROM ".MAIN_DB_PREFIX."product_batch WHERE batch in('Undefined', '".$this->db->escape($valueforundefinedlot)."') AND fk_product_stock = ".((int) $ObjW->id); $result = $this->db->query($sqlclean); if (!$result) { dol_print_error($this->db); @@ -1163,7 +1163,7 @@ class Product extends CommonObject // update accountancy for this entity if (!$error && !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = " . $this->id . " AND entity = " . $conf->entity); + $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = " . ((int) $this->id) . " AND entity = " . ((int) $conf->entity)); $sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_perentity ("; $sql .= " fk_product"; @@ -1311,7 +1311,7 @@ class Product extends CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX.'product_batch'; $sql .= " WHERE fk_product_stock IN ("; $sql .= "SELECT rowid FROM ".MAIN_DB_PREFIX.'product_stock'; - $sql .= " WHERE fk_product = ".(int) $this->id.")"; + $sql .= " WHERE fk_product = ".((int) $this->id).")"; $result = $this->db->query($sql); if (!$result) { @@ -2544,7 +2544,7 @@ class Product extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; $sql .= " WHERE entity IN (".getEntity('productprice').")"; $sql .= " AND price_level=".((int) $i); - $sql .= " AND fk_product = ".$this->id; + $sql .= " AND fk_product = ".((int) $this->id); $sql .= " ORDER BY date_price DESC, rowid DESC"; $sql .= " LIMIT 1"; $resql = $this->db->query($sql); @@ -2652,7 +2652,7 @@ class Product extends CommonObject $sql .= " WHERE "; $sql .= " c.entity IN (".getEntity('mo').")"; - $sql .= " AND mp.fk_product =".$this->id; + $sql .= " AND mp.fk_product = ".((int) $this->id); $sql .= " AND mp.role ='".$this->db->escape($role)."'"; if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -2775,7 +2775,7 @@ class Product extends CommonObject $sql .= " WHERE p.rowid = pd.fk_propal"; $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; - $sql .= " AND pd.fk_product = ".$this->id; + $sql .= " AND pd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid) { $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -2850,7 +2850,7 @@ class Product extends CommonObject $sql .= " WHERE p.rowid = pd.fk_supplier_proposal"; $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; - $sql .= " AND pd.fk_product = ".$this->id; + $sql .= " AND pd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid) { $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -2906,7 +2906,7 @@ class Product extends CommonObject $sql .= " WHERE c.rowid = cd.fk_commande"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'commande').")"; - $sql .= " AND cd.fk_product = ".$this->id; + $sql .= " AND cd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -3008,7 +3008,7 @@ class Product extends CommonObject $sql .= " WHERE c.rowid = cd.fk_commande"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'supplier_order').")"; - $sql .= " AND cd.fk_product = ".$this->id; + $sql .= " AND cd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -3070,7 +3070,7 @@ class Product extends CommonObject $sql .= " AND e.fk_soc = s.rowid"; $sql .= " AND e.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'expedition').")"; $sql .= " AND ed.fk_origin_line = cd.rowid"; - $sql .= " AND cd.fk_product = ".$this->id; + $sql .= " AND cd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { $sql .= " AND e.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -3151,7 +3151,7 @@ class Product extends CommonObject $sql .= " WHERE cf.rowid = fd.fk_commande"; $sql .= " AND cf.fk_soc = s.rowid"; $sql .= " AND cf.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'supplier_order').")"; - $sql .= " AND fd.fk_product = ".$this->id; + $sql .= " AND fd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { $sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -3207,7 +3207,7 @@ class Product extends CommonObject } $sql .= " WHERE m.rowid = mp.fk_mo"; $sql .= " AND m.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'mrp').")"; - $sql .= " AND mp.fk_product = ".$this->id; + $sql .= " AND mp.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { $sql .= " AND m.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -3301,7 +3301,7 @@ class Product extends CommonObject $sql .= " WHERE c.rowid = cd.fk_contrat"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('contract').")"; - $sql .= " AND cd.fk_product = ".$this->id; + $sql .= " AND cd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid) { $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -3375,7 +3375,7 @@ class Product extends CommonObject $sql .= " WHERE f.rowid = fd.fk_facture"; $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; - $sql .= " AND fd.fk_product = ".$this->id; + $sql .= " AND fd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid) { $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -3449,7 +3449,7 @@ class Product extends CommonObject $sql .= " WHERE f.rowid = fd.fk_facture_fourn"; $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; - $sql .= " AND fd.fk_product = ".$this->id; + $sql .= " AND fd.fk_product = ".((int) $this->id); if (empty($user->rights->societe->client->voir) && !$socid) { $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -3580,7 +3580,7 @@ class Product extends CommonObject } $sql .= " WHERE f.rowid = d.fk_facture"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3633,7 +3633,7 @@ class Product extends CommonObject } $sql .= " WHERE f.rowid = d.fk_facture_fourn"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3684,7 +3684,7 @@ class Product extends CommonObject } $sql .= " WHERE p.rowid = d.fk_propal"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3736,7 +3736,7 @@ class Product extends CommonObject } $sql .= " WHERE p.rowid = d.fk_supplier_proposal"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3787,7 +3787,7 @@ class Product extends CommonObject } $sql .= " WHERE c.rowid = d.fk_commande"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3838,7 +3838,7 @@ class Product extends CommonObject } $sql .= " WHERE c.rowid = d.fk_commande"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3892,7 +3892,7 @@ class Product extends CommonObject $sql .= " AND c.rowid = d.fk_contrat"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -3946,7 +3946,7 @@ class Product extends CommonObject $sql .= " AND d.status > 0"; if ($this->id > 0) { - $sql .= " AND d.fk_product =".$this->id; + $sql .= " AND d.fk_product = ".((int) $this->id); } else { $sql .= " AND d.fk_product > 0"; } @@ -4246,8 +4246,8 @@ class Product extends CommonObject $sql = "SELECT DISTINCT p.fk_soc"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as p"; - $sql .= " WHERE p.fk_product = ".$this->id; - $sql .= " AND p.entity = ".$conf->entity; + $sql .= " WHERE p.fk_product = ".((int) $this->id); + $sql .= " AND p.entity = ".((int) $conf->entity); $result = $this->db->query($sql); if ($result) { @@ -4530,11 +4530,11 @@ class Product extends CommonObject $sql = "SELECT COUNT(pa.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."product_association as pa"; if ($mode == 0) { - $sql .= " WHERE pa.fk_product_fils = ".$this->id." OR pa.fk_product_pere = ".$this->id; + $sql .= " WHERE pa.fk_product_fils = ".((int) $this->id)." OR pa.fk_product_pere = ".((int) $this->id); } elseif ($mode == -1) { - $sql .= " WHERE pa.fk_product_fils = ".$this->id; // We are a child, so we found lines that link to parents (can have several parents) + $sql .= " WHERE pa.fk_product_fils = ".((int) $this->id); // We are a child, so we found lines that link to parents (can have several parents) } elseif ($mode == 1) { - $sql .= " WHERE pa.fk_product_pere = ".$this->id; // We are a parent, so we found lines that link to children (can have several children) + $sql .= " WHERE pa.fk_product_pere = ".((int) $this->id); // We are a parent, so we found lines that link to children (can have several children) } $resql = $this->db->query($sql); @@ -4613,7 +4613,7 @@ class Product extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."product_association as pa,"; $sql .= " ".MAIN_DB_PREFIX."product as p"; $sql .= " WHERE p.rowid = pa.fk_product_pere"; - $sql .= " AND pa.fk_product_fils = ".$this->id; + $sql .= " AND pa.fk_product_fils = ".((int) $this->id); $res = $this->db->query($sql); if ($res) { @@ -5189,7 +5189,7 @@ class Product extends CommonObject $sql .= ", ".MAIN_DB_PREFIX."entrepot as w"; $sql .= " WHERE w.entity IN (".getEntity('stock').")"; $sql .= " AND w.rowid = ps.fk_entrepot"; - $sql .= " AND ps.fk_product = ".$this->id; + $sql .= " AND ps.fk_product = ".((int) $this->id); if (count($warehouseStatus)) { $sql .= " AND w.statut IN (".$this->db->sanitize(implode(',', $warehouseStatus)).")"; } @@ -5350,7 +5350,7 @@ class Product extends CommonObject $result = array(); $sql = "SELECT pb.batch, pb.eatby, pb.sellby, SUM(pb.qty) AS qty FROM ".MAIN_DB_PREFIX."product_batch as pb, ".MAIN_DB_PREFIX."product_stock as ps"; - $sql .= " WHERE pb.fk_product_stock = ps.rowid AND ps.fk_product = ".$this->id." AND pb.batch = '".$this->db->escape($batch)."'"; + $sql .= " WHERE pb.fk_product_stock = ps.rowid AND ps.fk_product = ".((int) $this->id)." AND pb.batch = '".$this->db->escape($batch)."'"; $sql .= " GROUP BY pb.batch, pb.eatby, pb.sellby"; dol_syslog(get_class($this)."::loadBatchInfo load first entry found for lot/serial = ".$batch, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/productbatch.class.php b/htdocs/product/class/productbatch.class.php index 4408afd9ff1..f7f604b5399 100644 --- a/htdocs/product/class/productbatch.class.php +++ b/htdocs/product/class/productbatch.class.php @@ -530,12 +530,12 @@ class Productbatch extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_batch AS pb ON pl.batch = pb.batch"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock AS ps ON ps.rowid = pb.fk_product_stock"; $sql .= " WHERE p.entity IN (".getEntity('product').")"; - $sql .= " AND pl.fk_product = ".$fk_product; + $sql .= " AND pl.fk_product = ".((int) $fk_product); if ($fk_warehouse > 0) { - $sql .= " AND ps.fk_entrepot = ".$fk_warehouse; + $sql .= " AND ps.fk_entrepot = ".((int) $fk_warehouse); } if ($qty_min !== null) { - $sql .= " AND pb.qty > ".$qty_min; + $sql .= " AND pb.qty > ".((float) price2num($qty_min, 'MS')); } $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 03867bb65e9..13f946df9a4 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -304,7 +304,7 @@ if (empty($reshook)) { $sql = "SELECT t.rowid, t.code, t.recuperableonly, t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c"; $sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($mysoc->country_code)."'"; - $sql .= " AND t.taux = ".$tva_tx." AND t.active = 1"; + $sql .= " AND t.taux = ".((float) $tva_tx)." AND t.active = 1"; $sql .= " AND t.code ='".$db->escape($vatratecode)."'"; $resql = $db->query($sql); if ($resql) { @@ -527,7 +527,7 @@ if (empty($reshook)) { $sql = "SELECT t.rowid, t.code, t.recuperableonly, t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c"; $sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($mysoc->country_code)."'"; - $sql .= " AND t.taux = ".$tva_tx." AND t.active = 1"; + $sql .= " AND t.taux = ".((float) $tva_tx)." AND t.active = 1"; $sql .= " AND t.code ='".$db->escape($vatratecode)."'"; $resql = $db->query($sql); if ($resql) { @@ -620,7 +620,7 @@ if (empty($reshook)) { $sql = "SELECT t.rowid, t.code, t.recuperableonly, t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c"; $sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($mysoc->country_code)."'"; - $sql .= " AND t.taux = ".$tva_tx." AND t.active = 1"; + $sql .= " AND t.taux = ".((float) $tva_tx)." AND t.active = 1"; $sql .= " AND t.code ='".$db->escape($vatratecode)."'"; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/product/stock/class/api_warehouses.class.php b/htdocs/product/stock/class/api_warehouses.class.php index 806114b73ec..3bddbaff8f9 100644 --- a/htdocs/product/stock/class/api_warehouses.class.php +++ b/htdocs/product/stock/class/api_warehouses.class.php @@ -111,7 +111,7 @@ class Warehouses extends DolibarrApi $sql .= ' WHERE t.entity IN ('.getEntity('stock').')'; // Select warehouses of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category); + $sql .= " AND c.fk_categorie = ".((int) $category); $sql .= " AND c.fk_warehouse = t.rowid "; } // Add sql filters diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 824d667e934..935103ec2fa 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -229,7 +229,7 @@ if ($action == 'order' && GETPOST('valid')) { // Check if an order for the supplier exists $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " WHERE fk_soc = ".((int) $suppliersid[$i]); - $sql .= " AND source = ".((int) $order::SOURCE_ID_REPLENISHMENT)." AND fk_statut = ".$order::STATUS_DRAFT; + $sql .= " AND source = ".((int) $order::SOURCE_ID_REPLENISHMENT)." AND fk_statut = ".((int) $order::STATUS_DRAFT); $sql .= " AND entity IN (".getEntity('commande_fournisseur').")"; $sql .= " ORDER BY date_creation DESC"; $resql = $db->query($sql); diff --git a/htdocs/projet/activity/index.php b/htdocs/projet/activity/index.php index eb9985b4de5..bdce4353faf 100644 --- a/htdocs/projet/activity/index.php +++ b/htdocs/projet/activity/index.php @@ -122,7 +122,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql .= ", ".MAIN_DB_PREFIX."projet_task as t"; $sql .= ", ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql .= " WHERE t.fk_projet = p.rowid"; -$sql .= " AND p.entity = ".$conf->entity; +$sql .= " AND p.entity = ".((int) $conf->entity); $sql .= " AND tt.fk_task = t.rowid"; $sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND task_date BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $month, $day, $year))."' AND '".$db->idate(dol_mktime(23, 59, 59, $month, $day, $year))."'"; @@ -175,7 +175,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql .= ", ".MAIN_DB_PREFIX."projet_task as t"; $sql .= ", ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql .= " WHERE t.fk_projet = p.rowid"; -$sql .= " AND p.entity = ".$conf->entity; +$sql .= " AND p.entity = ".((int) $conf->entity); $sql .= " AND tt.fk_task = t.rowid"; $sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND task_date BETWEEN '".$db->idate(dol_time_plus_duree(dol_mktime(0, 0, 0, $month, $day, $year), -1, 'd'))."' AND '".$db->idate(dol_time_plus_duree(dol_mktime(23, 59, 59, $month, $day, $year), -1, 'd'))."'"; @@ -231,7 +231,7 @@ if ($db->type != 'pgsql') $sql.= " , ".MAIN_DB_PREFIX."projet_task as t"; $sql.= " , ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql.= " WHERE t.fk_projet = p.rowid"; - $sql.= " AND p.entity = ".$conf->entity; + $sql.= " AND p.entity = ".((int) $conf->entity); $sql.= " AND tt.fk_task = t.rowid"; $sql.= " AND tt.fk_user = ".((int) $user->id); $sql.= " AND task_date >= '".$db->idate(dol_get_first_day($year, $month)).'" AND ..."; @@ -287,7 +287,7 @@ if (!empty($conf->global->PROJECT_TASK_TIME_MONTH)) { $sql .= ", ".MAIN_DB_PREFIX."projet_task as t"; $sql .= ", ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql .= " WHERE t.fk_projet = p.rowid"; - $sql .= " AND p.entity = ".$conf->entity; + $sql .= " AND p.entity = ".((int) $conf->entity); $sql .= " AND tt.fk_task = t.rowid"; $sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND task_date BETWEEN '".$db->idate(dol_get_first_day($year, $month))."' AND '".$db->idate(dol_get_last_day($year, $month))."'"; @@ -333,7 +333,7 @@ if (!empty($conf->global->PROJECT_TASK_TIME_YEAR)) { $sql .= ", ".MAIN_DB_PREFIX."projet_task as t"; $sql .= ", ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql .= " WHERE t.fk_projet = p.rowid"; - $sql .= " AND p.entity = ".$conf->entity; + $sql .= " AND p.entity = ".((int) $conf->entity); $sql .= " AND tt.fk_task = t.rowid"; $sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND YEAR(task_date) = '".strftime("%Y", $now)."'"; @@ -422,7 +422,7 @@ if (empty($conf->global->PROJECT_HIDE_TASKS) && !empty($conf->global->PROJECT_SH $sql .= " AND p.rowid IN (".$db->sanitize($projectsListId).")"; // project i have permission on } if ($mine) { // this may duplicate record if we are contact twice - $sql .= " AND ect.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listoftaskcontacttype))).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".$user->id; + $sql .= " AND ect.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listoftaskcontacttype))).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".((int) $user->id); } if ($socid) { $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 3d5c89b9dc7..60928ccd23f 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -947,7 +947,7 @@ class Project extends CommonObject } elseif ($type == 'expensereport') { $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".((int) $this->id); } elseif ($type == 'project_task') { - $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt WHERE pt.fk_projet = ".$this->id; + $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt WHERE pt.fk_projet = ".((int) $this->id); } elseif ($type == 'project_task_time') { // Case we want to duplicate line foreach user $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet = ".((int) $this->id); } elseif ($type == 'stock_mouvement') { @@ -1027,8 +1027,8 @@ class Project extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."projet"; $sql .= " SET fk_statut = 1"; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); dol_syslog(get_class($this)."::setValid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1432,13 +1432,13 @@ class Project extends CommonObject if ($mode == 0) { $sql .= " AND ( p.public = 1"; $sql .= " OR ( ec.fk_c_type_contact IN (".$this->db->sanitize(join(',', array_keys($listofprojectcontacttype))).")"; - $sql .= " AND ec.fk_socpeople = ".$user->id.")"; + $sql .= " AND ec.fk_socpeople = ".((int) $user->id).")"; $sql .= " )"; } elseif ($mode == 1) { $sql .= " AND ec.element_id = p.rowid"; $sql .= " AND ("; $sql .= " ( ec.fk_c_type_contact IN (".$this->db->sanitize(join(',', array_keys($listofprojectcontacttype))).")"; - $sql .= " AND ec.fk_socpeople = ".$user->id.")"; + $sql .= " AND ec.fk_socpeople = ".((int) $user->id).")"; $sql .= " )"; } elseif ($mode == 2) { // No filter. Use this if user has permission to see all project @@ -1886,7 +1886,7 @@ class Project extends CommonObject $sql = "SELECT ptt.rowid as taskid, ptt.task_duration, ptt.task_date, ptt.task_datehour, ptt.fk_task"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time AS ptt, ".MAIN_DB_PREFIX."projet_task as pt"; $sql .= " WHERE ptt.fk_task = pt.rowid"; - $sql .= " AND pt.fk_projet = ".$this->id; + $sql .= " AND pt.fk_projet = ".((int) $this->id); $sql .= " AND (ptt.task_date >= '".$this->db->idate($datestart)."' "; $sql .= " AND ptt.task_date <= '".$this->db->idate(dol_time_plus_duree($datestart, 1, 'w') - 1)."')"; if ($taskid) { @@ -1949,7 +1949,7 @@ class Project extends CommonObject $sql = "SELECT ptt.rowid as taskid, ptt.task_duration, ptt.task_date, ptt.task_datehour, ptt.fk_task"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time AS ptt, ".MAIN_DB_PREFIX."projet_task as pt"; $sql .= " WHERE ptt.fk_task = pt.rowid"; - $sql .= " AND pt.fk_projet = ".$this->id; + $sql .= " AND pt.fk_projet = ".((int) $this->id); $sql .= " AND (ptt.task_date >= '".$this->db->idate($datestart)."' "; $sql .= " AND ptt.task_date <= '".$this->db->idate(dol_time_plus_duree($datestart, 1, 'm') - 1)."')"; if ($task_id) { @@ -2027,7 +2027,7 @@ class Project extends CommonObject // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; // For external user, no check is done on company permission because readability is managed by public status of project and assignement. - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; //print $sql; $resql = $this->db->query($sql); diff --git a/htdocs/projet/class/projectstats.class.php b/htdocs/projet/class/projectstats.class.php index 1845e303704..f437c8a5e10 100644 --- a/htdocs/projet/class/projectstats.class.php +++ b/htdocs/projet/class/projectstats.class.php @@ -64,13 +64,13 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t"; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->socid) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= ", ".MAIN_DB_PREFIX."c_lead_status as cls"; $sql .= $this->buildWhere(); // For external user, no check is done on company permission because readability is managed by public status of project and assignement. //if ($socid > 0) $sql.= " AND t.fk_soc = ".((int) $socid); // No check is done on company permission because readability is managed by public status of project and assignement. - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; $sql .= " AND t.fk_opp_status = cls.rowid"; $sql .= " AND t.fk_statut <> 0"; // We want historic also, so all projects not draft $sql .= " GROUP BY t.fk_opp_status, cls.code, cls.label"; @@ -130,12 +130,12 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t LEFT JOIN ".MAIN_DB_PREFIX."c_lead_status as cls ON cls.rowid = t.fk_opp_status"; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->soc_id) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= $this->buildWhere(); // For external user, no check is done on company permission because readability is managed by public status of project and assignement. //if ($socid > 0) $sql.= " AND t.fk_soc = ".((int) $socid); // No check is done on company permission because readability is managed by public status of project and assignement. - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; $sql .= " GROUP BY year"; $sql .= $this->db->order('year', 'DESC'); @@ -211,7 +211,7 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t"; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->soc_id) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -240,7 +240,7 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t"; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->soc_id) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -358,7 +358,7 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t LEFT JOIN ".MAIN_DB_PREFIX.'c_lead_status as cls ON t.fk_opp_status = cls.rowid'; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->soc_id) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -470,7 +470,7 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t"; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->soc_id) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -483,7 +483,7 @@ class ProjectStats extends Stats $sql .= " FROM ".MAIN_DB_PREFIX."projet as t"; // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $user->soc_id) - // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user = ".((int) $user->id); $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 9a80eb060e9..8ea6d0c78a3 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -1044,10 +1044,10 @@ class Task extends CommonObject $sql .= ", ".MAIN_DB_PREFIX."c_type_contact as ctc"; $sql .= " WHERE pt.rowid = ec.element_id"; if ($userp && $filteronprojstatus > -1) { - $sql .= " AND pt.fk_statut = ".$filteronprojstatus; + $sql .= " AND pt.fk_statut = ".((int) $filteronprojstatus); } if ($usert && $filteronprojstatus > -1) { - $sql .= " AND pt.fk_projet = p.rowid AND p.fk_statut = ".$filteronprojstatus; + $sql .= " AND pt.fk_projet = p.rowid AND p.fk_statut = ".((int) $filteronprojstatus); } if ($userp) { $sql .= " AND ctc.element = 'project'"; @@ -1057,10 +1057,10 @@ class Task extends CommonObject } $sql .= " AND ctc.rowid = ec.fk_c_type_contact"; if ($userp) { - $sql .= " AND ec.fk_socpeople = ".$userp->id; + $sql .= " AND ec.fk_socpeople = ".((int) $userp->id); } if ($usert) { - $sql .= " AND ec.fk_socpeople = ".$usert->id; + $sql .= " AND ec.fk_socpeople = ".((int) $usert->id); } $sql .= " AND ec.statut = 4"; $sql .= " AND ctc.source = 'internal'"; @@ -2028,7 +2028,7 @@ class Task extends CommonObject // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser - // if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; + // if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; //print $sql; $resql = $this->db->query($sql); diff --git a/htdocs/projet/class/taskstats.class.php b/htdocs/projet/class/taskstats.class.php index 8a5234b956f..d60868b5ebb 100644 --- a/htdocs/projet/class/taskstats.class.php +++ b/htdocs/projet/class/taskstats.class.php @@ -60,7 +60,7 @@ class TaskStats extends Stats $sql .= " COUNT(t.rowid), t.priority"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet"; if (!$user->rights->societe->client->voir && !$user->soc_id) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=".((int) $user->id); } $sql .= $this->buildWhere(); //$sql .= " AND t.fk_statut <> 0"; // We want historic also, so all task not draft @@ -119,7 +119,7 @@ class TaskStats extends Stats $sql = "SELECT date_format(t.datec,'%Y') as year, COUNT(t.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet"; if (!$user->rights->societe->client->voir && !$user->soc_id) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=".((int) $user->id); } $sql .= $this->buildWhere(); $sql .= " GROUP BY year"; @@ -181,7 +181,7 @@ class TaskStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, COUNT(t.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet"; if (!$user->rights->societe->client->voir && !$user->soc_id) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=".((int) $user->id); } $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 6d7ec7d351e..43f5bd6ff2f 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -444,9 +444,9 @@ if ($search_sale > 0) { $sql .= " AND sc.fk_user = ".((int) $search_sale); } // No check is done on company permission because readability is managed by public status of project and assignement. -//if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; +//if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; if ($search_project_user > 0) { - $sql .= " AND ecp.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listofprojectcontacttype))).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".$search_project_user; + $sql .= " AND ecp.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listofprojectcontacttype))).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".((int) $search_project_user); } if ($search_opp_amount != '') { $sql .= natural_search('p.opp_amount', $search_opp_amount, 1); diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index d053866fd62..1963f500349 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -387,10 +387,10 @@ if ($search_projectstatus >= 0) { } } if ($search_project_user > 0) { - $sql .= " AND ecp.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listofprojectcontacttype))).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".$search_project_user; + $sql .= " AND ecp.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listofprojectcontacttype))).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".((int) $search_project_user); } if ($search_task_user > 0) { - $sql .= " AND ect.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listoftaskcontacttype))).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".$search_task_user; + $sql .= " AND ect.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listoftaskcontacttype))).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".((int) $search_task_user); } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/recruitment/recruitmentindex.php b/htdocs/recruitment/recruitmentindex.php index 8c3e2f236a5..5473572f842 100644 --- a/htdocs/recruitment/recruitmentindex.php +++ b/htdocs/recruitment/recruitmentindex.php @@ -254,7 +254,7 @@ if (! empty($conf->recruitment->enabled) && $user->rights->recruitment->read) $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 018585f64e6..c5eab1c4e1c 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -293,11 +293,12 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase if ($val[1] == 'ity' && $val[2] == 'con') { continue; } -// $ok=false; + var_dump($matches); + $ok=false; break; } //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; -// $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); + $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); //exit; From 8485fee5f92669027cf8ab0eb3097db24db53ecf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 19:33:24 +0200 Subject: [PATCH 071/215] Cast numeric into on sql request --- .../admin/dolistore/class/dolistore.class.php | 4 +- htdocs/comm/action/class/actioncomm.class.php | 12 ++-- htdocs/comm/propal/class/propal.class.php | 36 +++++------ htdocs/commande/class/commande.class.php | 22 +++---- htdocs/compta/facture/class/facture.class.php | 8 +-- .../class/bonprelevement.class.php | 40 ++++++------- .../sociales/class/chargesociales.class.php | 2 +- htdocs/contrat/class/contrat.class.php | 8 +-- htdocs/core/class/commonobject.class.php | 4 +- htdocs/core/website.inc.php | 2 +- htdocs/expedition/class/expedition.class.php | 20 +++---- htdocs/fichinter/class/fichinter.class.php | 24 ++++---- .../class/fournisseur.commande.class.php | 26 ++++---- htdocs/loan/class/loan.class.php | 2 +- htdocs/loan/class/paymentloan.class.php | 2 - htdocs/reception/class/reception.class.php | 14 ++--- .../class/supplier_proposal.class.php | 30 +++++----- htdocs/takepos/invoice.php | 2 +- htdocs/ticket/index.php | 2 +- htdocs/ticket/list.php | 4 +- htdocs/user/class/user.class.php | 60 +++++++++---------- htdocs/user/class/usergroup.class.php | 18 +++--- htdocs/user/notify/card.php | 2 +- test/phpunit/CodingPhpTest.php | 4 +- 24 files changed, 173 insertions(+), 175 deletions(-) diff --git a/htdocs/admin/dolistore/class/dolistore.class.php b/htdocs/admin/dolistore/class/dolistore.class.php index 9e5a1e8bce1..bfcb751f9a9 100644 --- a/htdocs/admin/dolistore/class/dolistore.class.php +++ b/htdocs/admin/dolistore/class/dolistore.class.php @@ -84,7 +84,7 @@ class Dolistore try { $this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api); - dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV); + dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV')); // $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data. // Here we set the option array for the Webservice : we want categories resources @@ -134,7 +134,7 @@ class Dolistore try { $this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api); - dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV); + dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV')); // $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data. // Here we set the option array for the Webservice : we want products resources diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 94c512675ef..d5a0c427352 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -875,7 +875,7 @@ class ActionComm extends CommonObject $sql = 'SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm_resources'; - $sql .= ' WHERE fk_actioncomm = '.$this->id; + $sql .= ' WHERE fk_actioncomm = '.((int) $this->id); $sql .= " AND element_type IN ('user', 'socpeople')"; $resql = $this->db->query($sql); if ($resql) { @@ -996,7 +996,7 @@ class ActionComm extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; - $sql .= " WHERE fk_actioncomm = ".$this->id; + $sql .= " WHERE fk_actioncomm = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -1159,7 +1159,7 @@ class ActionComm extends CommonObject // Now insert assignedusers if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'user'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'user'"; $resql = $this->db->query($sql); $already_inserted = array(); @@ -1184,7 +1184,7 @@ class ActionComm extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'socpeople'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'socpeople'"; $resql = $this->db->query($sql); if (!empty($this->socpeopleassigned)) { @@ -1336,7 +1336,7 @@ class ActionComm extends CommonObject } if (!$user->rights->agenda->allactions->read) { $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id); - $sql .= " OR ar.fk_element = ".$user->id; // Added by PV + $sql .= " OR ar.fk_element = ".((int) $user->id); $sql .= ")"; } @@ -2226,7 +2226,7 @@ class ActionComm extends CommonObject //Select all action comm reminders for event $sql = "SELECT rowid as id, typeremind, dateremind, status, offsetvalue, offsetunit, fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; - $sql .= " WHERE fk_actioncomm = ".$this->id; + $sql .= " WHERE fk_actioncomm = ".((int) $this->id); if ($onlypast) { $sql .= " AND dateremind <= '".$this->db->idate(dol_now())."'"; } diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 0f73746b03a..6e3f60a7cf5 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1879,8 +1879,8 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET ref = '".$this->db->escape($num)."',"; - $sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1906,7 +1906,7 @@ class Propal extends CommonObject if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'propale/".$this->db->escape($this->newref)."'"; - $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -1974,7 +1974,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET datep = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2030,7 +2030,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET fin_validite = ".($date_fin_validite != '' ? "'".$this->db->idate($date_fin_validite)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2101,7 +2101,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; $sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2156,9 +2156,9 @@ class Propal extends CommonObject $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; - $sql .= " SET fk_availability = '".$id."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; + $sql .= " SET fk_availability = ".((int) $id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__.' availability('.$id.')', LOG_DEBUG); $resql = $this->db->query($sql); @@ -2221,7 +2221,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; $sql .= " SET fk_input_reason = ".((int) $id); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2346,7 +2346,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2409,7 +2409,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET remise_absolue = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2530,7 +2530,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2707,7 +2707,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -2789,7 +2789,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_statut = ".self::STATUS_DRAFT; } if ($notcurrentuser > 0) { - $sql .= " AND p.fk_user_author <> ".$user->id; + $sql .= " AND p.fk_user_author <> ".((int) $user->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -2934,7 +2934,7 @@ class Propal extends CommonObject if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -2970,7 +2970,7 @@ class Propal extends CommonObject // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -4156,7 +4156,7 @@ class PropaleLigne extends CommonObjectLine $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".$this->rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".((int) $this->rowid); dol_syslog("PropaleLigne::delete", LOG_DEBUG); if ($this->db->query($sql)) { // Remove extrafields diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index f2feb3ed444..050b7251898 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -493,8 +493,8 @@ class Commande extends CommonOrder $sql .= " SET ref = '".$this->db->escape($num)."',"; $sql .= " fk_statut = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($now)."',"; - $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -624,7 +624,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { @@ -807,7 +807,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET fk_statut = ".self::STATUS_CANCELED; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; dol_syslog(get_class($this)."::cancel", LOG_DEBUG); @@ -2543,7 +2543,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET date_commande = ".($date ? "'".$this->db->idate($date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".((int) self::STATUS_DRAFT); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".((int) self::STATUS_DRAFT); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2615,7 +2615,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET date_livraison = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2697,7 +2697,7 @@ class Commande extends CommonOrder $sql .= " AND c.fk_statut = ".self::STATUS_DRAFT; } if (is_object($excluser)) { - $sql .= " AND c.fk_user_author <> ".$excluser->id; + $sql .= " AND c.fk_user_author <> ".((int) $excluser->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -3395,8 +3395,8 @@ class Commande extends CommonOrder // Delete extrafields of lines and lines if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; - $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -3432,7 +3432,7 @@ class Commande extends CommonOrder // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -4649,7 +4649,7 @@ class OrderLine extends CommonOrderLine $sql .= ",total_localtax1='".price2num($this->total_localtax1)."'"; $sql .= ",total_localtax2='".price2num($this->total_localtax2)."'"; $sql .= ",total_ttc='".price2num($this->total_ttc)."'"; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog("OrderLine::update_total", LOG_DEBUG); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index d0d14b02abb..ea41bd4842a 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -2996,7 +2996,7 @@ class Facture extends CommonInvoice $sql = "UPDATE ".MAIN_DB_PREFIX."facture"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -4051,7 +4051,7 @@ class Facture extends CommonInvoice $sql .= " AND f.fk_statut = ".self::STATUS_DRAFT; } if (is_object($excluser)) { - $sql .= " AND f.fk_user_author <> ".$excluser->id; + $sql .= " AND f.fk_user_author <> ".((int) $excluser->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -5679,7 +5679,7 @@ class FactureLigne extends CommonInvoiceLine return -1; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".$this->rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if ($this->db->query($sql)) { $this->db->commit(); @@ -5719,7 +5719,7 @@ class FactureLigne extends CommonInvoiceLine $sql .= ",total_localtax1=".price2num($this->total_localtax1).""; $sql .= ",total_localtax2=".price2num($this->total_localtax2).""; $sql .= ",total_ttc=".price2num($this->total_ttc).""; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::update_total", LOG_DEBUG); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index d9f93dd0a08..10c8f304102 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -203,7 +203,7 @@ class BonPrelevement extends CommonObject */ $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); $sql .= " AND fk_soc =".((int) $client_id); $sql .= " AND code_banque = '".$this->db->escape($code_banque)."'"; $sql .= " AND code_guichet = '".$this->db->escape($code_guichet)."'"; @@ -348,8 +348,8 @@ class BonPrelevement extends CommonObject if ($this->db->begin()) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET statut = ".self::STATUS_TRANSFERED; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $result = $this->db->query($sql); if (!$result) { @@ -374,7 +374,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes"; $sql .= " SET statut = 2"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::set_credite Erreur 1"); @@ -429,7 +429,7 @@ class BonPrelevement extends CommonObject $sql .= ", statut = ".self::STATUS_CREDITED; $sql .= ", date_credit = '".$this->db->idate($date)."'"; $sql .= " WHERE rowid=".((int) $this->id); - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND statut = ".self::STATUS_TRANSFERED; $resql = $this->db->query($sql); @@ -528,7 +528,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes"; $sql .= " SET statut = 2"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::set_infocredit Update lines Error"); @@ -582,8 +582,8 @@ class BonPrelevement extends CommonObject $sql .= " , date_trans = '".$this->db->idate($date)."'"; $sql .= " , method_trans = ".((int) $method); $sql .= " , statut = ".self::STATUS_TRANSFERED; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND statut = 0"; if ($this->db->query($sql)) { @@ -647,7 +647,7 @@ class BonPrelevement extends CommonObject $sql .= " WHERE pf.fk_prelevement_lignes = pl.rowid"; $sql .= " AND pl.fk_prelevement_bons = p.rowid"; $sql .= " AND p.rowid = ".((int) $this->id); - $sql .= " AND p.entity = ".$conf->entity; + $sql .= " AND p.entity = ".((int) $conf->entity); if ($amounts) { if ($this->type == 'bank-transfer') { $sql .= " GROUP BY fk_facture_fourn"; @@ -989,7 +989,7 @@ class BonPrelevement extends CommonObject $sql = "SELECT substring(ref from char_length(ref) - 1)"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " WHERE ref LIKE '%".$this->db->escape($ref)."%'"; - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " ORDER BY ref DESC LIMIT 1"; dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); @@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande"; $sql .= " SET traite = 1"; $sql .= ", date_traite = '".$this->db->idate($now)."'"; - $sql .= ", fk_prelevement_bons = ".$this->id; + $sql .= ", fk_prelevement_bons = ".((int) $this->id); $sql .= " WHERE rowid = ".((int) $fac[1]); $resql = $this->db->query($sql); @@ -1141,7 +1141,7 @@ class BonPrelevement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET amount = ".price2num($this->total); $sql .= " WHERE rowid = ".((int) $this->id); - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { @@ -1205,7 +1205,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id.")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id).")"; $resql1 = $this->db->query($sql); if (!$resql1) { dol_print_error($this->db); @@ -1213,7 +1213,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id); $resql2 = $this->db->query($sql); if (!$resql2) { dol_print_error($this->db); @@ -1221,7 +1221,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".((int) $this->id); $resql3 = $this->db->query($sql); if (!$resql3) { dol_print_error($this->db); @@ -1229,7 +1229,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".((int) $this->id); $resql4 = $this->db->query($sql); if (!$resql4) { dol_print_error($this->db); @@ -1491,7 +1491,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."societe as soc,"; $sql .= " ".MAIN_DB_PREFIX."c_country as c,"; $sql .= " ".MAIN_DB_PREFIX."societe_rib as rib"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture = f.rowid"; $sql .= " AND f.fk_soc = soc.rowid"; @@ -1607,7 +1607,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."societe as soc,"; $sql .= " ".MAIN_DB_PREFIX."c_country as c,"; $sql .= " ".MAIN_DB_PREFIX."societe_rib as rib"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture_fourn = f.rowid"; $sql .= " AND f.fk_soc = soc.rowid"; @@ -1697,7 +1697,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,"; $sql .= " ".MAIN_DB_PREFIX."facture as f,"; $sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture = f.rowid"; @@ -1723,7 +1723,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,"; $sql .= " ".MAIN_DB_PREFIX."facture_fourn as f,"; $sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture_fourn = f.rowid"; diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php index 1977ac9791b..14b2cf67590 100644 --- a/htdocs/compta/sociales/class/chargesociales.class.php +++ b/htdocs/compta/sociales/class/chargesociales.class.php @@ -301,7 +301,7 @@ class ChargeSociales extends CommonObject // Delete payments if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index a0016f3fe47..29d84c86c57 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -792,7 +792,7 @@ class Contrat extends CommonObject $sql .= " d.fk_unit,"; $sql .= " d.product_type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as d LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid"; - $sql .= " WHERE d.fk_contrat = ".$this->id; + $sql .= " WHERE d.fk_contrat = ".((int) $this->id); $sql .= " ORDER by d.rowid ASC"; dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG); @@ -1188,7 +1188,7 @@ class Contrat extends CommonObject // Delete contratdet extrafields $main = MAIN_DB_PREFIX.'contratdet'; $ef = $main."_extrafields"; - $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".$this->id.")"; + $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".((int) $this->id).")"; dol_syslog(get_class($this)."::delete contratdet_extrafields", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3120,7 +3120,7 @@ class ContratLigne extends CommonObjectLine if ($this->date_ouverture_prevue != $this->oldcopy->date_ouverture_prevue) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET'; $sql .= " date_ouverture_prevue = ".($this->date_ouverture_prevue != '' ? "'".$this->db->idate($this->date_ouverture_prevue)."'" : "null"); - $sql .= " WHERE fk_contrat = ".$this->fk_contrat; + $sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat); $resql = $this->db->query($sql); if (!$resql) { @@ -3131,7 +3131,7 @@ class ContratLigne extends CommonObjectLine if ($this->date_fin_validite != $this->oldcopy->date_fin_validite) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET'; $sql .= " date_fin_validite = ".($this->date_fin_validite != '' ? "'".$this->db->idate($this->date_fin_validite)."'" : "null"); - $sql .= " WHERE fk_contrat = ".$this->fk_contrat; + $sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index fccbfa6ed7f..1e28afd41e0 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -5765,7 +5765,7 @@ abstract class CommonObject dol_syslog(get_class($this)."::deleteExtraFields delete", LOG_DEBUG); - $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id; + $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql_del); if (!$resql) { @@ -5965,7 +5965,7 @@ abstract class CommonObject dol_syslog(get_class($this)."::insertExtraFields delete then insert", LOG_DEBUG); - $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id; + $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id); $this->db->query($sql_del); $sql = "INSERT INTO ".MAIN_DB_PREFIX.$table_element."_extrafields (fk_object"; diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php index 8ffa69e31ac..97199614ece 100644 --- a/htdocs/core/website.inc.php +++ b/htdocs/core/website.inc.php @@ -96,7 +96,7 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') { // If we browsi $sql .= " WHERE wp.fk_website = ".((int) $website->id); $sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid); if (is_object($websitepage) && $websitepage->fk_page > 0) { - $sql .= " OR wp.fk_page = ".$websitepage->fk_page." OR wp.rowid = ".$websitepage->fk_page; + $sql .= " OR wp.fk_page = ".((int) $websitepage->fk_page)." OR wp.rowid = ".((int) $websitepage->fk_page); } $sql .= ")"; $sql .= " AND wp.lang = '".$db->escape(GETPOST('l', 'aZ09'))."'"; diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index ee7324a22c4..85245b38e89 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -733,7 +733,7 @@ class Expedition extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as edb on edb.fk_expeditiondet = ed.rowid"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -811,7 +811,7 @@ class Expedition extends CommonObject if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'expedition/sending/".$this->db->escape($this->newref)."'"; - $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/sending/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/sending/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { $error++; $this->error = $this->db->lasterror(); @@ -1224,7 +1224,7 @@ class Expedition extends CommonObject $sql = "SELECT cd.fk_product, cd.subprice, ed.qty, ed.fk_entrepot, ed.rowid as expeditiondet_id"; $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::delete select details", LOG_DEBUG); @@ -1285,7 +1285,7 @@ class Expedition extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet"; - $sql .= " WHERE fk_expedition = ".$this->id; + $sql .= " WHERE fk_expedition = ".((int) $this->id); if ($this->db->query($sql)) { // Delete linked object @@ -1408,7 +1408,7 @@ class Expedition extends CommonObject $sql = "SELECT cd.fk_product, cd.subprice, ed.qty, ed.fk_entrepot, ed.rowid as expeditiondet_id"; $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::delete select details", LOG_DEBUG); @@ -1469,10 +1469,10 @@ class Expedition extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'expeditiondet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_expedition = ".$this->id.")"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_expedition = ".((int) $this->id).")"; $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet"; - $sql .= " WHERE fk_expedition = ".$this->id; + $sql .= " WHERE fk_expedition = ".((int) $this->id); if ($this->db->query($sqlef) && $this->db->query($sql)) { // Delete linked object @@ -1577,7 +1577,7 @@ class Expedition extends CommonObject $sql .= ", p.weight, p.weight_units, p.length, p.length_units, p.surface, p.surface_units, p.volume, p.volume_units, p.tosell as product_tosell, p.tobuy as product_tobuy, p.tobatch as product_tobatch"; $sql .= " FROM ".MAIN_DB_PREFIX."expeditiondet as ed, ".MAIN_DB_PREFIX."commandedet as cd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = cd.fk_product"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND ed.fk_origin_line = cd.rowid"; $sql .= " ORDER BY cd.rang, ed.fk_origin_line"; @@ -2207,7 +2207,7 @@ class Expedition extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as edb on edb.fk_expeditiondet = ed.rowid"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -2377,7 +2377,7 @@ class Expedition extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as edb on edb.fk_expeditiondet = ed.rowid"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index a15ebfffeb8..371853dc70c 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -383,8 +383,8 @@ class Fichinter extends CommonObject $sql .= ", fk_projet = ".((int) $this->fk_project); $sql .= ", note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null"); $sql .= ", note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null"); - $sql .= ", fk_user_modif = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ", fk_user_modif = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); if ($this->db->query($sql)) { @@ -510,7 +510,7 @@ class Fichinter extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -570,11 +570,11 @@ class Fichinter extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter"; $sql .= " SET fk_statut = 1"; - $sql .= ", ref = '".$num."'"; + $sql .= ", ref = '".$this->db->escape($num)."'"; $sql .= ", date_valid = '".$this->db->idate($now)."'"; - $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= ", fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND fk_statut = 0"; dol_syslog(get_class($this)."::setValid", LOG_DEBUG); @@ -975,7 +975,7 @@ class Fichinter extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'fichinterdet'; $ef = $main."_extrafields"; - $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_fichinter = ".$this->id.")"; + $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_fichinter = ".((int) $this->id).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -985,7 +985,7 @@ class Fichinter extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet"; - $sql .= " WHERE fk_fichinter = ".$this->id; + $sql .= " WHERE fk_fichinter = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1322,7 +1322,7 @@ class Fichinter extends CommonObject $sql = 'SELECT rowid, fk_fichinter, description, duree, date, rang'; $sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet'; - $sql .= ' WHERE fk_fichinter = '.$this->id.' ORDER BY rang ASC, date ASC'; + $sql .= ' WHERE fk_fichinter = '.((int) $this->id).' ORDER BY rang ASC, date ASC'; dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1568,7 +1568,7 @@ class FichinterLigne extends CommonObjectLine $sql .= ",date='".$this->db->idate($this->datei)."'"; $sql .= ",duree=".$this->duration; $sql .= ",rang='".$this->db->escape($this->rang)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("FichinterLigne::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1680,7 +1680,7 @@ class FichinterLigne extends CommonObjectLine return -1; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 94015875599..3facc342f08 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -598,8 +598,8 @@ class CommandeFournisseur extends CommonOrder $sql .= " SET ref='".$this->db->escape($num)."',"; $sql .= " fk_statut = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate(dol_now())."',"; - $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_DRAFT; $resql = $this->db->query($sql); @@ -1008,7 +1008,7 @@ class CommandeFournisseur extends CommonOrder } else // request a second level approval { $sql .= " date_approve2='".$this->db->idate($now)."',"; - $sql .= " fk_user_approve2 = ".$user->id; + $sql .= " fk_user_approve2 = ".((int) $user->id); if (empty($this->user_approve_id)) { $movetoapprovestatus = false; // first level approval not done } @@ -1020,7 +1020,7 @@ class CommandeFournisseur extends CommonOrder } else { $sql .= ", fk_statut = ".self::STATUS_VALIDATED; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; if ($this->db->query($sql)) { @@ -1118,7 +1118,7 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".self::STATUS_REFUSED; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $result = 0; @@ -1170,7 +1170,7 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".((int) $statut); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::cancel", LOG_DEBUG); if ($this->db->query($sql)) { $result = 0; @@ -2096,7 +2096,7 @@ class CommandeFournisseur extends CommonOrder $main = MAIN_DB_PREFIX.'commande_fournisseurdet'; $ef = $main."_extrafields"; - $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_commande = ".$this->id.")"; + $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_commande = ".((int) $this->id).")"; dol_syslog(get_class($this)."::delete extrafields lines", LOG_DEBUG); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -2104,7 +2104,7 @@ class CommandeFournisseur extends CommonOrder $error++; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseurdet WHERE fk_commande =".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseurdet WHERE fk_commande =".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -2112,7 +2112,7 @@ class CommandeFournisseur extends CommonOrder $error++; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE rowid =".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE rowid =".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if ($resql = $this->db->query($sql)) { if ($this->db->affected_rows($resql) < 1) { @@ -2332,7 +2332,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET fk_statut = ".((int) $statut); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut IN (".self::STATUS_ORDERSENT.",".self::STATUS_RECEIVED_PARTIALLY.")"; // Process running or Partially received dol_syslog(get_class($this)."::Livraison", LOG_DEBUG); @@ -2406,7 +2406,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET date_livraison = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2465,7 +2465,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET fk_projet = ".($id_projet > 0 ? (int) $id_projet : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -3787,7 +3787,7 @@ class CommandeFournisseurLigne extends CommonOrderLine $sql .= ", multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= ", multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::updateline", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index b5c0ffc0add..91f384703a9 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -307,7 +307,7 @@ class Loan extends CommonObject // Delete payments if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_loan where fk_loan=".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_loan where fk_loan=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/loan/class/paymentloan.class.php b/htdocs/loan/class/paymentloan.class.php index 8139e25c87c..841ffa7b373 100644 --- a/htdocs/loan/class/paymentloan.class.php +++ b/htdocs/loan/class/paymentloan.class.php @@ -332,7 +332,6 @@ class PaymentLoan extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."payment_loan SET"; - $sql .= " fk_loan=".(isset($this->fk_loan) ? $this->fk_loan : "null").","; $sql .= " datec=".(dol_strlen($this->datec) != 0 ? "'".$this->db->idate($this->datec)."'" : 'null').","; $sql .= " tms=".(dol_strlen($this->tms) != 0 ? "'".$this->db->idate($this->tms)."'" : 'null').","; @@ -347,7 +346,6 @@ class PaymentLoan extends CommonObject $sql .= " fk_bank=".(isset($this->fk_bank) ? $this->fk_bank : "null").","; $sql .= " fk_user_creat=".(isset($this->fk_user_creat) ? $this->fk_user_creat : "null").","; $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index 33034f290d1..e1e2c857bc0 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -564,7 +564,7 @@ class Reception extends CommonObject $sql .= " ed.eatby, ed.sellby, ed.batch"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -915,7 +915,7 @@ class Reception extends CommonObject $sql = "SELECT cd.fk_product, cd.subprice, ed.qty, ed.fk_entrepot, ed.eatby, ed.sellby, ed.batch, ed.rowid as commande_fournisseur_dispatch_id"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::delete select details", LOG_DEBUG); @@ -940,10 +940,10 @@ class Reception extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_reception = ".$this->id.")"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_reception = ".((int) $this->id).")"; $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur_dispatch"; - $sql .= " WHERE fk_reception = ".$this->id; + $sql .= " WHERE fk_reception = ".((int) $this->id); if ($this->db->query($sqlef) && $this->db->query($sql)) { // Delete linked object @@ -1489,7 +1489,7 @@ class Reception extends CommonObject $sql .= " ed.eatby, ed.sellby, ed.batch"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -1650,7 +1650,7 @@ class Reception extends CommonObject $sql .= " ed.eatby, ed.sellby, ed.batch"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -1772,7 +1772,7 @@ class Reception extends CommonObject $sql .= " ed.eatby, ed.sellby, ed.batch"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index bc44ad200d5..6b76cf23af6 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1294,7 +1294,7 @@ class SupplierProposal extends CommonObject $sql .= ' d.fk_multicurrency, d.multicurrency_code, d.multicurrency_subprice, d.multicurrency_total_ht, d.multicurrency_total_tva, d.multicurrency_total_ttc, d.fk_unit'; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposaldet as d"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid"; - $sql .= " WHERE d.fk_supplier_proposal = ".$this->id; + $sql .= " WHERE d.fk_supplier_proposal = ".((int) $this->id); $sql .= " ORDER by d.rang"; $result = $this->db->query($sql); @@ -1417,8 +1417,8 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET ref = '".$this->db->escape($num)."',"; - $sql .= " fk_statut = 1, date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " fk_statut = 1, date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1517,7 +1517,7 @@ class SupplierProposal extends CommonObject if (!empty($user->rights->supplier_proposal->creer)) { $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal "; $sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->date_livraison = $delivery_date; @@ -1549,7 +1549,7 @@ class SupplierProposal extends CommonObject $remise = price2num($remise, 2); $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->remise_percent = ((float) $remise); @@ -1584,7 +1584,7 @@ class SupplierProposal extends CommonObject if (!empty($user->rights->supplier_proposal->creer)) { $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal "; $sql .= " SET remise_absolue = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->remise_absolue = $remise; @@ -1622,7 +1622,7 @@ class SupplierProposal extends CommonObject $sql .= " note_private = '".$this->db->escape($note)."',"; } $sql .= " date_cloture=NULL, fk_user_cloture=NULL"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -1681,7 +1681,7 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1881,7 +1881,7 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { @@ -2016,10 +2016,10 @@ class SupplierProposal extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'supplier_proposaldet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_supplier_proposal = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE fk_supplier_proposal = ".$this->id; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_supplier_proposal = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE fk_supplier_proposal = ".((int) $this->id); if ($this->db->query($sql)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposal WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposal WHERE rowid = ".((int) $this->id); if ($this->db->query($sqlef) && $this->db->query($sql)) { // Delete linked object $res = $this->deleteObjectLinked(); @@ -3100,7 +3100,7 @@ class SupplierProposalLine extends CommonObjectLine $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE rowid = ".((int) $this->id); dol_syslog("SupplierProposalLine::delete", LOG_DEBUG); if ($this->db->query($sql)) { // Remove extrafields @@ -3248,7 +3248,7 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " , multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= " , multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3296,7 +3296,7 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " total_ht=".price2num($this->total_ht, 'MT'); $sql .= ",total_tva=".price2num($this->total_tva, 'MT'); $sql .= ",total_ttc=".price2num($this->total_ttc, 'MT'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("SupplierProposalLine::update_total", LOG_DEBUG); diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 721a7b92ae8..0c00fcdd938 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -1466,7 +1466,7 @@ if ($placeid > 0) { $sql .= " WHERE ps.reel != 0"; $sql .= " AND ps.fk_entrepot = ".((int) $conf->global->$constantforkey); $sql .= " AND e.entity IN (".getEntity('stock').")"; - $sql .= " AND ps.fk_product = ".$line->fk_product; + $sql .= " AND ps.fk_product = ".((int) $line->fk_product); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/ticket/index.php b/htdocs/ticket/index.php index 1c565b79b45..4b9202f4245 100644 --- a/htdocs/ticket/index.php +++ b/htdocs/ticket/index.php @@ -332,7 +332,7 @@ if ($user->socid > 0) { } else { // Restricted to assigned user only if (!empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) && !$user->rights->ticket->manage) { - $sql .= " AND t.fk_user_assign=".$user->id; + $sql .= " AND t.fk_user_assign = ".((int) $user->id); } } $sql .= $db->order("t.datec", "DESC"); diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 5a55a1ab324..c79a75e851c 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -425,9 +425,9 @@ if ($search_dateclose_end) { if (!$user->socid && ($mode == "mine" || (!$user->admin && $conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY))) { - $sql .= " AND (t.fk_user_assign = ".$user->id; + $sql .= " AND (t.fk_user_assign = ".((int) $user->id); if (empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY)) { - $sql .= " OR t.fk_user_create = ".$user->id; + $sql .= " OR t.fk_user_create = ".((int) $user->id); } $sql .= ")"; } diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 4c253e4a4a8..6df01a907f4 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -576,8 +576,8 @@ class User extends CommonObject if ($loadpersonalconf) { // Load user->conf for user $sql = "SELECT param, value FROM ".MAIN_DB_PREFIX."user_param"; - $sql .= " WHERE fk_user = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE fk_user = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); //dol_syslog(get_class($this).'::fetch load personalized conf', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -727,7 +727,7 @@ class User extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($whereforadd) && $whereforadd != 'allmodules') { $sql .= " AND ".$whereforadd; } @@ -740,11 +740,11 @@ class User extends CommonObject $obj = $this->db->fetch_object($result); $nid = $obj->id; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".$this->id." AND fk_id=".$nid." AND entity = ".$entity; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".((int) $this->id)." AND fk_id = ".((int) $nid)." AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (entity, fk_user, fk_id) VALUES (".$entity.", ".$this->id.", ".$nid.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (entity, fk_user, fk_id) VALUES (".((int) $entity).", ".((int) $this->id).", ".((int) $nid).")"; if (!$this->db->query($sql)) { $error++; } @@ -808,7 +808,7 @@ class User extends CommonObject $sql = "SELECT module, perms, subperms"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; $sql .= " WHERE id = '".$this->db->escape($rid)."'"; - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); if ($result) { @@ -853,7 +853,7 @@ class User extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($wherefordel) && $wherefordel != 'allmodules') { $sql .= " AND ".$wherefordel; } @@ -875,8 +875,8 @@ class User extends CommonObject $nid = $obj->id; $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights"; - $sql .= " WHERE fk_user = ".$this->id." AND fk_id = ".((int) $nid); - $sql .= " AND entity = ".$entity; + $sql .= " WHERE fk_user = ".((int) $this->id)." AND fk_id = ".((int) $nid); + $sql .= " AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } @@ -1022,12 +1022,12 @@ class User extends CommonObject if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $sql .= " AND gu.entity IN (0,".$conf->entity.")"; } else { - $sql .= " AND r.entity = ".$conf->entity; + $sql .= " AND r.entity = ".((int) $conf->entity); } } else { - $sql .= " AND gr.entity = ".$conf->entity; - $sql .= " AND gu.entity = ".$conf->entity; - $sql .= " AND r.entity = ".$conf->entity; + $sql .= " AND gr.entity = ".((int) $conf->entity); + $sql .= " AND gu.entity = ".((int) $conf->entity); + $sql .= " AND r.entity = ".((int) $conf->entity); } $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; $sql .= " AND gu.fk_user = ".((int) $this->id); @@ -1180,7 +1180,7 @@ class User extends CommonObject dol_syslog(get_class($this)."::delete", LOG_DEBUG); // Remove rights - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".((int) $this->id); if (!$error && !$this->db->query($sql)) { $error++; @@ -1188,14 +1188,14 @@ class User extends CommonObject } // Remove group - $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user WHERE fk_user = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user WHERE fk_user = ".((int) $this->id); if (!$error && !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); } // Remove params - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_param WHERE fk_user = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_param WHERE fk_user = ".((int) $this->id); if (!$error && !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -1221,7 +1221,7 @@ class User extends CommonObject // Remove user if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { $error++; @@ -1574,7 +1574,7 @@ class User extends CommonObject $num = 0; $sql = "SELECT id FROM ".MAIN_DB_PREFIX."rights_def"; $sql .= " WHERE bydefault = 1"; - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if ($resql) { @@ -1769,7 +1769,7 @@ class User extends CommonObject $sql .= ", default_c_exp_tax_cat = ".($this->default_c_exp_tax_cat > 0 ? $this->default_c_exp_tax_cat : 'null'); $sql .= ", fk_warehouse = ".($this->fk_warehouse > 0 ? $this->fk_warehouse : "null"); $sql .= ", lang = ".($this->lang ? "'".$this->db->escape($this->lang)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1960,7 +1960,7 @@ class User extends CommonObject $sql .= " datepreviouslogin = datelastlogin,"; $sql .= " datelastlogin = '".$this->db->idate($now)."',"; $sql .= " tms = tms"; // La date de derniere modif doit changer sauf pour la mise a jour de date de derniere connexion - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_last_login_date user->id=".$this->id." ".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2021,7 +2021,7 @@ class User extends CommonObject } else { $sql .= ", pass = '".$this->db->escape($password)."'"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setPassword", LOG_DEBUG); $result = $this->db->query($sql); @@ -2079,7 +2079,7 @@ class User extends CommonObject // After receiving confirmation link, we will erase and store it in pass_crypted $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql .= " SET pass_temp = '".$this->db->escape($password)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setPassword", LOG_DEBUG); // No log $result = $this->db->query($sql); @@ -2225,7 +2225,7 @@ class User extends CommonObject // phpcs:enable $sql = "SELECT url, login, pass, poste "; $sql .= " FROM ".MAIN_DB_PREFIX."user_clicktodial as u"; - $sql .= " WHERE u.fk_user = ".$this->id; + $sql .= " WHERE u.fk_user = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2260,7 +2260,7 @@ class User extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_clicktodial"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); dol_syslog(get_class($this).'::update_clicktodial', LOG_DEBUG); $result = $this->db->query($sql); @@ -2305,14 +2305,14 @@ class User extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); $sql .= " AND fk_usergroup = ".((int) $group); - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_user (entity, fk_user, fk_usergroup)"; - $sql .= " VALUES (".$entity.",".$this->id.",".$group.")"; + $sql .= " VALUES (".((int) $entity).",".((int) $this->id).",".((int) $group).")"; $result = $this->db->query($sql); if ($result) { @@ -2362,9 +2362,9 @@ class User extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); $sql .= " AND fk_usergroup = ".((int) $group); - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); if ($result) { @@ -3093,7 +3093,7 @@ class User extends CommonObject { // phpcs:enable $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."user"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); dol_syslog(get_class($this)."::get_children sql=".$sql, LOG_DEBUG); $res = $this->db->query($sql); diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php index 1f0bb2891c6..b1b3175aaa9 100644 --- a/htdocs/user/class/usergroup.class.php +++ b/htdocs/user/class/usergroup.class.php @@ -227,7 +227,7 @@ class UserGroup extends CommonObject /** * Return array of User objects for group this->id (or all if this->id not defined) * - * @param string $excludefilter Filter to exclude + * @param string $excludefilter Filter to exclude. Do not use here a string coming from user input. * @param int $mode 0=Return array of user instance, 1=Return array of users id only * @return mixed Array of users or -1 on error */ @@ -250,7 +250,7 @@ class UserGroup extends CommonObject $sql .= " AND ug.fk_user = u.rowid"; } if (!empty($this->id)) { - $sql .= " AND ug.fk_usergroup = ".$this->id; + $sql .= " AND ug.fk_usergroup = ".((int) $this->id); } if (!empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && !$user->entity) { $sql .= " AND u.entity IS NOT NULL"; @@ -372,11 +372,11 @@ class UserGroup extends CommonObject $obj = $this->db->fetch_object($result); $nid = $obj->id; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights WHERE fk_usergroup = $this->id AND fk_id=".$nid." AND entity = ".$entity; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights WHERE fk_usergroup = ".((int) $this->id)." AND fk_id=".((int) $nid)." AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_rights (entity, fk_usergroup, fk_id) VALUES (".$entity.", ".$this->id.", ".$nid.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_rights (entity, fk_usergroup, fk_id) VALUES (".((int) $entity).", ".((int) $this->id).", ".((int) $nid).")"; if (!$this->db->query($sql)) { $error++; } @@ -486,7 +486,7 @@ class UserGroup extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($wherefordel) && $wherefordel != 'allmodules') { $sql .= " AND ".$wherefordel; } @@ -505,7 +505,7 @@ class UserGroup extends CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights"; $sql .= " WHERE fk_usergroup = $this->id AND fk_id=".((int) $nid); - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } @@ -566,9 +566,9 @@ class UserGroup extends CommonObject $sql = "SELECT r.module, r.perms, r.subperms "; $sql .= " FROM ".MAIN_DB_PREFIX."usergroup_rights as u, ".MAIN_DB_PREFIX."rights_def as r"; $sql .= " WHERE r.id = u.fk_id"; - $sql .= " AND r.entity = ".$conf->entity; - $sql .= " AND u.entity = ".$conf->entity; - $sql .= " AND u.fk_usergroup = ".$this->id; + $sql .= " AND r.entity = ".((int) $conf->entity); + $sql .= " AND u.entity = ".((int) $conf->entity); + $sql .= " AND u.fk_usergroup = ".((int) $this->id); $sql .= " AND r.perms IS NOT NULL"; if ($moduletag) { $sql .= " AND r.module = '".$this->db->escape($moduletag)."'"; diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 9bb8ab66c38..05b45ebf829 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -232,7 +232,7 @@ if ($result > 0) { $sql .= " ".MAIN_DB_PREFIX."user c"; $sql .= " WHERE a.rowid = n.fk_action"; $sql .= " AND c.rowid = n.fk_user"; - $sql .= " AND c.rowid = ".$object->id; + $sql .= " AND c.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('user').')'; $resql = $db->query($sql); diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index c5eab1c4e1c..9c00cb300c7 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -288,9 +288,9 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Check sql string AND ... yyy = ".$xxx // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string or an (int) if int when forging sql request. - preg_match_all('/AND.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('/(DELETE|OR|AND)\s.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { - if ($val[1] == 'ity' && $val[2] == 'con') { + if ($val[2] == 'ity' && $val[3] == 'con') { continue; } var_dump($matches); From 7af023665f6a68c7351eda8e1873a0095dccfcdc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 19:37:11 +0200 Subject: [PATCH 072/215] Clean var not defined --- htdocs/projet/tasks/list.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index 1963f500349..8dc369b6a0a 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -45,7 +45,6 @@ $id = GETPOST('id', 'int'); $search_all = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); $search_categ = GETPOST("search_categ", 'alpha'); -$search_project = GETPOST('search_project'); $search_projectstatus = GETPOST('search_projectstatus'); if (!isset($search_projectstatus) || $search_projectstatus === '') { @@ -62,8 +61,8 @@ $search_task_ref = GETPOST('search_task_ref'); $search_task_label = GETPOST('search_task_label'); $search_task_description = GETPOST('search_task_description'); $search_task_ref_parent = GETPOST('search_task_ref_parent'); -$search_project_user = GETPOST('search_project_user'); -$search_task_user = GETPOST('search_task_user'); +$search_project_user = GETPOST('search_project_user', 'int'); +$search_task_user = GETPOST('search_task_user', 'int'); $search_task_progress = GETPOST('search_task_progress'); $search_societe = GETPOST('search_societe'); @@ -182,7 +181,6 @@ if (empty($reshook)) { if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All tests are required to be compatible with all browsers $search_all = ""; $search_categ = ""; - $search_project = ""; $search_projectstatus = -1; $search_project_ref = ""; $search_project_title = ""; @@ -487,13 +485,13 @@ if ($search_project_title != '') { $param .= '&search_project_title='.urlencode($search_project_title); } if ($search_task_ref != '') { - $param .= '&search_task_ref='.urlencode($search_ref); + $param .= '&search_task_ref='.urlencode($search_task_ref); } if ($search_task_label != '') { - $param .= '&search_task_label='.urlencode($search_label); + $param .= '&search_task_label='.urlencode($search_task_label); } if ($search_task_description != '') { - $param .= '&search_task_description='.urlencode($search_description); + $param .= '&search_task_description='.urlencode($search_task_description); } if ($search_task_ref_parent != '') { $param .= '&search_task_ref_parent='.urlencode($search_task_ref_parent); From bfbde54a90d6d2f38ad81eee0fc2b6821c00e428 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 19:38:59 +0200 Subject: [PATCH 073/215] Fix phpcs --- test/phpunit/CodingPhpTest.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 37fc7eee703..a7f99ec4749 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -293,11 +293,9 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $ok=false; break; } - //if ($reg[0] != 'db') $ok=false; } //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].' - Bad.'); - //exit; // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/sql.+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); From 3419e43a2c960d6e30f15e0e1ff1258190fff1ad Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 21:02:07 +0200 Subject: [PATCH 074/215] Fix phpunit --- htdocs/product/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 3f2833fde52..c3037ac9071 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -1814,7 +1814,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (!$object->isService() && !empty($conf->bom->enabled)) { print ''.$form->textwithpicto($langs->trans("DefaultBOM"), $langs->trans("DefaultBOMDesc", $langs->transnoentitiesnoconv("Finished"))).''; - $bomkey = "Bom:bom/class/bom.class.php:0:t.status=1 AND t.fk_product=".$object->id; + $bomkey = "Bom:bom/class/bom.class.php:0:t.status=1 AND t.fk_product=".((int) $object->id); print $form->selectForForms($bomkey, 'fk_default_bom', $object->fk_default_bom, 1); print ''; } From a6ddc90d5b263d3e7f704e24b31d0c19646191b1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 23 Aug 2021 23:53:58 +0200 Subject: [PATCH 075/215] Fix responsive --- htdocs/comm/index.php | 14 ++++++++++---- htdocs/comm/propal/index.php | 7 +++++-- htdocs/commande/index.php | 7 +++++-- htdocs/compta/facture/index.php | 28 +++++++++++++++++++++------- htdocs/core/lib/invoice.lib.php | 30 +++++++++++++++++++++--------- htdocs/don/index.php | 12 ++++++------ htdocs/fourn/facture/index.php | 29 ++++++++++++++++++++++------- htdocs/societe/consumption.php | 2 +- 8 files changed, 91 insertions(+), 38 deletions(-) diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index 0087c68bb08..18546332ed0 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -106,10 +106,16 @@ print load_fiche_titre($langs->trans("CommercialArea"), '', 'commercial'); print '
'; -print getCustomerProposalPieChart($socid); -print '
'; -print getCustomerOrderPieChart($socid); -print '
'; +$tmp = getCustomerProposalPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} +$tmp = getCustomerOrderPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} /* * Draft customer proposals diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index e080e36b49c..de2e4a1d64c 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -67,8 +67,11 @@ print load_fiche_titre($langs->trans("ProspectionArea"), '', 'propal'); print '
'; print '
'; -print getCustomerProposalPieChart($socid); -print '
'; +$tmp = getCustomerProposalPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} /* * Draft proposals diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index f7dee2b4062..a794d79e743 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -77,8 +77,11 @@ print load_fiche_titre($langs->trans("OrdersArea"), '', 'order'); print '
'; -print getCustomerOrderPieChart($socid); -print '
'; +$tmp = getCustomerOrderPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} /* diff --git a/htdocs/compta/facture/index.php b/htdocs/compta/facture/index.php index 66a2fccaf08..d3d3a33acb5 100644 --- a/htdocs/compta/facture/index.php +++ b/htdocs/compta/facture/index.php @@ -59,19 +59,33 @@ print load_fiche_titre($langs->trans("CustomersInvoicesArea"), '', 'bill'); print '
'; print '
'; -print getNumberInvoicesPieChart('customers'); -//print getCustomerInvoicePieChart($socid); -print '
'; -print getCustomerInvoiceDraftTable($max, $socid); +$tmp = getNumberInvoicesPieChart('customers'); +if ($tmp) { + print $tmp; + print '
'; +} +$tmp = getCustomerInvoiceDraftTable($max, $socid); +if ($tmp) { + print $tmp; + print '
'; +} print '
'; print '
'; print '
'; -print getCustomerInvoiceLatestEditTable($maxLatestEditCount, $socid); -print '
'; -print getCustomerInvoiceUnpaidOpenTable($max, $socid); +$tmp = getCustomerInvoiceLatestEditTable($maxLatestEditCount, $socid); +if ($tmp) { + print $tmp; + print '
'; +} + +$tmp = getCustomerInvoiceUnpaidOpenTable($max, $socid); +if ($tmp) { + print $tmp; + print '
'; +} print '
'; print '
'; diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index 4be6aa8379e..8f6a97894b9 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -679,7 +679,8 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0) $companystatic->code_compta = $obj->code_compta; $companystatic->code_compta_fournisseur = $obj->code_compta_fournisseur; - $result .= ''; + $result .= ''; + $result .= ''; $result .= $tmpinvoice->getNomUrl(1, ''); $result .= ''; $result .= ''; @@ -807,7 +808,8 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0) $companystatic->code_compta = $obj->code_compta; $companystatic->code_compta_fournisseur = $obj->code_compta_fournisseur; - $result .= ''; + $result .= ''; + $result .= ''; $result .= $facturesupplierstatic->getNomUrl(1, ''); $result .= ''; $result .= ''; @@ -883,7 +885,9 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0) $result .= ''; $result .= ''; - $result .= ''; + $result .= ''; + $result .= ''; + $result .= ''; $result .= ''; if ($num < 1) { @@ -917,7 +921,7 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0) $filename = dol_sanitizeFileName($obj->ref); $filedir = $conf->propal->multidir_output[$obj->entity].'/'.$filename; - $result .= ''; + $result .= ''; $result .= ''; - $result .= ''; + $result .= ''; $result .= ''; + $result .= ''; $result .= ''; $result .= ''; @@ -985,7 +990,9 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0) $result = '
'; $result .= '
'.$langs->trans("LastCustomersBills", $maxCount).''.$langs->trans("LastCustomersBills", $maxCount).''.$langs->trans("AmountTTC").'
'; $result .= ''; @@ -931,8 +935,9 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0) $result .= '
'; $result .= '		'.$companystatic->getNomUrl(1, 'customer').''.$companystatic->getNomUrl(1, 'customer').''.dol_print_date($db->jdate($obj->datec), 'day').''.price($obj->total_ttc).''.$objectstatic->getLibStatut(5).'
'; $result .= ''; - $result .= ''; + $result .= ''; + $result .= ''; + $result .= ''; $result .= ''; if ($num < 1) { @@ -1019,7 +1026,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0) $filename = dol_sanitizeFileName($obj->ref); $filedir = $conf->propal->multidir_output[$obj->entity].'/'.$filename; - $result .= ''; + $result .= ''; $result .= ''; - $result .= ''; + $result .= ''; + $result .= ''; + + $result .= ''; + $result .= ''; $result .= ''; @@ -1341,7 +1352,8 @@ function getPurchaseInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0) $societestatic->code_compta = $obj->code_compta; $societestatic->code_compta_fournisseur = $obj->code_compta_fournisseur; - print ''; + print ''; print ''; diff --git a/htdocs/don/index.php b/htdocs/don/index.php index 2a314068830..e7aaeb8a4bd 100644 --- a/htdocs/don/index.php +++ b/htdocs/don/index.php @@ -174,8 +174,8 @@ foreach ($listofstatus as $status) { print ''; print ''; print ''; - print ''; - print ''; + print ''; + print ''; $totalnb += (!empty($nb[$status]) ? $nb[$status] : 0); $total += (!empty($somme[$status]) ? $somme[$status] : 0); print ""; @@ -183,9 +183,9 @@ foreach ($listofstatus as $status) { print ''; print ''; -print ''; -print ''; -print ''; +print ''; +print ''; +print ''; print ''; print "
'.$langs->trans("BoxTitleLastSupplierBills", $maxCount).''.$langs->trans("BoxTitleLastSupplierBills", $maxCount).''.$langs->trans("AmountTTC").'
'; $result .= ''; @@ -1033,8 +1040,12 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0) $result .= '
'; $result .= '		'.$companystatic->getNomUrl(1, 'supplier').''.$companystatic->getNomUrl(1, 'supplier').''.dol_print_date($db->jdate($obj->datec), 'day').''.price($obj->total_ttc).''.$objectstatic->getLibStatut(5).'
'; + print '
'; print $facstatic->getNomUrl(1, ''); print ''.$societestatic->getNomUrl(1, 'supplier').'
'.$donstatic->LibStatut($status, 4).''.(!empty($nb[$status]) ? $nb[$status] : ' ').''.(!empty($nb[$status]) ?price($somme[$status], 'MT') : ' ').''.(!empty($nb[$status]) ?price(price2num($somme[$status] / $nb[$status], 'MT')) : ' ').''.(!empty($nb[$status]) ? price($somme[$status], 'MT') : ' ').''.(!empty($nb[$status]) ?price(price2num($somme[$status] / $nb[$status], 'MT')) : ' ').'
'.$langs->trans("Total").''.$totalnb.''.price($total, 'MT').''.($totalnb ?price(price2num($total / $totalnb, 'MT')) : ' ').''.$totalnb.''.price($total, 'MT').''.($totalnb ?price(price2num($total / $totalnb, 'MT')) : ' ').'
"; @@ -233,7 +233,7 @@ if ($resql) { print dolGetFirstLastname($obj->lastname, $obj->firstname); print ''; - print ''; + print ''; print price($obj->amount, 1); print ''; diff --git a/htdocs/fourn/facture/index.php b/htdocs/fourn/facture/index.php index c695eed9285..5479ad22462 100644 --- a/htdocs/fourn/facture/index.php +++ b/htdocs/fourn/facture/index.php @@ -58,19 +58,34 @@ print load_fiche_titre($langs->trans("SupplierInvoicesArea"), '', 'supplier_invo print '
'; print '
'; -print getNumberInvoicesPieChart('suppliers'); -//print getPurchaseInvoicePieChart($socid); -print '
'; -print getDraftSupplierTable($maxDraftCount, $socid); +$tmp = getNumberInvoicesPieChart('suppliers'); +if ($tmp) { + print $tmp; + print '
'; +} + +$tmp = getDraftSupplierTable($maxDraftCount, $socid); +if ($tmp) { + print $tmp; + print '
'; +} print '
'; print '
'; print '
'; -print getPurchaseInvoiceLatestEditTable($maxLatestEditCount, $socid); -print '
'; -print getPurchaseInvoiceUnpaidOpenTable($max, $socid); +$tmp = getPurchaseInvoiceLatestEditTable($maxLatestEditCount, $socid); +if ($tmp) { + print $tmp; + print '
'; +} + +$tmp = getPurchaseInvoiceUnpaidOpenTable($max, $socid); +if ($tmp) { + print $tmp; + print '
'; +} print '
'; print '
'; diff --git a/htdocs/societe/consumption.php b/htdocs/societe/consumption.php index cb2802da385..5f996e6f37d 100644 --- a/htdocs/societe/consumption.php +++ b/htdocs/societe/consumption.php @@ -384,7 +384,7 @@ if (empty($elementTypeArray) && !$object->client && !$object->fournisseur) { // Define type of elements $typeElementString = $form->selectarray("type_element", $elementTypeArray, GETPOST('type_element'), $showempty, 0, 0, '', 0, 0, $disabled, '', 'maxwidth150onsmartphone'); -$button = ''; +$button = ''; $param = ''; $param .= "&sref=".urlencode($sref); From 56c314c671e43f07f972a20f9af8d3e0a4505a26 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 24 Aug 2021 00:32:20 +0200 Subject: [PATCH 076/215] Fix translation --- htdocs/langs/en_US/admin.lang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 134cbdf8d9a..f8b3928d97f 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1218,7 +1218,7 @@ SystemAreaForAdminOnly=This area is available to administrator users only. Dolib CompanyFundationDesc=Edit the information of your company/organization. Click on "%s" button at the bottom of the page when done. AccountantDesc=If you have an external accountant/bookkeeper, you can edit here its information. AccountantFileNumber=Accountant code -DisplayDesc=Parameters affecting the look and behaviour of Dolibarr can be modified here. +DisplayDesc=Parameters affecting the look and behaviour of the application can be modified here. AvailableModules=Available app/modules ToActivateModule=To activate modules, go on setup Area (Home->Setup->Modules). SessionTimeOut=Time out for session From 4efe2a0e09f53d03ee1d7d3899e1430e7134842b Mon Sep 17 00:00:00 2001 From: lvessiller Date: Tue, 24 Aug 2021 08:20:40 +0200 Subject: [PATCH 077/215] FIX invoice fetch not found syslog debug level instead of error --- htdocs/compta/facture/class/facture.class.php | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index ea41bd4842a..1d68747b1a5 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1625,10 +1625,10 @@ class Facture extends CommonInvoice } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); - $result = $this->db->query($sql); - if ($result) { - if ($this->db->num_rows($result)) { - $obj = $this->db->fetch_object($result); + $resql = $this->db->query($sql); + if ($resql) { + if ($this->db->num_rows($resql)) { + $obj = $this->db->fetch_object($resql); $this->id = $obj->rowid; $this->entity = $obj->entity; @@ -1730,14 +1730,17 @@ class Facture extends CommonInvoice $this->error = $this->db->error(); return -3; } + + $this->db->free($resql); + return 1; } else { - $this->error = 'Invoice with id='.$rowid.' or ref='.$ref.' or ref_ext='.$ref_ext.' not found'; - dol_syslog(get_class($this)."::fetch Error ".$this->error, LOG_ERR); + dol_syslog(__METHOD__ . ' Invoice with id=' . $rowid . ' or ref=' . $ref . ' or ref_ext=' . $ref_ext . ' not found', LOG_DEBUG); return 0; } } else { - $this->error = $this->db->error(); + $this->error = $this->db->lasterror(); + dol_syslog(__METHOD__ . ' Error : ' . $this->error, LOG_ERR); return -1; } } From edeaa6009fdae793f1963a88d33b16f322227aae Mon Sep 17 00:00:00 2001 From: Francis Appels Date: Tue, 24 Aug 2021 10:48:26 +0200 Subject: [PATCH 078/215] Fix warning on supplier order card when reception enabled. --- htdocs/fourn/commande/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index cc0f67e4b4e..625ecca522f 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -2466,7 +2466,7 @@ if ($action == 'create') { $labelofbutton = $langs->trans('ReceiveProducts'); if ($conf->reception->enabled) { $labelofbutton = $langs->trans("CreateReception"); - if (!empty($object->linkedObjects)) { + if (!empty($object->linkedObjects['reception'])) { foreach ($object->linkedObjects['reception'] as $element) { if ($element->statut >= 0) { $hasreception = 1; From 3c1bdd163fa712203e69b95d2fbf407507d8de47 Mon Sep 17 00:00:00 2001 From: henrynopo Date: Tue, 24 Aug 2021 18:34:34 +0800 Subject: [PATCH 079/215] Update paiementfourn.class.php --- htdocs/fourn/class/paiementfourn.class.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php index 9a664489e4f..28ef8025a98 100644 --- a/htdocs/fourn/class/paiementfourn.class.php +++ b/htdocs/fourn/class/paiementfourn.class.php @@ -223,10 +223,10 @@ class PaiementFourn extends Paiement // If we want to closed paid invoices if ($closepaidinvoices) { $paiement = $invoice->getSommePaiement(); - //$creditnotes=$invoice->getSumCreditNotesUsed(); - $creditnotes = 0; - //$deposits=$invoice->getSumDepositsUsed(); - $deposits = 0; + $creditnotes=$invoice->getSumCreditNotesUsed(); + //$creditnotes = 0; + $deposits=$invoice->getSumDepositsUsed(); + //$deposits = 0; $alreadypayed = price2num($paiement + $creditnotes + $deposits, 'MT'); $remaintopay = price2num($invoice->total_ttc - $paiement - $creditnotes - $deposits, 'MT'); if ($remaintopay == 0) { @@ -238,7 +238,7 @@ class PaiementFourn extends Paiement // Insert one discount by VAT rate category require_once DOL_DOCUMENT_ROOT . '/core/class/discount.class.php'; $discount = new DiscountAbsolute($this->db); - $discount->fetch('', $invoice->id); + $discount->fetch('', 0, $invoice->id); if (empty($discount->id)) { // If the invoice was not yet converted into a discount (this may have been done manually before we come here) $discount->discount_type = 1; // Supplier discount $discount->description = '(DEPOSIT)'; From 366fa13fc0706dee38554b65366f390ced421e23 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 24 Aug 2021 13:19:53 +0200 Subject: [PATCH 080/215] NEW Add property "copytoclipboard" in modulebuilder --- htdocs/core/js/lib_foot.js.php | 30 ++++++++++++++----- htdocs/core/lib/functions.lib.php | 17 ++++++----- htdocs/core/tpl/commonfields_view.tpl.php | 13 ++++++-- .../class/knowledgerecord.class.php | 7 +++-- .../template/class/myobject.class.php | 2 ++ htdocs/theme/eldy/global.inc.php | 8 ++++- htdocs/theme/md/style.css.php | 8 ++++- 7 files changed, 64 insertions(+), 21 deletions(-) diff --git a/htdocs/core/js/lib_foot.js.php b/htdocs/core/js/lib_foot.js.php index 74a7f543bfc..1de4fef0176 100644 --- a/htdocs/core/js/lib_foot.js.php +++ b/htdocs/core/js/lib_foot.js.php @@ -232,23 +232,39 @@ print ' jQuery(\'.clipboardCPButton, .clipboardCPValueToPrint\').click(function() { /* console.log(this.parentNode); */ - console.log("We click on a clipboardCPButton or clipboardCPValueToPrint class"); - if (window.getSelection) { - selection = window.getSelection(); + console.log("We click on a clipboardCPButton or clipboardCPValueToPrint class and we want to copy content of clipboardCPValue class"); + if (window.getSelection) { range = document.createRange(); + + /* We select value to print using the parent. */ + /* We should use the class clipboardCPValue but it may have several element with copy/paste so class to select is not enough */ range.selectNodeContents(this.parentNode.firstChild); - selection.removeAllRanges(); - selection.addRange( range ); + selection = window.getSelection(); /* get the object used for selection */ + selection.removeAllRanges(); /* clear current selection */ + selection.addRange(range); /* make the new selection with the value to copy */ } - document.execCommand( \'copy\' ); + + /* copy selection into clipboard */ + var succeed; + try { + succeed = document.execCommand(\'copy\'); + } catch(e) { + succeed = false; + } + + /* Remove the selection to avoid to see the hidden field to copy selected */ window.getSelection().removeAllRanges(); /* Show message */ var lastchild = this.parentNode.lastChild; var tmp = lastchild.innerHTML - lastchild.innerHTML = \''.dol_escape_js($langs->trans('CopiedToClipboard')).'\'; + if (succeed) { + lastchild.innerHTML = \''.dol_escape_js($langs->trans('CopiedToClipboard')).'\'; + } else { + lastchild.innerHTML = \''.dol_escape_js($langs->trans('Error')).'\'; + } setTimeout(() => { lastchild.innerHTML = tmp; }, 1000); }); });'."\n"; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 496a1d1beb3..ee353269e29 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1286,9 +1286,9 @@ function dol_escape_json($stringtoescape) * Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields. * * @param string $stringtoescape String to escape - * @param int $keepb 1=Keep b tags, 0=remove them completeley + * @param int $keepb 1=Keep b tags, 0=remove them completely * @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a '; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/bom/mod_bom_advanced.php b/htdocs/core/modules/bom/mod_bom_advanced.php index d590c3ff70c..09faf05d7d6 100644 --- a/htdocs/core/modules/bom/mod_bom_advanced.php +++ b/htdocs/core/modules/bom/mod_bom_advanced.php @@ -81,7 +81,7 @@ class mod_bom_advanced extends ModeleNumRefboms $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/cheque/mod_chequereceipt_thyme.php b/htdocs/core/modules/cheque/mod_chequereceipt_thyme.php index 16e0f666774..40d63e63143 100644 --- a/htdocs/core/modules/cheque/mod_chequereceipt_thyme.php +++ b/htdocs/core/modules/cheque/mod_chequereceipt_thyme.php @@ -75,7 +75,7 @@ class mod_chequereceipt_thyme extends ModeleNumRefChequeReceipts $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= ' '; + $texte .= ' '; $texte .= ''; diff --git a/htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php b/htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php index 239ec7639ec..adb26a38e0a 100644 --- a/htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php +++ b/htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php @@ -158,7 +158,7 @@ class doc_generic_order_odt extends ModelePDFCommandes $texte .= $conf->global->COMMANDE_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/commande/mod_commande_saphir.php b/htdocs/core/modules/commande/mod_commande_saphir.php index 8b4ccdfaba7..ffb53480aa3 100644 --- a/htdocs/core/modules/commande/mod_commande_saphir.php +++ b/htdocs/core/modules/commande/mod_commande_saphir.php @@ -81,7 +81,7 @@ class mod_commande_saphir extends ModeleNumRefCommandes $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/contract/mod_contract_magre.php b/htdocs/core/modules/contract/mod_contract_magre.php index dcaee5eadbc..e0c54c1d022 100644 --- a/htdocs/core/modules/contract/mod_contract_magre.php +++ b/htdocs/core/modules/contract/mod_contract_magre.php @@ -86,7 +86,7 @@ class mod_contract_magre extends ModelNumRefContracts $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/delivery/mod_delivery_saphir.php b/htdocs/core/modules/delivery/mod_delivery_saphir.php index d5ac288b52a..7fc9b2e6e52 100644 --- a/htdocs/core/modules/delivery/mod_delivery_saphir.php +++ b/htdocs/core/modules/delivery/mod_delivery_saphir.php @@ -85,7 +85,7 @@ class mod_delivery_saphir extends ModeleNumRefDeliveryOrder $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/expedition/doc/doc_generic_shipment_odt.modules.php b/htdocs/core/modules/expedition/doc/doc_generic_shipment_odt.modules.php index 8a2b6b2b121..5229645afe5 100644 --- a/htdocs/core/modules/expedition/doc/doc_generic_shipment_odt.modules.php +++ b/htdocs/core/modules/expedition/doc/doc_generic_shipment_odt.modules.php @@ -159,7 +159,7 @@ class doc_generic_shipment_odt extends ModelePdfExpedition $texte .= $conf->global->EXPEDITION_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/expedition/mod_expedition_ribera.php b/htdocs/core/modules/expedition/mod_expedition_ribera.php index 79bbcbdb481..736ddc3ab3f 100644 --- a/htdocs/core/modules/expedition/mod_expedition_ribera.php +++ b/htdocs/core/modules/expedition/mod_expedition_ribera.php @@ -81,7 +81,7 @@ class mod_expedition_ribera extends ModelNumRefExpedition $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/expensereport/mod_expensereport_sand.php b/htdocs/core/modules/expensereport/mod_expensereport_sand.php index 482b8c06431..c403aa8c228 100644 --- a/htdocs/core/modules/expensereport/mod_expensereport_sand.php +++ b/htdocs/core/modules/expensereport/mod_expensereport_sand.php @@ -84,7 +84,7 @@ class mod_expensereport_sand extends ModeleNumRefExpenseReport $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php b/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php index 0d360269d46..ec494302e93 100644 --- a/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php +++ b/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php @@ -158,7 +158,7 @@ class doc_generic_invoice_odt extends ModelePDFFactures $texte .= $conf->global->FACTURE_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/facture/mod_facture_mercure.php b/htdocs/core/modules/facture/mod_facture_mercure.php index 32e06f285a9..706c35a9f82 100644 --- a/htdocs/core/modules/facture/mod_facture_mercure.php +++ b/htdocs/core/modules/facture/mod_facture_mercure.php @@ -78,7 +78,7 @@ class mod_facture_mercure extends ModeleNumRefFactures $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("InvoiceStandard").'):'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/fichinter/mod_arctic.php b/htdocs/core/modules/fichinter/mod_arctic.php index 91025817a9d..cb5acddd6e9 100644 --- a/htdocs/core/modules/fichinter/mod_arctic.php +++ b/htdocs/core/modules/fichinter/mod_arctic.php @@ -86,7 +86,7 @@ class mod_arctic extends ModeleNumRefFicheinter $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/holiday/mod_holiday_immaculate.php b/htdocs/core/modules/holiday/mod_holiday_immaculate.php index 000c7881561..84d6638a27e 100644 --- a/htdocs/core/modules/holiday/mod_holiday_immaculate.php +++ b/htdocs/core/modules/holiday/mod_holiday_immaculate.php @@ -86,7 +86,7 @@ class mod_holiday_immaculate extends ModelNumRefHolidays $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/member/doc/doc_generic_member_odt.class.php b/htdocs/core/modules/member/doc/doc_generic_member_odt.class.php index 939c78f32e3..7b2af1e0032 100644 --- a/htdocs/core/modules/member/doc/doc_generic_member_odt.class.php +++ b/htdocs/core/modules/member/doc/doc_generic_member_odt.class.php @@ -154,7 +154,7 @@ class doc_generic_member_odt extends ModelePDFMember $texte .= $conf->global->MEMBER_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/mrp/doc/doc_generic_mo_odt.modules.php b/htdocs/core/modules/mrp/doc/doc_generic_mo_odt.modules.php index e93ecd1af0a..b6ad4c6b8ff 100644 --- a/htdocs/core/modules/mrp/doc/doc_generic_mo_odt.modules.php +++ b/htdocs/core/modules/mrp/doc/doc_generic_mo_odt.modules.php @@ -158,7 +158,7 @@ class doc_generic_mo_odt extends ModelePDFMo $texte .= $conf->global->MRP_MO_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/mrp/mod_mo_advanced.php b/htdocs/core/modules/mrp/mod_mo_advanced.php index 14292f7f896..ba518159dbf 100644 --- a/htdocs/core/modules/mrp/mod_mo_advanced.php +++ b/htdocs/core/modules/mrp/mod_mo_advanced.php @@ -82,7 +82,7 @@ class mod_mo_advanced extends ModeleNumRefMos $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/payment/mod_payment_ant.php b/htdocs/core/modules/payment/mod_payment_ant.php index dca32b26505..958074202fe 100644 --- a/htdocs/core/modules/payment/mod_payment_ant.php +++ b/htdocs/core/modules/payment/mod_payment_ant.php @@ -84,7 +84,7 @@ class mod_payment_ant extends ModeleNumRefPayments $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/product/doc/doc_generic_product_odt.modules.php b/htdocs/core/modules/product/doc/doc_generic_product_odt.modules.php index 1acf50dd95a..05eef305c37 100644 --- a/htdocs/core/modules/product/doc/doc_generic_product_odt.modules.php +++ b/htdocs/core/modules/product/doc/doc_generic_product_odt.modules.php @@ -161,7 +161,7 @@ class doc_generic_product_odt extends ModelePDFProduct $texte .= $conf->global->PRODUCT_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/product/mod_codeproduct_elephant.php b/htdocs/core/modules/product/mod_codeproduct_elephant.php index 0b03bd9b6a4..9e32dc38fab 100644 --- a/htdocs/core/modules/product/mod_codeproduct_elephant.php +++ b/htdocs/core/modules/product/mod_codeproduct_elephant.php @@ -118,7 +118,7 @@ class mod_codeproduct_elephant extends ModeleProductCode $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("ProductCodeModel").'):'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/product_batch/mod_lot_advanced.php b/htdocs/core/modules/product_batch/mod_lot_advanced.php index 8ee857bfbea..0e920483508 100644 --- a/htdocs/core/modules/product_batch/mod_lot_advanced.php +++ b/htdocs/core/modules/product_batch/mod_lot_advanced.php @@ -82,7 +82,7 @@ class mod_lot_advanced extends ModeleNumRefBatch $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; // Option to enable custom masks per product $texte .= ''; diff --git a/htdocs/core/modules/product_batch/mod_sn_advanced.php b/htdocs/core/modules/product_batch/mod_sn_advanced.php index 54c67291d9a..ca24a67c781 100644 --- a/htdocs/core/modules/product_batch/mod_sn_advanced.php +++ b/htdocs/core/modules/product_batch/mod_sn_advanced.php @@ -82,7 +82,7 @@ class mod_sn_advanced extends ModeleNumRefBatch $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; // Option to enable custom masks per product $texte .= ''; diff --git a/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php b/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php index 233180630b0..f86f5b55a9c 100644 --- a/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php +++ b/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php @@ -449,7 +449,7 @@ class doc_generic_project_odt extends ModelePDFProjects $texte .= $conf->global->PROJECT_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/project/mod_project_universal.php b/htdocs/core/modules/project/mod_project_universal.php index 480d19396c3..550d72c4f68 100644 --- a/htdocs/core/modules/project/mod_project_universal.php +++ b/htdocs/core/modules/project/mod_project_universal.php @@ -85,7 +85,7 @@ class mod_project_universal extends ModeleNumRefProjects $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php b/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php index 638ab70bb84..3890c6526bc 100644 --- a/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php +++ b/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php @@ -416,7 +416,7 @@ class doc_generic_task_odt extends ModelePDFTask $texte .= $conf->global->PROJECT_TASK_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/project/task/mod_task_universal.php b/htdocs/core/modules/project/task/mod_task_universal.php index 3a6ef89f3fb..6de02dcaf99 100644 --- a/htdocs/core/modules/project/task/mod_task_universal.php +++ b/htdocs/core/modules/project/task/mod_task_universal.php @@ -85,7 +85,7 @@ class mod_task_universal extends ModeleNumRefTask $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php b/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php index 9c7e0af4df0..bd2fcfa471f 100644 --- a/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php +++ b/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php @@ -160,7 +160,7 @@ class doc_generic_proposal_odt extends ModelePDFPropales $texte .= $conf->global->PROPALE_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/propale/mod_propale_saphir.php b/htdocs/core/modules/propale/mod_propale_saphir.php index ce78f341319..af7579fb142 100644 --- a/htdocs/core/modules/propale/mod_propale_saphir.php +++ b/htdocs/core/modules/propale/mod_propale_saphir.php @@ -87,7 +87,7 @@ class mod_propale_saphir extends ModeleNumRefPropales $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/reception/doc/doc_generic_reception_odt.modules.php b/htdocs/core/modules/reception/doc/doc_generic_reception_odt.modules.php index 93dbc4995b4..34d34ec3e19 100644 --- a/htdocs/core/modules/reception/doc/doc_generic_reception_odt.modules.php +++ b/htdocs/core/modules/reception/doc/doc_generic_reception_odt.modules.php @@ -153,7 +153,7 @@ class doc_generic_reception_odt extends ModelePdfReception $texte .= $conf->global->RECEPTION_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/reception/mod_reception_moonstone.php b/htdocs/core/modules/reception/mod_reception_moonstone.php index 0d0ced20eb4..e1a5669dc09 100644 --- a/htdocs/core/modules/reception/mod_reception_moonstone.php +++ b/htdocs/core/modules/reception/mod_reception_moonstone.php @@ -62,7 +62,7 @@ class mod_reception_moonstone extends ModelNumRefReception $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php b/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php index fdafb22e96b..8b8069ff34f 100644 --- a/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php +++ b/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php @@ -141,7 +141,7 @@ class doc_generic_odt extends ModeleThirdPartyDoc $texte .= ''; $texte .= ''; $texte .= '  '; - $texte .= ''; + $texte .= ''; $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/societe/mod_codeclient_elephant.php b/htdocs/core/modules/societe/mod_codeclient_elephant.php index 705564e7e8e..c18b768a724 100644 --- a/htdocs/core/modules/societe/mod_codeclient_elephant.php +++ b/htdocs/core/modules/societe/mod_codeclient_elephant.php @@ -134,7 +134,7 @@ class mod_codeclient_elephant extends ModeleThirdPartyCode $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("CustomerCodeModel").'):'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/societe/mod_codecompta_aquarium.php b/htdocs/core/modules/societe/mod_codecompta_aquarium.php index 752691b03b8..e03958e58bf 100644 --- a/htdocs/core/modules/societe/mod_codecompta_aquarium.php +++ b/htdocs/core/modules/societe/mod_codecompta_aquarium.php @@ -102,7 +102,7 @@ class mod_codecompta_aquarium extends ModeleAccountancyCode $texte .= $langs->trans('COMPANY_AQUARIUM_CLEAN_REGEX').' = '.$conf->global->COMPANY_AQUARIUM_CLEAN_REGEX."
\n"; } $texte .= ''; - $texte .= ''; + $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/societe/mod_codecompta_digitaria.php b/htdocs/core/modules/societe/mod_codecompta_digitaria.php index 56c5b8e8885..c4887f01383 100644 --- a/htdocs/core/modules/societe/mod_codecompta_digitaria.php +++ b/htdocs/core/modules/societe/mod_codecompta_digitaria.php @@ -125,7 +125,7 @@ class mod_codecompta_digitaria extends ModeleAccountancyCode $texte .= $langs->trans('COMPANY_DIGITARIA_UNIQUE_CODE').' = '.yn(1)."
\n"; } $texte .= ''; - $texte .= ''; + $texte .= ''; $texte .= ''; $texte .= ''; diff --git a/htdocs/core/modules/stock/doc/doc_generic_stock_odt.modules.php b/htdocs/core/modules/stock/doc/doc_generic_stock_odt.modules.php index 5ca5019588a..2e48160d038 100644 --- a/htdocs/core/modules/stock/doc/doc_generic_stock_odt.modules.php +++ b/htdocs/core/modules/stock/doc/doc_generic_stock_odt.modules.php @@ -155,7 +155,7 @@ class doc_generic_stock_odt extends ModelePDFStock $texte .= $conf->global->STOCK_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php b/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php index 57d5798c29e..5fc2737957f 100644 --- a/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php +++ b/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php @@ -95,7 +95,7 @@ class mod_facture_fournisseur_tulip extends ModeleNumRefSuppliersInvoices $texte .= ':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/supplier_order/doc/doc_generic_supplier_order_odt.modules.php b/htdocs/core/modules/supplier_order/doc/doc_generic_supplier_order_odt.modules.php index 3a2775bef82..49ba1ec6cdf 100644 --- a/htdocs/core/modules/supplier_order/doc/doc_generic_supplier_order_odt.modules.php +++ b/htdocs/core/modules/supplier_order/doc/doc_generic_supplier_order_odt.modules.php @@ -159,7 +159,7 @@ class doc_generic_supplier_order_odt extends ModelePDFSuppliersOrders $texte .= $conf->global->SUPPLIER_ORDER_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php b/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php index c691b1448ef..473664cb44c 100644 --- a/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php +++ b/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php @@ -87,7 +87,7 @@ class mod_commande_fournisseur_orchidee extends ModeleNumRefSuppliersOrders $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php b/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php index 19e632a6264..0bc0543e6cd 100644 --- a/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php +++ b/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php @@ -84,7 +84,7 @@ class mod_supplier_payment_brodator extends ModeleNumRefSupplierPayments $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/supplier_proposal/doc/doc_generic_supplier_proposal_odt.modules.php b/htdocs/core/modules/supplier_proposal/doc/doc_generic_supplier_proposal_odt.modules.php index 717818448ec..8cd572a1bcf 100644 --- a/htdocs/core/modules/supplier_proposal/doc/doc_generic_supplier_proposal_odt.modules.php +++ b/htdocs/core/modules/supplier_proposal/doc/doc_generic_supplier_proposal_odt.modules.php @@ -162,7 +162,7 @@ class doc_generic_supplier_proposal_odt extends ModelePDFSupplierProposal $texte .= $conf->global->SUPPLIER_PROPOSAL_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/supplier_proposal/mod_supplier_proposal_saphir.php b/htdocs/core/modules/supplier_proposal/mod_supplier_proposal_saphir.php index 3b8754d9928..e7db54062cb 100644 --- a/htdocs/core/modules/supplier_proposal/mod_supplier_proposal_saphir.php +++ b/htdocs/core/modules/supplier_proposal/mod_supplier_proposal_saphir.php @@ -87,7 +87,7 @@ class mod_supplier_proposal_saphir extends ModeleNumRefSupplierProposal $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/takepos/mod_takepos_ref_universal.php b/htdocs/core/modules/takepos/mod_takepos_ref_universal.php index d103dbe3b0b..b3d26b39511 100644 --- a/htdocs/core/modules/takepos/mod_takepos_ref_universal.php +++ b/htdocs/core/modules/takepos/mod_takepos_ref_universal.php @@ -81,7 +81,7 @@ class mod_takepos_ref_universal extends ModeleNumRefTakepos $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/ticket/doc/doc_generic_ticket_odt.modules.php b/htdocs/core/modules/ticket/doc/doc_generic_ticket_odt.modules.php index 2e6172d4181..82ce006447e 100644 --- a/htdocs/core/modules/ticket/doc/doc_generic_ticket_odt.modules.php +++ b/htdocs/core/modules/ticket/doc/doc_generic_ticket_odt.modules.php @@ -150,7 +150,7 @@ class doc_generic_ticket_odt extends ModelePDFTicket $texte .= $conf->global->TICKET_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/ticket/mod_ticket_universal.php b/htdocs/core/modules/ticket/mod_ticket_universal.php index f60b1f16481..176af782dc7 100644 --- a/htdocs/core/modules/ticket/mod_ticket_universal.php +++ b/htdocs/core/modules/ticket/mod_ticket_universal.php @@ -83,7 +83,7 @@ class mod_ticket_universal extends ModeleNumRefTicket $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/modules/user/doc/doc_generic_user_odt.modules.php b/htdocs/core/modules/user/doc/doc_generic_user_odt.modules.php index 7ca8d29c380..7e07539aa8e 100644 --- a/htdocs/core/modules/user/doc/doc_generic_user_odt.modules.php +++ b/htdocs/core/modules/user/doc/doc_generic_user_odt.modules.php @@ -159,7 +159,7 @@ class doc_generic_user_odt extends ModelePDFUser $texte .= $conf->global->USER_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/usergroup/doc/doc_generic_usergroup_odt.modules.php b/htdocs/core/modules/usergroup/doc/doc_generic_usergroup_odt.modules.php index 5a1bca6377d..cf91120d3f8 100644 --- a/htdocs/core/modules/usergroup/doc/doc_generic_usergroup_odt.modules.php +++ b/htdocs/core/modules/usergroup/doc/doc_generic_usergroup_odt.modules.php @@ -162,7 +162,7 @@ class doc_generic_usergroup_odt extends ModelePDFUserGroup $texte .= $conf->global->USERGROUP_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/core/modules/workstation/mod_workstation_advanced.php b/htdocs/core/modules/workstation/mod_workstation_advanced.php index bf783542c75..2f1a8ae9d71 100755 --- a/htdocs/core/modules/workstation/mod_workstation_advanced.php +++ b/htdocs/core/modules/workstation/mod_workstation_advanced.php @@ -82,7 +82,7 @@ class mod_workstation_advanced extends ModeleNumRefWorkstation $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/core/tpl/bloc_comment.tpl.php b/htdocs/core/tpl/bloc_comment.tpl.php index f30bb0c5c61..a868bb61879 100644 --- a/htdocs/core/tpl/bloc_comment.tpl.php +++ b/htdocs/core/tpl/bloc_comment.tpl.php @@ -49,7 +49,7 @@ if ($action !== 'editcomment') { print ''; print ''; - print ''; + print ''; print ''; } diff --git a/htdocs/core/tpl/resource_add.tpl.php b/htdocs/core/tpl/resource_add.tpl.php index 01c3897f991..64d545ba583 100644 --- a/htdocs/core/tpl/resource_add.tpl.php +++ b/htdocs/core/tpl/resource_add.tpl.php @@ -35,7 +35,7 @@ $out .= '
'.$form->se $out .= '
'.$form->selectyesno('mandatory', (GETPOSTISSET('mandatory') ? GETPOST('mandatory') : 0), 1).'
'; $out .= '
'; -$out .= ''; +$out .= ''; $out .= '
'; $out .= ''; diff --git a/htdocs/datapolicy/admin/setupmail.php b/htdocs/datapolicy/admin/setupmail.php index c25d4c2263d..2ec083b0fa8 100644 --- a/htdocs/datapolicy/admin/setupmail.php +++ b/htdocs/datapolicy/admin/setupmail.php @@ -151,7 +151,7 @@ $doleditor->Create(); print ''; print ''; -print '
'; +print '
'; print ''; diff --git a/htdocs/delivery/card.php b/htdocs/delivery/card.php index b8bd1896412..7d4a3b181e0 100644 --- a/htdocs/delivery/card.php +++ b/htdocs/delivery/card.php @@ -338,7 +338,7 @@ if ($action == 'create') { // Create. Seems to no be used $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($expedition->socid, $expedition->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$expedition->id, $expedition->socid, $expedition->fk_project, 'none', 0, 0, 0, 1); @@ -436,7 +436,7 @@ if ($action == 'create') { // Create. Seems to no be used print ''; print ''; print $form->selectDate($object->date_delivery ? $object->date_delivery : -1, 'liv_', 1, 1, '', "setdate_delivery", 1, 1); - print ''; + print ''; print ''; } else { print $object->date_delivery ? dol_print_date($object->date_delivery, 'dayhour') : ' '; diff --git a/htdocs/don/admin/donation.php b/htdocs/don/admin/donation.php index f14fae538ab..d8b06285be4 100644 --- a/htdocs/don/admin/donation.php +++ b/htdocs/don/admin/donation.php @@ -341,7 +341,7 @@ if (!empty($conf->accounting->enabled)) { print ''; } print ''; -print ''; +print ''; print "\n"; print ''; @@ -353,7 +353,7 @@ print ''; print $langs->trans("FreeTextOnDonations").' '.img_info($langs->trans("AddCRIfTooLong")).'
'; print ''; print ''; -print ''; +print ''; print "\n"; print "\n"; diff --git a/htdocs/don/index.php b/htdocs/don/index.php index 2a314068830..78313698030 100644 --- a/htdocs/don/index.php +++ b/htdocs/don/index.php @@ -106,7 +106,7 @@ if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS)) { // TODO Add a s print ''; print ''; if ($i == 0) { - print ''; + print ''; } print ''; $i++; diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index 676a5cae22c..51ee4794463 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -1679,7 +1679,7 @@ if ($action == 'create') { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); @@ -1750,7 +1750,7 @@ if ($action == 'create') { print ''; print ''; print $form->selectDate($object->date_delivery ? $object->date_delivery : -1, 'liv_', 1, 1, '', "setdate_livraison", 1, 0); - print ''; + print ''; print ''; } else { print $object->date_delivery ? dol_print_date($object->date_delivery, 'dayhour') : ' '; @@ -1886,7 +1886,7 @@ if ($action == 'create') { if ($user->admin) { print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1); } - print ''; + print ''; print ''; } else { if ($object->shipping_method_id > 0) { diff --git a/htdocs/expedition/contact.php b/htdocs/expedition/contact.php index 164935a1437..aea23298fcf 100644 --- a/htdocs/expedition/contact.php +++ b/htdocs/expedition/contact.php @@ -162,7 +162,7 @@ if ($id > 0 || !empty($ref)) { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); diff --git a/htdocs/expedition/document.php b/htdocs/expedition/document.php index 200a4b67aac..43299dad066 100644 --- a/htdocs/expedition/document.php +++ b/htdocs/expedition/document.php @@ -134,7 +134,7 @@ if ($id > 0 || !empty($ref)) { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); diff --git a/htdocs/expedition/note.php b/htdocs/expedition/note.php index d9282481603..5ebc54193da 100644 --- a/htdocs/expedition/note.php +++ b/htdocs/expedition/note.php @@ -123,7 +123,7 @@ if ($id > 0 || !empty($ref)) { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php index 42b8630bd3c..8510e6f3609 100644 --- a/htdocs/expedition/shipment.php +++ b/htdocs/expedition/shipment.php @@ -379,7 +379,7 @@ if ($id > 0 || !empty($ref)) { print ''; print ''; print $form->selectDate($object->delivery_date ? $object->delivery_date : -1, 'liv_', 1, 1, '', "setdate_livraison", 1, 0); - print ''; + print ''; print ''; } else { print dol_print_date($object->delivery_date, 'dayhour'); diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index cc5c3c5e619..72a3fdd654b 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -601,7 +601,7 @@ if ($action == 'create') { print ' '; print $form->selectarray('unit_frequency', array('d'=>$langs->trans('Day'), 'm'=>$langs->trans('Month'), 'y'=>$langs->trans('Year')), ($object->unit_frequency ? $object->unit_frequency : 'm')); print ''; - print ''; + print ''; print ''; } else { if ($object->frequency > 0) { diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index 1b647af00a6..b03cf766c05 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -1491,7 +1491,7 @@ if ($action == 'create') { } print ''; - print ''; + print ''; print ''; //Line extrafield diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 2614c5cede0..93592a231e8 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -2189,7 +2189,7 @@ if ($action == 'create') { $usehourmin = 1; } print $form->selectDate($object->delivery_date ? $object->delivery_date : -1, 'liv_', $usehourmin, $usehourmin, '', "setdate_livraison"); - print ''; + print ''; print ''; } else { $usehourmin = 'day'; @@ -2724,7 +2724,7 @@ if ($action == 'create') { print ''.$langs->trans("Password").''; //Submit button print ''; - print ''; + print ''; print '     '; //Cancel button print ''; @@ -2843,7 +2843,7 @@ if ($action == 'create') { if ($error_occurred) { print "
".$langs->trans("ErrorOccurredReviseAndRetry")."
"; } else { - print ''; + print ''; print '     '; } print ''; diff --git a/htdocs/hrm/admin/admin_hrm.php b/htdocs/hrm/admin/admin_hrm.php index 455035a6b53..810c0da870d 100644 --- a/htdocs/hrm/admin/admin_hrm.php +++ b/htdocs/hrm/admin/admin_hrm.php @@ -117,7 +117,7 @@ print "\n"; print dol_get_fiche_end(); -print '
'; +print '
'; print ''; diff --git a/htdocs/knowledgemanagement/core/modules/knowledgemanagement/mod_knowledgerecord_advanced.php b/htdocs/knowledgemanagement/core/modules/knowledgemanagement/mod_knowledgerecord_advanced.php index 48efbfbc8eb..70cda7254c8 100644 --- a/htdocs/knowledgemanagement/core/modules/knowledgemanagement/mod_knowledgerecord_advanced.php +++ b/htdocs/knowledgemanagement/core/modules/knowledgemanagement/mod_knowledgerecord_advanced.php @@ -81,7 +81,7 @@ class mod_knowledgerecord_advanced extends ModeleNumRefKnowledgeRecord $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/loan/schedule.php b/htdocs/loan/schedule.php index 67be217f0d2..6dae3383d47 100644 --- a/htdocs/loan/schedule.php +++ b/htdocs/loan/schedule.php @@ -335,7 +335,7 @@ if (count($echeances->lines) == 0) { } else { $label = $langs->trans("Save"); } -print '
'; +print '
'; print ''; // End of page diff --git a/htdocs/margin/admin/margin.php b/htdocs/margin/admin/margin.php index 4df01332eb1..2c224678f60 100644 --- a/htdocs/margin/admin/margin.php +++ b/htdocs/margin/admin/margin.php @@ -140,7 +140,7 @@ print '/> '; print $langs->trans('MargeType3'); print ''; print ''; -print ''; +print ''; print ''; print ''.$langs->trans('MarginTypeDesc'); print ''; @@ -215,7 +215,7 @@ print ''; print Form::selectarray('MARGIN_METHODE_FOR_DISCOUNT', $methods, $conf->global->MARGIN_METHODE_FOR_DISCOUNT); print ''; print ''; -print ''; +print ''; print ''; print ''.$langs->trans('MARGIN_METHODE_FOR_DISCOUNT_DETAILS').''; print ''; @@ -233,7 +233,7 @@ $facture = new Facture($db); print $formcompany->selectTypeContact($facture, $conf->global->AGENT_CONTACT_TYPE, "AGENT_CONTACT_TYPE", "internal", "code", 1); print ''; print ''; -print ''; +print ''; print ''; print ''.$langs->trans('AgentContactTypeDetails').''; print ''; diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 0a05266b6ff..027b9ea28bd 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -2717,7 +2717,7 @@ if ($module == 'initmodule') { print ''; print ''; print ''; - print ''; + print ''; print ''; // List of existing properties diff --git a/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php b/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php index f3228915592..4e154b5665d 100644 --- a/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php +++ b/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php @@ -158,7 +158,7 @@ class doc_generic_myobject_odt extends ModelePDFMyObject $texte .= $conf->global->MYMODULE_MYOBJECT_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/modulebuilder/template/core/modules/mymodule/mod_myobject_advanced.php b/htdocs/modulebuilder/template/core/modules/mymodule/mod_myobject_advanced.php index 72b46b96416..b7fd7085783 100644 --- a/htdocs/modulebuilder/template/core/modules/mymodule/mod_myobject_advanced.php +++ b/htdocs/modulebuilder/template/core/modules/mymodule/mod_myobject_advanced.php @@ -81,7 +81,7 @@ class mod_myobject_advanced extends ModeleNumRefMyObject $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/mrp/mo_production.php b/htdocs/mrp/mo_production.php index ca9480eb1ae..678865805d7 100644 --- a/htdocs/mrp/mo_production.php +++ b/htdocs/mrp/mo_production.php @@ -661,7 +661,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''; print $langs->trans("MovementLabel").':

'; print '
'; - print ''; + print ''; print '   '; print ''; print '

'; diff --git a/htdocs/partnership/core/modules/partnership/mod_partnership_advanced.php b/htdocs/partnership/core/modules/partnership/mod_partnership_advanced.php index a536bb59600..5d348843941 100644 --- a/htdocs/partnership/core/modules/partnership/mod_partnership_advanced.php +++ b/htdocs/partnership/core/modules/partnership/mod_partnership_advanced.php @@ -81,7 +81,7 @@ class mod_partnership_advanced extends ModeleNumRefPartnership $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/paybox/admin/paybox.php b/htdocs/paybox/admin/paybox.php index a14729f30ef..bcad50de457 100644 --- a/htdocs/paybox/admin/paybox.php +++ b/htdocs/paybox/admin/paybox.php @@ -285,7 +285,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/paypal/admin/paypal.php b/htdocs/paypal/admin/paypal.php index 46877f6db8a..f4edec7630c 100644 --- a/htdocs/paypal/admin/paypal.php +++ b/htdocs/paypal/admin/paypal.php @@ -333,7 +333,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 45d34f2d0e3..44c7fd9ca51 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -2607,7 +2607,7 @@ if (!empty($conf->global->PRODUCT_ADD_FORM_ADD_TO) && $object->id && ($action == print ''; print '
'; - print ''; + print ''; print '
'; print dol_get_fiche_end(); diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index 9f3390d34af..da8ef2e5b37 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -662,7 +662,7 @@ if (count($listofdata)) { print '
'; print '
'; - print '
'; + print '
'; print '
'; print ''; diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index ece4d8e3298..7e5f134322d 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -623,7 +623,7 @@ if (empty($reshook)) { } print '
'; -print ''; +print ''; print '
'; print ''; @@ -958,7 +958,7 @@ print dol_get_fiche_end(); $value = $langs->trans("CreateOrders"); -print '
'; +print '
'; print ''; diff --git a/htdocs/product/stock/stockatdate.php b/htdocs/product/stock/stockatdate.php index 4892004db72..44269124140 100644 --- a/htdocs/product/stock/stockatdate.php +++ b/htdocs/product/stock/stockatdate.php @@ -373,7 +373,7 @@ if (empty($reshook)) { } print '
'; -print ''; +print ''; print '
'; //print ''; diff --git a/htdocs/projet/admin/website.php b/htdocs/projet/admin/website.php index 04acbaa44aa..893c3765736 100644 --- a/htdocs/projet/admin/website.php +++ b/htdocs/projet/admin/website.php @@ -134,7 +134,7 @@ if (!empty($conf->global->PROJECT_ENABLE_PUBLIC)) { print ''; print '
'; - print ''; + print ''; print '
'; } */ diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php index 3aa5c3b8830..f693d0bf94a 100644 --- a/htdocs/projet/tasks/contact.php +++ b/htdocs/projet/tasks/contact.php @@ -407,7 +407,7 @@ if ($id > 0 || !empty($ref)) { print ''; $formcompany->selectTypeContact($object, '', 'type', 'internal', 'rowid'); print ''; - print ''; + print ''; print ''; // Line to add an external contact. Only if project linked to a third party. diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 3c5dfffba17..630506ad33a 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -710,7 +710,7 @@ if ($action == "view_ticketlist") { print '

'; print '

'; - print ''; + print ''; print "

\n"; print "\n"; diff --git a/htdocs/public/ticket/view.php b/htdocs/public/ticket/view.php index 6485f9fcee2..1270ad6c0fa 100644 --- a/htdocs/public/ticket/view.php +++ b/htdocs/public/ticket/view.php @@ -395,7 +395,7 @@ if ($action == "view_ticket" || $action == "presend" || $action == "close" || $a print '

'; print '

'; - print ''; + print ''; print "

\n"; print "\n"; diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 68f314cdd03..3317288a4e1 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -1325,7 +1325,7 @@ if ($action == 'create') { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); @@ -1403,7 +1403,7 @@ if ($action == 'create') { print ''; print ''; print $form->selectDate($object->date_delivery ? $object->date_delivery : -1, 'liv_', 1, 1, '', "setdate_livraison", 1, 0); - print ''; + print ''; print ''; } else { print $object->date_delivery ? dol_print_date($object->date_delivery, 'dayhour') : ' '; @@ -1540,7 +1540,7 @@ if ($action == 'create') { if ($user->admin) { print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1); } - print ''; + print ''; print ''; } else { if ($object->shipping_method_id > 0) { diff --git a/htdocs/reception/contact.php b/htdocs/reception/contact.php index 609cb0d12b7..ddc28c72896 100644 --- a/htdocs/reception/contact.php +++ b/htdocs/reception/contact.php @@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); diff --git a/htdocs/reception/note.php b/htdocs/reception/note.php index 2c1eb55d7b3..bbf2c80be2f 100644 --- a/htdocs/reception/note.php +++ b/htdocs/reception/note.php @@ -137,7 +137,7 @@ if ($id > 0 || !empty($ref)) { $morehtmlref .= ''; $morehtmlref .= ''; $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; + $morehtmlref .= ''; $morehtmlref .= ''; } else { $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); diff --git a/htdocs/recruitment/admin/public_interface.php b/htdocs/recruitment/admin/public_interface.php index 7b2d72cb835..01a79a87dd8 100644 --- a/htdocs/recruitment/admin/public_interface.php +++ b/htdocs/recruitment/admin/public_interface.php @@ -167,7 +167,7 @@ if (!empty($conf->global->RECRUITMENT_ENABLE_PUBLIC_INTERFACE)) { print ''; print '
'; - print ''; + print ''; print '
'; } */ diff --git a/htdocs/recruitment/core/modules/recruitment/doc/doc_generic_recruitmentjobposition_odt.modules.php b/htdocs/recruitment/core/modules/recruitment/doc/doc_generic_recruitmentjobposition_odt.modules.php index 06b24ec8b65..c037e11f8db 100644 --- a/htdocs/recruitment/core/modules/recruitment/doc/doc_generic_recruitmentjobposition_odt.modules.php +++ b/htdocs/recruitment/core/modules/recruitment/doc/doc_generic_recruitmentjobposition_odt.modules.php @@ -157,7 +157,7 @@ class doc_generic_recruitmentjobposition_odt extends ModelePDFRecruitmentJobPosi $texte .= $conf->global->RECRUITMENT_RECRUITMENTJOBPOSITION_ADDON_PDF_ODT_PATH; $texte .= ''; $texte .= '
'; - $texte .= ''; + $texte .= ''; $texte .= '
'; // Scan directories diff --git a/htdocs/recruitment/core/modules/recruitment/mod_recruitmentjobposition_advanced.php b/htdocs/recruitment/core/modules/recruitment/mod_recruitmentjobposition_advanced.php index 35f5616da68..fcc476abacf 100644 --- a/htdocs/recruitment/core/modules/recruitment/mod_recruitmentjobposition_advanced.php +++ b/htdocs/recruitment/core/modules/recruitment/mod_recruitmentjobposition_advanced.php @@ -81,7 +81,7 @@ class mod_recruitmentjobposition_advanced extends ModeleNumRefRecruitmentJobPosi $texte .= ''.$langs->trans("Mask").':'; $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; - $texte .= '  '; + $texte .= '  '; $texte .= ''; diff --git a/htdocs/salaries/admin/salaries.php b/htdocs/salaries/admin/salaries.php index dc0cc5b14a0..f8ed3f3f7ce 100644 --- a/htdocs/salaries/admin/salaries.php +++ b/htdocs/salaries/admin/salaries.php @@ -133,7 +133,7 @@ print "\n"; //print dol_get_fiche_end(); -print '
'; +print '
'; print '
'; diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index d9bffec142a..f5cd9cc8de7 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -2580,7 +2580,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if ($action == 'editRE') { print ''; $formcompany->select_localtax(1, $object->localtax1_value, "lt1"); - print ''; + print ''; } else { print ''.$object->localtax1_value.''; } @@ -2594,7 +2594,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if ($action == 'editIRPF') { print ''; $formcompany->select_localtax(2, $object->localtax2_value, "lt2"); - print ''; + print ''; } else { print ''.$object->localtax2_value.''; } @@ -2612,7 +2612,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if ($action == 'editRE') { print ''; $formcompany->select_localtax(1, $object->localtax1_value, "lt1"); - print ''; + print ''; } else { print ''.$object->localtax1_value.''; } @@ -2630,7 +2630,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if ($action == 'editIRPF') { print ''; $formcompany->select_localtax(2, $object->localtax2_value, "lt2"); - print ''; + print ''; } else { print ''.$object->localtax2_value.''; } diff --git a/htdocs/societe/notify/card.php b/htdocs/societe/notify/card.php index d62ca943fb1..b52b8b4a650 100644 --- a/htdocs/societe/notify/card.php +++ b/htdocs/societe/notify/card.php @@ -288,7 +288,7 @@ if ($result > 0) { $type = array('email'=>$langs->trans("EMail")); print $form->selectarray("typeid", $type, '', 0, 0, 0, '', 0, 0, 0, '', 'minwidth75imp'); print ''; - print ''; + print ''; print ''; } else { print ''; diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index cc553555b5b..59a99248af5 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -1541,7 +1541,7 @@ if ($action == 'create') { print ''; print ''; print $form->selectDate($object->delivery_date, 'liv_', '', '', '', "editdate_livraison"); - print ''; + print ''; print ''; } else { print dol_print_date($object->delivery_date, 'daytext'); diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index a7e491bd4c6..e2872004323 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -1020,7 +1020,7 @@ if ($action == 'create' || $action == 'presend') { print ''; print ' '; print $form->select_dolusers($user->id, 'fk_user_assign', 1); - print ' '; + print ' '; print ''; } print ''; @@ -1041,7 +1041,7 @@ if ($action == 'create' || $action == 'presend') { print ''; print ''; print ''; - print ' '; + print ' '; print ''; } else { print($object->progress > 0 ? $object->progress : '0').'%'; @@ -1105,7 +1105,7 @@ if ($action == 'create' || $action == 'presend') { print ''; print ''; if (GETPOST('set', 'alpha') == 'properties' && $user->rights->ticket->write) { - print ''; + print ''; } else { // Button to edit Properties if ($object->fk_statut < $object::STATUS_NEED_MORE_INFO && $user->rights->ticket->write) { diff --git a/htdocs/ticket/class/actions_ticket.class.php b/htdocs/ticket/class/actions_ticket.class.php index d7d971b4edc..643c2f34b11 100644 --- a/htdocs/ticket/class/actions_ticket.class.php +++ b/htdocs/ticket/class/actions_ticket.class.php @@ -233,7 +233,7 @@ class ActionsTicket } if (!empty($user->rights->ticket->manage) && $action == 'edit_message_init') { print '
'; - print ' '; + print ' '; print ' '; print '
'; } diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 05b45ebf829..737d1b7b710 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -290,7 +290,7 @@ if ($result > 0) { print $form->selectarray("typeid", $type); print ''; print ''; - print ''; + print ''; print ' '; print ''; print ''; diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 23be98a3b8c..4040963b6b7 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -3542,7 +3542,7 @@ if ($action == 'createsite') { if ($action == 'createsite') { print '
'; - print ''; + print ''; print ''; print '
'; @@ -3980,7 +3980,7 @@ if ($action == 'editmeta' || $action == 'createcontainer') { // Edit properties if ($action == 'createcontainer') { print '
'; - print ''; + print ''; print ''; print '
'; From e4cbc2140e2c0632fe78c6fec43b9e153635bad5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 24 Aug 2021 21:48:38 +0200 Subject: [PATCH 099/215] Fix doc and token renewal with NOSESSION --- htdocs/core/class/hookmanager.class.php | 4 ++-- htdocs/main.inc.php | 2 +- htdocs/modulebuilder/template/myobject_list.php | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/core/class/hookmanager.class.php b/htdocs/core/class/hookmanager.class.php index 45643e26e4c..345de3f5be5 100644 --- a/htdocs/core/class/hookmanager.class.php +++ b/htdocs/core/class/hookmanager.class.php @@ -160,7 +160,7 @@ class HookManager //dol_syslog(get_class($this).'::executeHooks method='.$method." action=".$action." context=".$parameters['context']); // Define type of hook ('output' or 'addreplace'). - // TODO Remove hooks with type 'output'. All hooks must be converted into 'addreplace' hooks. + // TODO Remove hooks with type 'output' (exemple getNomUrl). All hooks must be converted into 'addreplace' hooks. $hooktype = 'output'; if (in_array( $method, @@ -267,7 +267,7 @@ class HookManager $actionclassinstance->error = 0; $actionclassinstance->errors = array(); - dol_syslog(get_class($this)."::executeHooks Qualified hook found (hooktype=".$hooktype."). We call method ".get_class($actionclassinstance).'->'.$method.", context=".$context.", module=".$module.", action=".$action.((is_object($object) && property_exists($object, 'id')) ? ', objectid='.$object->id : ''), LOG_DEBUG); + dol_syslog(get_class($this)."::executeHooks Qualified hook found (hooktype=".$hooktype."). We call method ".get_class($actionclassinstance).'->'.$method.", context=".$context.", module=".$module.", action=".$action.((is_object($object) && property_exists($object, 'id')) ? ', object id='.$object->id : '').((is_object($object) && property_exists($object, 'element')) ? ', object element='.$object->element : ''), LOG_DEBUG); // Add current context to avoid method execution in bad context, you can add this test in your method : eg if($currentcontext != 'formfile') return; $parameters['currentcontext'] = $context; diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index b712879f2fa..6bb5b39507b 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -442,7 +442,7 @@ if ((!empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_VE } // Creation of a token against CSRF vulnerabilities -if (!defined('NOTOKENRENEWAL')) { +if (!defined('NOTOKENRENEWAL') && !defined('NOSESSION')) { // No token renewal on .css.php, .js.php and .json.php if (!preg_match('/\.(css|js|json)\.php$/', $_SERVER["PHP_SELF"])) { // Rolling token at each call ($_SESSION['token'] contains token of previous page) diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index d8c5f84d3de..3656531809a 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -42,6 +42,7 @@ //if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification +//if (! defined('NOSESSION')) define('NOSESSION', '1'); // On CLI mode, no need to use web sessions // Load Dolibarr environment $res = 0; From 29f98041e6edeabf14a95a1e3c255af93d72d1ef Mon Sep 17 00:00:00 2001 From: daraelmin Date: Wed, 25 Aug 2021 08:48:42 +0200 Subject: [PATCH 100/215] conditiion always wrong when on following link --- htdocs/public/payment/newpayment.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index 2a361f03c24..d462acd4ce7 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -1516,7 +1516,7 @@ if ($source == 'member' || $source == 'membersubscription') { $oldtypeid = $member->typeid; $newtypeid = (int) (GETPOSTISSET("typeid") ? GETPOST("typeid", 'int') : $member->typeid); - if ($oldtypeid != $newtypeid && !empty($conf->global->MEMBER_ALLOW_CHANGE_OF_TYPE)) { + if (!empty($conf->global->MEMBER_ALLOW_CHANGE_OF_TYPE)) { require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php'; $adht = new AdherentType($db); // Amount by member type From 701b43d9172fd2d264e2a33a620b2470ebb5bd52 Mon Sep 17 00:00:00 2001 From: daraelmin Date: Wed, 25 Aug 2021 09:01:30 +0200 Subject: [PATCH 101/215] Add MEMBER_ALLOW_CHANGE_OF_TYPE in admin panel --- htdocs/adherents/admin/member.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/htdocs/adherents/admin/member.php b/htdocs/adherents/admin/member.php index d03beec610e..5ff86a45e0e 100644 --- a/htdocs/adherents/admin/member.php +++ b/htdocs/adherents/admin/member.php @@ -225,6 +225,11 @@ print ''.$langs->trans("MemberCreateAnExternalUserForSub print $form->selectyesno('ADHERENT_CREATE_EXTERNAL_USER_LOGIN', (!empty($conf->global->ADHERENT_CREATE_EXTERNAL_USER_LOGIN) ? $conf->global->ADHERENT_CREATE_EXTERNAL_USER_LOGIN : 0), 1); print "\n"; +// Allow members to change type on renewal forms +print ''.$langs->trans("MemberAllowchangeOfType").''; +print $form->selectyesno('ADHERENT_LOGIN_NOT_REQUIRED', (!empty($conf->global->MEMBER_ALLOW_CHANGE_OF_TYPE) ? 0 : 1), 1); +print "\n"; + // Insert subscription into bank account print ''.$langs->trans("MoreActionsOnSubscription").''; $arraychoices = array('0'=>$langs->trans("None")); From 01a6d8296ecc46f3c2ac318a7a230bb278b45ba1 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 25 Aug 2021 09:30:52 +0200 Subject: [PATCH 102/215] NEW Task - Add From/to input on search date --- htdocs/projet/tasks/list.php | 129 ++++++++++++++++++++++++----------- 1 file changed, 91 insertions(+), 38 deletions(-) diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index 8dc369b6a0a..0788b12d868 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -3,6 +3,7 @@ * Copyright (C) 2006-2019 Laurent Destailleur * Copyright (C) 2006-2010 Regis Houssin * Copyright (C) 2018 Ferran Marcet + * Copyright (C) 2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -71,12 +72,22 @@ if ($mine) { $search_task_user = $user->id; $mine = 0; } -$search_sday = GETPOST('search_sday', 'int'); -$search_smonth = GETPOST('search_smonth', 'int'); -$search_syear = GETPOST('search_syear', 'int'); -$search_eday = GETPOST('search_eday', 'int'); -$search_emonth = GETPOST('search_emonth', 'int'); -$search_eyear = GETPOST('search_eyear', 'int'); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); +$search_datelimit_startday = GETPOST('search_datelimit_startday', 'int'); +$search_datelimit_startmonth = GETPOST('search_datelimit_startmonth', 'int'); +$search_datelimit_startyear = GETPOST('search_datelimit_startyear', 'int'); +$search_datelimit_endday = GETPOST('search_datelimit_endday', 'int'); +$search_datelimit_endmonth = GETPOST('search_datelimit_endmonth', 'int'); +$search_datelimit_endyear = GETPOST('search_datelimit_endyear', 'int'); +$search_datelimit_start = dol_mktime(0, 0, 0, $search_datelimit_startmonth, $search_datelimit_startday, $search_datelimit_startyear); +$search_datelimit_end = dol_mktime(23, 59, 59, $search_datelimit_endmonth, $search_datelimit_endday, $search_datelimit_endyear); // Initialize context for list $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'tasklist'; @@ -191,12 +202,22 @@ if (empty($reshook)) { $search_task_progress = ""; $search_task_user = -1; $search_project_user = -1; - $search_sday = ''; - $search_smonth = ''; - $search_syear = ''; - $search_eday = ''; - $search_emonth = ''; - $search_eyear = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; + $search_datelimit_startday = ''; + $search_datelimit_startmonth = ''; + $search_datelimit_startyear = ''; + $search_datelimit_endday = ''; + $search_datelimit_endmonth = ''; + $search_datelimit_endyear = ''; + $search_datelimit_start = ''; + $search_datelimit_end = ''; $toselect = ''; $search_array_options = array(); } @@ -372,8 +393,18 @@ if ($search_task_progress) { if ($search_societe) { $sql .= natural_search('s.nom', $search_societe); } -$sql .= dolSqlDateFilter('t.dateo', $search_sday, $search_smonth, $search_syear); -$sql .= dolSqlDateFilter('t.datee', $search_eday, $search_emonth, $search_eyear); +if ($search_date_start) { + $sql .= " AND t.dateo >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND t.dateo <= '".$db->idate($search_date_end)."'"; +} +if ($search_datelimit_start) { + $sql .= " AND t.datee >= '".$db->idate($search_datelimit_start)."'"; +} +if ($search_datelimit_end) { + $sql .= " AND t.datee <= '".$db->idate($search_datelimit_end)."'"; +} if ($search_all) { $sql .= natural_search(array_keys($fieldstosearchall), $search_all); } @@ -454,23 +485,41 @@ if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) { if ($limit > 0 && $limit != $conf->liste_limit) { $param .= '&limit='.urlencode($limit); } -if ($search_sday) { - $param .= '&search_sday='.urlencode($search_sday); +if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); } -if ($search_smonth) { - $param .= '&search_smonth='.urlencode($search_smonth); +if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); } -if ($search_syear) { - $param .= '&search_syear='.urlencode($search_syear); +if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); } -if ($search_eday) { - $param .= '&search_eday='.urlencode($search_eday); +if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); } -if ($search_emonth) { - $param .= '&search_emonth='.urlencode($search_emonth); +if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); } -if ($search_eyear) { - $param .= '&search_eyear='.urlencode($search_eyear); +if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); +} +if ($search_datelimit_startday) { + $param .= '&search_datelimit_startday='.urlencode($search_datelimit_startday); +} +if ($search_datelimit_startmonth) { + $param .= '&search_datelimit_startmonth='.urlencode($search_datelimit_startmonth); +} +if ($search_datelimit_startyear) { + $param .= '&search_datelimit_startyear='.urlencode($search_datelimit_startyear); +} +if ($search_datelimit_endday) { + $param .= '&search_datelimit_endday='.urlencode($search_datelimit_endday); +} +if ($search_datelimit_endmonth) { + $param .= '&search_datelimit_endmonth='.urlencode($search_datelimit_endmonth); +} +if ($search_datelimit_endyear) { + $param .= '&search_datelimit_endyear='.urlencode($search_datelimit_endyear); } if ($socid) { $param .= '&socid='.urlencode($socid); @@ -646,22 +695,26 @@ if (!empty($arrayfields['t.description']['checked'])) { } // Start date if (!empty($arrayfields['t.dateo']['checked'])) { - print ''; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - print $formother->selectyear($search_syear ? $search_syear : -1, 'search_syear', 1, 20, 5, 0, 0, '', 'valignmiddle width75', 1); + print ''; + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; } // End date if (!empty($arrayfields['t.datee']['checked'])) { - print ''; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - print $formother->selectyear($search_eyear ? $search_eyear : -1, 'search_eyear', 1, 20, 5, 0, 0, '', 'valignmiddle width75', 1); + print ''; + print '
'; + print $form->selectDate($search_datelimit_start ? $search_datelimit_start : -1, 'search_datelimit_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_datelimit_end ? $search_datelimit_end : -1, 'search_datelimit_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + // TODO Add option late + //print '
'.$langs->trans("Alert"); + print '
'; print ''; } if (!empty($arrayfields['p.ref']['checked'])) { From d022b3b0a1e0a1216df7dfda7df266a27e77c1b3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 25 Aug 2021 12:24:13 +0200 Subject: [PATCH 103/215] FIx #18481 --- htdocs/adherents/card.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index b33e03d5855..32a324ce4d6 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -2010,8 +2010,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Generated documents $filename = dol_sanitizeFileName($object->ref); //$filename = 'tmp_cards.php'; - //$filedir = $conf->adherent->dir_output . '/' . get_exdir($object->id, 2, 0, 0, $object, 'member') . dol_sanitizeFileName($object->ref); - $filedir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 0, $object, 'member'); + $filedir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member'); $urlsource = $_SERVER['PHP_SELF'].'?id='.$object->id; $genallowed = $user->rights->adherent->lire; $delallowed = $user->rights->adherent->creer; From 22ec43f4a3d211f5cdcf5ff4d0c11724e832fb50 Mon Sep 17 00:00:00 2001 From: Francis Besset Date: Wed, 25 Aug 2021 13:46:18 +0200 Subject: [PATCH 104/215] Fix bad comparison for fk_unit to avoid always null value for all case --- htdocs/fourn/class/fournisseur.facture.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 7b5bbbc50c5..3eefa40aab5 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -3383,13 +3383,13 @@ class SupplierInvoiceLine extends CommonObjectLine if (empty($this->fk_product)) { $fk_product = "null"; } else { - $fk_product = $this->fk_product; + $fk_product = (int) $this->fk_product; } if (empty($this->fk_unit)) { $fk_unit = "null"; } else { - $fk_unit = "'".$this->db->escape($this->fk_unit)."'"; + $fk_unit = (int) $this->fk_unit; } $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det SET"; @@ -3414,10 +3414,10 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", total_localtax1= ".price2num($this->total_localtax1); $sql .= ", total_localtax2= ".price2num($this->total_localtax2); $sql .= ", total_ttc = ".price2num($this->total_ttc); - $sql .= ", fk_product = ".((int) $fk_product); + $sql .= ", fk_product = ".$fk_product; $sql .= ", product_type = ".((int) $this->product_type); $sql .= ", info_bits = ".((int) $this->info_bits); - $sql .= ", fk_unit = ".($fk_unit > 0 ? (int) $fk_unit : 'null'); + $sql .= ", fk_unit = ".$fk_unit; // Multicurrency $sql .= " , multicurrency_subprice=".price2num($this->multicurrency_subprice).""; From 6c71c6f5e5a94ff5b9df788c33f5df1f43096117 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 25 Aug 2021 14:18:52 +0200 Subject: [PATCH 105/215] Fix trans --- htdocs/langs/en_US/admin.lang | 2 +- htdocs/langs/en_US/orders.lang | 2 +- htdocs/langs/en_US/receptions.lang | 2 +- htdocs/langs/en_US/sendings.lang | 2 +- htdocs/langs/en_US/stocks.lang | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index f8b3928d97f..454df4ed28e 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1421,7 +1421,7 @@ WAREHOUSE_ASK_WAREHOUSE_DURING_ORDER=Ask for Warehouse Source for order ##### Suppliers Orders ##### BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER=Ask for bank account destination of purchase order ##### Orders ##### -SuggestedPaymentModesIfNotDefinedInOrder=Suggested payments mode on sale order by default if not defined on the order +SuggestedPaymentModesIfNotDefinedInOrder=Suggested payments mode on sales order by default if not defined on the order OrdersSetup=Sales Orders management setup OrdersNumberingModules=Orders numbering models OrdersModelModule=Order documents models diff --git a/htdocs/langs/en_US/orders.lang b/htdocs/langs/en_US/orders.lang index 5dab5b99bf1..aa556a6464a 100644 --- a/htdocs/langs/en_US/orders.lang +++ b/htdocs/langs/en_US/orders.lang @@ -17,7 +17,7 @@ ToOrder=Make order MakeOrder=Make order SupplierOrder=Purchase order SuppliersOrders=Purchase orders -SaleOrderLines=Sale order lines +SaleOrderLines=Sales order lines PurchaseOrderLines=Puchase order lines SuppliersOrdersRunning=Current purchase orders CustomerOrder=Sales Order diff --git a/htdocs/langs/en_US/receptions.lang b/htdocs/langs/en_US/receptions.lang index 338602e722e..4ee0555c396 100644 --- a/htdocs/langs/en_US/receptions.lang +++ b/htdocs/langs/en_US/receptions.lang @@ -36,7 +36,7 @@ StatsOnReceptionsOnlyValidated=Statistics conducted on receptions only validated SendReceptionByEMail=Send reception by email SendReceptionRef=Submission of reception %s ActionsOnReception=Events on reception -ReceptionCreationIsDoneFromOrder=For the moment, creation of a new reception is done from the order card. +ReceptionCreationIsDoneFromOrder=For the moment, creation of a new reception is done from the Purchase Order record. ReceptionLine=Reception line ProductQtyInReceptionAlreadySent=Product quantity from open sales order already sent ProductQtyInSuppliersReceptionAlreadyRecevied=Product quantity from open supplier order already received diff --git a/htdocs/langs/en_US/sendings.lang b/htdocs/langs/en_US/sendings.lang index b94891d79c5..8f10b1e9404 100644 --- a/htdocs/langs/en_US/sendings.lang +++ b/htdocs/langs/en_US/sendings.lang @@ -53,7 +53,7 @@ SendShippingByEMail=Send shipment by email SendShippingRef=Submission of shipment %s ActionsOnShipping=Events on shipment LinkToTrackYourPackage=Link to track your package -ShipmentCreationIsDoneFromOrder=For the moment, creation of a new shipment is done from the order card. +ShipmentCreationIsDoneFromOrder=For the moment, creation of a new shipment is done from the Sales Order record. ShipmentLine=Shipment line ProductQtyInCustomersOrdersRunning=Product quantity from open sales orders ProductQtyInSuppliersOrdersRunning=Product quantity from open purchase orders diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index 4396139f1f9..78b095d9f11 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -62,7 +62,7 @@ AllowAddLimitStockByWarehouse=Manage also value for minimum and desired stock pe RuleForWarehouse=Rule for warehouses WarehouseAskWarehouseOnThirparty=Set a warehouse on Third-parties WarehouseAskWarehouseDuringPropal=Set a warehouse on Commercial proposals -WarehouseAskWarehouseDuringOrder=Set a warehouse on Sale orders +WarehouseAskWarehouseDuringOrder=Set a warehouse on Sales Orders UserDefaultWarehouse=Set a warehouse on Users MainDefaultWarehouse=Default warehouse MainDefaultWarehouseUser=Use a default warehouse for each user From 65629711d0722a96f5061b7b8e5dffa224cdb79b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 25 Aug 2021 14:53:14 +0200 Subject: [PATCH 106/215] FIX #18484 --- htdocs/core/actions_massactions.inc.php | 40 +++--- htdocs/core/class/commonobject.class.php | 6 +- htdocs/langs/en_US/orders.lang | 1 + htdocs/reception/list.php | 157 +++++++++++++++-------- 4 files changed, 124 insertions(+), 80 deletions(-) diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index cf412223838..c2538421bfe 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -631,6 +631,8 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. $createbills_onebythird = GETPOST('createbills_onebythird', 'int'); $validate_invoices = GETPOST('validate_invoices', 'int'); + $errors = array(); + $TFact = array(); $TFactThird = array(); @@ -645,18 +647,19 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. if ($cmd->fetch($id_order) <= 0) { continue; } + $cmd->fetch_thirdparty(); $objecttmp = new Facture($db); if (!empty($createbills_onebythird) && !empty($TFactThird[$cmd->socid])) { - $objecttmp = $TFactThird[$cmd->socid]; // If option "one bill per third" is set, we use already created order. + // If option "one bill per third" is set, and an invoice for this thirdparty was already created, we re-use it. + $objecttmp = $TFactThird[$cmd->socid]; } else { - // Load extrafields of order - $cmd->fetch_optionals(); - + // If we want one invoice per order or if there is no first invoice yet for this thirdparty. $objecttmp->socid = $cmd->socid; $objecttmp->type = $objecttmp::TYPE_STANDARD; - $objecttmp->cond_reglement_id = $cmd->cond_reglement_id; - $objecttmp->mode_reglement_id = $cmd->mode_reglement_id; + $objecttmp->cond_reglement_id = ($cmd->cond_reglement_id || $cmd->thirdparty->cond_reglement_id); + $objecttmp->mode_reglement_id = ($cmd->mode_reglement_id || $cmd->thirdparty->mode_reglement_id); + $objecttmp->fk_project = $cmd->fk_project; $objecttmp->multicurrency_code = $cmd->multicurrency_code; if (empty($createbills_onebythird)) { @@ -680,23 +683,20 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. $nb_bills_created++; $lastref = $objecttmp->ref; $lastid = $objecttmp->id; + + $TFactThird[$cmd->socid] = $objecttmp; + } else { + $langs->load("errors"); + $errors[] = $cmd->ref.' : '.$langs->trans($objecttmp->error); + $error++; } } if ($objecttmp->id > 0) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."element_element ("; - $sql .= "fk_source"; - $sql .= ", sourcetype"; - $sql .= ", fk_target"; - $sql .= ", targettype"; - $sql .= ") VALUES ("; - $sql .= $id_order; - $sql .= ", '".$db->escape($objecttmp->origin)."'"; - $sql .= ", ".$objecttmp->id; - $sql .= ", '".$db->escape($objecttmp->element)."'"; - $sql .= ")"; + $res = $objecttmp->add_object_linked($objecttmp->origin, $id_order); - if (!$db->query($sql)) { + if ($res == 0) { + $errors[] = $objecttmp->error; $error++; } @@ -845,7 +845,6 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. } $id = $objecttmp->id; // For builddoc action - $object = $objecttmp; // Builddoc $donotredirect = 1; @@ -854,7 +853,7 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. // Call action to build doc $savobject = $object; - $object = $objecttmp; + $object = $objecttmp; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; $object = $savobject; } @@ -949,6 +948,7 @@ if ($massaction == 'confirm_createbills') { // Create bills from orders. exit; } else { $db->rollback(); + $action = 'create'; $_GET["origin"] = $_POST["origin"]; $_GET["originid"] = $_POST["originid"]; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 1e28afd41e0..5df73f49f5c 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -3577,7 +3577,7 @@ abstract class CommonObject * @param string $origin Linked element type * @param int $origin_id Linked element id * @param User $f_user User that create - * @param int $notrigger 1=Does not execute triggers, 0= execute triggers + * @param int $notrigger 1=Does not execute triggers, 0=execute triggers * @return int <=0 if KO, >0 if OK * @see fetchObjectLinked(), updateObjectLinked(), deleteObjectLinked() */ @@ -3611,9 +3611,9 @@ abstract class CommonObject $sql .= ", fk_target"; $sql .= ", targettype"; $sql .= ") VALUES ("; - $sql .= $origin_id; + $sql .= ((int) $origin_id); $sql .= ", '" . $this->db->escape($origin) . "'"; - $sql .= ", " . $this->id; + $sql .= ", " . ((int) $this->id); $sql .= ", '" . $this->db->escape($this->element) . "'"; $sql .= ")"; diff --git a/htdocs/langs/en_US/orders.lang b/htdocs/langs/en_US/orders.lang index 5dab5b99bf1..9018db40a5b 100644 --- a/htdocs/langs/en_US/orders.lang +++ b/htdocs/langs/en_US/orders.lang @@ -151,6 +151,7 @@ PDFEdisonDescription=A simple order model PDFProformaDescription=A complete Proforma invoice template CreateInvoiceForThisCustomer=Bill orders CreateInvoiceForThisSupplier=Bill orders +CreateInvoiceForThisReceptions=Bill receptions NoOrdersToInvoice=No orders billable CloseProcessedOrdersAutomatically=Classify "Processed" all selected orders. OrderCreation=Order creation diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index dd9f365c39a..e4b519517ea 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -171,87 +171,102 @@ if (empty($reshook)) { $createbills_onebythird = GETPOST('createbills_onebythird', 'int'); $validate_invoices = GETPOST('validate_invoices', 'int'); + $errors = array(); + $TFact = array(); $TFactThird = array(); $nb_bills_created = 0; + $lastid= 0; + $lastref = ''; $db->begin(); - $errors = array(); + foreach ($receptions as $id_reception) { $rcp = new Reception($db); - // On ne facture que les réceptions validées - if ($rcp->fetch($id_reception) <= 0 || $rcp->statut != 1) { + // We only invoice reception that are validated + if ($rcp->fetch($id_reception) <= 0 || $rcp->statut != $rcp::STATUS_VALIDATED) { $errors[] = $langs->trans('StatusOfRefMustBe', $rcp->ref, $langs->transnoentities("StatusSupplierOrderValidatedShort")); $error++; continue; } - $object = new FactureFournisseur($db); + $objecttmp = new FactureFournisseur($db); if (!empty($createbills_onebythird) && !empty($TFactThird[$rcp->socid])) { - $object = $TFactThird[$rcp->socid]; // If option "one bill per third" is set, we use already created reception. - if (empty($object->rowid) && $object->id != null) { - $object->rowid = $object->id; - } - if (!empty($object->rowid)) { - $object->fetchObjectLinked(); - } - $rcp->fetchObjectLinked(); + // If option "one bill per third" is set, and an invoice for this thirdparty was already created, we re-use it. + $objecttmp = $TFactThird[$rcp->socid]; - if (count($rcp->linkedObjectsIds['reception']) > 0) { - foreach ($rcp->linkedObjectsIds['reception'] as $key => $value) { - if (empty($object->linkedObjectsIds['reception']) || !in_array($value, $object->linkedObjectsIds['reception'])) { //Dont try to link if already linked - $object->add_object_linked('reception', $value); // add supplier order linked object + // Add all links of this new reception to the existing invoice + $objecttmp->fetchObjectLinked(); + $rcp->fetchObjectLinked(); + if (count($rcp->linkedObjectsIds['order_supplier']) > 0) { + foreach ($rcp->linkedObjectsIds['order_supplier'] as $key => $value) { + if (empty($objecttmp->linkedObjectsIds['order_supplier']) || !in_array($value, $objecttmp->linkedObjectsIds['order_supplier'])) { //Dont try to link if already linked + $objecttmp->add_object_linked('order_supplier', $value); // add supplier order linked object } } } } else { - $object->socid = $rcp->socid; - $object->type = FactureFournisseur::TYPE_STANDARD; - $object->cond_reglement_id = $rcp->thirdparty->cond_reglement_supplier_id; - $object->mode_reglement_id = $rcp->thirdparty->mode_reglement_supplier_id; - $object->fk_account = !empty($rcp->thirdparty->fk_account) ? $rcp->thirdparty->fk_account : 0; - $object->remise_percent = !empty($rcp->thirdparty->remise_percent) ? $rcp->thirdparty->remise_percent : 0; - $object->remise_absolue = !empty($rcp->thirdparty->remise_absolue) ? $rcp->thirdparty->remise_absolue : 0; + // If we want one invoice per reception or if there is no first invoice yet for this thirdparty. + $objecttmp->socid = $rcp->socid; + $objecttmp->type = $objecttmp::TYPE_STANDARD; + $objecttmp->cond_reglement_id = $rcp->cond_reglement_id || $rcp->thirdparty->cond_reglement_supplier_id; + $objecttmp->mode_reglement_id = $rcp->mode_reglement_id || $rcp->thirdparty->mode_reglement_supplier_id; - $object->fk_project = $rcp->fk_project; - $object->ref_supplier = $rcp->ref_supplier; + $objecttmp->fk_account = !empty($rcp->thirdparty->fk_account) ? $rcp->thirdparty->fk_account : 0; + $objecttmp->remise_percent = !empty($rcp->thirdparty->remise_percent) ? $rcp->thirdparty->remise_percent : 0; + $objecttmp->remise_absolue = !empty($rcp->thirdparty->remise_absolue) ? $rcp->thirdparty->remise_absolue : 0; - $datefacture = dol_mktime(12, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear')); - if (empty($datefacture)) { - $datefacture = dol_mktime(date("h"), date("M"), 0, date("m"), date("d"), date("Y")); + $objecttmp->fk_project = $rcp->fk_project; + //$objecttmp->multicurrency_code = $rcp->multicurrency_code; + if (empty($createbills_onebythird)) { + $objecttmp->ref_supplier = $rcp->ref; + } else { + // Set a unique value for the invoice for the n reception + $objecttmp->ref_supplier = $langs->trans("Reception").' '.dol_print_date(dol_now(), 'dayhourlog').'-'.$rcp->socid; } - $object->date = $datefacture; - $object->origin = 'reception'; - $object->origin_id = $id_reception; + $datefacture = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); + if (empty($datefacture)) { + $datefacture = dol_now(); + } + $objecttmp->date = $datefacture; + $objecttmp->origin = 'reception'; + $objecttmp->origin_id = $id_reception; + + $objecttmp->array_options = $rcp->array_options; // Copy extrafields + + // Set $objecttmp->linked_objects with all links order_supplier existing on reception, so same links will be added to the generated supplier invoice $rcp->fetchObjectLinked(); - if (count($rcp->linkedObjectsIds['reception']) > 0) { - foreach ($rcp->linkedObjectsIds['reception'] as $key => $value) { - $object->linked_objects['reception'] = $value; + if (count($rcp->linkedObjectsIds['order_supplier']) > 0) { + foreach ($rcp->linkedObjectsIds['order_supplier'] as $key => $value) { + $objecttmp->linked_objects['order_supplier'] = $value; } } - $res = $object->create($user); - //var_dump($object->error);exit; + $res = $objecttmp->create($user); // This should create the supplier invoice + links into $objecttmp->linked_objects + add a link to ->origin_id + + //var_dump($objecttmp->error);exit; if ($res > 0) { $nb_bills_created++; - $object->id = $res; + $lastref = $objecttmp->ref; + $lastid = $objecttmp->id; + + $TFactThird[$rcp->socid] = $objecttmp; } else { - $errors[] = $rcp->ref.' : '.$langs->trans($object->error); + $langs->load("errors"); + $errors[] = $rcp->ref.' : '.$langs->trans($objecttmp->error); $error++; } } - if ($object->id > 0) { - if (!empty($createbills_onebythird) && !empty($TFactThird[$rcp->socid])) { //cause function create already add object linked for facturefournisseur - $res = $object->add_object_linked($object->origin, $id_reception); + if ($objecttmp->id > 0) { + $res = $objecttmp->add_object_linked($objecttmp->origin, $id_reception); - if ($res == 0) { - $errors[] = $object->error; - $error++; - } + if ($res == 0) { + $errors[] = $objecttmp->error; + $error++; } if (!$error) { @@ -266,10 +281,15 @@ if (empty($reshook)) { for ($i = 0; $i < $num; $i++) { $desc = ($lines[$i]->desc ? $lines[$i]->desc : $lines[$i]->libelle); + // If we build one invoice for several reception, we must put the ref of reception on the invoice line + if (!empty($createbills_onebythird)) { + $desc = dol_concatdesc($desc, $langs->trans("Reception").' '.$rcp->ref.' - '.dol_print_date($rcp->date, 'day')); + } + if ($lines[$i]->subprice < 0) { // Negative line, we create a discount line $discount = new DiscountAbsolute($db); - $discount->fk_soc = $object->socid; + $discount->fk_soc = $objecttmp->socid; $discount->amount_ht = abs($lines[$i]->total_ht); $discount->amount_tva = abs($lines[$i]->total_tva); $discount->amount_ttc = abs($lines[$i]->total_ttc); @@ -278,7 +298,7 @@ if (empty($reshook)) { $discount->description = $desc; $discountid = $discount->create($user); if ($discountid > 0) { - $result = $object->insert_discount($discountid); + $result = $objecttmp->insert_discount($discountid); //$result=$discount->link_to_invoice($lineid,$id); } else { setEventMessages($discount->error, $discount->errors, 'errors'); @@ -314,7 +334,16 @@ if (empty($reshook)) { if (($lines[$i]->product_type != 9 && empty($lines[$i]->fk_parent_line)) || $lines[$i]->product_type == 9) { $fk_parent_line = 0; } - $result = $object->addline( + + // Extrafields + if (method_exists($lines[$i], 'fetch_optionals')) { + $lines[$i]->fetch_optionals(); + $array_options = $lines[$i]->array_options; + } + + $objecttmp->context['createfromclone']; + + $result = $objecttmp->addline( $desc, $lines[$i]->subprice, $lines[$i]->tva_tx, @@ -359,9 +388,9 @@ if (empty($reshook)) { //$rcp->classifyBilled($user); // Disabled. This behavior must be set or not using the workflow module. if (!empty($createbills_onebythird) && empty($TFactThird[$rcp->socid])) { - $TFactThird[$rcp->socid] = $object; + $TFactThird[$rcp->socid] = $objecttmp; } else { - $TFact[$object->id] = $object; + $TFact[$objecttmp->id] = $objecttmp; } } @@ -371,21 +400,27 @@ if (empty($reshook)) { if (!$error && $validate_invoices) { $massaction = $action = 'builddoc'; - foreach ($TAllFact as &$object) { - $result = $object->validate($user); + foreach ($TAllFact as &$objecttmp) { + $result = $objecttmp->validate($user); if ($result <= 0) { $error++; - setEventMessages($object->error, $object->errors, 'errors'); + setEventMessages($objecttmp->error, $objecttmp->errors, 'errors'); break; } - $id = $object->id; // For builddoc action + $id = $objecttmp->id; // For builddoc action + $object =$objecttmp; // Fac builddoc $donotredirect = 1; $upload_dir = $conf->fournisseur->facture->dir_output; $permissiontoadd = ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer); + + // Call action to build doc + $savobject = $object; + $object = $objecttmp; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; + $object = $savobject; } $massaction = $action = 'confirm_createbills'; @@ -393,9 +428,17 @@ if (empty($reshook)) { if (!$error) { $db->commit(); - setEventMessage($langs->trans('BillCreated', $nb_bills_created)); + + if ($nb_bills_created == 1) { + $texttoshow = $langs->trans('BillXCreated', '{s1}'); + $texttoshow = str_replace('{s1}', ''.$lastref.'', $texttoshow); + setEventMessages($texttoshow, null, 'mesgs'); + } else { + setEventMessages($langs->trans('BillCreated', $nb_bills_created), null, 'mesgs'); + } } else { $db->rollback(); + $action = 'create'; $_GET["origin"] = $_POST["origin"]; $_GET["originid"] = $_POST["originid"]; @@ -597,7 +640,7 @@ $arrayofmassactions = array( ); if ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer) { - $arrayofmassactions['createbills'] = $langs->trans("CreateInvoiceForThisSupplier"); + $arrayofmassactions['createbills'] = $langs->trans("CreateInvoiceForThisReceptions"); } if ($massaction == 'createbills') { $arrayofmassactions = array(); @@ -656,7 +699,7 @@ if ($massaction == 'createbills') { print '
'; print '
'; - print ' '; + print ' '; print ''; print '
'; print '
'; From 873a982fb0309d204f7ddd2d7db8cd7760f24d35 Mon Sep 17 00:00:00 2001 From: LVSInformatique <34772354+plevray@users.noreply.github.com> Date: Wed, 25 Aug 2021 16:09:09 +0200 Subject: [PATCH 107/215] Update list.php --- htdocs/societe/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 3105700ff65..65cd81db370 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -454,7 +454,7 @@ $sql = "SELECT s.rowid, s.nom as name, s.name_alias, s.barcode, s.address, s.tow $sql .= " s.entity,"; $sql .= " st.libelle as stcomm, st.picto as stcomm_picto, s.fk_stcomm as stcomm_id, s.fk_prospectlevel, s.prefix_comm, s.client, s.fournisseur, s.canvas, s.status as status,"; $sql .= " s.email, s.phone, s.fax, s.url, s.siren as idprof1, s.siret as idprof2, s.ape as idprof3, s.idprof4 as idprof4, s.idprof5 as idprof5, s.idprof6 as idprof6, s.tva_intra, s.fk_pays,"; -$sql .= " s.tms as date_update, s.datec as date_creation,"; +$sql .= " s.tms as date_update, s.datec as date_creation, s.import_key,"; $sql .= " s.code_compta, s.code_compta_fournisseur, s.parent as fk_parent,s.price_level,"; $sql .= " s2.nom as name2,"; $sql .= " typent.code as typent_code,"; From 1aedcc54b5015bac945e54ec92084fb2edfef9f2 Mon Sep 17 00:00:00 2001 From: Vincent Dieltiens Date: Wed, 25 Aug 2021 17:25:15 +0200 Subject: [PATCH 108/215] Add hook to reception/list.php to allow add joins --- htdocs/reception/list.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index dd9f365c39a..9f06ce953e6 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -448,6 +448,12 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."delivery as l ON l.rowid = ee.fk_target"; if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } + +// Add joins from hooks +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; + $sql .= " WHERE e.entity IN (".getEntity('reception').")"; if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all $sql .= " AND e.fk_soc = sc.fk_soc"; From 054b466e0a5484d9851cc13d1b36f8a01fd38b5d Mon Sep 17 00:00:00 2001 From: henrynopo Date: Thu, 26 Aug 2021 09:40:44 +0800 Subject: [PATCH 109/215] Update card.php --- htdocs/fourn/facture/card.php | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index b39041542eb..660401e9131 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -3242,7 +3242,11 @@ if ($action == 'create') { if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { print ''; print ''; - print $langs->trans('MulticurrencyRemainderToPay'); + if ($resteapayeraffiche <= 0) { + print $langs->trans('RemainderToPayBackMulticurrency'); + } else { + print $langs->trans('ExcessPaidMulticurrency'); + } print ''; print ''; print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).''; @@ -3272,6 +3276,21 @@ if ($action == 'create') { print ''; print ''; print ''.price($sign * $resteapayeraffiche).''; + + // Remainder to pay back Multicurrency + if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { + print ''; + print ''; + if ($resteapayeraffiche <= 0) { + print $langs->trans('RemainderToPayBackMulticurrency'); + } else { + print $langs->trans('ExcessPaidMulticurrency'); + } + print ''; + print ''; + print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($sign * $object->multicurrency_tx * $resteapayeraffiche, 'MT')).''; + } + print ' '; // Sold credit note From daa34032ff1d9e22c7b9207504f074c9cc0c2275 Mon Sep 17 00:00:00 2001 From: henrynopo Date: Thu, 26 Aug 2021 09:43:02 +0800 Subject: [PATCH 110/215] Update bills.lang --- htdocs/langs/en_US/bills.lang | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/htdocs/langs/en_US/bills.lang b/htdocs/langs/en_US/bills.lang index 0c660de8e22..2d823245623 100644 --- a/htdocs/langs/en_US/bills.lang +++ b/htdocs/langs/en_US/bills.lang @@ -234,12 +234,17 @@ AlreadyPaidBack=Already paid back AlreadyPaidNoCreditNotesNoDeposits=Already paid (without credit notes and down payments) Abandoned=Abandoned RemainderToPay=Remaining unpaid +RemainderToPayMulticurrency=Remaining unpaid, original currency RemainderToTake=Remaining amount to take +RemainderToTakeMulticurrency=Remaining amount to take, original currency RemainderToPayBack=Remaining amount to refund +RemainderToPayBackMulticurrency=Remaining amount to refund, original currency Rest=Pending AmountExpected=Amount claimed ExcessReceived=Excess received +ExcessReceivedMulticurrency=Excess received, original currency ExcessPaid=Excess paid +ExcessPaidMulticurrency=Excess paid, original currency EscompteOffered=Discount offered (payment before term) EscompteOfferedShort=Discount SendBillRef=Submission of invoice %s @@ -590,4 +595,4 @@ FacParentLine=Invoice Line Parent SituationTotalRayToRest=Remainder to pay without taxe PDFSituationTitle=Situation n° %d SituationTotalProgress=Total progress %d %% -SearchUnpaidInvoicesWithDueDate=Search unpaid invoices with a due date = %s \ No newline at end of file +SearchUnpaidInvoicesWithDueDate=Search unpaid invoices with a due date = %s From f6daad448005a34b782b9232f74a8b77c2aff359 Mon Sep 17 00:00:00 2001 From: henrynopo Date: Thu, 26 Aug 2021 10:25:32 +0800 Subject: [PATCH 111/215] Update card.php --- htdocs/compta/facture/card.php | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 31de2bbd4ff..0d74b1a6632 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -5064,24 +5064,30 @@ if ($action == 'create') { // Remainder to pay print ''; print ''; - print $langs->trans('RemainderToPay'); - if ($resteapayeraffiche < 0) { - print ' ('.$langs->trans('ExcessReceived').')'; + if ($resteapayeraffiche >= 0) { + print $langs->trans('RemainderToPay'); + } else { + print $langs->trans('ExcessReceived'); } print ''; print ''; print ''.price($resteapayeraffiche).''; - print ' '; - + // Remainder to pay Multicurrency if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { print ''; print ''; - print $langs->trans('MulticurrencyRemainderToPay'); + if ($resteapayeraffiche >= 0) { + print $langs->trans('RemainderToPayMulticurrency'); + } else { + print $langs->trans('ExcessReceivedMulticurrency'); + } print ''; print ''; print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).''; } + + print ' '; // Retained warranty : usualy use on construction industry if (!empty($object->situation_final) && !empty($object->retained_warranty) && $displayWarranty) { @@ -5122,6 +5128,21 @@ if ($action == 'create') { } print ' :'; print ''.price($sign * $resteapayeraffiche).''; + + // Remainder to pay back Multicurrency + if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { + print ''; + print ''; + if ($resteapayeraffiche <= 0) { + print $langs->trans('RemainderToPayBackMulticurrency'); + } else { + print $langs->trans('ExcessPaidMulticurrency'); + } + print ''; + print ''; + print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($sign * $object->multicurrency_tx * $resteapayeraffiche, 'MT')).''; + } + print ' '; // Sold credit note From bafe22ff77f72424a2d3cb51b83d2636f2db33be Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Thu, 26 Aug 2021 02:29:45 +0000 Subject: [PATCH 112/215] Fixing style errors. --- htdocs/compta/facture/card.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 0d74b1a6632..0386b30dcc5 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -5072,7 +5072,7 @@ if ($action == 'create') { print ''; print ''; print ''.price($resteapayeraffiche).''; - + // Remainder to pay Multicurrency if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { print ''; @@ -5086,7 +5086,7 @@ if ($action == 'create') { print ''; print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).''; } - + print ' '; // Retained warranty : usualy use on construction industry @@ -5128,7 +5128,7 @@ if ($action == 'create') { } print ' :'; print ''.price($sign * $resteapayeraffiche).''; - + // Remainder to pay back Multicurrency if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { print ''; @@ -5142,7 +5142,7 @@ if ($action == 'create') { print ''; print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($sign * $object->multicurrency_tx * $resteapayeraffiche, 'MT')).''; } - + print ' '; // Sold credit note From a0c9cf2d8d0e9b374eb435350e30fe14bd53c9ea Mon Sep 17 00:00:00 2001 From: henrynopo Date: Thu, 26 Aug 2021 12:31:20 +0800 Subject: [PATCH 113/215] Update card.php --- htdocs/expedition/card.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index 582b23aec45..c4ec3504383 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -717,6 +717,16 @@ if (empty($reshook)) { unset($_POST[$qty]); } } + } else { // both product batch and stock are not activated. + $qty = "qtyl".$line_id; + $line->id = $line_id; + $line->qty = GETPOST($qty, 'int'); + $line->entrepot_id = 0; + if ($line->update($user) < 0) { + setEventMessages($line->error, $line->errors, 'errors'); + $error++; + } + unset($_POST[$qty]); } } else { // Product no predefined @@ -2252,6 +2262,16 @@ if ($action == 'create') { print ''; print ''; } + } else { // both product batch and stock are not activated. + print ''; + print ''; + // Qty to ship or shipped + print ''; + // Warehouse source + print ''; + // Batch number managment + print ''; + print ''; } print ''; From 7dc7b746cb1fa809c6b46b40186dacc6b6486aa8 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Thu, 26 Aug 2021 10:32:29 +0200 Subject: [PATCH 114/215] FIx error 500 on restler api PHP 8.0 --- htdocs/ticket/class/api_tickets.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/ticket/class/api_tickets.class.php b/htdocs/ticket/class/api_tickets.class.php index e104d425bf4..f3a9c738aac 100644 --- a/htdocs/ticket/class/api_tickets.class.php +++ b/htdocs/ticket/class/api_tickets.class.php @@ -17,7 +17,7 @@ use Luracast\Restler\RestException; -require 'ticket.class.php'; +require_once DOL_DOCUMENT_ROOT.'/ticket/class/ticket.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/ticket.lib.php'; From ac2fc9c57feeed24368491d2f4bf116c53ccf630 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 26 Aug 2021 11:53:57 +0200 Subject: [PATCH 115/215] Fix import gender man/woman, not 0/1 + import of thirdparty for members --- htdocs/core/modules/modAdherent.class.php | 12 +++++++++++- htdocs/core/modules/modCategorie.class.php | 4 ++-- htdocs/core/modules/modUser.class.php | 2 +- htdocs/langs/en_US/bills.lang | 2 +- htdocs/langs/en_US/exports.lang | 4 ++-- 5 files changed, 17 insertions(+), 7 deletions(-) diff --git a/htdocs/core/modules/modAdherent.class.php b/htdocs/core/modules/modAdherent.class.php index 16ecbee8526..d620c6244b7 100644 --- a/htdocs/core/modules/modAdherent.class.php +++ b/htdocs/core/modules/modAdherent.class.php @@ -344,6 +344,9 @@ class modAdherent extends DolibarrModules 'a.email'=>"Email", 'a.birth'=>"Birthday", 'a.statut'=>"Status*", 'a.photo'=>"Photo", 'a.note_public'=>"NotePublic", 'a.note_private'=>"NotePrivate", 'a.datec'=>'DateCreation', 'a.datefin'=>'DateEndSubscription' ); + if (!empty($conf->societe->enabled)) { + $this->import_fields_array[$r]['a.fk_soc'] = "ThirdParty"; + } // Add extra fields $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'adherent' AND entity IN (0,".$conf->entity.")"; $resql = $this->db->query($sql); @@ -355,16 +358,23 @@ class modAdherent extends DolibarrModules } } // End add extra fields + $this->import_convertvalue_array[$r] = array(); + if (!empty($conf->societe->enabled)) { + $this->import_convertvalue_array[$r]['a.fk_soc'] = array('rule'=>'fetchidfromref', 'classfile'=>'/societe/class/societe.class.php', 'class'=>'Societe', 'method'=>'fetch', 'element'=>'ThirdParty'); + } $this->import_fieldshidden_array[$r] = array('extra.fk_object'=>'lastrowid-'.MAIN_DB_PREFIX.'adherent'); // aliastable.field => ('user->id' or 'lastrowid-'.tableparent) $this->import_regex_array[$r] = array( 'a.civility'=>'code@'.MAIN_DB_PREFIX.'c_civility', 'a.fk_adherent_type'=>'rowid@'.MAIN_DB_PREFIX.'adherent_type', 'a.morphy'=>'(phy|mor)', 'a.statut'=>'^[0|1]', 'a.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', 'a.datefin'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$'); $this->import_examplevalues_array[$r] = array( - 'a.civility'=>"MR", 'a.lastname'=>'Smith', 'a.firstname'=>'John', 'a.login'=>'jsmith', 'a.pass'=>'passofjsmith', 'a.fk_adherent_type'=>'1', + 'a.civility'=>"MR", 'a.lastname'=>'Smith', 'a.firstname'=>'John', 'a.gender'=>'man or woman', 'a.login'=>'jsmith', 'a.pass'=>'passofjsmith', 'a.fk_adherent_type'=>'1', 'a.morphy'=>'"mor" or "phy"', 'a.societe'=>'JS company', 'a.address'=>'21 jump street', 'a.zip'=>'55000', 'a.town'=>'New York', 'a.country'=>'1', 'a.email'=>'jsmith@example.com', 'a.birth'=>'1972-10-10', 'a.statut'=>"0 or 1", 'a.note_public'=>"This is a public comment on member", 'a.note_private'=>"This is private comment on member", 'a.datec'=>dol_print_date($now, '%Y-%m__%d'), 'a.datefin'=>dol_print_date(dol_time_plus_duree($now, 1, 'y'), '%Y-%m-%d') ); + if (!empty($conf->societe->enabled)) { + $this->import_examplevalues_array[$r]['a.fk_soc'] = "rowid or name"; + } // Cronjobs $arraydate = dol_getdate(dol_now()); diff --git a/htdocs/core/modules/modCategorie.class.php b/htdocs/core/modules/modCategorie.class.php index 4f97eed58f0..776c5c76681 100644 --- a/htdocs/core/modules/modCategorie.class.php +++ b/htdocs/core/modules/modCategorie.class.php @@ -501,7 +501,7 @@ class modCategorie extends DolibarrModules 'cs.fk_categorie'=>array('rule'=>'fetchidfromref', 'classfile'=>'/categories/class/categorie.class.php', 'class'=>'Categorie', 'method'=>'fetch', 'element'=>'category'), 'cs.fk_soc'=>array('rule'=>'fetchidfromref', 'classfile'=>'/societe/class/societe.class.php', 'class'=>'Societe', 'method'=>'fetch', 'element'=>'ThirdParty') ); - $this->import_examplevalues_array[$r] = array('cs.fk_categorie'=>"rowid or label", 'cs.fk_soc'=>"rowid or ref"); + $this->import_examplevalues_array[$r] = array('cs.fk_categorie'=>"rowid or label", 'cs.fk_soc'=>"rowid or name"); } // 2 Customers @@ -522,7 +522,7 @@ class modCategorie extends DolibarrModules 'cs.fk_categorie'=>array('rule'=>'fetchidfromref', 'classfile'=>'/categories/class/categorie.class.php', 'class'=>'Categorie', 'method'=>'fetch', 'element'=>'category'), 'cs.fk_soc'=>array('rule'=>'fetchidfromref', 'classfile'=>'/societe/class/societe.class.php', 'class'=>'Societe', 'method'=>'fetch', 'element'=>'ThirdParty') ); - $this->import_examplevalues_array[$r] = array('cs.fk_categorie'=>"rowid or label", 'cs.fk_soc'=>"rowid or ref"); + $this->import_examplevalues_array[$r] = array('cs.fk_categorie'=>"rowid or label", 'cs.fk_soc'=>"rowid or name"); } // 3 Members diff --git a/htdocs/core/modules/modUser.class.php b/htdocs/core/modules/modUser.class.php index 01303892435..e54ac7bd440 100644 --- a/htdocs/core/modules/modUser.class.php +++ b/htdocs/core/modules/modUser.class.php @@ -322,7 +322,7 @@ class modUser extends DolibarrModules 'u.birth'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$' ); $this->import_examplevalues_array[$r] = array( - 'u.lastname'=>"Doe", 'u.firstname'=>'John', 'u.login'=>'jdoe', 'u.employee'=>'0 or 1', 'u.job'=>'CTO', 'u.gender'=>'0 or 1', + 'u.lastname'=>"Doe", 'u.firstname'=>'John', 'u.login'=>'jdoe', 'u.employee'=>'0 or 1', 'u.job'=>'CTO', 'u.gender'=>'man or woman', 'u.pass_crypted'=>'Encrypted password', 'u.fk_soc'=>'0 (internal user) or company name (external user)', 'u.datec'=>dol_print_date(dol_now(), '%Y-%m-%d'), 'u.address'=>"61 jump street", 'u.zip'=>"123456", 'u.town'=>"Big town", 'u.fk_country'=>'US, FR, DE...', 'u.office_phone'=>"0101010101", 'u.office_fax'=>"0101010102", diff --git a/htdocs/langs/en_US/bills.lang b/htdocs/langs/en_US/bills.lang index a921aac9e48..c37b58fee8c 100644 --- a/htdocs/langs/en_US/bills.lang +++ b/htdocs/langs/en_US/bills.lang @@ -570,7 +570,7 @@ ToCreateARecurringInvoiceGene=To generate future invoices regularly and manually ToCreateARecurringInvoiceGeneAuto=If you need to have such invoices generated automatically, ask your administrator to enable and setup module %s. Note that both methods (manual and automatic) can be used together with no risk of duplication. DeleteRepeatableInvoice=Delete template invoice ConfirmDeleteRepeatableInvoice=Are your sure you want to delete the template invoice? -CreateOneBillByThird=Create one invoice per third party (otherwise, one invoice per order) +CreateOneBillByThird=Create one invoice per third party (otherwise, one invoice per selected object) BillCreated=%s invoice(s) generated BillXCreated=Invoice %s generated StatusOfGeneratedDocuments=Status of document generation diff --git a/htdocs/langs/en_US/exports.lang b/htdocs/langs/en_US/exports.lang index cb652229825..f2f2d2cf587 100644 --- a/htdocs/langs/en_US/exports.lang +++ b/htdocs/langs/en_US/exports.lang @@ -96,8 +96,8 @@ DataComeFromFileFieldNb=Value to insert comes from field number %s in sou DataComeFromIdFoundFromRef=Value that comes from field number %s of source file will be used to find the id of the parent object to use (so the object %s that has the ref. from source file must exist in the database). DataComeFromIdFoundFromCodeId=Code that comes from field number %s of source file will be used to find the id of the parent object to use (so the code from source file must exist in the dictionary %s). Note that if you know the id, you can also use it in the source file instead of the code. Import should work in both cases. DataIsInsertedInto=Data coming from source file will be inserted into the following field: -DataIDSourceIsInsertedInto=The id of parent object was found using the data in the source file, will be inserted into the following field: -DataCodeIDSourceIsInsertedInto=The id of parent line found from code, will be inserted into following field: +DataIDSourceIsInsertedInto=The id of the parent object, that was found using the data in the source file, will be inserted into the following field: +DataCodeIDSourceIsInsertedInto=The id of the parent line, that was found from code, will be inserted into the following field: SourceRequired=Data value is mandatory SourceExample=Example of possible data value ExampleAnyRefFoundIntoElement=Any ref found for element %s From 931f712c5fbe3bc2ef70d1ad5a1a7505939cbd9a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 26 Aug 2021 11:53:57 +0200 Subject: [PATCH 116/215] Fix import gender man/woman, not 0/1 + import of thirdparty for members --- htdocs/core/modules/modAdherent.class.php | 12 +++++++++++- htdocs/core/modules/modCategorie.class.php | 4 ++-- htdocs/core/modules/modUser.class.php | 2 +- htdocs/langs/en_US/bills.lang | 2 +- htdocs/langs/en_US/exports.lang | 4 ++-- 5 files changed, 17 insertions(+), 7 deletions(-) diff --git a/htdocs/core/modules/modAdherent.class.php b/htdocs/core/modules/modAdherent.class.php index 16ecbee8526..d620c6244b7 100644 --- a/htdocs/core/modules/modAdherent.class.php +++ b/htdocs/core/modules/modAdherent.class.php @@ -344,6 +344,9 @@ class modAdherent extends DolibarrModules 'a.email'=>"Email", 'a.birth'=>"Birthday", 'a.statut'=>"Status*", 'a.photo'=>"Photo", 'a.note_public'=>"NotePublic", 'a.note_private'=>"NotePrivate", 'a.datec'=>'DateCreation', 'a.datefin'=>'DateEndSubscription' ); + if (!empty($conf->societe->enabled)) { + $this->import_fields_array[$r]['a.fk_soc'] = "ThirdParty"; + } // Add extra fields $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'adherent' AND entity IN (0,".$conf->entity.")"; $resql = $this->db->query($sql); @@ -355,16 +358,23 @@ class modAdherent extends DolibarrModules } } // End add extra fields + $this->import_convertvalue_array[$r] = array(); + if (!empty($conf->societe->enabled)) { + $this->import_convertvalue_array[$r]['a.fk_soc'] = array('rule'=>'fetchidfromref', 'classfile'=>'/societe/class/societe.class.php', 'class'=>'Societe', 'method'=>'fetch', 'element'=>'ThirdParty'); + } $this->import_fieldshidden_array[$r] = array('extra.fk_object'=>'lastrowid-'.MAIN_DB_PREFIX.'adherent'); // aliastable.field => ('user->id' or 'lastrowid-'.tableparent) $this->import_regex_array[$r] = array( 'a.civility'=>'code@'.MAIN_DB_PREFIX.'c_civility', 'a.fk_adherent_type'=>'rowid@'.MAIN_DB_PREFIX.'adherent_type', 'a.morphy'=>'(phy|mor)', 'a.statut'=>'^[0|1]', 'a.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', 'a.datefin'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$'); $this->import_examplevalues_array[$r] = array( - 'a.civility'=>"MR", 'a.lastname'=>'Smith', 'a.firstname'=>'John', 'a.login'=>'jsmith', 'a.pass'=>'passofjsmith', 'a.fk_adherent_type'=>'1', + 'a.civility'=>"MR", 'a.lastname'=>'Smith', 'a.firstname'=>'John', 'a.gender'=>'man or woman', 'a.login'=>'jsmith', 'a.pass'=>'passofjsmith', 'a.fk_adherent_type'=>'1', 'a.morphy'=>'"mor" or "phy"', 'a.societe'=>'JS company', 'a.address'=>'21 jump street', 'a.zip'=>'55000', 'a.town'=>'New York', 'a.country'=>'1', 'a.email'=>'jsmith@example.com', 'a.birth'=>'1972-10-10', 'a.statut'=>"0 or 1", 'a.note_public'=>"This is a public comment on member", 'a.note_private'=>"This is private comment on member", 'a.datec'=>dol_print_date($now, '%Y-%m__%d'), 'a.datefin'=>dol_print_date(dol_time_plus_duree($now, 1, 'y'), '%Y-%m-%d') ); + if (!empty($conf->societe->enabled)) { + $this->import_examplevalues_array[$r]['a.fk_soc'] = "rowid or name"; + } // Cronjobs $arraydate = dol_getdate(dol_now()); diff --git a/htdocs/core/modules/modCategorie.class.php b/htdocs/core/modules/modCategorie.class.php index 4f97eed58f0..776c5c76681 100644 --- a/htdocs/core/modules/modCategorie.class.php +++ b/htdocs/core/modules/modCategorie.class.php @@ -501,7 +501,7 @@ class modCategorie extends DolibarrModules 'cs.fk_categorie'=>array('rule'=>'fetchidfromref', 'classfile'=>'/categories/class/categorie.class.php', 'class'=>'Categorie', 'method'=>'fetch', 'element'=>'category'), 'cs.fk_soc'=>array('rule'=>'fetchidfromref', 'classfile'=>'/societe/class/societe.class.php', 'class'=>'Societe', 'method'=>'fetch', 'element'=>'ThirdParty') ); - $this->import_examplevalues_array[$r] = array('cs.fk_categorie'=>"rowid or label", 'cs.fk_soc'=>"rowid or ref"); + $this->import_examplevalues_array[$r] = array('cs.fk_categorie'=>"rowid or label", 'cs.fk_soc'=>"rowid or name"); } // 2 Customers @@ -522,7 +522,7 @@ class modCategorie extends DolibarrModules 'cs.fk_categorie'=>array('rule'=>'fetchidfromref', 'classfile'=>'/categories/class/categorie.class.php', 'class'=>'Categorie', 'method'=>'fetch', 'element'=>'category'), 'cs.fk_soc'=>array('rule'=>'fetchidfromref', 'classfile'=>'/societe/class/societe.class.php', 'class'=>'Societe', 'method'=>'fetch', 'element'=>'ThirdParty') ); - $this->import_examplevalues_array[$r] = array('cs.fk_categorie'=>"rowid or label", 'cs.fk_soc'=>"rowid or ref"); + $this->import_examplevalues_array[$r] = array('cs.fk_categorie'=>"rowid or label", 'cs.fk_soc'=>"rowid or name"); } // 3 Members diff --git a/htdocs/core/modules/modUser.class.php b/htdocs/core/modules/modUser.class.php index 01303892435..e54ac7bd440 100644 --- a/htdocs/core/modules/modUser.class.php +++ b/htdocs/core/modules/modUser.class.php @@ -322,7 +322,7 @@ class modUser extends DolibarrModules 'u.birth'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$' ); $this->import_examplevalues_array[$r] = array( - 'u.lastname'=>"Doe", 'u.firstname'=>'John', 'u.login'=>'jdoe', 'u.employee'=>'0 or 1', 'u.job'=>'CTO', 'u.gender'=>'0 or 1', + 'u.lastname'=>"Doe", 'u.firstname'=>'John', 'u.login'=>'jdoe', 'u.employee'=>'0 or 1', 'u.job'=>'CTO', 'u.gender'=>'man or woman', 'u.pass_crypted'=>'Encrypted password', 'u.fk_soc'=>'0 (internal user) or company name (external user)', 'u.datec'=>dol_print_date(dol_now(), '%Y-%m-%d'), 'u.address'=>"61 jump street", 'u.zip'=>"123456", 'u.town'=>"Big town", 'u.fk_country'=>'US, FR, DE...', 'u.office_phone'=>"0101010101", 'u.office_fax'=>"0101010102", diff --git a/htdocs/langs/en_US/bills.lang b/htdocs/langs/en_US/bills.lang index 0c660de8e22..a835ec8475d 100644 --- a/htdocs/langs/en_US/bills.lang +++ b/htdocs/langs/en_US/bills.lang @@ -570,7 +570,7 @@ ToCreateARecurringInvoiceGene=To generate future invoices regularly and manually ToCreateARecurringInvoiceGeneAuto=If you need to have such invoices generated automatically, ask your administrator to enable and setup module %s. Note that both methods (manual and automatic) can be used together with no risk of duplication. DeleteRepeatableInvoice=Delete template invoice ConfirmDeleteRepeatableInvoice=Are your sure you want to delete the template invoice? -CreateOneBillByThird=Create one invoice per third party (otherwise, one invoice per order) +CreateOneBillByThird=Create one invoice per third party (otherwise, one invoice per selected object) BillCreated=%s invoice(s) generated BillXCreated=Invoice %s generated StatusOfGeneratedDocuments=Status of document generation diff --git a/htdocs/langs/en_US/exports.lang b/htdocs/langs/en_US/exports.lang index cb652229825..f2f2d2cf587 100644 --- a/htdocs/langs/en_US/exports.lang +++ b/htdocs/langs/en_US/exports.lang @@ -96,8 +96,8 @@ DataComeFromFileFieldNb=Value to insert comes from field number %s in sou DataComeFromIdFoundFromRef=Value that comes from field number %s of source file will be used to find the id of the parent object to use (so the object %s that has the ref. from source file must exist in the database). DataComeFromIdFoundFromCodeId=Code that comes from field number %s of source file will be used to find the id of the parent object to use (so the code from source file must exist in the dictionary %s). Note that if you know the id, you can also use it in the source file instead of the code. Import should work in both cases. DataIsInsertedInto=Data coming from source file will be inserted into the following field: -DataIDSourceIsInsertedInto=The id of parent object was found using the data in the source file, will be inserted into the following field: -DataCodeIDSourceIsInsertedInto=The id of parent line found from code, will be inserted into following field: +DataIDSourceIsInsertedInto=The id of the parent object, that was found using the data in the source file, will be inserted into the following field: +DataCodeIDSourceIsInsertedInto=The id of the parent line, that was found from code, will be inserted into the following field: SourceRequired=Data value is mandatory SourceExample=Example of possible data value ExampleAnyRefFoundIntoElement=Any ref found for element %s From f482be84bff2102fca52ded5415f69f8331f33ef Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Thu, 26 Aug 2021 12:35:31 +0200 Subject: [PATCH 117/215] New : rest api GET orders shipements --- htdocs/commande/class/api_orders.class.php | 48 ++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index 745fea5ab76..9d2dd3c8317 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -966,7 +966,55 @@ class Orders extends DolibarrApi return $this->_cleanObjectDatas($this->commande); } + /** + * Get the shipments of an order + * + * + * @param int $id Id of the order + * + * @url GET {id}/shipment + * + * @throws RestException 401 + * @throws RestException 404 + * @throws RestException 500 + * + * @return array + */ + public function getOrderShipements($id) + { + require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; + if (!DolibarrApiAccess::$user->rights->expedition->lire) { + throw new RestException(401); + } + $sql = "SELECT t.rowid"; + $sql .= " FROM ".MAIN_DB_PREFIX."expedition as t"; + $sql .= " JOIN ".MAIN_DB_PREFIX."expeditiondet as tdet"; + $sql .= " ON t.rowid = tdet.rowid"; + $sql .= " WHERE tdet.fk_origin_line = ".$id; + $sql .= $this->db->order("t.rowid", "ASC"); + dol_syslog("API Rest request"); + $result = $this->db->query($sql); + + if ($result) { + $num = $this->db->num_rows($result); + if ($num <= 0) { + throw new RestException(404, 'Shipments not found '); + } + $i = 0; + while ($i < $num) { + $obj = $this->db->fetch_object($result); + $shipment_static = new Expedition($this->db); + if ($shipment_static->fetch($obj->rowid)) { + $obj_ret[] = $this->_cleanObjectDatas($shipment_static); + } + $i++; + } + } else { + throw new RestException(500, 'Error when retrieve shipment list : '.$this->db->lasterror()); + } + return $obj_ret; + } // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore /** From ac55a052b2198e0b31d6d7306d90b9ccb500afe6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 26 Aug 2021 12:41:37 +0200 Subject: [PATCH 118/215] Fix warning abuot external users shown only if appropriate --- htdocs/user/perms.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 692b3dc08af..391682b2d6d 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -258,8 +258,8 @@ print '
'; if ($user->admin) { print info_admin($langs->trans("WarningOnlyPermissionOfActivatedModules")); } -// Show warning about external users -if (empty($user->socid)) { +// If edited user is an extern user, we show warning for external users +if (! empty($object->socid)) { print info_admin(showModulesExludedForExternal($modules))."\n"; } From ac803f7247291a3c2c27d96e75fead86e61efa47 Mon Sep 17 00:00:00 2001 From: mbinformatique68 Date: Thu, 26 Aug 2021 14:36:12 +0200 Subject: [PATCH 119/215] NEW Added address field into contacts list --- htdocs/contact/list.php | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index a63a1bf7e49..dac21970a84 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -89,6 +89,7 @@ $search_categ_thirdparty = GETPOST("search_categ_thirdparty", 'int'); $search_categ_supplier = GETPOST("search_categ_supplier", 'int'); $search_status = GETPOST("search_status", 'int'); $search_type = GETPOST('search_type', 'alpha'); +$search_address = GETPOST('search_address', 'alpha'); $search_zip = GETPOST('search_zip', 'alpha'); $search_town = GETPOST('search_town', 'alpha'); $search_import_key = GETPOST("search_import_key", "alpha"); @@ -260,6 +261,7 @@ if (empty($reshook)) { $search_firstname = ""; $search_societe = ""; $search_town = ""; + $search_address = ""; $search_zip = ""; $search_country = ""; $search_poste = ""; @@ -353,7 +355,7 @@ if ($resql) { } $sql = "SELECT s.rowid as socid, s.nom as name,"; -$sql .= " p.rowid, p.lastname as lastname, p.statut, p.firstname, p.zip, p.town, p.poste, p.email, p.no_email,"; +$sql .= " p.rowid, p.lastname as lastname, p.statut, p.firstname, p.address, p.zip, p.town, p.poste, p.email, p.no_email,"; $sql .= " p.socialnetworks, p.photo,"; $sql .= " p.phone as phone_pro, p.phone_mobile, p.phone_perso, p.fax, p.fk_pays, p.priv, p.datec as date_creation, p.tms as date_update,"; $sql .= " st.libelle as stcomm, st.picto as stcomm_picto, p.fk_stcommcontact as stcomm_id, p.fk_prospectcontactlevel,"; @@ -485,6 +487,9 @@ if (!empty($conf->socialnetworks->enabled)) { if (strlen($search_email)) { $sql .= natural_search('p.email', $search_email); } +if (strlen($search_address)) { + $sql .= natural_search("p.address", $search_address); +} if (strlen($search_zip)) { $sql .= natural_search("p.zip", $search_zip); } @@ -594,6 +599,9 @@ if ($search_firstname != '') { if ($search_societe != '') { $param .= '&search_societe='.urlencode($search_societe); } +if ($search_address != '') { + $param .= '&search_address='.urlencode($search_address); +} if ($search_zip != '') { $param .= '&search_zip='.urlencode($search_zip); } @@ -775,6 +783,11 @@ if (!empty($arrayfields['p.poste']['checked'])) { print ''; print ''; } +if (!empty($arrayfields['p.address']['checked'])) { + print ''; + print ''; + print ''; +} if (!empty($arrayfields['p.zip']['checked'])) { print ''; print ''; @@ -923,6 +936,9 @@ if (!empty($arrayfields['p.firstname']['checked'])) { if (!empty($arrayfields['p.poste']['checked'])) { print_liste_field_titre($arrayfields['p.poste']['label'], $_SERVER["PHP_SELF"], "p.poste", $begin, $param, '', $sortfield, $sortorder); } +if (!empty($arrayfields['p.address']['checked'])) { + print_liste_field_titre($arrayfields['p.address']['label'], $_SERVER["PHP_SELF"], "p.address", $begin, $param, '', $sortfield, $sortorder); +} if (!empty($arrayfields['p.zip']['checked'])) { print_liste_field_titre($arrayfields['p.zip']['label'], $_SERVER["PHP_SELF"], "p.zip", $begin, $param, '', $sortfield, $sortorder); } @@ -1016,6 +1032,7 @@ while ($i < min($num, $limit)) { $contactstatic->phone_pro = $obj->phone_pro; $contactstatic->phone_perso = $obj->phone_perso; $contactstatic->phone_mobile = $obj->phone_mobile; + $contactstatic->address = $obj->address; $contactstatic->zip = $obj->zip; $contactstatic->town = $obj->town; $contactstatic->socialnetworks = $arraysocialnetworks; @@ -1059,6 +1076,13 @@ while ($i < min($num, $limit)) { $totalarray['nbfield']++; } } + // Address + if (!empty($arrayfields['p.address']['checked'])) { + print ''.$obj->address.''; + if (!$i) { + $totalarray['nbfield']++; + } + } // Zip if (!empty($arrayfields['p.zip']['checked'])) { print ''.$obj->zip.''; From ac7f0f8a4e4de247af3d1257cdf87e13ca4ce978 Mon Sep 17 00:00:00 2001 From: Christian Foellmann Date: Thu, 26 Aug 2021 15:04:59 +0200 Subject: [PATCH 120/215] add hook 'functionGetEntity' to manipulate entities for queries on the fly --- htdocs/core/class/hookmanager.class.php | 1 + htdocs/core/lib/functions.lib.php | 24 +++++++++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/htdocs/core/class/hookmanager.class.php b/htdocs/core/class/hookmanager.class.php index 345de3f5be5..458104b8790 100644 --- a/htdocs/core/class/hookmanager.class.php +++ b/htdocs/core/class/hookmanager.class.php @@ -188,6 +188,7 @@ class HookManager 'formConfirm', 'getAccessForbiddenMessage', 'getDirList', + 'functionGetEntity', 'getFormMail', 'getFormatedCustomerRef', 'getFormatedSupplierRef', diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index ee353269e29..93485c5f12a 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -104,7 +104,7 @@ function getDoliDBInstance($type, $host, $user, $pass, $name, $port) */ function getEntity($element, $shared = 1, $currentobject = null) { - global $conf, $mc; + global $conf, $mc, $hookmanager, $object; // fix different element names (France to English) switch ($element) { @@ -117,7 +117,7 @@ function getEntity($element, $shared = 1, $currentobject = null) } if (is_object($mc)) { - return $mc->getEntity($element, $shared, $currentobject); + $out = $mc->getEntity($element, $shared, $currentobject); } else { $out = ''; $addzero = array('user', 'usergroup', 'c_email_templates', 'email_template', 'default_values'); @@ -125,8 +125,26 @@ function getEntity($element, $shared = 1, $currentobject = null) $out .= '0,'; } $out .= ((int) $conf->entity); - return $out; } + + // Manipulate entities to query on the fly + $parameters = array( + 'object' => $object, + 'currentobject' => $currentobject, + 'element' => $element, + 'shared' => $shared, + ); + $reshook = $hookmanager->executeHooks('functionGetEntity', $parameters, $out, $element); // Note that $action and $object may have been modified by some hooks + + if (is_numeric($reshook)) { + if ($reshook == 0 && !empty($hookmanager->resprints)) { + $out .= ','.$hookmanager->resprints; // add + } elseif ($reshook == 1) { + $out = $hookmanager->resprints; // replace + } + } + + return $out; } /** From c70813d718f37b74c8d29694880ced0e5681434f Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Thu, 26 Aug 2021 17:03:00 +0200 Subject: [PATCH 121/215] New : rest api POST orders shipment --- htdocs/commande/class/api_orders.class.php | 42 ++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index 9d2dd3c8317..ed0cc3859d5 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -966,6 +966,7 @@ class Orders extends DolibarrApi return $this->_cleanObjectDatas($this->commande); } + /** * Get the shipments of an order * @@ -1016,6 +1017,47 @@ class Orders extends DolibarrApi return $obj_ret; } + /** + * Create the shipments of an order + * + * + * @param int $id Id of the order + * @param int $warehouse_id Id of a warehouse + * + * @url POST {id}/shipment/{warehouse_id} + * + * @throws RestException 401 + * @throws RestException 404 + * @throws RestException 500 + * + * @return int + */ + public function createOrderShipement($id, $warehouse_id) + { + require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; + if (!DolibarrApiAccess::$user->rights->expedition->creer) { + throw new RestException(401); + } + $result = $this->commande->fetch($id); + if (!$result) { + throw new RestException(404, 'Order not found'); + } + $shipment = new Expedition($this->db); + $shipment->socid = $this->commande->socid; + $result = $shipment->create(DolibarrApiAccess::$user); + if ($result <= 0) { + throw new RestException(500, 'Error on creating expedition :'.$this->db->lasterror()); + } + foreach ($this->commande->lines as $line) { + $result = $shipment->create_line($warehouse_id, $line->id, $line->qty); + if ($result <= 0) { + throw new RestException(500, 'Error on creating expedition lines:'.$this->db->lasterror()); + } + $i++; + } + return $shipment->id; + } + // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore /** * Clean sensible object datas From a6ed743af303d00aa24b8d9bdba8805cb9666a4a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 26 Aug 2021 21:35:31 +0200 Subject: [PATCH 122/215] Fix duplicated code and missing declaration --- htdocs/contrat/class/contrat.class.php | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 29d84c86c57..f364e82dd68 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -181,6 +181,13 @@ class Contrat extends CommonObject */ public $lines = array(); + public $nbofservices; + public $nbofserviceswait; + public $nbofservicesopened; + public $nbofservicesexpired; + //public $lower_planned_end_date; + //public $higher_planner_end_date; + /** * Maps ContratLigne IDs to $this->lines indexes * @var int[] @@ -429,7 +436,8 @@ class Contrat extends CommonObject foreach ($this->lines as $contratline) { // Close lines not already closed if ($contratline->statut != ContratLigne::STATUS_CLOSED) { - $contratline->date_cloture = $now; + $contratline->date_end_real = $now; + $contratline->date_cloture = $now; // For backward compatibility $contratline->fk_user_cloture = $user->id; $contratline->statut = ContratLigne::STATUS_CLOSED; $result = $contratline->close_line($user, $now, $comment, $notrigger); @@ -753,6 +761,7 @@ class Contrat extends CommonObject // phpcs:enable global $langs, $conf, $extrafields; + $this->nbofservices = 0; $this->nbofserviceswait = 0; $this->nbofservicesopened = 0; $this->nbofservicesexpired = 0; @@ -2642,10 +2651,23 @@ class ContratLigne extends CommonObjectLine public $date_end; // date end planned public $date_end_real; // date end real // For backward compatibility + /** + * @deprecated Use date_start + */ public $date_ouverture_prevue; // date start planned + /** + * @deprecated Use date_start_real + */ public $date_ouverture; // date start real + /** + * @deprecated Use date_end + */ public $date_fin_validite; // date end planned + /** + * @deprecated Use date_end_real + */ public $date_cloture; // date end real + public $tva_tx; public $localtax1_tx; public $localtax2_tx; @@ -3062,7 +3084,6 @@ class ContratLigne extends CommonObjectLine $this->oldcopy = new ContratLigne($this->db); $this->oldcopy->fetch($this->id); - $this->oldcopy->fetch_optionals(); // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET"; From c6c87cd8131962e93c5ffd24304c98c6b865103d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 26 Aug 2021 21:35:31 +0200 Subject: [PATCH 123/215] Fix duplicated code and missing declaration --- htdocs/contrat/class/contrat.class.php | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 29d84c86c57..f364e82dd68 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -181,6 +181,13 @@ class Contrat extends CommonObject */ public $lines = array(); + public $nbofservices; + public $nbofserviceswait; + public $nbofservicesopened; + public $nbofservicesexpired; + //public $lower_planned_end_date; + //public $higher_planner_end_date; + /** * Maps ContratLigne IDs to $this->lines indexes * @var int[] @@ -429,7 +436,8 @@ class Contrat extends CommonObject foreach ($this->lines as $contratline) { // Close lines not already closed if ($contratline->statut != ContratLigne::STATUS_CLOSED) { - $contratline->date_cloture = $now; + $contratline->date_end_real = $now; + $contratline->date_cloture = $now; // For backward compatibility $contratline->fk_user_cloture = $user->id; $contratline->statut = ContratLigne::STATUS_CLOSED; $result = $contratline->close_line($user, $now, $comment, $notrigger); @@ -753,6 +761,7 @@ class Contrat extends CommonObject // phpcs:enable global $langs, $conf, $extrafields; + $this->nbofservices = 0; $this->nbofserviceswait = 0; $this->nbofservicesopened = 0; $this->nbofservicesexpired = 0; @@ -2642,10 +2651,23 @@ class ContratLigne extends CommonObjectLine public $date_end; // date end planned public $date_end_real; // date end real // For backward compatibility + /** + * @deprecated Use date_start + */ public $date_ouverture_prevue; // date start planned + /** + * @deprecated Use date_start_real + */ public $date_ouverture; // date start real + /** + * @deprecated Use date_end + */ public $date_fin_validite; // date end planned + /** + * @deprecated Use date_end_real + */ public $date_cloture; // date end real + public $tva_tx; public $localtax1_tx; public $localtax2_tx; @@ -3062,7 +3084,6 @@ class ContratLigne extends CommonObjectLine $this->oldcopy = new ContratLigne($this->db); $this->oldcopy->fetch($this->id); - $this->oldcopy->fetch_optionals(); // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET"; From eb48566798f68bc90e330d6ae34301e09bd3e80e Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 27 Aug 2021 10:40:33 +0200 Subject: [PATCH 124/215] Close #18074 : New /order/{id}/shipment get & post --- htdocs/commande/class/api_orders.class.php | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index ed0cc3859d5..ca49b426a87 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -987,13 +987,18 @@ class Orders extends DolibarrApi if (!DolibarrApiAccess::$user->rights->expedition->lire) { throw new RestException(401); } + $sql = "SELECT e.rowid"; + $sql .= " FROM ".MAIN_DB_PREFIX."expedition as e"; + $sql .= " JOIN ".MAIN_DB_PREFIX."expeditiondet as edet"; + $sql .= " ON e.rowid = edet.fk_expedition"; + $sql .= " JOIN ".MAIN_DB_PREFIX."commandedet as cdet"; + $sql .= " ON edet.fk_origin_line = cdet.rowid"; + $sql .= " JOIN ".MAIN_DB_PREFIX."commande as c"; + $sql .= " ON cdet.fk_commande = c.rowid"; + $sql .= " WHERE c.rowid = ".$this->db->escape($id); + $sql .= " GROUP BY e.rowid"; + $sql .= $this->db->order("e.rowid", "ASC"); - $sql = "SELECT t.rowid"; - $sql .= " FROM ".MAIN_DB_PREFIX."expedition as t"; - $sql .= " JOIN ".MAIN_DB_PREFIX."expeditiondet as tdet"; - $sql .= " ON t.rowid = tdet.rowid"; - $sql .= " WHERE tdet.fk_origin_line = ".$id; - $sql .= $this->db->order("t.rowid", "ASC"); dol_syslog("API Rest request"); $result = $this->db->query($sql); From b9039eea143f5004fc9145554923b45e5570fa87 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 27 Aug 2021 10:45:04 +0200 Subject: [PATCH 125/215] FIx warehouse limit testing --- htdocs/commande/class/api_orders.class.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index ca49b426a87..2510e793018 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -1043,6 +1043,9 @@ class Orders extends DolibarrApi if (!DolibarrApiAccess::$user->rights->expedition->creer) { throw new RestException(401); } + if ($warehouse_id <= 0) { + throw new RestException(404, 'Warehouse not found'); + } $result = $this->commande->fetch($id); if (!$result) { throw new RestException(404, 'Order not found'); From ce7a301896320e321a2ba1caaf70fd320c742883 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 27 Aug 2021 11:48:56 +0200 Subject: [PATCH 126/215] Fix #18519 : Modulebuilder api permission --- .../modulebuilder/template/class/api_mymodule.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/modulebuilder/template/class/api_mymodule.class.php b/htdocs/modulebuilder/template/class/api_mymodule.class.php index 2e04e34dcac..8b7718eac67 100644 --- a/htdocs/modulebuilder/template/class/api_mymodule.class.php +++ b/htdocs/modulebuilder/template/class/api_mymodule.class.php @@ -69,7 +69,7 @@ class MyModuleApi extends DolibarrApi */ public function get($id) { - if (!DolibarrApiAccess::$user->rights->mymodule->read) { + if (!DolibarrApiAccess::$user->rights->mymodule->myobject->read) { throw new RestException(401); } @@ -194,7 +194,7 @@ class MyModuleApi extends DolibarrApi */ public function post($request_data = null) { - if (!DolibarrApiAccess::$user->rights->mymodule->write) { + if (!DolibarrApiAccess::$user->rights->mymodule->myobject->write) { throw new RestException(401); } // Check mandatory fields @@ -222,7 +222,7 @@ class MyModuleApi extends DolibarrApi */ public function put($id, $request_data = null) { - if (!DolibarrApiAccess::$user->rights->mymodule->write) { + if (!DolibarrApiAccess::$user->rights->mymodule->myobject->write) { throw new RestException(401); } @@ -260,7 +260,7 @@ class MyModuleApi extends DolibarrApi */ public function delete($id) { - if (!DolibarrApiAccess::$user->rights->mymodule->delete) { + if (!DolibarrApiAccess::$user->rights->mymodule->myobject->delete) { throw new RestException(401); } $result = $this->myobject->fetch($id); From 4547de8d4a30473fa671dcb7c9a173baa76b5ff4 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 27 Aug 2021 12:16:59 +0200 Subject: [PATCH 127/215] New : api for knowledgemanagement --- .../class/api_knowledgemanagement.class.php | 393 ++++++++++++++++++ 1 file changed, 393 insertions(+) create mode 100644 htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php diff --git a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php new file mode 100644 index 00000000000..fefc4e8f73c --- /dev/null +++ b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php @@ -0,0 +1,393 @@ + + * Copyright (C) 2021 SuperAdmin + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +use Luracast\Restler\RestException; + +dol_include_once('/knowledgemanagement/class/knowledgerecord.class.php'); + + + +/** + * \file knowledgemanagement/class/api_knowledgemanagement.class.php + * \ingroup knowledgemanagement + * \brief File for API management of knowledgerecord. + */ + +/** + * API class for knowledgemanagement knowledgerecord + * + * @access protected + * @class DolibarrApiAccess {@requires user,external} + */ +class KnowledgeManagement extends DolibarrApi +{ + /** + * @var KnowledgeRecord $knowledgerecord {@type KnowledgeRecord} + */ + public $knowledgerecord; + + /** + * Constructor + * + * @url GET / + * + */ + public function __construct() + { + global $db, $conf; + $this->db = $db; + $this->knowledgerecord = new KnowledgeRecord($this->db); + } + + /** + * Get properties of a knowledgerecord object + * + * Return an array with knowledgerecord informations + * + * @param int $id ID of knowledgerecord + * @return array|mixed data without useless information + * + * @url GET knowledgerecords/{id} + * + * @throws RestException 401 Not allowed + * @throws RestException 404 Not found + */ + public function get($id) + { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->read) { + throw new RestException(401); + } + + $result = $this->knowledgerecord->fetch($id); + if (!$result) { + throw new RestException(404, 'KnowledgeRecord not found'); + } + + if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) { + throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login); + } + + return $this->_cleanObjectDatas($this->knowledgerecord); + } + + + /** + * List knowledgerecords + * + * Get a list of knowledgerecords + * + * @param string $sortfield Sort field + * @param string $sortorder Sort order + * @param int $limit Limit for list + * @param int $page Page number + * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + * @return array Array of order objects + * + * @throws RestException + * + * @url GET /knowledgerecords/ + */ + public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '') + { + global $db, $conf; + + $obj_ret = array(); + $tmpobject = new KnowledgeRecord($this->db); + + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->read) { + throw new RestException(401); + } + + $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : ''; + + $restrictonsocid = 0; // Set to 1 if there is a field socid in table of object + + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if ($restrictonsocid && !DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) { + $search_sale = DolibarrApiAccess::$user->id; + } + + $sql = "SELECT t.rowid"; + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) + } + $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." as t"; + + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale + } + $sql .= " WHERE 1 = 1"; + + // Example of use $mode + //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; + //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; + + if ($tmpobject->ismultientitymanaged) { + $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; + } + if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { + $sql .= " AND t.fk_soc = sc.fk_soc"; + } + if ($restrictonsocid && $socid) { + $sql .= " AND t.fk_soc = ".((int) $socid); + } + if ($restrictonsocid && $search_sale > 0) { + $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale + } + // Insert sale filter + if ($restrictonsocid && $search_sale > 0) { + $sql .= " AND sc.fk_user = ".((int) $search_sale); + } + if ($sqlfilters) { + if (!DolibarrApi::_checkFilters($sqlfilters)) { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); + } + $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)'; + $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")"; + } + + $sql .= $this->db->order($sortfield, $sortorder); + if ($limit) { + if ($page < 0) { + $page = 0; + } + $offset = $limit * $page; + + $sql .= $this->db->plimit($limit + 1, $offset); + } + + $result = $this->db->query($sql); + $i = 0; + if ($result) { + $num = $this->db->num_rows($result); + while ($i < $num) { + $obj = $this->db->fetch_object($result); + $tmp_object = new KnowledgeRecord($this->db); + if ($tmp_object->fetch($obj->rowid)) { + $obj_ret[] = $this->_cleanObjectDatas($tmp_object); + } + $i++; + } + } else { + throw new RestException(503, 'Error when retrieving knowledgerecord list: '.$this->db->lasterror()); + } + if (!count($obj_ret)) { + throw new RestException(404, 'No knowledgerecord found'); + } + return $obj_ret; + } + + /** + * Create knowledgerecord object + * + * @param array $request_data Request datas + * @return int ID of knowledgerecord + * + * @throws RestException + * + * @url POST knowledgerecords/ + */ + public function post($request_data = null) + { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->write) { + throw new RestException(401); + } + + // Check mandatory fields + $result = $this->_validate($request_data); + + foreach ($request_data as $field => $value) { + $this->knowledgerecord->$field = $this->_checkValForAPI($field, $value, $this->knowledgerecord); + } + + // Clean data + // $this->knowledgerecord->abc = checkVal($this->knowledgerecord->abc, 'alphanohtml'); + + if ($this->knowledgerecord->create(DolibarrApiAccess::$user)<0) { + throw new RestException(500, "Error creating KnowledgeRecord", array_merge(array($this->knowledgerecord->error), $this->knowledgerecord->errors)); + } + return $this->knowledgerecord->id; + } + + /** + * Update knowledgerecord + * + * @param int $id Id of knowledgerecord to update + * @param array $request_data Datas + * @return int + * + * @throws RestException + * + * @url PUT knowledgerecords/{id} + */ + public function put($id, $request_data = null) + { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->write) { + throw new RestException(401); + } + + $result = $this->knowledgerecord->fetch($id); + if (!$result) { + throw new RestException(404, 'KnowledgeRecord not found'); + } + + if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) { + throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login); + } + + foreach ($request_data as $field => $value) { + if ($field == 'id') { + continue; + } + $this->knowledgerecord->$field = $this->_checkValForAPI($field, $value, $this->knowledgerecord); + } + + // Clean data + // $this->knowledgerecord->abc = checkVal($this->knowledgerecord->abc, 'alphanohtml'); + + if ($this->knowledgerecord->update(DolibarrApiAccess::$user, false) > 0) { + return $this->get($id); + } else { + throw new RestException(500, $this->knowledgerecord->error); + } + } + + /** + * Delete knowledgerecord + * + * @param int $id KnowledgeRecord ID + * @return array + * + * @throws RestException + * + * @url DELETE knowledgerecords/{id} + */ + public function delete($id) + { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->delete) { + throw new RestException(401); + } + $result = $this->knowledgerecord->fetch($id); + if (!$result) { + throw new RestException(404, 'KnowledgeRecord not found'); + } + + if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) { + throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login); + } + + if (!$this->knowledgerecord->delete(DolibarrApiAccess::$user)) { + throw new RestException(500, 'Error when deleting KnowledgeRecord : '.$this->knowledgerecord->error); + } + + return array( + 'success' => array( + 'code' => 200, + 'message' => 'KnowledgeRecord deleted' + ) + ); + } + + + // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore + /** + * Clean sensible object datas + * + * @param Object $object Object to clean + * @return Object Object with cleaned properties + */ + protected function _cleanObjectDatas($object) + { + // phpcs:enable + $object = parent::_cleanObjectDatas($object); + + unset($object->rowid); + unset($object->canvas); + + /*unset($object->name); + unset($object->lastname); + unset($object->firstname); + unset($object->civility_id); + unset($object->statut); + unset($object->state); + unset($object->state_id); + unset($object->state_code); + unset($object->region); + unset($object->region_code); + unset($object->country); + unset($object->country_id); + unset($object->country_code); + unset($object->barcode_type); + unset($object->barcode_type_code); + unset($object->barcode_type_label); + unset($object->barcode_type_coder); + unset($object->total_ht); + unset($object->total_tva); + unset($object->total_localtax1); + unset($object->total_localtax2); + unset($object->total_ttc); + unset($object->fk_account); + unset($object->comments); + unset($object->note); + unset($object->mode_reglement_id); + unset($object->cond_reglement_id); + unset($object->cond_reglement); + unset($object->shipping_method_id); + unset($object->fk_incoterms); + unset($object->label_incoterms); + unset($object->location_incoterms); + */ + + // If object has lines, remove $db property + if (isset($object->lines) && is_array($object->lines) && count($object->lines) > 0) { + $nboflines = count($object->lines); + for ($i = 0; $i < $nboflines; $i++) { + $this->_cleanObjectDatas($object->lines[$i]); + + unset($object->lines[$i]->lines); + unset($object->lines[$i]->note); + } + } + + return $object; + } + + /** + * Validate fields before create or update object + * + * @param array $data Array of data to validate + * @return array + * + * @throws RestException + */ + private function _validate($data) + { + $knowledgerecord = array(); + foreach ($this->knowledgerecord->fields as $field => $propfield) { + if (in_array($field, array('rowid', 'entity', 'date_creation', 'tms', 'fk_user_creat')) || $propfield['notnull'] != 1) { + continue; // Not a mandatory field + } + if (!isset($data[$field])) { + throw new RestException(400, "$field field missing"); + } + $knowledgerecord[$field] = $data[$field]; + } + return $knowledgerecord; + } +} From 1bdfad9c299203354478239b64b3b870b12cde72 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 27 Aug 2021 12:19:28 +0200 Subject: [PATCH 128/215] fix permissions api for knowledgemanagement --- .../class/api_knowledgemanagement.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php index fefc4e8f73c..16429060a17 100644 --- a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php +++ b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php @@ -69,7 +69,7 @@ class KnowledgeManagement extends DolibarrApi */ public function get($id) { - if (!DolibarrApiAccess::$user->rights->knowledgemanagement->read) { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->read) { throw new RestException(401); } @@ -205,7 +205,7 @@ class KnowledgeManagement extends DolibarrApi */ public function post($request_data = null) { - if (!DolibarrApiAccess::$user->rights->knowledgemanagement->write) { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->write) { throw new RestException(401); } @@ -238,7 +238,7 @@ class KnowledgeManagement extends DolibarrApi */ public function put($id, $request_data = null) { - if (!DolibarrApiAccess::$user->rights->knowledgemanagement->write) { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->write) { throw new RestException(401); } @@ -280,7 +280,7 @@ class KnowledgeManagement extends DolibarrApi */ public function delete($id) { - if (!DolibarrApiAccess::$user->rights->knowledgemanagement->delete) { + if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->delete) { throw new RestException(401); } $result = $this->knowledgerecord->fetch($id); From 9752501ef606326fc605fd02dec1726544729ff2 Mon Sep 17 00:00:00 2001 From: Christian Foellmann Date: Fri, 27 Aug 2021 15:32:53 +0200 Subject: [PATCH 129/215] change links for thirdparty to target the type customer|supplier tab --- htdocs/commande/card.php | 4 ++-- htdocs/contrat/card.php | 4 ++-- htdocs/fourn/commande/card.php | 6 +++--- htdocs/fourn/facture/card.php | 4 ++-- htdocs/supplier_proposal/card.php | 4 ++-- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 004b5a3c205..58a8edb67e7 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1568,7 +1568,7 @@ if ($action == 'create' && $usercancreate) { print ''.$langs->trans('Customer').''; if ($socid > 0) { print ''; - print $soc->getNomUrl(1); + print $soc->getNomUrl(1, 'customer'); print ''; print ''; } else { @@ -2014,7 +2014,7 @@ if ($action == 'create' && $usercancreate) { $morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, $usercancreate, 'string', '', 0, 1); $morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, $usercancreate, 'string', '', null, null, '', 1); // Thirdparty - $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$soc->getNomUrl(1); + $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$soc->getNomUrl(1, 'customer'); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { $morehtmlref .= ' ('.$langs->trans("OtherOrders").')'; } diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 470895a2c22..d07176d1670 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -1089,7 +1089,7 @@ if ($action == 'create') { print ''.$langs->trans('ThirdParty').''; if ($socid > 0) { print ''; - print $soc->getNomUrl(1); + print $soc->getNomUrl(1, 'customer'); print ''; print ''; } else { @@ -1296,7 +1296,7 @@ if ($action == 'create') { $morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->contrat->creer, 'string', '', 0, 1); $morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->contrat->creer, 'string', '', null, null, '', 1, 'getFormatedSupplierRef'); // Thirdparty - $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); + $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1, 'customer'); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { $morehtmlref .= ' ('.$langs->trans("OtherContracts").')'; } diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 6ea356e189e..71268635ffb 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1617,7 +1617,7 @@ if ($action == 'create') { print ''; if ($societe->id > 0) { - print $societe->getNomUrl(1); + print $societe->getNomUrl(1, 'supplier'); print ''; } else { print img_picto('', 'company').$form->select_company((empty($socid) ? '' : $socid), 'socid', 's.fournisseur=1', 'SelectThirdParty', 0, 0, null, 0, 'minwidth300'); @@ -1743,7 +1743,7 @@ if ($action == 'create') { print ''; $newclassname = $classname; - print ''.$langs->trans($newclassname).''.$objectsrc->getNomUrl(1).''; + print ''.$langs->trans($newclassname).''.$objectsrc->getNomUrl(1, 'supplier').''; print ''.$langs->trans('AmountHT').''.price($objectsrc->total_ht).''; print ''.$langs->trans('AmountVAT').''.price($objectsrc->total_tva).""; if ($mysoc->localtax1_assuj == "1" || $objectsrc->total_localtax1 != 0) { // Localtax1 RE @@ -1966,7 +1966,7 @@ if ($action == 'create') { if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && $object->statut == CommandeFournisseur::STATUS_DRAFT) { $morehtmlref .= ''.img_edit($langs->transnoentitiesnoconv('SetThirdParty')).''; } - $morehtmlref .= ' : '.$object->thirdparty->getNomUrl(1); + $morehtmlref .= ' : '.$object->thirdparty->getNomUrl(1, 'supplier'); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { $morehtmlref .= ' ('.$langs->trans("OtherOrders").')'; } diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index ae0d306b2cd..7f24223f912 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -1927,7 +1927,7 @@ if ($action == 'create') { if ($societe->id > 0) { $absolute_discount = $societe->getAvailableDiscounts('', '', 0, 1); - print $societe->getNomUrl(1); + print $societe->getNomUrl(1, 'supplier'); print ''; } else { print img_picto('', 'company').$form->select_company($societe->id, 'socid', 's.fournisseur=1', 'SelectThirdParty', 0, 0, null, 0, 'minwidth300 widthcentpercentminusxx'); @@ -2629,7 +2629,7 @@ if ($action == 'create') { $morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', 0, 1); $morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', null, null, '', 1); // Thirdparty - $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); + $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1, 'supplier'); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { $morehtmlref .= ' ('.$langs->trans("OtherBills").')'; } diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index cc553555b5b..75cd0e9ccc0 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -1126,7 +1126,7 @@ if ($action == 'create') { print ''.$langs->trans('Supplier').''; if ($socid > 0) { print ''; - print $soc->getNomUrl(1); + print $soc->getNomUrl(1, 'supplier'); print ''; print ''; } else { @@ -1437,7 +1437,7 @@ if ($action == 'create') { //$morehtmlref.=$form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreateorder, 'string', '', 0, 1); //$morehtmlref.=$form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreateorder, 'string', '', null, null, '', 1); // Thirdparty - $morehtmlref .= $langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); + $morehtmlref .= $langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1, 'supplier'); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { $morehtmlref .= ' ('.$langs->trans("OtherProposals").')'; } From 53b230a96863dccf4240f269d987ba2de8054d8d Mon Sep 17 00:00:00 2001 From: Ilias Patsiaouras Date: Fri, 27 Aug 2021 15:38:15 +0200 Subject: [PATCH 130/215] wip --- .../class/emailcollector.class.php | 65 ++++++++++++++++++- 1 file changed, 62 insertions(+), 3 deletions(-) diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php index 16df7774470..df91076be4e 100644 --- a/htdocs/emailcollector/class/emailcollector.class.php +++ b/htdocs/emailcollector/class/emailcollector.class.php @@ -30,6 +30,38 @@ require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; require_once DOL_DOCUMENT_ROOT.'/ticket/class/ticket.class.php'; require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentcandidature.class.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; // customer proposal +require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php'; // customer order +require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; // Shipment +require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php'; // supplier invoice +require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php'; // supplier order +include_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php'; // supplier proposal +require_once DOL_DOCUMENT_ROOT."/reception/class/reception.class.php"; // reception +//require_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php'; // Holidays (leave request) +//require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; // expernse report +/* +if (!empty($conf->propal->enabled)) { +} +if (!empty($conf->commande->enabled)) { +} +if (!empty($conf->expedition->enabled)) { +} +if (!empty($conf->facture->enabled)) { + require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; +} +if (!empty($conf->facture->enabled)) { + require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture-rec.class.php'; +} +if (!empty($conf->contrat->enabled)) { + require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php'; +} +if (!empty($conf->adherent->enabled)) { + require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; +} +if (!empty($conf->ficheinter->enabled)) { //files + require_once DOL_DOCUMENT_ROOT.'/fichinter/class/fichinter.class.php'; +}*/ + /** * Class for EmailCollector @@ -1415,8 +1447,8 @@ class EmailCollector extends CommonObject $reg = array(); if (!empty($headers['References'])) { $arrayofreferences = preg_split('/(,|\s+)/', $headers['References']); - //var_dump($headers['References']); - //var_dump($arrayofreferences); + // var_dump($headers['References']); + // var_dump($arrayofreferences); foreach ($arrayofreferences as $reference) { //print "Process mail ".$iforemailloop." email_msgid ".$msgid.", date ".dol_print_date($date, 'dayhour').", subject ".$subject.", reference ".dol_escape_htmltag($reference)."
\n"; @@ -1432,8 +1464,29 @@ class EmailCollector extends CommonObject if ($reg[1] == 'ctc') { $objectemail = new Contact($this->db); } - if ($reg[1] == 'inv') { + if ($reg[1] == 'inv') { // customer invoices $objectemail = new Facture($this->db); + } + if ($reg[1] == 'sinv') { // supplier invoices + $objectemail = new FactureFournisseur($this->db); + } + if ($reg[1] == 'pro') { // customer proposals + $objectemail = new Propal($this->db); + } + if ($reg[1] == 'ord') { // customer orders + $objectemail = new Commande($this->db); + } + if ($reg[1] == 'shi') { // shipments + $objectemail = new Expedition($this->db); + } + if ($reg[1] == 'spro') { // supplier proposal + $objectemail = new SupplierProposal($this->db); + } + if ($reg[1] == 'sord') { // supplier order + $objectemail = new CommandeFournisseur($this->db); + } + if ($reg[1] == 'rec') { // Reception + $objectemail = new Reception($this->db); } if ($reg[1] == 'proj') { $objectemail = new Project($this->db); @@ -1456,6 +1509,12 @@ class EmailCollector extends CommonObject if ($reg[1] == 'mem') { $objectemail = new Adherent($this->db); } + /*if ($reg[1] == 'leav') { + $objectemail = new Holiday($db); + } + if ($reg[1] == 'exp') { + $objectemail = new ExpenseReport($db); + }*/ } elseif (preg_match('/<(.*@.*)>/', $reference, $reg)) { // This is an external reference, we check if we have it in our database if (!is_object($objectemail)) { From 2263c66754d3bfb00c99f16d0a95131a625c13ef Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Fri, 27 Aug 2021 13:43:06 +0000 Subject: [PATCH 131/215] Fixing style errors. --- htdocs/emailcollector/class/emailcollector.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php index df91076be4e..88cb4bcc1d2 100644 --- a/htdocs/emailcollector/class/emailcollector.class.php +++ b/htdocs/emailcollector/class/emailcollector.class.php @@ -1466,7 +1466,7 @@ class EmailCollector extends CommonObject } if ($reg[1] == 'inv') { // customer invoices $objectemail = new Facture($this->db); - } + } if ($reg[1] == 'sinv') { // supplier invoices $objectemail = new FactureFournisseur($this->db); } From 2f225ee7e5f387439d1e42e21f0e162e2246991c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 27 Aug 2021 16:33:03 +0200 Subject: [PATCH 132/215] Clean code by adding cast int. --- .../class/accountingaccount.class.php | 4 +- .../accountancy/class/bookkeeping.class.php | 8 ++-- htdocs/accountancy/journal/bankjournal.php | 6 +-- htdocs/adherents/class/adherent.class.php | 22 ++++----- .../adherents/class/adherent_type.class.php | 24 +++++----- htdocs/adherents/class/subscription.class.php | 2 +- htdocs/admin/paymentbybanktransfer.php | 4 +- htdocs/admin/prelevement.php | 4 +- htdocs/categories/class/categorie.class.php | 8 ++-- htdocs/comm/action/card.php | 8 ++-- htdocs/comm/action/class/actioncomm.class.php | 6 +-- htdocs/comm/mailing/card.php | 4 +- htdocs/comm/mailing/cibles.php | 4 +- htdocs/comm/mailing/class/mailing.class.php | 10 ++-- htdocs/comm/multiprix.php | 2 +- htdocs/comm/remise.php | 4 +- htdocs/comm/remx.php | 24 +++++----- htdocs/compta/bank/class/account.class.php | 10 ++-- htdocs/compta/bank/class/bankcateg.class.php | 4 +- .../deplacement/class/deplacement.class.php | 2 +- htdocs/compta/facture/card.php | 4 +- .../facture/class/paymentterm.class.php | 4 +- htdocs/compta/facture/prelevement.php | 16 +++---- .../cheque/class/remisecheque.class.php | 4 +- .../compta/paiement/class/paiement.class.php | 4 +- .../class/bonprelevement.class.php | 46 ++++++++++--------- .../sociales/class/chargesociales.class.php | 4 +- htdocs/compta/tva/class/tva.class.php | 4 +- htdocs/contrat/class/contrat.class.php | 2 +- htdocs/core/class/commonincoterm.class.php | 2 +- htdocs/core/class/commonobject.class.php | 6 +-- htdocs/core/class/discount.class.php | 4 +- htdocs/core/class/link.class.php | 4 +- htdocs/delivery/class/delivery.class.php | 8 ++-- htdocs/ecm/class/ecmdirectory.class.php | 4 +- .../class/conferenceorboothattendee.class.php | 2 +- htdocs/expedition/class/expedition.class.php | 12 ++--- .../class/expensereport.class.php | 8 ++-- htdocs/fichinter/class/fichinter.class.php | 8 ++-- htdocs/fichinter/class/fichinterrec.class.php | 2 +- .../fourn/class/fournisseur.facture.class.php | 4 +- htdocs/hrm/class/establishment.class.php | 2 +- htdocs/loan/class/loan.class.php | 6 +-- htdocs/mrp/class/mo.class.php | 2 +- .../partnership/class/partnership.class.php | 4 +- htdocs/product/class/product.class.php | 2 +- .../class/price_expression.class.php | 2 +- .../class/price_global_variable.class.php | 2 +- .../price_global_variable_updater.class.php | 6 +-- htdocs/product/stock/class/entrepot.class.php | 2 +- htdocs/projet/class/project.class.php | 2 +- htdocs/projet/class/task.class.php | 2 +- htdocs/reception/class/reception.class.php | 10 ++-- .../class/recruitmentcandidature.class.php | 2 +- .../class/recruitmentjobposition.class.php | 4 +- htdocs/salaries/class/salary.class.php | 4 +- .../class/companybankaccount.class.php | 2 +- htdocs/societe/class/societe.class.php | 8 ++-- htdocs/ticket/class/ticket.class.php | 8 ++-- htdocs/user/class/userbankaccount.class.php | 2 +- .../workstation/class/workstation.class.php | 2 +- test/phpunit/CodingPhpTest.php | 6 +-- 62 files changed, 198 insertions(+), 194 deletions(-) diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index 99a0dc0dc48..3c95af8afee 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -374,10 +374,10 @@ class AccountingAccount extends CommonObject global $langs; $sql = "(SELECT fk_code_ventilation FROM ".MAIN_DB_PREFIX."facturedet"; - $sql .= " WHERE fk_code_ventilation=".$this->id.")"; + $sql .= " WHERE fk_code_ventilation=".((int) $this->id).")"; $sql .= "UNION"; $sql .= " (SELECT fk_code_ventilation FROM ".MAIN_DB_PREFIX."facture_fourn_det"; - $sql .= " WHERE fk_code_ventilation=".$this->id.")"; + $sql .= " WHERE fk_code_ventilation=".((int) $this->id).")"; dol_syslog(get_class($this)."::checkUsage sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 2c715aa9fd6..0ea00c9c98c 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -390,7 +390,7 @@ class BookKeeping extends CommonObject $sql .= ", '".$this->db->idate($now)."'"; $sql .= ", '".$this->db->escape($this->code_journal)."'"; $sql .= ", ".(!empty($this->journal_label) ? ("'".$this->db->escape($this->journal_label)."'") : "NULL"); - $sql .= ", ".$this->db->escape($this->piece_num); + $sql .= ", ".((int) $this->piece_num); $sql .= ", ".(!isset($this->entity) ? $conf->entity : $this->entity); $sql .= ")"; @@ -1348,7 +1348,7 @@ class BookKeeping extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element.$mode; $sql .= ' SET '.$field.'='.(is_numeric($value) ? $value : "'".$this->db->escape($value)."'"); - $sql .= " WHERE piece_num = '".$this->db->escape($piece_num)."'"; + $sql .= " WHERE piece_num = ".((int) $piece_num); $resql = $this->db->query($sql); if (!$resql) { @@ -1637,7 +1637,7 @@ class BookKeeping extends CommonObject $sql .= ", date_export"; } $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= " WHERE piece_num = ".$piecenum; + $sql .= " WHERE piece_num = ".((int) $piecenum); $sql .= " AND entity IN (".getEntity('accountancy').")"; dol_syslog(__METHOD__, LOG_DEBUG); @@ -1718,7 +1718,7 @@ class BookKeeping extends CommonObject $sql .= ", date_export"; } $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= " WHERE piece_num = ".$piecenum; + $sql .= " WHERE piece_num = ".((int) $piecenum); $sql .= " AND entity IN (".getEntity('accountancy').")"; dol_syslog(__METHOD__, LOG_DEBUG); diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index bdda4583d54..d05135e7a67 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -364,10 +364,10 @@ if ($result) { // Note: We have the social contribution id, it can be faster to get accounting code from social contribution id. $sqlmid = 'SELECT cchgsoc.accountancy_code'; $sqlmid .= " FROM ".MAIN_DB_PREFIX."c_chargesociales cchgsoc"; - $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."chargesociales as chgsoc ON chgsoc.fk_type=cchgsoc.id"; - $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."paiementcharge as paycharg ON paycharg.fk_charge=chgsoc.rowid"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."chargesociales as chgsoc ON chgsoc.fk_type = cchgsoc.id"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."paiementcharge as paycharg ON paycharg.fk_charge = chgsoc.rowid"; $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."bank_url as bkurl ON bkurl.url_id=paycharg.rowid AND bkurl.type = 'payment_sc'"; - $sqlmid .= " WHERE bkurl.fk_bank=".$obj->rowid; + $sqlmid .= " WHERE bkurl.fk_bank = ".((int) $obj->rowid); dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=".$sqlmid, LOG_DEBUG); $resultmid = $db->query($sqlmid); diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 2d5eae90938..75470b32173 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -774,7 +774,7 @@ class Adherent extends CommonObject // Remove links to user and replace with new one if (!$error) { dol_syslog(get_class($this)."::update update link to user"); - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -784,7 +784,7 @@ class Adherent extends CommonObject } // If there is a user linked to this member if ($this->user_id > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".$this->id." WHERE rowid = ".$this->user_id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id)." WHERE rowid = ".((int) $this->user_id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -926,7 +926,7 @@ class Adherent extends CommonObject // Search for last subscription id and end date $sql = "SELECT rowid, datec as dateop, dateadh as datedeb, datef as datefin"; $sql .= " FROM ".MAIN_DB_PREFIX."subscription"; - $sql .= " WHERE fk_adherent=".$this->id; + $sql .= " WHERE fk_adherent = ".((int) $this->id); $sql .= " ORDER by dateadh DESC"; // Sort by start subscription date dol_syslog(get_class($this)."::update_end_date", LOG_DEBUG); @@ -939,7 +939,7 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " datefin=".($datefin != '' ? "'".$this->db->idate($datefin)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_end_date", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1100,7 +1100,7 @@ class Adherent extends CommonObject } else { $sql .= ", pass = '".$this->db->escape($password_indatabase)."'"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); //dol_syslog("Adherent::Password sql=hidden"); dol_syslog(get_class($this)."::setPassword", LOG_DEBUG); @@ -1223,7 +1223,7 @@ class Adherent extends CommonObject // Add link to third party for current member $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET fk_soc = ".($thirdpartyid > 0 ? $thirdpartyid : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setThirdPartyId", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1465,7 +1465,7 @@ class Adherent extends CommonObject $sql .= " c.dateadh as dateh,"; $sql .= " c.datef as datef"; $sql .= " FROM ".MAIN_DB_PREFIX."subscription as c"; - $sql .= " WHERE c.fk_adherent = ".$this->id; + $sql .= " WHERE c.fk_adherent = ".((int) $this->id); $sql .= " ORDER BY c.dateadh"; dol_syslog(get_class($this)."::fetch_subscriptions", LOG_DEBUG); @@ -1900,8 +1900,8 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " statut = ".self::STATUS_VALIDATED; $sql .= ", datevalid = '".$this->db->idate($now)."'"; - $sql .= ", fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ", fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate", LOG_DEBUG); $result = $this->db->query($sql); @@ -1952,7 +1952,7 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " statut = ".self::STATUS_RESILIATED; $sql .= ", fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -2002,7 +2002,7 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " statut = ".self::STATUS_EXCLUDED; $sql .= ", fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index ad24b9f1c05..1a00a03e932 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -142,7 +142,7 @@ class AdherentType extends CommonObject $sql = "SELECT lang, label, description, email"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id; + $sql .= " WHERE fk_type = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -181,21 +181,21 @@ class AdherentType extends CommonObject if ($key == $current_lang) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id; + $sql .= " WHERE fk_type = ".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); if ($this->db->num_rows($result)) { // if there is already a description line for this language $sql2 = "UPDATE ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql2 .= " SET "; - $sql2 .= " label='".$this->db->escape($this->label)."',"; - $sql2 .= " description='".$this->db->escape($this->description)."'"; - $sql2 .= " WHERE fk_type=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " SET"; + $sql2 .= " label = '".$this->db->escape($this->label)."',"; + $sql2 .= " description = '".$this->db->escape($this->description)."'"; + $sql2 .= " WHERE fk_type = ".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."adherent_type_lang (fk_type, lang, label, description"; $sql2 .= ")"; - $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label)."',"; + $sql2 .= " VALUES(".((int) $this->id).",'".$this->db->escape($key)."','".$this->db->escape($this->label)."',"; $sql2 .= " '".$this->db->escape($this->description)."'"; $sql2 .= ")"; } @@ -207,7 +207,7 @@ class AdherentType extends CommonObject } elseif (isset($this->multilangs[$key])) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id; + $sql .= " WHERE fk_type = ".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); @@ -215,9 +215,9 @@ class AdherentType extends CommonObject if ($this->db->num_rows($result)) { // if there is already a description line for this language $sql2 = "UPDATE ".MAIN_DB_PREFIX."adherent_type_lang"; $sql2 .= " SET "; - $sql2 .= " label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; - $sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; - $sql2 .= " WHERE fk_type=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " label = '".$this->db->escape($this->multilangs["$key"]["label"])."',"; + $sql2 .= " description = '".$this->db->escape($this->multilangs["$key"]["description"])."'"; + $sql2 .= " WHERE fk_type = ".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."adherent_type_lang (fk_type, lang, label, description"; $sql2 .= ")"; @@ -259,7 +259,7 @@ class AdherentType extends CommonObject public function delMultiLangs($langtodelete, $user) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id." AND lang='".$this->db->escape($langtodelete)."'"; + $sql .= " WHERE fk_type = ".((int) $this->id)." AND lang = '".$this->db->escape($langtodelete)."'"; dol_syslog(get_class($this).'::delMultiLangs', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/adherents/class/subscription.class.php b/htdocs/adherents/class/subscription.class.php index fff9d925cd9..cae5dd07beb 100644 --- a/htdocs/adherents/class/subscription.class.php +++ b/htdocs/adherents/class/subscription.class.php @@ -275,7 +275,7 @@ class Subscription extends CommonObject $sql .= " datef='".$this->db->idate($this->datef)."',"; $sql .= " datec='".$this->db->idate($this->datec)."',"; $sql .= " fk_bank = ".($this->fk_bank ? ((int) $this->fk_bank) : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/admin/paymentbybanktransfer.php b/htdocs/admin/paymentbybanktransfer.php index e130f0479c4..251d5194b27 100644 --- a/htdocs/admin/paymentbybanktransfer.php +++ b/htdocs/admin/paymentbybanktransfer.php @@ -114,7 +114,7 @@ if ($action == "set") { if ($action == "addnotif") { $bon = new BonPrelevement($db); - $bon->AddNotification($db, GETPOST('user', 'int'), $action); + $bon->addNotification($db, GETPOST('user', 'int'), $action); header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -122,7 +122,7 @@ if ($action == "addnotif") { if ($action == "deletenotif") { $bon = new BonPrelevement($db); - $bon->DeleteNotificationById(GETPOST('notif', 'int')); + $bon->deleteNotificationById(GETPOST('notif', 'int')); header("Location: ".$_SERVER["PHP_SELF"]); exit; diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index 739709410ce..db48ab19849 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -117,7 +117,7 @@ if ($action == "set") { if ($action == "addnotif") { $bon = new BonPrelevement($db); - $bon->AddNotification($db, GETPOST('user', 'int'), $action); + $bon->addNotification($db, GETPOST('user', 'int'), $action); header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -125,7 +125,7 @@ if ($action == "addnotif") { if ($action == "deletenotif") { $bon = new BonPrelevement($db); - $bon->DeleteNotificationById(GETPOST('notif', 'int')); + $bon->deleteNotificationById(GETPOST('notif', 'int')); header("Location: ".$_SERVER["PHP_SELF"]); exit; diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 5a506558187..689014ad14e 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -613,7 +613,7 @@ class Categorie extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."categorie"; $sql .= " SET fk_parent = ".((int) $this->fk_parent); - $sql .= " WHERE fk_parent = ".$this->id; + $sql .= " WHERE fk_parent = ".((int) $this->id); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -634,7 +634,7 @@ class Categorie extends CommonObject ); foreach ($arraydelete as $key => $value) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$key; - $sql .= " WHERE ".$value." = ".$this->id; + $sql .= " WHERE ".$value." = ".((int) $this->id); if (!$this->db->query($sql)) { $this->errors[] = $this->db->lasterror(); dol_syslog("Error sql=".$sql." ".$this->error, LOG_ERR); @@ -1002,7 +1002,7 @@ class Categorie extends CommonObject { // phpcs:enable $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."categorie"; - $sql .= " WHERE fk_parent = ".$this->id; + $sql .= " WHERE fk_parent = ".((int) $this->id); $sql .= " AND entity IN (".getEntity('category').")"; $res = $this->db->query($sql); @@ -1408,7 +1408,7 @@ class Categorie extends CommonObject $parents = array(); $sql = "SELECT fk_parent FROM ".MAIN_DB_PREFIX."categorie"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index a403a1cdf40..e5bbc5d676f 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -591,10 +591,10 @@ if (empty($reshook) && $action == 'update') { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = 'dolresource'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element)."'"; - $sql .= " WHERE ac.id != ".$object->id; + $sql .= " WHERE ac.id <> ".((int) $object->id); $sql .= " AND er.resource_id IN ("; $sql .= " SELECT resource_id FROM ".MAIN_DB_PREFIX."element_resources"; - $sql .= " WHERE element_id = ".$object->id; + $sql .= " WHERE element_id = ".((int) $object->id); $sql .= " AND element_type = '".$db->escape($object->element)."'"; $sql .= " AND busy = 1"; $sql .= ")"; @@ -770,10 +770,10 @@ if (empty($reshook) && GETPOST('actionmove', 'alpha') == 'mupdate') { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = 'dolresource'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element)."'"; - $sql .= " WHERE ac.id != ".$object->id; + $sql .= " WHERE ac.id <> ".((int) $object->id); $sql .= " AND er.resource_id IN ("; $sql .= " SELECT resource_id FROM ".MAIN_DB_PREFIX."element_resources"; - $sql .= " WHERE element_id = ".$object->id; + $sql .= " WHERE element_id = ".((int) $object->id); $sql .= " AND element_type = '".$db->escape($object->element)."'"; $sql .= " AND busy = 1"; $sql .= ")"; diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index ce8f3f89d92..1e8de65cb43 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -973,7 +973,7 @@ class ActionComm extends CommonObject // remove categorie association if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_actioncomm"; - $sql .= " WHERE fk_actioncomm=".$this->id; + $sql .= " WHERE fk_actioncomm=".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -985,7 +985,7 @@ class ActionComm extends CommonObject // remove actioncomm_resources if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources"; - $sql .= " WHERE fk_actioncomm=".$this->id; + $sql .= " WHERE fk_actioncomm=".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -1017,7 +1017,7 @@ class ActionComm extends CommonObject // remove actioncomm if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm"; - $sql .= " WHERE id=".$this->id; + $sql .= " WHERE id=".((int) $this->id); $res = $this->db->query($sql); if (!$res) { diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index e03d13c29e8..8b97f23737e 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -165,7 +165,7 @@ if (empty($reshook)) { $now = dol_now(); // Positioning date of start sending - $sql = "UPDATE ".MAIN_DB_PREFIX."mailing SET date_envoi='".$db->idate($now)."' WHERE rowid=".$object->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."mailing SET date_envoi='".$db->idate($now)."' WHERE rowid=".((int) $object->id); $resql2 = $db->query($sql); if (!$resql2) { dol_print_error($db); @@ -368,7 +368,7 @@ if (empty($reshook)) { dol_syslog("comm/mailing/card.php: error for #".$i.($mail->error ? ' - '.$mail->error : ''), LOG_WARNING); $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " SET statut=-1, error_text='".$db->escape($mail->error)."', date_envoi='".$db->idate($now)."' WHERE rowid=".$obj->rowid; + $sql .= " SET statut=-1, error_text='".$db->escape($mail->error)."', date_envoi='".$db->idate($now)."' WHERE rowid=".((int) $obj->rowid); $resql2 = $db->query($sql); if (!$resql2) { dol_print_error($db); diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 08ab8b6c8d7..4411b8a326a 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -135,7 +135,7 @@ if (GETPOST('exportcsv', 'int')) { $sql = "SELECT mc.rowid, mc.lastname, mc.firstname, mc.email, mc.other, mc.statut as status, mc.date_envoi, mc.tms,"; $sql .= " mc.source_id, mc.source_type, mc.error_text"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc"; - $sql .= " WHERE mc.fk_mailing=".$object->id; + $sql .= " WHERE mc.fk_mailing=".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); $resql = $db->query($sql); @@ -454,7 +454,7 @@ if ($object->fetch($id) >= 0) { $sql = "SELECT mc.rowid, mc.lastname, mc.firstname, mc.email, mc.other, mc.statut, mc.date_envoi, mc.tms,"; $sql .= " mc.source_url, mc.source_id, mc.source_type, mc.error_text"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc"; - $sql .= " WHERE mc.fk_mailing=".$object->id; + $sql .= " WHERE mc.fk_mailing=".((int) $object->id); $asearchcriteriahasbeenset = 0; if ($search_lastname) { $sql .= natural_search("mc.lastname", $search_lastname); diff --git a/htdocs/comm/mailing/class/mailing.class.php b/htdocs/comm/mailing/class/mailing.class.php index d281fcb1a3a..2d33d4219d8 100644 --- a/htdocs/comm/mailing/class/mailing.class.php +++ b/htdocs/comm/mailing/class/mailing.class.php @@ -490,7 +490,7 @@ class Mailing extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."mailing "; $sql .= " SET statut = 1, date_valid = '".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("Mailing::valid", LOG_DEBUG); if ($this->db->query($sql)) { @@ -555,7 +555,7 @@ class Mailing extends CommonObject { // phpcs:enable $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); dol_syslog("Mailing::delete_targets", LOG_DEBUG); $resql = $this->db->query($sql); @@ -582,7 +582,7 @@ class Mailing extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; $sql .= " SET statut = 0"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); dol_syslog("Mailing::reset_targets_status", LOG_DEBUG); $resql = $this->db->query($sql); @@ -604,7 +604,7 @@ class Mailing extends CommonObject public function countNbOfTargets($mode) { $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); if ($mode == 'alreadysent') { $sql .= " AND statut <> 0"; } elseif ($mode == 'alreadysentok') { @@ -638,7 +638,7 @@ class Mailing extends CommonObject public function refreshNbOfTargets() { $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php index 25ef23dd7de..8da9a17ebb2 100644 --- a/htdocs/comm/multiprix.php +++ b/htdocs/comm/multiprix.php @@ -134,7 +134,7 @@ if ($_socid > 0) { */ $sql = "SELECT rc.rowid,rc.price_level, rc.datec as dc, u.rowid as uid, u.login"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_prices as rc, ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE rc.fk_soc =".$objsoc->id; + $sql .= " WHERE rc.fk_soc = ".((int) $objsoc->id); $sql .= " AND u.rowid = rc.fk_user_author"; $sql .= " ORDER BY rc.datec DESC"; diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index bdf9b75998b..a31389340e8 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -214,7 +214,7 @@ if ($socid > 0) { $sql = "SELECT rc.rowid, rc.remise_client as remise_percent, rc.note, rc.datec as dc,"; $sql .= " u.login, u.rowid as user_id"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise as rc, ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE rc.fk_soc = ".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.entity IN (".getEntity('discount').")"; $sql .= " AND u.rowid = rc.fk_user_author"; $sql .= " ORDER BY rc.datec DESC"; @@ -266,7 +266,7 @@ if ($socid > 0) { $sql = "SELECT rc.rowid, rc.remise_supplier as remise_percent, rc.note, rc.datec as dc,"; $sql .= " u.login, u.rowid as user_id"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_supplier as rc, ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE rc.fk_soc = ".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.entity IN (".getEntity('discount').")"; $sql .= " AND u.rowid = rc.fk_user_author"; $sql .= " ORDER BY rc.datec DESC"; diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 8f26d897389..42a5ee42e16 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -267,8 +267,8 @@ if ($socid > 0) { $remise_all = $remise_user = 0; $sql = "SELECT SUM(rc.amount_ht) as amount, rc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND discount_type = 0"; // Exclude supplier discounts $sql .= " AND (fk_facture_line IS NULL AND fk_facture IS NULL)"; $sql .= " GROUP BY rc.fk_user"; @@ -297,8 +297,8 @@ if ($socid > 0) { $remise_all = $remise_user = 0; $sql = "SELECT SUM(rc.amount_ht) as amount, rc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND discount_type = 1"; // Exclude customer discounts $sql .= " AND (fk_invoice_supplier_line IS NULL AND fk_invoice_supplier IS NULL)"; $sql .= " GROUP BY rc.fk_user"; @@ -408,8 +408,8 @@ if ($socid > 0) { $sql .= " fa.ref as ref, fa.type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fa ON rc.fk_facture_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND u.rowid = rc.fk_user"; $sql .= " AND rc.discount_type = 0"; // Eliminate supplier discounts $sql .= " AND (rc.fk_facture_line IS NULL AND rc.fk_facture IS NULL)"; @@ -547,8 +547,8 @@ if ($socid > 0) { $sql .= " fa.ref, fa.type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fa ON rc.fk_invoice_supplier_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND u.rowid = rc.fk_user"; $sql .= " AND rc.discount_type = 1"; // Eliminate customer discounts $sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; @@ -700,7 +700,7 @@ if ($socid > 0) { $sql .= " , ".MAIN_DB_PREFIX."facturedet as fc"; $sql .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fa ON rc.fk_facture_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc =".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.fk_facture_line = fc.rowid"; $sql .= " AND fc.fk_facture = f.rowid"; $sql .= " AND rc.fk_user = u.rowid"; @@ -718,7 +718,7 @@ if ($socid > 0) { $sql2 .= " , ".MAIN_DB_PREFIX."user as u"; $sql2 .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql2 .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fa ON rc.fk_facture_source = fa.rowid"; - $sql2 .= " WHERE rc.fk_soc =".$object->id; + $sql2 .= " WHERE rc.fk_soc = ".((int) $object->id); $sql2 .= " AND rc.fk_facture = f.rowid"; $sql2 .= " AND rc.fk_user = u.rowid"; $sql2 .= " AND rc.discount_type = 0"; // Eliminate supplier discounts @@ -860,7 +860,7 @@ if ($socid > 0) { $sql .= " , ".MAIN_DB_PREFIX."facture_fourn_det as fc"; $sql .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fa ON rc.fk_invoice_supplier_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc =".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.fk_invoice_supplier_line = fc.rowid"; $sql .= " AND fc.fk_facture_fourn = f.rowid"; $sql .= " AND rc.fk_user = u.rowid"; @@ -878,7 +878,7 @@ if ($socid > 0) { $sql2 .= " , ".MAIN_DB_PREFIX."user as u"; $sql2 .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql2 .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fa ON rc.fk_invoice_supplier_source = fa.rowid"; - $sql2 .= " WHERE rc.fk_soc =".$object->id; + $sql2 .= " WHERE rc.fk_soc = ".((int) $object->id); $sql2 .= " AND rc.fk_invoice_supplier = f.rowid"; $sql2 .= " AND rc.fk_user = u.rowid"; $sql2 .= " AND rc.discount_type = 1"; // Eliminate customer discounts diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index d2a9554abab..804cfa09281 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -907,8 +907,8 @@ class Account extends CommonObject $sql .= ",owner_address = '".$this->db->escape($this->owner_address)."'"; $sql .= ",state_id = ".($this->state_id > 0 ? $this->state_id : "null"); $sql .= ",fk_pays = ".($this->country_id > 0 ? $this->country_id : "null"); - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); dol_syslog(get_class($this)."::update_bban", LOG_DEBUG); @@ -1059,7 +1059,7 @@ class Account extends CommonObject // Delete link between tag and bank account if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_account"; - $sql .= " WHERE fk_account = ".$this->id; + $sql .= " WHERE fk_account = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1151,7 +1151,7 @@ class Account extends CommonObject $sql = "SELECT COUNT(rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_account=".$this->id; + $sql .= " WHERE fk_account = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1188,7 +1188,7 @@ class Account extends CommonObject $sql = "SELECT sum(amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_account = ".$this->id; + $sql .= " WHERE fk_account = ".((int) $this->id); if ($option == 1) { $sql .= " AND dateo <= '".$this->db->idate(dol_now())."'"; } diff --git a/htdocs/compta/bank/class/bankcateg.class.php b/htdocs/compta/bank/class/bankcateg.class.php index ccf5828d40a..ab58cb8287c 100644 --- a/htdocs/compta/bank/class/bankcateg.class.php +++ b/htdocs/compta/bank/class/bankcateg.class.php @@ -213,7 +213,7 @@ class BankCateg // extends CommonObject // Delete link between tag and bank account if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_account"; - $sql .= " WHERE fk_categorie = ".$this->id; + $sql .= " WHERE fk_categorie = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -225,7 +225,7 @@ class BankCateg // extends CommonObject // Delete link between tag and bank lines if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class"; - $sql .= " WHERE fk_categ = ".$this->id; + $sql .= " WHERE fk_categ = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/deplacement/class/deplacement.class.php b/htdocs/compta/deplacement/class/deplacement.class.php index 1972e3f686e..81022e9bc71 100644 --- a/htdocs/compta/deplacement/class/deplacement.class.php +++ b/htdocs/compta/deplacement/class/deplacement.class.php @@ -249,7 +249,7 @@ class Deplacement extends CommonObject $sql .= " , note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null"); $sql .= " , note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null"); $sql .= " , fk_projet = ".($this->fk_project > 0 ? $this->fk_project : 0); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 31de2bbd4ff..374de5cca4d 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -889,7 +889,7 @@ if (empty($reshook)) { $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_facture_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); $resql = $db->query($sql); if (!empty($resql)) { while ($obj = $db->fetch_object($resql)) { @@ -4975,7 +4975,7 @@ if ($action == 'create') { $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_facture_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/compta/facture/class/paymentterm.class.php b/htdocs/compta/facture/class/paymentterm.class.php index 87cd50d27c6..f94ad573a81 100644 --- a/htdocs/compta/facture/class/paymentterm.class.php +++ b/htdocs/compta/facture/class/paymentterm.class.php @@ -311,7 +311,7 @@ class PaymentTerm // extends CommonObject $sql .= " type_cdr=".(isset($this->type_cdr) ? $this->type_cdr : "null").","; $sql .= " nbjour=".(isset($this->nbjour) ? $this->nbjour : "null").","; $sql .= " decalage=".(isset($this->decalage) ? $this->decalage : "null").""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -350,7 +350,7 @@ class PaymentTerm // extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."c_payment_term"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/compta/facture/prelevement.php b/htdocs/compta/facture/prelevement.php index 6fdc74a7539..0d2c3070261 100644 --- a/htdocs/compta/facture/prelevement.php +++ b/htdocs/compta/facture/prelevement.php @@ -577,9 +577,9 @@ if ($object->id > 0) { $sql .= " , pfd.amount"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; @@ -598,9 +598,9 @@ if ($object->id > 0) { $sql = "SELECT SUM(pfd.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; @@ -699,9 +699,9 @@ if ($object->id > 0) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u on pfd.fk_user_demande = u.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."prelevement_bons as pb ON pb.rowid = pfd.fk_prelevement_bons"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; @@ -765,9 +765,9 @@ if ($object->id > 0) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u on pfd.fk_user_demande = u.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."prelevement_bons as pb ON pb.rowid = pfd.fk_prelevement_bons"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 1"; $sql .= " AND pfd.ext_payment_id IS NULL"; diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 683b2fd0423..fe967543fdc 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -305,7 +305,7 @@ class RemiseCheque extends CommonObject if ($this->errno === 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; $sql .= " SET fk_bordereau = 0"; - $sql .= " WHERE fk_bordereau = ".$this->id; + $sql .= " WHERE fk_bordereau = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -647,7 +647,7 @@ class RemiseCheque extends CommonObject $nb = 0; $sql = "SELECT amount "; $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_bordereau = ".$this->id; + $sql .= " WHERE fk_bordereau = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 971400afa5e..94264d0f9f6 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -788,7 +788,7 @@ class Paiement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET datep = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -839,7 +839,7 @@ class Paiement extends CommonObject if (!empty($num) && $this->statut != 1) { $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET num_paiement = '".$this->db->escape($num)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_num", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 10c8f304102..a97facc592c 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -1341,18 +1341,14 @@ class BonPrelevement extends CommonObject } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Delete a notification def by id * * @param int $rowid id of notification * @return int 0 if OK, <0 if KO */ - public function DeleteNotificationById($rowid) + public function deleteNotificationById($rowid) { - // phpcs:enable - $result = 0; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; $sql .= " WHERE rowid = ".((int) $rowid); @@ -1363,21 +1359,23 @@ class BonPrelevement extends CommonObject } } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Delete a notification * - * @param int $user notification user - * @param string $action notification action - * @return int >0 if OK, <0 if KO + * @param int|User $user notification user + * @param string $action notification action + * @return int >0 if OK, <0 if KO */ - public function DeleteNotification($user, $action) + public function deleteNotification($user, $action) { - // phpcs:enable - $result = 0; + if (is_object($user)) { + $userid = $user->id; + } else { // If user is an id + $userid = $user; + } $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; - $sql .= " WHERE fk_user=".$user." AND fk_action='".$this->db->escape($action)."'"; + $sql .= " WHERE fk_user=".((int) $userid)." AND fk_action='".$this->db->escape($action)."'"; if ($this->db->query($sql)) { return 0; @@ -1390,28 +1388,34 @@ class BonPrelevement extends CommonObject /** * Add a notification * - * @param DoliDB $db database handler - * @param int $user notification user - * @param string $action notification action - * @return int 0 if OK, <0 if KO + * @param DoliDB $db database handler + * @param int|User $user notification user + * @param string $action notification action + * @return int 0 if OK, <0 if KO */ - public function AddNotification($db, $user, $action) + public function addNotification($db, $user, $action) { // phpcs:enable $result = 0; - if ($this->DeleteNotification($user, $action) == 0) { + if (is_object($user)) { + $userid = $user->id; + } else { // If user is an id + $userid = $user; + } + + if ($this->deleteNotification($user, $action) == 0) { $now = dol_now(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec,fk_user, fk_soc, fk_contact, fk_action)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$user.", 'NULL', 'NULL', '".$this->db->escape($action)."')"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".$userid.", 'NULL', 'NULL', '".$this->db->escape($action)."')"; dol_syslog("adnotiff: ".$sql); if ($this->db->query($sql)) { $result = 0; } else { $result = -1; - dol_syslog(get_class($this)."::AddNotification Error $result"); + dol_syslog(get_class($this)."::addNotification Error $result"); } } diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php index 14b2cf67590..2b80e1bb4f4 100644 --- a/htdocs/compta/sociales/class/chargesociales.class.php +++ b/htdocs/compta/sociales/class/chargesociales.class.php @@ -445,7 +445,7 @@ class ChargeSociales extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."chargesociales SET"; $sql .= " paye = 1"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -480,7 +480,7 @@ class ChargeSociales extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."chargesociales SET"; $sql .= " paye = 0"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index 45d3d2e74b4..c412072ec89 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -247,7 +247,7 @@ class Tva extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."tva SET"; $sql .= " paye = 1"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { return 1; @@ -267,7 +267,7 @@ class Tva extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."tva SET"; $sql .= " paye = 0"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { return 1; diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index f364e82dd68..9b2364f7233 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -3202,7 +3202,7 @@ class ContratLigne extends CommonObjectLine $sql .= ",total_localtax1=".price2num($this->total_localtax1, 'MT').""; $sql .= ",total_localtax2=".price2num($this->total_localtax2, 'MT').""; $sql .= ",total_ttc=".price2num($this->total_ttc, 'MT').""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_total", LOG_DEBUG); diff --git a/htdocs/core/class/commonincoterm.class.php b/htdocs/core/class/commonincoterm.class.php index 25745bb4c5c..11af43c2914 100644 --- a/htdocs/core/class/commonincoterm.class.php +++ b/htdocs/core/class/commonincoterm.class.php @@ -109,7 +109,7 @@ trait CommonIncoterm $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET fk_incoterms = ".($id_incoterm > 0 ? $id_incoterm : "null"); $sql .= ", location_incoterms = ".($id_incoterm > 0 ? "'".$this->db->escape($location)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::setIncoterms', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index a7049ea5a76..89d7cb1c7d0 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -2782,7 +2782,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET model_pdf = '".$this->db->escape($newmodelpdf)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDocModel", LOG_DEBUG); $resql = $this->db->query($sql); @@ -4500,7 +4500,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET extraparams = ".(!empty($extraparams) ? "'".$this->db->escape($extraparams)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setExtraParameters", LOG_DEBUG); $resql = $this->db->query($sql); @@ -9223,7 +9223,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET ".$statusfield." = ".((int) $status); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index eaf4bc511c8..07c6a509815 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -434,7 +434,7 @@ class DiscountAbsolute $sql .= " SET fk_facture = ".((int) $rowidinvoice); } } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::link_to_invoice", LOG_DEBUG); $resql = $this->db->query($sql); @@ -470,7 +470,7 @@ class DiscountAbsolute } else { $sql .= " SET fk_facture_line = NULL, fk_facture = NULL"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::unlink_invoice", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/core/class/link.class.php b/htdocs/core/class/link.class.php index be81c1e2737..5e008a1e1ac 100644 --- a/htdocs/core/class/link.class.php +++ b/htdocs/core/class/link.class.php @@ -182,7 +182,7 @@ class Link extends CommonObject $sql .= ", label = '".$this->db->escape($this->label)."'"; $sql .= ", objecttype = '".$this->db->escape($this->objecttype)."'"; $sql .= ", objectid = ".$this->objectid; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update sql = ".$sql); $resql = $this->db->query($sql); @@ -365,7 +365,7 @@ class Link extends CommonObject // Remove link $sql = "DELETE FROM ".MAIN_DB_PREFIX."links"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php index 019187fca28..de991d50f4e 100644 --- a/htdocs/delivery/class/delivery.class.php +++ b/htdocs/delivery/class/delivery.class.php @@ -189,7 +189,7 @@ class Delivery extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."delivery "; $sql .= "SET ref = '".$this->db->escape($numref)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("Delivery::create", LOG_DEBUG); $resql = $this->db->query($sql); @@ -427,7 +427,7 @@ class Delivery extends CommonObject $sql .= ", fk_statut = 1"; $sql .= ", date_valid = '".$this->db->idate($now)."'"; $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = 0"; $resql = $this->db->query($sql); @@ -651,7 +651,7 @@ class Delivery extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."delivery"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->db->commit(); @@ -1001,7 +1001,7 @@ class Delivery extends CommonObject if ($user->rights->expedition->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."delivery"; $sql .= " SET date_delivery = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDeliveryDate", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/ecm/class/ecmdirectory.class.php b/htdocs/ecm/class/ecmdirectory.class.php index c2961794bbc..3c7af135922 100644 --- a/htdocs/ecm/class/ecmdirectory.class.php +++ b/htdocs/ecm/class/ecmdirectory.class.php @@ -305,7 +305,7 @@ class EcmDirectory extends CommonObject } else { $sql .= " cachenbofdoc = cachenbofdoc ".$value." 1"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::changeNbOfFiles", LOG_DEBUG); $resql = $this->db->query($sql); @@ -764,7 +764,7 @@ class EcmDirectory extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."ecm_directories SET"; $sql .= " cachenbofdoc = '".count($filelist)."'"; if (empty($all)) { // By default - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); } else { $sql .= " WHERE entity = ".$conf->entity; } diff --git a/htdocs/eventorganization/class/conferenceorboothattendee.class.php b/htdocs/eventorganization/class/conferenceorboothattendee.class.php index b6c80feadd4..cdc350480c5 100644 --- a/htdocs/eventorganization/class/conferenceorboothattendee.class.php +++ b/htdocs/eventorganization/class/conferenceorboothattendee.class.php @@ -558,7 +558,7 @@ class ConferenceOrBoothAttendee extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index 85245b38e89..a60f3c88c6a 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -363,7 +363,7 @@ class Expedition extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."expedition"; $sql .= " SET ref = '(PROV".$this->id.")'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); if ($this->db->query($sql)) { @@ -711,7 +711,7 @@ class Expedition extends CommonObject $sql .= ", fk_statut = 1"; $sql .= ", date_valid = '".$this->db->idate($now)."'"; $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::valid update expedition", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1297,7 +1297,7 @@ class Expedition extends CommonObject // No delete expedition if (!$error) { $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."expedition"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!empty($this->origin) && $this->origin_id > 0) { @@ -1489,7 +1489,7 @@ class Expedition extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."expedition"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!empty($this->origin) && $this->origin_id > 0) { @@ -1973,7 +1973,7 @@ class Expedition extends CommonObject if ($user->rights->expedition->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."expedition"; $sql .= " SET date_delivery = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDeliveryDate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2814,7 +2814,7 @@ class ExpeditionLigne extends CommonObjectLine } $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if (!$error && $this->db->query($sql)) { // Remove extrafields diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index b3601c00deb..a83ef94e520 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -495,7 +495,7 @@ class ExpenseReport extends CommonObject $sql .= " , note_public = ".(!empty($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "''"); $sql .= " , note_private = ".(!empty($this->note_private) ? "'".$this->db->escape($this->note_private)."'" : "''"); $sql .= " , detail_refuse = ".(!empty($this->detail_refuse) ? "'".$this->db->escape($this->detail_refuse)."'" : "''"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); $result = $this->db->query($sql); @@ -1252,7 +1252,7 @@ class ExpenseReport extends CommonObject $sql .= " fk_statut = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($this->date_valid)."',"; $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1746,7 +1746,7 @@ class ExpenseReport extends CommonObject $sql .= " total_ht = ".$this->total_ht; $sql .= " , total_ttc = ".$this->total_ttc; $sql .= " , total_tva = ".$this->total_tva; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) : @@ -1776,7 +1776,7 @@ class ExpenseReport extends CommonObject $sql .= " total_ht = ".$this->total_ht; $sql .= " , total_ttc = ".$this->total_ttc; $sql .= " , total_tva = ".$this->total_tva; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) : diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index 371853dc70c..6da1a30b618 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -1004,7 +1004,7 @@ class Fichinter extends CommonObject if (!$error) { // Delete object $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("Fichinter::delete", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1066,7 +1066,7 @@ class Fichinter extends CommonObject if ($user->rights->ficheinter->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter "; $sql .= " SET datei = '".$this->db->idate($date_delivery)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = 0"; if ($this->db->query($sql)) { @@ -1097,7 +1097,7 @@ class Fichinter extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter "; $sql .= " SET description = '".$this->db->escape($description)."',"; $sql .= " fk_user_modif = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->description = $description; @@ -1127,7 +1127,7 @@ class Fichinter extends CommonObject if ($user->rights->ficheinter->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter "; $sql .= " SET fk_contrat = ".((int) $contractid); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->fk_contrat = $contractid; diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php index 4fe35c32a2c..9aec232cf0a 100644 --- a/htdocs/fichinter/class/fichinterrec.class.php +++ b/htdocs/fichinter/class/fichinterrec.class.php @@ -599,7 +599,7 @@ class FichinterRec extends Fichinter $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter_rec "; $sql .= " SET frequency='".$this->db->escape($freq)."'"; $sql .= ", date_last_gen='".$this->db->escape($courant)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index abb5b01fb2c..f7c7ee26e1c 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -1579,7 +1579,7 @@ class FactureFournisseur extends CommonInvoice $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn"; $sql .= " SET ref='".$this->db->escape($num)."', fk_statut = 1, fk_user_valid = ".((int) $user->id).", date_valid = '".$this->db->idate($now)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1706,7 +1706,7 @@ class FactureFournisseur extends CommonInvoice $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php index 2cac4a1352b..cbbe1670a09 100644 --- a/htdocs/hrm/class/establishment.class.php +++ b/htdocs/hrm/class/establishment.class.php @@ -231,7 +231,7 @@ class Establishment extends CommonObject $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX.'establishment'); $sql = 'UPDATE '.MAIN_DB_PREFIX."establishment SET ref = '".$this->db->escape($this->id)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->query($sql); $this->db->commit(); diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index 91f384703a9..2e51b3871a9 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -404,7 +404,7 @@ class Loan extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."loan SET"; $sql .= " paid = ".$this::STATUS_PAID; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -440,7 +440,7 @@ class Loan extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."loan SET"; $sql .= " paid = ".$this::STATUS_STARTED; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -475,7 +475,7 @@ class Loan extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."loan SET"; $sql .= " paid = ".$this::STATUS_UNPAID; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index df5dcba60ad..b00aa6e8b91 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -838,7 +838,7 @@ class Mo extends CommonObject $sql .= " status = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($now)."',"; $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index feef3c7e81f..6de34719f77 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -627,7 +627,7 @@ class Partnership extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); @@ -751,7 +751,7 @@ class Partnership extends CommonObject // if (!empty($this->fields['fk_user_valid'])) { // $sql .= ", fk_user_valid = ".$user->id; // } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::accept()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index e7d568f87d4..fc8f5cc4720 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1603,7 +1603,7 @@ class Product extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET "; $sql .= "$field = '".$this->db->escape($value)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_expression.class.php b/htdocs/product/dynamic_price/class/price_expression.class.php index db0c427c334..2a7f35a436b 100644 --- a/htdocs/product/dynamic_price/class/price_expression.class.php +++ b/htdocs/product/dynamic_price/class/price_expression.class.php @@ -257,7 +257,7 @@ class PriceExpression $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " title = ".(isset($this->title) ? "'".$this->db->escape($this->title)."'" : "''").","; $sql .= " expression = ".(isset($this->expression) ? "'".$this->db->escape($this->expression)."'" : "''").""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php index 87cb8dea2c5..217ab25463a 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php @@ -183,7 +183,7 @@ class PriceGlobalVariable $sql .= " code = ".(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "''").","; $sql .= " description = ".(isset($this->description) ? "'".$this->db->escape($this->description)."'" : "''").","; $sql .= " value = ".((float) $this->value); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php index 331a65971b6..e24ff2c6769 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php @@ -207,7 +207,7 @@ class PriceGlobalVariableUpdater $sql .= " update_interval = ".((int) $this->update_interval).","; $sql .= " next_update = ".((int) $this->next_update).","; $sql .= " last_status = ".(isset($this->last_status) ? "'".$this->db->escape($this->last_status)."'" : "''"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -570,7 +570,7 @@ class PriceGlobalVariableUpdater // Update request $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " next_update = ".$this->next_update; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -614,7 +614,7 @@ class PriceGlobalVariableUpdater // Update request $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " last_status = ".(isset($this->last_status) ? "'".$this->db->escape($this->last_status)."'" : "''"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 92df16fa867..55ee6abf8fa 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -389,7 +389,7 @@ class Entrepot extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."entrepot"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql1 = $this->db->query($sql); if (!$resql1) { $error++; diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 905fbcb9216..16501940949 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -1080,7 +1080,7 @@ class Project extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."projet"; $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", fk_user_close = ".((int) $user->id).", date_close = '".$this->db->idate($now)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) { diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 2917b2ce811..70a38a6818b 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -1661,7 +1661,7 @@ class Task extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task"; $sql .= " SET duration_effective = duration_effective - ".$this->db->escape($this->timespent_duration ? $this->timespent_duration : 0); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delTimeSpent", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index e1e2c857bc0..948822c1983 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -288,7 +288,7 @@ class Reception extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."reception"; $sql .= " SET ref = '(PROV".$this->id.")'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); if ($this->db->query($sql)) { @@ -543,7 +543,7 @@ class Reception extends CommonObject $sql .= ", fk_statut = 1"; $sql .= ", date_valid = '".$this->db->idate($now)."'"; $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::valid update reception", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -954,7 +954,7 @@ class Reception extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."reception"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { // Call trigger @@ -1260,7 +1260,7 @@ class Reception extends CommonObject if ($user->rights->reception->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."reception"; $sql .= " SET date_delivery = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDeliveryDate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1755,7 +1755,7 @@ class Reception extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."reception"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/recruitment/class/recruitmentcandidature.class.php b/htdocs/recruitment/class/recruitmentcandidature.class.php index 0069ce2d30f..3c5cf401a92 100644 --- a/htdocs/recruitment/class/recruitmentcandidature.class.php +++ b/htdocs/recruitment/class/recruitmentcandidature.class.php @@ -519,7 +519,7 @@ class RecruitmentCandidature extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php index 892ba4121e9..7e44aad7b64 100644 --- a/htdocs/recruitment/class/recruitmentjobposition.class.php +++ b/htdocs/recruitment/class/recruitmentjobposition.class.php @@ -528,7 +528,7 @@ class RecruitmentJobPosition extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); @@ -672,7 +672,7 @@ class RecruitmentJobPosition extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET status = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."'"; //$sql .= ", date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index cc50c57ec84..ab1e06f3b34 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -639,7 +639,7 @@ class Salary extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."salary SET"; $sql .= " paye = 1"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) return 1; else return -1; @@ -657,7 +657,7 @@ class Salary extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."salary SET"; $sql .= " paye = 0"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) return 1; else return -1; diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index 9b767cde34c..f4e871fce83 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -171,7 +171,7 @@ class CompanyBankAccount extends Account } else { $sql .= ",label = NULL"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index fa19b23e6cd..0dd3e31da01 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -2058,7 +2058,7 @@ class Societe extends CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; $sql .= " SET client = ".((int) $newclient); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2102,7 +2102,7 @@ class Societe extends CommonObject // Position current discount $sql = "UPDATE ".MAIN_DB_PREFIX."societe "; $sql .= " SET remise_client = '".$this->db->escape($remise)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->db->rollback(); @@ -2161,7 +2161,7 @@ class Societe extends CommonObject // Position current discount $sql = "UPDATE ".MAIN_DB_PREFIX."societe "; $sql .= " SET remise_supplier = '".$this->db->escape($remise)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->db->rollback(); @@ -4685,7 +4685,7 @@ class Societe extends CommonObject if ($this->id) { $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; $sql .= " SET fk_typent = ".($typent_id > 0 ? $typent_id : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::setThirdpartyType', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 3961fefedf2..1ffec54ed22 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -1402,7 +1402,7 @@ class Ticket extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."ticket"; $sql .= " SET fk_statut = ".Ticket::STATUS_READ.", date_read='".$this->db->idate(dol_now())."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::markAsRead"); $resql = $this->db->query($sql); @@ -1460,7 +1460,7 @@ class Ticket extends CommonObject } else { $sql .= " SET fk_user_assign=null, fk_statut = ".Ticket::STATUS_READ; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::assignUser sql=".$sql); $resql = $this->db->query($sql); @@ -1944,7 +1944,7 @@ class Ticket extends CommonObject if ($this->id) { $sql = "UPDATE ".MAIN_DB_PREFIX."ticket"; $sql .= " SET fk_soc = ".($id > 0 ? $id : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::setCustomer sql='.$sql); $resql = $this->db->query($sql); if ($resql) { @@ -1968,7 +1968,7 @@ class Ticket extends CommonObject if ($this->id) { $sql = "UPDATE ".MAIN_DB_PREFIX."ticket"; $sql .= " SET progress = ".($percent > 0 ? $percent : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::set_progression sql='.$sql); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/user/class/userbankaccount.class.php b/htdocs/user/class/userbankaccount.class.php index 7323fb93ab2..d9392ade9d7 100644 --- a/htdocs/user/class/userbankaccount.class.php +++ b/htdocs/user/class/userbankaccount.class.php @@ -140,7 +140,7 @@ class UserBankAccount extends Account } else { $sql .= ",label = NULL"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/workstation/class/workstation.class.php b/htdocs/workstation/class/workstation.class.php index 5cb6baf3565..03d1e6e3dd4 100755 --- a/htdocs/workstation/class/workstation.class.php +++ b/htdocs/workstation/class/workstation.class.php @@ -599,7 +599,7 @@ class Workstation extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 2d9bfeac49d..5ba74969107 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -286,9 +286,9 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $ok=true; $matches=array(); - // Check sql string AND ... yyy = ".$xxx + // Check sql string DELETE|OR|AND|WHERE|INSERT ... yyy = ".$xxx // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string or an (int) if int when forging sql request. - preg_match_all('/(DELETE|OR|AND)\s.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('/(DELETE|OR|AND|WHERE|INSERT)\s.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($val[2] == 'ity' && $val[3] == 'con') { continue; @@ -314,7 +314,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].' - Bad.'); // Check string sql|set...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. - preg_match_all('/(sql|SET).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('/(sql|SET|WHERE).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if (! in_array($val[2], array('this->db-', 'this->esc', 'db->escap', 'dbsession', 'db->idate', 'excludeGr', 'includeGr'))) { $ok=false; From b492d49908057dd06c8dfdbbd7e13a0985a21ba1 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Fri, 27 Aug 2021 17:27:05 +0200 Subject: [PATCH 133/215] add hidden option to display date and duration in invoice generation from task time spent --- htdocs/projet/tasks/time.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 11913957bc5..c438f8c133a 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -462,6 +462,15 @@ if ($action == 'confirm_generateinvoice') { $arrayoftasks[$object->timespent_id]['timespent'] = $object->timespent_duration; $arrayoftasks[$object->timespent_id]['totalvaluetodivideby3600'] = $object->timespent_duration * $object->timespent_thm; $arrayoftasks[$object->timespent_id]['note'] = $ftask->ref.' - '.$ftask->label.' - '.$username.($object->timespent_note ? ' - '.$object->timespent_note : ''); // TODO Add user name in note + if (!empty($conf->global->PROJECT_TIME_SPENT_INTO_INVOICE_ADD_TIME_DT)) { + $arrayoftasks[$object->timespent_id]['note'] = "\n"; + if (!empty($object->timespent_withhour)) { + $arrayoftasks[$object->timespent_id]['note'] .= $langs->trans("Date") . ': ' . dol_print_date($object->timespent_datehour); + } else { + $arrayoftasks[$object->timespent_id]['note'] .= $langs->trans("Date") . ': ' . dol_print_date($object->timespent_date); + } + $arrayoftasks[$object->timespent_id]['note'] .= ' - '.$langs->trans("Duration").': '.convertSecondToTime($object->timespent_duration, 'all', $conf->global->MAIN_DURATION_OF_WORKDAY); + } $arrayoftasks[$object->timespent_id]['user'] = $object->timespent_fk_user; } @@ -471,7 +480,6 @@ if ($action == 'confirm_generateinvoice') { // Define qty per hour $qtyhour = $value['timespent'] / 3600; - $qtyhourtext = convertSecondToTime($value['timespent'], 'all', $conf->global->MAIN_DURATION_OF_WORKDAY); // If no unit price known if (empty($pu_ht)) { @@ -851,6 +859,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0) { } $massactionbutton = ''; + $arrayofmassactions = array(); if ($projectstatic->usage_bill_time) { $arrayofmassactions = array( 'generateinvoice'=>$langs->trans("GenerateBill"), From 3b6559b1a623d39fc4b52d93f0b23408e0128e43 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 27 Aug 2021 18:18:50 +0200 Subject: [PATCH 134/215] Clean code by adding cast int. --- .../class/rejetprelevement.class.php | 6 +-- htdocs/compta/tva/class/paymentvat.class.php | 2 +- htdocs/contact/class/contact.class.php | 10 ++-- htdocs/contrat/card.php | 2 +- htdocs/contrat/class/contrat.class.php | 20 ++++---- htdocs/core/boxes/box_produits.php | 4 +- .../core/boxes/box_produits_alerte_stock.php | 4 +- htdocs/core/class/commonobject.class.php | 30 ++++++------ htdocs/core/class/html.form.class.php | 2 +- htdocs/core/db/pgsql.class.php | 6 +-- htdocs/core/lib/admin.lib.php | 4 +- htdocs/core/lib/company.lib.php | 24 +++++----- htdocs/core/lib/functions.lib.php | 6 ++- htdocs/core/lib/functions2.lib.php | 6 +-- htdocs/core/lib/invoice.lib.php | 6 +-- htdocs/core/lib/project.lib.php | 6 +-- .../modules/mailings/modules_mailings.php | 6 +-- .../core/modules/modReceiptPrinter.class.php | 5 +- .../stock/doc/pdf_standard.modules.php | 4 +- htdocs/don/class/don.class.php | 2 +- htdocs/expedition/class/expedition.class.php | 4 +- htdocs/fourn/card.php | 6 +-- htdocs/fourn/class/fournisseur.class.php | 2 +- .../class/fournisseur.commande.class.php | 6 +-- .../fourn/class/fournisseur.facture.class.php | 14 +++--- .../fourn/class/fournisseur.product.class.php | 6 +-- htdocs/fourn/commande/dispatch.php | 16 +++---- htdocs/fourn/facture/card.php | 5 +- htdocs/fourn/facture/list.php | 2 +- htdocs/holiday/class/holiday.class.php | 6 +-- htdocs/install/repair.php | 2 +- htdocs/install/upgrade2.php | 46 +++++++++---------- htdocs/loan/class/loanschedule.class.php | 5 +- .../mailmanspip/class/mailmanspip.class.php | 4 +- htdocs/mrp/class/mo.class.php | 2 +- htdocs/product/class/product.class.php | 40 ++++++++-------- .../class/productcustomerprice.class.php | 2 +- .../class/propalmergepdfproduct.class.php | 2 +- htdocs/product/fournisseurs.php | 2 +- htdocs/product/list.php | 4 +- htdocs/product/reassortlot.php | 5 +- htdocs/product/stock/card.php | 4 +- htdocs/product/stock/class/entrepot.class.php | 6 +-- htdocs/projet/class/project.class.php | 4 +- htdocs/projet/class/task.class.php | 10 ++-- htdocs/resource/class/dolresource.class.php | 2 +- htdocs/salaries/class/salary.class.php | 2 +- .../class/companybankaccount.class.php | 2 +- htdocs/societe/class/societe.class.php | 25 +++++----- htdocs/stripe/class/stripe.class.php | 8 ++-- htdocs/takepos/floors.php | 8 ++-- htdocs/ticket/class/ticket.class.php | 2 +- htdocs/user/bank.php | 8 ++-- htdocs/user/card.php | 6 +-- test/phpunit/CodingPhpTest.php | 5 +- 55 files changed, 215 insertions(+), 213 deletions(-) diff --git a/htdocs/compta/prelevement/class/rejetprelevement.class.php b/htdocs/compta/prelevement/class/rejetprelevement.class.php index db92da8ce90..4a515357495 100644 --- a/htdocs/compta/prelevement/class/rejetprelevement.class.php +++ b/htdocs/compta/prelevement/class/rejetprelevement.class.php @@ -222,8 +222,8 @@ class RejetPrelevement $sql = "SELECT fk_user_demande"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; - $sql .= " WHERE pfd.fk_prelevement_bons = ".$this->bon_id; - $sql .= " AND pfd.fk_facture".($this->type == 'bank-transfer' ? '_fourn=' : '=').$fac->id; + $sql .= " WHERE pfd.fk_prelevement_bons = ".((int) $this->bon_id); + $sql .= " AND pfd.fk_facture".($this->type == 'bank-transfer' ? '_fourn' : '').' = '.((int) $fac->id); $resql = $this->db->query($sql); if ($resql) { @@ -296,7 +296,7 @@ class RejetPrelevement $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as f ON (pf.fk_facture = f.rowid)"; } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."prelevement_lignes as pl ON (pf.fk_prelevement_lignes = pl.rowid)"; - $sql .= " WHERE pf.fk_prelevement_lignes = ".$this->id; + $sql .= " WHERE pf.fk_prelevement_lignes = ".((int) $this->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $resql = $this->db->query($sql); diff --git a/htdocs/compta/tva/class/paymentvat.class.php b/htdocs/compta/tva/class/paymentvat.class.php index bc234b4516e..8eaf141b06c 100644 --- a/htdocs/compta/tva/class/paymentvat.class.php +++ b/htdocs/compta/tva/class/paymentvat.class.php @@ -620,7 +620,7 @@ class PaymentVAT extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 83bc4202b9d..fd9830f36ca 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -595,7 +595,7 @@ class Contact extends CommonObject $sql .= ", fk_user_modif=".($user->id > 0 ? "'".$this->db->escape($user->id)."'" : "NULL"); $sql .= ", default_lang=".($this->default_lang ? "'".$this->db->escape($this->default_lang)."'" : "NULL"); $sql .= ", entity = ".((int) $this->entity); - $sql .= " WHERE rowid=".((int) $id); + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); @@ -871,12 +871,12 @@ class Contact extends CommonObject // Mis a jour contact $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET"; - $sql .= " birthday=".($this->birthday ? "'".$this->db->idate($this->birthday)."'" : "null"); + $sql .= " birthday = ".($this->birthday ? "'".$this->db->idate($this->birthday)."'" : "null"); $sql .= ", photo = ".($this->photo ? "'".$this->db->escape($this->photo)."'" : "null"); if ($user) { - $sql .= ", fk_user_modif=".$user->id; + $sql .= ", fk_user_modif = ".((int) $user->id); } - $sql .= " WHERE rowid=".$this->db->escape($id); + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::update_perso this->birthday=".$this->birthday." -", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1278,7 +1278,7 @@ class Contact extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople"; - $sql .= " WHERE rowid=".((int) $this->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); if (!$result) { diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 470895a2c22..56e3d797086 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -1433,7 +1433,7 @@ if ($action == 'create') { $sql .= " p.rowid as pid, p.ref as pref, p.label as plabel, p.fk_product_type as ptype, p.entity as pentity, p.tosell, p.tobuy, p.tobatch"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid"; - $sql .= " WHERE cd.rowid = ".$object->lines[$cursorline - 1]->id; + $sql .= " WHERE cd.rowid = ".((int) $object->lines[$cursorline - 1]->id); $result = $db->query($sql); if ($result) { diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 9b2364f7233..65ffcb7e99a 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -507,7 +507,7 @@ class Contrat extends CommonObject if ($num) { $sql = "UPDATE ".MAIN_DB_PREFIX."contrat SET ref = '".$this->db->escape($num)."', statut = 1"; //$sql.= ", fk_user_valid = ".$user->id.", date_valid = '".$this->db->idate($now)."'"; - $sql .= " WHERE rowid = ".$this->id." AND statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND statut = 0"; dol_syslog(get_class($this)."::validate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -607,7 +607,7 @@ class Contrat extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."contrat SET statut = 0"; //$sql.= ", fk_user_valid = null, date_valid = null"; - $sql .= " WHERE rowid = ".$this->id." AND statut = 1"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND statut = 1"; dol_syslog(get_class($this)."::validate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1197,7 +1197,7 @@ class Contrat extends CommonObject // Delete contratdet extrafields $main = MAIN_DB_PREFIX.'contratdet'; $ef = $main."_extrafields"; - $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".((int) $this->id).")"; + $sql = "DELETE FROM ".$ef." WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_contrat = ".((int) $this->id).")"; dol_syslog(get_class($this)."::delete contratdet_extrafields", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2112,7 +2112,7 @@ class Contrat extends CommonObject $sql = "SELECT cd.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd"; - $sql .= " WHERE fk_contrat =".$this->id; + $sql .= " WHERE fk_contrat =".((int) $this->id); if ($status >= 0) { $sql .= " AND statut = ".((int) $status); } @@ -2146,9 +2146,9 @@ class Contrat extends CommonObject $sql = "SELECT c.rowid, c.ref"; $sql .= " FROM ".MAIN_DB_PREFIX."contrat as c"; - $sql .= " WHERE fk_soc =".$this->socid; + $sql .= " WHERE fk_soc =".((int) $this->socid); if ($option == 'others') { - $sql .= " AND c.rowid != ".$this->id; + $sql .= " AND c.rowid <> ".((int) $this->id); } dol_syslog(get_class($this)."::getOtherContracts()", LOG_DEBUG); @@ -3332,10 +3332,10 @@ class ContratLigne extends CommonObjectLine if ($date_end >= 0) { $sql .= " date_fin_validite = ".(dol_strlen($date_end) != 0 ? "'".$this->db->idate($date_end)."'" : "null").","; } - $sql .= " fk_user_ouverture = ".$user->id.","; + $sql .= " fk_user_ouverture = ".((int) $user->id).","; $sql .= " date_cloture = null,"; $sql .= " commentaire = '".$this->db->escape($comment)."'"; - $sql .= " WHERE rowid = ".$this->id." AND (statut = ".ContratLigne::STATUS_INITIAL." OR statut = ".ContratLigne::STATUS_CLOSED.")"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND (statut = ".ContratLigne::STATUS_INITIAL." OR statut = ".ContratLigne::STATUS_CLOSED.")"; dol_syslog(get_class($this)."::active_line", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3396,9 +3396,9 @@ class ContratLigne extends CommonObjectLine $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET statut = ".((int) ContratLigne::STATUS_CLOSED).","; $sql .= " date_cloture = '".$this->db->idate($date_end)."',"; - $sql .= " fk_user_cloture = ".$user->id.","; + $sql .= " fk_user_cloture = ".((int) $user->id).","; $sql .= " commentaire = '".$this->db->escape($comment)."'"; - $sql .= " WHERE rowid = ".$this->id." AND statut = ".((int) ContratLigne::STATUS_OPEN); + $sql .= " WHERE rowid = ".((int) $this->id)." AND statut = ".((int) ContratLigne::STATUS_OPEN); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/boxes/box_produits.php b/htdocs/core/boxes/box_produits.php index dde3b685d25..d039881445e 100644 --- a/htdocs/core/boxes/box_produits.php +++ b/htdocs/core/boxes/box_produits.php @@ -122,8 +122,8 @@ class box_produits extends ModeleBoxes if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sqld = "SELECT label"; $sqld .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sqld .= " WHERE fk_product=".$objp->rowid; - $sqld .= " AND lang='".$this->db->escape($langs->getDefaultLang())."'"; + $sqld .= " WHERE fk_product = ".((int) $objp->rowid); + $sqld .= " AND lang = '".$this->db->escape($langs->getDefaultLang())."'"; $sqld .= " LIMIT 1"; $resultd = $this->db->query($sqld); diff --git a/htdocs/core/boxes/box_produits_alerte_stock.php b/htdocs/core/boxes/box_produits_alerte_stock.php index d7ae1566a44..5e7ec72d0e1 100644 --- a/htdocs/core/boxes/box_produits_alerte_stock.php +++ b/htdocs/core/boxes/box_produits_alerte_stock.php @@ -129,8 +129,8 @@ class box_produits_alerte_stock extends ModeleBoxes if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sqld = "SELECT label"; $sqld .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sqld .= " WHERE fk_product=".$objp->rowid; - $sqld .= " AND lang='".$this->db->escape($langs->getDefaultLang())."'"; + $sqld .= " WHERE fk_product = ".((int) $objp->rowid); + $sqld .= " AND lang = '".$this->db->escape($langs->getDefaultLang())."'"; $sqld .= " LIMIT 1"; $resultd = $this->db->query($sqld); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 89d7cb1c7d0..a60e0680536 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1224,7 +1224,7 @@ abstract class CommonObject $listId = implode(",", $temp); $sql = "DELETE FROM ".MAIN_DB_PREFIX."element_contact"; - $sql .= " WHERE element_id = ".$this->id; + $sql .= " WHERE element_id = ".((int) $this->id); if ($listId) { $sql .= " AND fk_c_type_contact IN (".$this->db->sanitize($listId).")"; } @@ -1272,9 +1272,9 @@ abstract class CommonObject if ($source == 'external' || $source == 'thirdparty') { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople t on ec.fk_socpeople = t.rowid"; } - $sql .= " WHERE ec.element_id =".$this->id; + $sql .= " WHERE ec.element_id = ".((int) $this->id); $sql .= " AND ec.fk_c_type_contact=tc.rowid"; - $sql .= " AND tc.element='".$this->db->escape($this->element)."'"; + $sql .= " AND tc.element = '".$this->db->escape($this->element)."'"; if ($code) { $sql .= " AND tc.code = '".$this->db->escape($code)."'"; } @@ -2658,7 +2658,7 @@ abstract class CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ".$fieldname." = ".((int) $id); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->fk_delivery_address = $id; @@ -3219,7 +3219,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= " SET ref_ext = '".$this->db->escape($ref_ext)."'"; - $sql .= " WHERE ".(isset($this->table_rowid) ? $this->table_rowid : 'rowid')." = ".$this->id; + $sql .= " WHERE ".(isset($this->table_rowid) ? $this->table_rowid : 'rowid')." = ".((int) $this->id); dol_syslog(get_class($this)."::update_ref_ext", LOG_DEBUG); if ($this->db->query($sql)) { @@ -3270,8 +3270,8 @@ abstract class CommonObject } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= " SET note".$newsuffix." = ".(!empty($note) ? ("'".$this->db->escape($note)."'") : "NULL"); - $sql .= " ,".$fieldusermod." = ".$user->id; - $sql .= " WHERE rowid =".$this->id; + $sql .= ", ".$fieldusermod." = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_note", LOG_DEBUG); if ($this->db->query($sql)) { @@ -3440,7 +3440,7 @@ abstract class CommonObject //var_dump($diff_when_using_price_ht.' '.$diff_on_current_total); if ($diff_when_using_price_ht && $diff_on_current_total) { - $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".$tmpcal[1].", total_ttc = ".$tmpcal[2]." WHERE rowid = ".$obj->rowid; + $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".price2num((float) $tmpcal[1]).", total_ttc = ".price2num((float) $tmpcal[2])." WHERE rowid = ".((int) $obj->rowid); dol_syslog('We found unconsistent data into detailed line (diff_when_using_price_ht = '.$diff_when_using_price_ht.' and diff_on_current_total = '.$diff_on_current_total.') for line rowid = '.$obj->rowid." (total vat of line calculated=".$tmpcal[1].", database=".$obj->total_tva."). We fix the total_vat and total_ttc of line by running sqlfix = ".$sqlfix, LOG_WARNING); $resqlfix = $this->db->query($sqlfix); if (!$resqlfix) { @@ -3484,7 +3484,7 @@ abstract class CommonObject dol_print_error('', $errmsg); exit; } - $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".($obj->total_tva - $diff).", total_ttc = ".($obj->total_ttc - $diff)." WHERE rowid = ".$obj->rowid; + $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".price2num($obj->total_tva - $diff).", total_ttc = ".price2num($obj->total_ttc - $diff)." WHERE rowid = ".((int) $obj->rowid); dol_syslog('We found a difference of '.$diff.' for line rowid = '.$obj->rowid.". We fix the total_vat and total_ttc of line by running sqlfix = ".$sqlfix); $resqlfix = $this->db->query($sqlfix); if (!$resqlfix) { @@ -4359,7 +4359,7 @@ abstract class CommonObject $sql = "SELECT subprice as pu_ht, qty, remise_percent, total_ht"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element_line; - $sql .= " WHERE ".$this->fk_element." = ".$this->id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); dol_syslog(get_class($this).'::getTotalDiscount', LOG_DEBUG); $resql = $this->db->query($sql); @@ -6135,7 +6135,7 @@ abstract class CommonObject foreach ($new_array_languages as $key => $langcodearray) { // $key = 'name', 'town', ... foreach ($langcodearray as $langcode => $value) { $sql_del = "DELETE FROM ".MAIN_DB_PREFIX."object_lang"; - $sql_del .= " WHERE fk_object = ".$this->id." AND property = '".$this->db->escape($key)."' AND type_object = '".$this->db->escape($table_element)."'"; + $sql_del .= " WHERE fk_object = ".((int) $this->id)." AND property = '".$this->db->escape($key)."' AND type_object = '".$this->db->escape($table_element)."'"; $sql_del .= " AND lang = '".$this->db->escape($langcode)."'"; $this->db->query($sql_del); @@ -6319,7 +6319,7 @@ abstract class CommonObject $linealreadyfound = 0; // Check if there is already a line for this object (in most cases, it is, but sometimes it is not, for example when extra field has been created after), so we must keep this overload) - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$this->table_element."_extrafields WHERE fk_object = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$this->table_element."_extrafields WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $tmpobj = $this->db->fetch_object($resql); @@ -6334,7 +6334,7 @@ abstract class CommonObject } else { $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element."_extrafields SET ".$key." = '".$this->db->escape($this->array_options["options_".$key])."'"; } - $sql .= " WHERE fk_object = ".$this->id; + $sql .= " WHERE fk_object = ".((int) $this->id); } else { $result = $this->insertExtraFields('', $user); if ($result < 0) { @@ -8576,7 +8576,7 @@ abstract class CommonObject if (is_null($value)) { return 'NULL'; } elseif (preg_match('/^(int|double|real|price)/i', $fieldsentry['type'])) { - return $this->db->escape("$value"); + return price2num("$value"); } elseif ($fieldsentry['type'] == 'boolean') { if ($value) { return 'true'; @@ -8776,7 +8776,7 @@ abstract class CommonObject if (!empty($id)) { $sql .= ' WHERE t.rowid = '.((int) $id); } elseif (!empty($ref)) { - $sql .= " WHERE t.ref = ".$this->quote($ref, $this->fields['ref']); + $sql .= " WHERE t.ref = '".$this->db->escape($ref)."'"; } else { $sql .= ' WHERE 1 = 1'; // usage with empty id and empty ref is very rare } diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 8c1550bcb4c..8f3c92a3c43 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -2625,7 +2625,7 @@ class Form if ((!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY) || !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) && !empty($objp->price_by_qty) && $objp->price_by_qty == 1) { // Price by quantity will return many prices for the same product $sql = "SELECT rowid, quantity, price, unitprice, remise_percent, remise, price_base_type"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price=".$objp->price_rowid; + $sql .= " WHERE fk_product_price = ".((int) $objp->price_rowid); $sql .= " ORDER BY quantity ASC"; dol_syslog(get_class($this)."::select_produits_list search prices by qty", LOG_DEBUG); diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 5245a9dac3c..6e9a4f54db6 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -924,11 +924,11 @@ class DoliDBPgsql extends DoliDB // phpcs:enable $listtables = array(); - $like = ''; + $escapedlike = ''; if ($table) { - $like = " AND table_name LIKE '".$this->escape($table)."'"; + $escapedlike = " AND table_name LIKE '".$this->escape($table)."'"; } - $result = pg_query($this->db, "SELECT table_name FROM information_schema.tables WHERE table_schema = 'public'".$like." ORDER BY table_name"); + $result = pg_query($this->db, "SELECT table_name FROM information_schema.tables WHERE table_schema = 'public'".$escapedlike." ORDER BY table_name"); if ($result) { while ($row = $this->fetch_row($result)) { $listtables[] = $row[0]; diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index ec12e397052..6361860e392 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -536,7 +536,7 @@ function dolibarr_get_const($db, $name, $entity = 1) $sql = "SELECT ".$db->decrypt('value')." as value"; $sql .= " FROM ".MAIN_DB_PREFIX."const"; - $sql .= " WHERE name = ".$db->encrypt($name, 1); + $sql .= " WHERE name = '".$db->escape($db->encrypt($name))."'"; $sql .= " AND entity = ".((int) $entity); dol_syslog("admin.lib::dolibarr_get_const", LOG_DEBUG); @@ -583,7 +583,7 @@ function dolibarr_set_const($db, $name, $value, $type = 'chaine', $visible = 0, $db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."const"; - $sql .= " WHERE name = ".$db->encrypt($name, 1); + $sql .= " WHERE name = '".$db->escape($db->encrypt($name))."'"; if ($entity >= 0) { $sql .= " AND entity = ".((int) $entity); } diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 4b536ccb2ad..8806bcc8b92 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -64,7 +64,7 @@ function societe_prepare_head(Societe $object) } else { $sql = "SELECT COUNT(p.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as p"; - $sql .= " WHERE p.fk_soc = ".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -140,7 +140,7 @@ function societe_prepare_head(Societe $object) } else { $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as n"; - $sql .= " WHERE fk_soc = ".$object->id; + $sql .= " WHERE fk_soc = ".((int) $object->id); $sql .= " AND entity IN (".getEntity('project').")"; $resql = $db->query($sql); if ($resql) { @@ -223,7 +223,7 @@ function societe_prepare_head(Societe $object) $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib as n"; - $sql .= " WHERE n.fk_soc = ".$object->id; + $sql .= " WHERE n.fk_soc = ".((int) $object->id); if (empty($conf->stripe->enabled)) { $sql .= " AND n.stripe_card_ref IS NULL"; } else { @@ -240,7 +240,7 @@ function societe_prepare_head(Societe $object) //if (! empty($conf->stripe->enabled) && $nbBankAccount > 0) $nbBankAccount = '...'; // No way to know exact number - $head[$h][0] = DOL_URL_ROOT.'/societe/paymentmodes.php?socid='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/societe/paymentmodes.php?socid='.urlencode($object->id); $head[$h][1] = $title; if ($foundonexternalonlinesystem) { $head[$h][1] .= '...'; @@ -252,12 +252,12 @@ function societe_prepare_head(Societe $object) } if (!empty($conf->website->enabled) && (!empty($conf->global->WEBSITE_USE_WEBSITE_ACCOUNTS)) && (!empty($user->rights->societe->lire))) { - $head[$h][0] = DOL_URL_ROOT.'/societe/website.php?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/societe/website.php?id='.urlencode($object->id); $head[$h][1] = $langs->trans("WebSiteAccounts"); $nbNote = 0; $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_account as n"; - $sql .= " WHERE fk_soc = ".$object->id.' AND fk_website > 0'; + $sql .= " WHERE fk_soc = ".((int) $object->id).' AND fk_website > 0'; $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -304,7 +304,7 @@ function societe_prepare_head(Societe $object) } else { $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."notify_def as n"; - $sql .= " WHERE fk_soc = ".$object->id; + $sql .= " WHERE fk_soc = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -315,7 +315,7 @@ function societe_prepare_head(Societe $object) dol_setcache($cachekey, $nbNotif, 120); // If setting cache fails, this is not a problem, so we do not test result. } - $head[$h][0] = DOL_URL_ROOT.'/societe/notify/card.php?socid='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/societe/notify/card.php?socid='.urlencode($object->id); $head[$h][1] = $langs->trans("Notifications"); if ($nbNotif > 0) { $head[$h][1] .= ''.$nbNotif.''; @@ -332,7 +332,7 @@ function societe_prepare_head(Societe $object) if (!empty($object->note_public)) { $nbNote++; } - $head[$h][0] = DOL_URL_ROOT.'/societe/note.php?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/societe/note.php?id='.urlencode($object->id); $head[$h][1] = $langs->trans("Notes"); if ($nbNote > 0) { $head[$h][1] .= ''.$nbNote.''; @@ -380,7 +380,7 @@ function societe_prepare_head(Societe $object) } else { $sql = "SELECT COUNT(id) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm"; - $sql .= " WHERE fk_soc = ".$object->id; + $sql .= " WHERE fk_soc = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -806,7 +806,7 @@ function show_projects($conf, $langs, $db, $object, $backtopage = '', $nocreatel $sql .= ", cls.code as opp_status_code"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_lead_status as cls on p.fk_opp_status = cls.rowid"; - $sql .= " WHERE p.fk_soc = ".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('project').")"; $sql .= " ORDER BY p.dateo DESC"; @@ -1083,7 +1083,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '') $sql .= " t.civility as civility_id, t.address, t.zip, t.town"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople_extrafields as ef on (t.rowid = ef.fk_object)"; - $sql .= " WHERE t.fk_soc = ".$object->id; + $sql .= " WHERE t.fk_soc = ".((int) $object->id); if ($search_status != '' && $search_status != '-1') { $sql .= " AND t.statut = ".((int) $search_status); } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index ee353269e29..ddfad586e7c 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -5273,8 +5273,10 @@ function price($amount, $form = 0, $outlangs = '', $trunc = 1, $rounding = -1, $ * @param int $option Put 1 if you know that content is already universal format number (so no correction on decimal will be done) * Put 2 if you know that number is a user input (so we know we don't have to fix decimal separator). * @return string Amount with universal numeric format (Example: '99.99999'). - * If conversion fails, it return text unchanged if ($rounding = '' and $option = 1) or '0' if ($rounding is defined and $option = 1). - * If amount is null or '', it returns '' if $rounding = '' or '0' if $rounding is defined.. + * If conversion fails to return a numeric, it returns: + * text unchanged or partial if ($rounding = ''): price2num('W9ç', '', 0) => '9ç', price2num('W9ç', '', 1) => 'W9ç', price2num('W9ç', '', 2) => '9ç' + * '0' if ($rounding is defined): price2num('W9ç', 'MT', 0) => '9', price2num('W9ç', 'MT', 1) => '0', price2num('W9ç', 'MT', 2) => '9' + * If amount is null or '', it returns '' if $rounding = '' or '0' if $rounding is defined. * * @see price() Opposite function of price2num */ diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index d79f688391d..ae7acf44861 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -1790,8 +1790,8 @@ function dol_set_user_param($db, $conf, &$user, $tab) // We remove old parameters for all keys in $tab $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_param"; - $sql .= " WHERE fk_user = ".$user->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE fk_user = ".((int) $user->id); + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND param in ("; $i = 0; foreach ($tab as $key => $value) { @@ -1815,7 +1815,7 @@ function dol_set_user_param($db, $conf, &$user, $tab) // Set new parameters if ($value) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_param(fk_user,entity,param,value)"; - $sql .= " VALUES (".$user->id.",".$conf->entity.","; + $sql .= " VALUES (".((int) $user->id).",".$conf->entity.","; $sql .= " '".$db->escape($key)."','".$db->escape($value)."')"; dol_syslog("functions2.lib::dol_set_user_param", LOG_DEBUG); diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index 8f6a97894b9..1f797c67d1b 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -47,7 +47,7 @@ function facture_prepare_head($object) if (empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) { $nbContact = count($object->liste_contact(-1, 'internal')) + count($object->liste_contact(-1, 'external')); - $head[$h][0] = DOL_URL_ROOT.'/compta/facture/contact.php?facid='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/compta/facture/contact.php?facid='.urlencode($object->id); $head[$h][1] = $langs->trans('ContactsAddresses'); if ($nbContact > 0) { $head[$h][1] .= ''.$nbContact.''; @@ -60,7 +60,7 @@ function facture_prepare_head($object) $nbStandingOrders = 0; $sql = "SELECT COUNT(pfd.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; - $sql .= " WHERE pfd.fk_facture = ".$object->id; + $sql .= " WHERE pfd.fk_facture = ".((int) $object->id); $sql .= " AND pfd.ext_payment_id IS NULL"; $resql = $db->query($sql); if ($resql) { @@ -71,7 +71,7 @@ function facture_prepare_head($object) } else { dol_print_error($db); } - $head[$h][0] = DOL_URL_ROOT.'/compta/facture/prelevement.php?facid='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/compta/facture/prelevement.php?facid='.urlencode($object->id); $head[$h][1] = $langs->trans('StandingOrders'); if ($nbStandingOrders > 0) { $head[$h][1] .= ''.$nbStandingOrders.''; diff --git a/htdocs/core/lib/project.lib.php b/htdocs/core/lib/project.lib.php index ddf3aa64382..73fc5295a99 100644 --- a/htdocs/core/lib/project.lib.php +++ b/htdocs/core/lib/project.lib.php @@ -353,7 +353,7 @@ function task_prepare_head($object) //$sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t, ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."user as u"; //$sql .= " WHERE t.fk_user = u.rowid AND t.fk_task = pt.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t"; - $sql .= " WHERE t.fk_task =".$object->id; + $sql .= " WHERE t.fk_task = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -364,7 +364,7 @@ function task_prepare_head($object) dol_print_error($db); } - $head[$h][0] = DOL_URL_ROOT.'/projet/tasks/time.php?id='.$object->id.(GETPOST('withproject') ? '&withproject=1' : ''); + $head[$h][0] = DOL_URL_ROOT.'/projet/tasks/time.php?id='.urlencode($object->id).(GETPOST('withproject') ? '&withproject=1' : ''); $head[$h][1] = $langs->trans("TimeSpent"); if ($nbTimeSpent > 0) { $head[$h][1] .= '...'; @@ -386,7 +386,7 @@ function task_prepare_head($object) if (!empty($object->note_public)) { $nbNote++; } - $head[$h][0] = DOL_URL_ROOT.'/projet/tasks/note.php?id='.$object->id.(GETPOST('withproject') ? '&withproject=1' : ''); + $head[$h][0] = DOL_URL_ROOT.'/projet/tasks/note.php?id='.urlencode($object->id).(GETPOST('withproject') ? '&withproject=1' : ''); $head[$h][1] = $langs->trans('Notes'); if ($nbNote > 0) { $head[$h][1] .= ''.$nbNote.''; diff --git a/htdocs/core/modules/mailings/modules_mailings.php b/htdocs/core/modules/mailings/modules_mailings.php index 7c0aa2b19b5..de5feb233ad 100644 --- a/htdocs/core/modules/mailings/modules_mailings.php +++ b/htdocs/core/modules/mailings/modules_mailings.php @@ -208,7 +208,7 @@ class MailingTargets // This can't be abstract as it is used for some method //Update the status to show thirdparty mail that don't want to be contacted anymore' $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; $sql .= " SET statut=3"; - $sql .= " WHERE fk_mailing=".$mailing_id." AND email in (SELECT email FROM ".MAIN_DB_PREFIX."societe where fk_stcomm=-1)"; + $sql .= " WHERE fk_mailing = ".((int) $mailing_id)." AND email in (SELECT email FROM ".MAIN_DB_PREFIX."societe where fk_stcomm=-1)"; $sql .= " AND source_type='thirdparty'"; dol_syslog(__METHOD__.": mailing update status to display thirdparty mail that do not want to be contacted"); $result=$this->db->query($sql); @@ -216,7 +216,7 @@ class MailingTargets // This can't be abstract as it is used for some method //Update the status to show contact mail that don't want to be contacted anymore' $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; $sql .= " SET statut=3"; - $sql .= " WHERE fk_mailing=".$mailing_id." AND source_type='contact' AND (email in (SELECT sc.email FROM ".MAIN_DB_PREFIX."socpeople AS sc "; + $sql .= " WHERE fk_mailing = ".((int) $mailing_id)." AND source_type='contact' AND (email in (SELECT sc.email FROM ".MAIN_DB_PREFIX."socpeople AS sc "; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe s ON s.rowid=sc.fk_soc WHERE s.fk_stcomm=-1 OR no_email=1))"; dol_syslog(__METHOD__.": mailing update status to display contact mail that do not want to be contacted",LOG_DEBUG); $result=$this->db->query($sql); @@ -224,7 +224,7 @@ class MailingTargets // This can't be abstract as it is used for some method $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; $sql .= " SET statut=3"; - $sql .= " WHERE fk_mailing=".$mailing_id." AND email IN (SELECT mu.email FROM ".MAIN_DB_PREFIX."mailing_unsubscribe AS mu WHERE mu.entity IN ('".getEntity('mailing')."'))"; + $sql .= " WHERE fk_mailing =" .((int) $mailing_id)." AND email IN (SELECT mu.email FROM ".MAIN_DB_PREFIX."mailing_unsubscribe AS mu WHERE mu.entity IN ('".getEntity('mailing')."'))"; dol_syslog(__METHOD__.":mailing update status to display emails that do not want to be contacted anymore", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/modules/modReceiptPrinter.class.php b/htdocs/core/modules/modReceiptPrinter.class.php index ee87f4c57ba..1e26de93bcb 100644 --- a/htdocs/core/modules/modReceiptPrinter.class.php +++ b/htdocs/core/modules/modReceiptPrinter.class.php @@ -133,6 +133,7 @@ class modReceiptPrinter extends DolibarrModules public function init($options = '') { global $conf, $langs; + // Clean before activation $this->remove($options); @@ -140,8 +141,8 @@ class modReceiptPrinter extends DolibarrModules $sql = array( "CREATE TABLE IF NOT EXISTS ".MAIN_DB_PREFIX."printer_receipt (rowid integer AUTO_INCREMENT PRIMARY KEY, name varchar(128), fk_type integer, fk_profile integer, parameter varchar(128), entity integer) ENGINE=innodb;", "CREATE TABLE IF NOT EXISTS ".MAIN_DB_PREFIX."printer_receipt_template (rowid integer AUTO_INCREMENT PRIMARY KEY, name varchar(128), template text, entity integer) ENGINE=innodb;", - "DELETE FROM ".MAIN_DB_PREFIX."printer_receipt_template WHERE name = '".$langs->trans('Example')."';", - "INSERT INTO ".MAIN_DB_PREFIX."printer_receipt_template (name,template,entity) VALUES ('".$langs->trans('Example')."', '".$templateexample."', 1);", + "DELETE FROM ".MAIN_DB_PREFIX."printer_receipt_template WHERE name = '".$this->db->escape($langs->trans('Example'))."';", + "INSERT INTO ".MAIN_DB_PREFIX."printer_receipt_template (name,template,entity) VALUES ('".$this->db->escape($langs->trans('Example'))."', '".$this->db->escape($templateexample)."', 1);", ); return $this->_init($sql, $options); } diff --git a/htdocs/core/modules/stock/doc/pdf_standard.modules.php b/htdocs/core/modules/stock/doc/pdf_standard.modules.php index ebc109151d6..5374245cea4 100644 --- a/htdocs/core/modules/stock/doc/pdf_standard.modules.php +++ b/htdocs/core/modules/stock/doc/pdf_standard.modules.php @@ -337,8 +337,8 @@ class pdf_standard extends ModelePDFStock if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sql = "SELECT label"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$objp->rowid; - $sql .= " AND lang='".$this->db->escape($langs->getDefaultLang())."'"; + $sql .= " WHERE fk_product = ".((int) $objp->rowid); + $sql .= " AND lang = '".$this->db->escape($langs->getDefaultLang())."'"; $sql .= " LIMIT 1"; $result = $this->db->query($sql); diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index 181b3fc0ca3..6bb4c99b86d 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -555,7 +555,7 @@ class Don extends CommonObject // Delete donation if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."don_extrafields"; - $sql .= " WHERE fk_object=".$this->id; + $sql .= " WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index a60f3c88c6a..42d290aa02f 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -2805,7 +2805,7 @@ class ExpeditionLigne extends CommonObjectLine // delete batch expedition line if ($conf->productbatch->enabled) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet_batch"; - $sql .= " WHERE fk_expeditiondet = ".$this->id; + $sql .= " WHERE fk_expeditiondet = ".((int) $this->id); if (!$this->db->query($sql)) { $this->errors[] = $this->db->lasterror()." - sql=$sql"; @@ -2951,7 +2951,7 @@ class ExpeditionLigne extends CommonObjectLine if (!$error && !empty($expedition_batch_id)) { // delete lot expedition line $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet_batch"; - $sql .= " WHERE fk_expeditiondet = ".$this->id; + $sql .= " WHERE fk_expeditiondet = ".((int) $this->id); $sql .= " AND rowid = ".((int) $expedition_batch_id); if (!$this->db->query($sql)) { diff --git a/htdocs/fourn/card.php b/htdocs/fourn/card.php index 866fd31318e..f37e96ba602 100644 --- a/htdocs/fourn/card.php +++ b/htdocs/fourn/card.php @@ -589,7 +589,7 @@ if ($object->id > 0) { $sql = "SELECT p.rowid, p.ref, p.date_valid as dc, p.fk_statut, p.total_ht, p.total_tva, p.total_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p "; - $sql .= " WHERE p.fk_soc =".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " ORDER BY p.date_valid DESC"; $sql .= $db->plimit($MAXLIST); @@ -681,7 +681,7 @@ if ($object->id > 0) { // TODO move to DAO class $sql = "SELECT count(p.rowid) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as p"; - $sql .= " WHERE p.fk_soc =".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('commande_fournisseur').")"; $resql = $db->query($sql); if ($resql) { @@ -691,7 +691,7 @@ if ($object->id > 0) { $sql = "SELECT p.rowid,p.ref, p.date_commande as dc, p.fk_statut, p.total_ht, p.total_tva, p.total_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as p"; - $sql .= " WHERE p.fk_soc =".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('commande_fournisseur').")"; $sql .= " ORDER BY p.date_commande DESC"; $sql .= $db->plimit($MAXLIST); diff --git a/htdocs/fourn/class/fournisseur.class.php b/htdocs/fourn/class/fournisseur.class.php index 121e699757c..805ed7c1ba6 100644 --- a/htdocs/fourn/class/fournisseur.class.php +++ b/htdocs/fourn/class/fournisseur.class.php @@ -59,7 +59,7 @@ class Fournisseur extends Societe { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as cf"; - $sql .= " WHERE cf.fk_soc = ".$this->id; + $sql .= " WHERE cf.fk_soc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 3d71fd46b11..d248ed44321 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -473,7 +473,7 @@ class CommandeFournisseur extends CommonOrder if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".((int) $this->socid); } - $sql .= " WHERE l.fk_commande = ".$this->id; + $sql .= " WHERE l.fk_commande = ".((int) $this->id); if ($only_product) { $sql .= ' AND p.fk_product_type = 0'; } @@ -627,7 +627,7 @@ class CommandeFournisseur extends CommonOrder if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'fournisseur/commande/".$this->db->escape($this->newref)."'"; - $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'fournisseur/commande/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'fournisseur/commande/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { $error++; $this->error = $this->db->lasterror(); @@ -2236,7 +2236,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."product as p,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as cfd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."entrepot as e ON cfd.fk_entrepot = e.rowid"; - $sql .= " WHERE cfd.fk_commande = ".$this->id; + $sql .= " WHERE cfd.fk_commande = ".((int) $this->id); $sql .= " AND cfd.fk_product = p.rowid"; if ($status >= 0) { $sql .= " AND cfd.status = ".((int) $status); diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index f7c7ee26e1c..e8ec417edd7 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -2946,7 +2946,7 @@ class FactureFournisseur extends CommonInvoice { $isUsed = false; - $sql = "SELECT fk_invoice_supplier FROM ".MAIN_DB_PREFIX."societe_remise_except WHERE fk_invoice_supplier_source=".$this->id; + $sql = "SELECT fk_invoice_supplier FROM ".MAIN_DB_PREFIX."societe_remise_except WHERE fk_invoice_supplier_source = ".((int) $this->id); $resql = $this->db->query($sql); if (!empty($resql)) { $obj = $this->db->fetch_object($resql); @@ -3701,12 +3701,12 @@ class SupplierInvoiceLine extends CommonObjectLine // Mise a jour ligne en base $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det SET"; - $sql .= " total_ht='".price2num($this->total_ht)."'"; - $sql .= ", tva='".price2num($this->total_tva)."'"; - $sql .= ", total_localtax1='".price2num($this->total_localtax1)."'"; - $sql .= ", total_localtax2='".price2num($this->total_localtax2)."'"; - $sql .= ", total_ttc='".price2num($this->total_ttc)."'"; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " total_ht = ".price2num($this->total_ht); + $sql .= ", tva= ".price2num($this->total_tva); + $sql .= ", total_localtax1 = ".price2num($this->total_localtax1); + $sql .= ", total_localtax2 = ".price2num($this->total_localtax2); + $sql .= ", total_ttc = ".price2num($this->total_ttc); + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog("FactureFournisseurLigne.class.php::update_total", LOG_DEBUG); diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php index 3eaed8d27b8..b08d9237c63 100644 --- a/htdocs/fourn/class/fournisseur.product.class.php +++ b/htdocs/fourn/class/fournisseur.product.class.php @@ -164,7 +164,7 @@ class ProductFournisseur extends Product $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".((int) $id_fourn); + $sql .= " WHERE fk_product = ".((int) $this->id)." AND fk_soc = ".((int) $id_fourn); dol_syslog(get_class($this)."::remove_fournisseur", LOG_DEBUG); $resql2 = $this->db->query($sql); @@ -438,7 +438,7 @@ class ProductFournisseur extends Product // Delete price for this quantity $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".((float) $qty)." AND entity = ".$conf->entity; + $sql .= " WHERE fk_soc = ".((int) $fourn->id)." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".((float) $qty)." AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if ($resql) { // Add price for this quantity to supplier @@ -459,7 +459,7 @@ class ProductFournisseur extends Product $sql .= " ".((int) $fourn->id).","; $sql .= " '".$this->db->escape($ref_fourn)."',"; $sql .= " '".$this->db->escape($desc_fourn)."',"; - $sql .= " ".$user->id.","; + $sql .= " ".((int) $user->id).","; $sql .= " ".price2num($buyprice).","; $sql .= " ".((float) $qty).","; $sql .= " ".((float) $remise_percent).","; diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php index 09588389cb1..ead05251920 100644 --- a/htdocs/fourn/commande/dispatch.php +++ b/htdocs/fourn/commande/dispatch.php @@ -341,11 +341,11 @@ if ($action == 'dispatch' && $user->rights->fournisseur->commande->receptionner) if (GETPOSTISSET($saveprice)) { // TODO Use class $sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " SET unitprice='".GETPOST($pu)."'"; - $sql .= ", price=".GETPOST($pu)."*quantity"; - $sql .= ", remise_percent='".(!empty($dto) ? $dto : 0)."'"; - $sql .= " WHERE fk_soc=".$object->socid; - $sql .= " AND fk_product=".GETPOST($prod, 'int'); + $sql .= " SET unitprice = ".price2num(GETPOST($pu), 'MU', 2); + $sql .= ", price = ".price2num(GETPOST($pu), 'MU', 2)." * quantity"; + $sql .= ", remise_percent = ".price2num((empty($dto) ? 0 : $dto), 3, 2)."'"; + $sql .= " WHERE fk_soc = ".((int) $object->socid); + $sql .= " AND fk_product=".((int) GETPOST($prod, 'int')); $resql = $db->query($sql); } @@ -653,7 +653,7 @@ if ($id > 0 || !empty($ref)) { $sql = "SELECT l.rowid, cfd.fk_product, sum(cfd.qty) as qty"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as cfd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseurdet as l on l.rowid = cfd.fk_commandefourndet"; - $sql .= " WHERE cfd.fk_commande = ".$object->id; + $sql .= " WHERE cfd.fk_commande = ".((int) $object->id); $sql .= " GROUP BY l.rowid, cfd.fk_product"; $resql = $db->query($sql); @@ -689,7 +689,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON l.fk_product=p.rowid"; - $sql .= " WHERE l.fk_commande = ".$object->id; + $sql .= " WHERE l.fk_commande = ".((int) $object->id); if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) { $sql .= " AND l.product_type = 0"; } @@ -1113,7 +1113,7 @@ if ($id > 0 || !empty($ref)) { if ($conf->reception->enabled) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."reception as r ON cfd.fk_reception = r.rowid"; } - $sql .= " WHERE cfd.fk_commande = ".$object->id; + $sql .= " WHERE cfd.fk_commande = ".((int) $object->id); $sql .= " AND cfd.fk_product = p.rowid"; $sql .= " ORDER BY cfd.rowid ASC"; diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index ae0d306b2cd..2f3fb2b0078 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -595,7 +595,7 @@ if (empty($reshook)) { $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_invoice_supplier_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_invoice_supplier = ".$object->id; + $sql .= " WHERE fk_invoice_supplier = ".((int) $object->id); $resql = $db->query($sql); if (!empty($resql)) { while ($obj = $db->fetch_object($resql)) { @@ -3132,11 +3132,10 @@ if ($action == 'create') { $creditnoteamount = 0; $depositamount = 0; - $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_invoice_supplier_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_invoice_supplier = ".$object->id; + $sql .= " WHERE fk_invoice_supplier = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 0d34a3790df..8f2aaadb8ea 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -344,7 +344,7 @@ if (empty($reshook)) { $rsql .= " , u.rowid as user_id, u.lastname, u.firstname, u.login"; $rsql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; $rsql .= " , ".MAIN_DB_PREFIX."user as u"; - $rsql .= " WHERE fk_facture_fourn = ".$objecttmp->id; + $rsql .= " WHERE fk_facture_fourn = ".((int) $objecttmp->id); $rsql .= " AND pfd.fk_user_demande = u.rowid"; $rsql .= " AND pfd.traite = 0"; $rsql .= " ORDER BY pfd.date_demande DESC"; diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 41af59a751b..ec7b4c463b6 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -719,7 +719,7 @@ class Holiday extends CommonObject $error++; } $sql .= " ref = '".$this->db->escape($num)."'"; - $sql .= " WHERE rowid= ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -828,7 +828,7 @@ class Holiday extends CommonObject } else { $sql .= " detail_refuse = NULL"; } - $sql .= " WHERE rowid= ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -937,7 +937,7 @@ class Holiday extends CommonObject $sql .= " detail_refuse = NULL"; } - $sql .= " WHERE rowid= ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 5cfe9f66846..037c7ee4b82 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -929,7 +929,7 @@ if ($ok && GETPOST('clean_product_stock_batch', 'alpha')) { // TODO If it fails, we must make update //$sql2 ="UPDATE ".MAIN_DB_PREFIX."product_batch"; //$sql2.=" SET ".$obj->psrowid.", '000000', ".($obj->reel - $obj->reelbatch).")"; - //$sql2.=" WHERE fk_product_stock = ".$obj->psrowid" + //$sql2.=" WHERE fk_product_stock = ".((int) $obj->psrowid) } } } diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index de34a38e82c..974dd4c8324 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -2097,7 +2097,7 @@ function migrate_commande_livraison($db, $langs, $conf) $sqlu = "UPDATE ".MAIN_DB_PREFIX."livraison SET"; $sqlu .= " ref_client='".$db->escape($obj->ref_client)."'"; $sqlu .= ", date_livraison='".$db->idate($delivery_date)."'"; - $sqlu .= " WHERE rowid = ".$obj->rowid; + $sqlu .= " WHERE rowid = ".((int) $obj->rowid); $resql3 = $db->query($sqlu); if (!$resql3) { $error++; @@ -2170,11 +2170,11 @@ function migrate_detail_livraison($db, $langs, $conf) $obj = $db->fetch_object($resql); $sql = "UPDATE ".MAIN_DB_PREFIX."livraisondet SET"; - $sql .= " fk_product=".$obj->fk_product; - $sql .= ",description='".$db->escape($obj->description)."'"; - $sql .= ",subprice='".$db->escape($obj->subprice)."'"; - $sql .= ",total_ht='".$db->escape($obj->total_ht)."'"; - $sql .= " WHERE fk_commande_ligne = ".$obj->rowid; + $sql .= " fk_product = ".((int) $obj->fk_product); + $sql .= ",description = '".$db->escape($obj->description)."'"; + $sql .= ",subprice = ".price2num($obj->subprice); + $sql .= ",total_ht = ".price2num($obj->total_ht); + $sql .= " WHERE fk_commande_ligne = ".((int) $obj->rowid); $resql2 = $db->query($sql); if ($resql2) { @@ -2188,8 +2188,8 @@ function migrate_detail_livraison($db, $langs, $conf) $total_ht = $obju->total_ht + $obj->total_ht; $sqlu = "UPDATE ".MAIN_DB_PREFIX."livraison SET"; - $sqlu .= " total_ht='".$db->escape($total_ht)."'"; - $sqlu .= " WHERE rowid=".$obj->fk_livraison; + $sqlu .= " total_ht = ".price2num($total_ht, 'MT'); + $sqlu .= " WHERE rowid = ".((int) $obj->fk_livraison); $resql4 = $db->query($sqlu); if (!$resql4) { $error++; @@ -2266,8 +2266,8 @@ function migrate_stocks($db, $langs, $conf) $obj = $db->fetch_object($resql); $sql = "UPDATE ".MAIN_DB_PREFIX."product SET"; - $sql .= " stock = '".$db->escape($obj->total)."'"; - $sql .= " WHERE rowid=".$obj->fk_product; + $sql .= " stock = ".price2num($obj->total, 'MS'); + $sql .= " WHERE rowid = ".((int) $obj->fk_product); $resql2 = $db->query($sql); if ($resql2) { @@ -2330,7 +2330,7 @@ function migrate_menus($db, $langs, $conf) $sql = "UPDATE ".MAIN_DB_PREFIX."menu SET"; $sql .= " enabled = '".$db->escape($obj->action)."'"; - $sql .= " WHERE rowid=".$obj->rowid; + $sql .= " WHERE rowid = ".((int) $obj->rowid); $sql .= " AND enabled = '1'"; $resql2 = $db->query($sql); @@ -2400,7 +2400,7 @@ function migrate_commande_deliveryaddress($db, $langs, $conf) $sql = "UPDATE ".MAIN_DB_PREFIX."expedition SET"; $sql .= " fk_adresse_livraison = '".$db->escape($obj->fk_adresse_livraison)."'"; - $sql .= " WHERE rowid=".$obj->fk_expedition; + $sql .= " WHERE rowid = ".((int) $obj->fk_expedition); $resql2 = $db->query($sql); if (!$resql2) { @@ -3049,7 +3049,7 @@ function migrate_shipping_delivery($db, $langs, $conf) $result = $db->query($sqlInsert); if ($result) { $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."livraison SET fk_expedition = NULL"; - $sqlUpdate .= " WHERE rowid = ".$obj->rowid; + $sqlUpdate .= " WHERE rowid = ".((int) $obj->rowid); $result = $db->query($sqlUpdate); if (!$result) { @@ -3137,7 +3137,7 @@ function migrate_shipping_delivery2($db, $langs, $conf) $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."livraison SET"; $sqlUpdate .= " ref_customer = '".$db->escape($obj->ref_customer)."',"; $sqlUpdate .= " date_delivery = ".($obj->date_delivery ? "'".$db->escape($obj->date_delivery)."'" : 'null'); - $sqlUpdate .= " WHERE rowid = ".$obj->delivery_id; + $sqlUpdate .= " WHERE rowid = ".((int) $obj->delivery_id); $result = $db->query($sqlUpdate); if (!$result) { @@ -3629,7 +3629,7 @@ function migrate_reset_blocked_log($db, $langs, $conf) print 'Process entity '.$obj->entity; - $sqlSearch = "SELECT count(rowid) as nb FROM ".MAIN_DB_PREFIX."blockedlog WHERE action = 'MODULE_SET' and entity = ".$obj->entity; + $sqlSearch = "SELECT count(rowid) as nb FROM ".MAIN_DB_PREFIX."blockedlog WHERE action = 'MODULE_SET' and entity = ".((int) $obj->entity); $resqlSearch = $db->query($sqlSearch); if ($resqlSearch) { $objSearch = $db->fetch_object($resqlSearch); @@ -3638,7 +3638,7 @@ function migrate_reset_blocked_log($db, $langs, $conf) print ' - Record for entity must be reset...'; $sqlUpdate = "DELETE FROM ".MAIN_DB_PREFIX."blockedlog"; - $sqlUpdate .= " WHERE entity = ".$obj->entity; + $sqlUpdate .= " WHERE entity = ".((int) $obj->entity); $resqlUpdate = $db->query($sqlUpdate); if (!$resqlUpdate) { $error++; @@ -3725,7 +3725,7 @@ function migrate_remise_entity($db, $langs, $conf) $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."societe_remise SET"; $sqlUpdate .= " entity = ".$obj->entity; - $sqlUpdate .= " WHERE rowid = ".$obj->rowid; + $sqlUpdate .= " WHERE rowid = ".((int) $obj->rowid); $result = $db->query($sqlUpdate); if (!$result) { @@ -3810,8 +3810,8 @@ function migrate_remise_except_entity($db, $langs, $conf) $obj2 = $db->fetch_object($resql2); $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."societe_remise_except SET"; - $sqlUpdate .= " entity = ".$obj2->entity; - $sqlUpdate .= " WHERE rowid = ".$obj->rowid; + $sqlUpdate .= " entity = ".((int) $obj2->entity); + $sqlUpdate .= " WHERE rowid = ".((int) $obj->rowid); $result = $db->query($sqlUpdate); if (!$result) { @@ -3880,8 +3880,8 @@ function migrate_user_rights_entity($db, $langs, $conf) $obj = $db->fetch_object($resql); $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."user_rights SET"; - $sqlUpdate .= " entity = ".$obj->entity; - $sqlUpdate .= " WHERE fk_user = ".$obj->rowid; + $sqlUpdate .= " entity = ".((int) $obj->entity); + $sqlUpdate .= " WHERE fk_user = ".((int) $obj->rowid); $result = $db->query($sqlUpdate); if (!$result) { @@ -3945,8 +3945,8 @@ function migrate_usergroup_rights_entity($db, $langs, $conf) $obj = $db->fetch_object($resql); $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."usergroup_rights SET"; - $sqlUpdate .= " entity = ".$obj->entity; - $sqlUpdate .= " WHERE fk_usergroup = ".$obj->rowid; + $sqlUpdate .= " entity = ".((int) $obj->entity); + $sqlUpdate .= " WHERE fk_usergroup = ".((int) $obj->rowid); $result = $db->query($sqlUpdate); if (!$result) { diff --git a/htdocs/loan/class/loanschedule.class.php b/htdocs/loan/class/loanschedule.class.php index 126002eb47a..9beff9dd22e 100644 --- a/htdocs/loan/class/loanschedule.class.php +++ b/htdocs/loan/class/loanschedule.class.php @@ -498,7 +498,7 @@ class LoanSchedule extends CommonObject $toinsert = array(); $sql = "SELECT l.rowid"; - $sql .= " FROM ".MAIN_DB_PREFIX."loan as l "; + $sql .= " FROM ".MAIN_DB_PREFIX."loan as l"; $sql .= " WHERE l.paid = 0"; $resql = $this->db->query($sql); @@ -511,7 +511,8 @@ class LoanSchedule extends CommonObject $this->db->begin(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."payment_loan "; $sql .= "(fk_loan,datec,tms,datep,amount_capital,amount_insurance,amount_interest,fk_typepayment,num_payment,note_private,note_public,fk_bank,fk_user_creat,fk_user_modif) "; - $sql .= "SELECT fk_loan,datec,tms,datep,amount_capital,amount_insurance,amount_interest,fk_typepayment,num_payment,note_private,note_public,fk_bank,fk_user_creat,fk_user_modif FROM ".MAIN_DB_PREFIX."loan_schedule WHERE rowid =".$echid; + $sql .= "SELECT fk_loan,datec,tms,datep,amount_capital,amount_insurance,amount_interest,fk_typepayment,num_payment,note_private,note_public,fk_bank,fk_user_creat,fk_user_modif"; + $sql .= " FROM ".MAIN_DB_PREFIX."loan_schedule WHERE rowid =".((int) $echid); $res = $this->db->query($sql); if ($res) { $this->db->commit(); diff --git a/htdocs/mailmanspip/class/mailmanspip.class.php b/htdocs/mailmanspip/class/mailmanspip.class.php index d08f6f65094..c5ce2292f6a 100644 --- a/htdocs/mailmanspip/class/mailmanspip.class.php +++ b/htdocs/mailmanspip/class/mailmanspip.class.php @@ -232,7 +232,7 @@ class MailmanSpip $mydb = $this->connectSpip(); if ($mydb) { - $query = "DELETE FROM spip_auteurs WHERE login='".$object->login."'"; + $query = "DELETE FROM spip_auteurs WHERE login = '".$mydb->escape($object->login)."'"; $result = $mydb->query($query); @@ -271,7 +271,7 @@ class MailmanSpip $mydb = $this->connectSpip(); if ($mydb) { - $query = "SELECT login FROM spip_auteurs WHERE login='".$object->login."'"; + $query = "SELECT login FROM spip_auteurs WHERE login = '".$mydb->escape($object->login)."'"; $result = $mydb->query($query); diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index b00aa6e8b91..a0bc74bc4ad 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -546,7 +546,7 @@ class Mo extends CommonObject $result = 0; $sql = 'SELECT COUNT(rowid) as nb FROM '.MAIN_DB_PREFIX.'stock_mouvement as sm'; - $sql .= " WHERE sm.origintype = 'mo' and sm.fk_origin = ".$this->id; + $sql .= " WHERE sm.origintype = 'mo' and sm.fk_origin = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index fc8f5cc4720..ae2aca9fbc9 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1446,8 +1446,8 @@ class Product extends CommonObject if ($key == $current_lang) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$this->id; - $sql .= " AND lang='".$this->db->escape($key)."'"; + $sql .= " WHERE fk_product = ".((int) $this->id); + $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); @@ -1459,7 +1459,7 @@ class Product extends CommonObject if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) { $sql2 .= ", note='".$this->db->escape($this->other)."'"; } - $sql2 .= " WHERE fk_product=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " WHERE fk_product = ".((int) $this->id)." AND lang = '".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."product_lang (fk_product, lang, label, description"; if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) { @@ -1486,20 +1486,20 @@ class Product extends CommonObject $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$this->id; - $sql .= " AND lang='".$this->db->escape($key)."'"; + $sql .= " WHERE fk_product = ".((int) $this->id); + $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); if ($this->db->num_rows($result)) { // if there is already a description line for this language $sql2 = "UPDATE ".MAIN_DB_PREFIX."product_lang"; $sql2 .= " SET "; - $sql2 .= " label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; - $sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; + $sql2 .= " label = '".$this->db->escape($this->multilangs["$key"]["label"])."',"; + $sql2 .= " description = '".$this->db->escape($this->multilangs["$key"]["description"])."'"; if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) { - $sql2 .= ", note='".$this->db->escape($this->multilangs["$key"]["other"])."'"; + $sql2 .= ", note = '".$this->db->escape($this->multilangs["$key"]["other"])."'"; } - $sql2 .= " WHERE fk_product=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " WHERE fk_product = ".((int) $this->id)." AND lang = '".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."product_lang (fk_product, lang, label, description"; if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) { @@ -1548,7 +1548,7 @@ class Product extends CommonObject public function delMultiLangs($langtodelete, $user) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$this->id." AND lang='".$this->db->escape($langtodelete)."'"; + $sql .= " WHERE fk_product = ".((int) $this->id)." AND lang = '".$this->db->escape($langtodelete)."'"; dol_syslog(get_class($this).'::delMultiLangs', LOG_DEBUG); $result = $this->db->query($sql); @@ -1645,7 +1645,7 @@ class Product extends CommonObject $sql = "SELECT lang, label, description, note as other"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$this->id; + $sql .= " WHERE fk_product = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -1750,7 +1750,7 @@ class Product extends CommonObject { // phpcs:enable $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price=".((int) $rowid); + $sql .= " WHERE fk_product_price = ".((int) $rowid); $resql = $this->db->query($sql); $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price"; @@ -2265,7 +2265,7 @@ class Product extends CommonObject $separatedStock = false; // Set to true will count stock from subtable llx_product_stock. It is slower than using denormalized field 'stock', but it is required when using multientity and shared warehouses. if (!empty($conf->global->MULTICOMPANY_PRODUCT_SHARING_ENABLED)) { if (!empty($conf->global->MULTICOMPANY_PMP_PER_ENTITY_ENABLED)) { - $checkPMPPerEntity = $this->db->query("SELECT pmp FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = ".((int) $id)." AND entity = ".(int) $conf->entity); + $checkPMPPerEntity = $this->db->query("SELECT pmp FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = ".((int) $id)." AND entity = ".(int) $conf->entity); if ($this->db->num_rows($checkPMPPerEntity)>0) { $separatedEntityPMP = true; } @@ -2470,7 +2470,7 @@ class Product extends CommonObject { $sql = "SELECT rowid, price, unitprice, quantity, remise_percent, remise, price_base_type"; $sql.= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql.= " WHERE fk_product_price = ".$this->prices_by_qty_id[$i]; + $sql.= " WHERE fk_product_price = ".((int) $this->prices_by_qty_id[$i]); $sql.= " ORDER BY quantity ASC"; $resultat=array(); $resql = $this->db->query($sql); @@ -2578,7 +2578,7 @@ class Product extends CommonObject if ($this->prices_by_qty[$i] == 1) { $sql = "SELECT rowid, price, unitprice, quantity, remise_percent, remise, price_base_type"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price = ".$this->prices_by_qty_id[$i]; + $sql .= " WHERE fk_product_price = ".((int) $this->prices_by_qty_id[$i]); $sql .= " ORDER BY quantity ASC"; $resultat = array(); $resql = $this->db->query($sql); @@ -4062,9 +4062,9 @@ class Product extends CommonObject } $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_association SET '; - $sql .= 'qty='.$qty; - $sql .= ',incdec='.$incdec; - $sql .= ' WHERE fk_product_pere='.$id_pere.' AND fk_product_fils='.$id_fils; + $sql .= 'qty = '.price2num($qty, 'MS'); + $sql .= ',incdec = '.price2num($incdec, 'MS'); + $sql .= ' WHERE fk_product_pere = '.((int) $id_pere).' AND fk_product_fils = '.((int) $id_fils); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -4569,7 +4569,7 @@ class Product extends CommonObject public function hasVariants() { $nb = 0; - $sql = "SELECT count(rowid) as nb FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE fk_product_parent = ".$this->id; + $sql = "SELECT count(rowid) as nb FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE fk_product_parent = ".((int) $this->id); $sql .= " AND entity IN (".getEntity('product').")"; $resql = $this->db->query($sql); @@ -4593,7 +4593,7 @@ class Product extends CommonObject { global $conf; if (!empty($conf->variants->enabled)) { - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE fk_product_child = ".$this->id." AND entity IN (".getEntity('product').")"; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE fk_product_child = ".((int) $this->id)." AND entity IN (".getEntity('product').")"; $query = $this->db->query($sql); diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 0683732d6cb..07590099571 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -721,7 +721,7 @@ class Productcustomerprice extends CommonObject $sql .= " t.import_key"; $sql .= " FROM ".MAIN_DB_PREFIX."product_customer_price as t"; - $sql .= " WHERE t.rowid = ".$this->id; + $sql .= " WHERE t.rowid = ".((int) $this->id); $this->db->begin(); dol_syslog(get_class($this)."::update", LOG_DEBUG); diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index 67c24ac37c8..99b7e7e188b 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -445,7 +445,7 @@ class Propalmergepdfproduct extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product"; - $sql .= " WHERE fk_product=".$this->fk_product." AND file_name='".$this->db->escape($this->file_name)."'"; + $sql .= " WHERE fk_product = ".((int) $this->fk_product)." AND file_name = '".$this->db->escape($this->file_name)."'"; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 97f29de72f6..9451fec435e 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -272,7 +272,7 @@ if (empty($reshook)) { $extralabels = $extrafields->fetch_name_optionals_label("product_fournisseur_price"); $extrafield_values = $extrafields->getOptionalsFromPost("product_fournisseur_price"); if (!empty($extrafield_values)) { - $resql = $db->query("SELECT fk_object FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields WHERE fk_object = ".$object->product_fourn_price_id); + $resql = $db->query("SELECT fk_object FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields WHERE fk_object = ".((int) $object->product_fourn_price_id)); // Insert a new extrafields row, if none exists if ($db->num_rows($resql) != 1) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields (fk_object, "; diff --git a/htdocs/product/list.php b/htdocs/product/list.php index a975dc2c21b..ff21caf96f9 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -1253,8 +1253,8 @@ if ($resql) { if (!empty($conf->global->MAIN_MULTILANGS)) { // If multilang is enabled $sql = "SELECT label"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$obj->rowid; - $sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'"; + $sql .= " WHERE fk_product = ".((int) $obj->rowid); + $sql .= " AND lang = '".$db->escape($langs->getDefaultLang())."'"; $sql .= " LIMIT 1"; $result = $db->query($sql); diff --git a/htdocs/product/reassortlot.php b/htdocs/product/reassortlot.php index 65e69b91384..2380b4103a2 100644 --- a/htdocs/product/reassortlot.php +++ b/htdocs/product/reassortlot.php @@ -393,8 +393,8 @@ if ($resql) { if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sql = "SELECT label"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$objp->rowid; - $sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'"; + $sql .= " WHERE fk_product = ".((int) $objp->rowid); + $sql .= " AND lang = '".$db->escape($langs->getDefaultLang())."'"; $sql .= " LIMIT 1"; $result = $db->query($sql); @@ -406,7 +406,6 @@ if ($resql) { } } - $product_static->ref = $objp->ref; $product_static->id = $objp->rowid; $product_static->label = $objp->label; diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php index 6760da10cb0..7defecb7c62 100644 --- a/htdocs/product/stock/card.php +++ b/htdocs/product/stock/card.php @@ -662,8 +662,8 @@ if ($action == 'create') { if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sql = "SELECT label"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$objp->rowid; - $sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'"; + $sql .= " WHERE fk_product = ".((int) $objp->rowid); + $sql .= " AND lang = '".$db->escape($langs->getDefaultLang())."'"; $sql .= " LIMIT 1"; $result = $db->query($sql); diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 55ee6abf8fa..04dcddb8fab 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -366,7 +366,7 @@ class Entrepot extends CommonObject foreach ($elements as $table) { if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE fk_entrepot = ".$this->id; + $sql .= " WHERE fk_entrepot = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -585,7 +585,7 @@ class Entrepot extends CommonObject $sql = "SELECT count(distinct p.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."product_stock as ps"; $sql .= ", ".MAIN_DB_PREFIX."product as p"; - $sql .= " WHERE ps.fk_entrepot = ".$this->id; + $sql .= " WHERE ps.fk_entrepot = ".((int) $this->id); $sql .= " AND ps.fk_product = p.rowid"; //print $sql; @@ -630,7 +630,7 @@ class Entrepot extends CommonObject if ($separatedPMP) { $sql .= ", ".MAIN_DB_PREFIX."product_perentity as pa"; } - $sql .= " WHERE ps.fk_entrepot = ".$this->id; + $sql .= " WHERE ps.fk_entrepot = ".((int) $this->id); if ($separatedPMP) { $sql .= " AND pa.fk_product = p.rowid AND pa.entity = ". (int) $conf->entity; } diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 16501940949..02939ead090 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -867,7 +867,7 @@ class Project extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."projet_extrafields"; - $sql .= " WHERE fk_object=".$this->id; + $sql .= " WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -944,7 +944,7 @@ class Project extends CommonObject } if ($type == 'agenda') { - $sql = "SELECT COUNT(id) as nb FROM ".MAIN_DB_PREFIX."actioncomm WHERE fk_project = ".$this->id." AND entity IN (".getEntity('agenda').")"; + $sql = "SELECT COUNT(id) as nb FROM ".MAIN_DB_PREFIX."actioncomm WHERE fk_project = ".((int) $this->id)." AND entity IN (".getEntity('agenda').")"; } elseif ($type == 'expensereport') { $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".((int) $this->id); } elseif ($type == 'project_task') { diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 70a38a6818b..53973f7672e 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -519,7 +519,7 @@ class Task extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."projet_task_time"; - $sql .= " WHERE fk_task=".$this->id; + $sql .= " WHERE fk_task = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -529,7 +529,7 @@ class Task extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."projet_task_extrafields"; - $sql .= " WHERE fk_object=".$this->id; + $sql .= " WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -603,7 +603,7 @@ class Task extends CommonObject $sql = "SELECT COUNT(*) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task"; - $sql .= " WHERE fk_task_parent=".$this->id; + $sql .= " WHERE fk_task_parent = ".((int) $this->id); dol_syslog(get_class($this)."::hasChildren", LOG_DEBUG); $resql = $this->db->query($sql); @@ -636,7 +636,7 @@ class Task extends CommonObject $sql = "SELECT COUNT(*) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time"; - $sql .= " WHERE fk_task=".$this->id; + $sql .= " WHERE fk_task = ".((int) $this->id); dol_syslog(get_class($this)."::hasTimeSpent", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1639,7 +1639,7 @@ class Task extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."projet_task_time"; - $sql .= " WHERE rowid = ".$this->timespent_id; + $sql .= " WHERE rowid = ".((int) $this->timespent_id); dol_syslog(get_class($this)."::delTimeSpent", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index 91f68951842..b7f16a9ff9d 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -360,7 +360,7 @@ class Dolresource extends CommonObject $sql .= " t.fk_user_create,"; $sql .= " t.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as t"; - $sql .= " WHERE t.rowid = ".$this->db->escape($id); + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index ab1e06f3b34..17274813ef5 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -286,7 +286,7 @@ class Salary extends CommonObject /*if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."salary_extrafields"; - $sql .= " WHERE fk_object=".$this->id; + $sql .= " WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index f4e871fce83..24e8c40165b 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -292,7 +292,7 @@ class CompanyBankAccount extends Account if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_rib"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if (!$this->db->query($sql)) { $error++; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 0dd3e31da01..555fa3b05e1 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -917,7 +917,7 @@ class Societe extends CommonObject // update accountancy for this entity if (!$error && !empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED)) { - $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "societe_perentity WHERE fk_soc = " . $this->id . " AND entity = " . $conf->entity); + $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "societe_perentity WHERE fk_soc = " . ((int) $this->id) . " AND entity = " . ((int) $conf->entity)); $sql = "INSERT INTO " . MAIN_DB_PREFIX . "societe_perentity ("; $sql .= " fk_soc"; @@ -1535,7 +1535,7 @@ class Societe extends CommonObject // update accountancy for this entity if (!$error && !empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED)) { - $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "societe_perentity WHERE fk_soc = " . $this->id . " AND entity = " . $conf->entity); + $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "societe_perentity WHERE fk_soc = " . ((int) $this->id) . " AND entity = " . ((int) $conf->entity)); $sql = "INSERT INTO " . MAIN_DB_PREFIX . "societe_perentity ("; $sql .= " fk_soc"; @@ -2401,7 +2401,7 @@ class Societe extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux"; - $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid); + $sql .= " WHERE fk_soc = ".((int) $this->id)." AND fk_user = ".((int) $commid); $resql = $this->db->query($sql); if (!$resql) { @@ -2413,7 +2413,7 @@ class Societe extends CommonObject if (!$error) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_commerciaux"; $sql .= " (fk_soc, fk_user)"; - $sql .= " VALUES (".$this->id.", ".$commid.")"; + $sql .= " VALUES (".((int) $this->id).", ".((int) $commid).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -2423,7 +2423,7 @@ class Societe extends CommonObject } if (!$error) { - $this->context = array('commercial_modified'=>$commid); + $this->context = array('commercial_modified' => $commid); $result = $this->call_trigger('COMPANY_LINK_SALE_REPRESENTATIVE', $user); if ($result < 0) { @@ -2464,7 +2464,7 @@ class Societe extends CommonObject if ($this->id > 0 && $commid > 0) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux "; - $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid); + $sql .= " WHERE fk_soc = ".((int) $this->id)." AND fk_user = ".((int) $commid); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::del_commercial Erreur"); @@ -2837,7 +2837,7 @@ class Societe extends CommonObject $sql = "SELECT rowid, email, statut as status, phone_mobile, lastname, poste, firstname"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople"; - $sql .= " WHERE fk_soc = ".$this->id; + $sql .= " WHERE fk_soc = ".((int) $this->id); $sql .= " ORDER BY lastname, firstname"; $resql = $this->db->query($sql); @@ -2897,7 +2897,7 @@ class Societe extends CommonObject // phpcs:enable $contacts = array(); - $sql = "SELECT rowid, lastname, firstname FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".$this->id; + $sql = "SELECT rowid, lastname, firstname FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $nump = $this->db->num_rows($resql); @@ -2927,7 +2927,7 @@ class Societe extends CommonObject require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; $contacts = array(); - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".$this->id; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $nump = $this->db->num_rows($resql); @@ -3743,7 +3743,7 @@ class Societe extends CommonObject public function has_projects() { // phpcs:enable - $sql = 'SELECT COUNT(*) as numproj FROM '.MAIN_DB_PREFIX.'projet WHERE fk_soc = '.$this->id; + $sql = 'SELECT COUNT(*) as numproj FROM '.MAIN_DB_PREFIX.'projet WHERE fk_soc = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -4761,6 +4761,7 @@ class Societe extends CommonObject $this->db->begin(); + $field = 'accountancy_code_sell'; if ($type == 'buy') { $field = 'accountancy_code_buy'; } elseif ($type == 'sell') { @@ -4770,8 +4771,8 @@ class Societe extends CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET "; - $sql.= "$field = '".$this->db->escape($value)."'"; - $sql.= " WHERE rowid = ".$this->id; + $sql.= $field." = '".$this->db->escape($value)."'"; + $sql.= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::".__FUNCTION__." sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php index 5614b3c6138..c671ac9c396 100644 --- a/htdocs/stripe/class/stripe.class.php +++ b/htdocs/stripe/class/stripe.class.php @@ -170,7 +170,7 @@ class Stripe extends CommonObject $sql = "SELECT sa.key_account as key_account, sa.entity"; // key_account is cus_.... $sql .= " FROM ".MAIN_DB_PREFIX."societe_account as sa"; - $sql .= " WHERE sa.fk_soc = ".$object->id; + $sql .= " WHERE sa.fk_soc = ".((int) $object->id); $sql .= " AND sa.entity IN (".getEntity('societe').")"; $sql .= " AND sa.site = 'stripe' AND sa.status = ".((int) $status); $sql .= " AND (sa.site_account IS NULL OR sa.site_account = '' OR sa.site_account = '".$this->db->escape($stripearrayofkeysbyenv[$status]['publishable_key'])."')"; @@ -359,7 +359,7 @@ class Stripe extends CommonObject $sql = "SELECT pi.ext_payment_id, pi.entity, pi.fk_facture, pi.sourcetype, pi.ext_payment_site"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pi"; - $sql .= " WHERE pi.fk_facture = ".$object->id; + $sql .= " WHERE pi.fk_facture = ".((int) $object->id); $sql .= " AND pi.sourcetype = '".$this->db->escape($object->element)."'"; $sql .= " AND pi.entity IN (".getEntity('societe').")"; $sql .= " AND pi.ext_payment_site = '".$this->db->escape($service)."'"; @@ -728,7 +728,7 @@ class Stripe extends CommonObject $sql = "SELECT sa.stripe_card_ref, sa.proprio, sa.exp_date_month, sa.exp_date_year, sa.number, sa.cvn"; // stripe_card_ref is card_.... $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib as sa"; - $sql .= " WHERE sa.rowid = ".$object->id; // We get record from ID, no need for filter on entity + $sql .= " WHERE sa.rowid = ".((int) $object->id); // We get record from ID, no need for filter on entity $sql .= " AND sa.type = 'card'"; dol_syslog(get_class($this)."::fetch search stripe card id for paymentmode id=".$object->id.", stripeacc=".$stripeacc.", status=".$status.", createifnotlinkedtostripe=".$createifnotlinkedtostripe, LOG_DEBUG); @@ -826,7 +826,7 @@ class Stripe extends CommonObject $sql .= " SET stripe_card_ref = '".$this->db->escape($card->id)."', card_type = '".$this->db->escape($card->brand)."',"; $sql .= " country_code = '".$this->db->escape($card->country)."',"; $sql .= " approved = ".($card->cvc_check == 'pass' ? 1 : 0); - $sql .= " WHERE rowid = ".$object->id; + $sql .= " WHERE rowid = ".((int) $object->id); $sql .= " AND type = 'card'"; $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/takepos/floors.php b/htdocs/takepos/floors.php index 508d6e670b3..b3ba955f4e8 100644 --- a/htdocs/takepos/floors.php +++ b/htdocs/takepos/floors.php @@ -93,9 +93,9 @@ if ($action == "update") { $top = 95; } if ($left > 3 or $top > 4) { - $db->query("UPDATE ".MAIN_DB_PREFIX."takepos_floor_tables set leftpos=".$left.", toppos=".$top." WHERE rowid='".$place."'"); + $db->query("UPDATE ".MAIN_DB_PREFIX."takepos_floor_tables set leftpos = ".((int) $left).", toppos = ".((int) $top)." WHERE rowid = ".((int) $place)); } else { - $db->query("DELETE from ".MAIN_DB_PREFIX."takepos_floor_tables where rowid='".$place."'"); + $db->query("DELETE from ".MAIN_DB_PREFIX."takepos_floor_tables where rowid = ".((int) $place)); } } @@ -104,11 +104,11 @@ if ($action == "updatename") { if (strlen($newname) > 3) { $newname = substr($newname, 0, 3); // Only 3 chars } - $db->query("UPDATE ".MAIN_DB_PREFIX."takepos_floor_tables set label='".$db->escape($newname)."' WHERE rowid='".$place."'"); + $db->query("UPDATE ".MAIN_DB_PREFIX."takepos_floor_tables set label='".$db->escape($newname)."' WHERE rowid = ".((int) $place)); } if ($action == "add") { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."takepos_floor_tables(entity, label, leftpos, toppos, floor) VALUES (".$conf->entity.", '', '45', '45', ".$floor.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."takepos_floor_tables(entity, label, leftpos, toppos, floor) VALUES (".$conf->entity.", '', '45', '45', ".((int) $floor).")"; $asdf = $db->query($sql); $db->query("update ".MAIN_DB_PREFIX."takepos_floor_tables set label=rowid where label=''"); // No empty table names } diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 1ffec54ed22..bf08e2fdf01 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -2296,7 +2296,7 @@ class Ticket extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople t on ec.fk_socpeople = t.rowid"; } - $sql .= " WHERE ec.element_id =".$this->id; + $sql .= " WHERE ec.element_id = ".((int) $this->id); $sql .= " AND ec.fk_c_type_contact=tc.rowid"; $sql .= " AND tc.element='".$this->db->escape($this->element)."'"; if ($source == 'internal') { diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php index aa6f97a6c05..00b85dc23a6 100644 --- a/htdocs/user/bank.php +++ b/htdocs/user/bank.php @@ -369,7 +369,7 @@ if ($action != 'edit' && $action != 'create') { // If not bank account yet, $ac $sql = "SELECT s.rowid as sid, s.ref as sref, s.label, s.datesp, s.dateep, s.paye, s.amount, SUM(ps.amount) as alreadypaid"; $sql .= " FROM ".MAIN_DB_PREFIX."salary as s"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."payment_salary as ps ON (s.rowid = ps.fk_salary)"; - $sql .= " WHERE s.fk_user = ".$object->id; + $sql .= " WHERE s.fk_user = ".((int) $object->id); $sql .= " AND s.entity IN (".getEntity('salary').")"; $sql .= " GROUP BY s.rowid, s.ref, s.label, s.datesp, s.dateep, s.paye, s.amount"; $sql .= " ORDER BY s.dateep DESC"; @@ -433,7 +433,7 @@ if ($action != 'edit' && $action != 'create') { // If not bank account yet, $ac $sql = "SELECT h.rowid, h.statut as status, h.fk_type, h.date_debut, h.date_fin, h.halfday"; $sql .= " FROM ".MAIN_DB_PREFIX."holiday as h"; - $sql .= " WHERE h.fk_user = ".$object->id; + $sql .= " WHERE h.fk_user = ".((int) $object->id); $sql .= " AND h.entity IN (".getEntity('holiday').")"; $sql .= " ORDER BY h.date_debut DESC"; @@ -485,8 +485,8 @@ if ($action != 'edit' && $action != 'create') { // If not bank account yet, $ac $sql = "SELECT e.rowid, e.ref, e.fk_statut as status, e.date_debut, e.total_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as e"; - $sql .= " WHERE e.fk_user_author = ".$object->id; - $sql .= " AND e.entity = ".$conf->entity; + $sql .= " WHERE e.fk_user_author = ".((int) $object->id); + $sql .= " AND e.entity = ".((int) $conf->entity); $sql .= " ORDER BY e.date_debut DESC"; $resql = $db->query($sql); diff --git a/htdocs/user/card.php b/htdocs/user/card.php index ad1007f3c52..be91f302b97 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -512,15 +512,15 @@ if (empty($reshook)) { if (!empty($contact->socid)) { $sql .= ", fk_soc=".((int) $contact->socid); } - $sql .= " WHERE rowid=".$object->id; + $sql .= " WHERE rowid = ".((int) $object->id); } elseif ($socid > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql .= " SET fk_socpeople=NULL, fk_soc=".((int) $socid); - $sql .= " WHERE rowid=".$object->id; + $sql .= " WHERE rowid = ".((int) $object->id); } else { $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql .= " SET fk_socpeople=NULL, fk_soc=NULL"; - $sql .= " WHERE rowid=".$object->id; + $sql .= " WHERE rowid = ".((int) $object->id); } dol_syslog("usercard::update", LOG_DEBUG); $resql = $db->query($sql); diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 5ba74969107..e4a0e015fe8 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -143,7 +143,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $user=$this->savuser; $langs=$this->savlangs; $db=$this->savdb; - print __METHOD__."\n"; } @@ -290,7 +289,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string or an (int) if int when forging sql request. preg_match_all('/(DELETE|OR|AND|WHERE|INSERT)\s.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { - if ($val[2] == 'ity' && $val[3] == 'con') { + if ($val[2] == 'ity' && $val[3] == 'con') { // exclude entity = $conf->entity continue; } var_dump($matches); @@ -316,7 +315,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Check string sql|set...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. preg_match_all('/(sql|SET|WHERE).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { - if (! in_array($val[2], array('this->db-', 'this->esc', 'db->escap', 'dbsession', 'db->idate', 'excludeGr', 'includeGr'))) { + if (! in_array($val[2], array('this->db-', 'this->esc', 'db->escap', 'mydb->esc', 'dbsession', 'db->idate', 'escapedli', 'excludeGr', 'includeGr'))) { $ok=false; break; } From 46d993c9a6d8355d13fe1add39bace8b2640507b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 27 Aug 2021 22:42:04 +0200 Subject: [PATCH 135/215] Clean code --- htdocs/accountancy/admin/card.php | 4 +- htdocs/accountancy/admin/productaccount.php | 4 +- htdocs/accountancy/bookkeeping/list.php | 20 +++---- .../class/accountancycategory.class.php | 4 +- .../class/accountancysystem.class.php | 6 +- .../class/accountingaccount.class.php | 14 ++--- .../class/accountingjournal.class.php | 8 +-- .../accountancy/class/bookkeeping.class.php | 27 +++++---- htdocs/accountancy/class/lettering.class.php | 2 +- htdocs/accountancy/closure/index.php | 6 +- htdocs/accountancy/customer/card.php | 2 +- htdocs/accountancy/customer/index.php | 18 +++--- htdocs/accountancy/customer/list.php | 2 +- htdocs/accountancy/expensereport/card.php | 2 +- htdocs/accountancy/expensereport/index.php | 16 ++--- htdocs/accountancy/expensereport/list.php | 2 +- htdocs/accountancy/supplier/card.php | 2 +- htdocs/accountancy/supplier/index.php | 6 +- htdocs/accountancy/supplier/list.php | 2 +- htdocs/adherents/cartes/carte.php | 2 +- htdocs/adherents/class/adherent.class.php | 4 +- .../adherents/class/adherent_type.class.php | 2 +- htdocs/adherents/class/api_members.class.php | 2 +- htdocs/adherents/list.php | 2 +- htdocs/admin/emailcollector_list.php | 6 +- htdocs/admin/limits.php | 6 +- htdocs/admin/mails_senderprofile_list.php | 6 +- htdocs/admin/translation.php | 2 +- htdocs/api/class/api.class.php | 26 ++++++-- htdocs/asset/list.php | 6 +- htdocs/bom/bom_list.php | 4 +- htdocs/bom/class/bom.class.php | 18 +++--- htdocs/categories/class/categorie.class.php | 23 ++++--- htdocs/comm/action/class/actioncomm.class.php | 18 +++--- htdocs/comm/action/index.php | 2 +- htdocs/comm/action/list.php | 2 +- .../mailing/class/advtargetemailing.class.php | 52 ++++++++-------- .../html.formadvtargetemailing.class.php | 22 +++---- htdocs/comm/mailing/class/mailing.class.php | 4 +- htdocs/comm/propal/class/propal.class.php | 2 +- htdocs/comm/propal/list.php | 2 +- htdocs/commande/class/commande.class.php | 22 +++---- htdocs/commande/list.php | 2 +- htdocs/compta/bank/bankentries_list.php | 2 +- htdocs/compta/bank/list.php | 2 +- .../compta/cashcontrol/cashcontrol_list.php | 4 +- .../compta/facture/invoicetemplate_list.php | 2 +- htdocs/compta/facture/list.php | 2 +- .../compta/paiement/class/paiement.class.php | 6 +- .../class/bonprelevement.class.php | 6 +- htdocs/compta/stats/byratecountry.php | 4 +- htdocs/contact/list.php | 2 +- htdocs/contrat/class/contrat.class.php | 10 ++-- htdocs/contrat/list.php | 2 +- htdocs/contrat/services_list.php | 2 +- htdocs/core/class/cproductnature.class.php | 2 +- htdocs/core/class/ctyperesource.class.php | 2 +- htdocs/core/class/cunits.class.php | 2 +- htdocs/core/class/defaultvalues.class.php | 2 +- htdocs/core/class/notify.class.php | 6 +- htdocs/core/db/DoliDB.class.php | 4 +- htdocs/core/lib/admin.lib.php | 2 +- htdocs/core/lib/functions2.lib.php | 2 +- htdocs/core/modules/DolibarrModules.class.php | 12 ++-- htdocs/core/modules/modAdherent.class.php | 4 +- htdocs/core/modules/modBom.class.php | 4 +- htdocs/core/modules/modCommande.class.php | 4 +- htdocs/core/modules/modContrat.class.php | 5 +- htdocs/core/modules/modDon.class.php | 4 +- .../core/modules/modEmailCollector.class.php | 60 ++++++++----------- .../modules/modEventOrganization.class.php | 8 +-- htdocs/core/modules/modExpedition.class.php | 8 +-- .../core/modules/modExpenseReport.class.php | 4 +- htdocs/core/modules/modFacture.class.php | 4 +- htdocs/core/modules/modFicheinter.class.php | 4 +- htdocs/core/modules/modFournisseur.class.php | 4 +- htdocs/core/modules/modHoliday.class.php | 4 +- .../modules/modKnowledgeManagement.class.php | 8 +-- htdocs/core/modules/modMrp.class.php | 4 +- htdocs/core/modules/modPartnership.class.php | 8 +-- htdocs/core/modules/modPrelevement.class.php | 4 +- htdocs/core/modules/modProjet.class.php | 12 ++-- htdocs/core/modules/modPropale.class.php | 4 +- htdocs/core/modules/modReception.class.php | 4 +- htdocs/core/modules/modRecruitment.class.php | 8 +-- htdocs/core/modules/modStock.class.php | 9 ++- .../modules/modSupplierProposal.class.php | 4 +- htdocs/core/modules/modTicket.class.php | 4 +- htdocs/core/modules/modWorkstation.class.php | 8 +-- .../movement/doc/pdf_standard.modules.php | 2 +- htdocs/ecm/class/ecmfiles.class.php | 2 +- .../class/conferenceorbooth.class.php | 2 +- .../class/conferenceorboothattendee.class.php | 2 +- .../conferenceorbooth_list.php | 2 +- .../conferenceorboothattendee_list.php | 2 +- htdocs/expedition/list.php | 2 +- .../class/expensereport.class.php | 14 ++--- htdocs/expensereport/list.php | 2 +- htdocs/fichinter/list.php | 2 +- .../class/fournisseur.commande.class.php | 12 ++-- .../fournisseur.commande.dispatch.class.php | 2 +- htdocs/fourn/commande/list.php | 2 +- htdocs/fourn/facture/list.php | 2 +- htdocs/holiday/list.php | 2 +- htdocs/hrm/class/establishment.class.php | 2 +- htdocs/intracommreport/list.php | 2 +- .../class/knowledgerecord.class.php | 8 +-- .../knowledgerecord_list.php | 4 +- .../template/class/myobject.class.php | 12 ++-- .../modulebuilder/template/myobject_list.php | 4 +- htdocs/mrp/class/mo.class.php | 16 ++--- htdocs/mrp/mo_list.php | 4 +- htdocs/mrp/mo_movements.php | 2 +- .../partnership/class/partnership.class.php | 10 ++-- htdocs/partnership/partnership_list.php | 4 +- htdocs/product/class/product.class.php | 2 +- .../class/productcustomerprice.class.php | 4 +- .../class/productfournisseurprice.class.php | 8 +-- htdocs/product/inventory/list.php | 4 +- htdocs/product/list.php | 2 +- .../class/productstockentrepot.class.php | 2 +- htdocs/product/stock/list.php | 6 +- htdocs/product/stock/movement_card.php | 2 +- htdocs/product/stock/movement_list.php | 2 +- htdocs/product/stock/productlot_list.php | 6 +- htdocs/projet/class/task.class.php | 4 +- htdocs/projet/list.php | 2 +- htdocs/projet/tasks/list.php | 2 +- htdocs/public/recruitment/index.php | 2 +- htdocs/public/ticket/list.php | 2 +- htdocs/reception/list.php | 2 +- .../class/recruitmentcandidature.class.php | 10 ++-- .../class/recruitmentjobposition.class.php | 10 ++-- .../recruitmentcandidature_list.php | 6 +- .../recruitmentjobposition_list.php | 4 +- htdocs/resource/class/dolresource.class.php | 2 +- htdocs/societe/class/societe.class.php | 2 +- htdocs/societe/list.php | 2 +- htdocs/societe/website.php | 6 +- htdocs/supplier_proposal/list.php | 2 +- htdocs/ticket/class/cticketcategory.class.php | 10 ++-- htdocs/ticket/class/ticket.class.php | 18 +++--- htdocs/ticket/list.php | 4 +- htdocs/user/class/user.class.php | 10 ++-- htdocs/user/list.php | 2 +- htdocs/user/notify/card.php | 6 +- .../class/ProductAttributeValue.class.php | 3 +- htdocs/website/class/website.class.php | 2 +- htdocs/website/class/websitepage.class.php | 2 +- .../workstation/class/workstation.class.php | 10 ++-- htdocs/workstation/workstation_list.php | 4 +- htdocs/zapier/class/hook.class.php | 8 +-- test/phpunit/CodingPhpTest.php | 41 +++++++++++-- 153 files changed, 515 insertions(+), 477 deletions(-) diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php index 46d8dc0dc80..86efee3a04a 100644 --- a/htdocs/accountancy/admin/card.php +++ b/htdocs/accountancy/admin/card.php @@ -261,7 +261,7 @@ if ($action == 'create') { // autosuggest from existing account types if found print ''; $sql = 'SELECT DISTINCT pcg_type FROM ' . MAIN_DB_PREFIX . 'accounting_account'; - $sql .= ' WHERE fk_pcg_version = "' . $db->escape($accountsystem->ref) . '"'; + $sql .= " WHERE fk_pcg_version = '" . $db->escape($accountsystem->ref) . "'"; $sql .= ' AND entity in ('.getEntity('accounting_account', 0).')'; // Always limit to current entity. No sharing in accountancy. $sql .= ' LIMIT 50000'; // just as a sanity check $resql = $db->query($sql); @@ -337,7 +337,7 @@ if ($action == 'create') { // autosuggest from existing account types if found print ''; $sql = 'SELECT DISTINCT pcg_type FROM ' . MAIN_DB_PREFIX . 'accounting_account'; - $sql .= ' WHERE fk_pcg_version = "' . $db->escape($accountsystem->ref) . '"'; + $sql .= " WHERE fk_pcg_version = '" . $db->escape($accountsystem->ref) . "'"; $sql .= ' AND entity in ('.getEntity('accounting_account', 0).')'; // Always limit to current entity. No sharing in accountancy. $sql .= ' LIMIT 50000'; // just as a sanity check $resql = $db->query($sql); diff --git a/htdocs/accountancy/admin/productaccount.php b/htdocs/accountancy/admin/productaccount.php index e29653a3e40..9596cd96af8 100644 --- a/htdocs/accountancy/admin/productaccount.php +++ b/htdocs/accountancy/admin/productaccount.php @@ -198,7 +198,7 @@ if ($action == 'update') { $sql .= " WHERE rowid = ".((int) $productid); } - dol_syslog("/accountancy/admin/productaccount.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accountancy/admin/productaccount.php", LOG_DEBUG); if ($db->query($sql)) { $ok++; $db->commit(); @@ -329,7 +329,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $sql .= $db->plimit($limit + 1, $offset); -dol_syslog("/accountancy/admin/productaccount.php:: sql=".$sql, LOG_DEBUG); +dol_syslog("/accountancy/admin/productaccount.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { $num = $db->num_rows($result); diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index bc260c77ed3..73c23e4d63b 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -530,25 +530,25 @@ $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.doc_date') { - $sqlwhere[] = $key.'=\''.$db->idate($value).'\''; + $sqlwhere[] = $key."='".$db->idate($value)."'"; } elseif ($key == 't.doc_date>=' || $key == 't.doc_date<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.numero_compte>=' || $key == 't.numero_compte<=') { - $sqlwhere[] = $key.'\''.$db->escape($value).'\''; + $sqlwhere[] = $key."'".$db->escape($value)."'"; } elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key.'='.((int) $value); } elseif ($key == 't.numero_compte') { - $sqlwhere[] = $key.' LIKE \''.$db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '".$db->escape($value)."%'"; } elseif ($key == 't.subledger_account') { $sqlwhere[] = natural_search($key, $value, 0, 1); } elseif ($key == 't.date_creation>=' || $key == 't.date_creation<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.tms>=' || $key == 't.tms<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.date_export>=' || $key == 't.date_export<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.date_validated>=' || $key == 't.date_validated<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.credit' || $key == 't.debit') { $sqlwhere[] = natural_search($key, $value, 1, 1); } elseif ($key == 't.reconciled_option') { @@ -612,7 +612,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex } $sql .= " WHERE rowid = ".((int) $movement->id); - dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG); + dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported", LOG_DEBUG); $result = $db->query($sql); if (!$result) { $error++; diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 77d10516daa..bc7226edb22 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -433,7 +433,7 @@ class AccountancyCategory // extends CommonObject $this->lines_display = array(); - dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -632,7 +632,7 @@ class AccountancyCategory // extends CommonObject $sql .= " WHERE aa.rowid = ".((int) $cpt_id); $this->db->begin(); - dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/accountancy/class/accountancysystem.class.php b/htdocs/accountancy/class/accountancysystem.class.php index 1b481027ac0..a62dddd6a26 100644 --- a/htdocs/accountancy/class/accountancysystem.class.php +++ b/htdocs/accountancy/class/accountancysystem.class.php @@ -105,7 +105,7 @@ class AccountancySystem $sql .= " a.pcg_version = '".$this->db->escape($ref)."'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -143,9 +143,9 @@ class AccountancySystem $sql = "INSERT INTO ".MAIN_DB_PREFIX."accounting_system"; $sql .= " (date_creation, fk_user_author, numero, label)"; - $sql .= " VALUES ('".$this->db->idate($now)."',".$user->id.",'".$this->db->escape($this->numero)."','".$this->db->escape($this->label)."')"; + $sql .= " VALUES ('".$this->db->idate($now)."',".((int) $user->id).",'".$this->db->escape($this->numero)."','".$this->db->escape($this->label)."')"; - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $id = $this->db->last_insert_id(MAIN_DB_PREFIX."accounting_system"); diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index 3c95af8afee..35178e43947 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -150,7 +150,7 @@ class AccountingAccount extends CommonObject global $conf; $this->db = $db; - $this->next_prev_filter = 'fk_pcg_version IN (SELECT pcg_version FROM '.MAIN_DB_PREFIX.'accounting_system WHERE rowid='.$conf->global->CHARTOFACCOUNTS.')'; // Used to add a filter in Form::showrefnav method + $this->next_prev_filter = "fk_pcg_version IN (SELECT pcg_version FROM ".MAIN_DB_PREFIX."accounting_system WHERE rowid=".((int) $conf->global->CHARTOFACCOUNTS).")"; // Used to add a filter in Form::showrefnav method } /** @@ -185,7 +185,7 @@ class AccountingAccount extends CommonObject $sql .= " AND a.fk_pcg_version = '".$this->db->escape($limittoachartaccount)."'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -289,7 +289,7 @@ class AccountingAccount extends CommonObject $this->db->begin(); - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -352,7 +352,7 @@ class AccountingAccount extends CommonObject $sql .= " , reconcilable = ".(int) $this->reconcilable; $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $this->db->commit(); @@ -379,7 +379,7 @@ class AccountingAccount extends CommonObject $sql .= " (SELECT fk_code_ventilation FROM ".MAIN_DB_PREFIX."facture_fourn_det"; $sql .= " WHERE fk_code_ventilation=".((int) $this->id).")"; - dol_syslog(get_class($this)."::checkUsage sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::checkUsage", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -604,7 +604,7 @@ class AccountingAccount extends CommonObject $sql .= "SET ".$fieldtouse." = '0'"; $sql .= " WHERE rowid = ".((int) $id); - dol_syslog(get_class($this)."::accountDeactivate ".$fieldtouse." sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::accountDeactivate ".$fieldtouse, LOG_DEBUG); $result = $this->db->query($sql); if ($result) { @@ -642,7 +642,7 @@ class AccountingAccount extends CommonObject $sql .= " SET ".$fieldtouse." = '1'"; $sql .= " WHERE rowid = ".((int) $id); - dol_syslog(get_class($this)."::account_activate ".$fieldtouse." sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::account_activate ".$fieldtouse, LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $this->db->commit(); diff --git a/htdocs/accountancy/class/accountingjournal.class.php b/htdocs/accountancy/class/accountingjournal.class.php index 95a69466658..376178b45ba 100644 --- a/htdocs/accountancy/class/accountingjournal.class.php +++ b/htdocs/accountancy/class/accountingjournal.class.php @@ -113,7 +113,7 @@ class AccountingJournal extends CommonObject $sql .= " AND entity = ".$conf->entity; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -170,18 +170,18 @@ class AccountingJournal extends CommonObject $sql .= ' WHERE 1 = 1'; $sql .= " AND entity IN (".getEntity('accountancy').")"; if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= " AND ".implode(" ".$filtermode." ", $sqlwhere); } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $this->lines = array(); - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 0ea00c9c98c..acdce0229d0 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -647,7 +647,7 @@ class BookKeeping extends CommonObject $sql .= ' '.(!isset($this->credit) ? 'NULL' : $this->credit).','; $sql .= ' '.(!isset($this->montant) ? 'NULL' : $this->montant).','; $sql .= ' '.(!isset($this->sens) ? 'NULL' : "'".$this->db->escape($this->sens)."'").','; - $sql .= ' '.$user->id.','; + $sql .= ' '.((int) $user->id).','; $sql .= ' '."'".$this->db->idate($now)."',"; $sql .= ' '.(empty($this->code_journal) ? 'NULL' : "'".$this->db->escape($this->code_journal)."'").','; $sql .= ' '.(empty($this->journal_label) ? 'NULL' : "'".$this->db->escape($this->journal_label)."'").','; @@ -883,7 +883,7 @@ class BookKeeping extends CommonObject $sql .= ' WHERE 1 = 1'; $sql .= " AND entity IN (".getEntity('accountancy').")"; if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= " AND ".implode(" ".$filtermode." ", $sqlwhere); } // Affichage par compte comptable if (!empty($option)) { @@ -894,10 +894,10 @@ class BookKeeping extends CommonObject } if (!empty($sortfield)) { - $sql .= ', '.$sortfield.' '.$sortorder; + $sql .= ", ".$sortfield." ".$sortorder; } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $resql = $this->db->query($sql); @@ -1043,13 +1043,13 @@ class BookKeeping extends CommonObject $sql .= " AND t.date_export IS NULL"; } if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= ' AND '.implode(" ".$filtermode." ", $sqlwhere); } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $this->lines = array(); @@ -1161,7 +1161,7 @@ class BookKeeping extends CommonObject } $sql .= ' WHERE entity IN ('.getEntity('accountancy').')'; if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= " AND ".implode(" ".$filtermode." ", $sqlwhere); } $sql .= ' GROUP BY t.numero_compte'; @@ -1170,7 +1170,7 @@ class BookKeeping extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $resql = $this->db->query($sql); @@ -1347,8 +1347,9 @@ class BookKeeping extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= ' SET '.$field.'='.(is_numeric($value) ? $value : "'".$this->db->escape($value)."'"); + $sql .= " SET ".$field." = ".(is_numeric($value) ? ((float) $value) : "'".$this->db->escape($value)."'"); $sql .= " WHERE piece_num = ".((int) $piece_num); + $resql = $this->db->query($sql); if (!$resql) { @@ -1678,7 +1679,7 @@ class BookKeeping extends CommonObject $sql = "SELECT MAX(piece_num)+1 as max FROM ".MAIN_DB_PREFIX.$this->table_element.$mode; $sql .= " WHERE entity IN (".getEntity('accountancy').")"; - dol_syslog(get_class($this)."getNextNumMvt sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."getNextNumMvt", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { @@ -1858,7 +1859,7 @@ class BookKeeping extends CommonObject $sql .= ' SELECT doc_date, doc_type,'; $sql .= ' doc_ref, fk_doc, fk_docdet, entity, thirdparty_code, subledger_account, subledger_label,'; $sql .= ' numero_compte, label_compte, label_operation, debit, credit,'; - $sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, '.$next_piecenum.", '".$this->db->idate($now)."'"; + $sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, '.((int) $next_piecenum).", '".$this->db->idate($now)."'"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.((int) $piece_num); $resql = $this->db->query($sql); if (!$resql) { @@ -2017,7 +2018,7 @@ class BookKeeping extends CommonObject $sql .= " WHERE aa.account_number = '".$this->db->escape($account)."'"; $sql .= " AND aa.entity IN (".getEntity('accountancy').")"; - dol_syslog(get_class($this)."::select_account sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::select_account", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $obj = ''; @@ -2057,7 +2058,7 @@ class BookKeeping extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_accounting_category as cat ON aa.fk_accounting_category = cat.rowid"; $sql .= " WHERE aa.entity IN (".getEntity('accountancy').")"; - dol_syslog(get_class($this)."::select_account sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::select_account", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $obj = ''; diff --git a/htdocs/accountancy/class/lettering.class.php b/htdocs/accountancy/class/lettering.class.php index b2abf01948e..1dd4c4df3e5 100644 --- a/htdocs/accountancy/class/lettering.class.php +++ b/htdocs/accountancy/class/lettering.class.php @@ -279,7 +279,7 @@ class Lettering extends BookKeeping $sql .= " WHERE rowid IN (".$this->db->sanitize(implode(',', $ids)).") AND date_validated IS NULL "; $this->db->begin(); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index b612762d358..a7220d01a28 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -95,7 +95,7 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting- $sql .= " AND doc_date >= '" . $db->idate($date_start) . "'"; $sql .= " AND doc_date <= '" . $db->idate($date_end) . "'"; - dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG); + dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated", LOG_DEBUG); $result = $db->query($sql); if (!$result) { $error++; @@ -189,7 +189,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(b.doc_date)='.$j, '1', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(b.doc_date)=".$j, "1", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " COUNT(b.rowid) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b"; @@ -198,7 +198,7 @@ $sql .= " AND b.doc_date <= '".$db->idate($search_date_end)."'"; $sql .= " AND b.entity IN (".getEntity('bookkeeping', 0).")"; // We don't share object for accountancy $sql .= " AND date_validated IS NULL"; -dol_syslog('htdocs/accountancy/closure/index.php sql='.$sql, LOG_DEBUG); +dol_syslog('htdocs/accountancy/closure/index.php', LOG_DEBUG); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index b3ce892b235..296d6729301 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -117,7 +117,7 @@ if (!empty($id)) { $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy - dol_syslog("/accounting/customer/card.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accounting/customer/card.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php index ede72c9d9e6..3b30d00dbf6 100644 --- a/htdocs/accountancy/customer/index.php +++ b/htdocs/accountancy/customer/index.php @@ -85,8 +85,8 @@ if ($action == 'clean' || $action == 'validatehistory') { $sql1 .= ' (SELECT accnt.rowid '; $sql1 .= ' FROM '.MAIN_DB_PREFIX.'accounting_account as accnt'; $sql1 .= ' INNER JOIN '.MAIN_DB_PREFIX.'accounting_system as syst'; - $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity.')'; - $sql1 .= ' AND fd.fk_facture IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'facture WHERE entity = '.$conf->entity.')'; + $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity).')'; + $sql1 .= ' AND fd.fk_facture IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'facture WHERE entity = '.((int) $conf->entity).')'; $sql1 .= ' AND fk_code_ventilation <> 0'; dol_syslog("htdocs/accountancy/customer/index.php fixaccountancycode", LOG_DEBUG); @@ -110,13 +110,13 @@ if ($action == 'validatehistory') { $sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet"; $sql1 .= " SET fk_code_ventilation = accnt.rowid"; $sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst"; - $sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number"; $sql1 .= " AND " . MAIN_DB_PREFIX . "facturedet.fk_code_ventilation = 0"; } else { $sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet as fd, " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst"; $sql1 .= " SET fk_code_ventilation = accnt.rowid"; - $sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number"; $sql1 .= " AND fd.fk_code_ventilation = 0"; }*/ @@ -283,7 +283,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, 'fd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "fd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -306,7 +306,7 @@ if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { } $sql .= " GROUP BY fd.fk_code_ventilation,aa.account_number,aa.label"; -dol_syslog('htdocs/accountancy/customer/index.php sql='.$sql, LOG_DEBUG); +dol_syslog('htdocs/accountancy/customer/index.php', LOG_DEBUG); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -367,7 +367,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, 'fd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "fd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -452,7 +452,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, 'fd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "fd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -513,7 +513,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, '(fd.total_ht-(fd.qty * fd.buy_price_ht))', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "(fd.total_ht-(fd.qty * fd.buy_price_ht))", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM((fd.total_ht-(fd.qty * fd.buy_price_ht))) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index 5ce9f5e13e8..35e02d5b007 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -188,7 +188,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog("accountancy/customer/list.php sql=".$sql, LOG_DEBUG); + dol_syslog("accountancy/customer/list.php", LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("Lineofinvoice", $monId).' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index db270b9d2db..7c2310ccce4 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -110,7 +110,7 @@ if (!empty($id)) { $sql .= " WHERE er.fk_statut > 0 AND erd.rowid = ".((int) $id); $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy - dol_syslog("/accounting/expensereport/card.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accounting/expensereport/card.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/accountancy/expensereport/index.php b/htdocs/accountancy/expensereport/index.php index f06dd5f8d6f..1544976bb07 100644 --- a/htdocs/accountancy/expensereport/index.php +++ b/htdocs/accountancy/expensereport/index.php @@ -79,8 +79,8 @@ if (($action == 'clean' || $action == 'validatehistory') && $user->rights->accou $sql1 .= ' (SELECT accnt.rowid '; $sql1 .= ' FROM '.MAIN_DB_PREFIX.'accounting_account as accnt'; $sql1 .= ' INNER JOIN '.MAIN_DB_PREFIX.'accounting_system as syst'; - $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity.')'; - $sql1 .= ' AND erd.fk_expensereport IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'expensereport WHERE entity = '.$conf->entity.')'; + $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity).')'; + $sql1 .= ' AND erd.fk_expensereport IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'expensereport WHERE entity = '.((int) $conf->entity).')'; $sql1 .= ' AND fk_code_ventilation <> 0'; dol_syslog("htdocs/accountancy/customer/index.php fixaccountancycode", LOG_DEBUG); $resql1 = $db->query($sql1); @@ -103,13 +103,13 @@ if ($action == 'validatehistory') { $sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det"; $sql1 .= " SET fk_code_ventilation = accnt.rowid"; $sql1 .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst"; - $sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND t.accountancy_code = accnt.account_number"; $sql1 .= " AND ".MAIN_DB_PREFIX."expensereport_det.fk_code_ventilation = 0"; } else { $sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd, ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst"; $sql1 .= " SET erd.fk_code_ventilation = accnt.rowid"; - $sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND t.accountancy_code=accnt.account_number"; $sql1 .= " AND erd.fk_code_ventilation = 0"; } @@ -166,13 +166,13 @@ for ($i = 1; $i <= 12; $i++) { print ''.$langs->trans("Total").''; $sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,"; -$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,"; +$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,"; for ($i = 1; $i <= 12; $i++) { $j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1; if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(er.date_debut)='.$j, 'erd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(er.date_debut)=".$j, "erd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(erd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as erd"; @@ -251,7 +251,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(er.date_debut)='.$j, 'erd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(er.date_debut)=".$j, "erd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " ROUND(SUM(erd.total_ht),2) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as erd"; @@ -330,7 +330,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(er.date_create)='.$j, 'erd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(er.date_create)=".$j, "erd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(erd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as erd"; diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index d69e78fead2..4cfc4dfb4ba 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -159,7 +159,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog('accountancy/expensereport/list.php:: sql='.$sql, LOG_DEBUG); + dol_syslog('accountancy/expensereport/list.php', LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("LineOfExpenseReport").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 1e7887c1bdc..05d32d0cec5 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -118,7 +118,7 @@ if (!empty($id)) { $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('facture_fourn', 0).")"; // We don't share object for accountancy - dol_syslog("/accounting/supplier/card.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accounting/supplier/card.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index f047ddf70de..1836687d042 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -283,7 +283,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$j, 'ffd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$j, "ffd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(ffd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; @@ -362,7 +362,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$j, 'ffd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$j, "ffd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(ffd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; @@ -441,7 +441,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$j, 'ffd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$j, "ffd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(ffd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index 4fd16df2afe..c6cfd3f7c92 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -193,7 +193,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog('accountancy/supplier/list.php sql='.$sql, LOG_DEBUG); + dol_syslog('accountancy/supplier/list.php', LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("Lineofinvoice").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; diff --git a/htdocs/adherents/cartes/carte.php b/htdocs/adherents/cartes/carte.php index 8d9ed70a925..0512349ec4f 100644 --- a/htdocs/adherents/cartes/carte.php +++ b/htdocs/adherents/cartes/carte.php @@ -73,7 +73,7 @@ if ((!empty($foruserid) || !empty($foruserlogin) || !empty($mode)) && !$mesg) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type as t, ".MAIN_DB_PREFIX."adherent as d"; diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 75470b32173..78deca61028 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1831,8 +1831,8 @@ class Adherent extends CommonObject if (!$error && !empty($bank_line_id)) { // Update fk_bank into subscription table - $sql = 'UPDATE '.MAIN_DB_PREFIX.'subscription SET fk_bank='.$bank_line_id; - $sql .= ' WHERE rowid='.$subscriptionid; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'subscription SET fk_bank='.((int) $bank_line_id); + $sql .= ' WHERE rowid='.((int) $subscriptionid); $result = $this->db->query($sql); if (!$result) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index 1a00a03e932..88dbf6e2b39 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -584,7 +584,7 @@ class AdherentType extends CommonObject /** * Return array of Member objects for member type this->id (or all if this->id not defined) * - * @param string $excludefilter Filter to exclude + * @param string $excludefilter Filter to exclude. This value must not come from a user input. * @param int $mode 0=Return array of member instance * 1=Return array of member instance without extra data * 2=Return array of members id only diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index d57a01510d4..b95313bdbc1 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -204,7 +204,7 @@ class Members extends DolibarrApi * @param int $limit Limit for list * @param int $page Page number * @param string $typeid ID of the type of member - * @param int $category Use this param to filter list by category + * @param int $category Use this param to filter list by category * @param string $sqlfilters Other criteria to filter answers separated by a comma. * Example: "(t.ref:like:'SO-%') and ((t.date_creation:<:'20160101') or (t.nature:is:NULL))" * @return array Array of member objects diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 68430a71bab..fd667ad6a2f 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -323,7 +323,7 @@ $sql .= " state.code_departement as state_code, state.nom as state_name,"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks diff --git a/htdocs/admin/emailcollector_list.php b/htdocs/admin/emailcollector_list.php index c57e681be34..ddfa847d813 100644 --- a/htdocs/admin/emailcollector_list.php +++ b/htdocs/admin/emailcollector_list.php @@ -208,12 +208,12 @@ $title = $langs->trans('ListOf', $langs->transnoentitiesnoconv("EmailCollector") // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -259,7 +259,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/admin/limits.php b/htdocs/admin/limits.php index 4a599499053..ef0c996569f 100644 --- a/htdocs/admin/limits.php +++ b/htdocs/admin/limits.php @@ -108,9 +108,9 @@ $aCurrencies = array($conf->currency); // Default currency always first position if (!empty($conf->multicurrency->enabled) && !empty($conf->global->MULTICURRENCY_USE_LIMIT_BY_CURRENCY)) { require_once DOL_DOCUMENT_ROOT.'/core/lib/multicurrency.lib.php'; - $sql = 'SELECT rowid, code FROM '.MAIN_DB_PREFIX.'multicurrency'; - $sql .= ' WHERE entity = '.$conf->entity; - $sql .= ' AND code != "'.$conf->currency.'"'; // Default currency always first position + $sql = "SELECT rowid, code FROM ".MAIN_DB_PREFIX."multicurrency"; + $sql .= " WHERE entity = ".((int) $conf->entity); + $sql .= " AND code <> '".$db->escape($conf->currency)."'"; // Default currency always first position $resql = $db->query($sql); if ($resql) { while ($obj = $db->fetch_object($resql)) { diff --git a/htdocs/admin/mails_senderprofile_list.php b/htdocs/admin/mails_senderprofile_list.php index f91b9685c88..baa8c3688d8 100644 --- a/htdocs/admin/mails_senderprofile_list.php +++ b/htdocs/admin/mails_senderprofile_list.php @@ -226,12 +226,12 @@ print "
\n"; // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -282,7 +282,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY " foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index 3fa2e5d0af9..4fb4e05f771 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -146,7 +146,7 @@ if ($action == 'add') { if (!$error) { $db->begin(); - $sql = "INSERT INTO ".MAIN_DB_PREFIX."overwrite_trans(lang, transkey, transvalue, entity) VALUES ('".$db->escape($langcode)."','".$db->escape($transkey)."','".$db->escape($transvalue)."', ".$db->escape($conf->entity).")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."overwrite_trans(lang, transkey, transvalue, entity) VALUES ('".$db->escape($langcode)."','".$db->escape($transkey)."','".$db->escape($transvalue)."', ".((int) $conf->entity).")"; $result = $db->query($sql); if ($result > 0) { $db->commit(); diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php index 0a84de7b7c1..ab65576811a 100644 --- a/htdocs/api/class/api.class.php +++ b/htdocs/api/class/api.class.php @@ -327,7 +327,7 @@ class DolibarrApi * Function to forge a SQL criteria * * @param array $matches Array of found string by regex search. - * Example: "t.ref:like:'SO-%'" or "t.date_creation:<:'20160101'" or "t.date_creation:<:'2016-01-01 12:30:00'" or "t.nature:is:NULL" + * Example: "t.ref:like:'SO-%'" or "t.date_creation:<:'20160101'" or "t.date_creation:<:'2016-01-01 12:30:00'" or "t.nature:is:NULL" or "t.nature:isnot:NULL" * @return string Forged criteria. Example: "t.field like 'abc%'" */ protected static function _forge_criteria_callback($matches) @@ -345,18 +345,36 @@ class DolibarrApi return ''; } + // Sanitize operand $operand = preg_replace('/[^a-z0-9\._]/i', '', trim($tmp[0])); + // Sanitize operator $operator = strtoupper(preg_replace('/[^a-z<>=]/i', '', trim($tmp[1]))); + // Only some operators are allowed. + if (! in_array($operator, array('LIKE', 'ULIKE', '<', '>', '<=', '>=', '=', '<>', 'IS', 'ISNOT', 'IN'))) { + return ''; + } + if ($operator == 'ISNOT') { + $operator = 'IS NOT'; + } + // Sanitize value $tmpescaped = trim($tmp[2]); $regbis = array(); if ($operator == 'IN') { $tmpescaped = "(".$db->sanitize($tmpescaped, 1).")"; - } elseif (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) { - $tmpescaped = "'".$db->escape($regbis[1])."'"; + } elseif (in_array($operator, array('<', '>', '<=', '>=', '=', '<>'))) { + if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) { // If 'YYYY-MM-DD HH:MM:SS+X' + $tmpescaped = "'".$db->escape($regbis[1])."'"; + } else { + $tmpescaped = ((float) $tmpescaped); + } } else { - $tmpescaped = $db->sanitize($db->escape($tmpescaped)); + if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) { + $tmpescaped = "'".$db->escape($regbis[1])."'"; + } else { + $tmpescaped = "'".$db->escape($tmpescaped)."'"; + } } return $db->escape($operand).' '.$db->escape($operator)." ".$tmpescaped; diff --git a/htdocs/asset/list.php b/htdocs/asset/list.php index 1d994e25177..770493a90f6 100644 --- a/htdocs/asset/list.php +++ b/htdocs/asset/list.php @@ -197,12 +197,12 @@ $title = $langs->trans('ListOf', $langs->transnoentitiesnoconv("Assets")); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -249,7 +249,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY " foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php index df21938aec5..4a94dc7ce86 100644 --- a/htdocs/bom/bom_list.php +++ b/htdocs/bom/bom_list.php @@ -297,7 +297,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.' ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.' ' : ''); } } // Add fields from hooks @@ -363,7 +363,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 3996b5e49bd..6de13ac137a 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -431,25 +431,25 @@ class BOM extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')'; + $sql .= " AND (".implode(" ".$filtermode." ", $sqlwhere).")"; } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -1288,13 +1288,13 @@ class BOMLine extends CommonObjectLine if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -1306,7 +1306,7 @@ class BOMLine extends CommonObjectLine $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 689014ad14e..ba5515149d4 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -455,7 +455,7 @@ class Categorie extends CommonObject $sql .= ($this->socid > 0 ? $this->socid : 'null').", "; } $sql .= "'".$this->db->escape($this->visible)."', "; - $sql .= $this->db->escape($type).", "; + $sql .= ((int) $type).", "; $sql .= (!empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : 'null').", "; $sql .= (!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : 'null').", "; $sql .= (int) $conf->entity.", "; @@ -687,7 +687,7 @@ class Categorie extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); $sql .= " (fk_categorie, fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type]).")"; - $sql .= " VALUES (".$this->id.", ".$obj->id.")"; + $sql .= " VALUES (".((int) $this->id).", ".((int) $obj->id).")"; dol_syslog(get_class($this).'::add_type', LOG_DEBUG); if ($this->db->query($sql)) { @@ -924,12 +924,11 @@ class Categorie extends CommonObject $idoftype = array_search($type, self::$MAP_ID_TO_CODE); $sql = "SELECT s.rowid"; - $sql .= " FROM ".MAIN_DB_PREFIX."categorie as s"; - $sql .= " , ".MAIN_DB_PREFIX."categorie_".$sub_type." as sub "; + $sql .= " FROM ".MAIN_DB_PREFIX."categorie as s, ".MAIN_DB_PREFIX."categorie_".$sub_type." as sub"; $sql .= ' WHERE s.entity IN ('.getEntity('category').')'; $sql .= ' AND s.type='.((int) $idoftype); $sql .= ' AND s.rowid = sub.fk_categorie'; - $sql .= ' AND sub.'.$subcol_name.' = '.((int) $id); + $sql .= " AND sub.".$subcol_name." = ".((int) $id); $sql .= $this->db->order($sortfield, $sortorder); @@ -1811,13 +1810,13 @@ class Categorie extends CommonObject if ($key == $current_lang) { if ($this->db->num_rows($result)) { // si aucune ligne dans la base $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; - $sql2 .= " SET label='".$this->db->escape($this->label)."',"; - $sql2 .= " description='".$this->db->escape($this->description)."'"; - $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " SET label = '".$this->db->escape($this->label)."',"; + $sql2 .= " description = '".$this->db->escape($this->description)."'"; + $sql2 .= " WHERE fk_category = ".((int) $this->id)." AND lang = '".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label); - $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; + $sql2 .= " VALUES(".((int) $this->id).", '".$this->db->escape($key)."', '".$this->db->escape($this->label)."'"; + $sql2 .= ", '".$this->db->escape($this->multilangs["$key"]["description"])."')"; } dol_syslog(get_class($this).'::setMultiLangs', LOG_DEBUG); if (!$this->db->query($sql2)) { @@ -1832,8 +1831,8 @@ class Categorie extends CommonObject $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->multilangs["$key"]["label"]); - $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; + $sql2 .= " VALUES(".((int) $this->id).", '".$this->db->escape($key)."', '".$this->db->escape($this->multilangs["$key"]["label"])."'"; + $sql2 .= ",'".$this->db->escape($this->multilangs["$key"]["description"])."')"; } // on ne sauvegarde pas des champs vides diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 1e8de65cb43..b7530e788a8 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -542,18 +542,18 @@ class ActionComm extends CommonObject $sql .= (isset($this->type_id) ? $this->type_id : "null").","; $sql .= ($code ? ("'".$this->db->escape($code)."'") : "null").", "; $sql .= (!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null").", "; - $sql .= ((isset($this->socid) && $this->socid > 0) ? $this->socid : "null").", "; - $sql .= ((isset($this->fk_project) && $this->fk_project > 0) ? $this->fk_project : "null").", "; + $sql .= ((isset($this->socid) && $this->socid > 0) ? ((int) $this->socid) : "null").", "; + $sql .= ((isset($this->fk_project) && $this->fk_project > 0) ? ((int) $this->fk_project) : "null").", "; $sql .= " '".$this->db->escape($this->note_private)."', "; - $sql .= ((isset($this->contact_id) && $this->contact_id > 0) ? $this->contact_id : "null").", "; // deprecated, use ->socpeopleassigned + $sql .= ((isset($this->contact_id) && $this->contact_id > 0) ? ((int) $this->contact_id) : "null").", "; // deprecated, use ->socpeopleassigned $sql .= (isset($user->id) && $user->id > 0 ? $user->id : "null").", "; $sql .= ($userownerid > 0 ? $userownerid : "null").", "; $sql .= ($userdoneid > 0 ? $userdoneid : "null").", "; $sql .= "'".$this->db->escape($this->label)."','".$this->db->escape($this->percentage)."','".$this->db->escape($this->priority)."','".$this->db->escape($this->fulldayevent)."','".$this->db->escape($this->location)."', "; $sql .= "'".$this->db->escape($this->transparency)."', "; - $sql .= (!empty($this->fk_element) ? $this->fk_element : "null").", "; + $sql .= (!empty($this->fk_element) ? ((int) $this->fk_element) : "null").", "; $sql .= (!empty($this->elementtype) ? "'".$this->db->escape($this->elementtype)."'" : "null").", "; - $sql .= $conf->entity.","; + $sql .= ((int) $conf->entity).","; $sql .= (!empty($this->extraparams) ? "'".$this->db->escape($this->extraparams)."'" : "null").", "; // Fields emails $sql .= (!empty($this->email_msgid) ? "'".$this->db->escape($this->email_msgid)."'" : "null").", "; @@ -593,7 +593,7 @@ class ActionComm extends CommonObject if (!empty($already_inserted[$val['id']])) continue; $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'user', ".$val['id'].", ".(empty($val['mandatory']) ? '0' : $val['mandatory']).", ".(empty($val['transparency']) ? '0' : $val['transparency']).", ".(empty($val['answer_status']) ? '0' : $val['answer_status']).")"; + $sql .= " VALUES(".((int) $this->id).", 'user', ".((int) $val['id']).", ".(empty($val['mandatory']) ? '0' : ((int) $val['mandatory'])).", ".(empty($val['transparency']) ? '0' : ((int) $val['transparency'])).", ".(empty($val['answer_status']) ? '0' : ((int) $val['answer_status'])).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -615,7 +615,7 @@ class ActionComm extends CommonObject if (!empty($already_inserted[$val['id']])) continue; $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'socpeople', ".$id.", 0, 0, 0)"; + $sql .= " VALUES(".((int) $this->id).", 'socpeople', ".((int) $id).", 0, 0, 0)"; $resql = $this->db->query($sql); if (!$resql) { @@ -1170,7 +1170,7 @@ class ActionComm extends CommonObject if (!empty($already_inserted[$val['id']])) continue; $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'user', ".$val['id'].", ".(empty($val['mandatory']) ? '0' : $val['mandatory']).", ".(empty($val['transparency']) ? '0' : $val['transparency']).", ".(empty($val['answer_status']) ? '0' : $val['answer_status']).")"; + $sql .= " VALUES(".((int) $this->id).", 'user', ".((int) $val['id']).", ".(empty($val['mandatory']) ? '0' : ((int) $val['mandatory'])).", ".(empty($val['transparency']) ? '0' : ((int) $val['transparency'])).", ".(empty($val['answer_status']) ? '0' : ((int) $val['answer_status'])).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -1193,7 +1193,7 @@ class ActionComm extends CommonObject if (!empty($already_inserted[$val['id']])) continue; $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'socpeople', ".$id.", 0, 0, 0)"; + $sql .= " VALUES(".((int) $this->id).", 'socpeople', ".((int) $id).", 0, 0, 0)"; $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index c682131e442..769a966eb8e 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -878,7 +878,7 @@ if ($showbirthday) { // Add events in array $sql = 'SELECT sp.rowid, sp.lastname, sp.firstname, sp.birthday'; $sql .= ' FROM '.MAIN_DB_PREFIX.'socpeople as sp'; - $sql .= ' WHERE (priv=0 OR (priv=1 AND fk_user_creat='.$user->id.'))'; + $sql .= ' WHERE (priv=0 OR (priv=1 AND fk_user_creat='.((int) $user->id).'))'; $sql .= " AND sp.entity IN (".getEntity('socpeople').")"; if ($action == 'show_day') { $sql .= ' AND MONTH(birthday) = '.((int) $month); diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index d467c10fd58..95d882f8076 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -381,7 +381,7 @@ $sql .= " sp.lastname, sp.firstname, sp.email, sp.phone, sp.address, sp.phone as // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index 9051ebfa921..79e25c83385 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -181,7 +181,7 @@ class AdvanceTargetingMailing extends CommonObject $this->db->begin(); - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; $this->errors[] = "Error ".$this->db->lasterror(); @@ -230,7 +230,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; $sql .= " WHERE t.rowid = ".((int) $id); - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -289,7 +289,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = 'mailing'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -352,7 +352,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = '".$this->db->escape($type_element)."'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -422,7 +422,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -600,31 +600,31 @@ class AdvanceTargetingMailing extends CommonObject if (($extrafields->attributes[$elementtype]['type'][$key] == 'varchar') || ($extrafields->attributes[$elementtype]['type'][$key] == 'text')) { if (!empty($arrayquery['options_'.$key])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key])."')"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') || ($extrafields->attributes[$elementtype]['type'][$key] == 'double')) { if (!empty($arrayquery['options_'.$key.'_max'])) { - $sqlwhere[] = " (te.".$key." >= ".$arrayquery['options_'.$key.'_max']." AND te.".$key." <= ".$arrayquery['options_'.$key.'_min'].")"; + $sqlwhere[] = " (te.".$key." >= ".((float) $arrayquery["options_".$key."_max"])." AND te.".$key." <= ".((float) $arrayquery["options_".$key.'_min']).")"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'date') || ($extrafields->attributes[$elementtype]['type'][$key] == 'datetime')) { if (!empty($arrayquery['options_'.$key.'_end_dt'])) { - $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery['options_'.$key.'_st_dt'])."' AND te.".$key." <= '".$this->db->idate($arrayquery['options_'.$key.'_end_dt'])."')"; + $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery["options_".$key."_st_dt"])."' AND te.".$key." <= '".$this->db->idate($arrayquery["options_".$key."_end_dt"])."')"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'boolean') { if ($arrayquery['options_'.$key] != '') { - $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery['options_'.$key]).")"; + $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery["options_".$key]).")"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'link') { if ($arrayquery['options_'.$key] > 0) { - $sqlwhere[]= " (te.".$key." = ".((int) $arrayquery['options_'.$key]).")"; + $sqlwhere[]= " (te.".$key." = ".((int) $arrayquery["options_".$key]).")"; } } else { if (is_array($arrayquery['options_'.$key])) { - $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))"; + $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery["options_".$key])."'", 1)."))"; } elseif (!empty($arrayquery['options_'.$key])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key])."')"; } } } @@ -636,7 +636,7 @@ class AdvanceTargetingMailing extends CommonObject } - dol_syslog(get_class($this)."::query_thirdparty sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::query_thirdparty", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $this->thirdparty_lines = array(); @@ -743,31 +743,31 @@ class AdvanceTargetingMailing extends CommonObject if (($extrafields->attributes[$elementtype]['type'][$key] == 'varchar') || ($extrafields->attributes[$elementtype]['type'][$key] == 'text')) { if (!empty($arrayquery['options_'.$key.'_cnct'])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key.'_cnct'])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key."_cnct"])."')"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') || ($extrafields->attributes[$elementtype]['type'][$key] == 'double')) { if (!empty($arrayquery['options_'.$key.'_max_cnct'])) { - $sqlwhere[] = " (te.".$key." >= ".$arrayquery['options_'.$key.'_max_cnct']." AND te.".$key." <= ".$arrayquery['options_'.$key.'_min_cnct'].")"; + $sqlwhere[] = " (te.".$key." >= ".((float) $arrayquery["options_".$key."_max_cnct"])." AND te.".$key." <= ".((float) $arrayquery["options_".$key."_min_cnct"]).")"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'date') || ($extrafields->attributes[$elementtype]['type'][$key] == 'datetime')) { if (!empty($arrayquery['options_'.$key.'_end_dt_cnct'])) { - $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery['options_'.$key.'_st_dt_cnct'])."' AND te.".$key." <= '".$this->db->idate($arrayquery['options_'.$key.'_end_dt_cnct'])."')"; + $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery["options_".$key."_st_dt_cnct"])."' AND te.".$key." <= '".$this->db->idate($arrayquery["options_".$key."_end_dt_cnct"])."')"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'boolean') { if ($arrayquery['options_'.$key.'_cnct'] != '') { if ($arrayquery['options_'.$key.'_cnct'] == 0) { - $sqlwhere[] = " (te.".$key." = ".$arrayquery['options_'.$key.'_cnct']." OR ((te.".$key." IS NULL) AND (te.fk_object IS NOT NULL)))"; + $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery["options_".$key."_cnct"])." OR ((te.".$key." IS NULL) AND (te.fk_object IS NOT NULL)))"; } else { - $sqlwhere[] = " (te.".$key." = ".$arrayquery['options_'.$key.'_cnct'].")"; + $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery["options_".$key."_cnct"]).")"; } } } else { if (is_array($arrayquery['options_'.$key.'_cnct'])) { - $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key.'_cnct'])."'", 1)."))"; + $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery["options_".$key."_cnct"])."'", 1)."))"; } elseif (!empty($arrayquery['options_'.$key.'_cnct'])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key.'_cnct'])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key."_cnct"])."')"; } } } @@ -850,22 +850,22 @@ class AdvanceTargetingMailing extends CommonObject } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') || ($extrafields->attributes[$elementtype]['type'][$key] == 'double')) { if (!empty($arrayquery['options_'.$key.'_max'])) { - $sqlwhere[] = " (tse.".$key." >= ".$arrayquery['options_'.$key.'_max']." AND tse.".$key." <= ".$arrayquery['options_'.$key.'_min'].")"; + $sqlwhere[] = " (tse.".$key." >= ".((float) $arrayquery["options_".$key."_max"])." AND tse.".$key." <= ".((float) $arrayquery["options_".$key."_min"]).")"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'date') || ($extrafields->attributes[$elementtype]['type'][$key] == 'datetime')) { if (!empty($arrayquery['options_'.$key.'_end_dt'])) { - $sqlwhere[] = " (tse.".$key." >= '".$this->db->idate($arrayquery['options_'.$key.'_st_dt'])."' AND tse.".$key." <= '".$this->db->idate($arrayquery['options_'.$key.'_end_dt'])."')"; + $sqlwhere[] = " (tse.".$key." >= '".$this->db->idate($arrayquery["options_".$key."_st_dt"])."' AND tse.".$key." <= '".$this->db->idate($arrayquery["options_".$key."_end_dt"])."')"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'boolean') { if ($arrayquery['options_'.$key] != '') { - $sqlwhere[] = " (tse.".$key." = ".$arrayquery['options_'.$key].")"; + $sqlwhere[] = " (tse.".$key." = ".((int) $arrayquery["options_".$key]).")"; } } else { if (is_array($arrayquery['options_'.$key])) { - $sqlwhere[] = " (tse.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))"; + $sqlwhere[] = " (tse.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery["options_".$key])."'", 1)."))"; } elseif (!empty($arrayquery['options_'.$key])) { - $sqlwhere[] = " (tse.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')"; + $sqlwhere[] = " (tse.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key])."')"; } } } @@ -877,7 +877,7 @@ class AdvanceTargetingMailing extends CommonObject } } - dol_syslog(get_class($this)."::query_contact sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::query_contact", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $this->contact_lines = array(); diff --git a/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php b/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php index 12684e5f873..cfdca4a1fc2 100644 --- a/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php +++ b/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php @@ -237,22 +237,22 @@ class FormAdvTargetEmailing extends Form $keyList = 'rowid'; if (count($InfoFieldList) >= 3) { - if (strpos($InfoFieldList [3], 'extra.') !== false) { - $keyList = 'main.'.$InfoFieldList [2].' as rowid'; + if (strpos($InfoFieldList[3], 'extra.') !== false) { + $keyList = 'main.'.$InfoFieldList[2].' as rowid'; } else { - $keyList = $InfoFieldList [2].' as rowid'; + $keyList = $InfoFieldList[2].' as rowid'; } } - $sql = 'SELECT '.$keyList.', '.$InfoFieldList [1]; - $sql .= ' FROM '.MAIN_DB_PREFIX.$InfoFieldList [0]; - if (!empty($InfoFieldList [3])) { + $sql = "SELECT ".$keyList.", ".$InfoFieldList[1]; + $sql .= " FROM ".MAIN_DB_PREFIX.$InfoFieldList[0]; + if (!empty($InfoFieldList[3])) { // We have to join on extrafield table - if (strpos($InfoFieldList [3], 'extra') !== false) { - $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList [0].'_extrafields as extra'; - $sql .= ' WHERE extra.fk_object=main.'.$InfoFieldList [2].' AND '.$InfoFieldList [3]; + if (strpos($InfoFieldList[3], 'extra') !== false) { + $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; + $sql .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[3]; } else { - $sql .= ' WHERE '.$InfoFieldList [3]; + $sql .= " WHERE ".$InfoFieldList[3]; } } if (!empty($InfoFieldList[1])) { @@ -267,7 +267,7 @@ class FormAdvTargetEmailing extends Form if ($num) { while ($i < $num) { $obj = $this->db->fetch_object($resql); - $labeltoshow = dol_trunc($obj->$InfoFieldList [1], 90); + $labeltoshow = dol_trunc($obj->$InfoFieldList[1], 90); $options_array[$obj->rowid] = $labeltoshow; $i++; } diff --git a/htdocs/comm/mailing/class/mailing.class.php b/htdocs/comm/mailing/class/mailing.class.php index 2d33d4219d8..2f9ef25af31 100644 --- a/htdocs/comm/mailing/class/mailing.class.php +++ b/htdocs/comm/mailing/class/mailing.class.php @@ -228,7 +228,7 @@ class Mailing extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing"; $sql .= " (date_creat, fk_user_creat, entity)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$user->id.", ".$conf->entity.")"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $user->id).", ".((int) $conf->entity).")"; if (!$this->title) { $this->title = $langs->trans("NoTitle"); @@ -647,7 +647,7 @@ class Mailing extends CommonObject $nbforupdate = $obj->nb; $sql = 'UPDATE '.MAIN_DB_PREFIX.'mailing SET nbemail = '.((int) $nbforupdate); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' WHERE rowid = '.((int) $this->id); $resqlupdate = $this->db->query($sql); if (! $resqlupdate) { diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 6e3f60a7cf5..2d304f9b1a8 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1727,7 +1727,7 @@ class Propal extends CommonObject $sql .= ' d.fk_multicurrency, d.multicurrency_code, d.multicurrency_subprice, d.multicurrency_total_ht, d.multicurrency_total_tva, d.multicurrency_total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'propaldet as d'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON (d.fk_product = p.rowid)'; - $sql .= ' WHERE d.fk_propal = '.$this->id; + $sql .= ' WHERE d.fk_propal = '.((int) $this->id); if ($only_product) { $sql .= ' AND p.fk_product_type = 0'; } diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 23a16e2cfe7..bf06a27e620 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -481,7 +481,7 @@ if ($search_categ_cus) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 050b7251898..837683c3800 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -934,8 +934,8 @@ class Commande extends CommonOrder $sql .= ", multicurrency_code"; $sql .= ", multicurrency_tx"; $sql .= ")"; - $sql .= " VALUES ('(PROV)', ".$this->socid.", '".$this->db->idate($now)."', ".$user->id; - $sql .= ", ".($this->fk_project > 0 ? $this->fk_project : "null"); + $sql .= " VALUES ('(PROV)', ".((int) $this->socid).", '".$this->db->idate($now)."', ".((int) $user->id); + $sql .= ", ".($this->fk_project > 0 ? ((int) $this->fk_project) : "null"); $sql .= ", '".$this->db->idate($date)."'"; $sql .= ", ".($this->source >= 0 && $this->source != '' ? $this->db->escape($this->source) : 'null'); $sql .= ", '".$this->db->escape($this->note_private)."'"; @@ -944,15 +944,15 @@ class Commande extends CommonOrder $sql .= ", ".($this->ref_client ? "'".$this->db->escape($this->ref_client)."'" : "null"); $sql .= ", ".($this->ref_int ? "'".$this->db->escape($this->ref_int)."'" : "null"); $sql .= ", '".$this->db->escape($this->model_pdf)."'"; - $sql .= ", ".($this->cond_reglement_id > 0 ? $this->cond_reglement_id : "null"); - $sql .= ", ".($this->mode_reglement_id > 0 ? $this->mode_reglement_id : "null"); - $sql .= ", ".($this->fk_account > 0 ? $this->fk_account : 'NULL'); - $sql .= ", ".($this->availability_id > 0 ? $this->availability_id : "null"); - $sql .= ", ".($this->demand_reason_id > 0 ? $this->demand_reason_id : "null"); + $sql .= ", ".($this->cond_reglement_id > 0 ? ((int) $this->cond_reglement_id) : "null"); + $sql .= ", ".($this->mode_reglement_id > 0 ? ((int) $this->mode_reglement_id) : "null"); + $sql .= ", ".($this->fk_account > 0 ? ((int) $this->fk_account) : 'NULL'); + $sql .= ", ".($this->availability_id > 0 ? ((int) $this->availability_id) : "null"); + $sql .= ", ".($this->demand_reason_id > 0 ? ((int) $this->demand_reason_id) : "null"); $sql .= ", ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : "null"); - $sql .= ", ".($this->fk_delivery_address > 0 ? $this->fk_delivery_address : 'NULL'); - $sql .= ", ".(!empty($this->shipping_method_id) && $this->shipping_method_id > 0 ? $this->shipping_method_id : 'NULL'); - $sql .= ", ".(!empty($this->warehouse_id) && $this->warehouse_id > 0 ? $this->warehouse_id : 'NULL'); + $sql .= ", ".($this->fk_delivery_address > 0 ? ((int) $this->fk_delivery_address) : 'NULL'); + $sql .= ", ".(!empty($this->shipping_method_id) && $this->shipping_method_id > 0 ? ((int) $this->shipping_method_id) : 'NULL'); + $sql .= ", ".(!empty($this->warehouse_id) && $this->warehouse_id > 0 ? ((int) $this->warehouse_id) : 'NULL'); $sql .= ", ".($this->remise_absolue > 0 ? $this->db->escape($this->remise_absolue) : 'NULL'); $sql .= ", ".($this->remise_percent > 0 ? $this->db->escape($this->remise_percent) : 0); $sql .= ", ".(int) $this->fk_incoterms; @@ -962,7 +962,7 @@ class Commande extends CommonOrder $sql .= ", ".($this->pos_source != '' ? "'".$this->db->escape($this->pos_source)."'" : "null"); $sql .= ", ".(int) $this->fk_multicurrency; $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; - $sql .= ", ".(double) $this->multicurrency_tx; + $sql .= ", ".(float) $this->multicurrency_tx; $sql .= ")"; dol_syslog(get_class($this)."::create", LOG_DEBUG); diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index b11d97811c8..6f6643336f6 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -436,7 +436,7 @@ if ($search_categ_cus) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 14aeee29d69..51ff5a5b5c4 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -561,7 +561,7 @@ $sql .= " ba.rowid as bankid, ba.ref as bankref"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/bank/list.php b/htdocs/compta/bank/list.php index 657b1cb8577..cd6e6cfd365 100644 --- a/htdocs/compta/bank/list.php +++ b/htdocs/compta/bank/list.php @@ -185,7 +185,7 @@ $sql = "SELECT b.rowid, b.label, b.courant, b.rappro, b.account_number, b.fk_acc // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php index 407e8b3cf73..dbaaf882bfb 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_list.php +++ b/htdocs/compta/cashcontrol/cashcontrol_list.php @@ -223,7 +223,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -287,7 +287,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php index d099bfd57bc..660c7d7c4e4 100644 --- a/htdocs/compta/facture/invoicetemplate_list.php +++ b/htdocs/compta/facture/invoicetemplate_list.php @@ -260,7 +260,7 @@ $sql .= " f.fk_cond_reglement, f.fk_mode_reglement"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index cd274c686a9..76cddb2d909 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -561,7 +561,7 @@ if ($search_categ_cus && $search_categ_cus!=-1) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 94264d0f9f6..8c8a563f418 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -292,8 +292,8 @@ class Paiement extends CommonObject $note = ($this->note_private ? $this->note_private : $this->note); $sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement (entity, ref, ref_ext, datec, datep, amount, multicurrency_amount, fk_paiement, num_paiement, note, ext_payment_id, ext_payment_site, fk_user_creat, pos_change)"; - $sql .= " VALUES (".$conf->entity.", '".$this->db->escape($this->ref)."', '".$this->db->escape($this->ref_ext)."', '".$this->db->idate($now)."', '".$this->db->idate($this->datepaye)."', ".$total.", ".$mtotal.", ".$this->paiementid.", "; - $sql .= "'".$this->db->escape($num_payment)."', '".$this->db->escape($note)."', ".($this->ext_payment_id ? "'".$this->db->escape($this->ext_payment_id)."'" : "null").", ".($this->ext_payment_site ? "'".$this->db->escape($this->ext_payment_site)."'" : "null").", ".$user->id.", ".((float) $this->pos_change).")"; + $sql .= " VALUES (".((int) $conf->entity).", '".$this->db->escape($this->ref)."', '".$this->db->escape($this->ref_ext)."', '".$this->db->idate($now)."', '".$this->db->idate($this->datepaye)."', ".((float) $total).", ".((float) $mtotal).", ".((int) $this->paiementid).", "; + $sql .= "'".$this->db->escape($num_payment)."', '".$this->db->escape($note)."', ".($this->ext_payment_id ? "'".$this->db->escape($this->ext_payment_id)."'" : "null").", ".($this->ext_payment_site ? "'".$this->db->escape($this->ext_payment_site)."'" : "null").", ".((int) $user->id).", ".((float) $this->pos_change).")"; $resql = $this->db->query($sql); if ($resql) { @@ -305,7 +305,7 @@ class Paiement extends CommonObject if (is_numeric($amount) && $amount <> 0) { $amount = price2num($amount); $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiement_facture (fk_facture, fk_paiement, amount, multicurrency_amount)'; - $sql .= ' VALUES ('.$facid.', '.$this->id.', \''.$amount.'\', \''.$this->multicurrency_amounts[$key].'\')'; + $sql .= ' VALUES ('.((int) $facid).', '.((int) $this->id).", ".((float) $amount).", ".((float) $this->multicurrency_amounts[$key]).')'; dol_syslog(get_class($this).'::create Amount line '.$key.' insert paiement_facture', LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index a97facc592c..ed7ecae5cf9 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -868,7 +868,7 @@ class BonPrelevement extends CommonObject $sql .= " AND f.total_ttc > 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; - dol_syslog(__METHOD__."::Read invoices, sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__."::Read invoices,", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -992,7 +992,7 @@ class BonPrelevement extends CommonObject $sql .= " AND entity = ".((int) $conf->entity); $sql .= " ORDER BY ref DESC LIMIT 1"; - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1408,7 +1408,7 @@ class BonPrelevement extends CommonObject $now = dol_now(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec,fk_user, fk_soc, fk_contact, fk_action)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$userid.", 'NULL', 'NULL', '".$this->db->escape($action)."')"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $userid).", 'NULL', 'NULL', '".$this->db->escape($action)."')"; dol_syslog("adnotiff: ".$sql); if ($this->db->query($sql)) { diff --git a/htdocs/compta/stats/byratecountry.php b/htdocs/compta/stats/byratecountry.php index d65bed019fc..9a9ba40b56a 100644 --- a/htdocs/compta/stats/byratecountry.php +++ b/htdocs/compta/stats/byratecountry.php @@ -325,7 +325,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " GROUP BY fd.tva_tx,fd.product_type, cc.label, cc.code "; $sql .= " ORDER BY country, product_type, vatrate"; - dol_syslog("htdocs/compta/tva/index.php sql=".$sql, LOG_DEBUG); + dol_syslog("htdocs/compta/tva/index.php", LOG_DEBUG); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -413,7 +413,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql2 .= " ORDER BY country, product_type, vatrate"; //print $sql2; - dol_syslog("htdocs/compta/tva/index.php sql=".$sql, LOG_DEBUG); + dol_syslog("htdocs/compta/tva/index.php", LOG_DEBUG); $resql2 = $db->query($sql2); if ($resql2) { $num = $db->num_rows($resql2); diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index a63a1bf7e49..3f98f556cb7 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -361,7 +361,7 @@ $sql .= " co.label as country, co.code as country_code"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 65ffcb7e99a..1ce51af2d90 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -957,13 +957,13 @@ class Contrat extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."contrat (datec, fk_soc, fk_user_author, date_contrat,"; $sql .= " fk_commercial_signature, fk_commercial_suivi, fk_projet,"; $sql .= " ref, entity, note_private, note_public, ref_customer, ref_supplier, ref_ext)"; - $sql .= " VALUES ('".$this->db->idate($now)."',".$this->socid.",".$user->id; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $this->socid).", ".((int) $user->id); $sql .= ", ".(dol_strlen($this->date_contrat) != 0 ? "'".$this->db->idate($this->date_contrat)."'" : "NULL"); - $sql .= ",".($this->commercial_signature_id > 0 ? $this->commercial_signature_id : "NULL"); - $sql .= ",".($this->commercial_suivi_id > 0 ? $this->commercial_suivi_id : "NULL"); - $sql .= ",".($this->fk_project > 0 ? $this->fk_project : "NULL"); + $sql .= ",".($this->commercial_signature_id > 0 ? ((int) $this->commercial_signature_id) : "NULL"); + $sql .= ",".($this->commercial_suivi_id > 0 ? ((int) $this->commercial_suivi_id) : "NULL"); + $sql .= ",".($this->fk_project > 0 ? ((int) $this->fk_project) : "NULL"); $sql .= ", ".(dol_strlen($this->ref) <= 0 ? "null" : "'".$this->db->escape($this->ref)."'"); - $sql .= ", ".$conf->entity; + $sql .= ", ".((int) $conf->entity); $sql .= ", ".(!empty($this->note_private) ? ("'".$this->db->escape($this->note_private)."'") : "NULL"); $sql .= ", ".(!empty($this->note_public) ? ("'".$this->db->escape($this->note_public)."'") : "NULL"); $sql .= ", ".(!empty($this->ref_customer) ? ("'".$this->db->escape($this->ref_customer)."'") : "NULL"); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index 9062bb9fd9c..596e86df53e 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -244,7 +244,7 @@ $sql .= ' SUM('.$db->ifsql("cd.statut=5", 1, 0).') as nb_closed'; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index d98aca0927d..0c06a194fd4 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -235,7 +235,7 @@ $sql .= " cd.tms as date_update"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/core/class/cproductnature.class.php b/htdocs/core/class/cproductnature.class.php index 6c3a1f7bb9d..cd2114d4929 100644 --- a/htdocs/core/class/cproductnature.class.php +++ b/htdocs/core/class/cproductnature.class.php @@ -226,7 +226,7 @@ class CProductNature // extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/ctyperesource.class.php b/htdocs/core/class/ctyperesource.class.php index b0a604e9e28..c286418caab 100644 --- a/htdocs/core/class/ctyperesource.class.php +++ b/htdocs/core/class/ctyperesource.class.php @@ -253,7 +253,7 @@ class Ctyperesource $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/cunits.class.php b/htdocs/core/class/cunits.class.php index 364565af3aa..536a596d2f1 100644 --- a/htdocs/core/class/cunits.class.php +++ b/htdocs/core/class/cunits.class.php @@ -269,7 +269,7 @@ class CUnits // extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/defaultvalues.class.php b/htdocs/core/class/defaultvalues.class.php index 5b49254b275..165ba87c45d 100644 --- a/htdocs/core/class/defaultvalues.class.php +++ b/htdocs/core/class/defaultvalues.class.php @@ -286,7 +286,7 @@ class DefaultValues extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/notify.class.php b/htdocs/core/class/notify.class.php index 2f160457ba1..019618366d1 100644 --- a/htdocs/core/class/notify.class.php +++ b/htdocs/core/class/notify.class.php @@ -622,10 +622,10 @@ class Notify if ($mailfile->sendfile()) { if ($obj->type_target == 'touserid') { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_soc, fk_user, type, objet_type, type_target, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".$notifcodedefid.", ".($object->socid ? $object->socid : 'null').", ".$obj->cid.", '".$obj->type."', '".$object_type."', '".$obj->type_target."', ".$object->id.", '".$this->db->escape($obj->email)."')"; + $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".((int) $notifcodedefid).", ".($object->socid > 0 ? ((int) $object->socid) : 'null').", ".((int) $obj->cid).", '".$this->db->escape($obj->type)."', '".$this->db->escape($object_type)."', '".$this->db->escape($obj->type_target)."', ".((int) $object->id).", '".$this->db->escape($obj->email)."')"; } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_soc, fk_contact, type, objet_type, type_target, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".$notifcodedefid.", ".($object->socid ? $object->socid : 'null').", ".$obj->cid.", '".$obj->type."', '".$object_type."', '".$obj->type_target."', ".$object->id.", '".$this->db->escape($obj->email)."')"; + $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".((int) $notifcodedefid).", ".($object->socid > 0 ? ((int) $object->socid) : 'null').", ".((int) $obj->cid).", '".$this->db->escape($obj->type)."', '".$this->db->escape($object_type)."', '".$this->db->escape($obj->type_target)."', ".((int) $object->id).", '".$this->db->escape($obj->email)."')"; } if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -857,7 +857,7 @@ class Notify if ($mailfile->sendfile()) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_soc, fk_contact, type, type_target, objet_type, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".$notifcodedefid.", ".($object->socid ? $object->socid : 'null').", null, 'email', 'tofixedemail', '".$object_type."', ".$object->id.", '".$this->db->escape($conf->global->$param)."')"; + $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".((int) $notifcodedefid).", ".($object->socid > 0 ? ((int) $object->socid) : 'null').", null, 'email', 'tofixedemail', '".$this->db->escape($object_type)."', ".((int) $object->id).", '".$this->db->escape($conf->global->$param)."')"; if (!$this->db->query($sql)) { dol_print_error($this->db); } diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php index 8c62390f447..29ced10dc35 100644 --- a/htdocs/core/db/DoliDB.class.php +++ b/htdocs/core/db/DoliDB.class.php @@ -203,9 +203,9 @@ abstract class DoliDB implements Database $limit = $conf->liste_limit; } if ($offset > 0) { - return " LIMIT $offset,$limit "; + return " LIMIT ".((int) $offset).",".((int) $limit)." "; } else { - return " LIMIT $limit "; + return " LIMIT ".((int) $limit)." "; } } diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 6361860e392..3df3e7ee182 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -1806,7 +1806,7 @@ function addDocumentModel($name, $type, $label = '', $description = '') $db->begin(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)"; - $sql .= " VALUES ('".$db->escape($name)."','".$db->escape($type)."',".$conf->entity.", "; + $sql .= " VALUES ('".$db->escape($name)."','".$db->escape($type)."',".((int) $conf->entity).", "; $sql .= ($label ? "'".$db->escape($label)."'" : 'null').", "; $sql .= (!empty($description) ? "'".$db->escape($description)."'" : "null"); $sql .= ")"; diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index ae7acf44861..f89156b24e1 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -1815,7 +1815,7 @@ function dol_set_user_param($db, $conf, &$user, $tab) // Set new parameters if ($value) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_param(fk_user,entity,param,value)"; - $sql .= " VALUES (".((int) $user->id).",".$conf->entity.","; + $sql .= " VALUES (".((int) $user->id).",".((int) $conf->entity).","; $sql .= " '".$db->escape($key)."','".$db->escape($value)."')"; dol_syslog("functions2.lib::dol_set_user_param", LOG_DEBUG); diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 2e21e2c7ef1..e9688daf28e 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -1222,8 +1222,8 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it continue; // Not enabled by default onto this page. } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."boxes (box_id,position,box_order,fk_user,entity)"; - $sql .= " VALUES (".$lastid.", ".$key2.", '0', 0, ".$conf->entity.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."boxes (box_id, position, box_order, fk_user, entity)"; + $sql .= " VALUES (".((int) $lastid).", ".((int) $key2).", '0', 0, ".((int) $conf->entity).")"; dol_syslog(get_class($this)."::insert_boxes onto page ".$key2."=".$val2."", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2065,7 +2065,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it if ($row[0] == 0) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."const (name,type,value,note,visible,entity)"; - $sql .= " VALUES (".$this->db->encrypt($name, 1).",'chaine',".$this->db->encrypt($dir, 1).",'Directory for module ".$this->name."','0',".$conf->entity.")"; + $sql .= " VALUES ('".$this->db->escape($this->db->encrypt($name))."', 'chaine', '".$this->db->escape($this->db->encrypt($dir))."', 'Directory for module ".$this->name."', '0', ".((int) $conf->entity).")"; dol_syslog(get_class($this)."::insert_dirs", LOG_DEBUG); $this->db->query($sql); @@ -2156,12 +2156,12 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it $sql .= ", entity"; $sql .= ")"; $sql .= " VALUES ("; - $sql .= $this->db->encrypt($this->const_name."_".strtoupper($key), 1); + $sql .= "'".$this->db->escape($this->db->encrypt($this->const_name."_".strtoupper($key)))."'"; $sql .= ", 'chaine'"; - $sql .= ", ".$this->db->encrypt($newvalue, 1); + $sql .= ", '".$this->db->escape($this->db->encrypt($newvalue))."'"; $sql .= ", null"; $sql .= ", '0'"; - $sql .= ", ".$entity; + $sql .= ", ".((int) $entity); $sql .= ")"; dol_syslog(get_class($this)."::insert_module_parts for key=".$this->const_name."_".strtoupper($key), LOG_DEBUG); diff --git a/htdocs/core/modules/modAdherent.class.php b/htdocs/core/modules/modAdherent.class.php index d620c6244b7..ff0c67408c5 100644 --- a/htdocs/core/modules/modAdherent.class.php +++ b/htdocs/core/modules/modAdherent.class.php @@ -431,8 +431,8 @@ class modAdherent extends DolibarrModules }*/ $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type='member' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','member',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type='member' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','member',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modBom.class.php b/htdocs/core/modules/modBom.class.php index 18f46fda70f..71b40d5f19c 100644 --- a/htdocs/core/modules/modBom.class.php +++ b/htdocs/core/modules/modBom.class.php @@ -503,8 +503,8 @@ class modBom extends DolibarrModules } $sql = array( - //"DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape('standard')."' AND type = 'bom' AND entity = ".$conf->entity, - //"INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape('standard')."', 'bom', ".$conf->entity.")" + //"DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape('standard')."' AND type = 'bom' AND entity = ".((int) $conf->entity), + //"INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape('standard')."', 'bom', ".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modCommande.class.php b/htdocs/core/modules/modCommande.class.php index 4275d806d40..d9d30e8b7a1 100644 --- a/htdocs/core/modules/modCommande.class.php +++ b/htdocs/core/modules/modCommande.class.php @@ -466,8 +466,8 @@ class modCommande extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','order',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."', 'order', ".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modContrat.class.php b/htdocs/core/modules/modContrat.class.php index f91e54039f4..2fc0c7f1e0d 100644 --- a/htdocs/core/modules/modContrat.class.php +++ b/htdocs/core/modules/modContrat.class.php @@ -33,7 +33,6 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; */ class modContrat extends DolibarrModules { - /** * Constructor. Define names, constants, directories, boxes, permissions * @@ -246,8 +245,8 @@ class modContrat extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'contract' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','contract',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'contract' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."', 'contract', ".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modDon.class.php b/htdocs/core/modules/modDon.class.php index 7d8a8fc9455..da7ee6c5e82 100644 --- a/htdocs/core/modules/modDon.class.php +++ b/htdocs/core/modules/modDon.class.php @@ -156,8 +156,8 @@ class modDon extends DolibarrModules global $conf; $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'donation' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','donation',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'donation' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','donation',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modEmailCollector.class.php b/htdocs/core/modules/modEmailCollector.class.php index 53223ecd705..566d050aacd 100644 --- a/htdocs/core/modules/modEmailCollector.class.php +++ b/htdocs/core/modules/modEmailCollector.class.php @@ -264,16 +264,6 @@ class modEmailCollector extends DolibarrModules public function init($options = '') { global $conf, $user; - //$this->_load_tables('/dav/sql/'); - - // Create extrafields - //include_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; - //$extrafields = new ExtraFields($this->db); - //$result1=$extrafields->addExtraField('myattr1', "New Attr 1 label", 'boolean', 1, 3, 'thirdparty', 0, 0, '', '', 1, '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); - //$result2=$extrafields->addExtraField('myattr2', "New Attr 2 label", 'varchar', 1, 10, 'project', 0, 0, '', '', 1, '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); - //$result3=$extrafields->addExtraField('myattr3', "New Attr 3 label", 'varchar', 1, 10, 'bank_account', 0, 0, '', '', 1, '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); - //$result4=$extrafields->addExtraField('myattr4', "New Attr 4 label", 'select', 1, 3, 'thirdparty', 0, 1, '', array('options'=>array('code1'=>'Val1','code2'=>'Val2','code3'=>'Val3')), 1 '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); - //$result5=$extrafields->addExtraField('myattr5', "New Attr 5 label", 'text', 1, 10, 'user', 0, 0, '', '', 1, '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); $sql = array(); @@ -285,17 +275,17 @@ class modEmailCollector extends DolibarrModules $descriptionA1 .= ' If the collector Collect_Responses is also enabled, when you send an email from the ticket, you may also see answers of your customers or partners directly on the ticket view.'; $sqlforexampleA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleA1 .= " VALUES (".$conf->entity.", 'Collect_Ticket_Requets', 'Example to collect ticket requests', '".$this->db->escape($descriptionA1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleA1 .= " VALUES (".$conf->entity.", 'Collect_Ticket_Requets', 'Example to collect ticket requests', '".$this->db->escape($descriptionA1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleFilterA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterA2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterA3 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, rulevalue, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'to', 'support@example.com', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'to', 'support@example.com', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleA4 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleA4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'ticket', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleA4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'ticket', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleA1; $sql[] = $sqlforexampleFilterA1; @@ -314,14 +304,14 @@ class modEmailCollector extends DolibarrModules $descriptionA1 = 'This collector will scan your mailbox "Sent" directory to find emails that was sent as an answer of another email directly from your email software and not from Dolibarr. If such an email is found, the event of answer is recorded into Dolibarr.'; $sqlforexampleA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleA1 .= " VALUES (".$conf->entity.", 'Collect_Responses_Out', 'Example to collect answers to emails done from your external email software', '".$this->db->escape($descriptionA1)."', 'Sent', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleA1 .= " VALUES (".$conf->entity.", 'Collect_Responses_Out', 'Example to collect answers to emails done from your external email software', '".$this->db->escape($descriptionA1)."', 'Sent', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleFilterA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".$conf->entity."), 'isanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".((int) $conf->entity)."), 'isanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterA2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".$conf->entity."), 'withouttrackingidinmsgid', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".((int) $conf->entity)."), 'withouttrackingidinmsgid', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleActionA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleActionA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".$conf->entity."), 'recordevent', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleActionA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".((int) $conf->entity)."), 'recordevent', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleA1; $sql[] = $sqlforexampleFilterA1; @@ -330,18 +320,18 @@ class modEmailCollector extends DolibarrModules } } - $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".$conf->entity; + $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".((int) $conf->entity); $tmpresql = $this->db->query($tmpsql); if ($tmpresql) { if ($this->db->num_rows($tmpresql) == 0) { $descriptionB1 = 'This collector will scan your mailbox to find all emails that are an answer of an email sent from your application. An event (Module Agenda must be enabled) with the email response will be recorded at the good place. For example, if your send a commercial proposal, order, invoice or message for a ticket by email from the application, and your customer answers your email, the system will automatically catch the answer and add it into your ERP.'; $sqlforexampleB1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleB1 .= " VALUES (".$conf->entity.", 'Collect_Responses_In', 'Example to collect any received email that is a response of an email sent from Dolibarr', '".$this->db->escape($descriptionB1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleB1 .= " VALUES (".$conf->entity.", 'Collect_Responses_In', 'Example to collect any received email that is a response of an email sent from Dolibarr', '".$this->db->escape($descriptionB1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleB2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleB2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".$conf->entity."), 'isanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleB2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".((int) $conf->entity)."), 'isanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleB3 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleB3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".$conf->entity."), 'recordevent', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleB3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".((int) $conf->entity)."), 'recordevent', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleB1; $sql[] = $sqlforexampleB2; @@ -351,7 +341,7 @@ class modEmailCollector extends DolibarrModules dol_print_error($this->db); } - $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity; + $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity); $tmpresql = $this->db->query($tmpsql); if ($tmpresql) { if ($this->db->num_rows($tmpresql) == 0) { @@ -360,17 +350,17 @@ class modEmailCollector extends DolibarrModules $descriptionC1 .= "Note: With this initial example, the title of the lead is generated including the email. If the thirdparty can't be found in database (new customer), the lead will be attached to the thirdparty with ID 1."; $sqlforexampleC1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleC1 .= " VALUES (".$conf->entity.", 'Collect_Leads', 'Example to collect leads', '".$this->db->escape($descriptionC1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleC1 .= " VALUES (".$conf->entity.", 'Collect_Leads', 'Example to collect leads', '".$this->db->escape($descriptionC1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleFilterC1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity)."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterC2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity)."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterC3 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, rulevalue, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity."), 'to', 'sales@example.com', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity)."), 'to', 'sales@example.com', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleC4 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, actionparam, date_creation, fk_user_creat, status)"; - $sqlforexampleC4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity."), 'project', 'tmp_from=EXTRACT:HEADER:^From:(.*);socid=SETIFEMPTY:1;usage_opportunity=SET:1;description=EXTRACT:BODY:(.*);title=SET:Lead or message from __tmp_from__ received by email', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleC4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity)."), 'project', 'tmp_from=EXTRACT:HEADER:^From:(.*);socid=SETIFEMPTY:1;usage_opportunity=SET:1;description=EXTRACT:BODY:(.*);title=SET:Lead or message from __tmp_from__ received by email', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleC1; $sql[] = $sqlforexampleFilterC1; @@ -382,7 +372,7 @@ class modEmailCollector extends DolibarrModules dol_print_error($this->db); } - $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity; + $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity); $tmpresql = $this->db->query($tmpsql); if ($tmpresql) { if ($this->db->num_rows($tmpresql) == 0) { @@ -390,17 +380,17 @@ class modEmailCollector extends DolibarrModules $descriptionC1 .= "Note: With this initial example, the title of the candidature is generated including the email."; $sqlforexampleC1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleC1 .= " VALUES (".$conf->entity.", 'Collect_Candidatures', 'Example to collect email for job candidatures', '".$this->db->escape($descriptionC1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleC1 .= " VALUES (".$conf->entity.", 'Collect_Candidatures', 'Example to collect email for job candidatures', '".$this->db->escape($descriptionC1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleFilterC1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity)."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterC2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity)."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterC3 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, rulevalue, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity."), 'to', 'jobs@example.com', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity)."), 'to', 'jobs@example.com', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleC4 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, actionparam, date_creation, fk_user_creat, status)"; - $sqlforexampleC4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity."), 'candidature', 'tmp_from=EXTRACT:HEADER:^From:(.*)(<.*>)?;fk_recruitmentjobposition=EXTRACT:HEADER:^To:[^\n]*\+([^\n]*);description=EXTRACT:BODY:(.*);lastname=SET:__tmp_from__', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleC4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity)."), 'candidature', 'tmp_from=EXTRACT:HEADER:^From:(.*)(<.*>)?;fk_recruitmentjobposition=EXTRACT:HEADER:^To:[^\n]*\+([^\n]*);description=EXTRACT:BODY:(.*);lastname=SET:__tmp_from__', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleC1; $sql[] = $sqlforexampleFilterC1; diff --git a/htdocs/core/modules/modEventOrganization.class.php b/htdocs/core/modules/modEventOrganization.class.php index 4ba73d4fe2c..8a3fb3d80cf 100644 --- a/htdocs/core/modules/modEventOrganization.class.php +++ b/htdocs/core/modules/modEventOrganization.class.php @@ -387,10 +387,10 @@ class modEventOrganization extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".$this->db->escape(strtolower($myTmpObjectKey))."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/modExpedition.class.php b/htdocs/core/modules/modExpedition.class.php index 238eef2d6fe..c10e13a46d8 100644 --- a/htdocs/core/modules/modExpedition.class.php +++ b/htdocs/core/modules/modExpedition.class.php @@ -359,10 +359,10 @@ class modExpedition extends DolibarrModules $sql = array(); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'shipping' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','shipping',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'delivery' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','delivery',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'shipping' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','shipping',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'delivery' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','delivery',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modExpenseReport.class.php b/htdocs/core/modules/modExpenseReport.class.php index 63bc99f41ee..53708ece3dd 100644 --- a/htdocs/core/modules/modExpenseReport.class.php +++ b/htdocs/core/modules/modExpenseReport.class.php @@ -249,8 +249,8 @@ class modExpenseReport extends DolibarrModules $this->remove($options); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard' AND type='expensereport' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard','expensereport',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard' AND type='expensereport' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard','expensereport',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modFacture.class.php b/htdocs/core/modules/modFacture.class.php index bb044900acd..2fadb5d86ae 100644 --- a/htdocs/core/modules/modFacture.class.php +++ b/htdocs/core/modules/modFacture.class.php @@ -458,8 +458,8 @@ class modFacture extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'invoice' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','invoice',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'invoice' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','invoice',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modFicheinter.class.php b/htdocs/core/modules/modFicheinter.class.php index af99e6f646f..784eeb006c3 100644 --- a/htdocs/core/modules/modFicheinter.class.php +++ b/htdocs/core/modules/modFicheinter.class.php @@ -231,8 +231,8 @@ class modFicheinter extends DolibarrModules $this->remove($options); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'ficheinter' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','ficheinter',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'ficheinter' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','ficheinter',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modFournisseur.class.php b/htdocs/core/modules/modFournisseur.class.php index 5d71a5abdc8..baa983fc7cf 100644 --- a/htdocs/core/modules/modFournisseur.class.php +++ b/htdocs/core/modules/modFournisseur.class.php @@ -857,8 +857,8 @@ class modFournisseur extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order_supplier' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','order_supplier',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order_supplier' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."', 'order_supplier', ".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modHoliday.class.php b/htdocs/core/modules/modHoliday.class.php index be0b39ecc7e..63c76e24548 100644 --- a/htdocs/core/modules/modHoliday.class.php +++ b/htdocs/core/modules/modHoliday.class.php @@ -336,8 +336,8 @@ class modHoliday extends DolibarrModules */ $sql = array( - // "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'holiday' AND entity = ".$conf->entity, - // "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','holiday',".$conf->entity.")" + // "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'holiday' AND entity = ".((int) $conf->entity), + // "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','holiday',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modKnowledgeManagement.class.php b/htdocs/core/modules/modKnowledgeManagement.class.php index 6d9bef40232..5957158e893 100644 --- a/htdocs/core/modules/modKnowledgeManagement.class.php +++ b/htdocs/core/modules/modKnowledgeManagement.class.php @@ -474,10 +474,10 @@ class modKnowledgeManagement extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/modMrp.class.php b/htdocs/core/modules/modMrp.class.php index eb3baae78cd..1cfbd76caf7 100644 --- a/htdocs/core/modules/modMrp.class.php +++ b/htdocs/core/modules/modMrp.class.php @@ -352,8 +352,8 @@ class modMrp extends DolibarrModules } $sql = array( - //"DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape('standard')."' AND type = 'mo' AND entity = ".$conf->entity, - //"INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape('standard')."', 'mo', ".$conf->entity.")" + //"DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape('standard')."' AND type = 'mo' AND entity = ".((int) $conf->entity), + //"INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape('standard')."', 'mo', ".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modPartnership.class.php b/htdocs/core/modules/modPartnership.class.php index d7041eca754..a036613fcec 100644 --- a/htdocs/core/modules/modPartnership.class.php +++ b/htdocs/core/modules/modPartnership.class.php @@ -453,10 +453,10 @@ class modPartnership extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/modPrelevement.class.php b/htdocs/core/modules/modPrelevement.class.php index 8d68b372e91..a42d3c8b5a0 100644 --- a/htdocs/core/modules/modPrelevement.class.php +++ b/htdocs/core/modules/modPrelevement.class.php @@ -145,8 +145,8 @@ class modPrelevement extends DolibarrModules $this->remove($options); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'bankaccount' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','bankaccount',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'bankaccount' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','bankaccount',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modProjet.class.php b/htdocs/core/modules/modProjet.class.php index 25448f239e6..66138c584b5 100644 --- a/htdocs/core/modules/modProjet.class.php +++ b/htdocs/core/modules/modProjet.class.php @@ -366,12 +366,12 @@ class modProjet extends DolibarrModules } $sql = array(); - $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'task' AND entity = ".$conf->entity; - $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','task',".$conf->entity.")"; - $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'beluga' AND type = 'project' AND entity = ".$conf->entity; - $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('beluga','project',".$conf->entity.")"; - $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'baleine' AND type = 'project' AND entity = ".$conf->entity; - $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('baleine','project',".$conf->entity.")"; + $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'task' AND entity = ".((int) $conf->entity); + $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','task',".((int) $conf->entity).")"; + $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'beluga' AND type = 'project' AND entity = ".((int) $conf->entity); + $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('beluga','project',".((int) $conf->entity).")"; + $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'baleine' AND type = 'project' AND entity = ".((int) $conf->entity); + $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('baleine','project',".((int) $conf->entity).")"; return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modPropale.class.php b/htdocs/core/modules/modPropale.class.php index 83e2b5a0402..33a28c9ec11 100644 --- a/htdocs/core/modules/modPropale.class.php +++ b/htdocs/core/modules/modPropale.class.php @@ -470,8 +470,8 @@ class modPropale extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'propal' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','propal',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'propal' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','propal',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modReception.class.php b/htdocs/core/modules/modReception.class.php index 02f17cf0fbe..4696f15019a 100644 --- a/htdocs/core/modules/modReception.class.php +++ b/htdocs/core/modules/modReception.class.php @@ -282,8 +282,8 @@ class modReception extends DolibarrModules $sql = array(); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'reception' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','reception',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'reception' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','reception',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modRecruitment.class.php b/htdocs/core/modules/modRecruitment.class.php index 3d4e88872ef..02e7cdfbf4c 100644 --- a/htdocs/core/modules/modRecruitment.class.php +++ b/htdocs/core/modules/modRecruitment.class.php @@ -448,10 +448,10 @@ class modRecruitment extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".$this->db->escape(strtolower($myTmpObjectKey))."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/modStock.class.php b/htdocs/core/modules/modStock.class.php index 3494cb684dc..d0cfa64c884 100644 --- a/htdocs/core/modules/modStock.class.php +++ b/htdocs/core/modules/modStock.class.php @@ -35,7 +35,6 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; */ class modStock extends DolibarrModules { - /** * Constructor. Define names, constants, directories, boxes, permissions * @@ -454,10 +453,10 @@ class modStock extends DolibarrModules $sql = array(); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'stock' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','stock',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[2][2])."' AND type = 'mouvement' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[2][2])."','mouvement',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'stock' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','stock',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[2][2])."' AND type = 'mouvement' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[2][2])."','mouvement',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modSupplierProposal.class.php b/htdocs/core/modules/modSupplierProposal.class.php index 4a0fc21fa44..36df0dd27bd 100644 --- a/htdocs/core/modules/modSupplierProposal.class.php +++ b/htdocs/core/modules/modSupplierProposal.class.php @@ -179,8 +179,8 @@ class modSupplierProposal extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'supplier_proposal' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','supplier_proposal',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'supplier_proposal' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','supplier_proposal',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modTicket.class.php b/htdocs/core/modules/modTicket.class.php index 78bcb9901af..01561b40b01 100644 --- a/htdocs/core/modules/modTicket.class.php +++ b/htdocs/core/modules/modTicket.class.php @@ -344,8 +344,8 @@ class modTicket extends DolibarrModules array("sql" => "insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (110121, 'ticket', 'internal', 'CONTRIBUTOR', 'Intervenant', 1);", "ignoreerror" => 1), array("sql" => "insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (110122, 'ticket', 'external', 'SUPPORTCLI', 'Contact client suivi incident', 1);", "ignoreerror" => 1), array("sql" => "insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (110123, 'ticket', 'external', 'CONTRIBUTOR', 'Intervenant', 1);", "ignoreerror" => 1), - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'TICKET_ADDON_PDF_ODT_PATH' AND type = 'ticket' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('TICKET_ADDON_PDF_ODT_PATH','ticket',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'TICKET_ADDON_PDF_ODT_PATH' AND type = 'ticket' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('TICKET_ADDON_PDF_ODT_PATH','ticket',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modWorkstation.class.php b/htdocs/core/modules/modWorkstation.class.php index 8e2d676bf27..3069be8ced5 100755 --- a/htdocs/core/modules/modWorkstation.class.php +++ b/htdocs/core/modules/modWorkstation.class.php @@ -435,10 +435,10 @@ class modWorkstation extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".$this->db->escape(strtolower($myTmpObjectKey))."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/movement/doc/pdf_standard.modules.php b/htdocs/core/modules/movement/doc/pdf_standard.modules.php index e029c4d5d66..528f45ee962 100644 --- a/htdocs/core/modules/movement/doc/pdf_standard.modules.php +++ b/htdocs/core/modules/movement/doc/pdf_standard.modules.php @@ -278,7 +278,7 @@ class pdf_stdandard extends ModelePDFMovement // Add fields from extrafields if (!empty($extrafields->attributes[$element]['label'])) { foreach ($extrafields->attributes[$element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index 035a7aee9c6..049ba50bfbe 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -548,7 +548,7 @@ class EcmFiles extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $this->lines = array(); diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php index bb84bbe37bd..09997716c01 100644 --- a/htdocs/eventorganization/class/conferenceorbooth.class.php +++ b/htdocs/eventorganization/class/conferenceorbooth.class.php @@ -313,7 +313,7 @@ class ConferenceOrBooth extends ActionComm $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/eventorganization/class/conferenceorboothattendee.class.php b/htdocs/eventorganization/class/conferenceorboothattendee.class.php index cdc350480c5..825451e9868 100644 --- a/htdocs/eventorganization/class/conferenceorboothattendee.class.php +++ b/htdocs/eventorganization/class/conferenceorboothattendee.class.php @@ -434,7 +434,7 @@ class ConferenceOrBoothAttendee extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/eventorganization/conferenceorbooth_list.php b/htdocs/eventorganization/conferenceorbooth_list.php index 9430d2c52ad..d3bbd835367 100644 --- a/htdocs/eventorganization/conferenceorbooth_list.php +++ b/htdocs/eventorganization/conferenceorbooth_list.php @@ -449,7 +449,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks diff --git a/htdocs/eventorganization/conferenceorboothattendee_list.php b/htdocs/eventorganization/conferenceorboothattendee_list.php index 72d66b7fb87..9184d9ae771 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_list.php +++ b/htdocs/eventorganization/conferenceorboothattendee_list.php @@ -225,7 +225,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index d28435092b2..2c0239d44e2 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -245,7 +245,7 @@ if ($search_categ_cus) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index a83ef94e520..c2b63f9393e 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -497,7 +497,7 @@ class ExpenseReport extends CommonObject $sql .= " , detail_refuse = ".(!empty($this->detail_refuse) ? "'".$this->db->escape($this->detail_refuse)."'" : "''"); $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { if (!$notrigger) { @@ -552,7 +552,7 @@ class ExpenseReport extends CommonObject } //$sql.= $restrict; - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -665,7 +665,7 @@ class ExpenseReport extends CommonObject $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", paid=1"; $sql .= " WHERE rowid = ".((int) $id)." AND fk_statut = ".self::STATUS_APPROVED; - dol_syslog(get_class($this)."::set_paid sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::set_paid", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->affected_rows($resql)) { @@ -882,7 +882,7 @@ class ExpenseReport extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as de"; $sql .= " WHERE de.fk_projet = ".((int) $projectid); - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $num = $this->db->num_rows($result); @@ -1353,7 +1353,7 @@ class ExpenseReport extends CommonObject $sql .= " SET fk_statut = ".self::STATUS_VALIDATED; $sql .= ' WHERE rowid = '.$this->id; - dol_syslog(get_class($this)."::set_save_from_refuse sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::set_save_from_refuse", LOG_DEBUG); if ($this->db->query($sql)) { return 1; @@ -1509,7 +1509,7 @@ class ExpenseReport extends CommonObject $sql .= " SET paid = 0, fk_statut = ".self::STATUS_APPROVED; $sql .= ' WHERE rowid = '.$this->id; - dol_syslog(get_class($this)."::set_unpaid sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::set_unpaid", LOG_DEBUG); if ($this->db->query($sql)) { if (!$notrigger) { @@ -1563,7 +1563,7 @@ class ExpenseReport extends CommonObject $sql .= " ,detail_cancel='".$this->db->escape($detail)."'"; $sql .= ' WHERE rowid = '.$this->id; - dol_syslog(get_class($this)."::set_cancel sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::set_cancel", LOG_DEBUG); if ($this->db->query($sql)) { if (!$notrigger) { diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index 610713d6f48..760c25e4db8 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -277,7 +277,7 @@ $sql .= " u.rowid as id_user, u.firstname, u.lastname, u.login, u.email, u.statu // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 508eb984307..6f4dccd878d 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -231,7 +231,7 @@ if (!empty($conf->contrat->enabled)) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index d248ed44321..4b74b596be5 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -2537,10 +2537,10 @@ class CommandeFournisseur extends CommonOrder $sql = "INSERT INTO ".MAIN_DB_PREFIX."commande_fournisseurdet"; $sql .= " (fk_commande, label, description, fk_product, price, qty, tva_tx, localtax1_tx, localtax2_tx, remise_percent, subprice, remise, ref)"; - $sql .= " VALUES (".$idc.", '".$this->db->escape($label)."', ".$this->db->escape($comclient->lines[$i]->desc); - $sql .= ",".$comclient->lines[$i]->fk_product.", ".price2num($comclient->lines[$i]->price); - $sql .= ", ".$comclient->lines[$i]->qty.", ".$comclient->lines[$i]->tva_tx.", ".$comclient->lines[$i]->localtax1_tx.", ".$comclient->lines[$i]->localtax2_tx.", ".$comclient->lines[$i]->remise_percent; - $sql .= ", '".price2num($comclient->lines[$i]->subprice)."','0', '".$this->db->escape($ref)."');"; + $sql .= " VALUES (".((int) $idc).", '".$this->db->escape($label)."', '".$this->db->escape($comclient->lines[$i]->desc)."'"; + $sql .= ",".$comclient->lines[$i]->fk_product.", ".price2num($comclient->lines[$i]->price, 'MU'); + $sql .= ", ".price2num($comclient->lines[$i]->qty, 'MS').", ".price2num($comclient->lines[$i]->tva_tx, 5).", ".price2num($comclient->lines[$i]->localtax1_tx, 5).", ".price2num($comclient->lines[$i]->localtax2_tx, 5).", ".price2num($comclient->lines[$i]->remise_percent, 3); + $sql .= ", '".price2num($comclient->lines[$i]->subprice, 'MT')."','0', '".$this->db->escape($ref)."');"; if ($this->db->query($sql)) { $this->update_price(); } @@ -2564,8 +2564,8 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur'; - $sql .= ' SET fk_statut='.$status; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " SET fk_statut = ".$status; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setStatus", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php index cd1ff267fb7..39aaea1bbfe 100644 --- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php +++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php @@ -684,7 +684,7 @@ class CommandeFournisseurDispatch extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $this->lines = array(); diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index a5d0382dbdc..e4d10cbb23d 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -653,7 +653,7 @@ $sql .= " u.firstname, u.lastname, u.photo, u.login, u.email as user_email, u.st // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 8f2aaadb8ea..d6f07426a04 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -430,7 +430,7 @@ if (!$search_all) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index 334f68da404..6aecff5eac0 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -296,7 +296,7 @@ $sql .= " ua.photo as validator_photo"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php index cbbe1670a09..d26a10a923a 100644 --- a/htdocs/hrm/class/establishment.class.php +++ b/htdocs/hrm/class/establishment.class.php @@ -269,7 +269,7 @@ class Establishment extends CommonObject $sql .= ", entity = ".((int) $this->entity); $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $this->db->commit(); diff --git a/htdocs/intracommreport/list.php b/htdocs/intracommreport/list.php index 686bd16d5de..a4fed4def2d 100644 --- a/htdocs/intracommreport/list.php +++ b/htdocs/intracommreport/list.php @@ -207,7 +207,7 @@ $sql = 'SELECT DISTINCT i.rowid, i.type_declaration, i.type_export, i.periods, i /* // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { - foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql.=($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql.=($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } */ // Add fields from hooks diff --git a/htdocs/knowledgemanagement/class/knowledgerecord.class.php b/htdocs/knowledgemanagement/class/knowledgerecord.class.php index f85e795326e..559e6f21cf0 100644 --- a/htdocs/knowledgemanagement/class/knowledgerecord.class.php +++ b/htdocs/knowledgemanagement/class/knowledgerecord.class.php @@ -387,15 +387,15 @@ class KnowledgeRecord extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -407,7 +407,7 @@ class KnowledgeRecord extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/knowledgemanagement/knowledgerecord_list.php b/htdocs/knowledgemanagement/knowledgerecord_list.php index 828137556ce..868c64e8786 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_list.php +++ b/htdocs/knowledgemanagement/knowledgerecord_list.php @@ -220,7 +220,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ",ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ",ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -284,7 +284,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index 243567082fa..dc72b81a96a 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -443,27 +443,27 @@ class MyObject extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')'; + $sql .= " AND (".implode(" ".$filtermode." ", $sqlwhere).")"; } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index 3656531809a..2eee13fd879 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -266,7 +266,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -330,7 +330,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql .= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index a0bc74bc4ad..bc5e8eca58a 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -437,13 +437,13 @@ class Mo extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -455,7 +455,7 @@ class Mo extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -1546,13 +1546,13 @@ class MoLine extends CommonObjectLine if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -1564,7 +1564,7 @@ class MoLine extends CommonObjectLine $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/mrp/mo_list.php b/htdocs/mrp/mo_list.php index 012b43ff61a..5b4215f91db 100644 --- a/htdocs/mrp/mo_list.php +++ b/htdocs/mrp/mo_list.php @@ -207,7 +207,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -272,7 +272,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/mrp/mo_movements.php b/htdocs/mrp/mo_movements.php index 803fb3bf5b7..bab57db22ea 100644 --- a/htdocs/mrp/mo_movements.php +++ b/htdocs/mrp/mo_movements.php @@ -423,7 +423,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Add fields from extrafields if (!empty($extrafields->attributes[$objectlist->table_element]['label'])) { foreach ($extrafields->attributes[$objectlist->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$objectlist->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$objectlist->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index 6de34719f77..121b53007df 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -483,15 +483,15 @@ class Partnership extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -503,7 +503,7 @@ class Partnership extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/partnership/partnership_list.php b/htdocs/partnership/partnership_list.php index e36e94d39c7..e9c577213d6 100644 --- a/htdocs/partnership/partnership_list.php +++ b/htdocs/partnership/partnership_list.php @@ -260,7 +260,7 @@ if ($managedfor == 'member') { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -342,7 +342,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index ae2aca9fbc9..4dcdb0df538 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1605,7 +1605,7 @@ class Product extends CommonObject $sql .= "$field = '".$this->db->escape($value)."'"; $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__."", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 07590099571..701b10093af 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -418,7 +418,7 @@ class Productcustomerprice extends CommonObject } $sql .= $this->db->order($sortfield, $sortorder); if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } dol_syslog(get_class($this)."::fetch_all", LOG_DEBUG); @@ -531,7 +531,7 @@ class Productcustomerprice extends CommonObject } $sql .= $this->db->order($sortfield, $sortorder); if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } dol_syslog(get_class($this)."::fetch_all_log", LOG_DEBUG); diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php index 41e1d2d0f6b..7597b32f21a 100644 --- a/htdocs/product/class/productfournisseurprice.class.php +++ b/htdocs/product/class/productfournisseurprice.class.php @@ -326,15 +326,15 @@ class ProductFournisseurPrice extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -346,7 +346,7 @@ class ProductFournisseurPrice extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php index 2d6b5374caa..36910c75fb2 100644 --- a/htdocs/product/inventory/list.php +++ b/htdocs/product/inventory/list.php @@ -205,7 +205,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -271,7 +271,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/product/list.php b/htdocs/product/list.php index ff21caf96f9..4d208133759 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -394,7 +394,7 @@ if (!empty($conf->variants->enabled) && (!empty($conf->global->PRODUIT_ATTRIBUTE // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index d8138c7f149..0fdbba51041 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -291,7 +291,7 @@ class ProductStockEntrepot extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $lines = array(); diff --git a/htdocs/product/stock/list.php b/htdocs/product/stock/list.php index b8f998c0ec0..cba4c43bce1 100644 --- a/htdocs/product/stock/list.php +++ b/htdocs/product/stock/list.php @@ -200,12 +200,12 @@ $title = $langs->trans("ListOfWarehouses"); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } @@ -273,7 +273,7 @@ $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $objec $sql .= $hookmanager->resPrint; $sql .= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/product/stock/movement_card.php b/htdocs/product/stock/movement_card.php index b6d5ae78407..24e5ae2b689 100644 --- a/htdocs/product/stock/movement_card.php +++ b/htdocs/product/stock/movement_card.php @@ -439,7 +439,7 @@ $sql .= " u.login, u.photo, u.lastname, u.firstname"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/product/stock/movement_list.php b/htdocs/product/stock/movement_list.php index 1096d8b9e09..3a162cc640f 100644 --- a/htdocs/product/stock/movement_list.php +++ b/htdocs/product/stock/movement_list.php @@ -488,7 +488,7 @@ $sql .= " u.login, u.photo, u.lastname, u.firstname, u.email as user_email, u.st // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index 78a18ca960b..25c9921ce18 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -201,12 +201,12 @@ $title = $langs->trans('LotSerialList'); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -253,7 +253,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 53973f7672e..c05f726031c 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -795,12 +795,12 @@ class Task extends CommonObject $sql .= " p.fk_opp_status, p.opp_amount, p.opp_percent, p.budget_amount"; if (!empty($extrafields->attributes['projet']['label'])) { foreach ($extrafields->attributes['projet']['label'] as $key => $val) { - $sql .= ($extrafields->attributes['projet']['type'][$key] != 'separate' ? ",efp.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes['projet']['type'][$key] != 'separate' ? ",efp.".$key." as options_".$key : ''); } } if (!empty($extrafields->attributes['projet_task']['label'])) { foreach ($extrafields->attributes['projet_task']['label'] as $key => $val) { - $sql .= ($extrafields->attributes['projet_task']['type'][$key] != 'separate' ? ",efpt.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes['projet_task']['type'][$key] != 'separate' ? ",efpt.".$key." as options_".$key : ''); } } if ($includebilltime) { diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 43f5bd6ff2f..f9910813720 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -353,7 +353,7 @@ $sql .= " cls.code as opp_status_code"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index 8dc369b6a0a..36c4a22d763 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -304,7 +304,7 @@ if (!empty($arrayfields['t.tobill']['checked']) || !empty($arrayfields['t.billed // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/public/recruitment/index.php b/htdocs/public/recruitment/index.php index f3d84ec996f..f6fdd94b6f1 100644 --- a/htdocs/public/recruitment/index.php +++ b/htdocs/public/recruitment/index.php @@ -247,7 +247,7 @@ if ($display_ticket_list) { // Add fields for extrafields if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } $sql .= " FROM ".MAIN_DB_PREFIX."recruitment_recruitmentjobposition as t"; diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 3c5dfffba17..2249dcaa930 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -332,7 +332,7 @@ if ($action == "view_ticketlist") { // Add fields for extrafields if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } $sql .= " FROM ".MAIN_DB_PREFIX."ticket as t"; diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index dd9f365c39a..3541a1b8065 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -428,7 +428,7 @@ $sql .= ' e.date_creation as date_creation, e.tms as date_update'; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/recruitment/class/recruitmentcandidature.class.php b/htdocs/recruitment/class/recruitmentcandidature.class.php index 3c5cf401a92..e0008d1a694 100644 --- a/htdocs/recruitment/class/recruitmentcandidature.class.php +++ b/htdocs/recruitment/class/recruitmentcandidature.class.php @@ -375,15 +375,15 @@ class RecruitmentCandidature extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -395,7 +395,7 @@ class RecruitmentCandidature extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php index 7e44aad7b64..94ce1f8683d 100644 --- a/htdocs/recruitment/class/recruitmentjobposition.class.php +++ b/htdocs/recruitment/class/recruitmentjobposition.class.php @@ -384,15 +384,15 @@ class RecruitmentJobPosition extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -404,7 +404,7 @@ class RecruitmentJobPosition extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/recruitment/recruitmentcandidature_list.php b/htdocs/recruitment/recruitmentcandidature_list.php index 7a5a88bc6c4..70b5366aec7 100644 --- a/htdocs/recruitment/recruitmentcandidature_list.php +++ b/htdocs/recruitment/recruitmentcandidature_list.php @@ -238,12 +238,12 @@ $title = $langs->trans('ListOfCandidatures'); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -290,7 +290,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/recruitment/recruitmentjobposition_list.php b/htdocs/recruitment/recruitmentjobposition_list.php index c82c8312b40..8f45caed040 100644 --- a/htdocs/recruitment/recruitmentjobposition_list.php +++ b/htdocs/recruitment/recruitmentjobposition_list.php @@ -246,7 +246,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -312,7 +312,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required */ $sql .= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index b7f16a9ff9d..db70bc571bf 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -499,7 +499,7 @@ class Dolresource extends CommonObject // Add fields from extrafields if (!empty($extrafields->attributes[$this->table_element]['label'])) { foreach ($extrafields->attributes[$this->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$this->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$this->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } $sql .= " ty.label as type_label"; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 555fa3b05e1..d7dde07af5f 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -4774,7 +4774,7 @@ class Societe extends CommonObject $sql.= $field." = '".$this->db->escape($value)."'"; $sql.= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::".__FUNCTION__." sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::".__FUNCTION__."", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 3105700ff65..66d045e1210 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -476,7 +476,7 @@ if ($search_categ_sup && $search_categ_sup!=-1) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/societe/website.php b/htdocs/societe/website.php index 0740200867d..0ea53355629 100644 --- a/htdocs/societe/website.php +++ b/htdocs/societe/website.php @@ -261,12 +261,12 @@ print '
'; // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($objectwebsiteaccount->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -304,7 +304,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY " foreach($objectwebsiteaccount->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 2529e594f2d..a3ab70c8c5a 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -306,7 +306,7 @@ $sql .= " u.firstname, u.lastname, u.photo, u.login"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/ticket/class/cticketcategory.class.php b/htdocs/ticket/class/cticketcategory.class.php index 4e3e6311354..34321b5b898 100644 --- a/htdocs/ticket/class/cticketcategory.class.php +++ b/htdocs/ticket/class/cticketcategory.class.php @@ -395,15 +395,15 @@ class CTicketCategory extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -415,7 +415,7 @@ class CTicketCategory extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index bf08e2fdf01..e2860d240d7 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -472,7 +472,7 @@ class Ticket extends CommonObject $this->db->begin(); - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -582,7 +582,7 @@ class Ticket extends CommonObject } } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -692,7 +692,7 @@ class Ticket extends CommonObject $sql .= ", type.label as type_label, category.label as category_label, severity.label as severity_label"; // Add fields for extrafields foreach ($extrafields->attributes[$this->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$this->table_element]['type'][$key] != 'separate' ? ",ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$this->table_element]['type'][$key] != 'separate' ? ",ef.".$key." as options_".$key : ''); } $sql .= " FROM ".MAIN_DB_PREFIX."ticket as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_type as type ON type.code=t.type_code"; @@ -736,10 +736,10 @@ class Ticket extends CommonObject $sql .= " ORDER BY ".$sortfield.' '.$sortorder; if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } - dol_syslog(get_class($this)."::fetch_all sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch_all", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1143,7 +1143,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_type"; $sql .= " WHERE active > 0"; $sql .= " ORDER BY pos"; - dol_syslog(get_class($this)."::load_cache_type_tickets sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::load_cache_type_tickets", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -1183,7 +1183,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_category"; $sql .= " WHERE active > 0"; $sql .= " ORDER BY pos"; - dol_syslog(get_class($this)."::load_cache_categories_tickets sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::load_cache_categories_tickets", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -1227,7 +1227,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_severity"; $sql .= " WHERE active > 0"; $sql .= " ORDER BY pos"; - dol_syslog(get_class($this)."::loadCacheSeveritiesTickets sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::loadCacheSeveritiesTickets", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -1725,7 +1725,7 @@ class Ticket extends CommonObject $sql .= " AND elementtype = 'ticket'"; $sql .= " ORDER BY datec DESC"; - dol_syslog(get_class($this)."::load_cache_actions_ticket sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::load_cache_actions_ticket", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index c79a75e851c..625503538b5 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -335,12 +335,12 @@ $title = $langs->trans('TicketList'); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 325db34141d..f22882b1852 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -3125,7 +3125,7 @@ class User extends CommonObject $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."user"; $sql .= " WHERE fk_user = ".((int) $this->id); - dol_syslog(get_class($this)."::get_children sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::get_children", LOG_DEBUG); $res = $this->db->query($sql); if ($res) { $users = array(); @@ -3515,13 +3515,13 @@ class User extends CommonObject if (!empty($filter)) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; - } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = ".((int) $value); + } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/user/list.php b/htdocs/user/list.php index a3b69d1dff8..69e94e1cfdc 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -336,7 +336,7 @@ $sql .= " s.nom as name, s.canvas,"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 05b45ebf829..a0cc0128b4c 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -38,7 +38,7 @@ $id = GETPOST("id", 'int'); $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -$actionid = GETPOST('actionid'); +$actionid = GETPOST('actionid', 'int'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -99,8 +99,8 @@ if ($action == 'add') { $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; $sql .= " WHERE fk_user=".((int) $id)." AND fk_action=".((int) $actionid); if ($db->query($sql)) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec,fk_user, fk_action)"; - $sql .= " VALUES ('".$db->idate($now)."',".$id.",".$actionid.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec, fk_user, fk_action)"; + $sql .= " VALUES ('".$db->idate($now)."', ".((int) $id).", ".$actionid.")"; if (!$db->query($sql)) { $error++; diff --git a/htdocs/variants/class/ProductAttributeValue.class.php b/htdocs/variants/class/ProductAttributeValue.class.php index e91542f90c5..5ee341526bb 100644 --- a/htdocs/variants/class/ProductAttributeValue.class.php +++ b/htdocs/variants/class/ProductAttributeValue.class.php @@ -160,8 +160,7 @@ class ProductAttributeValue extends CommonObject $this->value = $this->db->escape($this->value); $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_attribute_value (fk_product_attribute, ref, value, entity) - VALUES ('".(int) $this->fk_product_attribute."', '".$this->db->escape($this->ref)."', - '".$this->value."', ".(int) $this->entity.")"; + VALUES (".(int) $this->fk_product_attribute.", '".$this->db->escape($this->ref)."', '".$this->db->escape($this->value)."', ".(int) $this->entity.")"; $query = $this->db->query($sql); diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 7e70bfddc6d..4e19c057fd0 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -426,7 +426,7 @@ class Website extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $this->records = array(); diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index 16053069d30..f255b4e92e5 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -448,7 +448,7 @@ class WebsitePage extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/workstation/class/workstation.class.php b/htdocs/workstation/class/workstation.class.php index 03d1e6e3dd4..8b550add124 100755 --- a/htdocs/workstation/class/workstation.class.php +++ b/htdocs/workstation/class/workstation.class.php @@ -427,15 +427,15 @@ class Workstation extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -447,7 +447,7 @@ class Workstation extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/workstation/workstation_list.php b/htdocs/workstation/workstation_list.php index d305e0c2c33..b395c5e5a1b 100755 --- a/htdocs/workstation/workstation_list.php +++ b/htdocs/workstation/workstation_list.php @@ -220,7 +220,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -300,7 +300,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/zapier/class/hook.class.php b/htdocs/zapier/class/hook.class.php index ba04f504da6..fc03942d978 100644 --- a/htdocs/zapier/class/hook.class.php +++ b/htdocs/zapier/class/hook.class.php @@ -419,13 +419,13 @@ class Hook extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.' = '.((int) $value); + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -437,7 +437,7 @@ class Hook extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index e4a0e015fe8..a9f6221ea58 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -143,6 +143,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $user=$this->savuser; $langs=$this->savlangs; $db=$this->savdb; + print __METHOD__."\n"; } @@ -286,7 +287,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $matches=array(); // Check sql string DELETE|OR|AND|WHERE|INSERT ... yyy = ".$xxx - // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string or an (int) if int when forging sql request. + // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string, or an (int) if int, when forging sql request. preg_match_all('/(DELETE|OR|AND|WHERE|INSERT)\s.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($val[2] == 'ity' && $val[3] == 'con') { // exclude entity = $conf->entity @@ -300,6 +301,22 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); //exit; + // Check sql string VALUES ... , ".$xxx + // with xxx that is not 'db-' (for $db->escape). It means we forget a ' if string, or an (int) if int, when forging sql request. + preg_match_all('/(VALUES).*,\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); + foreach ($matches as $key => $val) { + if ($val[2] == 'VALUES' && $val[3] == 'db-') { // exclude $db->escape( + continue; + } + var_dump($matches); + $ok=false; + break; + } + //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; + $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); + //exit; + + // Check '".$xxx non escaped // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/=\s*\'"\s*\.\s*\$this->(....)/', $filecontent, $matches, PREG_SET_ORDER); @@ -310,10 +327,10 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase } } //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; - $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].' - Bad.'); + $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 1) in '.$file['relativename'].' - Bad.'); // Check string sql|set...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. - preg_match_all('/(sql|SET|WHERE).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('/(sql|SET|WHERE|INSERT|VALUES).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if (! in_array($val[2], array('this->db-', 'this->esc', 'db->escap', 'mydb->esc', 'dbsession', 'db->idate', 'escapedli', 'excludeGr', 'includeGr'))) { $ok=false; @@ -322,9 +339,25 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase //if ($reg[0] != 'db') $ok=false; } //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; - $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].': '.$val[0].' - Bad.'); + $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 2) in '.$file['relativename'].': '.$val[0].' - Bad.'); //exit; + // Check string sql|set...'.$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. + preg_match_all('/(\$sql|SET\s|WHERE\s|INSERT\s|VALUES\s|VALUES\().+\s*\'\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); + foreach ($matches as $key => $val) { + if (! in_array($val[2], array('this->db-', 'db->sanit', 'conf->ent', 'key : \'\')', 'key])."\')', 'excludefi', 'regexstri', 'filtermod'))) { + $ok=false; + var_dump($matches); + break; + } + //if ($reg[0] != 'db') $ok=false; + } + //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; + $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 3) in '.$file['relativename'].': '.$val[0].' - Bad.'); + //exit; + + // Checks with IN + // Check string 'IN (".xxx' or 'IN (\'.xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request. preg_match_all('/ IN \([\'"]\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { From 2dd91bf31294dbde5b3c9fdf7ca68c73e9fdbadb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 27 Aug 2021 23:36:06 +0200 Subject: [PATCH 136/215] Clean code --- htdocs/accountancy/admin/accountmodel.php | 8 ++-- htdocs/accountancy/admin/categories_list.php | 2 +- htdocs/accountancy/admin/journals_list.php | 2 +- htdocs/accountancy/bookkeeping/balance.php | 9 ++-- htdocs/adherents/ldap.php | 2 +- htdocs/adherents/type_ldap.php | 2 +- htdocs/admin/modules.php | 8 ++-- htdocs/comm/propal/class/propal.class.php | 18 ++++---- htdocs/comm/propal/list.php | 2 +- htdocs/commande/class/commande.class.php | 32 ++++++------- htdocs/commande/list.php | 4 +- htdocs/compta/bank/bankentries_list.php | 2 +- .../bank/class/paymentvarious.class.php | 2 +- htdocs/compta/facture/card.php | 12 ++--- .../facture/class/api_invoices.class.php | 2 +- .../facture/class/facture-rec.class.php | 16 +++---- htdocs/compta/facture/class/facture.class.php | 45 ++++++++++--------- htdocs/compta/facture/list.php | 4 +- htdocs/compta/paiement.php | 8 ++-- htdocs/compta/paiement/card.php | 4 +- .../compta/paiement/class/cpaiement.class.php | 4 +- .../compta/paiement/class/paiement.class.php | 10 ++--- htdocs/compta/payment_sc/card.php | 2 +- htdocs/compta/payment_vat/card.php | 2 +- .../sociales/class/cchargesociales.class.php | 2 +- .../sociales/class/chargesociales.class.php | 2 +- htdocs/compta/sociales/list.php | 4 +- htdocs/compta/tva/class/tva.class.php | 2 +- htdocs/contact/ldap.php | 2 +- htdocs/core/ajax/ajaxdirpreview.php | 2 +- htdocs/core/class/commoninvoice.class.php | 36 +++++++-------- htdocs/core/class/commonobject.class.php | 38 ++++++++-------- htdocs/core/class/coreobject.class.php | 2 +- htdocs/core/lib/functions.lib.php | 5 ++- htdocs/core/lib/ticket.lib.php | 2 +- htdocs/don/class/don.class.php | 2 +- .../class/emailcollector.class.php | 4 +- htdocs/expedition/class/expedition.class.php | 6 +-- .../class/expensereport.class.php | 22 ++++----- htdocs/fichinter/card.php | 2 +- htdocs/fichinter/class/fichinterrec.class.php | 8 ++-- htdocs/fourn/card.php | 6 +-- .../class/fournisseur.commande.class.php | 8 ++-- .../fourn/class/fournisseur.facture.class.php | 8 ++-- htdocs/fourn/class/paiementfourn.class.php | 10 ++--- htdocs/fourn/commande/card.php | 4 +- htdocs/fourn/facture/card.php | 4 +- htdocs/fourn/facture/list.php | 2 +- htdocs/fourn/paiement/card.php | 2 +- htdocs/loan/class/loan.class.php | 2 +- .../modulebuilder/template/myobject_list.php | 7 +++ htdocs/mrp/class/mo.class.php | 4 +- .../class/multicurrency.class.php | 6 +-- .../inventory/class/inventory.class.php | 4 +- htdocs/product/inventory/inventory.php | 4 +- htdocs/projet/activity/perday.php | 2 +- htdocs/projet/activity/permonth.php | 12 ++--- htdocs/reception/class/reception.class.php | 8 ++-- htdocs/salaries/class/salary.class.php | 4 +- htdocs/salaries/payment_salary/card.php | 2 +- htdocs/stripe/class/actions_stripe.class.php | 2 +- .../class/supplier_proposal.class.php | 6 +-- htdocs/user/group/ldap.php | 2 +- htdocs/user/ldap.php | 2 +- htdocs/website/class/website.class.php | 2 +- htdocs/website/index.php | 4 +- 66 files changed, 235 insertions(+), 225 deletions(-) diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index 0f4d538cfac..6aacda28677 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -553,16 +553,16 @@ if ($id) { $num = $db->num_rows($resql); $i = 0; - $param = '&id='.$id; + $param = '&id='.urlencode($id); if ($search_country_id > 0) { - $param .= '&search_country_id='.$search_country_id; + $param .= '&search_country_id='.urlencode($search_country_id); } $paramwithsearch = $param; if ($sortorder) { - $paramwithsearch .= '&sortorder='.$sortorder; + $paramwithsearch .= '&sortorder='.urlencode($sortorder); } if ($sortfield) { - $paramwithsearch .= '&sortfield='.$sortfield; + $paramwithsearch .= '&sortfield='.urlencode($sortfield); } // There is several pages diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index 9a8a84893fe..53a1d75129b 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -580,7 +580,7 @@ if ($resql) { $param = '&id='.$id; if ($search_country_id > 0) { - $param .= '&search_country_id='.$search_country_id; + $param .= '&search_country_id='.urlencode($search_country_id); } $paramwithsearch = $param; if ($sortorder) { diff --git a/htdocs/accountancy/admin/journals_list.php b/htdocs/accountancy/admin/journals_list.php index 9ba9d8a6e20..49103716387 100644 --- a/htdocs/accountancy/admin/journals_list.php +++ b/htdocs/accountancy/admin/journals_list.php @@ -512,7 +512,7 @@ if ($id) { $param = '&id='.$id; if ($search_country_id > 0) { - $param .= '&search_country_id='.$search_country_id; + $param .= '&search_country_id='.urlencode($search_country_id); } $paramwithsearch = $param; if ($sortorder) { diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index b84fe255760..126f61e272c 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -40,6 +40,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; $langs->loadLangs(array("accountancy", "compta")); $action = GETPOST('action', 'aZ09'); +$contextpage = GETPOST('contextpage', 'aZ09'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; @@ -120,19 +121,19 @@ if ($limit > 0 && $limit != $conf->liste_limit) { $filter = array(); if (!empty($search_date_start)) { $filter['t.doc_date>='] = $search_date_start; - $param .= '&date_startmonth='.GETPOST('date_startmonth', 'int').'&date_startday='.GETPOST('date_startday', 'int').'&date_startyear='.GETPOST('date_startyear', 'int'); + $param .= '&date_startmonth='.GETPOST('date_startmonth', 'int').'&date_startday='.GETPOST('date_startday', 'int').'&date_startyear='.GETPOST('date_startyear', 'int'); } if (!empty($search_date_end)) { $filter['t.doc_date<='] = $search_date_end; - $param .= '&date_endmonth='.GETPOST('date_endmonth', 'int').'&date_endday='.GETPOST('date_endday', 'int').'&date_endyear='.GETPOST('date_endyear', 'int'); + $param .= '&date_endmonth='.GETPOST('date_endmonth', 'int').'&date_endday='.GETPOST('date_endday', 'int').'&date_endyear='.GETPOST('date_endyear', 'int'); } if (!empty($search_accountancy_code_start)) { $filter['t.numero_compte>='] = $search_accountancy_code_start; - $param .= '&search_accountancy_code_start='.$search_accountancy_code_start; + $param .= '&search_accountancy_code_start='.urlencode($search_accountancy_code_start); } if (!empty($search_accountancy_code_end)) { $filter['t.numero_compte<='] = $search_accountancy_code_end; - $param .= '&search_accountancy_code_end='.$search_accountancy_code_end; + $param .= '&search_accountancy_code_end='.urlencode($search_accountancy_code_end); } if (!empty($search_ledger_code)) { $filter['t.code_journal'] = $search_ledger_code; diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index 44d5ee5399b..d714e3d9a32 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -204,7 +204,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } } diff --git a/htdocs/adherents/type_ldap.php b/htdocs/adherents/type_ldap.php index 87a952a68b4..a695f84bb81 100644 --- a/htdocs/adherents/type_ldap.php +++ b/htdocs/adherents/type_ldap.php @@ -166,7 +166,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } $ldap->unbind(); diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 77c070ad573..e3448d19702 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -789,16 +789,16 @@ if ($mode == 'common' || $mode == 'commonkanban') { if (!empty($objMod->config_page_url) && !$disableSetup) { $backtourlparam = ''; if ($search_keyword != '') { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_keyword='.$search_keyword; // No urlencode here, done later + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_keyword='.urlencode($search_keyword); // No urlencode here, done later } if ($search_nature > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_nature='.$search_nature; // No urlencode here, done later + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_nature='.urlencode($search_nature); // No urlencode here, done later } if ($search_version > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_version='.$search_version; // No urlencode here, done later + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_version='.urlencode($search_version); // No urlencode here, done later } if ($search_status > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_status='.$search_status; // No urlencode here, done later + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_status='.urlencode($search_status); // No urlencode here, done later } $backtourl = $_SERVER["PHP_SELF"].$backtourlparam; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 2d304f9b1a8..d92638d7347 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2284,8 +2284,8 @@ class Propal extends CommonObject $this->db->begin(); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal SET ref_client = '.(empty($ref_client) ? 'NULL' : '\''.$this->db->escape($ref_client).'\''); - $sql .= ' WHERE rowid = '.$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET ref_client = ".(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'"); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__.' $this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2627,8 +2627,8 @@ class Propal extends CommonObject $newprivatenote = dol_concatdesc($this->note_private, $note); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal SET fk_statut = '.self::STATUS_BILLED.", "; - $sql .= " note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_SIGNED; + $sql .= " note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".((int) $user->id); + $sql .= ' WHERE rowid = '.((int) $this->id).' AND fk_statut = '.((int) self::STATUS_SIGNED); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -4087,7 +4087,7 @@ class PropaleLigne extends CommonObjectLine $sql .= " ".price2num($this->localtax2_tx).","; $sql .= " '".$this->db->escape($this->localtax1_type)."',"; $sql .= " '".$this->db->escape($this->localtax2_type)."',"; - $sql .= " ".(price2num($this->subprice) !== '' ?price2num($this->subprice) : "null").","; + $sql .= " ".(price2num($this->subprice) !== '' ? price2num($this->subprice) : "null").","; $sql .= " ".price2num($this->remise_percent).","; $sql .= " ".(isset($this->info_bits) ? "'".$this->db->escape($this->info_bits)."'" : "null").","; $sql .= " ".price2num($this->total_ht).","; @@ -4097,12 +4097,12 @@ class PropaleLigne extends CommonObjectLine $sql .= " ".price2num($this->total_ttc).","; $sql .= " ".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null").","; $sql .= " ".(isset($this->pa_ht) ? "'".price2num($this->pa_ht)."'" : "null").","; - $sql .= ' '.$this->special_code.','; - $sql .= ' '.$this->rang.','; - $sql .= ' '.(!$this->fk_unit ? 'NULL' : $this->fk_unit).','; + $sql .= ' '.((int) $this->special_code).','; + $sql .= ' '.((int) $this->rang).','; + $sql .= ' '.(empty($this->fk_unit) ? 'NULL' : ((int) $this->fk_unit)).','; $sql .= " ".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null").','; $sql .= " ".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null"); - $sql .= ", ".($this->fk_multicurrency > 0 ? $this->fk_multicurrency : 'null'); + $sql .= ", ".($this->fk_multicurrency > 0 ? ((int) $this->fk_multicurrency) : 'null'); $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; $sql .= ", ".$this->multicurrency_subprice; $sql .= ", ".$this->multicurrency_total_ht; diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index bf06a27e620..095b6770fe7 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -581,7 +581,7 @@ if ($search_warehouse != '' && $search_warehouse > 0) { $sql .= natural_search("p.fk_warehouse", $search_warehouse, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND p.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND p.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('p.multicurrency_tx', $search_multicurrency_tx, 1); diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 837683c3800..daf55e81605 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -698,7 +698,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET fk_statut='.self::STATUS_VALIDATED.', facture=0'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::set_reopen", LOG_DEBUG); $resql = $this->db->query($sql); @@ -757,9 +757,9 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET fk_statut = '.self::STATUS_CLOSED.','; - $sql .= ' fk_user_cloture = '.$user->id.','; + $sql .= ' fk_user_cloture = '.((int) $user->id).','; $sql .= " date_cloture = '".$this->db->idate($now)."'"; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT; if ($this->db->query($sql)) { if (!$notrigger) { @@ -2026,7 +2026,7 @@ class Commande extends CommonOrder $sql .= ' p.weight, p.weight_units, p.volume, p.volume_units'; $sql .= ' FROM '.MAIN_DB_PREFIX.'commandedet as l'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON (p.rowid = l.fk_product)'; - $sql .= ' WHERE l.fk_commande = '.$this->id; + $sql .= ' WHERE l.fk_commande = '.((int) $this->id); if ($only_product) { $sql .= ' AND p.fk_product_type = 0'; } @@ -2180,7 +2180,7 @@ class Commande extends CommonOrder $sql .= ' '.MAIN_DB_PREFIX.'commandedet as cd'; $sql .= ' WHERE'; $sql .= ' ed.fk_origin_line = cd.rowid'; - $sql .= ' AND cd.fk_commande ='.$this->id; + $sql .= ' AND cd.fk_commande = '.((int) $this->id); //print $sql; dol_syslog(get_class($this)."::getNbOfShipments", LOG_DEBUG); @@ -2222,12 +2222,12 @@ class Commande extends CommonOrder $sql .= ' ed.fk_expedition = e.rowid AND'; } $sql .= ' ed.fk_origin_line = cd.rowid'; - $sql .= ' AND cd.fk_commande ='.$this->id; + $sql .= ' AND cd.fk_commande = '.((int) $this->id); if ($this->fk_product > 0) { - $sql .= ' AND cd.fk_product = '.$this->fk_product; + $sql .= ' AND cd.fk_product = '.((int) $this->fk_product); } if ($filtre_statut >= 0) { - $sql .= ' AND e.fk_statut >= '.$filtre_statut; + $sql .= ' AND e.fk_statut >= '.((int) $filtre_statut); } $sql .= ' GROUP BY cd.rowid, cd.fk_product'; //print $sql; @@ -2264,7 +2264,7 @@ class Commande extends CommonOrder $sql = 'SELECT count(*)'; $sql .= ' FROM '.MAIN_DB_PREFIX.'expedition as e'; $sql .= ', '.MAIN_DB_PREFIX.'element_element as el'; - $sql .= ' WHERE el.fk_source = '.$this->id; + $sql .= ' WHERE el.fk_source = '.((int) $this->id); $sql .= " AND el.sourcetype = 'commande'"; $sql .= " AND el.fk_target = e.rowid"; $sql .= " AND el.targettype = 'shipping'"; @@ -2421,7 +2421,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET remise_percent = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT; + $sql .= ' WHERE rowid = '.((int) $this->id).' AND fk_statut = '.((int) self::STATUS_DRAFT); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2485,7 +2485,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET remise_absolue = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT; + $sql .= ' WHERE rowid = '.((int) $this->id).' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2874,7 +2874,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET'; $sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'"); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2930,7 +2930,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET facture = 1'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT; dol_syslog(get_class($this)."::classifyBilled", LOG_DEBUG); if ($this->db->query($sql)) { @@ -2980,7 +2980,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET facture = 0'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT; dol_syslog(get_class($this)."::classifyUnBilled", LOG_DEBUG); if ($this->db->query($sql)) { @@ -4396,8 +4396,8 @@ class OrderLine extends CommonOrderLine $sql .= " ".($this->price != '' ? "'".price2num($this->price)."'" : "null").","; $sql .= " '".price2num($this->remise)."',"; $sql .= ' '.(!empty($this->fk_remise_except) ? $this->fk_remise_except : "null").','; - $sql .= ' '.$this->special_code.','; - $sql .= ' '.$this->rang.','; + $sql .= ' '.((int) $this->special_code).','; + $sql .= ' '.((int) $this->rang).','; $sql .= ' '.(!empty($this->fk_fournprice) ? $this->fk_fournprice : "null").','; $sql .= ' '.price2num($this->pa_ht).','; $sql .= " '".$this->db->escape($this->info_bits)."',"; diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index 6f6643336f6..5f3568701e5 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -505,7 +505,7 @@ if ($search_status <> '') { if ($search_status == 1 && empty($conf->expedition->enabled)) { $sql .= ' AND c.fk_statut IN (1,2)'; // If module expedition disabled, we include order with status 'sending in process' into 'validated' } else { - $sql .= ' AND c.fk_statut = '.$search_status; // brouillon, validee, en cours, annulee + $sql .= ' AND c.fk_statut = '.((int) $search_status); // brouillon, validee, en cours, annulee } } if ($search_status == 4) { @@ -585,7 +585,7 @@ if ($search_warehouse != '' && $search_warehouse > 0) { $sql .= natural_search('c.fk_warehouse', $search_warehouse, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND c.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND c.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('c.multicurrency_tx', $search_multicurrency_tx, 1); diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 51ff5a5b5c4..e5e264a12f5 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -929,7 +929,7 @@ if ($resql) { if ($action != 'addline' && $action != 'reconcile') { if (empty($conf->global->BANK_DISABLE_DIRECT_INPUT)) { if (empty($conf->global->BANK_USE_OLD_VARIOUS_PAYMENT)) { // Default is to record miscellaneous direct entries using miscellaneous payments - $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create&accountid='.$search_account.'&backtopage='.urlencode($_SERVER['PHP_SELF'].'?id='.urlencode($search_account)), '', $user->rights->banque->modifier); + $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create&accountid='.urlencode($search_account).'&backtopage='.urlencode($_SERVER['PHP_SELF'].'?id='.urlencode($search_account)), '', $user->rights->banque->modifier); } else // If direct entries is not done using miscellaneous payments { $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?action=addline&page='.$page.$param, '', $user->rights->banque->modifier); diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index cdb2c0596f5..5a6aa81d663 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -573,7 +573,7 @@ class PaymentVarious extends CommonObject { // phpcs:enable $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.((int) $id_bank); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { return 1; diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 374de5cca4d..4a693977263 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -708,7 +708,7 @@ if (empty($reshook)) { // On verifie si la facture a des paiements $sql = 'SELECT pf.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf'; - $sql .= ' WHERE pf.fk_facture = '.$object->id; + $sql .= ' WHERE pf.fk_facture = '.((int) $object->id); $result = $db->query($sql); if ($result) { @@ -873,7 +873,7 @@ if (empty($reshook)) { $sql = 'SELECT SUM(pf.amount) as total_paiements'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf, '.MAIN_DB_PREFIX.'paiement as p'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id'; - $sql .= ' WHERE pf.fk_facture = '.$object->id; + $sql .= ' WHERE pf.fk_facture = '.((int) $object->id); $sql .= ' AND pf.fk_paiement = p.rowid'; $sql .= ' AND p.entity IN ('.getEntity('invoice').')'; $resql = $db->query($sql); @@ -2596,10 +2596,10 @@ if (empty($reshook)) { $errors = 0; if (count($linkedCreditNotesList) > 0) { // now, credit note must follow - $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture '; - $sql .= ' SET situation_cycle_ref='.$newCycle; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; + $sql .= ' SET situation_cycle_ref = '.((int) $newCycle); $sql .= ' , situation_final=0'; - $sql .= ' , situation_counter='.$object->situation_counter; + $sql .= ' , situation_counter='.((int) $object->situation_counter); $sql .= ' WHERE rowid IN ('.$db->sanitize(implode(',', $linkedCreditNotesList)).')'; $resql = $db->query($sql); @@ -4884,7 +4884,7 @@ if ($action == 'create') { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; - $sql .= ' WHERE pf.fk_facture = '.$object->id.' AND pf.fk_paiement = p.rowid'; + $sql .= ' WHERE pf.fk_facture = '.((int) $object->id).' AND pf.fk_paiement = p.rowid'; $sql .= ' AND p.entity IN ('.getEntity('invoice').')'; $sql .= ' ORDER BY p.datep, p.tms'; diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index 3dfa5f70603..2708c9e8386 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -1138,7 +1138,7 @@ class Invoices extends DolibarrApi $sql = 'SELECT SUM(pf.amount) as total_payments'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf, '.MAIN_DB_PREFIX.'paiement as p'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id'; - $sql .= ' WHERE pf.fk_facture = '.$this->invoice->id; + $sql .= ' WHERE pf.fk_facture = '.((int) $this->invoice->id); $sql .= ' AND pf.fk_paiement = p.rowid'; $sql .= ' AND p.entity IN ('.getEntity('invoice').')'; $resql = $this->db->query($sql); diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 6b9837e77bd..a0509774998 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -665,7 +665,7 @@ class FactureRec extends CommonInvoice $sql .= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as product_label, p.description as product_desc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facturedet_rec as l'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; - $sql .= ' WHERE l.fk_facture = '.$this->id; + $sql .= ' WHERE l.fk_facture = '.((int) $this->id); $sql .= ' ORDER BY l.rang'; dol_syslog('FactureRec::fetch_lines', LOG_DEBUG); @@ -1752,7 +1752,7 @@ class FactureRec extends CommonInvoice if (!empty($unit)) { $sql .= ', unit_frequency = \''.$this->db->escape($unit).'\''; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setFrequencyAndUnit", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1785,7 +1785,7 @@ class FactureRec extends CommonInvoice if ($increment_nb_gen_done > 0) { $sql .= ', nb_gen_done = nb_gen_done + 1'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setNextDate", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1819,7 +1819,7 @@ class FactureRec extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET nb_gen_max = '.((int) $nb); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1846,7 +1846,7 @@ class FactureRec extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET auto_validate = '.((int) $validate); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1873,7 +1873,7 @@ class FactureRec extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET generate_pdf = '.((int) $validate); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setGeneratePdf", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1899,8 +1899,8 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET modelpdf = "'.$model.'"'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " SET modelpdf = '".$this->db->escape($model)."'"; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setModelPdf", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 67d59ceb531..abb52560d24 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1769,7 +1769,7 @@ class Facture extends CommonInvoice $sql .= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as product_label, p.description as product_desc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facturedet as l'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; - $sql .= ' WHERE l.fk_facture = '.$this->id; + $sql .= ' WHERE l.fk_facture = '.((int) $this->id); $sql .= ' ORDER BY l.rang, l.rowid'; dol_syslog(get_class($this).'::fetch_lines', LOG_DEBUG); @@ -1876,8 +1876,8 @@ class Facture extends CommonInvoice $this->tab_next_situation_invoice = array(); $sql = 'SELECT rowid, type, situation_cycle_ref, situation_counter FROM '.MAIN_DB_PREFIX.'facture'; - $sql .= ' WHERE rowid <> '.$this->id; - $sql .= ' AND entity = '.$this->entity; + $sql .= " WHERE rowid <> ".((int) $this->id); + $sql .= ' AND entity = '.((int) $this->entity); $sql .= ' AND situation_cycle_ref = '.(int) $this->situation_cycle_ref; $sql .= ' ORDER BY situation_counter ASC'; @@ -2152,7 +2152,7 @@ class Facture extends CommonInvoice } else { $sql .= ' SET ref_client = \''.$this->db->escape($ref_client).'\''; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2408,9 +2408,9 @@ class Facture extends CommonInvoice if ($close_note) { $sql .= ", close_note='".$this->db->escape($close_note)."'"; } - $sql .= ', fk_user_closing = '.$user->id; + $sql .= ', fk_user_closing = '.((int) $user->id); $sql .= ", date_closing = '".$this->db->idate($now)."'"; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2474,7 +2474,7 @@ class Facture extends CommonInvoice $sql .= ' SET paye=0, fk_statut='.self::STATUS_VALIDATED.', close_code=null, close_note=null,'; $sql .= ' date_closing=null,'; $sql .= ' fk_user_closing=null'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::set_unpaid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2545,7 +2545,7 @@ class Facture extends CommonInvoice if ($close_note) { $sql .= ", close_note='".$this->db->escape($close_note)."'"; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2553,7 +2553,7 @@ class Facture extends CommonInvoice // as they have not been used since the invoice is abandoned. $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_facture = NULL'; - $sql .= ' WHERE fk_facture = '.$this->id; + $sql .= ' WHERE fk_facture = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2693,7 +2693,7 @@ class Facture extends CommonInvoice $sql .= ", datef='".$this->db->idate($this->date)."'"; $sql .= ", date_lim_reglement='".$this->db->idate($this->date_lim_reglement)."'"; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3755,7 +3755,7 @@ class Facture extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; $sql .= ' SET remise_percent = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= ' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); @@ -3817,7 +3817,7 @@ class Facture extends CommonInvoice $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; $sql .= ' SET remise_absolue = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= ' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); @@ -4598,7 +4598,7 @@ class Facture extends CommonInvoice $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'facture'; $sql .= ' WHERE situation_cycle_ref = '.((int) $this->situation_cycle_ref); - $sql .= ' AND situation_counter < '.$this->situation_counter; + $sql .= ' AND situation_counter < '.((int) $this->situation_counter); $sql .= ' AND entity = '.($this->entity > 0 ? $this->entity : $conf->entity); $resql = $this->db->query($sql); $res = array(); @@ -4631,7 +4631,7 @@ class Facture extends CommonInvoice $this->db->begin(); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.((int) $this->id); + $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.((int) $this->situation_final).' WHERE rowid = '.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -4849,10 +4849,11 @@ class Facture extends CommonInvoice public function setRetainedWarranty($value) { dol_syslog(get_class($this).'::setRetainedWarranty('.$value.')'); + if ($this->statut >= 0) { $fieldname = 'retained_warranty'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.floatval($value); + $sql .= " SET ".$fieldname." = ".((float) $value); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -5385,9 +5386,9 @@ class FactureLigne extends CommonInvoiceLine $sql .= ' '.(!empty($this->fk_remise_except) ? $this->fk_remise_except : "null").','; $sql .= " ".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null").","; $sql .= " ".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null").","; - $sql .= ' '.$this->fk_code_ventilation.','; - $sql .= ' '.$this->rang.','; - $sql .= ' '.$this->special_code.','; + $sql .= ' '.((int) $this->fk_code_ventilation).','; + $sql .= ' '.((int) $this->rang).','; + $sql .= ' '.((int) $this->special_code).','; $sql .= ' '.(!empty($this->fk_fournprice) ? $this->fk_fournprice : "null").','; $sql .= ' '.price2num($this->pa_ht).','; $sql .= " '".$this->db->escape($this->info_bits)."',"; @@ -5396,11 +5397,11 @@ class FactureLigne extends CommonInvoiceLine $sql .= " ".price2num($this->total_ttc).","; $sql .= " ".price2num($this->total_localtax1).","; $sql .= " ".price2num($this->total_localtax2); - $sql .= ", ".$this->situation_percent; + $sql .= ", ".((float) $this->situation_percent); $sql .= ", ".(!empty($this->fk_prev_id) ? $this->fk_prev_id : "null"); $sql .= ", ".(!$this->fk_unit ? 'NULL' : $this->fk_unit); - $sql .= ", ".$user->id; - $sql .= ", ".$user->id; + $sql .= ", ".((int) $user->id); + $sql .= ", ".((int) $user->id); $sql .= ", ".(int) $this->fk_multicurrency; $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; $sql .= ", ".price2num($this->multicurrency_subprice); @@ -5759,7 +5760,7 @@ class FactureLigne extends CommonInvoiceLine return 0; } - $sql = 'SELECT situation_percent FROM '.MAIN_DB_PREFIX.'facturedet WHERE rowid='.$this->fk_prev_id; + $sql = 'SELECT situation_percent FROM '.MAIN_DB_PREFIX.'facturedet WHERE rowid='.((int) $this->fk_prev_id); $resql = $this->db->query($sql); if ($resql && $resql->num_rows > 0) { $res = $this->db->fetch_array($resql); diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 76cddb2d909..2b8a65445ba 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -680,7 +680,7 @@ if ($search_montant_ttc != '') { $sql .= natural_search('f.total_ttc', $search_montant_ttc, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND f.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND f.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('f.multicurrency_tx', $search_multicurrency_tx, 1); @@ -803,7 +803,7 @@ if (!$sall) { // Add HAVING from hooks $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook -$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 ' . $hookmanager->resPrint) : ''; +$sql .= !empty($hookmanager->resPrint) ? (" HAVING 1=1 " . $hookmanager->resPrint) : ""; $sql .= ' ORDER BY '; $listfield = explode(',', $sortfield); diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php index 03acd9d88eb..0f49b8d5823 100644 --- a/htdocs/compta/paiement.php +++ b/htdocs/compta/paiement.php @@ -529,14 +529,14 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie $sql .= ' f.datef as df, f.fk_soc as socid, f.date_lim_reglement as dlr'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture as f'; $sql .= ' WHERE f.entity IN ('.getEntity('facture').')'; - $sql .= ' AND (f.fk_soc = '.$facture->socid; + $sql .= ' AND (f.fk_soc = '.((int) $facture->socid); // Can pay invoices of all child of parent company if (!empty($conf->global->FACTURE_PAYMENTS_ON_DIFFERENT_THIRDPARTIES_BILLS) && !empty($facture->thirdparty->parent)) { - $sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.$facture->thirdparty->parent.')'; + $sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.((int) $facture->thirdparty->parent).')'; } // Can pay invoices of all child of myself if (!empty($conf->global->FACTURE_PAYMENTS_ON_SUBSIDIARY_COMPANIES)) { - $sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.$facture->thirdparty->id.')'; + $sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.((int) $facture->thirdparty->id).')'; } $sql .= ') AND f.paye = 0'; $sql .= ' AND f.fk_statut = 1'; // Statut=0 => not validated, Statut=2 => canceled @@ -875,7 +875,7 @@ if (!GETPOST('action', 'aZ09')) { $sql .= ' AND f.fk_soc = '.((int) $socid); } - $sql .= ' ORDER BY '.$sortfield.' '.$sortorder; + $sql .= $db->order($sortfield, $sortorder); $sql .= $db->plimit($limit + 1, $offset); $resql = $db->query($sql); diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index 2b65ad4a84a..ed8ec522aea 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -126,7 +126,7 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture $sql .= ' WHERE pf.fk_facture = f.rowid'; $sql .= ' AND f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; - $sql .= ' AND pf.fk_paiement = '.$object->id; + $sql .= ' AND pf.fk_paiement = '.((int) $object->id); $resql = $db->query($sql); if ($resql) { $i = 0; @@ -342,7 +342,7 @@ $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf,'.MAIN_DB_PREFIX.'factur $sql .= ' WHERE pf.fk_facture = f.rowid'; $sql .= ' AND f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; -$sql .= ' AND pf.fk_paiement = '.$object->id; +$sql .= ' AND pf.fk_paiement = '.((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/compta/paiement/class/cpaiement.class.php b/htdocs/compta/paiement/class/cpaiement.class.php index e9623f55c11..1c7abf71c3b 100644 --- a/htdocs/compta/paiement/class/cpaiement.class.php +++ b/htdocs/compta/paiement/class/cpaiement.class.php @@ -273,7 +273,7 @@ class Cpaiement $sql .= ' active = '.(isset($this->active) ? $this->active : "null").','; $sql .= ' accountancy_code = '.(isset($this->accountancy_code) ? "'".$this->db->escape($this->accountancy_code)."'" : "null").','; $sql .= ' module = '.(isset($this->module) ? "'".$this->db->escape($this->module)."'" : "null"); - $sql .= ' WHERE id='.$this->id; + $sql .= ' WHERE id = '.((int) $this->id); $this->db->begin(); @@ -334,7 +334,7 @@ class Cpaiement if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE id='.$this->id; + $sql .= ' WHERE id = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 8c8a563f418..3e1dc59a52e 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -533,12 +533,12 @@ class Paiement extends CommonObject // Delete payment (into paiement_facture and paiement) $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiement_facture'; - $sql .= ' WHERE fk_paiement = '.$this->id; + $sql .= ' WHERE fk_paiement = '.((int) $this->id); dol_syslog($sql); $result = $this->db->query($sql); if ($result) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiement'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog($sql); $result = $this->db->query($sql); if (!$result) { @@ -756,7 +756,7 @@ class Paiement extends CommonObject { // phpcs:enable $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.((int) $id_bank); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::update_fk_bank', LOG_DEBUG); $result = $this->db->query($sql); @@ -956,7 +956,7 @@ class Paiement extends CommonObject { $sql = 'SELECT pf.fk_facture'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf, '.MAIN_DB_PREFIX.'facture as f'; // We keep link on invoice to allow use of some filters on invoice - $sql .= ' WHERE pf.fk_facture = f.rowid AND pf.fk_paiement = '.$this->id; + $sql .= ' WHERE pf.fk_facture = f.rowid AND pf.fk_paiement = '.((int) $this->id); if ($filter) { $sql .= ' AND '.$filter; } @@ -989,7 +989,7 @@ class Paiement extends CommonObject { $sql = 'SELECT pf.fk_facture, pf.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf'; - $sql .= ' WHERE pf.fk_paiement = '.$this->id; + $sql .= ' WHERE pf.fk_paiement = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $i = 0; diff --git a/htdocs/compta/payment_sc/card.php b/htdocs/compta/payment_sc/card.php index c75974077c3..27a35e83352 100644 --- a/htdocs/compta/payment_sc/card.php +++ b/htdocs/compta/payment_sc/card.php @@ -170,7 +170,7 @@ $sql = 'SELECT f.rowid as scid, f.libelle as label, f.paye, f.amount as sc_amoun $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementcharge as pf,'.MAIN_DB_PREFIX.'chargesociales as f, '.MAIN_DB_PREFIX.'c_chargesociales as pc'; $sql .= ' WHERE pf.fk_charge = f.rowid AND f.fk_type = pc.id'; $sql .= ' AND f.entity = '.$conf->entity; -$sql .= ' AND pf.rowid = '.$object->id; +$sql .= ' AND pf.rowid = '.((int) $object->id); dol_syslog("compta/payment_sc/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/compta/payment_vat/card.php b/htdocs/compta/payment_vat/card.php index 1b615bcbb8d..bfa14009380 100644 --- a/htdocs/compta/payment_vat/card.php +++ b/htdocs/compta/payment_vat/card.php @@ -227,7 +227,7 @@ $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_vat as pf,'.MAIN_DB_PREFIX.'tva as f'; $sql .= ' WHERE pf.fk_tva = f.rowid'; //$sql .= ' AND f.fk_type = pc.id'; $sql .= ' AND f.entity = '.$conf->entity; -$sql .= ' AND pf.rowid = '.$object->id; +$sql .= ' AND pf.rowid = '.((int) $object->id); dol_syslog("compta/payment_vat/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/compta/sociales/class/cchargesociales.class.php b/htdocs/compta/sociales/class/cchargesociales.class.php index ee9a270b283..d03132b04f7 100644 --- a/htdocs/compta/sociales/class/cchargesociales.class.php +++ b/htdocs/compta/sociales/class/cchargesociales.class.php @@ -329,7 +329,7 @@ class Cchargesociales if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE id='.$this->id; + $sql .= ' WHERE id = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php index 2b80e1bb4f4..a7c6ab2c593 100644 --- a/htdocs/compta/sociales/class/chargesociales.class.php +++ b/htdocs/compta/sociales/class/chargesociales.class.php @@ -642,7 +642,7 @@ class ChargeSociales extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php index a4deec56715..388d0f5a7bf 100644 --- a/htdocs/compta/sociales/list.php +++ b/htdocs/compta/sociales/list.php @@ -209,10 +209,10 @@ if (!empty($search_users)) { $sql .= ' AND cs.fk_user IN('.implode(', ', $search_users).')'; } if (!empty($search_type) && $search_type > 0) { - $sql .= ' AND cs.fk_mode_reglement='.$search_type; + $sql .= ' AND cs.fk_mode_reglement='.((int) $search_type); } if (!empty($search_account) && $search_account > 0) { - $sql .= ' AND cs.fk_account='.$search_account; + $sql .= ' AND cs.fk_account='.((int) $search_account); } if ($search_amount) { $sql .= natural_search("cs.amount", $search_amount, 1); diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index c412072ec89..25fcee08e57 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -768,7 +768,7 @@ class Tva extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= ' WHERE '.$field.' = '.((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/contact/ldap.php b/htdocs/contact/ldap.php index 6677a7b17d7..79696d12997 100644 --- a/htdocs/contact/ldap.php +++ b/htdocs/contact/ldap.php @@ -178,7 +178,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } $ldap->unbind(); diff --git a/htdocs/core/ajax/ajaxdirpreview.php b/htdocs/core/ajax/ajaxdirpreview.php index 09292dd4991..810a23957fd 100644 --- a/htdocs/core/ajax/ajaxdirpreview.php +++ b/htdocs/core/ajax/ajaxdirpreview.php @@ -328,7 +328,7 @@ if ($type == 'directory') { if ($section) { $param .= '§ion='.$section; if (isset($search_doc_ref) && $search_doc_ref != '') { - $param .= '&search_doc_ref='.$search_doc_ref; + $param .= '&search_doc_ref='.urlencode($search_doc_ref); } $textifempty = $langs->trans('NoFileFound'); diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index 605ffec63bd..65988c9cdf0 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -132,7 +132,7 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT sum(amount) as amount, sum(multicurrency_amount) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= ' WHERE '.$field.' = '.((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); @@ -227,7 +227,7 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE fk_facture_source = '.$this->id; + $sql .= ' WHERE fk_facture_source = '.((int) $this->id); $sql .= ' AND type = 2'; $resql = $this->db->query($sql); if ($resql) { @@ -254,7 +254,7 @@ abstract class CommonInvoice extends CommonObject { $sql = 'SELECT rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE fk_facture_source = '.$this->id; + $sql .= ' WHERE fk_facture_source = '.((int) $this->id); $sql .= ' AND type < 2'; if ($option == 'validated') { $sql .= ' AND fk_statut = 1'; @@ -308,7 +308,7 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT p.ref, pf.amount, pf.multicurrency_amount, p.fk_paiement, p.datep, p.num_paiement as num, t.code'.$field3; $sql .= ' FROM '.MAIN_DB_PREFIX.$table.' as pf, '.MAIN_DB_PREFIX.$table2.' as p, '.MAIN_DB_PREFIX.'c_paiement as t'; - $sql .= ' WHERE pf.'.$field.' = '.$this->id; + $sql .= ' WHERE pf.'.$field.' = '.((int) $this->id); //$sql.= ' WHERE pf.'.$field.' = 1'; $sql .= ' AND pf.'.$field2.' = p.rowid'; $sql .= ' AND p.fk_paiement = t.id'; @@ -338,12 +338,12 @@ abstract class CommonInvoice extends CommonObject if ($this->element == 'facture' || $this->element == 'invoice') { $sql = 'SELECT rc.amount_ttc as amount, rc.multicurrency_amount_ttc as multicurrency_amount, rc.datec as date, f.ref as ref, rc.description as type'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f'; - $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$this->id; + $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.((int) $this->id); $sql .= ' AND (f.type = 2 OR f.type = 0 OR f.type = 3)'; // Find discount coming from credit note or excess received or deposits (payments from deposits are always null except if FACTURE_DEPOSITS_ARE_JUST_PAYMENTS is set) } elseif ($this->element == 'facture_fourn' || $this->element == 'invoice_supplier') { $sql = 'SELECT rc.amount_ttc as amount, rc.multicurrency_amount_ttc as multicurrency_amount, rc.datec as date, f.ref as ref, rc.description as type'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f'; - $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$this->id; + $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.((int) $this->id); $sql .= ' AND (f.type = 2 OR f.type = 0 OR f.type = 3)'; // Find discount coming from credit note or excess received or deposits (payments from deposits are always null except if FACTURE_DEPOSITS_ARE_JUST_PAYMENTS is set) } @@ -700,9 +700,9 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT count(*)'; $sql .= ' FROM '.MAIN_DB_PREFIX.'prelevement_facture_demande'; if ($type == 'bank-transfer') { - $sql .= ' WHERE fk_facture_fourn = '.$this->id; + $sql .= ' WHERE fk_facture_fourn = '.((int) $this->id); } else { - $sql .= ' WHERE fk_facture = '.$this->id; + $sql .= ' WHERE fk_facture = '.((int) $this->id); } $sql .= ' AND ext_payment_id IS NULL'; // To exclude record done for some online payments $sql .= ' AND traite = 0'; @@ -735,16 +735,16 @@ abstract class CommonInvoice extends CommonObject $sql .= 'fk_facture, '; } $sql .= ' amount, date_demande, fk_user_demande, code_banque, code_guichet, number, cle_rib, sourcetype, entity)'; - $sql .= ' VALUES ('.$this->id; - $sql .= ",'".price2num($amount)."'"; - $sql .= ",'".$this->db->idate($now)."'"; - $sql .= ",".$fuser->id; - $sql .= ",'".$this->db->escape($bac->code_banque)."'"; - $sql .= ",'".$this->db->escape($bac->code_guichet)."'"; - $sql .= ",'".$this->db->escape($bac->number)."'"; - $sql .= ",'".$this->db->escape($bac->cle_rib)."'"; - $sql .= ",'".$this->db->escape($sourcetype)."'"; - $sql .= ",".$conf->entity; + $sql .= ' VALUES ('.((int) $this->id); + $sql .= ", ".((float) price2num($amount)); + $sql .= ", '".$this->db->idate($now)."'"; + $sql .= ", ".((int) $fuser->id); + $sql .= ", '".$this->db->escape($bac->code_banque)."'"; + $sql .= ", '".$this->db->escape($bac->code_guichet)."'"; + $sql .= ", '".$this->db->escape($bac->number)."'"; + $sql .= ", '".$this->db->escape($bac->cle_rib)."'"; + $sql .= ", '".$this->db->escape($sourcetype)."'"; + $sql .= ", ".((int) $conf->entity); $sql .= ")"; dol_syslog(get_class($this)."::demande_prelevement", LOG_DEBUG); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index a60e0680536..a4a98da9690 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -2228,7 +2228,7 @@ abstract class CommonObject } else { $sql .= ' SET fk_projet = NULL'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); } dol_syslog(get_class($this)."::setProject", LOG_DEBUG); @@ -2884,7 +2884,7 @@ abstract class CommonObject // Count number of lines to reorder (according to choice $renum) $nl = 0; $sql = 'SELECT count(rowid) FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.'='.$this->id; + $sql .= ' WHERE '.$this->fk_element.'='.((int) $this->id); if (!$renum) { $sql .= ' AND rang = 0'; } @@ -2906,11 +2906,11 @@ abstract class CommonObject // We first search all lines that are parent lines (for multilevel details lines) $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); if ($fk_parent_line) { $sql .= ' AND fk_parent_line IS NULL'; } - $sql .= ' ORDER BY rang ASC, rowid '.$rowidorder; + $sql .= " ORDER BY rang ASC, rowid ".$rowidorder; dol_syslog(get_class($this)."::line_order search all parent lines", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2954,11 +2954,11 @@ abstract class CommonObject $rows = array(); $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND fk_parent_line = '.$id; + $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql .= ' AND fk_parent_line = '.((int) $id); $sql .= ' ORDER BY rang ASC'; - dol_syslog(get_class($this)."::getChildrenOfLine search children lines for line ".$id."", LOG_DEBUG); + dol_syslog(get_class($this)."::getChildrenOfLine search children lines for line ".$id, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql) > 0) { @@ -3075,8 +3075,8 @@ abstract class CommonObject } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND rang = '.($rang - 1); + $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql .= ' AND rang = '.((int) ($rang - 1)); if ($this->db->query($sql)) { $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1)); $sql .= ' WHERE rowid = '.((int) $rowid); @@ -3106,7 +3106,7 @@ abstract class CommonObject } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); $sql .= ' AND rang = '.((int) ($rang + 1)); if ($this->db->query($sql)) { $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1)); @@ -3148,7 +3148,7 @@ abstract class CommonObject public function getIdOfLine($rang) { $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); $sql .= ' AND rang = '.((int) $rang); $resql = $this->db->query($sql); if ($resql) { @@ -3175,8 +3175,8 @@ abstract class CommonObject // Search the last rang with fk_parent_line if ($fk_parent_line) { $sql = 'SELECT max('.$positionfield.') FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND fk_parent_line = '.$fk_parent_line; + $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql .= ' AND fk_parent_line = '.((int) $fk_parent_line); dol_syslog(get_class($this)."::line_max", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3393,7 +3393,7 @@ abstract class CommonObject } $sql .= ', multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); if ($exclspec) { $product_field = 'product_type'; if ($this->table_element_line == 'contratdet') { @@ -3561,7 +3561,7 @@ abstract class CommonObject $sql .= ", multicurrency_total_ht = ".price2num($this->multicurrency_total_ht, 'MT', 1); $sql .= ", multicurrency_total_tva = ".price2num($this->multicurrency_total_tva, 'MT', 1); $sql .= ", multicurrency_total_ttc = ".price2num($this->multicurrency_total_ttc, 'MT', 1); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_price", LOG_DEBUG); $resql = $this->db->query($sql); @@ -5318,7 +5318,7 @@ abstract class CommonObject } if ($update_main_doc_field && !empty($this->table_element)) { $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element." SET last_main_doc = '".$this->db->escape($ecmfile->filepath.'/'.$ecmfile->filename)."'"; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -8827,7 +8827,7 @@ abstract class CommonObject $sql = 'SELECT '.$objectline->getFieldList('l'); $sql .= ' FROM '.MAIN_DB_PREFIX.$objectline->table_element.' as l'; - $sql .= ' WHERE l.fk_'.$this->element.' = '.$this->id; + $sql .= ' WHERE l.fk_'.$this->element.' = '.((int) $this->id); if ($morewhere) { $sql .= $morewhere; } @@ -8973,7 +8973,7 @@ abstract class CommonObject if ($forcechilddeletion) { // Force also delete of childtables that should lock deletion in standard case when option force is off foreach ($this->childtables as $table) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -9022,7 +9022,7 @@ abstract class CommonObject } } else { // Delete record in child table - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/core/class/coreobject.class.php b/htdocs/core/class/coreobject.class.php index 45018cb1d8f..150ace90875 100644 --- a/htdocs/core/class/coreobject.class.php +++ b/htdocs/core/class/coreobject.class.php @@ -183,7 +183,7 @@ class CoreObject extends CommonObject $this->{$className} = array(); - $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$childTable.' WHERE '.$this->fk_element.' = '.$this->id; + $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$childTable.' WHERE '.$this->fk_element.' = '.((int) $this->id); $res = $this->db->query($sql); if ($res) { diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index ddfad586e7c..ea245e82487 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -5274,8 +5274,9 @@ function price($amount, $form = 0, $outlangs = '', $trunc = 1, $rounding = -1, $ * Put 2 if you know that number is a user input (so we know we don't have to fix decimal separator). * @return string Amount with universal numeric format (Example: '99.99999'). * If conversion fails to return a numeric, it returns: - * text unchanged or partial if ($rounding = ''): price2num('W9ç', '', 0) => '9ç', price2num('W9ç', '', 1) => 'W9ç', price2num('W9ç', '', 2) => '9ç' - * '0' if ($rounding is defined): price2num('W9ç', 'MT', 0) => '9', price2num('W9ç', 'MT', 1) => '0', price2num('W9ç', 'MT', 2) => '9' + * - text unchanged or partial if ($rounding = ''): price2num('W9ç', '', 0) => '9ç', price2num('W9ç', '', 1) => 'W9ç', price2num('W9ç', '', 2) => '9ç' + * - '0' if ($rounding is defined): price2num('W9ç', 'MT', 0) => '9', price2num('W9ç', 'MT', 1) => '0', price2num('W9ç', 'MT', 2) => '9' + * Note: The best way to guarantee a numeric value is to add a cast (float) before the price2num(). * If amount is null or '', it returns '' if $rounding = '' or '0' if $rounding is defined. * * @see price() Opposite function of price2num diff --git a/htdocs/core/lib/ticket.lib.php b/htdocs/core/lib/ticket.lib.php index 3aededf6a81..ac3f80e00bc 100644 --- a/htdocs/core/lib/ticket.lib.php +++ b/htdocs/core/lib/ticket.lib.php @@ -959,7 +959,7 @@ function getTicketActionCommEcmList($object) $sql = 'SELECT ecm.rowid as id, ecm.src_object_type, ecm.src_object_id, ecm.filepath, ecm.filename'; $sql .= ' FROM '.MAIN_DB_PREFIX.'ecm_files ecm'; $sql .= ' WHERE ecm.filepath = \'agenda/'.$object->id.'\''; - //$sql.= ' ecm.src_object_type = \''.$object->element.'\' AND ecm.src_object_id = '.$object->id; // Actually upload file doesn't add type + //$sql.= ' ecm.src_object_type = \''.$object->element.'\' AND ecm.src_object_id = '.((int) $object->id); // Actually upload file doesn't add type $sql .= ' ORDER BY ecm.position ASC'; $resql = $db->query($sql); diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index 6bb4c99b86d..85a95905073 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -1116,7 +1116,7 @@ class Don extends CommonObject return -1; } - $sql = 'SELECT SUM(amount) as sum_amount FROM '.MAIN_DB_PREFIX.'payment_donation WHERE fk_donation = '.$this->id; + $sql = 'SELECT SUM(amount) as sum_amount FROM '.MAIN_DB_PREFIX.'payment_donation WHERE fk_donation = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { dol_print_error($this->db); diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php index 16df7774470..2a062dcb1f1 100644 --- a/htdocs/emailcollector/class/emailcollector.class.php +++ b/htdocs/emailcollector/class/emailcollector.class.php @@ -675,7 +675,7 @@ class EmailCollector extends CommonObject $sql = 'SELECT rowid, type, rulevalue, status'; $sql .= ' FROM '.MAIN_DB_PREFIX.'emailcollector_emailcollectorfilter'; - $sql .= ' WHERE fk_emailcollector = '.$this->id; + $sql .= ' WHERE fk_emailcollector = '.((int) $this->id); //$sql.= ' ORDER BY position'; $resql = $this->db->query($sql); @@ -707,7 +707,7 @@ class EmailCollector extends CommonObject $sql = 'SELECT rowid, type, actionparam, status'; $sql .= ' FROM '.MAIN_DB_PREFIX.'emailcollector_emailcollectoraction'; - $sql .= ' WHERE fk_emailcollector = '.$this->id; + $sql .= ' WHERE fk_emailcollector = '.((int) $this->id); $sql .= ' ORDER BY position'; $resql = $this->db->query($sql); diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index 42d290aa02f..049ef7832b0 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -2162,7 +2162,7 @@ class Expedition extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'expedition SET fk_statut='.self::STATUS_CLOSED; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0'; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0'; $resql = $this->db->query($sql); if ($resql) { @@ -2307,7 +2307,7 @@ class Expedition extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'expedition SET fk_statut=2, billed=1'; // TODO Update only billed - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0'; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0'; $resql = $this->db->query($sql); if ($resql) { @@ -2356,7 +2356,7 @@ class Expedition extends CommonObject $oldbilled = $this->billed; $sql = 'UPDATE '.MAIN_DB_PREFIX.'expedition SET fk_statut=1'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0'; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0'; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index c2b63f9393e..22f29bb1d9e 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -1031,7 +1031,7 @@ class ExpenseReport extends CommonObject $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as de'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_type_fees as ctf ON de.fk_c_type_fees = ctf.id'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet as p ON de.fk_projet = p.rowid'; - $sql .= ' WHERE de.'.$this->fk_element.' = '.$this->id; + $sql .= ' WHERE de.'.$this->fk_element.' = '.((int) $this->id); if (!empty($conf->global->EXPENSEREPORT_LINES_SORTED_BY_ROWID)) { $sql .= ' ORDER BY de.rang ASC, de.rowid ASC'; } else { @@ -1340,7 +1340,7 @@ class ExpenseReport extends CommonObject // Sélection de la date de début de la NDF $sql = 'SELECT date_debut'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); @@ -1351,7 +1351,7 @@ class ExpenseReport extends CommonObject if ($this->status != self::STATUS_VALIDATED) { $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= " SET fk_statut = ".self::STATUS_VALIDATED; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::set_save_from_refuse", LOG_DEBUG); @@ -1386,7 +1386,7 @@ class ExpenseReport extends CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_APPROVED.", fk_user_approve = ".((int) $fuser->id).","; $sql .= " date_approve='".$this->db->idate($this->date_approve)."'"; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$notrigger) { // Call trigger @@ -1438,7 +1438,7 @@ class ExpenseReport extends CommonObject $sql .= " date_refuse='".$this->db->idate($now)."',"; $sql .= " detail_refuse='".$this->db->escape($details)."',"; $sql .= " fk_user_approve = NULL"; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->fk_statut = 99; // deprecated $this->status = 99; @@ -1507,7 +1507,7 @@ class ExpenseReport extends CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= " SET paid = 0, fk_statut = ".self::STATUS_APPROVED; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::set_unpaid", LOG_DEBUG); @@ -1561,7 +1561,7 @@ class ExpenseReport extends CommonObject $sql .= " SET fk_statut = ".self::STATUS_CANCELED.", fk_user_cancel = ".((int) $fuser->id); $sql .= ", date_cancel='".$this->db->idate($this->date_cancel)."'"; $sql .= " ,detail_cancel='".$this->db->escape($detail)."'"; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::set_cancel", LOG_DEBUG); @@ -2525,7 +2525,7 @@ class ExpenseReport extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= ' WHERE '.$field.' = '.((int) $this->id); dol_syslog(get_class($this)."::getSumPayments", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2759,15 +2759,15 @@ class ExpenseReportLine $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'expensereport e ON (d.fk_expensereport = e.rowid)'; $sql .= ' WHERE e.fk_user_author = '.((int) $fk_user); if (!empty($this->id)) { - $sql .= ' AND d.rowid <> '.$this->id; + $sql .= ' AND d.rowid <> '.((int) $this->id); } $sql .= ' AND d.fk_c_type_fees = '.((int) $rule->fk_c_type_fees); if ($mode == 'day' || $mode == 'EX_DAY') { $sql .= " AND d.date = '".dol_print_date($this->date, '%Y-%m-%d')."'"; } elseif ($mode == 'mon' || $mode == 'EX_MON') { - $sql .= ' AND DATE_FORMAT(d.date, \'%Y-%m\') = \''.dol_print_date($this->date, '%Y-%m').'\''; // @todo DATE_FORMAT is forbidden + $sql .= " AND DATE_FORMAT(d.date, '%Y-%m') = '".dol_print_date($this->date, '%Y-%m')."'"; // @todo DATE_FORMAT is forbidden } elseif ($mode == 'year' || $mode == 'EX_YEA') { - $sql .= ' AND DATE_FORMAT(d.date, \'%Y\') = \''.dol_print_date($this->date, '%Y').'\''; // @todo DATE_FORMAT is forbidden + $sql .= " AND DATE_FORMAT(d.date, '%Y') = '".dol_print_date($this->date, '%Y')."'"; // @todo DATE_FORMAT is forbidden } dol_syslog('ExpenseReportLine::getExpAmount'); diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index 1b647af00a6..243545dd14b 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -1279,7 +1279,7 @@ if ($action == 'create') { $sql = 'SELECT ft.rowid, ft.description, ft.fk_fichinter, ft.duree, ft.rang,'; $sql .= ' ft.date as date_intervention'; $sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet as ft'; - $sql .= ' WHERE ft.fk_fichinter = '.$object->id; + $sql .= ' WHERE ft.fk_fichinter = '.((int) $object->id); if (!empty($conf->global->FICHINTER_HIDE_EMPTY_DURATION)) { $sql .= ' AND ft.duree <> 0'; } diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php index 9aec232cf0a..d23c25253ac 100644 --- a/htdocs/fichinter/class/fichinterrec.class.php +++ b/htdocs/fichinter/class/fichinterrec.class.php @@ -356,7 +356,7 @@ class FichinterRec extends Fichinter $sql .= ' p.label as product_label, p.description as product_desc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet_rec as l'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; - $sql .= ' WHERE l.fk_fichinter = '.$this->id; + $sql .= ' WHERE l.fk_fichinter = '.((int) $this->id); dol_syslog('FichInter-rec::fetch_lines', LOG_DEBUG); $result = $this->db->query($sql); @@ -718,7 +718,7 @@ class FichinterRec extends Fichinter if (!empty($unit)) { $sql .= ', unit_frequency = "'.$this->db->escape($unit).'"'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setFrequencyAndUnit", LOG_DEBUG); if ($this->db->query($sql)) { @@ -751,7 +751,7 @@ class FichinterRec extends Fichinter if ($increment_nb_gen_done > 0) { $sql .= ', nb_gen_done = nb_gen_done + 1'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setNextDate", LOG_DEBUG); if ($this->db->query($sql)) { @@ -844,7 +844,7 @@ class FichinterRec extends Fichinter $sql .= ' , statut = 1'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/fourn/card.php b/htdocs/fourn/card.php index f37e96ba602..599242375d2 100644 --- a/htdocs/fourn/card.php +++ b/htdocs/fourn/card.php @@ -519,7 +519,7 @@ if ($object->id > 0) { $sql .= ' FROM '.MAIN_DB_PREFIX.'product_fournisseur_price as pfp'; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = pfp.fk_product"; $sql .= ' WHERE p.entity IN ('.getEntity('product').')'; - $sql .= ' AND pfp.fk_soc = '.$object->id; + $sql .= ' AND pfp.fk_soc = '.((int) $object->id); $sql .= $db->order('pfp.tms', 'desc'); $sql .= $db->plimit($MAXLIST); @@ -658,7 +658,7 @@ if ($object->id > 0) { $sql2 .= ', '.MAIN_DB_PREFIX.'commande_fournisseur as c'; $sql2 .= ' WHERE c.fk_soc = s.rowid'; $sql2 .= " AND c.entity IN (".getEntity('commande_fournisseur').")"; - $sql2 .= ' AND s.rowid = '.$object->id; + $sql2 .= ' AND s.rowid = '.((int) $object->id); // Show orders we can bill if (empty($conf->global->SUPPLIER_ORDER_TO_INVOICE_STATUS)) { $sql2 .= " AND c.fk_statut IN (".$db->sanitize(CommandeFournisseur::STATUS_RECEIVED_COMPLETELY).")"; // Must match filter in htdocs/fourn/commande/list.php @@ -758,7 +758,7 @@ if ($object->id > 0) { $sql .= ' SUM(pf.amount) as am'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn as f'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON f.rowid=pf.fk_facturefourn'; - $sql .= ' WHERE f.fk_soc = '.$object->id; + $sql .= ' WHERE f.fk_soc = '.((int) $object->id); $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; $sql .= ' GROUP BY f.rowid,f.libelle,f.ref,f.ref_supplier,f.fk_statut,f.datef,f.total_ht,f.total_tva,f.total_ttc,f.paye'; $sql .= ' ORDER BY f.datef DESC'; diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 4b74b596be5..9d965ee034e 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -930,7 +930,7 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur SET billed = 1'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT; if ($this->db->query($sql)) { if (!$error) { @@ -3399,12 +3399,12 @@ class CommandeFournisseur extends CommonOrder $sql .= ' cfd.fk_reception = e.rowid AND'; } $sql .= ' cfd.fk_commandefourndet = cd.rowid'; - $sql .= ' AND cd.fk_commande ='.$this->id; + $sql .= ' AND cd.fk_commande ='.((int) $this->id); if ($this->fk_product > 0) { - $sql .= ' AND cd.fk_product = '.$this->fk_product; + $sql .= ' AND cd.fk_product = '.((int) $this->fk_product); } if ($filtre_statut >= 0) { - $sql .= ' AND e.fk_statut >= '.$filtre_statut; + $sql .= ' AND e.fk_statut >= '.((int) $filtre_statut); } $sql .= ' GROUP BY cd.rowid, cd.fk_product'; diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index e8ec417edd7..b97bf5485fa 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -818,7 +818,7 @@ class FactureFournisseur extends CommonInvoice $sql .= ', f.fk_code_ventilation, f.fk_multicurrency, f.multicurrency_code, f.multicurrency_subprice, f.multicurrency_total_ht, f.multicurrency_total_tva, f.multicurrency_total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn_det as f'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON f.fk_product = p.rowid'; - $sql .= ' WHERE fk_facture_fourn='.$this->id; + $sql .= ' WHERE fk_facture_fourn='.((int) $this->id); $sql .= ' ORDER BY f.rang, f.rowid'; dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG); @@ -1491,7 +1491,7 @@ class FactureFournisseur extends CommonInvoice if ($close_note) { $sql .= ", close_note='".$this->db->escape($close_note)."'"; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1499,7 +1499,7 @@ class FactureFournisseur extends CommonInvoice // as they have not been used since the invoice is abandoned. $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_invoice_supplier = NULL'; - $sql .= ' WHERE fk_invoice_supplier = '.$this->id; + $sql .= ' WHERE fk_invoice_supplier = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -3317,7 +3317,7 @@ class SupplierInvoiceLine extends CommonObjectLine if (!$error) { // Supprime ligne $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facture_fourn_det '; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php index 28ef8025a98..2227e2b8c0a 100644 --- a/htdocs/fourn/class/paiementfourn.class.php +++ b/htdocs/fourn/class/paiementfourn.class.php @@ -398,11 +398,11 @@ class PaiementFourn extends Paiement // Efface la ligne de paiement (dans paiement_facture et paiement) $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn'; - $sql .= ' WHERE fk_paiementfourn = '.$this->id; + $sql .= ' WHERE fk_paiementfourn = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiementfourn'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { $this->error = $this->db->error(); @@ -484,16 +484,16 @@ class PaiementFourn extends Paiement /** * Return list of supplier invoices the payment point to * - * @param string $filter SQL filter + * @param string $filter SQL filter. Warning: This value must not come from a user input. * @return array Array of supplier invoice id */ public function getBillsArray($filter = '') { $sql = 'SELECT fk_facturefourn'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf, '.MAIN_DB_PREFIX.'facture_fourn as f'; - $sql .= ' WHERE pf.fk_facturefourn = f.rowid AND fk_paiementfourn = '.$this->id; + $sql .= ' WHERE pf.fk_facturefourn = f.rowid AND fk_paiementfourn = '.((int) $this->id); if ($filter) { - $sql .= ' AND '.$filter; + $sql .= " AND ".$filter; } dol_syslog(get_class($this).'::getBillsArray', LOG_DEBUG); diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 6ea356e189e..b981d46b764 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -337,14 +337,14 @@ if (empty($reshook)) { // Currently the "Re-open" also remove the billed flag because there is no button "Set unpaid" yet. $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur'; $sql .= ' SET billed = 0'; - $sql .= ' WHERE rowid = '.$object->id; + $sql .= ' WHERE rowid = '.((int) $object->id); $resql = $db->query($sql); if ($newstatus == 0) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur'; $sql .= ' SET fk_user_approve = null, fk_user_approve2 = null, date_approve = null, date_approve2 = null'; - $sql .= ' WHERE rowid = '.$object->id; + $sql .= ' WHERE rowid = '.((int) $object->id); $resql = $db->query($sql); } diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 2f3fb2b0078..4912419d979 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -578,7 +578,7 @@ if (empty($reshook)) { $sql = 'SELECT SUM(pf.amount) as total_paiements'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf, '.MAIN_DB_PREFIX.'paiementfourn as p'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id AND c.entity IN ('.getEntity('c_paiement').')'; - $sql .= ' WHERE pf.fk_facturefourn = '.$object->id; + $sql .= ' WHERE pf.fk_facturefourn = '.((int) $object->id); $sql .= ' AND pf.fk_paiementfourn = p.rowid'; $sql .= ' AND p.entity IN ('.getEntity('invoice').')'; @@ -3018,7 +3018,7 @@ if ($action == 'create') { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON pf.fk_paiementfourn = p.rowid'; - $sql .= ' WHERE pf.fk_facturefourn = '.$object->id; + $sql .= ' WHERE pf.fk_facturefourn = '.((int) $object->id); $sql .= ' ORDER BY p.datep, p.tms'; $result = $db->query($sql); diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index d6f07426a04..527cd851709 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -549,7 +549,7 @@ if ($search_montant_ttc != '') { $sql .= natural_search('f.total_ttc', $search_montant_ttc, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND f.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND f.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('f.multicurrency_tx', $search_multicurrency_tx, 1); diff --git a/htdocs/fourn/paiement/card.php b/htdocs/fourn/paiement/card.php index ccc29105e4f..708fa266f0a 100644 --- a/htdocs/fourn/paiement/card.php +++ b/htdocs/fourn/paiement/card.php @@ -259,7 +259,7 @@ if ($result > 0) { $sql .= ' pf.amount, s.nom as name, s.rowid as socid'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf,'.MAIN_DB_PREFIX.'facture_fourn as f,'.MAIN_DB_PREFIX.'societe as s'; $sql .= ' WHERE pf.fk_facturefourn = f.rowid AND f.fk_soc = s.rowid'; - $sql .= ' AND pf.fk_paiementfourn = '.$object->id; + $sql .= ' AND pf.fk_paiementfourn = '.((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index 2e51b3871a9..ffd745e263f 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -651,7 +651,7 @@ class Loan extends CommonObject $sql = 'SELECT sum(amount_capital) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= ' WHERE '.$field.' = '.((int) $this->id); dol_syslog(get_class($this)."::getSumPayment", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index 2eee13fd879..3319ca1909d 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -345,6 +345,13 @@ $sql .= $hookmanager->resPrint; $sql = preg_replace('/,\s*$/', '', $sql); */ +// Add HAVING from hooks +/* +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook +$sql .= !empty($hookmanager->resPrint) ? (" HAVING 1=1 " . $hookmanager->resPrint) : ""; +*/ + // Count total nb of records $nbtotalofrecords = ''; if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index bc5e8eca58a..7176d574dab 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -502,7 +502,7 @@ class Mo extends CommonObject if ($lineid > 0) { $sql .= ' AND t.fk_mrp_production = '.((int) $lineid); } else { - $sql .= 'AND t.fk_mo = '.$this->id; + $sql .= 'AND t.fk_mo = '.((int) $this->id); } $resql = $this->db->query($sql); @@ -627,7 +627,7 @@ class Mo extends CommonObject if (!$error) { // TODO Check that production has not started. If yes, we stop here. - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'mrp_production WHERE fk_mo = '.$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'mrp_production WHERE fk_mo = '.((int) $this->id); $this->db->query($sql); $moline = new MoLine($this->db); diff --git a/htdocs/multicurrency/class/multicurrency.class.php b/htdocs/multicurrency/class/multicurrency.class.php index 5067a6e91d5..8c2e01f9ceb 100644 --- a/htdocs/multicurrency/class/multicurrency.class.php +++ b/htdocs/multicurrency/class/multicurrency.class.php @@ -245,7 +245,7 @@ class MultiCurrency extends CommonObject { $sql = 'SELECT cr.rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as cr'; - $sql .= ' WHERE cr.fk_multicurrency = '.$this->id; + $sql .= ' WHERE cr.fk_multicurrency = '.((int) $this->id); $sql .= ' ORDER BY cr.date_sync DESC'; $this->rates = array(); @@ -479,8 +479,8 @@ class MultiCurrency extends CommonObject { $sql = 'SELECT cr.rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as cr'; - $sql .= ' WHERE cr.fk_multicurrency = '.$this->id; - $sql .= ' AND cr.date_sync = (SELECT MAX(cr2.date_sync) FROM '.MAIN_DB_PREFIX.$this->table_element_line.' AS cr2 WHERE cr2.fk_multicurrency = '.$this->id.')'; + $sql .= ' WHERE cr.fk_multicurrency = '.((int) $this->id); + $sql .= ' AND cr.date_sync = (SELECT MAX(cr2.date_sync) FROM '.MAIN_DB_PREFIX.$this->table_element_line.' AS cr2 WHERE cr2.fk_multicurrency = '.((int) $this->id).')'; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/inventory/class/inventory.class.php b/htdocs/product/inventory/class/inventory.class.php index 9fb74c96f83..e17a1fd418f 100644 --- a/htdocs/product/inventory/class/inventory.class.php +++ b/htdocs/product/inventory/class/inventory.class.php @@ -266,7 +266,7 @@ class Inventory extends CommonObject if ($this->status == self::STATUS_DRAFT) { // Delete inventory - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'inventorydet WHERE fk_inventory = '.$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'inventorydet WHERE fk_inventory = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -349,7 +349,7 @@ class Inventory extends CommonObject $this->db->begin(); // Delete inventory - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'inventorydet WHERE fk_inventory = '.$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'inventorydet WHERE fk_inventory = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index 01968855836..1147869a716 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -116,7 +116,7 @@ if ($action == 'update' && !empty($user->rights->stock->mouvement->creer)) { $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; - $sql .= ' WHERE id.fk_inventory = '.$object->id; + $sql .= ' WHERE id.fk_inventory = '.((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -168,7 +168,7 @@ if ($action =='updateinventorylines' && $permissiontoadd) { $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; - $sql .= ' WHERE id.fk_inventory = '.$object->id; + $sql .= ' WHERE id.fk_inventory = '.((int) $object->id); $db->begin(); diff --git a/htdocs/projet/activity/perday.php b/htdocs/projet/activity/perday.php index 8897f9550a3..29a3c40209c 100644 --- a/htdocs/projet/activity/perday.php +++ b/htdocs/projet/activity/perday.php @@ -310,7 +310,7 @@ if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('formfilterac setEventMessages($langs->trans("RecordSaved"), null, 'mesgs'); // Redirect to avoid submit twice on back - header('Location: '.$_SERVER["PHP_SELF"].'?'.($projectid ? 'id='.$projectid : '').($search_usertoprocessid ? '&search_usertoprocessid='.$search_usertoprocessid : '').($mode ? '&mode='.$mode : '').'&year='.$yearofday.'&month='.$monthofday.'&day='.$dayofday); + header('Location: '.$_SERVER["PHP_SELF"].'?'.($projectid ? 'id='.$projectid : '').($search_usertoprocessid ? '&search_usertoprocessid='.urlencode($search_usertoprocessid) : '').($mode ? '&mode='.$mode : '').'&year='.$yearofday.'&month='.$monthofday.'&day='.$dayofday); exit; } } else { diff --git a/htdocs/projet/activity/permonth.php b/htdocs/projet/activity/permonth.php index 97c54b73675..1fae2fe0300 100644 --- a/htdocs/projet/activity/permonth.php +++ b/htdocs/projet/activity/permonth.php @@ -334,12 +334,12 @@ llxHeader("", $title, "", '', '', '', array('/core/js/timesheet.js')); //print_barre_liste($title, $page, $_SERVER["PHP_SELF"], "", $sortfield, $sortorder, "", $num, '', 'title_project'); $param = ''; -$param .= ($mode ? '&mode='.$mode : ''); -$param .= ($search_project_ref ? '&search_project_ref='.$search_project_ref : ''); -$param .= ($search_usertoprocessid > 0 ? '&search_usertoprocessid='.$search_usertoprocessid : ''); -$param .= ($search_thirdparty ? '&search_thirdparty='.$search_thirdparty : ''); -$param .= ($search_task_ref ? '&search_task_ref='.$search_task_ref : ''); -$param .= ($search_task_label ? '&search_task_label='.$search_task_label : ''); +$param .= ($mode ? '&mode='.urlencode($mode) : ''); +$param .= ($search_project_ref ? '&search_project_ref='.urlencode($search_project_ref) : ''); +$param .= ($search_usertoprocessid > 0 ? '&search_usertoprocessid='.urlencode($search_usertoprocessid) : ''); +$param .= ($search_thirdparty ? '&search_thirdparty='.urlencode($search_thirdparty) : ''); +$param .= ($search_task_ref ? '&search_task_ref='.urlencode($search_task_ref) : ''); +$param .= ($search_task_label ? '&search_task_label='.urlencode($search_task_label) : ''); // Show navigation bar $nav = ''.img_previous($langs->trans("Previous"))."\n"; diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index 948822c1983..6a4301d86df 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -1034,7 +1034,7 @@ class Reception extends CommonObject { // phpcs:enable dol_include_once('/fourn/class/fournisseur.commande.dispatch.class.php'); - $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch WHERE fk_reception='.$this->id; + $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch WHERE fk_reception='.((int) $this->id); $resql = $this->db->query($sql); if (!empty($resql)) { @@ -1445,7 +1445,7 @@ class Reception extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'reception SET fk_statut='.self::STATUS_CLOSED; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0'; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0'; $resql = $this->db->query($sql); if ($resql) { @@ -1590,7 +1590,7 @@ class Reception extends CommonObject $this->setClosed(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'reception SET billed=1'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0'; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0'; $resql = $this->db->query($sql); if ($resql) { @@ -1630,7 +1630,7 @@ class Reception extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'reception SET fk_statut=1, billed=0'; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0'; + $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0'; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index 17274813ef5..c434e73ec08 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -468,7 +468,7 @@ class Salary extends CommonObject { // phpcs:enable $sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.((int) $id_bank); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { return 1; @@ -570,7 +570,7 @@ class Salary extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.$this->id; + $sql .= ' WHERE '.$field.' = '.((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/salaries/payment_salary/card.php b/htdocs/salaries/payment_salary/card.php index 5f05c1d98b7..e4364f6727f 100644 --- a/htdocs/salaries/payment_salary/card.php +++ b/htdocs/salaries/payment_salary/card.php @@ -180,7 +180,7 @@ $sql = 'SELECT f.rowid as scid, f.label, f.paye, f.amount as sc_amount, ps.amoun $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_salary as ps,'.MAIN_DB_PREFIX.'salary as f'; $sql .= ' WHERE ps.fk_salary = f.rowid'; $sql .= ' AND f.entity = '.$conf->entity; -$sql .= ' AND ps.rowid = '.$object->id; +$sql .= ' AND ps.rowid = '.((int) $object->id); dol_syslog("payment_salary/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/stripe/class/actions_stripe.class.php b/htdocs/stripe/class/actions_stripe.class.php index e44f3480042..f1a7a5c7877 100644 --- a/htdocs/stripe/class/actions_stripe.class.php +++ b/htdocs/stripe/class/actions_stripe.class.php @@ -173,7 +173,7 @@ class ActionsStripeconnect // On verifie si la facture a des paiements $sql = 'SELECT pf.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf'; - $sql .= ' WHERE pf.fk_facture = '.$object->id; + $sql .= ' WHERE pf.fk_facture = '.((int) $object->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 6b76cf23af6..e35051829cb 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -2565,7 +2565,7 @@ class SupplierProposal extends CommonObject $sql .= ' pt.fk_multicurrency, pt.multicurrency_code, pt.multicurrency_subprice, pt.multicurrency_total_ht, pt.multicurrency_total_tva, pt.multicurrency_total_ttc, pt.fk_unit'; $sql .= ' FROM '.MAIN_DB_PREFIX.'supplier_proposaldet as pt'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON pt.fk_product=p.rowid'; - $sql .= ' WHERE pt.fk_supplier_proposal = '.$this->id; + $sql .= ' WHERE pt.fk_supplier_proposal = '.((int) $this->id); $sql .= ' ORDER BY pt.rang ASC, pt.rowid'; dol_syslog(get_class($this).'::getLinesArray', LOG_DEBUG); @@ -3045,8 +3045,8 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " ".price2num($this->total_ttc).","; $sql .= " ".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null").","; $sql .= " ".(isset($this->pa_ht) ? "'".price2num($this->pa_ht)."'" : "null").","; - $sql .= ' '.$this->special_code.','; - $sql .= ' '.$this->rang.','; + $sql .= ' '.((int) $this->special_code).','; + $sql .= ' '.((int) $this->rang).','; $sql .= " '".$this->db->escape($this->ref_fourn)."'"; $sql .= ", ".($this->fk_multicurrency > 0 ? $this->fk_multicurrency : 'null'); $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; diff --git a/htdocs/user/group/ldap.php b/htdocs/user/group/ldap.php index 458978d25ea..e02eb3e25d0 100644 --- a/htdocs/user/group/ldap.php +++ b/htdocs/user/group/ldap.php @@ -189,7 +189,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } $ldap->unbind(); $ldap->close(); diff --git a/htdocs/user/ldap.php b/htdocs/user/ldap.php index e6cee6f6f73..e8ceef77b0a 100644 --- a/htdocs/user/ldap.php +++ b/htdocs/user/ldap.php @@ -194,7 +194,7 @@ if ($result > 0) { $result = show_ldap_content($records, 0, $records['count'], true); } } else { - print ''.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')'; + print ''.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')'; } $ldap->unbind(); diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 4e19c057fd0..0c9ced5e68f 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -1252,7 +1252,7 @@ class Website extends CommonObject // Read record of website that has been updated by the run_sql function previously called so we can get the // value of fk_default_home that is ID of home page - $sql = 'SELECT fk_default_home FROM '.MAIN_DB_PREFIX.'website WHERE rowid = '.$object->id; + $sql = 'SELECT fk_default_home FROM '.MAIN_DB_PREFIX.'website WHERE rowid = '.((int) $object->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 23be98a3b8c..ffda0802c51 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -2857,7 +2857,7 @@ if (!GETPOST('hide_websitemenu')) { $pagepreviousid = 0; $pagenextid = 0; if ($pageid) { - $sql = 'SELECT MAX(rowid) as pagepreviousid FROM '.MAIN_DB_PREFIX.'website_page WHERE rowid < '.$pageid.' AND fk_website = '.$object->id; + $sql = 'SELECT MAX(rowid) as pagepreviousid FROM '.MAIN_DB_PREFIX.'website_page WHERE rowid < '.$pageid.' AND fk_website = '.((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -2867,7 +2867,7 @@ if (!GETPOST('hide_websitemenu')) { } else { dol_print_error($db); } - $sql = 'SELECT MIN(rowid) as pagenextid FROM '.MAIN_DB_PREFIX.'website_page WHERE rowid > '.$pageid.' AND fk_website = '.$object->id; + $sql = 'SELECT MIN(rowid) as pagenextid FROM '.MAIN_DB_PREFIX.'website_page WHERE rowid > '.$pageid.' AND fk_website = '.((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); From 11096a54539045081a758a1fdfec76320a09e013 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 00:53:13 +0200 Subject: [PATCH 137/215] Add hook checkSecureAccess. It replaces mymodule_SUBPERMCATEGORY_FOR_DOCUMENTS and mymodule_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS --- htdocs/core/lib/files.lib.php | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 330e260a327..ba4b115e830 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2269,8 +2269,9 @@ function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('( */ function dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser = '', $refname = '', $mode = 'read') { - global $conf, $db, $user; + global $conf, $db, $user, $hookmanager; global $dolibarr_main_data_root, $dolibarr_main_document_root_alt; + global $object; if (!is_object($fuser)) { $fuser = $user; @@ -2927,6 +2928,25 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, } } + $parameters = array( + 'modulepart' => $modulepart, + 'original_file' => $original_file, + 'entity' => $entity, + 'fuser' => $fuser, + 'refname' => '', + 'mode' => $mode + ); + $reshook = $hookmanager->executeHooks('checkSecureAccess', $parameters, $object); + if ($reshook > 0) { + if (!empty($hookmanager->resArray['accessallowed'])) { + $accessallowed = $hookmanager->resArray['accessallowed']; + } + if (!empty($hookmanager->resArray['sqlprotectagainstexternals'])) { + $sqlprotectagainstexternals = $hookmanager->resArray['sqlprotectagainstexternals']; + } + } + + /* // For modules who wants to manage different levels of permissions for documents $subPermCategoryConstName = strtoupper($modulepart).'_SUBPERMCATEGORY_FOR_DOCUMENTS'; if (!empty($conf->global->$subPermCategoryConstName)) { @@ -2939,9 +2959,11 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, // Define $sqlprotectagainstexternals for modules who want to protect access using a SQL query. $sqlProtectConstName = strtoupper($modulepart).'_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS'; if (!empty($conf->global->$sqlProtectConstName)) { // If module want to define its own $sqlprotectagainstexternals - // Example: mymodule__SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS = "SELECT fk_soc FROM ".MAIN_DB_PREFIX.$modulepart." WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; + // Example: mymodule_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS = "SELECT fk_soc FROM ".MAIN_DB_PREFIX.$modulepart." WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; + // TODO Replace this with a hook eval('$sqlprotectagainstexternals = "'.$conf->global->$sqlProtectConstName.'";'); } + */ } $ret = array( From 51a4d7630f3ac38e57c800a94a9abc6d5a3967d6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 00:55:51 +0200 Subject: [PATCH 138/215] Clean code --- htdocs/compta/facture/class/facture.class.php | 4 +- htdocs/compta/stats/byratecountry.php | 4 +- htdocs/compta/tva/class/tva.class.php | 2 +- htdocs/compta/tva/list.php | 8 +- htdocs/contact/class/contact.class.php | 4 +- htdocs/contact/list.php | 2 +- htdocs/contrat/class/contrat.class.php | 6 +- htdocs/contrat/index.php | 14 +- htdocs/contrat/list.php | 10 +- htdocs/core/ajax/check_notifications.php | 9 +- htdocs/core/boxes/box_services_expired.php | 2 +- htdocs/core/boxes/box_validated_projects.php | 4 +- htdocs/core/class/commoninvoice.class.php | 7 +- htdocs/core/class/commonobject.class.php | 140 +++++++++--------- htdocs/core/class/commonobjectline.class.php | 4 +- htdocs/core/class/coreobject.class.php | 2 +- htdocs/core/class/discount.class.php | 20 +-- htdocs/core/class/dolreceiptprinter.class.php | 4 +- htdocs/core/class/extrafields.class.php | 12 +- htdocs/core/class/hookmanager.class.php | 1 + htdocs/core/class/html.form.class.php | 6 +- htdocs/core/class/html.formmail.class.php | 2 +- htdocs/core/class/utils.class.php | 4 +- htdocs/core/class/validate.class.php | 2 +- htdocs/core/customreports.php | 59 ++++---- htdocs/core/db/pgsql.class.php | 2 +- htdocs/core/db/sqlite3.class.php | 17 +-- htdocs/core/lib/admin.lib.php | 4 +- htdocs/core/lib/company.lib.php | 2 +- htdocs/core/lib/files.lib.php | 19 --- htdocs/core/lib/invoice.lib.php | 4 +- htdocs/core/lib/order.lib.php | 2 +- htdocs/core/lib/propal.lib.php | 2 +- htdocs/core/modules/modFournisseur.class.php | 6 +- htdocs/core/modules/modSociete.class.php | 4 +- .../class/expensereport.class.php | 2 +- htdocs/fichinter/index.php | 2 +- .../fourn/class/fournisseur.facture.class.php | 2 +- htdocs/fourn/commande/index.php | 2 +- htdocs/fourn/paiement/list.php | 2 +- htdocs/loan/class/loan.class.php | 2 +- htdocs/product/stock/replenishorders.php | 2 +- htdocs/salaries/class/salary.class.php | 2 +- htdocs/supplier_proposal/index.php | 2 +- 44 files changed, 193 insertions(+), 219 deletions(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index abb52560d24..bab9be7670c 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -4890,8 +4890,8 @@ class Facture extends CommonInvoice if ($this->statut >= 0) { $fieldname = 'retained_warranty_date_limit'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.(strval($timestamp) != '' ? '\''.$this->db->idate($timestamp).'\'' : 'null'); - $sql .= ' WHERE rowid='.((int) $this->id); + $sql .= " SET ".$fieldname." = ".(strval($timestamp) != '' ? "'".$this->db->idate($timestamp)."'" : 'null'); + $sql .= ' WHERE rowid = '.((int) $this->id); if ($this->db->query($sql)) { $this->retained_warranty_date_limit = $timestamp; diff --git a/htdocs/compta/stats/byratecountry.php b/htdocs/compta/stats/byratecountry.php index 9a9ba40b56a..afc56532fdf 100644 --- a/htdocs/compta/stats/byratecountry.php +++ b/htdocs/compta/stats/byratecountry.php @@ -306,7 +306,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " fd.product_type AS product_type,"; $sql .= " cc.code, cc.label AS country,"; for ($i = 1; $i <= 12; $i++) { - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$i, 'fd.total_ht', '0').") AS month".str_pad($i, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$i, "fd.total_ht", "0").") AS month".str_pad($i, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -393,7 +393,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql2 .= " ffd.product_type AS product_type,"; $sql2 .= " cc.code, cc.label AS country,"; for ($i = 1; $i <= 12; $i++) { - $sql2 .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$i, 'ffd.total_ht', '0').") AS month".str_pad($i, 2, '0', STR_PAD_LEFT).","; + $sql2 .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$i, "ffd.total_ht", "0").") AS month".str_pad($i, 2, "0", STR_PAD_LEFT).","; } $sql2 .= " SUM(ffd.total_ht) as total"; $sql2 .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index 25fcee08e57..38da3c21eae 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -768,7 +768,7 @@ class Tva extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.((int) $this->id); + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/tva/list.php b/htdocs/compta/tva/list.php index 1dc0180bd60..8c12dbfd704 100644 --- a/htdocs/compta/tva/list.php +++ b/htdocs/compta/tva/list.php @@ -161,16 +161,16 @@ if (!empty($search_label)) { $sql .= natural_search('t.label', $search_label); } if (!empty($search_dateend_start)) { - $sql .= ' AND t.datev >= "'.$db->idate($search_dateend_start).'"'; + $sql .= " AND t.datev >= '".$db->idate($search_dateend_start)."'"; } if (!empty($search_dateend_end)) { - $sql .= ' AND t.datev <= "'.$db->idate($search_dateend_end).'"'; + $sql .= " AND t.datev <= '".$db->idate($search_dateend_end)."'"; } if (!empty($search_datepayment_start)) { - $sql .= ' AND t.datep >= "'.$db->idate($search_datepayment_start).'"'; + $sql .= " AND t.datep >= '".$db->idate($search_datepayment_start)."'"; } if (!empty($search_datepayment_end)) { - $sql .= ' AND t.datep <= "'.$db->idate($search_datepayment_end).'"'; + $sql .= " AND t.datep <= '".$db->idate($search_datepayment_end)."'"; } if (!empty($search_type) && $search_type > 0) { $sql .= ' AND t.fk_typepayment = '.((int) $search_type); diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index fd9830f36ca..066ee681f7a 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -388,8 +388,8 @@ class Contact extends CommonObject $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); $clause = "AND"; } - $sql .= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')'; - $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".((int) $user->id)."))"; + $sql .= " ".$clause." sp.entity IN (".getEntity($this->element).")"; + $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat = ".((int) $user->id)."))"; if ($user->socid > 0) { $sql .= " AND sp.fk_soc = ".((int) $user->socid); } diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 3f98f556cb7..7a9bfefb11f 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -478,7 +478,7 @@ if (strlen($search_fax)) { if (!empty($conf->socialnetworks->enabled)) { foreach ($socialnetworks as $key => $value) { if ($value['active'] && strlen($search_[$key])) { - $sql .= ' AND p.socialnetworks LIKE \'%"'.$key.'":"'.$search_[$key].'%\''; + $sql .= " AND p.socialnetworks LIKE '%\"".$key."\":\"".$search_[$key]."%'"; } } } diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 1ce51af2d90..a7a42ca7350 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -1222,7 +1222,7 @@ class Contrat extends CommonObject // Delete llx_ecm_files if (!$error) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id); + $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? "" : "@".$this->module))."' AND src_object_id = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -3257,12 +3257,12 @@ class ContratLigne extends CommonObjectLine $sql .= " '".$this->db->escape($this->info_bits)."',"; $sql .= " ".price2num($this->price_ht).",".price2num($this->remise).","; if ($this->fk_fournprice > 0) { - $sql .= ' '.$this->fk_fournprice.','; + $sql .= ' '.((int) $this->fk_fournprice).','; } else { $sql .= ' null,'; } if ($this->pa_ht > 0) { - $sql .= ' '.price2num($this->pa_ht); + $sql .= ' '.((float) price2num($this->pa_ht)); } else { $sql .= ' null'; } diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index cc3bc87ca54..b85cda094f3 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -99,7 +99,7 @@ $sql .= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid"; $sql .= " AND (cd.statut != 4 OR (cd.statut = 4 AND (cd.date_fin_validite is null or cd.date_fin_validite >= '".$db->idate($now)."')))"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; if ($user->socid) { - $sql .= ' AND c.fk_soc = '.$user->socid; + $sql .= ' AND c.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); @@ -136,7 +136,7 @@ $sql .= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid"; $sql .= " AND (cd.statut = 4 AND cd.date_fin_validite < '".$db->idate($now)."')"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; if ($user->socid) { - $sql .= ' AND c.fk_soc = '.$user->socid; + $sql .= ' AND c.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); @@ -304,11 +304,11 @@ print '
'; // Last modified contracts $max = 5; $sql = 'SELECT '; -$sql .= ' sum('.$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; -$sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,'; -$sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,'; -$sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,'; -$sql .= ' sum('.$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,'; +$sql .= " sum(".$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; +$sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,'; +$sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,'; +$sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,'; +$sql .= " sum(".$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,'; $sql .= " c.rowid as cid, c.ref, c.datec, c.tms, c.statut, s.nom as name, s.rowid as socid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,"; if (!$user->rights->societe->client->voir && !$socid) { diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index 596e86df53e..66d84874d76 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -236,11 +236,11 @@ $sql .= ' s.rowid as socid, s.nom as name, s.name_alias, s.email, s.town, s.zip, $sql .= " typent.code as typent_code,"; $sql .= " state.code_departement as state_code, state.nom as state_name,"; $sql .= " MIN(".$db->ifsql("cd.statut=4", "cd.date_fin_validite", "null").") as lower_planned_end_date,"; -$sql .= ' SUM('.$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; -$sql .= ' SUM('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,'; -$sql .= ' SUM('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,'; -$sql .= ' SUM('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,'; -$sql .= ' SUM('.$db->ifsql("cd.statut=5", 1, 0).') as nb_closed'; +$sql .= " SUM(".$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; +$sql .= " SUM(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,'; +$sql .= " SUM(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,'; +$sql .= " SUM(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,'; +$sql .= " SUM(".$db->ifsql("cd.statut=5", 1, 0).') as nb_closed'; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { diff --git a/htdocs/core/ajax/check_notifications.php b/htdocs/core/ajax/check_notifications.php index 35d10af49b6..bbbc95a19c5 100644 --- a/htdocs/core/ajax/check_notifications.php +++ b/htdocs/core/ajax/check_notifications.php @@ -75,12 +75,9 @@ if ($action == 'stopreminder') { $listofreminderid = GETPOST('listofreminderids', 'intcomma'); // Set the reminder as done - //foreach ($listofreminderidsarray as $listofreminderid) { - // if (empty($listofreminderid)) continue; - //$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'action_reminder WHERE rowid = '.$listofreminderid.' AND fk_user = '.$user->id; $sql = 'UPDATE '.MAIN_DB_PREFIX.'actioncomm_reminder SET status = 1'; $sql .= ' WHERE status = 0 AND rowid IN ('.$db->sanitize($db->escape($listofreminderid)).')'; - $sql .= ' AND fk_user = '.$user->id.' AND entity = '.$conf->entity; + $sql .= ' AND fk_user = '.((int) $user->id).' AND entity = '.((int) $conf->entity); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -149,13 +146,13 @@ if (empty($_SESSION['auto_check_events_not_before']) || $time >= $_SESSION['auto $sql = 'SELECT a.id as id_agenda, a.code, a.datep, a.label, a.location, ar.rowid as id_reminder, ar.dateremind, ar.fk_user as id_user_reminder'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a'; if (!empty($user->conf->MAIN_USER_WANT_ALL_EVENTS_NOTIFICATIONS)) { - $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id; + $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.((int) $user->id); $sql .= ' WHERE a.code <> "AC_OTH_AUTO"'; $sql .= ' AND ('; $sql .= " (ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity; $sql .= ' )'; } else { - $sql .= ' JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id; + $sql .= ' JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.((int) $user->id); $sql .= " AND ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity; } $sql .= $db->order('datep', 'ASC'); diff --git a/htdocs/core/boxes/box_services_expired.php b/htdocs/core/boxes/box_services_expired.php index 95086cdf2a3..433c566ad31 100644 --- a/htdocs/core/boxes/box_services_expired.php +++ b/htdocs/core/boxes/box_services_expired.php @@ -93,7 +93,7 @@ class box_services_expired extends ModeleBoxes $sql .= " AND c.entity = ".$conf->entity; $sql .= " AND c.fk_soc=s.rowid AND cd.fk_contrat=c.rowid AND c.statut > 0"; if ($user->socid) { - $sql .= ' AND c.fk_soc = '.$user->socid; + $sql .= ' AND c.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); diff --git a/htdocs/core/boxes/box_validated_projects.php b/htdocs/core/boxes/box_validated_projects.php index f1fb55878aa..0c4155da6c7 100644 --- a/htdocs/core/boxes/box_validated_projects.php +++ b/htdocs/core/boxes/box_validated_projects.php @@ -157,7 +157,7 @@ class box_validated_projects extends ModeleBoxes ); if ($objp->fk_soc > 0) { - $sql = 'SELECT rowid, nom as name FROM '.MAIN_DB_PREFIX.'societe WHERE rowid ='.$objp->fk_soc; + $sql = 'SELECT rowid, nom as name FROM '.MAIN_DB_PREFIX.'societe WHERE rowid = '.((int) $objp->fk_soc); $resql = $this->db->query($sql); //$socstatic = new Societe($this->db); $obj2 = $this->db->fetch_object($resql); @@ -165,7 +165,7 @@ class box_validated_projects extends ModeleBoxes 'td' => 'class="tdoverflowmax150 maxwidth200onsmartphone"', 'text' => $obj2->name, 'asis' => 1, - 'url' => DOL_URL_ROOT.'/societe/card.php?socid='.$obj2->rowid + 'url' => DOL_URL_ROOT.'/societe/card.php?socid='.urlencode($obj2->rowid) ); } else { $this->info_box_contents[$i][] = array( diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index 65988c9cdf0..dfabfd24ebe 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -132,7 +132,7 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT sum(amount) as amount, sum(multicurrency_amount) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.((int) $this->id); + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); @@ -308,9 +308,8 @@ abstract class CommonInvoice extends CommonObject $sql = 'SELECT p.ref, pf.amount, pf.multicurrency_amount, p.fk_paiement, p.datep, p.num_paiement as num, t.code'.$field3; $sql .= ' FROM '.MAIN_DB_PREFIX.$table.' as pf, '.MAIN_DB_PREFIX.$table2.' as p, '.MAIN_DB_PREFIX.'c_paiement as t'; - $sql .= ' WHERE pf.'.$field.' = '.((int) $this->id); - //$sql.= ' WHERE pf.'.$field.' = 1'; - $sql .= ' AND pf.'.$field2.' = p.rowid'; + $sql .= " WHERE pf.".$field." = ".((int) $this->id); + $sql .= " AND pf.".$field2." = p.rowid"; $sql .= ' AND p.fk_paiement = t.id'; $sql .= ' AND p.entity IN ('.getEntity($sharedentity).')'; if ($filtertype) { diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index a4a98da9690..fce86b080bd 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -2054,7 +2054,7 @@ abstract class CommonObject } if (isset($this->ismultientitymanaged) && !is_numeric($this->ismultientitymanaged)) { $tmparray = explode('@', $this->ismultientitymanaged); - $sql .= ' AND te.'.$tmparray[0].' = '.($tmparray[1] == 'societe' ? 's' : 'parenttable').'.rowid'; // If we need to link to this table to limit select to entity + $sql .= " AND te.".$tmparray[0]." = ".($tmparray[1] == "societe" ? "s" : "parenttable").".rowid"; // If we need to link to this table to limit select to entity } elseif ($restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) { $sql .= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to socid } @@ -2075,13 +2075,13 @@ abstract class CommonObject $sql .= ' AND parenttable.entity IN ('.getEntity($tmparray[1]).')'; } if ($restrictiononfksoc == 1 && $socid && $this->element != 'societe') { - $sql .= ' AND te.fk_soc = '.$socid; + $sql .= ' AND te.fk_soc = '.((int) $socid); } if ($restrictiononfksoc == 2 && $socid && $this->element != 'societe') { - $sql .= ' AND (te.fk_soc = '.$socid.' OR te.fk_soc IS NULL)'; + $sql .= ' AND (te.fk_soc = '.((int) $socid).' OR te.fk_soc IS NULL)'; } if ($restrictiononfksoc && $socid && $this->element == 'societe') { - $sql .= ' AND te.rowid = '.$socid; + $sql .= ' AND te.rowid = '.((int) $socid); } //print 'socid='.$socid.' restrictiononfksoc='.$restrictiononfksoc.' ismultientitymanaged = '.$this->ismultientitymanaged.' filter = '.$filter.' -> '.$sql."
"; @@ -2124,7 +2124,7 @@ abstract class CommonObject } if (isset($this->ismultientitymanaged) && !is_numeric($this->ismultientitymanaged)) { $tmparray = explode('@', $this->ismultientitymanaged); - $sql .= ' AND te.'.$tmparray[0].' = '.($tmparray[1] == 'societe' ? 's' : 'parenttable').'.rowid'; // If we need to link to this table to limit select to entity + $sql .= " AND te.".$tmparray[0]." = ".($tmparray[1] == "societe" ? "s" : "parenttable").".rowid"; // If we need to link to this table to limit select to entity } elseif ($restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) { $sql .= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to socid } @@ -2145,13 +2145,13 @@ abstract class CommonObject $sql .= ' AND parenttable.entity IN ('.getEntity($tmparray[1]).')'; } if ($restrictiononfksoc == 1 && $socid && $this->element != 'societe') { - $sql .= ' AND te.fk_soc = '.$socid; + $sql .= ' AND te.fk_soc = '.((int) $socid); } if ($restrictiononfksoc == 2 && $socid && $this->element != 'societe') { - $sql .= ' AND (te.fk_soc = '.$socid.' OR te.fk_soc IS NULL)'; + $sql .= ' AND (te.fk_soc = '.((int) $socid).' OR te.fk_soc IS NULL)'; } if ($restrictiononfksoc && $socid && $this->element == 'societe') { - $sql .= ' AND te.rowid = '.$socid; + $sql .= ' AND te.rowid = '.((int) $socid); } //print 'socid='.$socid.' restrictiononfksoc='.$restrictiononfksoc.' ismultientitymanaged = '.$this->ismultientitymanaged.' filter = '.$filter.' -> '.$sql."
"; // Rem: Bug in some mysql version: SELECT MIN(rowid) FROM llx_socpeople WHERE rowid > 1 when one row in database with rowid=1, returns 1 instead of null @@ -2206,19 +2206,19 @@ abstract class CommonObject return -1; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; if (!empty($this->fields['fk_project'])) { // Common case if ($projectid) { - $sql .= ' SET fk_project = '.((int) $projectid); + $sql .= " SET fk_project = ".((int) $projectid); } else { - $sql .= ' SET fk_project = NULL'; + $sql .= " SET fk_project = NULL"; } $sql .= ' WHERE rowid = '.((int) $this->id); } elseif ($this->table_element == 'actioncomm') { // Special case for actioncomm if ($projectid) { - $sql .= ' SET fk_project = '.((int) $projectid); + $sql .= " SET fk_project = ".((int) $projectid); } else { - $sql .= ' SET fk_project = NULL'; + $sql .= " SET fk_project = NULL"; } $sql .= ' WHERE id = '.((int) $this->id); } else // Special case for old architecture objects @@ -2266,8 +2266,8 @@ abstract class CommonObject $fieldname = 'fk_typepayment'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; + $sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL'); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2278,7 +2278,7 @@ abstract class CommonObject } return 1; } else { - dol_syslog(get_class($this).'::setPaymentMethods Error '.$sql.' - '.$this->db->error()); + dol_syslog(get_class($this).'::setPaymentMethods Error '.$this->db->error()); $this->error = $this->db->error(); return -1; } @@ -2302,7 +2302,7 @@ abstract class CommonObject $fieldname = 'multicurrency_code'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname." = '".$this->db->escape($code)."'"; + $sql .= " SET ".$fieldname." = '".$this->db->escape($code)."'"; $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2340,7 +2340,7 @@ abstract class CommonObject $fieldname = 'multicurrency_tx'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.((float) $rate); + $sql .= " SET ".$fieldname." = ".((float) $rate); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2548,7 +2548,7 @@ abstract class CommonObject } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); + $sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL'); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2590,7 +2590,7 @@ abstract class CommonObject } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); + $sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL'); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2625,7 +2625,7 @@ abstract class CommonObject $fieldname = 'retained_warranty_fk_cond_reglement'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.((int) $id); + $sql .= " SET ".$fieldname." = ".((int) $id); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2665,7 +2665,7 @@ abstract class CommonObject return 1; } else { $this->error = $this->db->error(); - dol_syslog(get_class($this).'::setDeliveryAddress Error '.$sql.' - '.$this->error); + dol_syslog(get_class($this).'::setDeliveryAddress Error '.$this->error); return -1; } } @@ -2884,7 +2884,7 @@ abstract class CommonObject // Count number of lines to reorder (according to choice $renum) $nl = 0; $sql = 'SELECT count(rowid) FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.'='.((int) $this->id); + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); if (!$renum) { $sql .= ' AND rang = 0'; } @@ -2906,7 +2906,7 @@ abstract class CommonObject // We first search all lines that are parent lines (for multilevel details lines) $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); if ($fk_parent_line) { $sql .= ' AND fk_parent_line IS NULL'; } @@ -2954,7 +2954,7 @@ abstract class CommonObject $rows = array(); $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); $sql .= ' AND fk_parent_line = '.((int) $id); $sql .= ' ORDER BY rang ASC'; @@ -3031,7 +3031,7 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) $rang); $sql .= ' WHERE rowid = '.((int) $rowid); dol_syslog(get_class($this)."::updateRangOfLine", LOG_DEBUG); @@ -3074,11 +3074,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); - $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) $rang); + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); $sql .= ' AND rang = '.((int) ($rang - 1)); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1)); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) ($rang - 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -3105,11 +3105,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); - $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) $rang); + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); $sql .= ' AND rang = '.((int) ($rang + 1)); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1)); + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) ($rang + 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -3148,7 +3148,7 @@ abstract class CommonObject public function getIdOfLine($rang) { $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); $sql .= ' AND rang = '.((int) $rang); $resql = $this->db->query($sql); if ($resql) { @@ -3174,8 +3174,8 @@ abstract class CommonObject // Search the last rang with fk_parent_line if ($fk_parent_line) { - $sql = 'SELECT max('.$positionfield.') FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql = "SELECT max(".$positionfield.") FROM ".MAIN_DB_PREFIX.$this->table_element_line; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); $sql .= ' AND fk_parent_line = '.((int) $fk_parent_line); dol_syslog(get_class($this)."::line_max", LOG_DEBUG); @@ -3190,8 +3190,8 @@ abstract class CommonObject } } else { // If not, search the last rang of element - $sql = 'SELECT max('.$positionfield.') FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; + $sql = "SELECT max(".$positionfield.") FROM ".MAIN_DB_PREFIX.$this->table_element_line; + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); dol_syslog(get_class($this)."::line_max", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3217,7 +3217,7 @@ abstract class CommonObject return -1; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET ref_ext = '".$this->db->escape($ref_ext)."'"; $sql .= " WHERE ".(isset($this->table_rowid) ? $this->table_rowid : 'rowid')." = ".((int) $this->id); @@ -3268,7 +3268,7 @@ abstract class CommonObject } else { $fieldusermod = "fk_user_modif"; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET note".$newsuffix." = ".(!empty($note) ? ("'".$this->db->escape($note)."'") : "NULL"); $sql .= ", ".$fieldusermod." = ".((int) $user->id); $sql .= " WHERE rowid = ".((int) $this->id); @@ -3386,21 +3386,21 @@ abstract class CommonObject $fieldup = 'value_unit'; } - $sql = 'SELECT rowid, qty, '.$fieldup.' as up, remise_percent, total_ht, '.$fieldtva.' as total_tva, total_ttc, '.$fieldlocaltax1.' as total_localtax1, '.$fieldlocaltax2.' as total_localtax2,'; + $sql = "SELECT rowid, qty, ".$fieldup." as up, remise_percent, total_ht, ".$fieldtva." as total_tva, total_ttc, ".$fieldlocaltax1." as total_localtax1, ".$fieldlocaltax2." as total_localtax2,"; $sql .= ' tva_tx as vatrate, localtax1_tx, localtax2_tx, localtax1_type, localtax2_type, info_bits, product_type'; if ($this->table_element_line == 'facturedet') { $sql .= ', situation_percent'; } $sql .= ', multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql .= " WHERE ".$this->fk_element." = ".((int) $this->id); if ($exclspec) { $product_field = 'product_type'; if ($this->table_element_line == 'contratdet') { $product_field = ''; // contratdet table has no product_type field } if ($product_field) { - $sql .= ' AND '.$product_field.' <> 9'; + $sql .= " AND ".$product_field." <> 9"; } } $sql .= ' ORDER by rowid'; // We want to be sure to always use same order of line to not change lines differently when option MAIN_ROUNDOFTOTAL_NOT_TOTALOFROUND is used @@ -3553,14 +3553,14 @@ abstract class CommonObject if (empty($nodatabaseupdate)) { $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET'; - $sql .= " ".$fieldht." = ".price2num($this->total_ht).","; - $sql .= " ".$fieldtva." = ".price2num($this->total_tva).","; - $sql .= " ".$fieldlocaltax1." = ".price2num($this->total_localtax1).","; - $sql .= " ".$fieldlocaltax2." = ".price2num($this->total_localtax2).","; - $sql .= " ".$fieldttc." = ".price2num($this->total_ttc); - $sql .= ", multicurrency_total_ht = ".price2num($this->multicurrency_total_ht, 'MT', 1); - $sql .= ", multicurrency_total_tva = ".price2num($this->multicurrency_total_tva, 'MT', 1); - $sql .= ", multicurrency_total_ttc = ".price2num($this->multicurrency_total_ttc, 'MT', 1); + $sql .= " ".$fieldht." = ".((float) price2num($this->total_ht)).","; + $sql .= " ".$fieldtva." = ".((float) price2num($this->total_tva)).","; + $sql .= " ".$fieldlocaltax1." = ".((float) price2num($this->total_localtax1)).","; + $sql .= " ".$fieldlocaltax2." = ".((float) price2num($this->total_localtax2)).","; + $sql .= " ".$fieldttc." = ".((float) price2num($this->total_ttc)); + $sql .= ", multicurrency_total_ht = ".((float) price2num($this->multicurrency_total_ht, 'MT', 1)); + $sql .= ", multicurrency_total_tva = ".((float) price2num($this->multicurrency_total_tva, 'MT', 1)); + $sql .= ", multicurrency_total_ttc = ".((float) price2num($this->multicurrency_total_ttc, 'MT', 1)); $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_price", LOG_DEBUG); @@ -4038,7 +4038,7 @@ abstract class CommonObject global $db; - $sql = 'SELECT '.$field_select.' FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where); + $sql = "SELECT ".$field_select." FROM ".MAIN_DB_PREFIX.$table_element." WHERE ".$field_where." = ".((int) $fk_object_where); $resql = $db->query($sql); $TRes = array(); @@ -4067,7 +4067,7 @@ abstract class CommonObject global $db; - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where); + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table_element." WHERE ".$field_where." = ".((int) $fk_object_where); $resql = $db->query($sql); if (empty($resql)) { @@ -5317,7 +5317,7 @@ abstract class CommonObject $update_main_doc_field = 1; } if ($update_main_doc_field && !empty($this->table_element)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element." SET last_main_doc = '".$this->db->escape($ecmfile->filepath.'/'.$ecmfile->filename)."'"; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET last_main_doc = '".$this->db->escape($ecmfile->filepath."/".$ecmfile->filename)."'"; $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); @@ -6677,17 +6677,17 @@ abstract class CommonObject //We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra') !== false) { - $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4]; + $sql .= " as main, ".MAIN_DB_PREFIX.$InfoFieldList[0]."_extrafields as extra"; + $sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; } else { - $sqlwhere .= ' WHERE '.$InfoFieldList[4]; + $sqlwhere .= " WHERE ".$InfoFieldList[4]; } } else { $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. if (in_array($InfoFieldList[0], array('tablewithentity'))) { - $sqlwhere .= ' AND entity = '.$conf->entity; + $sqlwhere .= " AND entity = ".((int) $conf->entity); } $sql .= $sqlwhere; //print $sql; @@ -6830,16 +6830,16 @@ abstract class CommonObject // We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra') !== false) { $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4]; + $sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; } else { - $sqlwhere .= ' WHERE '.$InfoFieldList[4]; + $sqlwhere .= " WHERE ".$InfoFieldList[4]; } } else { $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. if (in_array($InfoFieldList[0], array('tablewithentity'))) { - $sqlwhere .= ' AND entity = '.$conf->entity; + $sqlwhere .= " AND entity = ".((int) $conf->entity); } // $sql.=preg_replace('/^ AND /','',$sqlwhere); // print $sql; @@ -8770,8 +8770,8 @@ abstract class CommonObject return 0; } - $sql = 'SELECT '.$fieldlist; - $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; + $sql = "SELECT ".$fieldlist; + $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element.' as t'; if (!empty($id)) { $sql .= ' WHERE t.rowid = '.((int) $id); @@ -8825,9 +8825,9 @@ abstract class CommonObject $objectline = new $objectlineclassname($this->db); - $sql = 'SELECT '.$objectline->getFieldList('l'); - $sql .= ' FROM '.MAIN_DB_PREFIX.$objectline->table_element.' as l'; - $sql .= ' WHERE l.fk_'.$this->element.' = '.((int) $this->id); + $sql = "SELECT ".$objectline->getFieldList('l'); + $sql .= " FROM ".MAIN_DB_PREFIX.$objectline->table_element." as l"; + $sql .= " WHERE l.fk_".$this->element." = ".((int) $this->id); if ($morewhere) { $sql .= $morewhere; } @@ -8973,7 +8973,7 @@ abstract class CommonObject if ($forcechilddeletion) { // Force also delete of childtables that should lock deletion in standard case when option force is off foreach ($this->childtables as $table) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table." WHERE ".$this->fk_element." = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -9022,7 +9022,7 @@ abstract class CommonObject } } else { // Delete record in child table - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table." WHERE ".$this->fk_element." = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -9100,7 +9100,7 @@ abstract class CommonObject $this->db->begin(); $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE '.$parentField.' = '.(int) $parentId; + $sql .= " WHERE ".$parentField." = ".(int) $parentId; $resql = $this->db->query($sql); if (!$resql) { @@ -9533,7 +9533,7 @@ abstract class CommonObject // Delete in database with mode 1 if ($mode == 1) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files_extrafields"; - $sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id).")"; + $sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? "" : "@".$this->module))."' AND src_object_id = ".((int) $this->id).")"; $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -9542,7 +9542,7 @@ abstract class CommonObject } $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files"; - $sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id); + $sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? "" : "@".$this->module))."' AND src_object_id = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); diff --git a/htdocs/core/class/commonobjectline.class.php b/htdocs/core/class/commonobjectline.class.php index f821e5050b1..6d5573b9d76 100644 --- a/htdocs/core/class/commonobjectline.class.php +++ b/htdocs/core/class/commonobjectline.class.php @@ -86,7 +86,7 @@ abstract class CommonObjectLine extends CommonObject $label_type = 'code'; } - $sql = 'select '.$label_type.', code from '.MAIN_DB_PREFIX.'c_units where rowid='.$this->fk_unit; + $sql = "SELECT ".$label_type.", code from ".MAIN_DB_PREFIX."c_units where rowid = ".((int) $this->fk_unit); $resql = $this->db->query($sql); if ($resql && $this->db->num_rows($resql) > 0) { $res = $this->db->fetch_array($resql); @@ -98,7 +98,7 @@ abstract class CommonObjectLine extends CommonObject $this->db->free($resql); return $label; } else { - $this->error = $this->db->error().' sql='.$sql; + $this->error = $this->db->lasterror(); dol_syslog(get_class($this)."::getLabelOfUnit Error ".$this->error, LOG_ERR); return -1; } diff --git a/htdocs/core/class/coreobject.class.php b/htdocs/core/class/coreobject.class.php index 150ace90875..33510186646 100644 --- a/htdocs/core/class/coreobject.class.php +++ b/htdocs/core/class/coreobject.class.php @@ -183,7 +183,7 @@ class CoreObject extends CommonObject $this->{$className} = array(); - $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$childTable.' WHERE '.$this->fk_element.' = '.((int) $this->id); + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX.$childTable." WHERE ".$this->fk_element." = ".((int) $this->id); $res = $this->db->query($sql); if ($res) { diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 07c6a509815..46789352bd7 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -516,10 +516,10 @@ class DiscountAbsolute $sql .= " AND rc.fk_user = ".((int) $user->id); } if ($filter) { - $sql .= ' AND ('.$filter.')'; + $sql .= " AND (".$filter.")"; } if ($maxvalue) { - $sql .= ' AND rc.amount_ttc <= '.price2num($maxvalue); + $sql .= ' AND rc.amount_ttc <= '.((float) price2num($maxvalue)); } $resql = $this->db->query($sql); @@ -555,12 +555,12 @@ class DiscountAbsolute if ($invoice->element == 'facture' || $invoice->element == 'invoice') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f'; - $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$invoice->id; + $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.((int) $invoice->id); $sql .= ' AND f.type = 3'; } elseif ($invoice->element == 'invoice_supplier') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f'; - $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$invoice->id; + $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.((int) $invoice->id); $sql .= ' AND f.type = 3'; } else { $this->error = get_class($this)."::getSumDepositsUsed was called with a bad object as a first parameter"; @@ -596,13 +596,13 @@ class DiscountAbsolute if ($invoice->element == 'facture' || $invoice->element == 'invoice') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f'; - $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$invoice->id; - $sql .= ' AND f.type IN ('.$this->db->sanitize($invoice::TYPE_STANDARD.', '.$invoice::TYPE_CREDIT_NOTE.', '.$invoice::TYPE_SITUATION).')'; // Find discount coming from credit note or excess received + $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.((int) $invoice->id); + $sql .= " AND f.type IN (".$this->db->sanitize($invoice::TYPE_STANDARD.", ".$invoice::TYPE_CREDIT_NOTE.", ".$invoice::TYPE_SITUATION).')'; // Find discount coming from credit note or excess received } elseif ($invoice->element == 'invoice_supplier') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f'; - $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$invoice->id; - $sql .= ' AND f.type IN ('.$this->db->sanitize($invoice::TYPE_STANDARD.', '.$invoice::TYPE_CREDIT_NOTE).')'; // Find discount coming from credit note or excess paid + $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.((int) $invoice->id); + $sql .= " AND f.type IN (".$this->db->sanitize($invoice::TYPE_STANDARD.", ".$invoice::TYPE_CREDIT_NOTE).')'; // Find discount coming from credit note or excess paid } else { $this->error = get_class($this)."::getSumCreditNotesUsed was called with a bad object as a first parameter"; dol_print_error($this->error); @@ -636,11 +636,11 @@ class DiscountAbsolute if ($invoice->element == 'facture' || $invoice->element == 'invoice') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc'; - $sql .= ' WHERE rc.fk_facture IS NULL AND rc.fk_facture_source = '.$invoice->id; + $sql .= ' WHERE rc.fk_facture IS NULL AND rc.fk_facture_source = '.((int) $invoice->id); } elseif ($invoice->element == 'invoice_supplier') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc'; - $sql .= ' WHERE rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_source = '.$invoice->id; + $sql .= ' WHERE rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_source = '.((int) $invoice->id); } else { $this->error = get_class($this)."::getSumCreditNotesUsed was called with a bad object as a first parameter"; dol_print_error($this->error); diff --git a/htdocs/core/class/dolreceiptprinter.class.php b/htdocs/core/class/dolreceiptprinter.class.php index a3ddb3d7c7f..9813876c031 100644 --- a/htdocs/core/class/dolreceiptprinter.class.php +++ b/htdocs/core/class/dolreceiptprinter.class.php @@ -867,7 +867,7 @@ class dolReceiptPrinter extends Printer $error = 0; $sql = 'SELECT template'; $sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt_template'; - $sql .= ' WHERE rowid='.$templateid; + $sql .= ' WHERE rowid = '.((int) $templateid); $sql .= ' AND entity = '.$conf->entity; $resql = $this->db->query($sql); if ($resql) { @@ -905,7 +905,7 @@ class dolReceiptPrinter extends Printer $sql = 'SELECT rowid, name, fk_type, fk_profile, parameter'; $sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt'; $sql .= ' WHERE rowid = '.((int) $printerid); - $sql .= ' AND entity = '.$conf->entity; + $sql .= ' AND entity = '.((int) $conf->entity); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_array($resql); diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index f6a5ba93d61..4e4a199600f 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1273,16 +1273,16 @@ class ExtraFields //We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra') !== false) { $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4]; + $sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; } else { - $sqlwhere .= ' WHERE '.$InfoFieldList[4]; + $sqlwhere .= " WHERE ".$InfoFieldList[4]; } } else { $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. if (in_array($InfoFieldList[0], array('tablewithentity'))) { - $sqlwhere .= ' AND entity = '.$conf->entity; + $sqlwhere .= ' AND entity = '.((int) $conf->entity); } $sql .= $sqlwhere; //print $sql; @@ -1485,16 +1485,16 @@ class ExtraFields // We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra.') !== false) { $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4]; + $sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; } else { - $sqlwhere .= ' WHERE '.$InfoFieldList[4]; + $sqlwhere .= " WHERE ".$InfoFieldList[4]; } } else { $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. if (in_array($InfoFieldList[0], array('tablewithentity'))) { - $sqlwhere .= ' AND entity = '.$conf->entity; + $sqlwhere .= " AND entity = ".((int) $conf->entity); } // $sql.=preg_replace('/^ AND /','',$sqlwhere); // print $sql; diff --git a/htdocs/core/class/hookmanager.class.php b/htdocs/core/class/hookmanager.class.php index 345de3f5be5..d243e67697b 100644 --- a/htdocs/core/class/hookmanager.class.php +++ b/htdocs/core/class/hookmanager.class.php @@ -172,6 +172,7 @@ class HookManager 'addSearchEntry', 'addStatisticLine', 'addSectionECMAuto', + 'checkSecureAccess', 'createDictionaryFieldlist', 'editDictionaryFieldlist', 'getFormMail', diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 8f3c92a3c43..74f6ed83ee2 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -2565,7 +2565,7 @@ class Form $sql .= ')'; } if (count($warehouseStatusArray)) { - $sql .= ' GROUP BY'.$selectFields; + $sql .= " GROUP BY ".$selectFields; } //Sort by category @@ -6988,7 +6988,7 @@ class Form if (isset($objecttmp->ismultientitymanaged)) { if (!is_numeric($objecttmp->ismultientitymanaged)) { $tmparray = explode('@', $objecttmp->ismultientitymanaged); - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$tmparray[1].' as parenttable ON parenttable.rowid = t.'.$tmparray[0]; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$tmparray[1]." as parenttable ON parenttable.rowid = t.".$tmparray[0]; } if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') { if (!$user->rights->societe->client->voir && !$user->socid) { @@ -7009,7 +7009,7 @@ class Form $sql .= " AND t.entity IN (".getEntity($objecttmp->table_element).")"; } if (!is_numeric($objecttmp->ismultientitymanaged)) { - $sql .= ' AND parenttable.entity = t.'.$tmparray[0]; + $sql .= " AND parenttable.entity = t.".$tmparray[0]; } if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) { if ($objecttmp->element == 'societe') { diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 3dc2743adf1..f5b13671a44 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -601,7 +601,7 @@ class FormMail extends Form // Add also email aliases from the c_email_senderprofile table $sql = 'SELECT rowid, label, email FROM '.MAIN_DB_PREFIX.'c_email_senderprofile'; - $sql .= ' WHERE active = 1 AND (private = 0 OR private = '.$user->id.')'; + $sql .= ' WHERE active = 1 AND (private = 0 OR private = '.((int) $user->id).')'; $sql .= ' ORDER BY position'; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index 5371d917022..fd89a00a810 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -1088,11 +1088,11 @@ class Utils fwrite($handle, "/*!40000 ALTER TABLE `".$table."` DISABLE KEYS */;\n"); } - $sql = 'SELECT * FROM '.$table; // Here SELECT * is allowed because we don't have definition of columns to take + $sql = "SELECT * FROM ".$table; // Here SELECT * is allowed because we don't have definition of columns to take $result = $db->query($sql); while ($row = $db->fetch_row($result)) { // For each row of data we print a line of INSERT - fwrite($handle, 'INSERT '.$delayed.$ignore.'INTO `'.$table.'` VALUES ('); + fwrite($handle, "INSERT ".$delayed.$ignore."INTO ".$table." VALUES ("); $columns = count($row); for ($j = 0; $j < $columns; $j++) { // Processing each columns of the row to ensure that we correctly save the value (eg: add quotes for string - in fact we add quotes for everything, it's easier) diff --git a/htdocs/core/class/validate.class.php b/htdocs/core/class/validate.class.php index 1738034545d..61b8931179e 100644 --- a/htdocs/core/class/validate.class.php +++ b/htdocs/core/class/validate.class.php @@ -263,7 +263,7 @@ class Validate } foreach ($value_arr as $val) { - $sql = 'SELECT ' . $col . ' FROM ' . MAIN_DB_PREFIX . $table . " WHERE " . $col ." = '" . $this->db->escape($val) . "'"; // nore quick than count(*) to check existing of a row + $sql = "SELECT ".$col." FROM ".MAIN_DB_PREFIX.$table." WHERE ".$col." = '".$this->db->escape($val)."'"; // nore quick than count(*) to check existing of a row $resql = $this->db->getRow($sql); if ($resql) { continue; diff --git a/htdocs/core/customreports.php b/htdocs/core/customreports.php index ca6e61e3b1c..3693b52cc74 100644 --- a/htdocs/core/customreports.php +++ b/htdocs/core/customreports.php @@ -239,13 +239,14 @@ if (is_array($search_groupby) && count($search_groupby)) { $fieldtocount = $search_groupby[$gkey]; } - $sql = 'SELECT DISTINCT '.$fieldtocount.' as val'; + $sql = "SELECT DISTINCT ".$fieldtocount." as val"; if (strpos($fieldtocount, 'te.') === 0) { $sql .= ' FROM '.MAIN_DB_PREFIX.$object->table_element.'_extrafields as te'; } else { $sql .= ' FROM '.MAIN_DB_PREFIX.$object->table_element.' as t'; } // TODO Add the where here + // ... $sql .= ' LIMIT '.($MAXUNIQUEVALFORGROUP + 1); @@ -469,60 +470,60 @@ if (!empty($search_measures) && !empty($search_xaxis)) { foreach ($search_xaxis as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y') as x_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y') as x_".$key.', '; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m') as x_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m') as x_".$key.', '; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d') as x_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d') as x_".$key.', '; } else { - $sql .= $val.' as x_'.$key.', '; + $sql .= $val." as x_".$key.", "; } } foreach ($search_groupby as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y') as g_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y') as g_".$key.', '; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m') as g_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m') as g_".$key.', '; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d') as g_".$key.', '; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d') as g_".$key.', '; } else { - $sql .= $val.' as g_'.$key.', '; + $sql .= $val." as g_".$key.", "; } } foreach ($search_measures as $key => $val) { if ($val == 't.count') { - $sql .= 'COUNT(t.'.$fieldid.') as y_'.$key.', '; + $sql .= "COUNT(t.".$fieldid.") as y_".$key.', '; } elseif (preg_match('/\-sum$/', $val)) { $tmpval = preg_replace('/\-sum$/', '', $val); - $sql .= 'SUM('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', '; + $sql .= "SUM(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", "; } elseif (preg_match('/\-average$/', $val)) { $tmpval = preg_replace('/\-average$/', '', $val); - $sql .= 'AVG('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', '; + $sql .= "AVG(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", "; } elseif (preg_match('/\-min$/', $val)) { $tmpval = preg_replace('/\-min$/', '', $val); - $sql .= 'MIN('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', '; + $sql .= "MIN(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", "; } elseif (preg_match('/\-max$/', $val)) { $tmpval = preg_replace('/\-max$/', '', $val); - $sql .= 'MAX('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', '; + $sql .= "MAX(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", "; } } $sql = preg_replace('/,\s*$/', '', $sql); $sql .= ' FROM '.MAIN_DB_PREFIX.$object->table_element.' as t'; // Add measure from extrafields if ($object->isextrafieldmanaged) { - $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.$object->table_element.'_extrafields as te ON te.fk_object = t.'.$fieldid; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as te ON te.fk_object = t.".$fieldid; } if ($object->ismultientitymanaged) { if ($object->ismultientitymanaged == 1) { // Nothing here } else { $tmparray = explode('@', $object->ismultientitymanaged); - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$tmparray[1].' as parenttable ON t.'.$tmparray[0].' = parenttable.rowid'; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$tmparray[1]." as parenttable ON t.".$tmparray[0]." = parenttable.rowid"; $sql .= ' AND parenttable.entity IN ('.getEntity($tmparray[1]).')'; } } @@ -537,27 +538,27 @@ if (!empty($search_measures) && !empty($search_xaxis)) { foreach ($search_xaxis as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y'), "; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), "; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), "; } else { - $sql .= $val.', '; + $sql .= $val.", "; } } foreach ($search_groupby as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y'), "; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), "; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), "; } else { $sql .= $val.', '; } @@ -567,13 +568,13 @@ if (!empty($search_measures) && !empty($search_xaxis)) { foreach ($search_xaxis as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y'), "; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), "; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), "; } else { $sql .= $val.', '; } @@ -581,13 +582,13 @@ if (!empty($search_measures) && !empty($search_xaxis)) { foreach ($search_groupby as $key => $val) { if (preg_match('/\-year$/', $val)) { $tmpval = preg_replace('/\-year$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y'), "; } elseif (preg_match('/\-month$/', $val)) { $tmpval = preg_replace('/\-month$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), "; } elseif (preg_match('/\-day$/', $val)) { $tmpval = preg_replace('/\-day$/', '', $val); - $sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), "; + $sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), "; } else { $sql .= $val.', '; } diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 6e9a4f54db6..55d5f18dd00 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -905,7 +905,7 @@ class DoliDBPgsql extends DoliDB // Test charset match LC_TYPE (pgsql error otherwise) //print $charset.' '.setlocale(LC_CTYPE,'0'); exit; - $sql = 'CREATE DATABASE "'.$database.'" OWNER "'.$owner.'" ENCODING \''.$charset.'\''; + $sql = "CREATE DATABASE '".$this->escape($database)."' OWNER '".$this->escape($owner)."' ENCODING '".$this->escape($charset)."'"; dol_syslog($sql, LOG_DEBUG); $ret = $this->query($sql); return $ret; diff --git a/htdocs/core/db/sqlite3.class.php b/htdocs/core/db/sqlite3.class.php index 53bcb6806dc..072d5f0c4b3 100644 --- a/htdocs/core/db/sqlite3.class.php +++ b/htdocs/core/db/sqlite3.class.php @@ -421,7 +421,7 @@ class DoliDBSqlite3 extends DoliDB $descTable = $this->db->querySingle("SELECT sql FROM sqlite_master WHERE name='".$this->escape($tablename)."'"); // 1- Renommer la table avec un nom temporaire - $this->query('ALTER TABLE '.$tablename.' RENAME TO tmp_'.$tablename); + $this->query("ALTER TABLE ".$tablename." RENAME TO tmp_".$tablename); // 2- Recréer la table avec la contrainte ajoutée @@ -436,10 +436,10 @@ class DoliDBSqlite3 extends DoliDB $this->query($descTable); // 3- Transférer les données - $this->query('INSERT INTO '.$tablename.' SELECT * FROM tmp_'.$tablename); + $this->query("INSERT INTO ".$tablename." SELECT * FROM tmp_".$tablename); // 4- Supprimer la table temporaire - $this->query('DROP TABLE tmp_'.$tablename); + $this->query("DROP TABLE tmp_".$tablename); // dummy statement $query = "SELECT 0"; @@ -840,17 +840,12 @@ class DoliDBSqlite3 extends DoliDB } // ALTER DATABASE dolibarr_db DEFAULT CHARACTER SET latin DEFAULT COLLATE latin1_swedish_ci - $sql = 'CREATE DATABASE '.$database; - $sql .= ' DEFAULT CHARACTER SET '.$charset.' DEFAULT COLLATE '.$collation; + $sql = "CREATE DATABASE ".$this->escape($database); + $sql .= " DEFAULT CHARACTER SET ".$this->escape($charset)." DEFAULT COLLATE ".$this->escape($collation); dol_syslog($sql, LOG_DEBUG); $ret = $this->query($sql); - if (!$ret) { - // We try again for compatibility with Mysql < 4.1.1 - $sql = 'CREATE DATABASE '.$database; - $ret = $this->query($sql); - dol_syslog($sql, LOG_DEBUG); - } + return $ret; } diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 3df3e7ee182..531af9017b3 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -306,8 +306,8 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle // with // 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401 + 200100000, 'PCG99-ABREGE','CAPIT', '1234', 1400 + 200100000,...' // Note: string with 'PCG99-ABREGE','CAPIT', 1234 instead of 'PCG99-ABREGE','CAPIT', '1234' is also supported - $newsql = preg_replace('/VALUES\s*\(__ENTITY__, \s*(\d+)\s*,(\s*\'[^\',]*\'\s*,\s*\'[^\',]*\'\s*,\s*\'?[^\',]*\'?\s*),\s*\'?([^\',]*)\'?/ims', 'VALUES (__ENTITY__, \1 + '.$offsetforchartofaccount.', \2, \3 + '.$offsetforchartofaccount, $newsql); - $newsql = preg_replace('/([,\s])0 \+ '.$offsetforchartofaccount.'/ims', '\1 0', $newsql); + $newsql = preg_replace('/VALUES\s*\(__ENTITY__, \s*(\d+)\s*,(\s*\'[^\',]*\'\s*,\s*\'[^\',]*\'\s*,\s*\'?[^\',]*\'?\s*),\s*\'?([^\',]*)\'?/ims', 'VALUES (__ENTITY__, \1 + '.((int) $offsetforchartofaccount).', \2, \3 + '.((int) $offsetforchartofaccount), $newsql); + $newsql = preg_replace('/([,\s])0 \+ '.((int) $offsetforchartofaccount).'/ims', '\1 0', $newsql); //var_dump($newsql); $arraysql[$i] = $newsql; diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 8806bcc8b92..7a10d2d4ff8 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1526,7 +1526,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin } } elseif (is_object($filterobj) && is_array($filterobj->fields) && is_array($filterobj->fields['rowid']) && is_array($filterobj->fields['ref']) && $filterobj->table_element && $filterobj->element) { // Generic case - $sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? '@'.$module : '')."'"; + $sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? "@".$module : "")."'"; if ($filterobj->id) { $sql .= " AND a.fk_element = ".((int) $filterobj->id); } diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index ba4b115e830..350c2334915 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2945,25 +2945,6 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $sqlprotectagainstexternals = $hookmanager->resArray['sqlprotectagainstexternals']; } } - - /* - // For modules who wants to manage different levels of permissions for documents - $subPermCategoryConstName = strtoupper($modulepart).'_SUBPERMCATEGORY_FOR_DOCUMENTS'; - if (!empty($conf->global->$subPermCategoryConstName)) { - $subPermCategory = $conf->global->$subPermCategoryConstName; - if (!empty($subPermCategory) && (($fuser->rights->$modulepart->$subPermCategory->{$lire}) || ($fuser->rights->$modulepart->$subPermCategory->{$read}) || ($fuser->rights->$modulepart->$subPermCategory->{$download}))) { - $accessallowed = 1; - } - } - - // Define $sqlprotectagainstexternals for modules who want to protect access using a SQL query. - $sqlProtectConstName = strtoupper($modulepart).'_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS'; - if (!empty($conf->global->$sqlProtectConstName)) { // If module want to define its own $sqlprotectagainstexternals - // Example: mymodule_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS = "SELECT fk_soc FROM ".MAIN_DB_PREFIX.$modulepart." WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; - // TODO Replace this with a hook - eval('$sqlprotectagainstexternals = "'.$conf->global->$sqlProtectConstName.'";'); - } - */ } $ret = array( diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index 1f797c67d1b..e3337c4266f 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -239,7 +239,7 @@ function getCustomerInvoicePieChart($socid = 0) $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture').")"; if ($user->socid) { - $sql .= ' AND f.fk_soc = '.$user->socid; + $sql .= ' AND f.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); @@ -359,7 +359,7 @@ function getPurchaseInvoicePieChart($socid = 0) $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; if ($user->socid) { - $sql .= ' AND f.fk_soc = '.$user->socid; + $sql .= ' AND f.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); diff --git a/htdocs/core/lib/order.lib.php b/htdocs/core/lib/order.lib.php index 6dcb40e1cc7..f264eadaf58 100644 --- a/htdocs/core/lib/order.lib.php +++ b/htdocs/core/lib/order.lib.php @@ -205,7 +205,7 @@ function getCustomerOrderPieChart($socid = 0) $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('societe').")"; if ($user->socid) { - $sql .= ' AND c.fk_soc = '.$user->socid; + $sql .= ' AND c.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); diff --git a/htdocs/core/lib/propal.lib.php b/htdocs/core/lib/propal.lib.php index f7dc3970dcb..038ab2a7911 100644 --- a/htdocs/core/lib/propal.lib.php +++ b/htdocs/core/lib/propal.lib.php @@ -184,7 +184,7 @@ function getCustomerProposalPieChart($socid = 0) $sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND p.fk_soc = s.rowid"; if ($user->socid) { - $sql .= ' AND p.fk_soc = '.$user->socid; + $sql .= ' AND p.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); diff --git a/htdocs/core/modules/modFournisseur.class.php b/htdocs/core/modules/modFournisseur.class.php index baa983fc7cf..a36f219007b 100644 --- a/htdocs/core/modules/modFournisseur.class.php +++ b/htdocs/core/modules/modFournisseur.class.php @@ -353,7 +353,7 @@ class modFournisseur extends DolibarrModules $this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid AND f.rowid = fd.fk_facture_fourn'; $this->export_sql_end[$r] .= ' AND f.entity IN ('.getEntity('supplier_invoice').')'; if (is_object($user) && empty($user->rights->societe->client->voir)) { - $this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id; + $this->export_sql_end[$r] .= ' AND sc.fk_user = '.((int) $user->id); } $r++; @@ -417,7 +417,7 @@ class modFournisseur extends DolibarrModules $this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid'; $this->export_sql_end[$r] .= ' AND f.entity IN ('.getEntity('supplier_invoice').')'; if (is_object($user) && empty($user->rights->societe->client->voir)) { - $this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id; + $this->export_sql_end[$r] .= ' AND sc.fk_user = '.((int) $user->id); } // Order @@ -493,7 +493,7 @@ class modFournisseur extends DolibarrModules $this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid AND f.rowid = fd.fk_commande'; $this->export_sql_end[$r] .= ' AND f.entity IN ('.getEntity('supplier_order').')'; if (is_object($user) && empty($user->rights->societe->client->voir)) { - $this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id; + $this->export_sql_end[$r] .= ' AND sc.fk_user = '.((int) $user->id); } //Import Supplier Invoice diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index af4fb9e64b8..eed6871c465 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -340,7 +340,7 @@ class modSociete extends DolibarrModules $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as incoterm ON s.fk_incoterms = incoterm.rowid'; $this->export_sql_end[$r] .= ' WHERE s.entity IN ('.getEntity('societe').')'; if (is_object($user) && empty($user->rights->societe->client->voir)) { - $this->export_sql_end[$r] .= ' AND (sc.fk_user = '.$user->id.' '; + $this->export_sql_end[$r] .= ' AND (sc.fk_user = '.((int) $user->id).' '; if (!empty($conf->global->SOCIETE_EXPORT_SUBORDINATES_CHILDS)) { $subordinatesids = $user->getAllChildIds(); $this->export_sql_end[$r] .= count($subordinatesids) > 0 ? ' OR (sc.fk_user IN ('.$this->db->sanitize(implode(',', $subordinatesids)).')' : ''; @@ -410,7 +410,7 @@ class modSociete extends DolibarrModules $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_typent as t ON s.fk_typent = t.id'; $this->export_sql_end[$r] .= ' WHERE c.entity IN ('.getEntity('socpeople').')'; if (is_object($user) && empty($user->rights->societe->client->voir)) { - $this->export_sql_end[$r] .= ' AND (sc.fk_user = '.$user->id.' '; + $this->export_sql_end[$r] .= ' AND (sc.fk_user = '.((int) $user->id).' '; if (!empty($conf->global->SOCIETE_EXPORT_SUBORDINATES_CHILDS)) { $subordinatesids = $user->getAllChildIds(); $this->export_sql_end[$r] .= count($subordinatesids) > 0 ? ' OR (sc.fk_user IN ('.$this->db->sanitize(implode(',', $subordinatesids)).')' : ''; diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 22f29bb1d9e..fdbd1e5ab55 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -2525,7 +2525,7 @@ class ExpenseReport extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.((int) $this->id); + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSumPayments", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/fichinter/index.php b/htdocs/fichinter/index.php index 8513238b385..8eca043ef40 100644 --- a/htdocs/fichinter/index.php +++ b/htdocs/fichinter/index.php @@ -80,7 +80,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE f.entity IN (".getEntity('intervention').")"; $sql .= " AND f.fk_soc = s.rowid"; if ($user->socid) { - $sql .= ' AND f.fk_soc = '.$user->socid; + $sql .= ' AND f.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index b97bf5485fa..eab1d445558 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -2411,7 +2411,7 @@ class FactureFournisseur extends CommonInvoice $sql .= ' AND ff.fk_statut > 0'; $sql .= " AND ff.entity = ".$conf->entity; if ($user->socid) { - $sql .= ' AND ff.fk_soc = '.$user->socid; + $sql .= ' AND ff.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index 866063382bb..b4956ea706f 100644 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -73,7 +73,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE cf.fk_soc = s.rowid"; $sql .= " AND cf.entity IN (".getEntity('supplier_order').")"; if ($user->socid) { - $sql .= ' AND cf.fk_soc = '.$user->socid; + $sql .= ' AND cf.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); diff --git a/htdocs/fourn/paiement/list.php b/htdocs/fourn/paiement/list.php index f02c872fb0e..8534ad8bac1 100644 --- a/htdocs/fourn/paiement/list.php +++ b/htdocs/fourn/paiement/list.php @@ -192,7 +192,7 @@ if (!$user->rights->societe->client->voir) { $sql .= ' WHERE f.entity = '.$conf->entity; if (!$user->rights->societe->client->voir) { - $sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.$user->id; + $sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.((int) $user->id); } if ($socid > 0) { $sql .= ' AND f.fk_soc = '.((int) $socid); diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index ffd745e263f..0ec7786fc20 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -651,7 +651,7 @@ class Loan extends CommonObject $sql = 'SELECT sum(amount_capital) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.((int) $this->id); + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSumPayment", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/stock/replenishorders.php b/htdocs/product/stock/replenishorders.php index 17490e330bb..01a7e2dd1a3 100644 --- a/htdocs/product/stock/replenishorders.php +++ b/htdocs/product/stock/replenishorders.php @@ -135,7 +135,7 @@ if ($conf->global->STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER) { $sql .= ' AND cf.fk_statut < 5'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.$user->id; + $sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.((int) $user->id); } if ($sref) { $sql .= natural_search('cf.ref', $sref); diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index c434e73ec08..8fdd741efee 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -570,7 +570,7 @@ class Salary extends CommonObject $sql = 'SELECT sum(amount) as amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE '.$field.' = '.((int) $this->id); + $sql .= " WHERE ".$field." = ".((int) $this->id); dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/supplier_proposal/index.php b/htdocs/supplier_proposal/index.php index 45501ed9b2b..ac937fe480d 100644 --- a/htdocs/supplier_proposal/index.php +++ b/htdocs/supplier_proposal/index.php @@ -72,7 +72,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; if ($user->socid) { - $sql .= ' AND p.fk_soc = '.$user->socid; + $sql .= ' AND p.fk_soc = '.((int) $user->socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); From 29abbbe2fb67ad8fe406fb67b410f64c23e39e4e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 01:45:53 +0200 Subject: [PATCH 139/215] Clean code --- .../accountancy/class/bookkeeping.class.php | 14 ++++---- htdocs/core/class/cproductnature.class.php | 8 ++--- htdocs/core/class/ctyperesource.class.php | 5 +-- htdocs/core/class/cunits.class.php | 8 ++--- htdocs/core/class/defaultvalues.class.php | 10 +++--- htdocs/core/lib/functions.lib.php | 12 +++---- htdocs/core/lib/functions2.lib.php | 12 +++---- htdocs/core/lib/ticket.lib.php | 4 +-- htdocs/core/lib/website2.lib.php | 2 +- htdocs/core/login/functions_dolibarr.php | 18 +++++----- .../modules/import/import_csv.modules.php | 34 +++++++++---------- .../modules/import/import_xlsx.modules.php | 32 ++++++++--------- .../modules/mailings/modules_mailings.php | 2 +- .../modules/printing/printipp.modules.php | 2 +- .../tpl/extrafields_list_search_sql.tpl.php | 6 ++-- htdocs/cron/class/cronjob.class.php | 4 +-- htdocs/cron/list.php | 4 +-- htdocs/dav/dav.class.php | 6 ++-- htdocs/ecm/class/ecmfiles.class.php | 12 +++---- .../class/conferenceorbooth.class.php | 6 ++-- .../class/conferenceorboothattendee.class.php | 2 +- .../conferenceorbooth_list.php | 2 +- .../class/expensereport.class.php | 26 +++++++------- .../class/expensereport_rule.class.php | 4 +-- .../class/expensereportstats.class.php | 14 ++++---- htdocs/exports/class/export.class.php | 8 ++--- htdocs/fichinter/class/fichinter.class.php | 4 +-- .../fournisseur.commande.dispatch.class.php | 8 ++--- .../class/productcustomerprice.class.php | 16 ++++----- .../class/productstockentrepot.class.php | 2 +- htdocs/public/recruitment/index.php | 8 ++--- htdocs/public/ticket/list.php | 8 ++--- htdocs/resource/class/dolresource.class.php | 12 +++---- htdocs/ticket/class/ticket.class.php | 8 ++--- htdocs/website/class/website.class.php | 2 +- htdocs/website/class/websitepage.class.php | 14 ++++---- 36 files changed, 168 insertions(+), 171 deletions(-) diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index acdce0229d0..e1a54edf3cd 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -1137,17 +1137,17 @@ class BookKeeping extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.doc_date') { - $sqlwhere[] = $key.'=\''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 't.doc_date>=' || $key == 't.doc_date<=') { - $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; + $sqlwhere[] = $key."'".$this->db->idate($value)."'"; } elseif ($key == 't.numero_compte>=' || $key == 't.numero_compte<=' || $key == 't.subledger_account>=' || $key == 't.subledger_account<=') { - $sqlwhere[] = $key.'\''.$this->db->escape($value).'\''; + $sqlwhere[] = $key."'".$this->db->escape($value)."'"; } elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif ($key == 't.subledger_account' || $key == 't.numero_compte') { - $sqlwhere[] = $key.' LIKE \''.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '".$this->db->escape($value)."%'"; } elseif ($key == 't.subledger_label') { - $sqlwhere[] = $key.' LIKE \''.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '".$this->db->escape($value)."%'"; } elseif ($key == 't.code_journal' && !empty($value)) { if (is_array($value)) { $sqlwhere[] = natural_search("t.code_journal", join(',', $value), 3, 1); @@ -1155,7 +1155,7 @@ class BookKeeping extends CommonObject $sqlwhere[] = natural_search("t.code_journal", $value, 3, 1); } } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/core/class/cproductnature.class.php b/htdocs/core/class/cproductnature.class.php index cd2114d4929..2f523d4cda7 100644 --- a/htdocs/core/class/cproductnature.class.php +++ b/htdocs/core/class/cproductnature.class.php @@ -208,13 +208,13 @@ class CProductNature // extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || $key == 't.active' || $key == 't.code') { - $sqlwhere[] = $key.'='.(int) $value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 't.label') { - $sqlwhere[] = $key.' = \''.$this->db->escape($value).'\''; + $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/core/class/ctyperesource.class.php b/htdocs/core/class/ctyperesource.class.php index c286418caab..5b22e4e2033 100644 --- a/htdocs/core/class/ctyperesource.class.php +++ b/htdocs/core/class/ctyperesource.class.php @@ -230,19 +230,16 @@ class Ctyperesource $sql = 'SELECT'; $sql .= ' t.rowid,'; - $sql .= " t.code,"; $sql .= " t.label,"; $sql .= " t.active"; - - $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; // Manage filter $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { - $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere [] = $key." LIKE '%".$this->db->escape($value)."%'"; } } diff --git a/htdocs/core/class/cunits.class.php b/htdocs/core/class/cunits.class.php index 536a596d2f1..6fd9b7a05cf 100644 --- a/htdocs/core/class/cunits.class.php +++ b/htdocs/core/class/cunits.class.php @@ -251,13 +251,13 @@ class CUnits // extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || $key == 't.active' || $key == 't.scale') { - $sqlwhere[] = $key.'='.(int) $value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 't.unit_type' || $key == 't.code' || $key == 't.short_label') { - $sqlwhere[] = $key.' = \''.$this->db->escape($value).'\''; + $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/core/class/defaultvalues.class.php b/htdocs/core/class/defaultvalues.class.php index 165ba87c45d..bad30901594 100644 --- a/htdocs/core/class/defaultvalues.class.php +++ b/htdocs/core/class/defaultvalues.class.php @@ -264,17 +264,17 @@ class DefaultValues extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || ($key == 't.entity' && !is_array($value)) || ($key == 't.user_id' && !is_array($value))) { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (isset($this->fields[$key]) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 't.page' || $key == 't.param' || $key == 't.type') { - $sqlwhere[] = $key.' = \''.$this->db->escape($value).'\''; + $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (is_array($value)) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize(implode(',', $value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize(implode(',', $value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index ea245e82487..5d961bf36fc 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -8900,10 +8900,10 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0) foreach ($tmparray as $val) { $val = trim($val); if ($val) { - $newres .= ($i2 > 0 ? ' OR (' : '(').$field.' LIKE \''.$db->escape($val).',%\''; - $newres .= ' OR '.$field.' = \''.$db->escape($val).'\''; - $newres .= ' OR '.$field.' LIKE \'%,'.$db->escape($val).'\''; - $newres .= ' OR '.$field.' LIKE \'%,'.$db->escape($val).',%\''; + $newres .= ($i2 > 0 ? " OR (" : "(").$field." LIKE '".$db->escape($val).",%'"; + $newres .= ' OR '.$field." = '".$db->escape($val)."'"; + $newres .= ' OR '.$field." LIKE '%,".$db->escape($val)."'"; + $newres .= ' OR '.$field." LIKE '%,".$db->escape($val).",%'"; $newres .= ')'; $i2++; } @@ -8942,7 +8942,7 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0) $newres .= $tmpafter; $newres .= "'"; if ($tmpcrit2 == '') { - $newres .= ' OR '.$field." IS NULL"; + $newres .= " OR ".$field." IS NULL"; } } @@ -9538,7 +9538,7 @@ function getDictvalue($tablename, $field, $id, $checkentity = false, $rowidfield if (!isset($dictvalues[$tablename])) { $dictvalues[$tablename] = array(); - $sql = 'SELECT * FROM '.$tablename.' WHERE 1 = 1'; // Here select * is allowed as it is generic code and we don't have list of fields + $sql = "SELECT * FROM ".$tablename." WHERE 1 = 1"; // Here select * is allowed as it is generic code and we don't have list of fields if ($checkentity) { $sql .= ' AND entity IN (0,'.getEntity($tablename).')'; } diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index f89156b24e1..5ea704881e3 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -1235,7 +1235,7 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ $sqlwhere .= "(SUBSTRING(".$field.", ".$yearpos.", ".$yearlen.") = '".$db->escape($yearcomp)."'"; $sqlwhere .= " AND SUBSTRING(".$field.", ".$monthpos.", ".$monthlen.") = '".str_pad($monthcomp, $monthlen, '0', STR_PAD_LEFT)."')"; } else { // reset is done on january - $sqlwhere .= '(SUBSTRING('.$field.', '.$yearpos.', '.$yearlen.") = '".$db->escape($yearcomp)."')"; + $sqlwhere .= "(SUBSTRING(".$field.", ".$yearpos.", ".$yearlen.") = '".$db->escape($yearcomp)."')"; } } //print "sqlwhere=".$sqlwhere." yearcomp=".$yearcomp."
\n"; // sqlwhere and yearcomp defined only if we ask a reset @@ -1250,7 +1250,7 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ if ($posnumstart < 0) { return 'ErrorBadMaskFailedToLocatePosOfSequence'; } - $sqlstring = 'SUBSTRING('.$field.', '.($posnumstart + 1).', '.dol_strlen($maskcounter).')'; + $sqlstring = "SUBSTRING(".$field.", ".($posnumstart + 1).", ".dol_strlen($maskcounter).")"; // Define $maskLike $maskLike = dol_string_nospecial($mask); @@ -1291,7 +1291,7 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ $sql .= $where; } if ($sqlwhere) { - $sql .= ' AND '.$sqlwhere; + $sql .= " AND ".$sqlwhere; } //print $sql.'
'; @@ -1351,7 +1351,7 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ $sql .= $where; } if ($sqlwhere) { - $sql .= ' AND '.$sqlwhere; + $sql .= " AND ".$sqlwhere; } dol_syslog("functions2::get_next_value mode=".$mode."", LOG_DEBUG); @@ -1414,7 +1414,7 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ if ($sqlwhere) { $maskrefclient_sql .= ' AND '.$sqlwhere; //use the same sqlwhere as general mask } - $maskrefclient_sql .= ' AND (SUBSTRING('.$field.', '.(strpos($maskwithnocode, $maskrefclient) + 1).', '.dol_strlen($maskrefclient_maskclientcode).")='".$db->escape($maskrefclient_clientcode)."')"; + $maskrefclient_sql .= " AND (SUBSTRING(".$field.", ".(strpos($maskwithnocode, $maskrefclient) + 1).", ".dol_strlen($maskrefclient_maskclientcode).") = '".$db->escape($maskrefclient_clientcode)."')"; dol_syslog("functions2::get_next_value maskrefclient", LOG_DEBUG); $maskrefclient_resql = $db->query($maskrefclient_sql); @@ -2250,7 +2250,7 @@ function cleanCorruptedTree($db, $tabletocleantree, $fieldfkparent) $listofparentid = array(); // Get list of all id in array listofid and all parents in array listofparentid - $sql = 'SELECT rowid, '.$fieldfkparent.' as parent_id FROM '.MAIN_DB_PREFIX.$tabletocleantree; + $sql = "SELECT rowid, ".$fieldfkparent." as parent_id FROM ".MAIN_DB_PREFIX.$tabletocleantree; $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/core/lib/ticket.lib.php b/htdocs/core/lib/ticket.lib.php index ac3f80e00bc..9506984f4f3 100644 --- a/htdocs/core/lib/ticket.lib.php +++ b/htdocs/core/lib/ticket.lib.php @@ -958,8 +958,8 @@ function getTicketActionCommEcmList($object) $sql = 'SELECT ecm.rowid as id, ecm.src_object_type, ecm.src_object_id, ecm.filepath, ecm.filename'; $sql .= ' FROM '.MAIN_DB_PREFIX.'ecm_files ecm'; - $sql .= ' WHERE ecm.filepath = \'agenda/'.$object->id.'\''; - //$sql.= ' ecm.src_object_type = \''.$object->element.'\' AND ecm.src_object_id = '.((int) $object->id); // Actually upload file doesn't add type + $sql .= " WHERE ecm.filepath = 'agenda/".((int) $object->id)."'"; + //$sql.= " ecm.src_object_type = '".$db->escape($object->element)."' AND ecm.src_object_id = ".((int) $object->id); // Old version didn't add object_type during upload $sql .= ' ORDER BY ecm.position ASC'; $resql = $db->query($sql); diff --git a/htdocs/core/lib/website2.lib.php b/htdocs/core/lib/website2.lib.php index 721b908b9d1..c3d2ee92c37 100644 --- a/htdocs/core/lib/website2.lib.php +++ b/htdocs/core/lib/website2.lib.php @@ -223,7 +223,7 @@ function dolSavePageContent($filetpl, Website $object, WebsitePage $objectpage, } // Add "has translation pages" - $sql = 'SELECT rowid as id, lang, pageurl from '.MAIN_DB_PREFIX.'website_page where fk_page IN ('.$db->sanitize($objectpage->id.($translationof ? ', '.$translationof : '')).")"; + $sql = "SELECT rowid as id, lang, pageurl from ".MAIN_DB_PREFIX.'website_page where fk_page IN ('.$db->sanitize($objectpage->id.($translationof ? ", ".$translationof : '')).")"; $resql = $db->query($sql); if ($resql) { $num_rows = $db->num_rows($resql); diff --git a/htdocs/core/login/functions_dolibarr.php b/htdocs/core/login/functions_dolibarr.php index 6daea1f2c68..f102cd2f358 100644 --- a/htdocs/core/login/functions_dolibarr.php +++ b/htdocs/core/login/functions_dolibarr.php @@ -55,18 +55,18 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes $usernamecol2 = 'email'; $entitycol = 'entity'; - $sql = 'SELECT rowid, login, entity, pass, pass_crypted, datestartvalidity, dateendvalidity'; - $sql .= ' FROM '.$table; - $sql .= ' WHERE ('.$usernamecol1." = '".$db->escape($usertotest)."'"; + $sql = "SELECT rowid, login, entity, pass, pass_crypted, datestartvalidity, dateendvalidity"; + $sql .= " FROM ".$table; + $sql .= " WHERE (".$usernamecol1." = '".$db->escape($usertotest)."'"; if (preg_match('/@/', $usertotest)) { - $sql .= ' OR '.$usernamecol2." = '".$db->escape($usertotest)."'"; + $sql .= " OR ".$usernamecol2." = '".$db->escape($usertotest)."'"; } - $sql .= ') AND '.$entitycol." IN (0,".($entity ? $entity : 1).")"; - $sql .= ' AND statut = 1'; + $sql .= ") AND ".$entitycol." IN (0,".($entity ? ((int) $entity) : 1).")"; + $sql .= " AND statut = 1"; // Note: Test on validity is done later - // Required to firstly found the user into entity, then the superadmin. - // For the case (TODO we must avoid that) a user has renamed its login with same value than a user in entity 0. - $sql .= ' ORDER BY entity DESC'; + // Order is required to firstly found the user into entity, then the superadmin. + // For the case (TODO: we must avoid that) a user has renamed its login with same value than a user in entity 0. + $sql .= " ORDER BY entity DESC"; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/core/modules/import/import_csv.modules.php b/htdocs/core/modules/import/import_csv.modules.php index 6bec94d6130..184c99a95e7 100644 --- a/htdocs/core/modules/import/import_csv.modules.php +++ b/htdocs/core/modules/import/import_csv.modules.php @@ -720,7 +720,7 @@ class ImportCsv extends ModeleImports } if ($val == 'user->id') { $listfields[] = preg_replace('/^'.preg_quote($alias, '/').'\./', '', $key); - $listvalues[] = $user->id; + $listvalues[] = ((int) $user->id); } elseif (preg_match('/^lastrowid-/', $val)) { $tmp = explode('-', $val); $lastinsertid = (isset($last_insert_id_array[$tmp[1]])) ? $last_insert_id_array[$tmp[1]] : 0; @@ -731,7 +731,7 @@ class ImportCsv extends ModeleImports } elseif (preg_match('/^const-/', $val)) { $tmp = explode('-', $val, 2); $listfields[] = preg_replace('/^'.preg_quote($alias, '/').'\./', '', $key); - $listvalues[] = "'".$tmp[1]."'"; + $listvalues[] = "'".$this->db->escape($tmp[1])."'"; } else { $this->errors[$error]['lib'] = 'Bad value of profile setup '.$val.' for array_import_fieldshidden'; $this->errors[$error]['type'] = 'Import profile setup'; @@ -753,7 +753,7 @@ class ImportCsv extends ModeleImports // We do SELECT to get the rowid, if we already have the rowid, it's to be used below for related tables (extrafields) if (empty($lastinsertid)) { // No insert done yet for a parent table - $sqlSelect = 'SELECT rowid FROM '.$tablename; + $sqlSelect = "SELECT rowid FROM ".$tablename; $data = array_combine($listfields, $listvalues); $where = array(); @@ -764,7 +764,7 @@ class ImportCsv extends ModeleImports $where[] = $key.' = '.$data[$key]; $filters[] = $col.' = '.$data[$key]; } - $sqlSelect .= ' WHERE '.implode(' AND ', $where); + $sqlSelect .= " WHERE ".implode(' AND ', $where); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -791,12 +791,12 @@ class ImportCsv extends ModeleImports // a direct insert into subtable extrafields, but when me wake an update, the insertid is defined and the child record // may already exists. So we rescan the extrafield table to know if record exists or not for the rowid. // Note: For extrafield tablename, we have in importfieldshidden_array an enty 'extra.fk_object'=>'lastrowid-tableparent' so $keyfield is 'fk_object' - $sqlSelect = 'SELECT rowid FROM '.$tablename; + $sqlSelect = "SELECT rowid FROM ".$tablename; if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlSelect .= ' WHERE '.$keyfield.' = '.((int) $lastinsertid); + $sqlSelect .= " WHERE ".$keyfield.' = '.((int) $lastinsertid); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -818,19 +818,19 @@ class ImportCsv extends ModeleImports if (!empty($lastinsertid)) { // Build SQL UPDATE request - $sqlstart = 'UPDATE '.$tablename; + $sqlstart = "UPDATE ".$tablename; $data = array_combine($listfields, $listvalues); $set = array(); foreach ($data as $key => $val) { - $set[] = $key.' = '.$val; + $set[] = $key." = ".$val; } - $sqlstart .= ' SET '.implode(', ', $set); + $sqlstart .= " SET ".implode(', ', $set); if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlend = ' WHERE '.$keyfield.' = '.((int) $lastinsertid); + $sqlend = " WHERE ".$keyfield." = ".((int) $lastinsertid); $sql = $sqlstart.$sqlend; @@ -851,17 +851,17 @@ class ImportCsv extends ModeleImports // Update not done, we do insert if (!$error && !$updatedone) { // Build SQL INSERT request - $sqlstart = 'INSERT INTO '.$tablename.'('.implode(', ', $listfields).', import_key'; - $sqlend = ') VALUES('.implode(', ', $listvalues).", '".$this->db->escape($importid)."'"; + $sqlstart = "INSERT INTO ".$tablename."(".implode(", ", $listfields).", import_key"; + $sqlend = ") VALUES(".implode(', ', $listvalues).", '".$this->db->escape($importid)."'"; if (!empty($tablewithentity_cache[$tablename])) { - $sqlstart .= ', entity'; - $sqlend .= ', '.$conf->entity; + $sqlstart .= ", entity"; + $sqlend .= ", ".$conf->entity; } if (!empty($objimport->array_import_tables_creator[0][$alias])) { - $sqlstart .= ', '.$objimport->array_import_tables_creator[0][$alias]; - $sqlend .= ', '.$user->id; + $sqlstart .= ", ".$objimport->array_import_tables_creator[0][$alias]; + $sqlend .= ", ".$user->id; } - $sql = $sqlstart.$sqlend.')'; + $sql = $sqlstart.$sqlend.")"; //dol_syslog("import_csv.modules", LOG_DEBUG); // Run insert request diff --git a/htdocs/core/modules/import/import_xlsx.modules.php b/htdocs/core/modules/import/import_xlsx.modules.php index 0378180475d..aaca0d3bd77 100644 --- a/htdocs/core/modules/import/import_xlsx.modules.php +++ b/htdocs/core/modules/import/import_xlsx.modules.php @@ -761,7 +761,7 @@ class ImportXlsx extends ModeleImports } if ($val == 'user->id') { $listfields[] = preg_replace('/^' . preg_quote($alias, '/') . '\./', '', $key); - $listvalues[] = $user->id; + $listvalues[] = ((int) $user->id); } elseif (preg_match('/^lastrowid-/', $val)) { $tmp = explode('-', $val); $lastinsertid = (isset($last_insert_id_array[$tmp[1]])) ? $last_insert_id_array[$tmp[1]] : 0; @@ -772,7 +772,7 @@ class ImportXlsx extends ModeleImports } elseif (preg_match('/^const-/', $val)) { $tmp = explode('-', $val, 2); $listfields[] = preg_replace('/^' . preg_quote($alias, '/') . '\./', '', $key); - $listvalues[] = "'" . $tmp[1] . "'"; + $listvalues[] = "'" . $this->db->escape($tmp[1]) . "'"; } else { $this->errors[$error]['lib'] = 'Bad value of profile setup ' . $val . ' for array_import_fieldshidden'; $this->errors[$error]['type'] = 'Import profile setup'; @@ -793,7 +793,7 @@ class ImportXlsx extends ModeleImports // We do SELECT to get the rowid, if we already have the rowid, it's to be used below for related tables (extrafields) if (empty($lastinsertid)) { // No insert done yet for a parent table - $sqlSelect = 'SELECT rowid FROM ' . $tablename; + $sqlSelect = "SELECT rowid FROM " . $tablename; $data = array_combine($listfields, $listvalues); $where = array(); @@ -804,7 +804,7 @@ class ImportXlsx extends ModeleImports $where[] = $key . ' = ' . $data[$key]; $filters[] = $col . ' = ' . $data[$key]; } - $sqlSelect .= ' WHERE ' . implode(' AND ', $where); + $sqlSelect .= " WHERE " . implode(' AND ', $where); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -831,12 +831,12 @@ class ImportXlsx extends ModeleImports // a direct insert into subtable extrafields, but when me wake an update, the insertid is defined and the child record // may already exists. So we rescan the extrafield table to know if record exists or not for the rowid. // Note: For extrafield tablename, we have in importfieldshidden_array an enty 'extra.fk_object'=>'lastrowid-tableparent' so $keyfield is 'fk_object' - $sqlSelect = 'SELECT rowid FROM ' . $tablename; + $sqlSelect = "SELECT rowid FROM " . $tablename; if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlSelect .= ' WHERE ' . $keyfield . ' = ' .((int) $lastinsertid); + $sqlSelect .= "WHERE " . $keyfield . " = " .((int) $lastinsertid); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -858,19 +858,19 @@ class ImportXlsx extends ModeleImports if (!empty($lastinsertid)) { // Build SQL UPDATE request - $sqlstart = 'UPDATE ' . $tablename; + $sqlstart = "UPDATE " . $tablename; $data = array_combine($listfields, $listvalues); $set = array(); foreach ($data as $key => $val) { $set[] = $key . ' = ' . $val; } - $sqlstart .= ' SET ' . implode(', ', $set); + $sqlstart .= " SET " . implode(', ', $set); if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlend = ' WHERE ' . $keyfield . ' = '.((int) $lastinsertid); + $sqlend = " WHERE " . $keyfield . " = ".((int) $lastinsertid); $sql = $sqlstart . $sqlend; @@ -891,17 +891,17 @@ class ImportXlsx extends ModeleImports // Update not done, we do insert if (!$error && !$updatedone) { // Build SQL INSERT request - $sqlstart = 'INSERT INTO ' . $tablename . '(' . implode(', ', $listfields) . ', import_key'; - $sqlend = ') VALUES(' . implode(', ', $listvalues) . ", '" . $this->db->escape($importid) . "'"; + $sqlstart = "INSERT INTO " . $tablename . "(" . implode(", ", $listfields) . ", import_key"; + $sqlend = ") VALUES(" . implode(', ', $listvalues) . ", '" . $this->db->escape($importid) . "'"; if (!empty($tablewithentity_cache[$tablename])) { - $sqlstart .= ', entity'; - $sqlend .= ', ' . $conf->entity; + $sqlstart .= ", entity"; + $sqlend .= ", " . $conf->entity; } if (!empty($objimport->array_import_tables_creator[0][$alias])) { - $sqlstart .= ', ' . $objimport->array_import_tables_creator[0][$alias]; - $sqlend .= ', ' . $user->id; + $sqlstart .= ", " . $objimport->array_import_tables_creator[0][$alias]; + $sqlend .= ", " . $user->id; } - $sql = $sqlstart . $sqlend . ')'; + $sql = $sqlstart . $sqlend . ")"; //dol_syslog("import_xlsx.modules", LOG_DEBUG); // Run insert request diff --git a/htdocs/core/modules/mailings/modules_mailings.php b/htdocs/core/modules/mailings/modules_mailings.php index de5feb233ad..afbf1e22481 100644 --- a/htdocs/core/modules/mailings/modules_mailings.php +++ b/htdocs/core/modules/mailings/modules_mailings.php @@ -184,7 +184,7 @@ class MailingTargets // This can't be abstract as it is used for some method $sql .= "'".$this->db->escape($targetarray['other'])."',"; $sql .= "'".$this->db->escape($targetarray['source_url'])."',"; $sql .= (empty($targetarray['source_id']) ? 'null' : "'".$this->db->escape($targetarray['source_id'])."'").","; - $sql .= "'".$this->db->escape(dol_hash($dolibarr_main_instance_unique_id.';'.$targetarray['email'].';'.$targetarray['lastname'].';'.$mailing_id.';'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY, 'md5'))."',"; + $sql .= "'".$this->db->escape(dol_hash($dolibarr_main_instance_unique_id.";".$targetarray['email'].";".$targetarray['lastname'].";".$mailing_id.";".$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY, 'md5'))."',"; $sql .= "'".$this->db->escape($targetarray['source_type'])."')"; dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/modules/printing/printipp.modules.php b/htdocs/core/modules/printing/printipp.modules.php index 6c4403e2593..0d824d2c7c0 100644 --- a/htdocs/core/modules/printing/printipp.modules.php +++ b/htdocs/core/modules/printing/printipp.modules.php @@ -309,7 +309,7 @@ class printing_printipp extends PrintingDriver $ipp->setAuthentication($this->user, $this->password); } // select printer uri for module order, propal,... - $sql = 'SELECT rowid,printer_uri,printer_name FROM '.MAIN_DB_PREFIX.'printer_ipp WHERE module="'.$module.'"'; + $sql = "SELECT rowid,printer_uri,printer_name FROM ".MAIN_DB_PREFIX."printer_ipp WHERE module = '".$this->db->escape($module)."'"; $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); diff --git a/htdocs/core/tpl/extrafields_list_search_sql.tpl.php b/htdocs/core/tpl/extrafields_list_search_sql.tpl.php index 8b7ff9ac62c..4ba40384648 100644 --- a/htdocs/core/tpl/extrafields_list_search_sql.tpl.php +++ b/htdocs/core/tpl/extrafields_list_search_sql.tpl.php @@ -33,11 +33,11 @@ if (!empty($extrafieldsobjectkey) && !empty($search_array_options) && is_array($ $sql .= " AND ".$extrafieldsobjectprefix.$tmpkey." = '".$db->idate($crit)."'"; } elseif (is_array($crit)) { if ($crit['start'] !== '' && $crit['end'] !== '') { - $sql .= ' AND ('.$extrafieldsobjectprefix.$tmpkey." BETWEEN '". $db->idate($crit['start']). "' AND '".$db->idate($crit['end']) . "')"; + $sql .= " AND (".$extrafieldsobjectprefix.$tmpkey." BETWEEN '". $db->idate($crit['start']). "' AND '".$db->idate($crit['end']) . "')"; } elseif ($crit['start'] !== '') { - $sql .= ' AND ('.$extrafieldsobjectprefix.$tmpkey." >= '". $db->idate($crit['start'])."')"; + $sql .= " AND (".$extrafieldsobjectprefix.$tmpkey." >= '". $db->idate($crit['start'])."')"; } elseif ($crit['end'] !== '') { - $sql .= ' AND ('.$extrafieldsobjectprefix.$tmpkey." <= '". $db->idate($crit['end'])."')"; + $sql .= " AND (".$extrafieldsobjectprefix.$tmpkey." <= '". $db->idate($crit['end'])."')"; } } } elseif (in_array($typ, array('boolean'))) { diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index 2ffce20a924..e069ea7a326 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -557,9 +557,9 @@ class Cronjob extends CommonObject if (is_array($filter) && count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sql .= ' AND '.$key.' = '.((int) $value); + $sql .= " AND ".$key." = ".((int) $value); } else { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/cron/list.php b/htdocs/cron/list.php index 4d829258b2b..aba6558f20d 100644 --- a/htdocs/cron/list.php +++ b/htdocs/cron/list.php @@ -278,12 +278,12 @@ if ($search_lastresult != '') { //Manage filter if (is_array($filter) && count($filter) > 0) { foreach ($filter as $key => $value) { - $sql .= ' AND '.$key.' LIKE \'%'.$db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$db->escape($value)."%'"; } } $sqlwhere = array(); if (!empty($search_module_name)) { - $sqlwhere[] = '(t.module_name='.$db->escape($search_module_name).')'; + $sqlwhere[] = "(t.module_name = '".$db->escape($search_module_name)."')"; } if (count($sqlwhere) > 0) { $sql .= " WHERE ".implode(' AND ', $sqlwhere); diff --git a/htdocs/dav/dav.class.php b/htdocs/dav/dav.class.php index 6ff9e58b73a..a4c98eba8a7 100644 --- a/htdocs/dav/dav.class.php +++ b/htdocs/dav/dav.class.php @@ -82,8 +82,8 @@ class CdavLib LEFT OUTER JOIN '.MAIN_DB_PREFIX.'user AS u ON (u.rowid=fk_element) WHERE ar.element_type=\'user\' AND fk_actioncomm=a.id) AS other_users FROM '.MAIN_DB_PREFIX.'actioncomm AS a'; - if (!$this->user->rights->societe->client->voir) {//FIXME si 'voir' on voit plus de chose ? - $sql .= ' LEFT OUTER JOIN '.MAIN_DB_PREFIX.'societe_commerciaux AS sc ON (a.fk_soc = sc.fk_soc AND sc.fk_user='.$this->user->id.') + if (!$this->user->rights->societe->client->voir) { //FIXME si 'voir' on voit plus de chose ? + $sql .= ' LEFT OUTER JOIN '.MAIN_DB_PREFIX.'societe_commerciaux AS sc ON (a.fk_soc = sc.fk_soc AND sc.fk_user='.((int) $this->user->id).') LEFT JOIN '.MAIN_DB_PREFIX.'societe AS s ON (s.rowid = sc.fk_soc) LEFT JOIN '.MAIN_DB_PREFIX.'socpeople AS sp ON (sp.fk_soc = sc.fk_soc AND sp.rowid = a.fk_contact) LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_cdav AS ac ON (a.id = ac.fk_object)'; @@ -95,7 +95,7 @@ class CdavLib $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_country as co ON co.rowid = sp.fk_pays LEFT JOIN '.MAIN_DB_PREFIX.'c_country as cos ON cos.rowid = s.fk_pays - WHERE a.id IN (SELECT ar.fk_actioncomm FROM '.MAIN_DB_PREFIX.'actioncomm_resources ar WHERE ar.element_type=\'user\' AND ar.fk_element='.intval($calid).') + WHERE a.id IN (SELECT ar.fk_actioncomm FROM '.MAIN_DB_PREFIX.'actioncomm_resources ar WHERE ar.element_type=\'user\' AND ar.fk_element='.((int) $calid).') AND a.code IN (SELECT cac.code FROM '.MAIN_DB_PREFIX.'c_actioncomm cac WHERE cac.type<>\'systemauto\') AND a.entity IN ('.getEntity('societe', 1).')'; if ($oid !== false) { diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index 049ba50bfbe..15cfba4c03e 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -303,17 +303,17 @@ class EcmFiles extends CommonObject $sql .= " '".$this->db->escape($ref)."', "; $sql .= ' '.(!isset($this->label) ? 'NULL' : "'".$this->db->escape($this->label)."'").','; $sql .= ' '.(!isset($this->share) ? 'NULL' : "'".$this->db->escape($this->share)."'").','; - $sql .= ' '.$this->entity.','; + $sql .= ' '.((int) $this->entity).','; $sql .= ' '.(!isset($this->filename) ? 'NULL' : "'".$this->db->escape($this->filename)."'").','; $sql .= ' '.(!isset($this->filepath) ? 'NULL' : "'".$this->db->escape($this->filepath)."'").','; $sql .= ' '.(!isset($this->fullpath_orig) ? 'NULL' : "'".$this->db->escape($this->fullpath_orig)."'").','; $sql .= ' '.(!isset($this->description) ? 'NULL' : "'".$this->db->escape($this->description)."'").','; $sql .= ' '.(!isset($this->keywords) ? 'NULL' : "'".$this->db->escape($this->keywords)."'").','; $sql .= ' '.(!isset($this->cover) ? 'NULL' : "'".$this->db->escape($this->cover)."'").','; - $sql .= ' '.$maxposition.','; + $sql .= ' '.((int) $maxposition).','; $sql .= ' '.(!isset($this->gen_or_uploaded) ? 'NULL' : "'".$this->db->escape($this->gen_or_uploaded)."'").','; $sql .= ' '.(!isset($this->extraparams) ? 'NULL' : "'".$this->db->escape($this->extraparams)."'").','; - $sql .= ' '."'".$this->db->idate($this->date_c)."'".','; + $sql .= " '".$this->db->idate($this->date_c)."',"; $sql .= ' '.(!isset($this->date_m) || dol_strlen($this->date_m) == 0 ? 'NULL' : "'".$this->db->idate($this->date_m)."'").','; $sql .= ' '.(!isset($this->fk_user_c) ? $user->id : $this->fk_user_c).','; $sql .= ' '.(!isset($this->fk_user_m) ? 'NULL' : $this->fk_user_m).','; @@ -530,9 +530,9 @@ class EcmFiles extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.src_object_id') { - $sqlwhere[] = $key.' = '.((int) $value); + $sqlwhere[] = $key." = ".((int) $value); } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -664,7 +664,7 @@ class EcmFiles extends CommonObject // Update request $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET'; - $sql .= " ref = '".dol_hash($this->filepath.'/'.$this->filename, 3)."',"; + $sql .= " ref = '".$this->db->escape(dol_hash($this->filepath."/".$this->filename, 3))."',"; $sql .= ' label = '.(isset($this->label) ? "'".$this->db->escape($this->label)."'" : "null").','; $sql .= ' share = '.(!empty($this->share) ? "'".$this->db->escape($this->share)."'" : "null").','; $sql .= ' entity = '.(isset($this->entity) ? $this->entity : $conf->entity).','; diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php index 09997716c01..9318e3f8465 100644 --- a/htdocs/eventorganization/class/conferenceorbooth.class.php +++ b/htdocs/eventorganization/class/conferenceorbooth.class.php @@ -293,15 +293,15 @@ class ConferenceOrBooth extends ActionComm if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.id' || $key == 't.fk_project' || $key == 't.fk_soc' || $key == 't.fk_action') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/eventorganization/class/conferenceorboothattendee.class.php b/htdocs/eventorganization/class/conferenceorboothattendee.class.php index 825451e9868..5169058d41c 100644 --- a/htdocs/eventorganization/class/conferenceorboothattendee.class.php +++ b/htdocs/eventorganization/class/conferenceorboothattendee.class.php @@ -422,7 +422,7 @@ class ConferenceOrBoothAttendee extends CommonObject } elseif (strpos($value, '%') === false) { $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/eventorganization/conferenceorbooth_list.php b/htdocs/eventorganization/conferenceorbooth_list.php index d3bbd835367..679e0d2d735 100644 --- a/htdocs/eventorganization/conferenceorbooth_list.php +++ b/htdocs/eventorganization/conferenceorbooth_list.php @@ -472,7 +472,7 @@ if ($object->ismultientitymanaged == 1) { $sql .= " WHERE 1 = 1"; } if ($projectid > 0) { - $sql .= ' AND t.fk_project='.$project->id; + $sql .= " AND t.fk_project = ".((int) $project->id); } foreach ($search as $key => $val) { if (array_key_exists($key, $object->fields)) { diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index fdbd1e5ab55..a67b447ca9c 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -973,7 +973,7 @@ class ExpenseReport extends CommonObject { $sql = 'SELECT tt.total_ht, tt.total_ttc, tt.total_tva'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as tt'; - $sql .= ' WHERE tt.'.$this->fk_element.' = '.((int) $id); + $sql .= " WHERE tt.".$this->fk_element.' = '.((int) $id); $total_ht = 0; $total_tva = 0; $total_ttc = 0; @@ -981,18 +981,18 @@ class ExpenseReport extends CommonObject if ($result) { $num = $this->db->num_rows($result); $i = 0; - while ($i < $num) : + while ($i < $num) { $objp = $this->db->fetch_object($result); $total_ht += $objp->total_ht; $total_tva += $objp->total_tva; $i++; - endwhile; + } $total_ttc = $total_ht + $total_tva; $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; - $sql .= " total_ht = ".price2num($total_ht, 'MT'); - $sql .= " , total_ttc = ".price2num($total_ttc, 'MT'); - $sql .= " , total_tva = ".price2num($total_tva, 'MT'); + $sql .= " total_ht = ".((float) price2num($total_ht, 'MT')); + $sql .= " , total_ttc = ".((float) price2num($total_ttc, 'MT')); + $sql .= " , total_tva = ".((float) price2num($total_tva, 'MT')); $sql .= " WHERE rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) : @@ -1024,14 +1024,14 @@ class ExpenseReport extends CommonObject $this->lines = array(); $sql = ' SELECT de.rowid, de.comments, de.qty, de.value_unit, de.date, de.rang,'; - $sql .= ' de.'.$this->fk_element.', de.fk_c_type_fees, de.fk_c_exp_tax_cat, de.fk_projet as fk_project, de.tva_tx, de.fk_ecm_files,'; + $sql .= " de.".$this->fk_element.", de.fk_c_type_fees, de.fk_c_exp_tax_cat, de.fk_projet as fk_project, de.tva_tx, de.fk_ecm_files,"; $sql .= ' de.total_ht, de.total_tva, de.total_ttc,'; $sql .= ' ctf.code as code_type_fees, ctf.label as libelle_type_fees,'; $sql .= ' p.ref as ref_projet, p.title as title_projet'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as de'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_type_fees as ctf ON de.fk_c_type_fees = ctf.id'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet as p ON de.fk_projet = p.rowid'; - $sql .= ' WHERE de.'.$this->fk_element.' = '.((int) $this->id); + $sql .= " WHERE de.".$this->fk_element." = ".((int) $this->id); if (!empty($conf->global->EXPENSEREPORT_LINES_SORTED_BY_ROWID)) { $sql .= ' ORDER BY de.rang ASC, de.rowid ASC'; } else { @@ -2025,12 +2025,12 @@ class ExpenseReport extends CommonObject public function offsetAlreadyGiven() { $sql = 'SELECT e.rowid FROM '.MAIN_DB_PREFIX.'expensereport e'; - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'expensereport_det d ON (e.rowid = d.fk_expensereport)'; - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'c_type_fees f ON (d.fk_c_type_fees = f.id AND f.code = "EX_KME")'; - $sql .= ' WHERE e.fk_user_author = '.(int) $this->fk_user_author; - $sql .= ' AND YEAR(d.date) = "'.dol_print_date($this->line->date, '%Y').'" AND MONTH(d.date) = "'.dol_print_date($this->line->date, '%m').'"'; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport_det d ON (e.rowid = d.fk_expensereport)"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."c_type_fees f ON (d.fk_c_type_fees = f.id AND f.code = 'EX_KME')"; + $sql .= " WHERE e.fk_user_author = ".(int) $this->fk_user_author; + $sql .= " AND YEAR(d.date) = '".dol_print_date($this->line->date, '%Y')."' AND MONTH(d.date) = '".dol_print_date($this->line->date, '%m')."'"; if (!empty($this->line->id)) { - $sql .= ' AND d.rowid <> '.$this->line->id; + $sql .= ' AND d.rowid <> '.((int) $this->line->id); } dol_syslog(get_class($this)."::offsetAlreadyGiven sql=".$sql); diff --git a/htdocs/expensereport/class/expensereport_rule.class.php b/htdocs/expensereport/class/expensereport_rule.class.php index 03ecab10f6a..6299dd7c5bd 100644 --- a/htdocs/expensereport/class/expensereport_rule.class.php +++ b/htdocs/expensereport/class/expensereport_rule.class.php @@ -157,7 +157,7 @@ class ExpenseReportRule extends CoreObject $sql .= ' FROM '.MAIN_DB_PREFIX.'expensereport_rules er'; $sql .= ' WHERE er.entity IN (0,'.getEntity('').')'; if (!empty($fk_c_type_fees)) { - $sql .= ' AND er.fk_c_type_fees IN (-1, '.$fk_c_type_fees.')'; + $sql .= ' AND er.fk_c_type_fees IN (-1, '.((int) $fk_c_type_fees).')'; } if (!empty($date)) { $sql .= " AND er.dates <= '".dol_print_date($date, '%Y-%m-%d')."'"; @@ -170,7 +170,7 @@ class ExpenseReportRule extends CoreObject } $sql .= ' ORDER BY er.is_for_all, er.fk_usergroup, er.fk_user'; - dol_syslog("ExpenseReportRule::getAllRule sql=".$sql); + dol_syslog("ExpenseReportRule::getAllRule"); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/expensereport/class/expensereportstats.class.php b/htdocs/expensereport/class/expensereportstats.class.php index 13e7a44bc7f..e36b1c1e49e 100644 --- a/htdocs/expensereport/class/expensereportstats.class.php +++ b/htdocs/expensereport/class/expensereportstats.class.php @@ -94,7 +94,7 @@ class ExpenseReportStats extends Stats */ public function getNbByYear() { - $sql = "SELECT YEAR(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).") as dm, count(*)"; + $sql = "SELECT YEAR(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).") as dm, count(*)"; $sql .= " FROM ".$this->from; $sql .= " GROUP BY dm DESC"; $sql .= " WHERE ".$this->where; @@ -112,7 +112,7 @@ class ExpenseReportStats extends Stats */ public function getNbByMonth($year, $format = 0) { - $sql = "SELECT MONTH(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).") as dm, count(*)"; + $sql = "SELECT MONTH(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).") as dm, count(*)"; $sql .= " FROM ".$this->from; $sql .= " WHERE YEAR(e.".$this->datetouse.") = ".((int) $year); $sql .= " AND ".$this->where; @@ -134,9 +134,9 @@ class ExpenseReportStats extends Stats */ public function getAmountByMonth($year, $format = 0) { - $sql = "SELECT date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%m') as dm, sum(".$this->field.")"; + $sql = "SELECT date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%m') as dm, sum(".$this->field.")"; $sql .= " FROM ".$this->from; - $sql .= " WHERE date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') = '".$this->db->escape($year)."'"; + $sql .= " WHERE date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%Y') = '".$this->db->escape($year)."'"; $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -154,9 +154,9 @@ class ExpenseReportStats extends Stats */ public function getAverageByMonth($year) { - $sql = "SELECT date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%m') as dm, avg(".$this->field.")"; + $sql = "SELECT date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%m') as dm, avg(".$this->field.")"; $sql .= " FROM ".$this->from; - $sql .= " WHERE date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') = '".$this->db->escape($year)."'"; + $sql .= " WHERE date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%Y') = '".$this->db->escape($year)."'"; $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -171,7 +171,7 @@ class ExpenseReportStats extends Stats */ public function getAllByYear() { - $sql = "SELECT date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg"; + $sql = "SELECT date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg"; $sql .= " FROM ".$this->from; $sql .= " WHERE ".$this->where; $sql .= " GROUP BY year"; diff --git a/htdocs/exports/class/export.class.php b/htdocs/exports/class/export.class.php index 483935c7fdf..50acd166237 100644 --- a/htdocs/exports/class/export.class.php +++ b/htdocs/exports/class/export.class.php @@ -455,14 +455,14 @@ class Export } else { $keyList = 'rowid'; } - $sql = 'SELECT '.$keyList.' as rowid, '.$InfoFieldList[2].' as label'.(empty($InfoFieldList[3]) ? '' : ', '.$InfoFieldList[3].' as code'); + $sql = "SELECT ".$keyList." as rowid, ".$InfoFieldList[2]." as label".(empty($InfoFieldList[3]) ? "" : ", ".$InfoFieldList[3]." as code"); if ($InfoFieldList[1] == 'c_stcomm') { - $sql = 'SELECT id as id, '.$keyList.' as rowid, '.$InfoFieldList[2].' as label'.(empty($InfoFieldList[3]) ? '' : ', '.$InfoFieldList[3].' as code'); + $sql = "SELECT id as id, ".$keyList." as rowid, ".$InfoFieldList[2]." as label".(empty($InfoFieldList[3]) ? "" : ", ".$InfoFieldList[3].' as code'); } if ($InfoFieldList[1] == 'c_country') { - $sql = 'SELECT '.$keyList.' as rowid, '.$InfoFieldList[2].' as label, code as code'; + $sql = "SELECT ".$keyList." as rowid, ".$InfoFieldList[2]." as label, code as code"; } - $sql .= ' FROM '.MAIN_DB_PREFIX.$InfoFieldList[1]; + $sql .= " FROM ".MAIN_DB_PREFIX.$InfoFieldList[1]; if (!empty($InfoFieldList[4])) { $sql .= ' WHERE entity IN ('.getEntity($InfoFieldList[4]).')'; } diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index 6da1a30b618..23766a91bbe 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -1481,7 +1481,7 @@ class FichinterLigne extends CommonObjectLine if ($rangToUse == -1) { // Recupere rang max de la ligne d'intervention dans $rangmax $sql = 'SELECT max(rang) as max FROM '.MAIN_DB_PREFIX.'fichinterdet'; - $sql .= ' WHERE fk_fichinter ='.$this->fk_fichinter; + $sql .= ' WHERE fk_fichinter = '.((int) $this->fk_fichinter); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -1496,7 +1496,7 @@ class FichinterLigne extends CommonObjectLine // Insertion dans base de la ligne $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'fichinterdet'; $sql .= ' (fk_fichinter, description, date, duree, rang)'; - $sql .= " VALUES (".$this->fk_fichinter.","; + $sql .= " VALUES (".((int) $this->fk_fichinter).","; $sql .= " '".$this->db->escape($this->desc)."',"; $sql .= " '".$this->db->idate($this->datei)."',"; $sql .= " ".((int) $this->duration).","; diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php index 39aaea1bbfe..fcf1c6a50f4 100644 --- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php +++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php @@ -666,13 +666,13 @@ class CommandeFournisseurDispatch extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.comment') { - $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere [] = $key." LIKE '%".$this->db->escape($value)."%'"; } elseif ($key == 't.datec' || $key == 't.tms' || $key == 't.eatby' || $key == 't.sellby' || $key == 't.batch') { - $sqlwhere [] = $key.' = \''.$this->db->escape($value).'\''; + $sqlwhere [] = $key." = '".$this->db->escape($value)."'"; } elseif ($key == 'qty') { - $sqlwhere [] = $key.' = '.((float) $value); + $sqlwhere [] = $key." = ".((float) $value); } else { - $sqlwhere [] = $key.' = '.((int) $value); + $sqlwhere [] = $key." = ".((int) $value); } } } diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 701b10093af..a5e2581d69b 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -404,15 +404,15 @@ class Productcustomerprice extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year - $sql .= ' AND '.$key.' = \''.$this->db->escape($value).'\''; + $sql .= " AND ".$key." = '".$this->db->escape($value)."'"; } elseif ($key == 'soc.nom') { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } elseif ($key == 'prod.ref' || $key == 'prod.label') { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } elseif ($key == 't.price' || $key == 't.price_ttc') { - $sql .= ' AND '.$key.' LIKE \'%'.price2num($value).'%\''; + $sql .= " AND ".$key." LIKE '%".price2num($value)."%'"; } else { - $sql .= ' AND '.$key.' = '.((int) $value); + $sql .= " AND ".$key." = ".((int) $value); } } } @@ -521,11 +521,11 @@ class Productcustomerprice extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year - $sql .= ' AND '.$key.' = \''.$value.'\''; + $sql .= " AND ".$key." = '".$db->escape($value)."'"; } elseif ($key == 'soc.nom') { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } else { - $sql .= ' AND '.$key.' = '.((int) $value); + $sql .= " AND ".$key." = ".((int) $value); } } } diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index 0fdbba51041..0a9636c0290 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -273,7 +273,7 @@ class ProductStockEntrepot extends CommonObject $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { - $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere [] = $key." LIKE '%".$this->db->escape($value)."%'"; } } if (count($sqlwhere) > 0) { diff --git a/htdocs/public/recruitment/index.php b/htdocs/public/recruitment/index.php index f6fdd94b6f1..e576d5abde2 100644 --- a/htdocs/public/recruitment/index.php +++ b/htdocs/public/recruitment/index.php @@ -261,15 +261,15 @@ if ($display_ticket_list) { if (!empty($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year - $sql .= ' AND '.$key.' = \''.$db->escape($value).'\''; + $sql .= " AND ".$key." = '".$db->escape($value)."'"; } elseif ($key == 't.fk_statut') { if (is_array($value) && count($value) > 0) { - $sql .= 'AND '.$key.' IN ('.$db->sanitize(implode(',', $value)).')'; + $sql .= " AND ".$key.' IN ('.$db->sanitize(implode(',', $value)).')'; } else { - $sql .= ' AND '.$key.' = '.((int) $value); + $sql .= " AND ".$key." = ".((int) $value); } } else { - $sql .= ' AND '.$key.' LIKE \'%'.$db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$db->escape($value)."%'"; } } } diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 2249dcaa930..5fea0ee94a1 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -359,17 +359,17 @@ if ($action == "view_ticketlist") { if (!empty($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year - $sql .= ' AND '.$key.' = \''.$db->escape($value).'\''; + $sql .= " AND ".$key." = '".$db->escape($value)."'"; } elseif (($key == 't.fk_user_assign') || ($key == 't.type_code') || ($key == 't.category_code') || ($key == 't.severity_code')) { $sql .= " AND ".$key." = '".$db->escape($value)."'"; } elseif ($key == 't.fk_statut') { if (is_array($value) && count($value) > 0) { - $sql .= 'AND '.$key.' IN ('.$db->sanitize(implode(',', $value)).')'; + $sql .= " AND ".$key." IN (".$db->sanitize(implode(',', $value)).")"; } else { - $sql .= ' AND '.$key.' = '.((int) $value); + $sql .= " AND ".$key." = ".((int) $value); } } else { - $sql .= ' AND '.$key.' LIKE \'%'.$db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$db->escape($value)."%'"; } } } diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index db70bc571bf..7020beced48 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -511,11 +511,11 @@ class Dolresource extends CommonObject if (!empty($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { - $sql .= ' AND '.$key.' = \''.$this->db->idate($value).'\''; + $sql .= " AND ".$key." = '".$this->db->idate($value)."'"; } elseif (strpos($key, 'ef.') !== false) { $sql .= $value; } else { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -591,9 +591,9 @@ class Dolresource extends CommonObject if (!empty($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { - $sql .= ' AND '.$key.' = \''.$this->db->idate($value).'\''; + $sql .= " AND ".$key." = '".$this->db->idate($value)."'"; } else { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -675,9 +675,9 @@ class Dolresource extends CommonObject if (!empty($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { - $sql .= ' AND '.$key.' = \''.$this->db->idate($value).'\''; + $sql .= " AND ".$key." = '".$this->db->idate($value)."'"; } else { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index e2860d240d7..a53d649c2b3 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -714,17 +714,17 @@ class Ticket extends CommonObject if (!empty($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year - $sql .= ' AND '.$key." = '".$this->db->escape($value)."'"; + $sql .= " AND ".$key." = '".$this->db->escape($value)."'"; } elseif (($key == 't.fk_user_assign') || ($key == 't.type_code') || ($key == 't.category_code') || ($key == 't.severity_code') || ($key == 't.fk_soc')) { $sql .= " AND ".$key." = '".$this->db->escape($value)."'"; } elseif ($key == 't.fk_statut') { if (is_array($value) && count($value) > 0) { - $sql .= 'AND '.$key.' IN ('.$this->db->sanitize(implode(',', $value)).')'; + $sql .= " AND ".$key." IN (".$this->db->sanitize(implode(',', $value)).")"; } else { - $sql .= ' AND '.$key.' = '.((int) $value); + $sql .= " AND ".$key.' = '.((int) $value); } } else { - $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 0c9ced5e68f..893cd9a6bf1 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -415,7 +415,7 @@ class Website extends CommonObject $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { - $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } if (count($sqlwhere) > 0) { diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index f255b4e92e5..275c3c94afe 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -417,7 +417,7 @@ class WebsitePage extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || $key == 't.fk_website' || $key == 'status') { - $sqlwhere[] = $key.' = '.((int) $value); + $sqlwhere[] = $key." = ".((int) $value); } elseif ($key == 'type_container') { $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } elseif ($key == 'lang' || $key == 't.lang') { @@ -432,16 +432,16 @@ class WebsitePage extends CommonObject } $stringtouse = $key." IN (".$this->db->sanitize(join(',', $listoflang), 1).")"; if ($foundnull) { - $stringtouse = '('.$stringtouse.' OR '.$key.' IS NULL)'; + $stringtouse = "(".$stringtouse." OR ".$key." IS NULL)"; } $sqlwhere[] = $stringtouse; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')'; + $sql .= " AND (".implode(' '.$filtermode.' ', $sqlwhere).')'; } if (!empty($sortfield)) { @@ -519,7 +519,7 @@ class WebsitePage extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid' || $key == 't.fk_website' || $key == 'status') { - $sqlwhere[] = $key.' = '.((int) $value); + $sqlwhere[] = $key." = ".((int) $value); } elseif ($key == 'type_container') { $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; } elseif ($key == 'lang' || $key == 't.lang') { @@ -534,11 +534,11 @@ class WebsitePage extends CommonObject } $stringtouse = $key." IN (".$this->db->sanitize(join(',', $listoflang), 1).")"; if ($foundnull) { - $stringtouse = '('.$stringtouse.' OR '.$key.' IS NULL)'; + $stringtouse = "(".$stringtouse." OR ".$key." IS NULL)"; } $sqlwhere[] = $stringtouse; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } From 3d72a21396d8e565311d4998c5183502797cee7e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 03:09:18 +0200 Subject: [PATCH 140/215] Clean code --- .../fourn/class/fournisseur.facture.class.php | 6 +- htdocs/fourn/class/paiementfourn.class.php | 6 +- htdocs/fourn/commande/card.php | 10 +- htdocs/fourn/commande/list.php | 2 +- htdocs/fourn/facture/list.php | 4 +- htdocs/fourn/facture/paiement.php | 4 +- htdocs/install/lib/repair.lib.php | 2 +- htdocs/install/repair.php | 34 ++--- htdocs/install/step5.php | 16 +-- htdocs/install/upgrade.php | 3 +- htdocs/install/upgrade2.php | 38 +++--- .../class/intracommreport.class.php | 2 +- htdocs/loan/payment/card.php | 4 +- htdocs/margin/checkMargins.php | 4 +- .../core/modules/modMyModule.class.php | 8 +- .../class/multicurrency.class.php | 24 ++-- htdocs/product/class/product.class.php | 9 +- .../class/productcustomerprice.class.php | 2 +- htdocs/product/fournisseurs.php | 6 +- .../inventory/class/inventory.class.php | 4 +- htdocs/product/stats/contrat.php | 8 +- htdocs/product/stats/mo.php | 8 +- htdocs/product/stock/class/entrepot.class.php | 2 +- .../stock/class/mouvementstock.class.php | 11 +- htdocs/product/stock/list.php | 2 +- htdocs/product/stock/replenish.php | 40 +++--- htdocs/product/stock/stockatdate.php | 4 +- htdocs/projet/class/projectstats.class.php | 6 +- htdocs/projet/class/taskstats.class.php | 4 +- htdocs/public/emailing/mailing-read.php | 4 +- .../public/emailing/mailing-unsubscribe.php | 2 +- htdocs/public/payment/paymentok.php | 2 +- htdocs/public/recruitment/index.php | 4 +- htdocs/public/ticket/list.php | 4 +- htdocs/reception/list.php | 2 +- htdocs/societe/admin/societe.php | 8 +- htdocs/societe/class/societe.class.php | 8 +- htdocs/societe/paymentmodes.php | 2 +- htdocs/stripe/class/stripe.class.php | 6 +- htdocs/supplier_proposal/list.php | 2 +- htdocs/takepos/invoice.php | 5 +- htdocs/ticket/class/ticket.class.php | 120 +----------------- htdocs/user/class/user.class.php | 8 +- htdocs/user/notify/card.php | 2 +- .../class/ProductCombination.class.php | 2 +- htdocs/website/class/website.class.php | 4 +- htdocs/website/index.php | 8 +- 47 files changed, 172 insertions(+), 294 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index eab1d445558..ccfe09eec0c 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -506,7 +506,7 @@ class FactureFournisseur extends CommonInvoice dol_syslog("There is ".count($this->lines)." lines that are invoice lines objects"); foreach ($this->lines as $i => $val) { $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'facture_fourn_det (fk_facture_fourn, special_code, fk_remise_except)'; - $sql .= ' VALUES ('.$this->id.','.intval($this->lines[$i]->special_code).','.($this->lines[$i]->fk_remise_except > 0 ? $this->lines[$i]->fk_remise_except : 'NULL').')'; + $sql .= " VALUES (".((int) $this->id).", ".((int) $this->lines[$i]->special_code).", ".($this->lines[$i]->fk_remise_except > 0 ? ((int) $this->lines[$i]->fk_remise_except) : 'NULL').')'; $resql_insert = $this->db->query($sql); if ($resql_insert) { @@ -552,7 +552,7 @@ class FactureFournisseur extends CommonInvoice } $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'facture_fourn_det (fk_facture_fourn, special_code, fk_remise_except)'; - $sql .= ' VALUES ('.$this->id.','.intval($this->lines[$i]->special_code).','.($this->lines[$i]->fk_remise_except > 0 ? $this->lines[$i]->fk_remise_except : 'NULL').')'; + $sql .= " VALUES (".((int) $this->id).", ".((int) $this->lines[$i]->special_code).", ".($this->lines[$i]->fk_remise_except > 0 ? ((int) $this->lines[$i]->fk_remise_except) : 'NULL').')'; $resql_insert = $this->db->query($sql); if ($resql_insert) { @@ -1375,7 +1375,7 @@ class FactureFournisseur extends CommonInvoice if ($close_note) { $sql .= ", close_note='".$this->db->escape($close_note)."'"; } - $sql .= ', fk_user_closing = '.$user->id; + $sql .= ', fk_user_closing = '.((int) $user->id); $sql .= ", date_closing = '".$this->db->idate($now)."'"; $sql .= ' WHERE rowid = '.((int) $this->id); diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php index 2227e2b8c0a..fa58139b7e7 100644 --- a/htdocs/fourn/class/paiementfourn.class.php +++ b/htdocs/fourn/class/paiementfourn.class.php @@ -201,8 +201,8 @@ class PaiementFourn extends Paiement $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiementfourn ('; $sql .= 'ref, entity, datec, datep, amount, multicurrency_amount, fk_paiement, num_paiement, note, fk_user_author, fk_bank)'; - $sql .= " VALUES ('".$this->db->escape($ref)."', ".$conf->entity.", '".$this->db->idate($now)."',"; - $sql .= " '".$this->db->idate($this->datepaye)."', '".$total."', '".$mtotal."', ".$this->paiementid.", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_private)."', ".$user->id.", 0)"; + $sql .= " VALUES ('".$this->db->escape($ref)."', ".((int) $conf->entity).", '".$this->db->idate($now)."',"; + $sql .= " '".$this->db->idate($this->datepaye)."', ".((float) $total).", ".((float) $mtotal).", ".((int) $this->paiementid).", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_private)."', ".((int) $user->id).", 0)"; $resql = $this->db->query($sql); if ($resql) { @@ -214,7 +214,7 @@ class PaiementFourn extends Paiement if (is_numeric($amount) && $amount <> 0) { $amount = price2num($amount); $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiementfourn_facturefourn (fk_facturefourn, fk_paiementfourn, amount, multicurrency_amount)'; - $sql .= ' VALUES ('.$facid.','.$this->id.',\''.$amount.'\', \''.$this->multicurrency_amounts[$key].'\')'; + $sql .= " VALUES (".((int) $facid).", ".((int) $this->id).", ".((float) $amount).', '.((float) $this->multicurrency_amounts[$key]).')'; $resql = $this->db->query($sql); if ($resql) { $invoice = new FactureFournisseur($this->db); diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index b981d46b764..c2cb03a27cb 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -243,9 +243,9 @@ if (empty($reshook)) { // Update supplier $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur'; - $sql .= ' SET fk_soc='.$new_socid; - $sql .= ' WHERE fk_soc='.$object->thirdparty->id; - $sql .= ' AND rowid='.$object->id; + $sql .= ' SET fk_soc = '.((int) $new_socid); + $sql .= ' WHERE fk_soc = '.((int) $object->thirdparty->id); + $sql .= ' AND rowid = '.((int) $object->id); $res = $db->query($sql); @@ -258,8 +258,8 @@ if (empty($reshook)) { foreach ($object->lines as $l) { $sql = 'SELECT price, unitprice, tva_tx, ref_fourn'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_fournisseur_price'; - $sql .= ' WHERE fk_product='.$l->fk_product; - $sql .= ' AND fk_soc='.$new_socid; + $sql .= ' WHERE fk_product = '.((int) $l->fk_product); + $sql .= ' AND fk_soc = '.((int) $new_socid); $sql .= ' ORDER BY unitprice ASC'; $resql = $db->query($sql); diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index e4d10cbb23d..ef39e7502f6 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -769,7 +769,7 @@ if ($search_total_ttc != '') { $sql .= natural_search('cf.total_ttc', $search_total_ttc, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND cf.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND cf.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('cf.multicurrency_tx', $search_multicurrency_tx, 1); diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 527cd851709..358b1c59c1b 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -606,7 +606,7 @@ if ($filter && $filter != -1) { $aFilter = explode(',', $filter); foreach ($aFilter as $fil) { $filt = explode(':', $fil); - $sql .= ' AND '.$db->escape(trim($filt[0]))." = '".$db->escape(trim($filt[1]))."'"; + $sql .= " AND ".$db->escape(trim($filt[0]))." = '".$db->escape(trim($filt[1]))."'"; } } if ($search_sale > 0) { @@ -655,7 +655,7 @@ if (!$search_all) { // Add HAVING from hooks $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook -$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 ' . $hookmanager->resPrint) : ''; +$sql .= !empty($hookmanager->resPrint) ? (" HAVING 1=1 " . $hookmanager->resPrint) : ""; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php index f0967453701..b5bc33b78c0 100644 --- a/htdocs/fourn/facture/paiement.php +++ b/htdocs/fourn/facture/paiement.php @@ -510,8 +510,8 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie $sql .= ' SUM(pf.amount) as am, SUM(pf.multicurrency_amount) as multicurrency_am'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn as f'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON pf.fk_facturefourn = f.rowid'; - $sql .= " WHERE f.entity = ".$conf->entity; - $sql .= ' AND f.fk_soc = '.$object->socid; + $sql .= " WHERE f.entity = ".((int) $conf->entity); + $sql .= ' AND f.fk_soc = '.((int) $object->socid); $sql .= ' AND f.paye = 0'; $sql .= ' AND f.fk_statut = 1'; // Status=0 => unvalidated, Status=2 => canceled if ($object->type != FactureFournisseur::TYPE_CREDIT_NOTE) { diff --git a/htdocs/install/lib/repair.lib.php b/htdocs/install/lib/repair.lib.php index bd54e55ebde..aa0866fac69 100644 --- a/htdocs/install/lib/repair.lib.php +++ b/htdocs/install/lib/repair.lib.php @@ -88,7 +88,7 @@ function checkLinkedElements($sourcetype, $targettype) $out = $langs->trans('SourceType').': '.$sourcetype.' => '.$langs->trans('TargetType').': '.$targettype.' '; $sql = 'SELECT rowid, fk_source, fk_target FROM '.MAIN_DB_PREFIX.'element_element'; - $sql .= ' WHERE sourcetype="'.$sourcetype.'" AND targettype="'.$targettype.'"'; + $sql .= " WHERE sourcetype='".$db->escape($sourcetype)."' AND targettype='".$db->escape($targettype)."'"; $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 037c7ee4b82..8160f6e89b8 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -1236,7 +1236,7 @@ if ($ok && GETPOST('force_utf8_on_tables', 'alpha')) { print ''; print $table; - $sql = 'ALTER TABLE '.$table.' CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci'; + $sql = "ALTER TABLE ".$table." CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; print ''; if ($force_utf8_on_tables == 'confirmed') { $resql = $db->query($sql); @@ -1282,8 +1282,8 @@ if ($ok && GETPOST('force_utf8mb4_on_tables', 'alpha')) { print ''; print $table; - $sql1 = 'ALTER TABLE '.$table.' ROW_FORMAT=dynamic;'; - $sql2 = 'ALTER TABLE '.$table.' CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci'; + $sql1 = "ALTER TABLE ".$table." ROW_FORMAT=dynamic"; + $sql2 = "ALTER TABLE ".$table." CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci"; print ''; print ''; if ($force_utf8mb4_on_tables == 'confirmed') { @@ -1407,25 +1407,25 @@ if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) { $first_iteration = false; } else { $sql_attach_values = array( - $obj_dispatch->fk_commande, - $obj_dispatch->fk_product, - $obj_line->rowid, - $qty_for_line, - $obj_dispatch->fk_entrepot, - $obj_dispatch->fk_user, - $obj_dispatch->datec ? '"'.$db->escape($obj_dispatch->datec).'"' : 'NULL', - $obj_dispatch->comment ? '"'.$db->escape($obj_dispatch->comment).'"' : 'NULL', - $obj_dispatch->status ?: 'NULL', - $obj_dispatch->tms ? '"'.$db->escape($obj_dispatch->tms).'"' : 'NULL', - $obj_dispatch->batch ?: 'NULL', - $obj_dispatch->eatby ? '"'.$db->escape($obj_dispatch->eatby).'"' : 'NULL', - $obj_dispatch->sellby ? '"'.$db->escape($obj_dispatch->sellby).'"' : 'NULL' + ((int) $obj_dispatch->fk_commande), + ((int) $obj_dispatch->fk_product), + ((int) $obj_line->rowid), + ((float) $qty_for_line), + ((int) $obj_dispatch->fk_entrepot), + ((int) $obj_dispatch->fk_user), + $obj_dispatch->datec ? "'".$db->idate($db->jdate($obj_dispatch->datec))."'" : 'NULL', + $obj_dispatch->comment ? "'".$db->escape($obj_dispatch->comment)."'" : 'NULL', + $obj_dispatch->status ? ((int) $obj_dispatch->status) : 'NULL', + $obj_dispatch->tms ? "'".$db->idate($db->jdate($obj_dispatch->tms))."'" : 'NULL', + $obj_dispatch->batch ? "'".$db->escape($obj_dispatch->batch)."'" : 'NULL', + $obj_dispatch->eatby ? "'".$db->escape($obj_dispatch->eatby)."'" : 'NULL', + $obj_dispatch->sellby ? "'".$db->escape($obj_dispatch->sellby)."'" : 'NULL' ); $sql_attach_values = join(', ', $sql_attach_values); $sql_attach = 'INSERT INTO '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; $sql_attach .= ' (fk_commande, fk_product, fk_commandefourndet, qty, fk_entrepot, fk_user, datec, comment, status, tms, batch, eatby, sellby)'; - $sql_attach .= ' VALUES ('.$sql_attach_values.')'; + $sql_attach .= " VALUES (".$sql_attach_values.")"; } if ($repair_link_dispatch_lines_supplier_order_lines == 'confirmed') { diff --git a/htdocs/install/step5.php b/htdocs/install/step5.php index 0958ef7bb3b..b434612afcd 100644 --- a/htdocs/install/step5.php +++ b/htdocs/install/step5.php @@ -234,7 +234,7 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) { // Insert MAIN_VERSION_FIRST_INSTALL in a dedicated transaction. So if it fails (when first install was already done), we can do other following requests. $db->begin(); dolibarr_install_syslog('step5: set MAIN_VERSION_FIRST_INSTALL const to '.$targetversion, LOG_DEBUG); - $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_FIRST_INSTALL', 1).",".$db->encrypt($targetversion, 1).",'chaine',0,'Dolibarr version when first install',0)"); + $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name, value, type, visible, note, entity) values('".$db->escape($db->encrypt('MAIN_VERSION_FIRST_INSTALL'))."', '".$db->escape($db->encrypt($targetversion))."', 'chaine', 0, 'Dolibarr version when first install', 0)"); if ($resql) { $conf->global->MAIN_VERSION_FIRST_INSTALL = $targetversion; $db->commit(); @@ -246,11 +246,11 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) { $db->begin(); dolibarr_install_syslog('step5: set MAIN_VERSION_LAST_INSTALL const to '.$targetversion, LOG_DEBUG); - $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_VERSION_LAST_INSTALL'"); + $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')." = 'MAIN_VERSION_LAST_INSTALL'"); if (!$resql) { dol_print_error($db, 'Error in setup program'); } - $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_LAST_INSTALL', 1).",".$db->encrypt($targetversion, 1).",'chaine',0,'Dolibarr version when last install',0)"); + $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values('".$db->escape($db->encrypt('MAIN_VERSION_LAST_INSTALL'))."', '".$db->escape($db->encrypt($targetversion))."', 'chaine', 0, 'Dolibarr version when last install', 0)"); if (!$resql) { dol_print_error($db, 'Error in setup program'); } @@ -258,11 +258,11 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) { if ($useforcedwizard) { dolibarr_install_syslog('step5: set MAIN_REMOVE_INSTALL_WARNING const to 1', LOG_DEBUG); - $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_REMOVE_INSTALL_WARNING'"); + $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')." = 'MAIN_REMOVE_INSTALL_WARNING'"); if (!$resql) { dol_print_error($db, 'Error in setup program'); } - $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_REMOVE_INSTALL_WARNING', 1).",".$db->encrypt(1, 1).",'chaine',1,'Disable install warnings',0)"); + $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values('".$db->escape($db->encrypt('MAIN_REMOVE_INSTALL_WARNING'))."', '".$db->escape($db->encrypt(1))."', 'chaine', 1, 'Disable install warnings', 0)"); if (!$resql) { dol_print_error($db, 'Error in setup program'); } @@ -326,11 +326,11 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) { if ($tagdatabase) { dolibarr_install_syslog('step5: set MAIN_VERSION_LAST_UPGRADE const to value '.$targetversion); - $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_VERSION_LAST_UPGRADE'"); + $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')." = 'MAIN_VERSION_LAST_UPGRADE'"); if (!$resql) { dol_print_error($db, 'Error in setup program'); } - $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) VALUES (".$db->encrypt('MAIN_VERSION_LAST_UPGRADE', 1).",".$db->encrypt($targetversion, 1).",'chaine',0,'Dolibarr version for last upgrade',0)"); + $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name, value, type, visible, note, entity) VALUES ('".$db->escape($db->encrypt('MAIN_VERSION_LAST_UPGRADE'))."', '".$db->escape($db->encrypt($targetversion))."', 'chaine', 0, 'Dolibarr version for last upgrade', 0)"); if (!$resql) { dol_print_error($db, 'Error in setup program'); } @@ -346,7 +346,7 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) { } // May fail if parameter already defined - $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) VALUES (".$db->encrypt('MAIN_LANG_DEFAULT', 1).",".$db->encrypt($setuplang, 1).",'chaine',0,'Default language',1)"); + $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) VALUES ('".$db->escape($db->encrypt('MAIN_LANG_DEFAULT'))."', '".$db->escape($db->encrypt($setuplang))."', 'chaine', 0, 'Default language', 1)"); //if (! $resql) dol_print_error($db,'Error in setup program'); $db->close(); diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php index e349317b0c4..7f4a8ac7bad 100644 --- a/htdocs/install/upgrade.php +++ b/htdocs/install/upgrade.php @@ -270,6 +270,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ $values = $db->fetch_array($resql); $i = 0; $createsql = $values[1]; + $reg = aray(); while (preg_match('/CONSTRAINT `(0_[0-9a-zA-Z]+|[_0-9a-zA-Z]+_ibfk_[0-9]+)`/i', $createsql, $reg) && $i < 100) { $sqldrop = "ALTER TABLE ".$val." DROP FOREIGN KEY ".$reg[1]; $resqldrop = $db->query($sqldrop); @@ -282,7 +283,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ $db->free($resql); } else { if ($db->lasterrno() != 'DB_ERROR_NOSUCHTABLE') { - print ''.$sql.' : '.$db->lasterror()."\n"; + print ''.dol_escape_htmltag($sql).' : '.dol_escape_htmltag($db->lasterror())."\n"; } } } diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index 974dd4c8324..368e05c5b04 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -692,7 +692,7 @@ function migrate_paiements($db, $langs, $conf) $num = count($row); for ($i = 0; $i < $num; $i++) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)"; - $sql .= " VALUES (".$row[$i][1].",".$row[$i][0].",".$row[$i][2].")"; + $sql .= " VALUES (".((int) $row[$i][1]).",".((int) $row[$i][0]).",".((float) $row[$i][2]).")"; $res += $db->query($sql); @@ -803,7 +803,7 @@ function migrate_paiements_orphelins_1($db, $langs, $conf) $facid = $obj->rowid; $sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)"; - $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).",".$row[$i]['pamount'].")"; + $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).", ".((float) $row[$i]['pamount']).")"; $res += $db->query($sql); @@ -914,7 +914,7 @@ function migrate_paiements_orphelins_2($db, $langs, $conf) $facid = $obj->rowid; $sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)"; - $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).",".$row[$i]['pamount'].")"; + $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).", ".((float) $row[$i]['pamount']).")"; $res += $db->query($sql); @@ -1002,14 +1002,14 @@ function migrate_contracts_det($db, $langs, $conf) $sql .= "date_ouverture_prevue, date_ouverture, date_fin_validite, tva_tx, qty,"; $sql .= "subprice, price_ht, fk_user_author, fk_user_ouverture)"; $sql .= " VALUES ("; - $sql .= $obj->cref.", ".($obj->fk_product ? $obj->fk_product : 0).", "; + $sql .= ((int) $obj->cref).", ".($obj->fk_product ? ((int) $obj->fk_product) : 0).", "; $sql .= "0, "; $sql .= "'".$db->escape($obj->label)."', null, "; - $sql .= ($obj->date_contrat ? "'".$db->escape($obj->date_contrat)."'" : "null").", "; + $sql .= ($obj->date_contrat ? "'".$db->idate($db->jdate($obj->date_contrat))."'" : "null").", "; $sql .= "null, "; $sql .= "null, "; - $sql .= "'".$db->escape($obj->tva_tx)."' , 1, "; - $sql .= "'".$db->escape($obj->price)."', '".$db->escape($obj->price)."', ".$obj->fk_user_author.","; + $sql .= ((float) $obj->tva_tx).", 1, "; + $sql .= ((float) $obj->price).", ".((float) $obj->price).", ".((int) $obj->fk_user_author).","; $sql .= "null"; $sql .= ")"; @@ -2020,7 +2020,7 @@ function migrate_commande_expedition($db, $langs, $conf) $obj = $db->fetch_object($resql); $sql = "INSERT INTO ".MAIN_DB_PREFIX."co_exp (fk_expedition,fk_commande)"; - $sql .= " VALUES (".$obj->rowid.",".$obj->fk_commande.")"; + $sql .= " VALUES (".((int) $obj->rowid).", ".((int) $obj->fk_commande).")"; $resql2 = $db->query($sql); if (!$resql2) { @@ -2088,15 +2088,15 @@ function migrate_commande_livraison($db, $langs, $conf) $obj = $db->fetch_object($resql); $sql = "INSERT INTO ".MAIN_DB_PREFIX."co_liv (fk_livraison,fk_commande)"; - $sql .= " VALUES (".$obj->rowid.",".$obj->fk_commande.")"; + $sql .= " VALUES (".((int) $obj->rowid).", ".((int) $obj->fk_commande).")"; $resql2 = $db->query($sql); if ($resql2) { $delivery_date = $db->jdate($obj->delivery_date); $sqlu = "UPDATE ".MAIN_DB_PREFIX."livraison SET"; - $sqlu .= " ref_client='".$db->escape($obj->ref_client)."'"; - $sqlu .= ", date_livraison='".$db->idate($delivery_date)."'"; + $sqlu .= " ref_client = '".$db->escape($obj->ref_client)."'"; + $sqlu .= ", date_livraison = '".$db->idate($delivery_date)."'"; $sqlu .= " WHERE rowid = ".((int) $obj->rowid); $resql3 = $db->query($sqlu); if (!$resql3) { @@ -3361,7 +3361,7 @@ function migrate_clean_association($db, $langs, $conf) // And we insert only each record once foreach ($couples as $key => $val) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie_association(fk_categorie_mere,fk_categorie_fille)"; - $sql .= " VALUES(".$val['mere'].", ".$val['fille'].")"; + $sql .= " VALUES(".((int) $val['mere']).", ".((int) $val['fille']).")"; dolibarr_install_syslog("upgrade: insert association"); $resqli = $db->query($sql); if (!$resqli) { @@ -3493,7 +3493,7 @@ function migrate_event_assignement($db, $langs, $conf) $obj = $db->fetch_object($resql); $sqlUpdate = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element) "; - $sqlUpdate .= "VALUES(".$obj->id.", 'user', ".$obj->fk_user_action.")"; + $sqlUpdate .= "VALUES(".((int) $obj->id).", 'user', ".((int) $obj->fk_user_action).")"; $result = $db->query($sqlUpdate); if (!$result) { @@ -3559,7 +3559,7 @@ function migrate_event_assignement_contact($db, $langs, $conf) $obj = $db->fetch_object($resql); $sqlUpdate = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element) "; - $sqlUpdate .= "VALUES(".$obj->id.", 'socpeople', ".$obj->fk_contact.")"; + $sqlUpdate .= "VALUES(".((int) $obj->id).", 'socpeople', ".((int) $obj->fk_contact).")"; $result = $db->query($sqlUpdate); if (!$result) { @@ -4605,7 +4605,7 @@ function migrate_users_socialnetworks() $sqlupd .= ', googleplus=null'; $sqlupd .= ', youtube=null'; $sqlupd .= ', whatsapp=null'; - $sqlupd .= ' WHERE rowid='.$obj->rowid; + $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid); //print $sqlupd."
"; $resqlupd = $db->query($sqlupd); if (!$resqlupd) { @@ -4696,7 +4696,7 @@ function migrate_members_socialnetworks() $sqlupd .= ', googleplus=null'; $sqlupd .= ', youtube=null'; $sqlupd .= ', whatsapp=null'; - $sqlupd .= ' WHERE rowid='.$obj->rowid; + $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid); //print $sqlupd."
"; $resqlupd = $db->query($sqlupd); if (!$resqlupd) { @@ -4791,7 +4791,7 @@ function migrate_contacts_socialnetworks() $sqlupd .= ', googleplus=null'; $sqlupd .= ', youtube=null'; $sqlupd .= ', whatsapp=null'; - $sqlupd .= ' WHERE rowid='.$obj->rowid; + $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid); //print $sqlupd."
"; $resqlupd = $db->query($sqlupd); if (!$resqlupd) { @@ -4881,7 +4881,7 @@ function migrate_thirdparties_socialnetworks() $sqlupd .= ', googleplus=null'; $sqlupd .= ', youtube=null'; $sqlupd .= ', whatsapp=null'; - $sqlupd .= ' WHERE rowid='.$obj->rowid; + $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid); //print $sqlupd."
"; $resqlupd = $db->query($sqlupd); if (!$resqlupd) { @@ -4945,7 +4945,7 @@ function migrate_export_import_profiles($mode = 'export') if ($mode == 'export') { $sqlupd .= ", filter = '".$db->escape($newfilter)."'"; } - $sqlupd .= ' WHERE rowid='.$obj->rowid; + $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid); $resultstring .= ''.$sqlupd."\n"; $resqlupd = $db->query($sqlupd); if (!$resqlupd) { diff --git a/htdocs/intracommreport/class/intracommreport.class.php b/htdocs/intracommreport/class/intracommreport.class.php index 9675d1f3860..d3f34fc149b 100644 --- a/htdocs/intracommreport/class/intracommreport.class.php +++ b/htdocs/intracommreport/class/intracommreport.class.php @@ -437,7 +437,7 @@ class IntracommReport extends CommonObject */ public function getNextDeclarationNumber() { - $resql = $this->db->query('SELECT MAX(numero_declaration) as max_declaration_number FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE exporttype="'.$this->exporttype.'"'); + $resql = $this->db->query('SELECT MAX(numero_declaration) as max_declaration_number FROM '.MAIN_DB_PREFIX.$this->table_element." WHERE exporttype='".$this->db->escape($this->exporttype)."'"); if ($resql) { $res = $this->db->fetch_object($resql); } diff --git a/htdocs/loan/payment/card.php b/htdocs/loan/payment/card.php index 675401e34f9..0292fbf5b2c 100644 --- a/htdocs/loan/payment/card.php +++ b/htdocs/loan/payment/card.php @@ -156,8 +156,8 @@ $disable_delete = 0; $sql = 'SELECT l.rowid as id, l.label, l.paid, l.capital as capital, pl.amount_capital, pl.amount_insurance, pl.amount_interest'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_loan as pl,'.MAIN_DB_PREFIX.'loan as l'; $sql .= ' WHERE pl.fk_loan = l.rowid'; -$sql .= ' AND l.entity = '.$conf->entity; -$sql .= ' AND pl.rowid = '.$payment->id; +$sql .= ' AND l.entity = '.((int) $conf->entity); +$sql .= ' AND pl.rowid = '.((int) $payment->id); dol_syslog("loan/payment/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/margin/checkMargins.php b/htdocs/margin/checkMargins.php index d12c827cc3e..1349e02d2d8 100644 --- a/htdocs/margin/checkMargins.php +++ b/htdocs/margin/checkMargins.php @@ -106,8 +106,8 @@ if (empty($reshook)) { $invoicedet_id = $tmp_array[1]; if (!empty($invoicedet_id)) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'facturedet'; - $sql .= ' SET buy_price_ht=\''.price2num($value).'\''; - $sql .= ' WHERE rowid='.$invoicedet_id; + $sql .= " SET buy_price_ht = ".((float) price2num($value)); + $sql .= ' WHERE rowid = '.((int) $invoicedet_id); $result = $db->query($sql); if (!$result) { setEventMessages($db->lasterror, null, 'errors'); diff --git a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php index 9db4bcb9854..de9188e714d 100644 --- a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php +++ b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php @@ -456,10 +456,10 @@ class modMyModule extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/multicurrency/class/multicurrency.class.php b/htdocs/multicurrency/class/multicurrency.class.php index 8c2e01f9ceb..a811a396811 100644 --- a/htdocs/multicurrency/class/multicurrency.class.php +++ b/htdocs/multicurrency/class/multicurrency.class.php @@ -130,7 +130,7 @@ class MultiCurrency extends CommonObject if (empty($this->entity) || $this->entity <= 0) { $this->entity = $conf->entity; } - $now = date('Y-m-d H:i:s'); + $now = dol_now(); // Insert request $sql = 'INSERT INTO '.MAIN_DB_PREFIX.$this->table_element.'('; @@ -140,11 +140,11 @@ class MultiCurrency extends CommonObject $sql .= ' date_create,'; $sql .= ' fk_user'; $sql .= ') VALUES ('; - $sql .= ' \''.$this->db->escape($this->code).'\','; - $sql .= ' \''.$this->db->escape($this->name).'\','; - $sql .= ' \''.$this->entity.'\','; - $sql .= ' \''.$now.'\','; - $sql .= ' \''.$user->id.'\''; + $sql .= " '".$this->db->escape($this->code)."',"; + $sql .= " '".$this->db->escape($this->name)."',"; + $sql .= " ".((int) $this->entity).","; + $sql .= " '".$this->db->idate($now)."',"; + $sql .= " ".((int) $user->id); $sql .= ')'; $this->db->begin(); @@ -479,8 +479,8 @@ class MultiCurrency extends CommonObject { $sql = 'SELECT cr.rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as cr'; - $sql .= ' WHERE cr.fk_multicurrency = '.((int) $this->id); - $sql .= ' AND cr.date_sync = (SELECT MAX(cr2.date_sync) FROM '.MAIN_DB_PREFIX.$this->table_element_line.' AS cr2 WHERE cr2.fk_multicurrency = '.((int) $this->id).')'; + $sql .= " WHERE cr.fk_multicurrency = ".((int) $this->id); + $sql .= " AND cr.date_sync = (SELECT MAX(cr2.date_sync) FROM ".MAIN_DB_PREFIX.$this->table_element_line." AS cr2 WHERE cr2.fk_multicurrency = ".((int) $this->id).")"; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -781,7 +781,7 @@ class CurrencyRate extends CommonObjectLine $sql .= ' fk_multicurrency,'; $sql .= ' entity'; $sql .= ') VALUES ('; - $sql .= ' '.$this->rate.','; + $sql .= ' '.((float) $this->rate).','; $sql .= " '".$this->db->idate($now)."',"; $sql .= " ".((int) $fk_multicurrency).","; $sql .= " ".((int) $this->entity); @@ -880,13 +880,13 @@ class CurrencyRate extends CommonObjectLine $this->rate = price2num($this->rate); // Update request - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET'; - $sql .= ' rate='.$this->rate; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; + $sql .= "SET rate =".((float) $this->rate); if (!empty($this->date_sync)) { $sql .= ", date_sync='".$this->db->idate($this->date_sync)."'"; } if (!empty($this->fk_multicurrency)) { - $sql .= ', fk_multicurrency='.$this->fk_multicurrency; + $sql .= ', fk_multicurrency='.((int) $this->fk_multicurrency); } $sql .= ' WHERE rowid='.((int) $this->id); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 4dcdb0df538..e51c553809d 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1722,8 +1722,8 @@ class Product extends CommonObject // Add new price $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_price(price_level,date_price, fk_product, fk_user_author, price, price_ttc, price_base_type,tosell, tva_tx, default_vat_code, recuperableonly,"; $sql .= " localtax1_tx, localtax2_tx, localtax1_type, localtax2_type, price_min,price_min_ttc,price_by_qty,entity,fk_price_expression) "; - $sql .= " VALUES(".($level ? $level : 1).", '".$this->db->idate($now)."', ".$this->id.", ".$user->id.", ".price2num($this->price).", ".price2num($this->price_ttc).",'".$this->db->escape($this->price_base_type)."',".((int) $this->status).", ".price2num($this->tva_tx).", ".($this->default_vat_code ? ("'".$this->db->escape($this->default_vat_code)."'") : "null").", ".((int) $this->tva_npr).","; - $sql .= " ".price2num($this->localtax1_tx).", ".price2num($this->localtax2_tx).", '".$this->db->escape($this->localtax1_type)."', '".$this->db->escape($this->localtax2_type)."', ".price2num($this->price_min).", ".price2num($this->price_min_ttc).", ".price2num($this->price_by_qty).", ".$conf->entity.",".($this->fk_price_expression > 0 ? ((int) $this->fk_price_expression) : 'null'); + $sql .= " VALUES(".($level ? ((int) $level) : 1).", '".$this->db->idate($now)."', ".((int) $this->id).", ".((int) $user->id).", ".((float) price2num($this->price)).", ".((float) price2num($this->price_ttc)).",'".$this->db->escape($this->price_base_type)."',".((int) $this->status).", ".((float) price2num($this->tva_tx)).", ".($this->default_vat_code ? ("'".$this->db->escape($this->default_vat_code)."'") : "null").", ".((int) $this->tva_npr).","; + $sql .= " ".price2num($this->localtax1_tx).", ".price2num($this->localtax2_tx).", '".$this->db->escape($this->localtax1_type)."', '".$this->db->escape($this->localtax2_type)."', ".price2num($this->price_min).", ".price2num($this->price_min_ttc).", ".price2num($this->price_by_qty).", ".((int) $conf->entity).",".($this->fk_price_expression > 0 ? ((int) $this->fk_price_expression) : 'null'); $sql .= ")"; dol_syslog(get_class($this)."::_log_price", LOG_DEBUG); @@ -5742,7 +5742,8 @@ class Product extends CommonObject $label_type = 'short_label'; } - $sql = 'select '.$label_type.', code from '.MAIN_DB_PREFIX.'c_units where rowid='.$this->fk_unit; + $sql = "SELECT ".$label_type.", code from ".MAIN_DB_PREFIX."c_units where rowid = ".((int) $this->fk_unit); + $resql = $this->db->query($sql); if ($resql && $this->db->num_rows($resql) > 0) { $res = $this->db->fetch_array($resql); @@ -5750,7 +5751,7 @@ class Product extends CommonObject $this->db->free($resql); return $label; } else { - $this->error = $this->db->error().' sql='.$sql; + $this->error = $this->db->error(); dol_syslog(get_class($this)."::getLabelOfUnit Error ".$this->error, LOG_ERR); return -1; } diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index a5e2581d69b..61cba58c374 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -521,7 +521,7 @@ class Productcustomerprice extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year - $sql .= " AND ".$key." = '".$db->escape($value)."'"; + $sql .= " AND ".$key." = '".$this->db->escape($value)."'"; } elseif ($key == 'soc.nom') { $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'"; } else { diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 9451fec435e..938e8d0655c 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -279,16 +279,16 @@ if (empty($reshook)) { foreach ($extrafield_values as $key => $value) { $sql .= str_replace('options_', '', $key).', '; } - $sql = substr($sql, 0, strlen($sql) - 2).") VALUES (".$object->product_fourn_price_id.", "; + $sql = substr($sql, 0, strlen($sql) - 2).") VALUES (".((int) $object->product_fourn_price_id).", "; foreach ($extrafield_values as $key => $value) { - $sql .= '"'.$value.'", '; + $sql .= "'".$db->escape($value)."', "; } $sql = substr($sql, 0, strlen($sql) - 2).')'; } else { // update the existing one $sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields SET "; foreach ($extrafield_values as $key => $value) { - $sql .= str_replace('options_', '', $key).' = "'.$value.'", '; + $sql .= str_replace('options_', '', $key)." = '".$db->escape($value)."', "; } $sql = substr($sql, 0, strlen($sql) - 2).' WHERE fk_object = '.((int) $object->product_fourn_price_id); } diff --git a/htdocs/product/inventory/class/inventory.class.php b/htdocs/product/inventory/class/inventory.class.php index e17a1fd418f..a6d1504a42c 100644 --- a/htdocs/product/inventory/class/inventory.class.php +++ b/htdocs/product/inventory/class/inventory.class.php @@ -286,10 +286,10 @@ class Inventory extends CommonObject $sql .= " AND p.fk_product_type = 0"; } if ($this->fk_product > 0) { - $sql .= ' AND ps.fk_product = '.$this->fk_product; + $sql .= ' AND ps.fk_product = '.((int) $this->fk_product); } if ($this->fk_warehouse > 0) { - $sql .= ' AND ps.fk_entrepot = '.$this->fk_warehouse; + $sql .= ' AND ps.fk_entrepot = '.((int) $this->fk_warehouse); } $inventoryline = new InventoryLine($this->db); diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php index cb7c84fc863..65302ef2c7d 100644 --- a/htdocs/product/stats/contrat.php +++ b/htdocs/product/stats/contrat.php @@ -127,10 +127,10 @@ if ($id > 0 || !empty($ref)) { $now = dol_now(); $sql = "SELECT"; - $sql .= ' sum('.$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; - $sql .= ' sum('.$db->ifsql("cd.statut=4 AND cd.date_fin_validite > '".$db->idate($now)."'", 1, 0).") as nb_running,"; - $sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite <= '".$db->idate($now)."')", 1, 0).') as nb_late,'; - $sql .= ' sum('.$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,'; + $sql .= " sum(".$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,'; + $sql .= " sum(".$db->ifsql("cd.statut=4 AND cd.date_fin_validite > '".$db->idate($now)."'", 1, 0).") as nb_running,"; + $sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite <= '".$db->idate($now)."')", 1, 0).') as nb_late,'; + $sql .= " sum(".$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,'; $sql .= " c.rowid as rowid, c.ref, c.ref_customer, c.ref_supplier, c.date_contrat, c.statut as statut,"; $sql .= " s.nom as name, s.rowid as socid, s.code_client"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; diff --git a/htdocs/product/stats/mo.php b/htdocs/product/stats/mo.php index 5a5c33312ca..9ad400fe0de 100644 --- a/htdocs/product/stats/mo.php +++ b/htdocs/product/stats/mo.php @@ -127,10 +127,10 @@ if ($id > 0 || !empty($ref)) { $now = dol_now(); $sql = "SELECT"; - $sql .= ' sum('.$db->ifsql("cd.role='toconsume'", "cd.qty", 0).') as nb_toconsume,'; - $sql .= ' sum('.$db->ifsql("cd.role='consumed'", "cd.qty", 0).') as nb_consumed,'; - $sql .= ' sum('.$db->ifsql("cd.role='toproduce'", "cd.qty", 0).') as nb_toproduce,'; - $sql .= ' sum('.$db->ifsql("cd.role='produced'", "cd.qty", 0).') as nb_produced,'; + $sql .= " sum(".$db->ifsql("cd.role='toconsume'", "cd.qty", 0).') as nb_toconsume,'; + $sql .= " sum(".$db->ifsql("cd.role='consumed'", "cd.qty", 0).') as nb_consumed,'; + $sql .= " sum(".$db->ifsql("cd.role='toproduce'", "cd.qty", 0).') as nb_toproduce,'; + $sql .= " sum(".$db->ifsql("cd.role='produced'", "cd.qty", 0).') as nb_produced,'; $sql .= " c.rowid as rowid, c.ref, c.date_valid, c.status"; //$sql .= " s.nom as name, s.rowid as socid, s.code_client"; $sql .= " FROM ".MAIN_DB_PREFIX."mrp_mo as c"; diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 04dcddb8fab..37f6f76d216 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -205,7 +205,7 @@ class Entrepot extends CommonObject $this->db->begin(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."entrepot (ref, entity, datec, fk_user_author, fk_parent, fk_project)"; - $sql .= " VALUES ('".$this->db->escape($this->label)."', ".$conf->entity.", '".$this->db->idate($now)."', ".$user->id.", ".($this->fk_parent > 0 ? $this->fk_parent : "NULL").", ".($this->fk_project > 0 ? $this->fk_project : "NULL").")"; + $sql .= " VALUES ('".$this->db->escape($this->label)."', ".((int) $conf->entity).", '".$this->db->idate($now)."', ".((int) $user->id).", ".($this->fk_parent > 0 ? ((int) $this->fk_parent) : "NULL").", ".($this->fk_project > 0 ? ((int) $this->fk_project) : "NULL").")"; dol_syslog(get_class($this)."::create", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index f0c7d51c86b..dd1b2202956 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -428,7 +428,7 @@ class MouvementStock extends CommonObject $sql .= " datem, fk_product, batch, eatby, sellby,"; $sql .= " fk_entrepot, value, type_mouvement, fk_user_author, label, inventorycode, price, fk_origin, origintype, fk_projet"; $sql .= ")"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$this->product_id.", "; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $this->product_id).", "; $sql .= " ".($batch ? "'".$this->db->escape($batch)."'" : "null").", "; $sql .= " ".($eatby ? "'".$this->db->idate($eatby)."'" : "null").", "; $sql .= " ".($sellby ? "'".$this->db->idate($sellby)."'" : "null").", "; @@ -436,7 +436,7 @@ class MouvementStock extends CommonObject $sql .= " ".((int) $user->id).","; $sql .= " '".$this->db->escape($label)."',"; $sql .= " ".($inventorycode ? "'".$this->db->escape($inventorycode)."'" : "null").","; - $sql .= " ".price2num($price).","; + $sql .= " ".((float) price2num($price)).","; $sql .= " ".((int) $fk_origin).","; $sql .= " '".$this->db->escape($origintype)."',"; $sql .= " ".((int) $fk_project); @@ -634,12 +634,7 @@ class MouvementStock extends CommonObject $sql .= " t.sellby,"; $sql .= " t.fk_projet as fk_project"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE 1 = 1'; - //if (null !== $ref) { - //$sql .= ' AND t.ref = ' . '\'' . $ref . '\''; - //} else { - $sql .= ' AND t.rowid = '.((int) $id); - //} + $sql .= ' WHERE t.rowid = '.((int) $id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/product/stock/list.php b/htdocs/product/stock/list.php index cba4c43bce1..a6fef44bb05 100644 --- a/htdocs/product/stock/list.php +++ b/htdocs/product/stock/list.php @@ -259,7 +259,7 @@ foreach ($search as $key => $val) { $mode_search = 2; } if ($search[$key] != '') { - $sql .= natural_search((($key == 'ref') ? 't.ref' : 't.'.$class_key), $search[$key], (($key == 'status') ? 2 : $mode_search)); + $sql .= natural_search((($key == "ref") ? "t.ref" : "t.".$class_key), $search[$key], (($key == 'status') ? 2 : $mode_search)); } } if ($search_all) { diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index ece4d8e3298..ba3011e3c0e 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -345,11 +345,11 @@ $sql .= ' p.desiredstock, p.seuil_stock_alerte,'; if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0) { $sql .= ' pse.desiredstock as desiredstockpse, pse.seuil_stock_alerte as seuil_stock_alertepse,'; } -$sql .= ' '.$sqldesiredtock.' as desiredstockcombined, '.$sqlalertstock.' as seuil_stock_alertecombined,'; +$sql .= " ".$sqldesiredtock." as desiredstockcombined, ".$sqlalertstock." as seuil_stock_alertecombined,"; $sql .= ' s.fk_product,'; -$sql .= ' SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").') as stock_physique'; +$sql .= " SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").') as stock_physique'; if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0) { - $sql .= ', SUM('.$db->ifsql("s.reel IS NULL OR s.fk_entrepot <> ".$fk_entrepot, "0", "s.reel").') as stock_real_warehouse'; + $sql .= ", SUM(".$db->ifsql("s.reel IS NULL OR s.fk_entrepot <> ".$fk_entrepot, "0", "s.reel").') as stock_real_warehouse'; } // Add fields from hooks @@ -478,45 +478,45 @@ if ($usevirtualstock) { } $sql .= ' HAVING ('; - $sql .= ' ('.$sqldesiredtock.' >= 0 AND ('.$sqldesiredtock.' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; - $sql .= ' - ('.$sqlCommandesCli.' - '.$sqlExpeditionsCli.') + ('.$sqlCommandesFourn.' - '.$sqlReceptionFourn.') + ('.$sqlProductionToProduce.' - '.$sqlProductionToConsume.')))'; + $sql .= " (".$sqldesiredtock." >= 0 AND (".$sqldesiredtock." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; + $sql .= " - (".$sqlCommandesCli." - ".$sqlExpeditionsCli.") + (".$sqlCommandesFourn." - ".$sqlReceptionFourn.") + (".$sqlProductionToProduce." - ".$sqlProductionToConsume.")))"; $sql .= ' OR'; if ($includeproductswithoutdesiredqty == 'on') { - $sql .= ' (('.$sqlalertstock.' >= 0 OR '.$sqlalertstock.' IS NULL) AND ('.$db->ifsql("$sqlalertstock IS NULL", "0", $sqlalertstock).' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; + $sql .= " ((".$sqlalertstock." >= 0 OR ".$sqlalertstock." IS NULL) AND (".$db->ifsql($sqlalertstock." IS NULL", "0", $sqlalertstock)." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").")"; } else { - $sql .= ' ('.$sqlalertstock.' >= 0 AND ('.$sqlalertstock.' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; + $sql .= " (".$sqlalertstock." >= 0 AND (".$sqlalertstock." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; } - $sql .= ' - ('.$sqlCommandesCli.' - '.$sqlExpeditionsCli.') + ('.$sqlCommandesFourn.' - '.$sqlReceptionFourn.') + ('.$sqlProductionToProduce.' - '.$sqlProductionToConsume.')))'; - $sql .= ')'; + $sql .= " - (".$sqlCommandesCli." - ".$sqlExpeditionsCli.") + (".$sqlCommandesFourn." - ".$sqlReceptionFourn.") + (".$sqlProductionToProduce." - ".$sqlProductionToConsume.")))"; + $sql .= ")"; if ($salert == 'on') { // Option to see when stock is lower than alert $sql .= ' AND ('; if ($includeproductswithoutdesiredqty == 'on') { - $sql .= '('.$sqlalertstock.' >= 0 OR '.$sqlalertstock.' IS NULL) AND ('.$db->ifsql("$sqlalertstock IS NULL", "0", $sqlalertstock).' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; + $sql .= "(".$sqlalertstock." >= 0 OR ".$sqlalertstock." IS NULL) AND (".$db->ifsql($sqlalertstock." IS NULL", "0", $sqlalertstock)." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").")"; } else { - $sql .= $sqlalertstock.' >= 0 AND ('.$sqlalertstock.' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')'; + $sql .= $sqlalertstock." >= 0 AND (".$sqlalertstock." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").")"; } - $sql .= ' - ('.$sqlCommandesCli.' - '.$sqlExpeditionsCli.') + ('.$sqlCommandesFourn.' - '.$sqlReceptionFourn.') + ('.$sqlProductionToProduce.' - '.$sqlProductionToConsume.'))'; - $sql .= ')'; + $sql .= " - (".$sqlCommandesCli." - ".$sqlExpeditionsCli.") + (".$sqlCommandesFourn." - ".$sqlReceptionFourn.") + (".$sqlProductionToProduce." - ".$sqlProductionToConsume."))"; + $sql .= ")"; $alertchecked = 'checked'; } } else { $sql .= ' HAVING ('; - $sql .= '('.$sqldesiredtock.' >= 0 AND ('.$sqldesiredtock.' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')))'; + $sql .= "(".$sqldesiredtock." >= 0 AND (".$sqldesiredtock." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").")))"; $sql .= ' OR'; if ($includeproductswithoutdesiredqty == 'on') { - $sql .= ' (('.$sqlalertstock.' >= 0 OR '.$sqlalertstock.' IS NULL) AND ('.$db->ifsql("$sqlalertstock IS NULL", "0", $sqlalertstock).' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')))'; + $sql .= " ((".$sqlalertstock." >= 0 OR ".$sqlalertstock." IS NULL) AND (".$db->ifsql($sqlalertstock." IS NULL", "0", $sqlalertstock)." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").')))'; } else { - $sql .= ' ('.$sqlalertstock.' >= 0 AND ('.$sqlalertstock.' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").')))'; + $sql .= " (".$sqlalertstock." >= 0 AND (".$sqlalertstock." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").')))'; } $sql .= ')'; if ($salert == 'on') { // Option to see when stock is lower than alert - $sql .= ' AND ('; + $sql .= " AND ("; if ($includeproductswithoutdesiredqty == 'on') { - $sql .= ' ('.$sqlalertstock.' >= 0 OR '.$sqlalertstock.' IS NULL) AND ('.$db->ifsql("$sqlalertstock IS NULL", "0", $sqlalertstock).' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").'))'; + $sql .= " (".$sqlalertstock." >= 0 OR ".$sqlalertstock." IS NULL) AND (".$db->ifsql($sqlalertstock." IS NULL", "0", $sqlalertstock)." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel")."))"; } else { - $sql .= ' '.$sqlalertstock.' >= 0 AND ('.$sqlalertstock.' > SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").'))'; + $sql .= " ".$sqlalertstock." >= 0 AND (".$sqlalertstock." > SUM(".$db->ifsql("s.reel IS NULL", "0", "s.reel").'))'; } $sql .= ')'; $alertchecked = 'checked'; @@ -802,7 +802,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $sql = 'SELECT label,description'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang'; $sql .= ' WHERE fk_product = '.((int) $objp->rowid); - $sql .= ' AND lang = "'.$langs->getDefaultLang().'"'; + $sql .= " AND lang = '".$db->escape($langs->getDefaultLang())."'"; $sql .= ' LIMIT 1'; $resqlm = $db->query($sql); diff --git a/htdocs/product/stock/stockatdate.php b/htdocs/product/stock/stockatdate.php index 4892004db72..83c57a4a81d 100644 --- a/htdocs/product/stock/stockatdate.php +++ b/htdocs/product/stock/stockatdate.php @@ -272,7 +272,7 @@ if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) { $sql .= " AND p.fk_product_type = 0"; } if (!empty($canvas)) { - $sql .= ' AND p.canvas = "'.$db->escape($canvas).'"'; + $sql .= " AND p.canvas = '".$db->escape($canvas)."'"; } if ($fk_warehouse > 0) { $sql .= ' GROUP BY p.rowid, p.ref, p.label, p.description, p.price, p.price_ttc, p.price_base_type, p.fk_product_type, p.desiredstock, p.seuil_stock_alerte,'; @@ -488,7 +488,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $sql = 'SELECT label,description'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang'; $sql .= ' WHERE fk_product = '.((int) $objp->rowid); - $sql .= ' AND lang = "'.$langs->getDefaultLang().'"'; + $sql .= " AND lang = '".$db->escape($langs->getDefaultLang())."'"; $sql .= ' LIMIT 1'; $resqlm = $db->query($sql); diff --git a/htdocs/projet/class/projectstats.class.php b/htdocs/projet/class/projectstats.class.php index f437c8a5e10..1439ecd5f20 100644 --- a/htdocs/projet/class/projectstats.class.php +++ b/htdocs/projet/class/projectstats.class.php @@ -165,15 +165,15 @@ class ProjectStats extends Stats $sqlwhere[] = ' t.entity IN ('.getEntity('project').')'; if (!empty($this->userid)) { - $sqlwhere[] = ' t.fk_user_resp='.$this->userid; + $sqlwhere[] = ' t.fk_user_resp = '.((int) $this->userid); } // Forced filter on socid is similar to forced filter on project. TODO Use project assignement to allow to not use filter on project if (!empty($this->socid)) { - $sqlwhere[] = ' t.fk_soc='.$this->socid; + $sqlwhere[] = ' t.fk_soc = '.((int) $this->socid); } if (!empty($this->year) && empty($this->yearmonth)) { - $sqlwhere[] = " date_format(t.datec,'%Y')='".$this->db->escape($this->year)."'"; + $sqlwhere[] = " date_format(t.datec,'%Y') = '".$this->db->escape($this->year)."'"; } if (!empty($this->yearmonth)) { $sqlwhere[] = " t.datec BETWEEN '".$this->db->idate(dol_get_first_day($this->yearmonth))."' AND '".$this->db->idate(dol_get_last_day($this->yearmonth))."'"; diff --git a/htdocs/projet/class/taskstats.class.php b/htdocs/projet/class/taskstats.class.php index 1eb6fda915f..594ad38d723 100644 --- a/htdocs/projet/class/taskstats.class.php +++ b/htdocs/projet/class/taskstats.class.php @@ -142,11 +142,11 @@ class TaskStats extends Stats $sqlwhere[] = ' t.entity IN ('.getEntity('project').')'; if (!empty($this->userid)) { - $sqlwhere[] = ' t.fk_user_resp='.$this->userid; + $sqlwhere[] = ' t.fk_user_resp = '.((int) $this->userid); } // Forced filter on socid is similar to forced filter on project. TODO Use project assignement to allow to not use filter on project if (!empty($this->socid)) { - $sqlwhere[] = ' p.fk_soc='.$this->socid; // Link on thirdparty is on project, not on task + $sqlwhere[] = ' p.fk_soc = '.((int) $this->socid); // Link on thirdparty is on project, not on task } if (!empty($this->year) && empty($this->yearmonth)) { $sqlwhere[] = " date_format(t.datec,'%Y')='".$this->db->escape($this->year)."'"; diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php index ea9eeb377e7..7fac6ff323e 100644 --- a/htdocs/public/emailing/mailing-read.php +++ b/htdocs/public/emailing/mailing-read.php @@ -128,13 +128,13 @@ if (!empty($tag)) { //Update status communication of thirdparty prospect if ($obj->source_id > 0 && $obj->source_type == 'thirdparty' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.((int) $obj->source_id); + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.((int) $obj->entity).' AND rowid = '.((int) $obj->source_id); $resql = $db->query($sql); } //Update status communication of contact prospect if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.((int) $obj->source_id).')'; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.((int) $obj->entity).' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.((int) $obj->source_id).')'; $resql = $db->query($sql); } } diff --git a/htdocs/public/emailing/mailing-unsubscribe.php b/htdocs/public/emailing/mailing-unsubscribe.php index 6648bafd07a..76a73e8de05 100644 --- a/htdocs/public/emailing/mailing-unsubscribe.php +++ b/htdocs/public/emailing/mailing-unsubscribe.php @@ -149,7 +149,7 @@ if (!empty($tag) && ($unsuscrib == '1')) { */ // Update status communication of email (new usage) - $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe (date_creat, entity, email, unsubscribegroup, ip) VALUES ('".$db->idate(dol_now())."', ".$db->escape($obj->entity).", '".$db->escape($obj->email)."', '', '".$db->escape(getUserRemoteIP())."')"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe (date_creat, entity, email, unsubscribegroup, ip) VALUES ('".$db->idate(dol_now())."', ".((int) $obj->entity).", '".$db->escape($obj->email)."', '', '".$db->escape(getUserRemoteIP())."')"; $resql = $db->query($sql); //if (! $resql) dol_print_error($db); No test on errors, may fail if already unsubscribed diff --git a/htdocs/public/payment/paymentok.php b/htdocs/public/payment/paymentok.php index e65f3ef31fc..f39d6735dad 100644 --- a/htdocs/public/payment/paymentok.php +++ b/htdocs/public/payment/paymentok.php @@ -585,7 +585,7 @@ if ($ispaymentok) { } } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_account (fk_soc, login, key_account, site, site_account, status, entity, date_creation, fk_user_creat)"; - $sql .= " VALUES (".$object->fk_soc.", '', '".$db->escape($stripecu)."', 'stripe', '".$db->escape($stripearrayofkeysbyenv[$servicestatus]['publishable_key'])."', ".$servicestatus.", ".$conf->entity.", '".$db->idate(dol_now())."', 0)"; + $sql .= " VALUES (".((int) $object->fk_soc).", '', '".$db->escape($stripecu)."', 'stripe', '".$db->escape($stripearrayofkeysbyenv[$servicestatus]['publishable_key'])."', ".((int) $servicestatus).", ".((int) $conf->entity).", '".$db->idate(dol_now())."', 0)"; $resql = $db->query($sql); if (!$resql) { // should not happen $error++; diff --git a/htdocs/public/recruitment/index.php b/htdocs/public/recruitment/index.php index e576d5abde2..840fd1f4d8f 100644 --- a/htdocs/public/recruitment/index.php +++ b/htdocs/public/recruitment/index.php @@ -273,13 +273,13 @@ if ($display_ticket_list) { } } } - $sql .= " ORDER BY ".$sortfield.' '.$sortorder; + $sql .= $db->order($sortfield, $sortorder); $resql = $db->query($sql); if ($resql) { $num_total = $db->num_rows($resql); if (!empty($limit)) { - $sql .= ' '.$db->plimit($limit + 1, $offset); + $sql .= $db->plimit($limit + 1, $offset); } $resql = $db->query($sql); diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 5fea0ee94a1..87b0a68ede3 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -374,13 +374,13 @@ if ($action == "view_ticketlist") { } } //$sql .= " GROUP BY t.track_id"; - $sql .= " ORDER BY ".$sortfield.' '.$sortorder; + $sql .= $db->order($sortfield, $sortorder); $resql = $db->query($sql); if ($resql) { $num_total = $db->num_rows($resql); if (!empty($limit)) { - $sql .= ' '.$db->plimit($limit + 1, $offset); + $sql .= $db->plimit($limit + 1, $offset); } $resql = $db->query($sql); diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index 3541a1b8065..7f4a820bf41 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -506,7 +506,7 @@ foreach ($search_array_options as $key => $val) { $mode = 2; // Search on a foreign key int } if ($crit != '' && (!in_array($typ, array('select', 'sellist')) || $crit != '0')) { - $sql .= natural_search('ef.'.$tmpkey, $crit, $mode); + $sql .= natural_search("ef.".$tmpkey, $crit, $mode); } } // Add where from hooks diff --git a/htdocs/societe/admin/societe.php b/htdocs/societe/admin/societe.php index c87289da390..b9b2046fd90 100644 --- a/htdocs/societe/admin/societe.php +++ b/htdocs/societe/admin/societe.php @@ -115,7 +115,7 @@ if ($action == 'set') { $type = 'company'; $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)"; - $sql .= " VALUES ('".$db->escape($value)."','".$db->escape($type)."',".$conf->entity.", "; + $sql .= " VALUES ('".$db->escape($value)."', '".$db->escape($type)."', ".((int) $conf->entity).", "; $sql .= ($label ? "'".$db->escape($label)."'" : 'null').", "; $sql .= (!empty($scandir) ? "'".$db->escape($scandir)."'" : "null"); $sql .= ")"; @@ -130,7 +130,7 @@ if ($action == 'set') { if ($action == 'del') { $type = 'company'; $sql = "DELETE FROM ".MAIN_DB_PREFIX."document_model"; - $sql .= " WHERE nom='".$db->escape($value)."' AND type='".$db->escape($type)."' AND entity=".$conf->entity; + $sql .= " WHERE nom='".$db->escape($value)."' AND type='".$db->escape($type)."' AND entity=".((int) $conf->entity); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -151,12 +151,12 @@ if ($action == 'setdoc') { $sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model"; $sql_del .= " WHERE nom = '".$db->escape(GETPOST('value', 'alpha'))."'"; $sql_del .= " AND type = '".$db->escape($type)."'"; - $sql_del .= " AND entity = ".$conf->entity; + $sql_del .= " AND entity = ".((int) $conf->entity); dol_syslog("societe.php ".$sql); $result1 = $db->query($sql_del); $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)"; - $sql .= " VALUES ('".$db->escape($value)."', '".$db->escape($type)."', ".$conf->entity.", "; + $sql .= " VALUES ('".$db->escape($value)."', '".$db->escape($type)."', ".((int) $conf->entity).", "; $sql .= ($label ? "'".$db->escape($label)."'" : 'null').", "; $sql .= (!empty($scandir) ? "'".$db->escape($scandir)."'" : "null"); $sql .= ")"; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index d7dde07af5f..74e08914f3f 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -890,7 +890,7 @@ class Societe extends CommonObject $sql .= ", accountancy_code_buy"; $sql .= ", accountancy_code_sell"; } - $sql .= ") VALUES ('".$this->db->escape($this->name)."', '".$this->db->escape($this->name_alias)."', ".$this->db->escape($this->entity).", '".$this->db->idate($now)."'"; + $sql .= ") VALUES ('".$this->db->escape($this->name)."', '".$this->db->escape($this->name_alias)."', ".((int) $this->entity).", '".$this->db->idate($now)."'"; $sql .= ", ".(!empty($user->id) ? ((int) $user->id) : "null"); $sql .= ", ".(!empty($this->typent_id) ? ((int) $this->typent_id) : "null"); $sql .= ", ".(!empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'" : "null"); @@ -2372,7 +2372,7 @@ class Societe extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_prices"; $sql .= " (datec, fk_soc, price_level, fk_user_author)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$this->id.", ".((int) $price_level).", ".$user->id.")"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $this->id).", ".((int) $price_level).", ".((int) $user->id).")"; if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -3388,7 +3388,7 @@ class Societe extends CommonObject $sql = 'SELECT s.parent'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe as s'; - $sql .= ' WHERE rowid = '.$idparent; + $sql .= ' WHERE rowid = '.((int) $idparent); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -3875,7 +3875,7 @@ class Societe extends CommonObject // phpcs:enable if ($categorie_id > 0 && $this->id > 0) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie_fournisseur (fk_categorie, fk_soc) "; - $sql .= " VALUES (".$categorie_id.", ".$this->id.")"; + $sql .= " VALUES (".((int) $categorie_id).", ".((int) $this->id).")"; if ($resql = $this->db->query($sql)) { return 0; diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index 664d7d36255..f80bebd9bf5 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -587,7 +587,7 @@ if (empty($reshook)) { $tokenstring['stripe_user_id'] = $stripesup->id; $tokenstring['type'] = $stripesup->type; $sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token (service, fk_soc, entity, tokenstring)"; - $sql .= " VALUES ('".$db->escape($service)."', ".$object->id.", ".$conf->entity.", '".$db->escape(json_encode($tokenstring))."')"; + $sql .= " VALUES ('".$db->escape($service)."', ".((int) $object->id).", ".((int) $conf->entity).", '".$db->escape(json_encode($tokenstring))."')"; // TODO Add site and site_account on oauth_token table } catch (Exception $e) { $error++; diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php index c671ac9c396..9324d7d3a5d 100644 --- a/htdocs/stripe/class/stripe.class.php +++ b/htdocs/stripe/class/stripe.class.php @@ -246,7 +246,7 @@ class Stripe extends CommonObject // Create customer in Dolibarr $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_account (fk_soc, login, key_account, site, site_account, status, entity, date_creation, fk_user_creat)"; - $sql .= " VALUES (".$object->id.", '', '".$this->db->escape($customer->id)."', 'stripe', '".$this->db->escape($stripearrayofkeysbyenv[$status]['publishable_key'])."', ".$status.", ".$conf->entity.", '".$this->db->idate(dol_now())."', ".$user->id.")"; + $sql .= " VALUES (".((int) $object->id).", '', '".$this->db->escape($customer->id)."', 'stripe', '".$this->db->escape($stripearrayofkeysbyenv[$status]['publishable_key'])."', ".((int) $status).", ".((int) $conf->entity).", '".$this->db->idate(dol_now())."', ".((int) $user->id).")"; $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -509,7 +509,7 @@ class Stripe extends CommonObject if (!$paymentintentalreadyexists) { $now = dol_now(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."prelevement_facture_demande (date_demande, fk_user_demande, ext_payment_id, fk_facture, sourcetype, entity, ext_payment_site, amount)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$user->id.", '".$this->db->escape($paymentintent->id)."', ".$object->id.", '".$this->db->escape($object->element)."', ".$conf->entity.", '".$this->db->escape($service)."', ".$amount.")"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $user->id).", '".$this->db->escape($paymentintent->id)."', ".((int) $object->id).", '".$this->db->escape($object->element)."', ".((int) $conf->entity).", '".$this->db->escape($service)."', ".((float) $amount).")"; $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -675,7 +675,7 @@ class Stripe extends CommonObject { $now=dol_now(); $sql = "INSERT INTO " . MAIN_DB_PREFIX . "prelevement_facture_demande (date_demande, fk_user_demande, ext_payment_id, fk_facture, sourcetype, entity, ext_payment_site)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$user->id.", '".$this->db->escape($setupintent->id)."', ".$object->id.", '".$this->db->escape($object->element)."', " . $conf->entity . ", '" . $this->db->escape($service) . "', ".$amount.")"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $user->id).", '".$this->db->escape($setupintent->id)."', ".((int) $object->id).", '".$this->db->escape($object->element)."', " . ((int) $conf->entity) . ", '" . $this->db->escape($service) . "', ".((float) $amount).")"; $resql = $this->db->query($sql); if (! $resql) { diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index a3ab70c8c5a..71cd1c1fa69 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -376,7 +376,7 @@ if ($search_montant_ttc != '') { $sql .= natural_search("sp.total_ttc", $search_montant_ttc, 1); } if ($search_multicurrency_code != '') { - $sql .= ' AND sp.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"'; + $sql .= " AND sp.multicurrency_code = '".$db->escape($search_multicurrency_code)."'"; } if ($search_multicurrency_tx != '') { $sql .= natural_search('sp.multicurrency_tx', $search_multicurrency_tx, 1); diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 95167ed3b51..96b06d09271 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -629,9 +629,10 @@ if ($action == "delete") { } $sql = "UPDATE ".MAIN_DB_PREFIX."facture"; - $sql .= " SET fk_soc=".$conf->global->{'CASHDESK_ID_THIRDPARTY'.$_SESSION["takeposterminal"]}.", "; + $varforconst = 'CASHDESK_ID_THIRDPARTY'.$_SESSION["takeposterminal"]; + $sql .= " SET fk_soc = ".((int) $conf->global->$varforconst).", "; $sql .= " datec = '".$db->idate(dol_now())."'"; - $sql .= " WHERE ref='(PROV-POS".$db->escape($_SESSION["takeposterminal"]."-".$place).")'"; + $sql .= " WHERE ref = '(PROV-POS".$db->escape($_SESSION["takeposterminal"]."-".$place).")'"; $resql1 = $db->query($sql); if ($resdeletelines && $resql1) { diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index a53d649c2b3..9bf53fb5271 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -734,7 +734,7 @@ class Ticket extends CommonObject $sql .= " AND t.fk_soc = ".((int) $user->socid); } - $sql .= " ORDER BY ".$sortfield.' '.$sortorder; + $sql .= $this->db->order($sortfield, $sortorder); if (!empty($limit)) { $sql .= $this->db->plimit($limit + 1, $offset); } @@ -2132,124 +2132,6 @@ class Ticket extends CommonObject return $array_contact; } - /** - * Send message - * - * @param string $subject Subject - * @param string $texte Message to send - * @return int <0 if KO, or number of changes if OK - */ - public function messageSend($subject, $texte) - { - global $conf, $langs, $mysoc, $dolibarr_main_url_root; - - $langs->load("other"); - - dol_syslog(get_class($this)."::message_send action=$action, socid=$socid, texte=$texte, objet_type=$objet_type, objet_id=$objet_id, file=$file"); - - $internal_contacts = $this->getIdContact('internal', 'SUPPORTTEC'); - $external_contacts = $this->getIdContact('external', 'SUPPORTTEC'); - - if ($result) { - $num = $this->db->num_rows($result); - $i = 0; - while ($i < $num) { // For each notification couple defined (third party/actioncode) - $obj = $this->db->fetch_object($result); - - $sendto = $obj->firstname." ".$obj->lastname." <".$obj->email.">"; - $actiondefid = $obj->adid; - - if (dol_strlen($sendto)) { - include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - $application = ($conf->global->MAIN_APPLICATION_TITLE ? $conf->global->MAIN_APPLICATION_TITLE : 'Dolibarr ERP/CRM'); - - $subject = '['.$application.'] '.$langs->transnoentitiesnoconv("DolibarrNotification"); - - $message = $langs->transnoentities("YouReceiveMailBecauseOfNotification", $application, $mysoc->name)."\n"; - $message .= $langs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n"; - $message .= "\n"; - $message .= $texte; - // Add link - $link = ''; - switch ($objet_type) { - case 'ficheinter': - $link = '/fichinter/card.php?id='.$objet_id; - break; - case 'propal': - $link = '/comm/propal.php?id='.$objet_id; - break; - case 'facture': - $link = '/compta/facture/card.php?facid='.$objet_id; - break; - case 'order': - $link = '/commande/card.php?facid='.$objet_id; - break; - case 'order_supplier': - $link = '/fourn/commande/card.php?facid='.$objet_id; - break; - } - // Define $urlwithroot - $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); - $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file - //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current - if ($link) { - $message .= "\n".$urlwithroot.$link; - } - - $filename = basename($file); - - $mimefile = dol_mimetype($file); - - $msgishtml = 0; - - $replyto = $conf->notification->email_from; - - $message = dol_nl2br($message); - - if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { - $old_MAIN_MAIL_AUTOCOPY_TO = $conf->global->MAIN_MAIL_AUTOCOPY_TO; - $conf->global->MAIN_MAIL_AUTOCOPY_TO = ''; - } - $mailfile = new CMailFile( - $subject, - $sendto, - $replyto, - $message, - array($file), - array($mimefile), - array($filename[count($filename) - 1]), - '', - '', - 0, - $msgishtml - ); - - if ($mailfile->sendfile()) { - $now = dol_now(); - $sendto = htmlentities($sendto); - - $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_contact, objet_type, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$actiondefid.", ".$obj->cid.", '".$this->db->escape($objet_type)."', ".$objet_id.", '".$this->db->escape($obj->email)."')"; - dol_syslog("Notify::send sql=".$sql); - if (!$this->db->query($sql)) { - dol_print_error($this->db); - } - } else { - $this->error = $mailfile->error; - //dol_syslog("Notify::send ".$this->error, LOG_ERR); - } - if (!empty($conf->global->TICKET_DISABLE_MAIL_AUTOCOPY_TO)) { - $conf->global->MAIN_MAIL_AUTOCOPY_TO = $old_MAIN_MAIL_AUTOCOPY_TO; - } - } - $i++; - } - return $i; - } else { - $this->error = $this->db->error(); - return -1; - } - } /** * Get array of all contacts for a ticket diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index f22882b1852..db2d4583177 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1355,7 +1355,7 @@ class User extends CommonObject // Insert into database $sql = "INSERT INTO ".MAIN_DB_PREFIX."user (datec, login, ldap_sid, entity)"; - $sql .= " VALUES('".$this->db->idate($this->datec)."','".$this->db->escape($this->login)."','".$this->db->escape($this->ldap_sid)."',".$this->db->escape($this->entity).")"; + $sql .= " VALUES('".$this->db->idate($this->datec)."', '".$this->db->escape($this->login)."', '".$this->db->escape($this->ldap_sid)."', ".((int) $this->entity).")"; $result = $this->db->query($sql); dol_syslog(get_class($this)."::create", LOG_DEBUG); @@ -3587,13 +3587,11 @@ class User extends CommonObject $sql = 'SELECT rowid'; $sql .= ' FROM '.MAIN_DB_PREFIX.'user'; - if (!empty($conf->global->AGENDA_DISABLE_EXACT_USER_EMAIL_COMPARE_FOR_EXTERNAL_CALENDAR)) { - $sql .= ' WHERE email LIKE "%'.$email.'%"'; + $sql .= " WHERE email LIKE '%".$this->db->escape($email)."%'"; } else { - $sql .= ' WHERE email = "'.$email.'"'; + $sql .= " WHERE email = '".$this->db->escape($email)."'"; } - $sql .= ' LIMIT 1'; $resql = $this->db->query($sql); diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index a0cc0128b4c..14067af9a08 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -100,7 +100,7 @@ if ($action == 'add') { $sql .= " WHERE fk_user=".((int) $id)." AND fk_action=".((int) $actionid); if ($db->query($sql)) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec, fk_user, fk_action)"; - $sql .= " VALUES ('".$db->idate($now)."', ".((int) $id).", ".$actionid.")"; + $sql .= " VALUES ('".$db->idate($now)."', ".((int) $id).", ".((int) $actionid).")"; if (!$db->query($sql)) { $error++; diff --git a/htdocs/variants/class/ProductCombination.class.php b/htdocs/variants/class/ProductCombination.class.php index 29cfdf731f9..d4fc03724d0 100644 --- a/htdocs/variants/class/ProductCombination.class.php +++ b/htdocs/variants/class/ProductCombination.class.php @@ -942,7 +942,7 @@ class ProductCombination $sql .= ' FROM '.MAIN_DB_PREFIX.'product_attribute_combination pac'; $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'product_attribute_combination2val pac2v ON pac2v.fk_prod_combination=pac.rowid'; $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'product_attribute_value pav ON pav.rowid=pac2v.fk_prod_attr_val'; - $sql .= ' WHERE pac.fk_product_child='.$prod_child; + $sql .= ' WHERE pac.fk_product_child='.((int) $prod_child); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 893cd9a6bf1..f48fada2eb9 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -1138,7 +1138,7 @@ class Website extends CommonObject return -1; } - dol_delete_dir_recursive($conf->website->dir_temp.'/'.$object->ref); + dol_delete_dir_recursive($conf->website->dir_temp."/".$object->ref); dol_mkdir($conf->website->dir_temp.'/'.$object->ref); $filename = basename($pathtofile); @@ -1183,7 +1183,7 @@ class Website extends CommonObject dolCopyDir($conf->website->dir_temp.'/'.$object->ref.'/medias/image/websitekey', $conf->website->dir_output.'/'.$object->ref.'/medias/image/'.$object->ref, 0, 1); // Medias can be shared, do not overwrite if exists dolCopyDir($conf->website->dir_temp.'/'.$object->ref.'/medias/js/websitekey', $conf->website->dir_output.'/'.$object->ref.'/medias/js/'.$object->ref, 0, 1); // Medias can be shared, do not overwrite if exists - $sqlfile = $conf->website->dir_temp.'/'.$object->ref.'/website_pages.sql'; + $sqlfile = $conf->website->dir_temp."/".$object->ref.'/website_pages.sql'; $result = dolReplaceInFile($sqlfile, $arrayreplacement); diff --git a/htdocs/website/index.php b/htdocs/website/index.php index ffda0802c51..c80c09c7727 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -2378,7 +2378,7 @@ if ($action == 'generatesitemaps' && $usercanedit) { // Add "has translation pages" $sql = 'SELECT rowid as id, lang, pageurl from '.MAIN_DB_PREFIX.'website_page'; - $sql .= ' WHERE status = '.WebsitePage::STATUS_VALIDATED.' AND fk_page IN ('.$db->sanitize($objp->rowid.($translationof ? ', '.$translationof : '')).")"; + $sql .= " WHERE status = ".((int) WebsitePage::STATUS_VALIDATED).' AND fk_page IN ('.$db->sanitize($objp->rowid.($translationof ? ", ".$translationof : "")).")"; $resqlhastrans = $db->query($sql); if ($resqlhastrans) { $num_rows_hastrans = $db->num_rows($resqlhastrans); @@ -2857,7 +2857,7 @@ if (!GETPOST('hide_websitemenu')) { $pagepreviousid = 0; $pagenextid = 0; if ($pageid) { - $sql = 'SELECT MAX(rowid) as pagepreviousid FROM '.MAIN_DB_PREFIX.'website_page WHERE rowid < '.$pageid.' AND fk_website = '.((int) $object->id); + $sql = "SELECT MAX(rowid) as pagepreviousid FROM ".MAIN_DB_PREFIX."website_page WHERE rowid < ".((int) $pageid)." AND fk_website = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -2867,7 +2867,7 @@ if (!GETPOST('hide_websitemenu')) { } else { dol_print_error($db); } - $sql = 'SELECT MIN(rowid) as pagenextid FROM '.MAIN_DB_PREFIX.'website_page WHERE rowid > '.$pageid.' AND fk_website = '.((int) $object->id); + $sql = "SELECT MIN(rowid) as pagenextid FROM ".MAIN_DB_PREFIX."website_page WHERE rowid > ".((int) $pageid)." AND fk_website = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -3829,7 +3829,7 @@ if ($action == 'editmeta' || $action == 'createcontainer') { // Edit properties print ''; if ($action != 'createcontainer') { // Has translation pages - $sql = 'SELECT rowid, lang from '.MAIN_DB_PREFIX.'website_page where fk_page = '.$objectpage->id; + $sql = 'SELECT rowid, lang from '.MAIN_DB_PREFIX.'website_page where fk_page = '.((int) $objectpage->id); $resql = $db->query($sql); if ($resql) { $num_rows = $db->num_rows($resql); From acf0386a9bbe84e1b774c71abfd915a0f113f4da Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 03:14:48 +0200 Subject: [PATCH 141/215] Fix css --- htdocs/core/class/html.formticket.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index f4e076640c4..76789ebe6de 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -1050,7 +1050,7 @@ class FormTicket } // Subject - print ''.$langs->trans('Subject').''; + print ''.$langs->trans('Subject').''; print 'ref.'] '.$langs->trans('TicketNewMessage').'" />'; print ''; From c932ea0710a8905b7966394ef0d5dc8753855832 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 05:06:14 +0200 Subject: [PATCH 142/215] Fix syntax error --- htdocs/install/upgrade.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php index 7f4a8ac7bad..129ee9d7827 100644 --- a/htdocs/install/upgrade.php +++ b/htdocs/install/upgrade.php @@ -270,7 +270,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ $values = $db->fetch_array($resql); $i = 0; $createsql = $values[1]; - $reg = aray(); + $reg = array(); while (preg_match('/CONSTRAINT `(0_[0-9a-zA-Z]+|[_0-9a-zA-Z]+_ibfk_[0-9]+)`/i', $createsql, $reg) && $i < 100) { $sqldrop = "ALTER TABLE ".$val." DROP FOREIGN KEY ".$reg[1]; $resqldrop = $db->query($sqldrop); From 1b859fe72357dedefc68bd663f83ef6b794ccb6b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 05:24:53 +0200 Subject: [PATCH 143/215] Fix warning --- htdocs/comm/action/class/actioncomm.class.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index b7530e788a8..df73c6a70f7 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -585,12 +585,15 @@ class ActionComm extends CommonObject //dol_syslog(var_export($this->userassigned, true)); $already_inserted = array(); foreach ($this->userassigned as $key => $val) { - if (!is_array($val)) { // For backward compatibility when val=id + // Common value with new behavior is to have $val = array('id'=>iduser, 'transparency'=>0|1) and $this->userassigned is an array of iduser => $val. + if (!is_array($val)) { // For backward compatibility when $val='id'. $val = array('id'=>$val); } if ($val['id'] > 0) { - if (!empty($already_inserted[$val['id']])) continue; + if (!empty($already_inserted[$val['id']])) { + continue; + } $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; $sql .= " VALUES(".((int) $this->id).", 'user', ".((int) $val['id']).", ".(empty($val['mandatory']) ? '0' : ((int) $val['mandatory'])).", ".(empty($val['transparency']) ? '0' : ((int) $val['transparency'])).", ".(empty($val['answer_status']) ? '0' : ((int) $val['answer_status'])).")"; @@ -612,7 +615,10 @@ class ActionComm extends CommonObject if (!empty($this->socpeopleassigned)) { $already_inserted = array(); foreach ($this->socpeopleassigned as $id => $val) { - if (!empty($already_inserted[$val['id']])) continue; + // Common value with new behavior is to have $val = iduser and $this->socpeopleassigned is an array of iduser => $val. + if (!empty($already_inserted[$id])) { + continue; + } $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; $sql .= " VALUES(".((int) $this->id).", 'socpeople', ".((int) $id).", 0, 0, 0)"; @@ -623,7 +629,7 @@ class ActionComm extends CommonObject dol_syslog('Error to process socpeopleassigned: ' . $this->db->lasterror(), LOG_ERR); $this->errors[] = $this->db->lasterror(); } else { - $already_inserted[$val['id']] = true; + $already_inserted[$id] = true; } } } From 5c5b429dec32c5d980fa6751be5cf882c8ad49f3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 05:33:19 +0200 Subject: [PATCH 144/215] Better error management of client WS unit test --- test/phpunit/WebservicesInvoicesTest.php | 3 ++- test/phpunit/WebservicesOrdersTest.php | 4 ++-- test/phpunit/WebservicesOtherTest.php | 4 ++-- test/phpunit/WebservicesProductsTest.php | 4 ++-- test/phpunit/WebservicesThirdpartyTest.php | 4 ++-- test/phpunit/WebservicesUserTest.php | 4 ++-- 6 files changed, 12 insertions(+), 11 deletions(-) diff --git a/test/phpunit/WebservicesInvoicesTest.php b/test/phpunit/WebservicesInvoicesTest.php index f6f499357a4..a077b34e208 100644 --- a/test/phpunit/WebservicesInvoicesTest.php +++ b/test/phpunit/WebservicesInvoicesTest.php @@ -414,7 +414,7 @@ class WebservicesInvoicesTest extends PHPUnit\Framework\TestCase $result=0; } if (! $result || ! empty($result['faultstring'])) { - print $this->soapclient->error_str; + print 'Error: '.$this->soapclient->error_str; print "\n
\n"; print $this->soapclient->request; print "\n
\n"; @@ -422,6 +422,7 @@ class WebservicesInvoicesTest extends PHPUnit\Framework\TestCase print "\n"; } + print __METHOD__." count(result)=".(is_array($result) ? count($result) : 0)."\n"; print __METHOD__." result=".$result['result']['result_code'].$result['result']['result_label']."\n"; $this->assertEquals('OK', $result['result']['result_code']); $this->assertEquals('ref-phpunit-2', $result['ref_ext']); diff --git a/test/phpunit/WebservicesOrdersTest.php b/test/phpunit/WebservicesOrdersTest.php index 9ffa00226e0..45d0bdcccbe 100644 --- a/test/phpunit/WebservicesOrdersTest.php +++ b/test/phpunit/WebservicesOrdersTest.php @@ -175,7 +175,7 @@ class WebservicesOrdersTest extends PHPUnit\Framework\TestCase } if (! $result || ! empty($result['faultstring'])) { //var_dump($soapclient); - print $soapclient->error_str; + print 'Error: '.$soapclient->error_str; print "\n
\n"; print $soapclient->request; print "\n
\n"; @@ -183,7 +183,7 @@ class WebservicesOrdersTest extends PHPUnit\Framework\TestCase print "\n"; } - print __METHOD__." count(result)=".count($result)."\n"; + print __METHOD__." count(result)=".(is_array($result) ? count($result) : 0)."\n"; $this->assertEquals('OK', $result['result']['result_code']); return $result; diff --git a/test/phpunit/WebservicesOtherTest.php b/test/phpunit/WebservicesOtherTest.php index 0e788a195a7..df1e0fa76a1 100644 --- a/test/phpunit/WebservicesOtherTest.php +++ b/test/phpunit/WebservicesOtherTest.php @@ -180,7 +180,7 @@ class WebservicesOtherTest extends PHPUnit\Framework\TestCase } if (! $result) { //var_dump($soapclient); - print $soapclient->error_str; + print 'Error: '.$soapclient->error_str; print "\n
\n"; print $soapclient->request; print "\n
\n"; @@ -212,7 +212,7 @@ class WebservicesOtherTest extends PHPUnit\Framework\TestCase print "\n"; } - print __METHOD__." count(result)=".count($result)."\n"; + print __METHOD__." count(result)=".(is_array($result) ? count($result) : 0)."\n"; $this->assertEquals("SOAP-ENV:Client: Operation 'methodthatdoesnotexists' is not defined in the WSDL for this service", $soapclient->error_str); return $result; diff --git a/test/phpunit/WebservicesProductsTest.php b/test/phpunit/WebservicesProductsTest.php index a31d147b9d7..c12323dbec7 100644 --- a/test/phpunit/WebservicesProductsTest.php +++ b/test/phpunit/WebservicesProductsTest.php @@ -322,7 +322,7 @@ class WebservicesProductsTest extends PHPUnit\Framework\TestCase } if (! $result || ! empty($result['faultstring']) || $result['result']['result_code'] != 'OK') { //var_dump($soapclient); - print $soapclient->error_str; + print 'Error: '.$soapclient->error_str; print "\n
\n"; print $soapclient->request; print "\n
\n"; @@ -330,7 +330,7 @@ class WebservicesProductsTest extends PHPUnit\Framework\TestCase print "\n"; } - print __METHOD__." count(result)=".count($result)."\n"; + print __METHOD__." count(result)=".(is_array($result) ? count($result) : 0)."\n"; $this->assertEquals('OK', $result['result']['result_code']); return 0; diff --git a/test/phpunit/WebservicesThirdpartyTest.php b/test/phpunit/WebservicesThirdpartyTest.php index fe9b15cee50..285b8456ffb 100644 --- a/test/phpunit/WebservicesThirdpartyTest.php +++ b/test/phpunit/WebservicesThirdpartyTest.php @@ -394,7 +394,7 @@ class WebservicesThirdpartyTest extends PHPUnit\Framework\TestCase $result=0; } if (! $result || ! empty($result['faultstring'])) { - print $this->soapclient->error_str; + print 'Error: '.$this->soapclient->error_str; print "\n
\n"; print $this->soapclient->request; print "\n
\n"; @@ -402,7 +402,7 @@ class WebservicesThirdpartyTest extends PHPUnit\Framework\TestCase print "\n"; } - print __METHOD__." result=".$result['result']['result_code']."\n"; + print __METHOD__." count(result)=".(is_array($result) ? count($result) : 0)."\n"; $this->assertEquals('OK', $result['result']['result_code']); return $result; diff --git a/test/phpunit/WebservicesUserTest.php b/test/phpunit/WebservicesUserTest.php index e3072844580..8b9ae2739a6 100644 --- a/test/phpunit/WebservicesUserTest.php +++ b/test/phpunit/WebservicesUserTest.php @@ -182,7 +182,7 @@ class WebservicesUserTest extends PHPUnit\Framework\TestCase } if (! $result) { //var_dump($soapclient); - print $soapclient->error_str; + print 'Error: '.$soapclient->error_str; print "\n
\n"; print $soapclient->request; print "\n
\n"; @@ -213,7 +213,7 @@ class WebservicesUserTest extends PHPUnit\Framework\TestCase print "\n"; } - print __METHOD__." count(result)=".count($result)."\n"; + print __METHOD__." count(result)=".(is_array($result) ? count($result) : 0)."\n"; $this->assertEquals('NOT_FOUND', $result['result']['result_code'], 'Test on ref that does not exists'); return $result; From 99b1a59a1e806813f28f822a1632e51724d686ec Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 05:38:12 +0200 Subject: [PATCH 145/215] Fix warning event late on tab Resources --- htdocs/resource/element_resource.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/resource/element_resource.php b/htdocs/resource/element_resource.php index 83a8d58d410..4d0736c5f64 100644 --- a/htdocs/resource/element_resource.php +++ b/htdocs/resource/element_resource.php @@ -281,6 +281,8 @@ $form = new Form($db); $pagetitle = $langs->trans('ResourceElementPage'); llxHeader('', $pagetitle, ''); +$now = dol_now(); +$delay_warning = $conf->global->MAIN_DELAY_ACTIONS_TODO * 24 * 60 * 60; // Load available resource, declared by modules $ret = count($object->available_resources); From aab6281ba610071b745f62861aa11ab86acf7b50 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 05:38:40 +0200 Subject: [PATCH 146/215] Clean code --- htdocs/comm/action/document.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index eb1ac59cfe0..4c4d44c3a6e 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -108,6 +108,8 @@ $help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:M&omodulodulo_Agenda'; llxHeader('', $langs->trans("Agenda"), $help_url); +$now = dol_now(); +$delay_warning = $conf->global->MAIN_DELAY_ACTIONS_TODO * 24 * 60 * 60; if ($object->id > 0) { $result1 = $object->fetch($id); @@ -135,9 +137,6 @@ if ($object->id > 0) { $head = actions_prepare_head($object); - $now = dol_now(); - $delay_warning = $conf->global->MAIN_DELAY_ACTIONS_TODO * 24 * 60 * 60; - print dol_get_fiche_head($head, 'documents', $langs->trans("Action"), -1, 'action'); $linkback = img_picto($langs->trans("BackToList"), 'object_list', 'class="hideonsmartphone pictoactionview"'); From 64c4e25c0237e59bda595e9ff5ccc9cc32ceeffd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 05:24:53 +0200 Subject: [PATCH 147/215] Fix warning --- htdocs/comm/action/class/actioncomm.class.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index d5a0c427352..6bfa9de9926 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -585,12 +585,15 @@ class ActionComm extends CommonObject //dol_syslog(var_export($this->userassigned, true)); $already_inserted = array(); foreach ($this->userassigned as $key => $val) { - if (!is_array($val)) { // For backward compatibility when val=id + // Common value with new behavior is to have $val = array('id'=>iduser, 'transparency'=>0|1) and $this->userassigned is an array of iduser => $val. + if (!is_array($val)) { // For backward compatibility when $val='id'. $val = array('id'=>$val); } if ($val['id'] > 0) { - if (!empty($already_inserted[$val['id']])) continue; + if (!empty($already_inserted[$val['id']])) { + continue; + } $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; $sql .= " VALUES(".$this->id.", 'user', ".$val['id'].", ".(empty($val['mandatory']) ? '0' : $val['mandatory']).", ".(empty($val['transparency']) ? '0' : $val['transparency']).", ".(empty($val['answer_status']) ? '0' : $val['answer_status']).")"; @@ -612,7 +615,10 @@ class ActionComm extends CommonObject if (!empty($this->socpeopleassigned)) { $already_inserted = array(); foreach ($this->socpeopleassigned as $id => $val) { - if (!empty($already_inserted[$val['id']])) continue; + // Common value with new behavior is to have $val = iduser and $this->socpeopleassigned is an array of iduser => $val. + if (!empty($already_inserted[$id])) { + continue; + } $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; $sql .= " VALUES(".$this->id.", 'socpeople', ".$id.", 0, 0, 0)"; @@ -623,7 +629,7 @@ class ActionComm extends CommonObject dol_syslog('Error to process socpeopleassigned: ' . $this->db->lasterror(), LOG_ERR); $this->errors[] = $this->db->lasterror(); } else { - $already_inserted[$val['id']] = true; + $already_inserted[$id] = true; } } } From 700138815927ee1dfc7c1cbe7de7e246d2a4d368 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 05:38:12 +0200 Subject: [PATCH 148/215] Fix warning event late on tab Resources --- htdocs/resource/element_resource.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/resource/element_resource.php b/htdocs/resource/element_resource.php index 83a8d58d410..4d0736c5f64 100644 --- a/htdocs/resource/element_resource.php +++ b/htdocs/resource/element_resource.php @@ -281,6 +281,8 @@ $form = new Form($db); $pagetitle = $langs->trans('ResourceElementPage'); llxHeader('', $pagetitle, ''); +$now = dol_now(); +$delay_warning = $conf->global->MAIN_DELAY_ACTIONS_TODO * 24 * 60 * 60; // Load available resource, declared by modules $ret = count($object->available_resources); From f825d3fda4e46b8408a37009545744b354d7ee10 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 13:27:55 +0200 Subject: [PATCH 149/215] Trans --- htdocs/compta/facture/list.php | 2 +- htdocs/langs/en_US/bills.lang | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 2b8a65445ba..a54797323a3 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -430,7 +430,7 @@ if ($action == 'makepayment_confirm' && $user->rights->facture->paiement) { } } if (empty($errorpayment)) { - setEventMessage($langs->trans('RegisterPaymentAndClasiffiedPayedDone', $facture->ref)); + setEventMessage($langs->trans('PaymentRegisteredAndInvoiceSetToPaid', $facture->ref)); } } } diff --git a/htdocs/langs/en_US/bills.lang b/htdocs/langs/en_US/bills.lang index c37b58fee8c..203b0201f9b 100644 --- a/htdocs/langs/en_US/bills.lang +++ b/htdocs/langs/en_US/bills.lang @@ -593,4 +593,4 @@ SituationTotalProgress=Total progress %d %% SearchUnpaidInvoicesWithDueDate=Search unpaid invoices with a due date = %s RegisterPaymentAndClasiffiedPayed=Enter payment and classify 'Paid' NoPaymentAvailable=No payment available for %s -RegisterPaymentAndClasiffiedPayedDone=Payment registered and classify 'Paid' done for invoice %s +PaymentRegisteredAndInvoiceSetToPaid=Payment registered and invoice %s set to paid From b2791c31030d5054d32313aadaa39d1033c48f5c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 13:36:47 +0200 Subject: [PATCH 150/215] Fix generate the phpunit file from modulebuilder --- htdocs/modulebuilder/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 0a05266b6ff..2c684d77da1 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -383,7 +383,7 @@ if ($dirins && $action == 'initphpunit' && !empty($module)) { $modulename = ucfirst($module); // Force first letter in uppercase $objectname = $tabobj; - dol_mkdir($dirins.'/'.strtolower($module).'/class'); + dol_mkdir($dirins.'/'.strtolower($module).'/test/phpunit'); $srcdir = DOL_DOCUMENT_ROOT.'/modulebuilder/template'; $srcfile = $srcdir.'/test/phpunit/MyObjectTest.php'; $destfile = $dirins.'/'.strtolower($module).'/test/phpunit/'.strtolower($objectname).'Test.php'; From 1fec53e7f2e5a0c0cabaff64242d6d292b7e3954 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 13:36:47 +0200 Subject: [PATCH 151/215] Fix generate the phpunit file from modulebuilder --- htdocs/modulebuilder/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index f8ca876eafc..be8e4481681 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -383,7 +383,7 @@ if ($dirins && $action == 'initphpunit' && !empty($module)) { $modulename = ucfirst($module); // Force first letter in uppercase $objectname = $tabobj; - dol_mkdir($dirins.'/'.strtolower($module).'/class'); + dol_mkdir($dirins.'/'.strtolower($module).'/test/phpunit'); $srcdir = DOL_DOCUMENT_ROOT.'/modulebuilder/template'; $srcfile = $srcdir.'/test/phpunit/MyObjectTest.php'; $destfile = $dirins.'/'.strtolower($module).'/test/phpunit/'.strtolower($objectname).'Test.php'; From 20d0b0c56409f202a7210245f2dbc964dc07d9f2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 13:56:59 +0200 Subject: [PATCH 152/215] Fix link in some tooltips --- htdocs/modulebuilder/index.php | 11 +++++++---- htdocs/theme/eldy/global.inc.php | 4 ++++ htdocs/theme/md/style.css.php | 4 ++++ 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index be8e4481681..ed090618855 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -2218,7 +2218,8 @@ if ($module == 'initmodule') { if ($action != 'editfile' || empty($file)) { print ''; - $htmlhelp = $langs->trans("DictionariesDefDescTooltip", ''.$langs->trans('Setup').' - '.$langs->trans('Dictionaries').''); + $htmlhelp = $langs->trans("DictionariesDefDescTooltip", '{s1}'); + $htmlhelp = str_replace('{s1}', ''.$langs->trans('Setup').' - '.$langs->trans('Dictionaries').'', $htmlhelp); print $form->textwithpicto($langs->trans("DictionariesDefDesc"), $htmlhelp, 1, 'help', '', 0, 2, 'helpondesc').'
'; print ''; print '
'; @@ -3002,7 +3003,8 @@ if ($module == 'initmodule') { if ($action != 'editfile' || empty($file)) { print ''; - $htmlhelp = $langs->trans("MenusDefDescTooltip", ''.$langs->trans('Setup').' - '.$langs->trans('Menus').''); + $htmlhelp = $langs->trans("MenusDefDescTooltip", '{s1}'); + $htmlhelp = str_replace('{s1}', ''.$langs->trans('Setup').' - '.$langs->trans('Menus').'', $htmlhelp); print $form->textwithpicto($langs->trans("MenusDefDesc"), $htmlhelp, 1, 'help', '', 0, 2, 'helpondesc').'
'; print ''; print '
'; @@ -3134,7 +3136,8 @@ if ($module == 'initmodule') { if ($action != 'editfile' || empty($file)) { print ''; - $htmlhelp = $langs->trans("PermissionsDefDescTooltip", ''.$langs->trans('DefaultPermissions').''); + $htmlhelp = $langs->trans("PermissionsDefDescTooltip", '{s1}'); + $htmlhelp = str_replace('{s1}', ''.$langs->trans('DefaultRights').'', $htmlhelp); print $form->textwithpicto($langs->trans("PermissionsDefDesc"), $htmlhelp, 1, 'help', '', 0, 2, 'helpondesc').'
'; print ''; print '
'; @@ -3601,7 +3604,7 @@ if ($module == 'initmodule') { $cronjobs = $moduleobj->cronjobs; if ($action != 'editfile' || empty($file)) { - print ''.str_replace('{s1}', ''.$langs->transnoentities('CronList').'', $langs->trans("CronJobDefDesc", '{s1}')).'
'; + print ''.str_replace('{s1}', ''.$langs->transnoentities('CronList').'', $langs->trans("CronJobDefDesc", '{s1}')).'
'; print '
'; print ' '.$langs->trans("DescriptorFile").' : '.$pathtofile.''; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 58e19d36a22..50490fa119f 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -295,6 +295,10 @@ input.buttonpayment, button.buttonpayment, div.buttonpayment { cursor: pointer; max-width: 350px; } +.nofocusvisible:focus-visible { + outline: none; +} + div.buttonpayment input:focus { color: #008; } diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index ef7e69c0538..1a18bbf6882 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -473,6 +473,10 @@ input.buttonpayment, button.buttonpayment, div.buttonpayment { white-space: normal; color: #888 !important; } +.nofocusvisible:focus-visible { + outline: none; +} + div.buttonpayment input { background-color: unset; border-bottom: unset; From afb8a86aff2d9f2526e274befb2f36b6d8b543e5 Mon Sep 17 00:00:00 2001 From: BENKE Charlene <1179011+defrance@users.noreply.github.com> Date: Sat, 28 Aug 2021 14:14:48 +0200 Subject: [PATCH 153/215] Clean code (line in double) --- htdocs/fourn/facture/paiement.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php index b5bc33b78c0..fcbfdcf7b45 100644 --- a/htdocs/fourn/facture/paiement.php +++ b/htdocs/fourn/facture/paiement.php @@ -10,6 +10,7 @@ * Copyright (C) 2015 Juanjo Menent * Copyright (C) 2017 Alexandre Spangaro * Copyright (C) 2018-2020 Frédéric France + * Copyright (C) 2021 Charlene Benke * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -291,8 +292,6 @@ if (empty($reshook)) { $paiement->num_payment = GETPOST('num_paiement', 'alphanohtml'); $paiement->note_private = GETPOST('comment', 'alpha'); - $paiement->num_payment = $paiement->num_payment; - $paiement->note_private = $paiement->note_private; if (!$error) { $paiement_id = $paiement->create($user, (GETPOST('closepaidinvoices') == 'on' ? 1 : 0), $thirdparty); From 45515fa8b2ef3313409af55466902cb0a24e95e7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 14:28:50 +0200 Subject: [PATCH 154/215] fix css --- htdocs/theme/eldy/global.inc.php | 2 +- htdocs/theme/md/style.css.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 50490fa119f..79977faac6a 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -296,7 +296,7 @@ input.buttonpayment, button.buttonpayment, div.buttonpayment { max-width: 350px; } .nofocusvisible:focus-visible { - outline: none; + outline: none; } div.buttonpayment input:focus { diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 1a18bbf6882..0d8851208f6 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -474,7 +474,7 @@ input.buttonpayment, button.buttonpayment, div.buttonpayment { color: #888 !important; } .nofocusvisible:focus-visible { - outline: none; + outline: none; } div.buttonpayment input { From f359bfaaf2f8544af93ced8a156c3b933bf3398d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 14:31:56 +0200 Subject: [PATCH 155/215] Update emailcollector.class.php --- .../class/emailcollector.class.php | 24 +------------------ 1 file changed, 1 insertion(+), 23 deletions(-) diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php index 88cb4bcc1d2..a77938ceb79 100644 --- a/htdocs/emailcollector/class/emailcollector.class.php +++ b/htdocs/emailcollector/class/emailcollector.class.php @@ -35,32 +35,10 @@ require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php'; // customer require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; // Shipment require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php'; // supplier invoice require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php'; // supplier order -include_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php'; // supplier proposal +require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php'; // supplier proposal require_once DOL_DOCUMENT_ROOT."/reception/class/reception.class.php"; // reception //require_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php'; // Holidays (leave request) //require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; // expernse report -/* -if (!empty($conf->propal->enabled)) { -} -if (!empty($conf->commande->enabled)) { -} -if (!empty($conf->expedition->enabled)) { -} -if (!empty($conf->facture->enabled)) { - require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; -} -if (!empty($conf->facture->enabled)) { - require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture-rec.class.php'; -} -if (!empty($conf->contrat->enabled)) { - require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php'; -} -if (!empty($conf->adherent->enabled)) { - require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; -} -if (!empty($conf->ficheinter->enabled)) { //files - require_once DOL_DOCUMENT_ROOT.'/fichinter/class/fichinter.class.php'; -}*/ /** From d98390e6757de87331fc51db270303bc492a8b2c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 14:42:31 +0200 Subject: [PATCH 156/215] Update api_orders.class.php --- htdocs/commande/class/api_orders.class.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index 2510e793018..88fed4bce63 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -970,18 +970,17 @@ class Orders extends DolibarrApi /** * Get the shipments of an order * - * * @param int $id Id of the order * * @url GET {id}/shipment * + * @return array + * * @throws RestException 401 * @throws RestException 404 * @throws RestException 500 - * - * @return array */ - public function getOrderShipements($id) + public function getOrderShipments($id) { require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; if (!DolibarrApiAccess::$user->rights->expedition->lire) { From 3585259b555ea6b11bb60e8f97dfa408074d03d5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 14:43:17 +0200 Subject: [PATCH 157/215] Update api_orders.class.php --- htdocs/commande/class/api_orders.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index 88fed4bce63..743c0633ffa 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -1036,7 +1036,7 @@ class Orders extends DolibarrApi * * @return int */ - public function createOrderShipement($id, $warehouse_id) + public function createOrderShipment($id, $warehouse_id) { require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; if (!DolibarrApiAccess::$user->rights->expedition->creer) { From 049992aed47900fe5354416ed1949d908c5767ea Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 14:44:13 +0200 Subject: [PATCH 158/215] Update api_orders.class.php --- htdocs/commande/class/api_orders.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index 743c0633ffa..d625f2acbf1 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -1030,11 +1030,11 @@ class Orders extends DolibarrApi * * @url POST {id}/shipment/{warehouse_id} * + * @return int + * * @throws RestException 401 * @throws RestException 404 * @throws RestException 500 - * - * @return int */ public function createOrderShipment($id, $warehouse_id) { From 0e38e1e2c4de780d81c11a6c7bd18408cf7c0fc5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 14:51:49 +0200 Subject: [PATCH 159/215] NEW Add hook hookGetEntity. Change name and param of hook --- htdocs/core/class/hookmanager.class.php | 2 +- htdocs/core/lib/functions.lib.php | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/htdocs/core/class/hookmanager.class.php b/htdocs/core/class/hookmanager.class.php index d158ec2fa70..40610ce5d6f 100644 --- a/htdocs/core/class/hookmanager.class.php +++ b/htdocs/core/class/hookmanager.class.php @@ -189,7 +189,7 @@ class HookManager 'formConfirm', 'getAccessForbiddenMessage', 'getDirList', - 'functionGetEntity', + 'hookGetEntity', 'getFormMail', 'getFormatedCustomerRef', 'getFormatedSupplierRef', diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 604e2035d95..483e890e369 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -104,7 +104,7 @@ function getDoliDBInstance($type, $host, $user, $pass, $name, $port) */ function getEntity($element, $shared = 1, $currentobject = null) { - global $conf, $mc, $hookmanager, $object; + global $conf, $mc, $hookmanager, $object, $action; // fix different element names (France to English) switch ($element) { @@ -129,12 +129,13 @@ function getEntity($element, $shared = 1, $currentobject = null) // Manipulate entities to query on the fly $parameters = array( - 'object' => $object, - 'currentobject' => $currentobject, 'element' => $element, 'shared' => $shared, + 'object' => $object, + 'currentobject' => $currentobject, + 'out' => $out ); - $reshook = $hookmanager->executeHooks('functionGetEntity', $parameters, $out, $element); // Note that $action and $object may have been modified by some hooks + $reshook = $hookmanager->executeHooks('hookGetEntity', $parameters, $currentobject, $action); // Note that $action and $object may have been modified by some hooks if (is_numeric($reshook)) { if ($reshook == 0 && !empty($hookmanager->resprints)) { From c509e3bc432b111f952e1ebeb826f785b8d4fa42 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Thu, 26 Aug 2021 10:32:29 +0200 Subject: [PATCH 160/215] FIx error 500 on restler api PHP 8.0 --- htdocs/ticket/class/api_tickets.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/ticket/class/api_tickets.class.php b/htdocs/ticket/class/api_tickets.class.php index e104d425bf4..f3a9c738aac 100644 --- a/htdocs/ticket/class/api_tickets.class.php +++ b/htdocs/ticket/class/api_tickets.class.php @@ -17,7 +17,7 @@ use Luracast\Restler\RestException; -require 'ticket.class.php'; +require_once DOL_DOCUMENT_ROOT.'/ticket/class/ticket.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/ticket.lib.php'; From 28752ddca47490c38f45f6e66c42e9ad68e590bd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 15:19:54 +0200 Subject: [PATCH 161/215] Fix concat --- htdocs/projet/tasks/time.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index c438f8c133a..634b3c136d9 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -463,7 +463,7 @@ if ($action == 'confirm_generateinvoice') { $arrayoftasks[$object->timespent_id]['totalvaluetodivideby3600'] = $object->timespent_duration * $object->timespent_thm; $arrayoftasks[$object->timespent_id]['note'] = $ftask->ref.' - '.$ftask->label.' - '.$username.($object->timespent_note ? ' - '.$object->timespent_note : ''); // TODO Add user name in note if (!empty($conf->global->PROJECT_TIME_SPENT_INTO_INVOICE_ADD_TIME_DT)) { - $arrayoftasks[$object->timespent_id]['note'] = "\n"; + $arrayoftasks[$object->timespent_id]['note'] .= "\n"; if (!empty($object->timespent_withhour)) { $arrayoftasks[$object->timespent_id]['note'] .= $langs->trans("Date") . ': ' . dol_print_date($object->timespent_datehour); } else { From 6b8f6acf32d76427b606200b2a52a6553d07acf5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 15:26:06 +0200 Subject: [PATCH 162/215] Update card.php --- htdocs/contrat/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index d07176d1670..232d5e0798b 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -1089,7 +1089,7 @@ if ($action == 'create') { print ''.$langs->trans('ThirdParty').''; if ($socid > 0) { print ''; - print $soc->getNomUrl(1, 'customer'); + print $soc->getNomUrl(1); print ''; print ''; } else { From fae0b3c8bec15fe415561005ae7b98d2d98e8629 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 15:26:36 +0200 Subject: [PATCH 163/215] Update card.php --- htdocs/contrat/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 232d5e0798b..470895a2c22 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -1296,7 +1296,7 @@ if ($action == 'create') { $morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->contrat->creer, 'string', '', 0, 1); $morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->contrat->creer, 'string', '', null, null, '', 1, 'getFormatedSupplierRef'); // Thirdparty - $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1, 'customer'); + $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { $morehtmlref .= ' ('.$langs->trans("OtherContracts").')'; } From faf1d52d9190747648c5a6fcbff3cf31a1fcb2de Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 16:32:22 +0200 Subject: [PATCH 164/215] Update card.php --- htdocs/expedition/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index c4ec3504383..e020758fbbb 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -717,7 +717,7 @@ if (empty($reshook)) { unset($_POST[$qty]); } } - } else { // both product batch and stock are not activated. + } elsif (empty($conf->stock->enabled) && empty($conf->productbatch->enabled)) { // both product batch and stock are not activated. $qty = "qtyl".$line_id; $line->id = $line_id; $line->qty = GETPOST($qty, 'int'); From 2ddebc123ab8eb67f1561555532a6b42d73a1ebf Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Sat, 28 Aug 2021 14:32:44 +0000 Subject: [PATCH 165/215] Fixing style errors. --- htdocs/expedition/card.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index e020758fbbb..e8455c906ef 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -717,15 +717,15 @@ if (empty($reshook)) { unset($_POST[$qty]); } } - } elsif (empty($conf->stock->enabled) && empty($conf->productbatch->enabled)) { // both product batch and stock are not activated. + } elsif(empty($conf->stock->enabled) && empty($conf->productbatch->enabled)) { // both product batch and stock are not activated. $qty = "qtyl".$line_id; $line->id = $line_id; $line->qty = GETPOST($qty, 'int'); $line->entrepot_id = 0; - if ($line->update($user) < 0) { - setEventMessages($line->error, $line->errors, 'errors'); - $error++; - } + if ($line->update($user) < 0) { + setEventMessages($line->error, $line->errors, 'errors'); + $error++; + } unset($_POST[$qty]); } } else { From 31ca781236bcb96a0c9812d6a20787e1b2a4805c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 16:34:38 +0200 Subject: [PATCH 166/215] Update card.php --- htdocs/expedition/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index e8455c906ef..8ab667780f0 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -717,7 +717,7 @@ if (empty($reshook)) { unset($_POST[$qty]); } } - } elsif(empty($conf->stock->enabled) && empty($conf->productbatch->enabled)) { // both product batch and stock are not activated. + } elseif (empty($conf->stock->enabled) && empty($conf->productbatch->enabled)) { // both product batch and stock are not activated. $qty = "qtyl".$line_id; $line->id = $line_id; $line->qty = GETPOST($qty, 'int'); @@ -2262,7 +2262,7 @@ if ($action == 'create') { print ''; print ''; } - } else { // both product batch and stock are not activated. + } elseif (empty($conf->stock->enabled) && empty($conf->productbatch->enabled)) { // both product batch and stock are not activated. print ''; print ''; // Qty to ship or shipped From e60cf96c8eb669904c91e68fa845325c10832c80 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Sat, 28 Aug 2021 14:35:01 +0000 Subject: [PATCH 167/215] Fixing style errors. --- htdocs/expedition/card.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index 8ab667780f0..d4ea2fa006c 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -722,10 +722,10 @@ if (empty($reshook)) { $line->id = $line_id; $line->qty = GETPOST($qty, 'int'); $line->entrepot_id = 0; - if ($line->update($user) < 0) { - setEventMessages($line->error, $line->errors, 'errors'); - $error++; - } + if ($line->update($user) < 0) { + setEventMessages($line->error, $line->errors, 'errors'); + $error++; + } unset($_POST[$qty]); } } else { From 11497d4bf0c0f28d0dc5afaf2cfd5454ce922f84 Mon Sep 17 00:00:00 2001 From: henrynopo Date: Sat, 28 Aug 2021 22:38:17 +0800 Subject: [PATCH 168/215] Update card.php --- htdocs/compta/facture/card.php | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 0386b30dcc5..2f56ef3b3a7 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -5071,7 +5071,7 @@ if ($action == 'create') { } print ''; print ''; - print ''.price($resteapayeraffiche).''; + print ''.price($resteapayeraffiche).' '; // Remainder to pay Multicurrency if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { @@ -5084,11 +5084,9 @@ if ($action == 'create') { } print ''; print ''; - print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).''; + print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).' '; } - print ' '; - // Retained warranty : usualy use on construction industry if (!empty($object->situation_final) && !empty($object->retained_warranty) && $displayWarranty) { // Billed - retained warranty @@ -5127,7 +5125,7 @@ if ($action == 'create') { print ' ('.$langs->trans('ExcessPaid').')'; } print ' :'; - print ''.price($sign * $resteapayeraffiche).''; + print ''.price($sign * $resteapayeraffiche).' '; // Remainder to pay back Multicurrency if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { @@ -5140,11 +5138,9 @@ if ($action == 'create') { } print ''; print ''; - print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($sign * $object->multicurrency_tx * $resteapayeraffiche, 'MT')).''; + print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($sign * $object->multicurrency_tx * $resteapayeraffiche, 'MT')).' '; } - print ' '; - // Sold credit note // print ''.$langs->trans('TotalTTC').' :'; // print ''.price($sign * From 444786b34fce30ff83f9d82ef702678d73f6be4d Mon Sep 17 00:00:00 2001 From: henrynopo Date: Sat, 28 Aug 2021 22:52:06 +0800 Subject: [PATCH 169/215] Update card.php --- htdocs/fourn/facture/card.php | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 660401e9131..5558bb26207 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -3236,7 +3236,7 @@ if ($action == 'create') { } print ''; print ''; - print ''.price($resteapayeraffiche).''; + print ''.price($resteapayeraffiche).' '; // Remainder to pay Multicurrency if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { @@ -3249,10 +3249,9 @@ if ($action == 'create') { } print ''; print ''; - print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).''; + print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).' '; } - - print ' '; + } else // Credit note { $cssforamountpaymentcomplete = 'amountpaymentneutral'; @@ -3275,7 +3274,7 @@ if ($action == 'create') { } print ''; print ''; - print ''.price($sign * $resteapayeraffiche).''; + print ''.price($sign * $resteapayeraffiche).' '; // Remainder to pay back Multicurrency if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { @@ -3288,11 +3287,9 @@ if ($action == 'create') { } print ''; print ''; - print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($sign * $object->multicurrency_tx * $resteapayeraffiche, 'MT')).''; + print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($sign * $object->multicurrency_tx * $resteapayeraffiche, 'MT')).' '; } - - print ' '; - + // Sold credit note // print ''.$langs->trans('TotalTTC').' :'; // print ''.price($sign * From 63427638d85d734d6b847dd742a43267e151854b Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Sat, 28 Aug 2021 14:54:16 +0000 Subject: [PATCH 170/215] Fixing style errors. --- htdocs/fourn/facture/card.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 5558bb26207..ce1e6a06136 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -3251,7 +3251,6 @@ if ($action == 'create') { print ''; print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).' '; } - } else // Credit note { $cssforamountpaymentcomplete = 'amountpaymentneutral'; @@ -3275,7 +3274,7 @@ if ($action == 'create') { print ''; print ''; print ''.price($sign * $resteapayeraffiche).' '; - + // Remainder to pay back Multicurrency if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) { print ''; @@ -3289,7 +3288,7 @@ if ($action == 'create') { print ''; print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($sign * $object->multicurrency_tx * $resteapayeraffiche, 'MT')).' '; } - + // Sold credit note // print ''.$langs->trans('TotalTTC').' :'; // print ''.price($sign * From bb94ea73340b345d0abbe700ab41fd9f2f8c25ac Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 17:17:39 +0200 Subject: [PATCH 171/215] Fix debug car reception: Fill/reset link, colspan, translation --- htdocs/core/class/commonobject.class.php | 2 +- htdocs/expedition/card.php | 34 +++++++++++++++--------- 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 5df73f49f5c..cd7ea1af73c 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7496,7 +7496,7 @@ abstract class CommonObject if ($display_type == 'card') { $out .= ''; - if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER) && $action == 'view') { + if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER) && ($action == 'view' || $action == 'editline')) { $out .= ''; } $out .= 'transnoentitiesnoconv("QtyToShip").'/'.$langs->transnoentitiesnoconv("Warehouse")), null, 'errors'); + $labelfieldmissing = $langs->transnoentitiesnoconv("QtyToShip"); + if (!empty($conf->stock->enabled)) { + $labelfieldmissing .= '/'.$langs->transnoentitiesnoconv("Warehouse"); + } + setEventMessages($langs->trans("ErrorFieldRequired", $labelfieldmissing), null, 'errors'); $error++; } @@ -796,6 +800,10 @@ $help_url = 'EN:Module_Shipments|FR:Module_Expéditions|ES:Módulo_Expedic llxHeader('', $langs->trans('Shipment'), 'Expedition', $help_url); +if (empty($action)) { + $action = 'view'; +} + $form = new Form($db); $formfile = new FormFile($db); $formproduct = new FormProduct($db); @@ -1007,9 +1015,9 @@ if ($action == 'create') { $numAsked = count($object->lines); - print ''; + print 'return false; });'."\n"; + print 'jQuery("#autoreset").click(function() { console.log("Reset values to 0"); jQuery(".qtyl").val(0);'."\n"; + print 'return false; });'."\n"; + print '});'."\n"; + print ''."\n"; print '
'; @@ -1182,7 +1191,7 @@ if ($action == 'create') { $deliverableQty = GETPOST('qtyl'.$indiceAsked, 'int'); } print ''; - print ''; + print ''; } else { print $langs->trans("NA"); } @@ -2199,7 +2208,7 @@ if ($action == 'create') { if ($action == 'editline' && $lines[$i]->id == $line_id) { // edit mode - print ''; + print ''; + + print ''; } print '
'; if (is_array($lines[$i]->detail_batch) && count($lines[$i]->detail_batch) > 0) { print ''; $line = new ExpeditionLigne($db); @@ -2389,10 +2398,11 @@ if ($action == 'create') { $line = $lines[$i]; $line->fetch_optionals(); + // TODO Show all in same line by setting $display_type = 'line' if ($action == 'editline' && $line->id == $line_id) { - print $lines[$i]->showOptionals($extrafields, 'edit', array('colspan'=>$colspan), $indiceAsked); + print $lines[$i]->showOptionals($extrafields, 'edit', array('colspan'=>$colspan), $indiceAsked, '', 0, 'card'); } else { - print $lines[$i]->showOptionals($extrafields, 'view', array('colspan'=>$colspan), $indiceAsked); + print $lines[$i]->showOptionals($extrafields, 'view', array('colspan'=>$colspan), $indiceAsked, '', 0, 'card'); } } } From 881d1769960c5075cd8f925caaa0d5619fa78c3f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 17:30:53 +0200 Subject: [PATCH 172/215] css --- htdocs/core/tpl/contacts.tpl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/tpl/contacts.tpl.php b/htdocs/core/tpl/contacts.tpl.php index d0d4d25740c..00a38fde351 100644 --- a/htdocs/core/tpl/contacts.tpl.php +++ b/htdocs/core/tpl/contacts.tpl.php @@ -90,7 +90,7 @@ if ($permission) { ?>
trans("ThirdParty"); ?>
-
trans("Users").' | '.$langs->trans("Contacts"); ?>
+
trans("Users"), 'user', 'class="optiongrey paddingright"').$langs->trans("Users").' | '.img_picto($langs->trans("Contacts"), 'contact', 'class="optiongrey paddingright"').$langs->trans("Contacts"); ?>
trans("ContactType"); ?>
 
 
From 4ba6b0059d8f6a3b8de6fe398092ba73c91b0a1d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 17:35:42 +0200 Subject: [PATCH 173/215] Fix travis --- htdocs/commande/class/api_orders.class.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index d625f2acbf1..c67d5267e53 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -994,7 +994,7 @@ class Orders extends DolibarrApi $sql .= " ON edet.fk_origin_line = cdet.rowid"; $sql .= " JOIN ".MAIN_DB_PREFIX."commande as c"; $sql .= " ON cdet.fk_commande = c.rowid"; - $sql .= " WHERE c.rowid = ".$this->db->escape($id); + $sql .= " WHERE c.rowid = ".((int) $id); $sql .= " GROUP BY e.rowid"; $sql .= $this->db->order("e.rowid", "ASC"); @@ -1022,8 +1022,7 @@ class Orders extends DolibarrApi } /** - * Create the shipments of an order - * + * Create the shipment of an order * * @param int $id Id of the order * @param int $warehouse_id Id of a warehouse From 4f45228e7bd87cedc6a6e40df5dece8ebc926270 Mon Sep 17 00:00:00 2001 From: LVSInformatique <34772354+plevray@users.noreply.github.com> Date: Wed, 25 Aug 2021 16:09:09 +0200 Subject: [PATCH 174/215] Update list.php --- htdocs/societe/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 0b363f560f3..15c5e47cc99 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -454,7 +454,7 @@ $sql = "SELECT s.rowid, s.nom as name, s.name_alias, s.barcode, s.address, s.tow $sql .= " s.entity,"; $sql .= " st.libelle as stcomm, st.picto as stcomm_picto, s.fk_stcomm as stcomm_id, s.fk_prospectlevel, s.prefix_comm, s.client, s.fournisseur, s.canvas, s.status as status,"; $sql .= " s.email, s.phone, s.fax, s.url, s.siren as idprof1, s.siret as idprof2, s.ape as idprof3, s.idprof4 as idprof4, s.idprof5 as idprof5, s.idprof6 as idprof6, s.tva_intra, s.fk_pays,"; -$sql .= " s.tms as date_update, s.datec as date_creation,"; +$sql .= " s.tms as date_update, s.datec as date_creation, s.import_key,"; $sql .= " s.code_compta, s.code_compta_fournisseur, s.parent as fk_parent,s.price_level,"; $sql .= " s2.nom as name2,"; $sql .= " typent.code as typent_code,"; From 97064f1550210708dc6bf10d3ceb959633369b41 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 17:55:49 +0200 Subject: [PATCH 175/215] Update fournisseur.facture.class.php --- htdocs/fourn/class/fournisseur.facture.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 3eefa40aab5..fd4bea74d91 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -3414,10 +3414,10 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", total_localtax1= ".price2num($this->total_localtax1); $sql .= ", total_localtax2= ".price2num($this->total_localtax2); $sql .= ", total_ttc = ".price2num($this->total_ttc); - $sql .= ", fk_product = ".$fk_product; + $sql .= ", fk_product = ".((int) $fk_product); $sql .= ", product_type = ".((int) $this->product_type); $sql .= ", info_bits = ".((int) $this->info_bits); - $sql .= ", fk_unit = ".$fk_unit; + $sql .= ", fk_unit = ".((int) $fk_unit); // Multicurrency $sql .= " , multicurrency_subprice=".price2num($this->multicurrency_subprice).""; From 978511e127d6b581cebf82417c96e7b092bb1808 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 17:55:49 +0200 Subject: [PATCH 176/215] Update fournisseur.facture.class.php Conflicts: htdocs/fourn/class/fournisseur.facture.class.php --- htdocs/fourn/class/fournisseur.facture.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index abb5b01fb2c..69ddecdaebe 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -3392,13 +3392,13 @@ class SupplierInvoiceLine extends CommonObjectLine if (empty($this->fk_product)) { $fk_product = "null"; } else { - $fk_product = $this->fk_product; + $fk_product = (int) $this->fk_product; } if (empty($this->fk_unit)) { $fk_unit = "null"; } else { - $fk_unit = "'".$this->db->escape($this->fk_unit)."'"; + $fk_unit = (int) $this->fk_unit; } $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det SET"; From 1c1caaccde992f7601fa13a23fcb430a46d0e588 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 18:21:23 +0200 Subject: [PATCH 177/215] Update member.php --- htdocs/adherents/admin/member.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/adherents/admin/member.php b/htdocs/adherents/admin/member.php index 5ff86a45e0e..f9b10c3ce3b 100644 --- a/htdocs/adherents/admin/member.php +++ b/htdocs/adherents/admin/member.php @@ -226,9 +226,11 @@ print $form->selectyesno('ADHERENT_CREATE_EXTERNAL_USER_LOGIN', (!empty($conf->g print "\n"; // Allow members to change type on renewal forms +/* To test during next beta print '\n"; +*/ // Insert subscription into bank account print ''; From e71ff148ba8dc707335ea8f6497e52b6620b1ecb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 18:42:26 +0200 Subject: [PATCH 178/215] Fix phpcs --- htdocs/expedition/card.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index 3a626d56b03..8c959116582 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -1016,8 +1016,8 @@ if ($action == 'create') { $numAsked = count($object->lines); print ''."\n"; + print 'return false; });'."\n"; + print '});'."\n"; + print ''."\n"; print '
'; From de44dcb691d524ba3560600d654969b31a2393a0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 18:48:24 +0200 Subject: [PATCH 179/215] Fix var init --- .../interface_20_modWorkflow_WorkflowManager.class.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php index e5291cab775..7b669578a53 100644 --- a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php +++ b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php @@ -66,6 +66,8 @@ class InterfaceWorkflowManager extends DolibarrTriggers return 0; // Module not active, we do nothing } + $ret = 0; + // Proposals to order if ($action == 'PROPAL_CLOSE_SIGNED') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); @@ -132,7 +134,6 @@ class InterfaceWorkflowManager extends DolibarrTriggers // classify billed order & billed propososal if ($action == 'BILL_VALIDATE') { dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id); - $ret = 0; // First classify billed the order to allow the proposal classify process if (!empty($conf->commande->enabled) && !empty($conf->workflow->enabled) && !empty($conf->global->WORKFLOW_INVOICE_AMOUNT_CLASSIFY_BILLED_ORDER)) { From 97ee69e88f9be8f39467b2e340581e12a3b19249 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 18:52:43 +0200 Subject: [PATCH 180/215] Fix 0 insert instead of null --- htdocs/fourn/class/fournisseur.facture.class.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index e58dd24f0a1..39b9d97dde2 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -438,19 +438,19 @@ class FactureFournisseur extends CommonInvoice $sql .= " VALUES ("; $sql .= "'(PROV)'"; $sql .= ", '".$this->db->escape($this->ref_supplier)."'"; - $sql .= ", ".$conf->entity; + $sql .= ", ".((int) $conf->entity); $sql .= ", '".$this->db->escape($this->type)."'"; $sql .= ", '".$this->db->escape(isset($this->label) ? $this->label : (isset($this->libelle) ? $this->libelle : ''))."'"; - $sql .= ", ".$this->socid; + $sql .= ", ".((int) $this->socid); $sql .= ", '".$this->db->idate($now)."'"; $sql .= ", '".$this->db->idate($this->date)."'"; - $sql .= ", ".($this->fk_project > 0 ? $this->fk_project : "null"); - $sql .= ", ".($this->cond_reglement_id > 0 ? $this->cond_reglement_id : "null"); - $sql .= ", ".($this->mode_reglement_id > 0 ? $this->mode_reglement_id : "null"); - $sql .= ", ".($this->fk_account > 0 ? $this->fk_account : 'NULL'); + $sql .= ", ".($this->fk_project > 0 ? ((int) $this->fk_project) : "null"); + $sql .= ", ".($this->cond_reglement_id > 0 ? ((int) $this->cond_reglement_id) : "null"); + $sql .= ", ".($this->mode_reglement_id > 0 ? ((int) $this->mode_reglement_id) : "null"); + $sql .= ", ".($this->fk_account > 0 ? ((int) $this->fk_account) : 'NULL'); $sql .= ", '".$this->db->escape($this->note_private)."'"; $sql .= ", '".$this->db->escape($this->note_public)."'"; - $sql .= ", ".$user->id.","; + $sql .= ", ".((int) $user->id).","; $sql .= $this->date_echeance != '' ? "'".$this->db->idate($this->date_echeance)."'" : "null"; $sql .= ", ".(int) $this->fk_incoterms; $sql .= ", '".$this->db->escape($this->location_incoterms)."'"; @@ -3426,7 +3426,7 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", fk_product = ".((int) $fk_product); $sql .= ", product_type = ".((int) $this->product_type); $sql .= ", info_bits = ".((int) $this->info_bits); - $sql .= ", fk_unit = ".((int) $fk_unit); + $sql .= ", fk_unit = ".($fk_unit > 0 ? (int) $fk_unit : 'null'); // Multicurrency $sql .= " , multicurrency_subprice=".price2num($this->multicurrency_subprice).""; From 5f08ed84f8d600c5bca73e09f838fd4a2af9a7e5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 18:53:57 +0200 Subject: [PATCH 181/215] Fix 0 insert instead of null --- htdocs/fourn/class/fournisseur.facture.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 39b9d97dde2..ca7c95cd464 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -3410,7 +3410,7 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", pu_ttc = ".price2num($this->pu_ttc); $sql .= ", qty = ".price2num($this->qty); $sql .= ", remise_percent = ".price2num($this->remise_percent); - if ($this->fk_remise_except) $sql .= ", fk_remise_except=".((int) $this->fk_remise_except); + if ($this->fk_remise_except > 0) $sql .= ", fk_remise_except=".((int) $this->fk_remise_except); else $sql .= ", fk_remise_except=null"; $sql .= ", vat_src_code = '".$this->db->escape(empty($this->vat_src_code) ? '' : $this->vat_src_code)."'"; $sql .= ", tva_tx = ".price2num($this->tva_tx); @@ -3423,7 +3423,7 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", total_localtax1= ".price2num($this->total_localtax1); $sql .= ", total_localtax2= ".price2num($this->total_localtax2); $sql .= ", total_ttc = ".price2num($this->total_ttc); - $sql .= ", fk_product = ".((int) $fk_product); + $sql .= ", fk_product = ".($fk_product > 0 ? (int) $fk_product : 'null'); $sql .= ", product_type = ".((int) $this->product_type); $sql .= ", info_bits = ".((int) $this->info_bits); $sql .= ", fk_unit = ".($fk_unit > 0 ? (int) $fk_unit : 'null'); From 8ab9c96b7e072b247e80a0c5e4d7a310599fdb33 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 18:53:57 +0200 Subject: [PATCH 182/215] Fix 0 insert instead of null --- htdocs/fourn/class/fournisseur.facture.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 69ddecdaebe..494459b66d2 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -3410,7 +3410,7 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", pu_ttc = ".price2num($this->pu_ttc); $sql .= ", qty = ".price2num($this->qty); $sql .= ", remise_percent = ".price2num($this->remise_percent); - if ($this->fk_remise_except) $sql .= ", fk_remise_except=".((int) $this->fk_remise_except); + if ($this->fk_remise_except > 0) $sql .= ", fk_remise_except=".((int) $this->fk_remise_except); else $sql .= ", fk_remise_except=null"; $sql .= ", vat_src_code = '".$this->db->escape(empty($this->vat_src_code) ? '' : $this->vat_src_code)."'"; $sql .= ", tva_tx = ".price2num($this->tva_tx); @@ -3423,7 +3423,7 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", total_localtax1= ".price2num($this->total_localtax1); $sql .= ", total_localtax2= ".price2num($this->total_localtax2); $sql .= ", total_ttc = ".price2num($this->total_ttc); - $sql .= ", fk_product = ".((int) $fk_product); + $sql .= ", fk_product = ".($fk_product > 0 ? (int) $fk_product : 'null'); $sql .= ", product_type = ".((int) $this->product_type); $sql .= ", info_bits = ".((int) $this->info_bits); $sql .= ", fk_unit = ".($fk_unit > 0 ? (int) $fk_unit : 'null'); From feb2e71f0c4cfe94dd5e1ed4e2de5546b3f8836a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 18:59:12 +0200 Subject: [PATCH 183/215] Fix regression --- htdocs/fourn/class/fournisseur.facture.class.php | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 494459b66d2..fd393445187 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -3387,20 +3387,11 @@ class SupplierInvoiceLine extends CommonObjectLine $this->multicurrency_total_ttc = 0; } + $fk_product = (int) $this->fk_product; + $fk_unit = (int) $this->fk_unit; + $this->db->begin(); - if (empty($this->fk_product)) { - $fk_product = "null"; - } else { - $fk_product = (int) $this->fk_product; - } - - if (empty($this->fk_unit)) { - $fk_unit = "null"; - } else { - $fk_unit = (int) $this->fk_unit; - } - $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det SET"; $sql .= " description ='".$this->db->escape($this->description)."'"; $sql .= ", ref ='".$this->db->escape($this->ref_supplier ? $this->ref_supplier : $this->ref)."'"; From 81a8efd856acad862c1689780316a161b2645356 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 20:14:23 +0200 Subject: [PATCH 184/215] Restore error message --- htdocs/compta/facture/class/facture.class.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index deb57ebbfac..6859a510e93 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1735,7 +1735,9 @@ class Facture extends CommonInvoice return 1; } else { - dol_syslog(__METHOD__ . ' Invoice with id=' . $rowid . ' or ref=' . $ref . ' or ref_ext=' . $ref_ext . ' not found', LOG_WARNING); + $this->error = 'Invoice with id='.$rowid.' or ref='.$ref.' or ref_ext='.$ref_ext.' not found'; + + dol_syslog(__METHOD__ . $this->error, LOG_WARNING); return 0; } } else { From bd67b46138b5aea72acf6b4c8521b86ca366372c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 20:18:26 +0200 Subject: [PATCH 185/215] Fix duplicate code --- htdocs/admin/pdf.php | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index ad58cb54137..ebdb20a29b6 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -419,28 +419,6 @@ if ($conf->use_javascript_ajax) { } print ''; -// Place customer adress to the ISO location - -print ''; - -// Use 2 languages into PDF - -print ''; - // Ref print '\n"; } // Login From 9db5f85d4e9b5db027df383312cc35f9366e3cc9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 18:42:41 +0200 Subject: [PATCH 197/215] Fix responsive --- htdocs/adherents/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index b700da148df..d1af54d7168 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -1098,7 +1098,7 @@ while ($i < min($num, $limit)) { } // EMail if (!empty($arrayfields['d.email']['checked'])) { - print "\n"; + print '\n"; } // End of subscription date $datefin = $db->jdate($obj->datefin); From b78771f8c4df90d955134ed20d14d65e67b0b04d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 18:56:52 +0200 Subject: [PATCH 198/215] Fix select empty value for thirdparties select combo --- htdocs/core/class/html.form.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 4ff3dacb537..98807af1858 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1413,7 +1413,7 @@ class Form } } if ($showempty) { - $out .= ''."\n"; + $out .= ''."\n"; } $num = $this->db->num_rows($resql); From 3c029d0ccf2c9e4ae8875821fe2734c54db5ccd9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 18:57:41 +0200 Subject: [PATCH 199/215] Fix sort on company on member list. --- htdocs/adherents/list.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index d1af54d7168..ca62d0a4cc3 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -317,6 +317,7 @@ $sql .= " d.email, d.phone, d.phone_perso, d.phone_mobile, d.skype, d.birth, d.p $sql .= " d.fk_adherent_type as type_id, d.morphy, d.statut, d.datec as date_creation, d.tms as date_update,"; $sql .= " d.note_private, d.note_public,"; $sql .= " s.nom,"; +$sql .= " ".$db->ifsql("d.societe IS NULL", "s.nom", "d.societe")." as companyname,"; $sql .= " t.libelle as type, t.subscription,"; $sql .= " state.code_departement as state_code, state.nom as state_name,"; // Add fields from extrafields @@ -832,7 +833,7 @@ if (!empty($arrayfields['d.gender']['checked'])) { print_liste_field_titre($arrayfields['d.gender']['label'], $_SERVER['PHP_SELF'], 'd.gender', $param, "", "", $sortfield, $sortorder); } if (!empty($arrayfields['d.company']['checked'])) { - print_liste_field_titre($arrayfields['d.company']['label'], $_SERVER["PHP_SELF"], 'd.societe', '', $param, '', $sortfield, $sortorder); + print_liste_field_titre($arrayfields['d.company']['label'], $_SERVER["PHP_SELF"], 'companyname', '', $param, '', $sortfield, $sortorder); } if (!empty($arrayfields['d.login']['checked'])) { print_liste_field_titre($arrayfields['d.login']['label'], $_SERVER["PHP_SELF"], 'd.login', '', $param, '', $sortfield, $sortorder); From 18e7a5efa960e0ccee8578cd43e563aa41c46bc4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 19:00:15 +0200 Subject: [PATCH 200/215] Trans --- htdocs/langs/en_US/members.lang | 2 +- htdocs/langs/en_US/users.lang | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/langs/en_US/members.lang b/htdocs/langs/en_US/members.lang index 2c4409caa88..b193e1f34b6 100644 --- a/htdocs/langs/en_US/members.lang +++ b/htdocs/langs/en_US/members.lang @@ -155,7 +155,7 @@ DescADHERENT_CARD_TEXT_RIGHT=Text printed on member cards (align on right) DescADHERENT_CARD_FOOTER_TEXT=Text printed on bottom of member cards ShowTypeCard=Show type '%s' HTPasswordExport=htpassword file generation -NoThirdPartyAssociatedToMember=No third party associated to this member +NoThirdPartyAssociatedToMember=No third party associated with this member MembersAndSubscriptions= Members and Subscriptions MoreActions=Complementary action on recording MoreActionsOnSubscription=Complementary action, suggested by default when recording a subscription diff --git a/htdocs/langs/en_US/users.lang b/htdocs/langs/en_US/users.lang index 841ee0f3daf..888c9f52161 100644 --- a/htdocs/langs/en_US/users.lang +++ b/htdocs/langs/en_US/users.lang @@ -62,8 +62,8 @@ ListOfUsersInGroup=List of users in this group ListOfGroupsForUser=List of groups for this user LinkToCompanyContact=Link to third party / contact LinkedToDolibarrMember=Link to member -LinkedToDolibarrUser=Link to Dolibarr user -LinkedToDolibarrThirdParty=Link to Dolibarr third party +LinkedToDolibarrUser=Link to user +LinkedToDolibarrThirdParty=Link to third party CreateDolibarrLogin=Create a user CreateDolibarrThirdParty=Create a third party LoginAccountDisableInDolibarr=Account disabled in Dolibarr. From d1ef4bdbd18a3bcd2793dd36c90cae054050870d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 19:10:43 +0200 Subject: [PATCH 201/215] Fix missing login in tooltip --- htdocs/adherents/class/adherent.class.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 2d5eae90938..df9e35651c2 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -2185,6 +2185,9 @@ class Adherent extends CommonObject if (!empty($this->ref)) { $label .= '
'.$langs->trans('Ref').': '.$this->ref; } + if (!empty($this->login)) { + $label .= '
'.$langs->trans('Login').': '.$this->login; + } if (!empty($this->firstname) || !empty($this->lastname)) { $label .= '
'.$langs->trans('Name').': '.$this->getFullName($langs); } From d9bfd72c29f7777f7b7fc4d9efdd8adfd58fe0b5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 19:13:02 +0200 Subject: [PATCH 202/215] Fix missing login in tooltip --- htdocs/adherents/list.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index ca62d0a4cc3..761a6502d0b 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -906,6 +906,7 @@ while ($i < min($num, $limit)) { $memberstatic->id = $obj->rowid; $memberstatic->ref = $obj->ref; $memberstatic->civility_id = $obj->civility; + $memberstatic->login = $obj->login; $memberstatic->lastname = $obj->lastname; $memberstatic->firstname = $obj->firstname; $memberstatic->gender = $obj->gender; From 7c9909ee120eee528b8c0f2e2464c2596eff9093 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 19:21:52 +0200 Subject: [PATCH 203/215] Fix label of list of members --- htdocs/adherents/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 761a6502d0b..61226097d5c 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -492,7 +492,7 @@ if (GETPOSTISSET("search_status")) { if ($search_status == Adherent::STATUS_VALIDATED && $filter == 'outofdate') { $titre = $langs->trans("MembersListNotUpToDate"); } - if ($search_status == Adherent::STATUS_RESILIATED) { + if ((string) $search_status == (string) Adherent::STATUS_RESILIATED) { // The cast to string is required to have test false when search_status is '' $titre = $langs->trans("MembersListResiliated"); } if ($search_status == Adherent::STATUS_EXCLUDED) { From 5549186e3a500180a91ed1806ab33cab782751ec Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 19:28:49 +0200 Subject: [PATCH 204/215] Fix link --- htdocs/adherents/card.php | 2 +- htdocs/adherents/subscription.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 32a324ce4d6..3ac82b893a7 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -1825,7 +1825,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Show link to invoices $tmparray = $company->getOutstandingBills('customer'); if (!empty($tmparray['refs'])) { - print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').''.$langs->trans("Invoices").': '.count($tmparray['refs']); + print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').''.$langs->trans("Invoices").' ('.count($tmparray['refs']).')'; // TODO Add alert if warning on at least one invoice late print ''; } diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 3a967677e17..4da534161d6 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -612,7 +612,7 @@ if ($rowid > 0) { // Show link to invoices $tmparray = $company->getOutstandingBills('customer'); if (!empty($tmparray['refs'])) { - print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').''.$langs->trans("Invoices").': '.count($tmparray['refs']); + print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').''.$langs->trans("Invoices").' ('.count($tmparray['refs']).')'; // TODO Add alert if warning on at least one invoice late print ''; } From 3e443e91464fd2dcd886901dade57a4aaba237c8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 19:47:44 +0200 Subject: [PATCH 205/215] Fix partnership module --- htdocs/partnership/admin/setup.php | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/htdocs/partnership/admin/setup.php b/htdocs/partnership/admin/setup.php index 25567b137db..100dc7027a3 100644 --- a/htdocs/partnership/admin/setup.php +++ b/htdocs/partnership/admin/setup.php @@ -65,8 +65,10 @@ if ($action == 'setting') { $error += $partnership->delete_menus(); $error += $partnership->insert_menus(); - if (GETPOST("PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL", 'int')) + if (GETPOSTISSET("PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL")) { dolibarr_set_const($db, "PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL", GETPOST("PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL", 'int'), 'chaine', 0, '', $conf->entity); + } + dolibarr_set_const($db, "PARTNERSHIP_BACKLINKS_TO_CHECK", GETPOST("PARTNERSHIP_BACKLINKS_TO_CHECK"), 'chaine', 0, '', $conf->entity); } @@ -131,16 +133,16 @@ print ''; -if (!empty($conf->global->PARTNERSHIP_IS_MANAGED_FOR) && $conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'member') { - print ''; - print ''; - print ''; - print ''; -} +//if (!empty($conf->global->PARTNERSHIP_IS_MANAGED_FOR) && $conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'member') { +print ''; +print ''; +print ''; +print ''; +//} print '
'.$langs->trans("MemberAllowchangeOfType").''; print $form->selectyesno('ADHERENT_LOGIN_NOT_REQUIRED', (!empty($conf->global->MEMBER_ALLOW_CHANGE_OF_TYPE) ? 0 : 1), 1); print "
'.$langs->trans("MoreActionsOnSubscription").'
'.$langs->trans("PlaceCustomerAddressToIsoLocation").''; -if ($conf->use_javascript_ajax) { - print ajax_constantonoff('MAIN_PDF_USE_ISO_LOCATION'); -} else { - print $form->selectyesno('MAIN_PDF_USE_ISO_LOCATION', (!empty($conf->global->MAIN_PDF_USE_ISO_LOCATION)) ? $conf->global->MAIN_PDF_USE_ISO_LOCATION : 0, 1); -} -print '
'.$langs->trans("PDF_USE_ALSO_LANGUAGE_CODE").''; -//if (! empty($conf->global->MAIN_MULTILANGS)) -//{ -$selected = GETPOSTISSET('PDF_USE_ALSO_LANGUAGE_CODE') ? GETPOST('PDF_USE_ALSO_LANGUAGE_CODE') : (!empty($conf->global->PDF_USE_ALSO_LANGUAGE_CODE) ? $conf->global->PDF_USE_ALSO_LANGUAGE_CODE : 0); -print $formadmin->select_language($selected, 'PDF_USE_ALSO_LANGUAGE_CODE', 0, null, 1); -//} else { -// print ''.$langs->trans("MultiLangNotEnabled").''; -//} -print '
'.$langs->trans("HideRefOnPDF").''; From 20e681d025307a78cba5e60074ea1e17f4c98465 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 20:59:12 +0200 Subject: [PATCH 186/215] Revert "[NEW] PDF Document ref in title option" --- htdocs/admin/pdf.php | 2 -- .../commande/doc/pdf_einstein.modules.php | 14 +++++++++----- .../commande/doc/pdf_eratosthene.modules.php | 18 ++++++++++++++---- .../contract/doc/pdf_strato.modules.php | 13 +++++++++---- .../expedition/doc/pdf_espadon.modules.php | 8 ++++++-- .../expedition/doc/pdf_rouget.modules.php | 10 ++++++---- .../modules/facture/doc/pdf_crabe.modules.php | 2 -- .../modules/facture/doc/pdf_sponge.modules.php | 2 -- .../fichinter/doc/pdf_soleil.modules.php | 12 ++++++++---- .../modules/propale/doc/pdf_azur.modules.php | 11 ++++++++--- .../modules/propale/doc/pdf_cyan.modules.php | 18 ++++++++++++++---- 11 files changed, 74 insertions(+), 36 deletions(-) diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index 9cd5836d2e8..5030c487537 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -4,7 +4,6 @@ * Copyright (C) 2005-2011 Regis Houssin * Copyright (C) 2012-2107 Juanjo Menent * Copyright (C) 2019 Ferran Marcet - * Copyright (C) 2021 Anthony Berton * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -94,7 +93,6 @@ if ($action == 'update') { if (GETPOSTISSET('MAIN_DOCUMENTS_LOGO_HEIGHT')) dolibarr_set_const($db, "MAIN_DOCUMENTS_LOGO_HEIGHT", GETPOST("MAIN_DOCUMENTS_LOGO_HEIGHT", 'int'), 'chaine', 0, '', $conf->entity); if (GETPOSTISSET('MAIN_INVERT_SENDER_RECIPIENT')) dolibarr_set_const($db, "MAIN_INVERT_SENDER_RECIPIENT", GETPOST("MAIN_INVERT_SENDER_RECIPIENT"), 'chaine', 0, '', $conf->entity); - if (GETPOSTISSET('MAIN_PDF_USE_ISO_LOCATION')) dolibarr_set_const($db, "MAIN_PDF_USE_ISO_LOCATION", GETPOST("MAIN_PDF_USE_ISO_LOCATION"), 'chaine', 0, '', $conf->entity); if (GETPOSTISSET('MAIN_PDF_NO_CUSTOMER_CODE')) dolibarr_set_const($db, "MAIN_PDF_NO_CUSTOMER_CODE", GETPOST("MAIN_PDF_NO_CUSTOMER_CODE"), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index 2a1f283a02c..be0b9f3c6fe 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -1311,16 +1311,20 @@ class pdf_einstein extends ModelePDFCommandes $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities($titlekey); - - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - $pdf->MultiCell($w, 3, $title, '', 'R'); + $pdf->SetFont('', 'B', $default_font_size); + + $posy += 5; + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); + $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + + $posy += 1; $pdf->SetFont('', '', $default_font_size - 1); - $posy += 2; if ($object->ref_client) { - $posy += 3; + $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell($w, 3, $outputlangs->transnoentities("RefCustomer")." : ".$outputlangs->convToOutputCharset($object->ref_client), '', 'R'); diff --git a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php index b8622fe3b26..7e04445ea15 100644 --- a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php @@ -1483,15 +1483,25 @@ class pdf_eratosthene extends ModelePDFCommandes $title .= $outputlangsbis->transnoentities($titlekey); } - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - $pdf->MultiCell($w, 3, $title, '', 'R'); + $pdf->SetFont('', 'B', $default_font_size); + + $posy += 5; + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); + $textref = $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $textref .= ' - '.$outputlangs->transnoentities("NotValidated"); + } + $pdf->MultiCell($w, 4, $textref, '', 'R'); + + $posy += 1; $pdf->SetFont('', '', $default_font_size - 2); - $posy += 2; if ($object->ref_client) { - $posy += 3; + $posy += 4; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell($w, 3, $outputlangs->transnoentities("RefCustomer")." : ".$outputlangs->convToOutputCharset($object->ref_client), '', 'R'); diff --git a/htdocs/core/modules/contract/doc/pdf_strato.modules.php b/htdocs/core/modules/contract/doc/pdf_strato.modules.php index d3d0f1905ff..638c22221bd 100644 --- a/htdocs/core/modules/contract/doc/pdf_strato.modules.php +++ b/htdocs/core/modules/contract/doc/pdf_strato.modules.php @@ -640,16 +640,21 @@ class pdf_strato extends ModelePDFContract $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("ContractCard"); - - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - $pdf->MultiCell(100, 4, $title, '', 'R'); - $pdf->SetFont('', '', $default_font_size); + $pdf->SetFont('', 'B', $default_font_size + 2); $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); + $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + + $posy += 1; + $pdf->SetFont('', '', $default_font_size); + + $posy += 4; + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell(100, 3, $outputlangs->transnoentities("Date")." : ".dol_print_date($object->date_contrat, "day", false, $outputlangs, true), '', 'R'); if (empty($conf->global->MAIN_PDF_HIDE_CUSTOMER_CODE) && $object->thirdparty->code_client) { diff --git a/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php b/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php index c20ffec1d72..28d797acffc 100644 --- a/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php @@ -1003,12 +1003,16 @@ class pdf_espadon extends ModelePdfExpedition $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("SendingSheet"); - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', '', $default_font_size + 1); + $posy += 5; + + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); + $pdf->MultiCell($w, 4, $outputlangs->transnoentities("RefSending")." : ".$object->ref, '', 'R'); + // Date planned delivery if (!empty($object->date_delivery)) { $posy += 4; diff --git a/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php b/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php index 1b2b35e8562..aa6603fa35a 100644 --- a/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php @@ -953,13 +953,15 @@ class pdf_rouget extends ModelePdfExpedition $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("SendingSheet"); - - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', '', $default_font_size + 1); - $posy += 1; + + $posy += 5; + + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); + $pdf->MultiCell($w, 4, $outputlangs->transnoentities("RefSending")." : ".$object->ref, '', 'R'); // Date planned delivery if (!empty($object->date_delivery)) { diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index cdcd681eaa6..6ad123f3461 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -986,8 +986,6 @@ class pdf_crabe extends ModelePDFFactures $title = $outputlangs->transnoentities("PaymentsBackAlreadyDone"); } - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - $pdf->SetFont('', '', $default_font_size - 3); $pdf->SetXY($tab3_posx, $tab3_top - 4); $pdf->MultiCell(60, 3, $title, 0, 'L', 0); diff --git a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php index d4098d1db38..42a8830e3fc 100644 --- a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php @@ -987,8 +987,6 @@ class pdf_sponge extends ModelePDFFactures $title = $outputlangs->transnoentities("PaymentsBackAlreadyDone"); } - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - $pdf->SetFont('', '', $default_font_size - 3); $pdf->SetXY($tab3_posx, $tab3_top - 4); $pdf->MultiCell(60, 3, $title, 0, 'L', 0); diff --git a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php index 8710c67dda1..37d64c43e17 100644 --- a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php +++ b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php @@ -596,15 +596,19 @@ class pdf_soleil extends ModelePDFFicheinter $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("InterventionCard"); - - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - $pdf->MultiCell(100, 4, $title, '', 'R'); - $posy += 5; + $pdf->SetFont('', 'B', $default_font_size + 2); + $posy += 5; + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); + $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + + $posy += 1; $pdf->SetFont('', '', $default_font_size); + $posy += 4; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell(100, 3, $outputlangs->transnoentities("Date")." : ".dol_print_date($object->datec, "day", false, $outputlangs, true), '', 'R'); diff --git a/htdocs/core/modules/propale/doc/pdf_azur.modules.php b/htdocs/core/modules/propale/doc/pdf_azur.modules.php index 9ea3e34511c..2045683661b 100644 --- a/htdocs/core/modules/propale/doc/pdf_azur.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_azur.modules.php @@ -1473,12 +1473,17 @@ class pdf_azur extends ModelePDFPropales $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - $pdf->MultiCell(100, 4, $title, '', 'R'); - $pdf->SetFont('', '', $default_font_size - 2); + $pdf->SetFont('', 'B', $default_font_size); + + $posy += 5; + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); + $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + $posy += 1; + $pdf->SetFont('', '', $default_font_size - 2); if ($object->ref_client) { $posy += 4; diff --git a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php index 703ebaa62f0..7d8ada03ad5 100644 --- a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php @@ -1574,15 +1574,25 @@ class pdf_cyan extends ModelePDFPropales $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); - $title .= " " . $outputlangs->convToOutputCharset($object->ref); - $pdf->MultiCell($w, 4, $title, '', 'R'); + $pdf->SetFont('', 'B', $default_font_size); + + $posy += 5; + $pdf->SetXY($posx, $posy); + $pdf->SetTextColor(0, 0, 60); + $textref = $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $textref .= ' - '.$outputlangs->transnoentities("NotValidated"); + } + $pdf->MultiCell($w, 4, $textref, '', 'R'); + + $posy += 1; $pdf->SetFont('', '', $default_font_size - 2); - $posy += 2; if ($object->ref_client) { - $posy += 3; + $posy += 4; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell($w, 3, $outputlangs->transnoentities("RefCustomer")." : ".$outputlangs->convToOutputCharset($object->ref_client), '', 'R'); From c188ef0438259048e1eb74e2b3952bf21b13e417 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 21:09:52 +0200 Subject: [PATCH 187/215] Fixed implementation for #18373 --- htdocs/core/modules/facture/doc/pdf_crabe.modules.php | 11 +++++++++-- .../core/modules/facture/doc/pdf_sponge.modules.php | 11 +++++++++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index 6ad123f3461..4cd2699a3d4 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -1702,10 +1702,17 @@ class pdf_crabe extends ModelePDFFactures $title .= $outputlangsbis->transnoentities("InvoiceProForma"); } } + $title .= ' '.$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $title .= ' - '.$outputlangs->transnoentities("NotValidated"); + } + $pdf->MultiCell($w, 3, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); + /* $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); @@ -1714,9 +1721,9 @@ class pdf_crabe extends ModelePDFFactures $pdf->SetTextColor(128, 0, 0); $textref .= ' - '.$outputlangs->transnoentities("NotValidated"); } - $pdf->MultiCell($w, 4, $textref, '', 'R'); + $pdf->MultiCell($w, 4, $textref, '', 'R');*/ - $posy += 1; + $posy += 3; $pdf->SetFont('', '', $default_font_size - 2); if ($object->ref_client) { diff --git a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php index 42a8830e3fc..be458fcdd1a 100644 --- a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php @@ -1939,10 +1939,17 @@ class pdf_sponge extends ModelePDFFactures $title .= $outputlangsbis->transnoentities("InvoiceProForma"); } } + $title .= ' '.$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $title .= ' - '.$outputlangs->transnoentities("NotValidated"); + } + $pdf->MultiCell($w, 3, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); + /* $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); @@ -1951,9 +1958,9 @@ class pdf_sponge extends ModelePDFFactures $pdf->SetTextColor(128, 0, 0); $textref .= ' - '.$outputlangs->transnoentities("NotValidated"); } - $pdf->MultiCell($w, 4, $textref, '', 'R'); + $pdf->MultiCell($w, 4, $textref, '', 'R');*/ - $posy += 1; + $posy += 3; $pdf->SetFont('', '', $default_font_size - 2); if ($object->ref_client) { From 3336b5c405b725decc78ce84565498f24dd7a19a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Aug 2021 21:19:04 +0200 Subject: [PATCH 188/215] Fixed implementation for #18373 --- .../core/modules/commande/doc/pdf_einstein.modules.php | 9 ++++++++- .../modules/commande/doc/pdf_eratosthene.modules.php | 9 ++++++++- htdocs/core/modules/propale/doc/pdf_azur.modules.php | 9 ++++++++- htdocs/core/modules/propale/doc/pdf_cyan.modules.php | 10 +++++++++- 4 files changed, 33 insertions(+), 4 deletions(-) diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index be0b9f3c6fe..d45bab013e9 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -1311,16 +1311,23 @@ class pdf_einstein extends ModelePDFCommandes $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities($titlekey); + $title .= ' '.$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $title .= ' - '.$outputlangs->transnoentities("NotValidated"); + } $pdf->MultiCell($w, 3, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); + /* $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + */ - $posy += 1; + $posy += 3; $pdf->SetFont('', '', $default_font_size - 1); if ($object->ref_client) { diff --git a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php index 7e04445ea15..52f96764473 100644 --- a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php @@ -1482,11 +1482,17 @@ class pdf_eratosthene extends ModelePDFCommandes $title .= ' - '; $title .= $outputlangsbis->transnoentities($titlekey); } + $title .= ' '.$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $title .= ' - '.$outputlangs->transnoentities("NotValidated"); + } $pdf->MultiCell($w, 3, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); + /* $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); @@ -1496,8 +1502,9 @@ class pdf_eratosthene extends ModelePDFCommandes $textref .= ' - '.$outputlangs->transnoentities("NotValidated"); } $pdf->MultiCell($w, 4, $textref, '', 'R'); + */ - $posy += 1; + $posy += 3; $pdf->SetFont('', '', $default_font_size - 2); if ($object->ref_client) { diff --git a/htdocs/core/modules/propale/doc/pdf_azur.modules.php b/htdocs/core/modules/propale/doc/pdf_azur.modules.php index 2045683661b..bf079c47b66 100644 --- a/htdocs/core/modules/propale/doc/pdf_azur.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_azur.modules.php @@ -1473,16 +1473,23 @@ class pdf_azur extends ModelePDFPropales $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); + $title .= ' '.$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $title .= ' - '.$outputlangs->transnoentities("NotValidated"); + } $pdf->MultiCell(100, 4, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); + /* $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell(100, 4, $outputlangs->transnoentities("Ref")." : ".$outputlangs->convToOutputCharset($object->ref), '', 'R'); + */ - $posy += 1; + $posy += 3; $pdf->SetFont('', '', $default_font_size - 2); if ($object->ref_client) { diff --git a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php index 7d8ada03ad5..97f76df31bb 100644 --- a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php @@ -1574,10 +1574,17 @@ class pdf_cyan extends ModelePDFPropales $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $title = $outputlangs->transnoentities("PdfCommercialProposalTitle"); + $title .= ' '.$outputlangs->convToOutputCharset($object->ref); + if ($object->statut == $object::STATUS_DRAFT) { + $pdf->SetTextColor(128, 0, 0); + $title .= ' - '.$outputlangs->transnoentities("NotValidated"); + } + $pdf->MultiCell($w, 4, $title, '', 'R'); $pdf->SetFont('', 'B', $default_font_size); + /* $posy += 5; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); @@ -1587,8 +1594,9 @@ class pdf_cyan extends ModelePDFPropales $textref .= ' - '.$outputlangs->transnoentities("NotValidated"); } $pdf->MultiCell($w, 4, $textref, '', 'R'); + */ - $posy += 1; + $posy += 3; $pdf->SetFont('', '', $default_font_size - 2); if ($object->ref_client) { From fbdee1316aff76c198da55a05a9e77537c7ed1e9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 29 Aug 2021 19:36:11 +0200 Subject: [PATCH 189/215] Code comment --- htdocs/core/actions_addupdatedelete.inc.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/core/actions_addupdatedelete.inc.php b/htdocs/core/actions_addupdatedelete.inc.php index 74ad69e4e1d..1154252a348 100644 --- a/htdocs/core/actions_addupdatedelete.inc.php +++ b/htdocs/core/actions_addupdatedelete.inc.php @@ -35,8 +35,7 @@ if (!empty($permissionedit) && empty($permissiontoadd)) { } if ($cancel) { - /*var_dump($cancel); - var_dump($backtopage);exit;*/ + /*var_dump($cancel);var_dump($backtopage);var_dump($backtopageforcancel);exit;*/ if (!empty($backtopageforcancel)) { header("Location: ".$backtopageforcancel); exit; From 92defbc4496774588fe7c7a6fa24442f2e59a69e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 29 Aug 2021 19:39:37 +0200 Subject: [PATCH 190/215] Fix warning --- htdocs/modulebuilder/template/myobject_card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index d928fd3f76a..87a28615806 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -158,7 +158,7 @@ if (empty($reshook)) { if (empty($id) && (($action != 'add' && $action != 'create') || $cancel)) { $backtopage = $backurlforlist; } else { - $backtopage = dol_buildpath('/mymodule/myobject_card.php', 1).'?id='.($id > 0 ? $id : '__ID__'); + $backtopage = dol_buildpath('/mymodule/myobject_card.php', 1).'?id='.((!empty($id) && $id > 0) ? $id : '__ID__'); } } } From 581efd084773c724d9c8f1f1f523ea9229104f2c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 29 Aug 2021 19:40:04 +0200 Subject: [PATCH 191/215] Fix the cancel action (good practices recommended by modulebuilder). --- htdocs/societe/card.php | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index f5cd9cc8de7..8e8ab5c2d1f 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -154,12 +154,27 @@ if ($reshook < 0) { } if (empty($reshook)) { + $backurlforlist = DOL_URL_ROOT.'/societe/list.php'; + + if (empty($backtopage) || ($cancel && empty($id))) { + if (empty($backtopage) || ($cancel && strpos($backtopage, '__ID__'))) { + if (empty($id) && (($action != 'add' && $action != 'create') || $cancel)) { + $backtopage = $backurlforlist; + } else { + $backtopage = DOL_URL_ROOT.'/societe/card.php?id='.((!empty($id) && $id > 0) ? $id : '__ID__'); + } + } + } + if ($cancel) { - $action = ''; - if (!empty($backtopage)) { + if (!empty($backtopageforcancel)) { + header("Location: ".$backtopageforcancel); + exit; + } elseif (!empty($backtopage)) { header("Location: ".$backtopage); exit; } + $action = ''; } if ($action == 'confirm_merge' && $confirm == 'yes' && $user->rights->societe->creer) { From daf32e9f141cbb82117b1435243c8daa55d5e09d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 29 Aug 2021 20:36:08 +0200 Subject: [PATCH 192/215] Fix modules disabled in demo must remains disabled --- htdocs/admin/modules.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 77c070ad573..af7d5397e24 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -588,6 +588,10 @@ if ($mode == 'common' || $mode == 'commonkanban') { setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); } + if (!empty($_SESSION["disablemodules"])) { + $disabled_modules = explode(',', $_SESSION["disablemodules"]); + } + // Show list of modules $oldfamily = ''; $foundoneexternalmodulewithupdate = 0; @@ -613,6 +617,7 @@ if ($mode == 'common' || $mode == 'commonkanban') { continue; } + $modulenameshort = strtolower(preg_replace('/^mod/i', '', get_class($objMod))); $const_name = 'MAIN_MODULE_'.strtoupper(preg_replace('/^mod/i', '', get_class($objMod))); // Check filters @@ -754,6 +759,11 @@ if ($mode == 'common' || $mode == 'commonkanban') { $codeenabledisable = ''; $codetoconfig = ''; + // Force disable of module disabled into session (for demo for example) + if (in_array($modulenameshort, $disabled_modules)) { + $objMod->disabled = true; + } + // Activate/Disable and Setup (2 columns) if (!empty($conf->global->$const_name)) { // If module is already activated // Set $codeenabledisable @@ -761,6 +771,7 @@ if ($mode == 'common' || $mode == 'commonkanban') { if (!empty($arrayofwarnings[$modName])) { $codeenabledisable .= ''."\n"; } + if (!empty($objMod->disabled)) { $codeenabledisable .= $langs->trans("Disabled"); } elseif (!empty($objMod->always_enabled) || ((!empty($conf->multicompany->enabled) && $objMod->core_enabled) && ($user->entity || $conf->entity != 1))) { From 47b96e07b767205ca39702538d53f7ad673c159d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 29 Aug 2021 20:36:54 +0200 Subject: [PATCH 193/215] Fix init --- htdocs/admin/modules.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index af7d5397e24..e746faec8a5 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -760,6 +760,7 @@ if ($mode == 'common' || $mode == 'commonkanban') { $codetoconfig = ''; // Force disable of module disabled into session (for demo for example) + $disabled_modules = array(); if (in_array($modulenameshort, $disabled_modules)) { $objMod->disabled = true; } From 74ad0586a903d4c59b2a89f62fe5ebb8c36d855d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 29 Aug 2021 20:42:14 +0200 Subject: [PATCH 194/215] Fix disabled --- htdocs/admin/modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index e746faec8a5..dd6b22f7634 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -588,6 +588,7 @@ if ($mode == 'common' || $mode == 'commonkanban') { setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); } + $disabled_modules = array(); if (!empty($_SESSION["disablemodules"])) { $disabled_modules = explode(',', $_SESSION["disablemodules"]); } @@ -760,7 +761,6 @@ if ($mode == 'common' || $mode == 'commonkanban') { $codetoconfig = ''; // Force disable of module disabled into session (for demo for example) - $disabled_modules = array(); if (in_array($modulenameshort, $disabled_modules)) { $objMod->disabled = true; } From d2f3d134dfb5bb89440462aa9c0a1fc4bf341866 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 16:54:45 +0200 Subject: [PATCH 195/215] Code comment. Better _checkFilters --- htdocs/api/class/api.class.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php index ab65576811a..b4e1abdbadb 100644 --- a/htdocs/api/class/api.class.php +++ b/htdocs/api/class/api.class.php @@ -310,14 +310,23 @@ class DolibarrApi } if ($tmp[$i] == ')') { $counter--; + + // TODO: After a closing ), only a " or " or " and " or end of string is allowed. } if ($counter < 0) { - $error = "Bad sqlfilters=".$sqlfilters; + $error = "Bad sqlfilters (too many closing parenthesis) = ".$sqlfilters; dol_syslog($error, LOG_WARNING); return false; } $i++; } + + if ($counter > 0) { + $error = "Bad sqlfilters (too many opening parenthesis) = ".$sqlfilters; + dol_syslog($error, LOG_WARNING); + return false; + } + return true; } @@ -327,7 +336,8 @@ class DolibarrApi * Function to forge a SQL criteria * * @param array $matches Array of found string by regex search. - * Example: "t.ref:like:'SO-%'" or "t.date_creation:<:'20160101'" or "t.date_creation:<:'2016-01-01 12:30:00'" or "t.nature:is:NULL" or "t.nature:isnot:NULL" + * Each entry is 1 and only 1 criteria. + * Example: "t.ref:like:'SO-%'", "t.date_creation:<:'20160101'", "t.date_creation:<:'2016-01-01 12:30:00'", "t.nature:is:NULL", "t.field2:isnot:NULL" * @return string Forged criteria. Example: "t.field like 'abc%'" */ protected static function _forge_criteria_callback($matches) From 9c3ba22b025150ae28a5ae577e349ba45cea3bc9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 18:38:31 +0200 Subject: [PATCH 196/215] Fix label of company of a thirdparty --- htdocs/adherents/list.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index f7c4d5e4d36..b700da148df 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -919,9 +919,13 @@ while ($i < min($num, $limit)) { if (!empty($obj->fk_soc)) { $memberstatic->fetch_thirdparty(); - $companyname = $memberstatic->thirdparty->name; + if ($memberstatic->thirdparty->id > 0) { + $companyname = $memberstatic->thirdparty->name; + $companynametoshow = $memberstatic->thirdparty->getNomUrl(1); + } } else { $companyname = $obj->company; + $companynametoshow = $obj->company; } $memberstatic->company = $companyname; @@ -984,7 +988,7 @@ while ($i < min($num, $limit)) { // Company if (!empty($arrayfields['d.company']['checked'])) { print ''; - print $companyname; + print $companynametoshow; print "".dol_print_email($obj->email, 0, 0, 1)."'.dol_print_email($obj->email, 0, 0, 1)."'.$langs->trans("partnershipforthirdparty print '
'.$langs->trans("PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL").''; - $dnbdays = '15'; - $backlinks = (!empty($conf->global->PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL)) ? $conf->global->PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL : $dnbdays; - print ''; - print ''.$dnbdays.'
'.$langs->trans("PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL").''; +$dnbdays = '30'; +$backlinks = (!empty($conf->global->PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL)) ? $conf->global->PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL : $dnbdays; +print ''; +print ''.$dnbdays.'
'; print ''; From 8639956b79b7124fab5708f559c978883569d9eb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 21:22:00 +0200 Subject: [PATCH 206/215] Fix position of information on lines of documents --- htdocs/core/tpl/objectline_view.tpl.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/htdocs/core/tpl/objectline_view.tpl.php b/htdocs/core/tpl/objectline_view.tpl.php index 3e8ef7ea411..b50ca83c6f6 100644 --- a/htdocs/core/tpl/objectline_view.tpl.php +++ b/htdocs/core/tpl/objectline_view.tpl.php @@ -79,6 +79,7 @@ if (!empty($conf->global->INVOICE_POSITIVE_CREDIT_NOTE_SCREEN) && in_array($obje $sign = -1; } + $coldisplay = 0; ?> @@ -163,32 +164,33 @@ if (($line->info_bits & 2) == 2) { // Show date range if ($line->element == 'facturedetrec') { if ($line->date_start_fill || $line->date_end_fill) { - print '
'; + print '

'; } if ($line->date_start_fill) { - print $langs->trans('AutoFillDateFromShort').': '.yn($line->date_start_fill); + print ''.$langs->trans('AutoFillDateFromShort').': '.yn($line->date_start_fill); } if ($line->date_start_fill && $line->date_end_fill) { print ' - '; } if ($line->date_end_fill) { - print $langs->trans('AutoFillDateToShort').': '.yn($line->date_end_fill); + print ''.$langs->trans('AutoFillDateToShort').': '.yn($line->date_end_fill); } if ($line->date_start_fill || $line->date_end_fill) { print '
'; } } else { if ($line->date_start || $line->date_end) { - print '
'.get_date_range($line->date_start, $line->date_end, $format).'
'; + print '
'.get_date_range($line->date_start, $line->date_end, $format).'
'; } //print get_date_range($line->date_start, $line->date_end, $format); } // Add description in form if ($line->fk_product > 0 && !empty($conf->global->PRODUIT_DESC_IN_FORM)) { - print (!empty($line->description) && $line->description != $line->product_label) ? '
'.dol_htmlentitiesbr($line->description) : ''; + print (!empty($line->description) && $line->description != $line->product_label) ? (($line->date_start || $line->date_end) ? '' : '
').'
'.dol_htmlentitiesbr($line->description) : ''; } - //Line extrafield + + // Line extrafield if (!empty($extrafields)) { $temps = $line->showOptionals($extrafields, 'view', array(), '', '', 1, 'line'); if (!empty($temps)) { From 426894f6a616f7e4f77f1697cad2632e9bab0611 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 21:44:09 +0200 Subject: [PATCH 207/215] Fix not null column --- htdocs/install/mysql/migration/13.0.0-14.0.0.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index 032504dfa61..d50b6991261 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -459,7 +459,7 @@ CREATE TABLE llx_partnership( fk_soc integer, fk_member integer, date_partnership_start date NOT NULL, - date_partnership_end date NOT NULL, + date_partnership_end date NULL, entity integer DEFAULT 1 NOT NULL, -- multi company id, 0 = all reason_decline_or_cancel text NULL, date_creation datetime NOT NULL, From 60832c6e87b78d960cf9fe2a83aa20ae57c839dc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 21:48:46 +0200 Subject: [PATCH 208/215] css --- htdocs/core/class/extrafields.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index f6a5ba93d61..161b0fb92bb 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1157,7 +1157,7 @@ class ExtraFields } else { $checked = ' value="1" '; } - $out = ''; + $out = ''; } else { $out .= $form->selectyesno($keyprefix.$key.$keysuffix, $value, 1, false, 1); } From b29fc5552d478bfe01c3b0761d63e63bf4d80033 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Aug 2021 22:10:26 +0200 Subject: [PATCH 209/215] Fix id in link --- htdocs/core/tpl/extrafields_view.tpl.php | 6 ++++-- htdocs/societe/partnership.php | 9 +++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index e87d6df18dc..3f2ab773b06 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -199,11 +199,13 @@ if (empty($reshook) && isset($extrafields->attributes[$object->table_element]['l if (($isdraft || !empty($extrafields->attributes[$object->table_element]['alwayseditable'][$tmpkeyextra])) && $permok && $enabled != 5 && ($action != 'edit_extras' || GETPOST('attribute') != $tmpkeyextra) && empty($extrafields->attributes[$object->table_element]['computed'][$tmpkeyextra])) { - $fieldid = 'id'; + $fieldid = empty($forcefieldid) ? 'id' : $forcefieldid; + $valueid = empty($forceobjectid) ? $object->id : $forceobjectid; if ($object->table_element == 'societe') { $fieldid = 'socid'; } - print '
'.img_edit().''.img_edit().'
'; print ''; diff --git a/htdocs/societe/partnership.php b/htdocs/societe/partnership.php index b1f0f24fbe1..a5393e500e3 100644 --- a/htdocs/societe/partnership.php +++ b/htdocs/societe/partnership.php @@ -245,7 +245,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $socid = $object->id; - // TODO Replace this card with the list of all partnerships. + // TODO Replace this card with a table of list of all partnerships. $object = new Partnership($db); $partnershipid = $object->fetch(0, '', 0, $socid); @@ -257,10 +257,11 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''."\n"; // Common attributes - //$keyforbreak='fieldkeytoswitchonsecondcolumn'; // We change column just before this field - //unset($object->fields['fk_project']); // Hide field already shown in banner - //unset($object->fields['fk_member']); // Hide field already shown in banner + unset($object->fields['fk_soc']); // Hide field already shown in banner include DOL_DOCUMENT_ROOT.'/core/tpl/commonfields_view.tpl.php'; + $forcefieldid = 'socid'; + $forceobjectid = $object->fk_soc; + include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_view.tpl.php'; print '
'; print '
'; From cceba665a267f49110b78564c22598fdd894be66 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 31 Aug 2021 12:29:14 +0200 Subject: [PATCH 210/215] NEW Option "Add a link on the PDF to make the online payment" --- htdocs/admin/pdf.php | 12 ++++ .../modules/facture/doc/pdf_crabe.modules.php | 60 ++++++++++++++----- .../facture/doc/pdf_sponge.modules.php | 55 ++++++++++------- htdocs/langs/en_US/admin.lang | 1 + 4 files changed, 92 insertions(+), 36 deletions(-) diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index 5030c487537..4d02a2ddb7a 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -104,6 +104,8 @@ if ($action == 'update') { if (GETPOSTISSET('PDF_USE_ALSO_LANGUAGE_CODE')) dolibarr_set_const($db, "PDF_USE_ALSO_LANGUAGE_CODE", GETPOST('PDF_USE_ALSO_LANGUAGE_CODE', 'alpha'), 'chaine', 0, '', $conf->entity); if (GETPOSTISSET('SHOW_SUBPRODUCT_REF_IN_PDF')) dolibarr_set_const($db, "SHOW_SUBPRODUCT_REF_IN_PDF", GETPOST('SHOW_SUBPRODUCT_REF_IN_PDF', 'alpha'), 'chaine', 0, '', $conf->entity); + if (GETPOSTISSET('PDF_SHOW_LINK_TO_ONLINE_PAYMENT')) dolibarr_set_const($db, "PDF_SHOW_LINK_TO_ONLINE_PAYMENT", GETPOST('PDF_SHOW_LINK_TO_ONLINE_PAYMENT', 'alpha'), 'chaine', 0, '', $conf->entity); + setEventMessages($langs->trans("SetupSaved"), null, 'mesgs'); header("Location: ".$_SERVER["PHP_SELF"]."?mainmenu=home&leftmenu=setup"); @@ -463,6 +465,16 @@ print ''.$langs->trans("ShowDetailsInPDFPageFoot").'selectarray('MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS', $arraydetailsforpdffoot, (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS) ? $conf->global->MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS : 0)); print ''; +// Show online payment link on invoices + +print ''.$langs->trans("PDF_SHOW_LINK_TO_ONLINE_PAYMENT").''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('PDF_SHOW_LINK_TO_ONLINE_PAYMENT'); +} else { + print $form->selectyesno('PDF_SHOW_LINK_TO_ONLINE_PAYMENT', (!empty($conf->global->PDF_SHOW_LINK_TO_ONLINE_PAYMENT)) ? $conf->global->PDF_SHOW_LINK_TO_ONLINE_PAYMENT : 0, 1); +} +print ''; + print ''; print '
'; diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index 4cd2699a3d4..13d83dbd3f1 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -248,6 +248,14 @@ class pdf_crabe extends ModelePDFFactures // Load translation files required by the page $outputlangs->loadLangs(array("main", "bills", "products", "dict", "companies")); + global $outputlangsbis; + $outputlangsbis = null; + if (!empty($conf->global->PDF_USE_ALSO_LANGUAGE_CODE) && $outputlangs->defaultlang != $conf->global->PDF_USE_ALSO_LANGUAGE_CODE) { + $outputlangsbis = new Translate('', $conf); + $outputlangsbis->setDefaultLang($conf->global->PDF_USE_ALSO_LANGUAGE_CODE); + $outputlangsbis->loadLangs(array("main", "bills", "products", "dict", "companies")); + } + $nblines = count($object->lines); // Loop on each lines to detect if there is at least one image to show @@ -761,10 +769,10 @@ class pdf_crabe extends ModelePDFFactures } // Display info area - $posy = $this->_tableau_info($pdf, $object, $bottomlasttab, $outputlangs); + $posy = $this->_tableau_info($pdf, $object, $bottomlasttab, $outputlangs, $outputlangsbis); // Display total area - $posy = $this->_tableau_tot($pdf, $object, $deja_regle, $bottomlasttab, $outputlangs); + $posy = $this->_tableau_tot($pdf, $object, $deja_regle, $bottomlasttab, $outputlangs, $outputlangsbis); // Display Payments area if (($deja_regle || $amount_credit_notes_included || $amount_deposits_included) && empty($conf->global->INVOICE_NO_PAYMENT_DETAILS)) { @@ -1014,9 +1022,10 @@ class pdf_crabe extends ModelePDFFactures * @param Facture $object Object to show * @param int $posy Y * @param Translate $outputlangs Langs object - * @return void + * @param Translate $outputlangsbis Object lang for output bis + * @return int Pos y */ - protected function _tableau_info(&$pdf, $object, $posy, $outputlangs) + protected function _tableau_info(&$pdf, $object, $posy, $outputlangs, $outputlangsbis) { // phpcs:enable global $conf, $mysoc; @@ -1053,7 +1062,7 @@ class pdf_crabe extends ModelePDFFactures $lib_condition_paiement = str_replace('\n', "\n", $lib_condition_paiement); $pdf->MultiCell(67, 4, $lib_condition_paiement, 0, 'L'); - $posy = $pdf->GetY() + 3; + $posy = $pdf->GetY() + 3; // We need spaces for 2 lines payment conditions } if ($object->type != 2) { @@ -1078,7 +1087,7 @@ class pdf_crabe extends ModelePDFFactures } // Show payment mode - if ($object->mode_reglement_code + if (!empty($object->mode_reglement_code) && $object->mode_reglement_code != 'CHQ' && $object->mode_reglement_code != 'VIR') { $pdf->SetFont('', 'B', $default_font_size - 2); @@ -1091,9 +1100,25 @@ class pdf_crabe extends ModelePDFFactures $lib_mode_reg = $outputlangs->transnoentities("PaymentType".$object->mode_reglement_code) != ('PaymentType'.$object->mode_reglement_code) ? $outputlangs->transnoentities("PaymentType".$object->mode_reglement_code) : $outputlangs->convToOutputCharset($object->mode_reglement); $pdf->MultiCell(80, 5, $lib_mode_reg, 0, 'L'); - // Show online payment link - $useonlinepayment = ((!empty($conf->paypal->enabled) || !empty($conf->stripe->enabled) || !empty($conf->paybox->enabled)) && !empty($conf->global->PDF_SHOW_LINK_TO_ONLINE_PAYMENT)); - if (($object->mode_reglement_code == 'CB' || $object->mode_reglement_code == 'VAD') && $object->statut != Facture::STATUS_DRAFT && $useonlinepayment) { + $posy = $pdf->GetY(); + } + + // Show online payment link + if (empty($object->mode_reglement_code) || $object->mode_reglement_code == 'CB' || $object->mode_reglement_code == 'VAD') { + $useonlinepayment = 0; + if (!empty($conf->global->PDF_SHOW_LINK_TO_ONLINE_PAYMENT)) { + if (!empty($conf->paypal->enabled)) { + $useonlinepayment++; + } + if (!empty($conf->stripe->enabled)) { + $useonlinepayment++; + } + if (!empty($conf->paybox->enabled)) { + $useonlinepayment++; + } + } + + if ($object->statut != Facture::STATUS_DRAFT && $useonlinepayment) { require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php'; global $langs; @@ -1102,11 +1127,11 @@ class pdf_crabe extends ModelePDFFactures $paiement_url = getOnlinePaymentUrl('', 'invoice', $object->ref, '', '', ''); $linktopay = $langs->trans("ToOfferALinkForOnlinePayment", $servicename).' '.$outputlangs->transnoentities("ClickHere").''; - $pdf->writeHTMLCell(80, 10, '', '', dol_htmlentitiesbr($linktopay), 0, 1); + $pdf->SetXY($this->marge_gauche, $posy); + $pdf->writeHTMLCell(80, 5, '', '', dol_htmlentitiesbr($linktopay), 0, 1); } - - $posy = $pdf->GetY() + 2; + $posy = $pdf->GetY() + 1; } // Show payment mode CHQ @@ -1181,12 +1206,13 @@ class pdf_crabe extends ModelePDFFactures * @param int $deja_regle Amount already paid (in the currency of invoice) * @param int $posy Position depart * @param Translate $outputlangs Objet langs + * @param Translate $outputlangsbis Object lang for output bis * @return int Position pour suite */ - protected function _tableau_tot(&$pdf, $object, $deja_regle, $posy, $outputlangs) + protected function _tableau_tot(&$pdf, $object, $deja_regle, $posy, $outputlangs, $outputlangsbis) { // phpcs:enable - global $conf, $mysoc; + global $conf, $mysoc, $hookmanager; $sign = 1; if ($object->type == 2 && !empty($conf->global->INVOICE_POSITIVE_CREDIT_NOTE)) { @@ -1253,7 +1279,8 @@ class pdf_crabe extends ModelePDFFactures $tvacompl = " (".$outputlangs->transnoentities("NonPercuRecuperable").")"; } - $totalvat = $outputlangs->transcountrynoentities("TotalLT1", $mysoc->country_code).' '; + $totalvat = $outputlangs->transcountrynoentities("TotalLT1", $mysoc->country_code).(is_object($outputlangsbis) ? ' / '.$outputlangsbis->transcountrynoentities("TotalLT1", $mysoc->country_code) : ''); + $totalvat .= ' '; $totalvat .= vatrate(abs($tvakey), 1).$tvacompl; $pdf->MultiCell($col2x - $col1x, $tab2_hl, $totalvat, 0, 'L', 1); @@ -1285,7 +1312,8 @@ class pdf_crabe extends ModelePDFFactures $tvakey = str_replace('*', '', $tvakey); $tvacompl = " (".$outputlangs->transnoentities("NonPercuRecuperable").")"; } - $totalvat = $outputlangs->transcountrynoentities("TotalLT2", $mysoc->country_code).' '; + $totalvat = $outputlangs->transcountrynoentities("TotalLT2", $mysoc->country_code).(is_object($outputlangsbis) ? ' / '.$outputlangsbis->transcountrynoentities("TotalLT2", $mysoc->country_code) : ''); + $totalvat .= ' '; $totalvat .= vatrate(abs($tvakey), 1).$tvacompl; $pdf->MultiCell($col2x - $col1x, $tab2_hl, $totalvat, 0, 'L', 1); diff --git a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php index be458fcdd1a..2bd8fb2ecec 100644 --- a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php @@ -906,10 +906,10 @@ class pdf_sponge extends ModelePDFFactures } // Display infos area - $posy = $this->drawInfoTable($pdf, $object, $bottomlasttab, $outputlangs); + $posy = $this->drawInfoTable($pdf, $object, $bottomlasttab, $outputlangs, $outputlangsbis); // Display total zone - $posy = $this->drawTotalTable($pdf, $object, $deja_regle, $bottomlasttab, $outputlangs); + $posy = $this->drawTotalTable($pdf, $object, $deja_regle, $bottomlasttab, $outputlangs, $outputlangsbis); // Display payment area if (($deja_regle || $amount_credit_notes_included || $amount_deposits_included) && empty($conf->global->INVOICE_NO_PAYMENT_DETAILS)) { @@ -1104,9 +1104,10 @@ class pdf_sponge extends ModelePDFFactures * @param Facture $object Object to show * @param int $posy Y * @param Translate $outputlangs Langs object + * @param Translate $outputlangsbis Object lang for output bis * @return int Pos y */ - protected function drawInfoTable(&$pdf, $object, $posy, $outputlangs) + protected function drawInfoTable(&$pdf, $object, $posy, $outputlangs, $outputlangsbis) { global $conf, $mysoc; @@ -1118,7 +1119,11 @@ class pdf_sponge extends ModelePDFFactures if ($this->emetteur->country_code == 'FR' && empty($mysoc->tva_assuj)) { $pdf->SetFont('', 'B', $default_font_size - 2); $pdf->SetXY($this->marge_gauche, $posy); - $pdf->MultiCell(100, 3, $outputlangs->transnoentities("VATIsNotUsedForInvoice"), 0, 'L', 0); + if ($mysoc->forme_juridique_code == 92) { + $pdf->MultiCell(100, 3, $outputlangs->transnoentities("VATIsNotUsedForInvoiceAsso"), 0, 'L', 0); + } else { + $pdf->MultiCell(100, 3, $outputlangs->transnoentities("VATIsNotUsedForInvoice"), 0, 'L', 0); + } $posy = $pdf->GetY() + 4; } @@ -1138,7 +1143,7 @@ class pdf_sponge extends ModelePDFFactures $lib_condition_paiement = str_replace('\n', "\n", $lib_condition_paiement); $pdf->MultiCell(67, 4, $lib_condition_paiement, 0, 'L'); - $posy = $pdf->GetY() + 3; + $posy = $pdf->GetY() + 3; // We need spaces for 2 lines payment conditions } if ($object->type != 2) { @@ -1163,7 +1168,7 @@ class pdf_sponge extends ModelePDFFactures } // Show payment mode - if ($object->mode_reglement_code + if (!empty($object->mode_reglement_code) && $object->mode_reglement_code != 'CHQ' && $object->mode_reglement_code != 'VIR') { $pdf->SetFont('', 'B', $default_font_size - 2); @@ -1176,9 +1181,25 @@ class pdf_sponge extends ModelePDFFactures $lib_mode_reg = $outputlangs->transnoentities("PaymentType".$object->mode_reglement_code) != ('PaymentType'.$object->mode_reglement_code) ? $outputlangs->transnoentities("PaymentType".$object->mode_reglement_code) : $outputlangs->convToOutputCharset($object->mode_reglement); $pdf->MultiCell(80, 5, $lib_mode_reg, 0, 'L'); - // Show online payment link - $useonlinepayment = ((!empty($conf->paypal->enabled) || !empty($conf->stripe->enabled) || !empty($conf->paybox->enabled)) && !empty($conf->global->PDF_SHOW_LINK_TO_ONLINE_PAYMENT)); - if (($object->mode_reglement_code == 'CB' || $object->mode_reglement_code == 'VAD') && $object->statut != Facture::STATUS_DRAFT && $useonlinepayment) { + $posy = $pdf->GetY(); + } + + // Show online payment link + if (empty($object->mode_reglement_code) || $object->mode_reglement_code == 'CB' || $object->mode_reglement_code == 'VAD') { + $useonlinepayment = 0; + if (!empty($conf->global->PDF_SHOW_LINK_TO_ONLINE_PAYMENT)) { + if (!empty($conf->paypal->enabled)) { + $useonlinepayment++; + } + if (!empty($conf->stripe->enabled)) { + $useonlinepayment++; + } + if (!empty($conf->paybox->enabled)) { + $useonlinepayment++; + } + } + + if ($object->statut != Facture::STATUS_DRAFT && $useonlinepayment) { require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php'; global $langs; @@ -1187,10 +1208,11 @@ class pdf_sponge extends ModelePDFFactures $paiement_url = getOnlinePaymentUrl('', 'invoice', $object->ref, '', '', ''); $linktopay = $langs->trans("ToOfferALinkForOnlinePayment", $servicename).' '.$outputlangs->transnoentities("ClickHere").''; - $pdf->writeHTMLCell(80, 10, '', '', dol_htmlentitiesbr($linktopay), 0, 1); + $pdf->SetXY($this->marge_gauche, $posy); + $pdf->writeHTMLCell(80, 5, '', '', dol_htmlentitiesbr($linktopay), 0, 1); } - $posy = $pdf->GetY() + 2; + $posy = $pdf->GetY() + 1; } // Show payment mode CHQ @@ -1263,9 +1285,10 @@ class pdf_sponge extends ModelePDFFactures * @param int $deja_regle Amount already paid (in the currency of invoice) * @param int $posy Position depart * @param Translate $outputlangs Objet langs + * @param Translate $outputlangsbis Object lang for output bis * @return int Position pour suite */ - protected function drawTotalTable(&$pdf, $object, $deja_regle, $posy, $outputlangs) + protected function drawTotalTable(&$pdf, $object, $deja_regle, $posy, $outputlangs, $outputlangsbis) { global $conf, $mysoc, $hookmanager; @@ -1276,14 +1299,6 @@ class pdf_sponge extends ModelePDFFactures $default_font_size = pdf_getPDFFontSize($outputlangs); - $outputlangsbis = null; - if (!empty($conf->global->PDF_USE_ALSO_LANGUAGE_CODE) && $outputlangs->defaultlang != $conf->global->PDF_USE_ALSO_LANGUAGE_CODE) { - $outputlangsbis = new Translate('', $conf); - $outputlangsbis->setDefaultLang($conf->global->PDF_USE_ALSO_LANGUAGE_CODE); - $outputlangsbis->loadLangs(array("main", "dict", "companies", "bills", "products", "propal")); - $default_font_size--; - } - $tab2_top = $posy; $tab2_hl = 4; $pdf->SetFont('', '', $default_font_size - 1); diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 454df4ed28e..76dd117dbd8 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2163,3 +2163,4 @@ APIsAreNotEnabled=APIs modules are not enabled YouShouldSetThisToOff=You should set this to 0 or off InstallAndUpgradeLockedBy=Install and upgrades are locked by the file %s OldImplementation=Old implementation +PDF_SHOW_LINK_TO_ONLINE_PAYMENT=If some online payment modules are enabled (Paypal, Stripe, ...), add a link on the PDF to make the online payment \ No newline at end of file From bbf219fd7b64460593f725a640eef8ae98ab2b9a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 31 Aug 2021 13:09:52 +0200 Subject: [PATCH 211/215] FIX Export of website generates a package that contains a sql error --- htdocs/website/class/website.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 7e70bfddc6d..3872f9be6eb 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -1091,8 +1091,8 @@ class Website extends CommonObject } } - $line .= "\n-- For Dolibarr v14+ --\n"; - $line .= "UPDATE llx_website SET fk_default_lang = '".$this->db->escape($this->fk_default_lang)."' WHERE rowid = __WEBSITE_ID__;\n"; + $line = "\n-- For Dolibarr v14+ --;\n"; + $line .= "UPDATE llx_website SET lang = '".$this->db->escape($this->fk_default_lang)."' WHERE rowid = __WEBSITE_ID__;\n"; $line .= "UPDATE llx_website SET otherlang = '".$this->db->escape($this->otherlang)."' WHERE rowid = __WEBSITE_ID__;\n"; $line .= "\n"; fputs($fp, $line); From 72131110e789d51f7b656b54e8296fbbd93a846a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 31 Aug 2021 18:03:37 +0200 Subject: [PATCH 212/215] Fix protect public pages --- htdocs/public/cron/cron_run_jobs_by_url.php | 4 +++ htdocs/public/cron/index.html | 0 htdocs/public/cron/index.php | 27 +++++++++++++++++++++ htdocs/public/index.php | 4 +-- htdocs/public/notice.php | 10 ++++---- htdocs/public/ticket/create_ticket.php | 4 +++ htdocs/public/ticket/index.php | 4 +++ htdocs/public/ticket/list.php | 3 +++ htdocs/public/ticket/view.php | 4 +++ 9 files changed, 53 insertions(+), 7 deletions(-) delete mode 100644 htdocs/public/cron/index.html create mode 100644 htdocs/public/cron/index.php diff --git a/htdocs/public/cron/cron_run_jobs_by_url.php b/htdocs/public/cron/cron_run_jobs_by_url.php index 133c5d1b18a..9369a9d78a7 100644 --- a/htdocs/public/cron/cron_run_jobs_by_url.php +++ b/htdocs/public/cron/cron_run_jobs_by_url.php @@ -67,6 +67,10 @@ global $langs, $conf; // Language Management $langs->loadLangs(array("admin", "cron", "dict")); +// Security check +if (empty($conf->cron->enabled)) { + accessforbidden('', 0, 0, 1); +} diff --git a/htdocs/public/cron/index.html b/htdocs/public/cron/index.html deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/htdocs/public/cron/index.php b/htdocs/public/cron/index.php new file mode 100644 index 00000000000..a62d2d1ba68 --- /dev/null +++ b/htdocs/public/cron/index.php @@ -0,0 +1,27 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/public/cron/index.php + * \ingroup core + * \brief A redirect page to an error + */ + +require '../../master.inc.php'; + +header("Location: ".DOL_URL_ROOT.'/public/error-404.php'); +exit; diff --git a/htdocs/public/index.php b/htdocs/public/index.php index a9de01f35ca..6e80d99430f 100644 --- a/htdocs/public/index.php +++ b/htdocs/public/index.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2009-2021 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -18,7 +18,7 @@ /** * \file htdocs/public/index.php * \ingroup core - * \brief A redirect page to an error + * \brief A redirect page to an error page */ require '../master.inc.php'; diff --git a/htdocs/public/notice.php b/htdocs/public/notice.php index c41bf81bea4..d5ac4070ff0 100644 --- a/htdocs/public/notice.php +++ b/htdocs/public/notice.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2016-2021 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,10 +17,10 @@ /** * \file htdocs/public/notice.php - * \brief Dolibarr page to show a notice. - * Default notice is a message to say network connection is off or show another message. - * You can also call this page with URL: - * /public/notice.php?lang=xx_XX&transkey=translation_key (key must be inside file main.lang, error.lang or other.lang) + * \brief Dolibarr public page to show a notice. + * Default notice is a message to say network connection is off. Some parameters can be used to show another message. + * You can call this page with URL: + * /public/notice.php?lang=xx_XX&transkey=translation_key (key must be inside file main.lang, error.lang or other.lang) * /public/notice.php?transphrase=url_encoded_sentence_to_show */ diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index b911e7480d3..70f652ebc05 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -75,6 +75,10 @@ $extrafields = new ExtraFields($db); $extrafields->fetch_name_optionals_label($object->table_element); +if (empty($conf->ticket->enabled)) { + accessforbidden('', 0, 0, 1); +} + /* * Actions diff --git a/htdocs/public/ticket/index.php b/htdocs/public/ticket/index.php index 31ee838f6f5..6abeb5f8b12 100644 --- a/htdocs/public/ticket/index.php +++ b/htdocs/public/ticket/index.php @@ -61,6 +61,10 @@ $langs->loadLangs(array('companies', 'other', 'ticket', 'errors')); $track_id = GETPOST('track_id', 'alpha'); $action = GETPOST('action', 'aZ09'); +if (empty($conf->ticket->enabled)) { + accessforbidden('', 0, 0, 1); +} + /* * View diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 3df9d33eb4a..db5f5d8d754 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -70,6 +70,9 @@ if (isset($_SESSION['email_customer'])) { $object = new Ticket($db); +if (empty($conf->ticket->enabled)) { + accessforbidden('', 0, 0, 1); +} diff --git a/htdocs/public/ticket/view.php b/htdocs/public/ticket/view.php index 1270ad6c0fa..b914ed0631e 100644 --- a/htdocs/public/ticket/view.php +++ b/htdocs/public/ticket/view.php @@ -68,6 +68,10 @@ if (isset($_SESSION['email_customer'])) { $object = new ActionsTicket($db); +if (empty($conf->ticket->enabled)) { + accessforbidden('', 0, 0, 1); +} + /* * Actions From d2d7b0defdc7f0152a480222a963fbb519f5f875 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 31 Aug 2021 20:15:41 +0200 Subject: [PATCH 213/215] Fix duplicate ; --- htdocs/adherents/card.php | 2 +- htdocs/adherents/stats/geo.php | 2 +- htdocs/adherents/type.php | 2 +- htdocs/comm/propal/list.php | 2 +- htdocs/core/lib/tax.lib.php | 2 +- htdocs/public/project/index.php | 2 +- htdocs/public/project/suggestbooth.php | 2 +- htdocs/public/project/suggestconference.php | 2 +- htdocs/public/project/viewandvote.php | 2 +- htdocs/supplier_proposal/card.php | 2 +- htdocs/takepos/css/phone.css | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 01513def14d..b614afd25b2 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -1937,7 +1937,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (!empty($conf->societe->enabled) && !$object->socid) { if ($user->rights->societe->creer) { if (Adherent::STATUS_DRAFT != $object->statut) { - print ''.$langs->trans("CreateDolibarrThirdParty").''."\n";; + print ''.$langs->trans("CreateDolibarrThirdParty").''."\n"; } else { print ''.$langs->trans("CreateDolibarrThirdParty").''."\n"; } diff --git a/htdocs/adherents/stats/geo.php b/htdocs/adherents/stats/geo.php index 16dfc3ccff6..e751a7b5c65 100644 --- a/htdocs/adherents/stats/geo.php +++ b/htdocs/adherents/stats/geo.php @@ -308,7 +308,7 @@ if ($mode) { print ''; foreach ($data as $val) { - $year = isset($val['year']) ? $val['year'] : '';; + $year = isset($val['year']) ? $val['year'] : ''; print ''; print ''.$val['label'].''; if (isset($label2)) { diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index af65f32b510..839e0c8ba47 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -172,7 +172,7 @@ if ($action == 'update' && $user->rights->adherent->configurer) { $object->morphy = trim($morphy); $object->status = (int) $status; $object->subscription = (int) $subscription; - $object->amount = ($amount == '' ? '' : price2num($amount, 'MT'));; + $object->amount = ($amount == '' ? '' : price2num($amount, 'MT')); $object->duration_value = $duration_value; $object->duration_unit = $duration_unit; $object->note = trim($comment); diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 095b6770fe7..ff8a583b0ef 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -346,7 +346,7 @@ if ($action == "sign" && $permissiontoclose) { foreach ($toselect as $checked) { if ($tmpproposal->fetch($checked)) { if ($tmpproposal->statut == $tmpproposal::STATUS_VALIDATED) { - $tmpproposal->statut = $tmpproposal::STATUS_SIGNED;; + $tmpproposal->statut = $tmpproposal::STATUS_SIGNED; if ($tmpproposal->closeProposal($user, $tmpproposal::STATUS_SIGNED)) { setEventMessage($tmpproposal->ref." ".$langs->trans('Signed'), 'mesgs'); } else { diff --git a/htdocs/core/lib/tax.lib.php b/htdocs/core/lib/tax.lib.php index 743a847b2f2..40e50544b22 100644 --- a/htdocs/core/lib/tax.lib.php +++ b/htdocs/core/lib/tax.lib.php @@ -751,7 +751,7 @@ function tax_by_rate($type, $db, $y, $q, $date_start, $date_end, $modetax, $dire $sql .= " pf.".$fk_payment." as payment_id, pf.amount as payment_amount,"; $sql .= " pa.datep as datep, pa.ref as payment_ref"; $sql .= " FROM ".MAIN_DB_PREFIX.$invoicetable." as f"; - $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$paymentfacturetable." as pf ON pf.".$fk_facture2." = f.rowid";; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$paymentfacturetable." as pf ON pf.".$fk_facture2." = f.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$paymenttable." as pa ON pa.rowid = pf.".$fk_payment; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$invoicedettable." as d ON d.".$fk_facture." = f.rowid"; diff --git a/htdocs/public/project/index.php b/htdocs/public/project/index.php index 70e546cdbd9..5426d7761e3 100644 --- a/htdocs/public/project/index.php +++ b/htdocs/public/project/index.php @@ -196,7 +196,7 @@ print ''."\n"; $text = ''."\n"; $text .= ''."\n"; -$text .= ''."\n";; +$text .= ''."\n"; print $text; diff --git a/htdocs/public/project/suggestbooth.php b/htdocs/public/project/suggestbooth.php index c695ea9cec1..4598859b7b6 100644 --- a/htdocs/public/project/suggestbooth.php +++ b/htdocs/public/project/suggestbooth.php @@ -542,7 +542,7 @@ print '
'; // Welcome message $text = '

'; $text .= ''."\n"; -$text .= ''."\n";; +$text .= ''."\n"; print $text; print ''; diff --git a/htdocs/public/project/suggestconference.php b/htdocs/public/project/suggestconference.php index 399969bc80d..dc79346b427 100644 --- a/htdocs/public/project/suggestconference.php +++ b/htdocs/public/project/suggestconference.php @@ -473,7 +473,7 @@ print '
'; // Welcome message $text = '

'; $text .= ''."\n"; -$text .= ''."\n";; +$text .= ''."\n"; print $text; print ''; diff --git a/htdocs/public/project/viewandvote.php b/htdocs/public/project/viewandvote.php index e78176a5f56..017dda834c6 100644 --- a/htdocs/public/project/viewandvote.php +++ b/htdocs/public/project/viewandvote.php @@ -271,7 +271,7 @@ if (!empty($conf->global->PROJECT_IMAGE_PUBLIC_SUGGEST_BOOTH)) { print '

'.$langs->trans("EvntOrgRegistrationWelcomeMessage").'
'.$langs->trans("EvntOrgRegistrationHelpMessage").' '.$id.'.

'.$project->note_public.'

'.$project->note_public.'

'.$langs->trans("EvntOrgRegistrationBoothWelcomeMessage").'
'.$langs->trans("EvntOrgRegistrationBoothHelpMessage").' '.$id.'.

'.$project->note_public.'
'.$project->note_public.'
'.$langs->trans("EvntOrgRegistrationConfWelcomeMessage").'
'.$langs->trans("EvntOrgRegistrationConfHelpMessage").' '.$id.'.

'.$project->note_public.'
'.$project->note_public.'
'."\n"; $text = ''."\n"; $text .= ''."\n"; -$text .= ''."\n";; +$text .= ''."\n"; print $text; print '

'.$langs->trans("EvntOrgRegistrationWelcomeMessage").'
'.$langs->trans("EvntOrgVoteHelpMessage").' : "'.$project->title.'".

'.$project->note_public.'
'.$project->note_public.'
'."\n"; diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 8b2b473d2a1..65d509854e4 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -1804,7 +1804,7 @@ if ($action == 'create') { $form_close .= $object->note_private; $form_close .= ''; $form_close .= ''; - $form_close .= $form->buttonsSaveCancel();; + $form_close .= $form->buttonsSaveCancel(); $form_close .= ' '; $form_close .= ''; diff --git a/htdocs/takepos/css/phone.css b/htdocs/takepos/css/phone.css index bdfdf45e116..2b0cf62797f 100644 --- a/htdocs/takepos/css/phone.css +++ b/htdocs/takepos/css/phone.css @@ -151,7 +151,7 @@ button.publicphonebutton { float:left; width: 50%; text-align:center; - height:150px;; + height:150px; overflow:hidden; margin-bottom:5px; font-size:18px; From f257d4372ae658c451dee4b440e2147f6be792e7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 31 Aug 2021 20:21:20 +0200 Subject: [PATCH 214/215] Fix bad test --- htdocs/user/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/list.php b/htdocs/user/list.php index 69e94e1cfdc..89f9191751b 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -858,7 +858,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $canreadhrmdata = 1; } $canreadsecretapi = 0; - if ($user->id = $obj->rowid || !empty($user->admin)) { // Current user or admin + if ($user->id == $obj->rowid || !empty($user->admin)) { // Current user or admin $canreadsecretapi = 1; } From 19f0db23dfdbf10d296b34b7a1b4d41aea40babb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 31 Aug 2021 20:31:05 +0200 Subject: [PATCH 215/215] Fix scrutinizer bugs --- htdocs/admin/ihm.php | 2 +- .../compta/prelevement/class/rejetprelevement.class.php | 2 +- htdocs/core/class/validate.class.php | 9 ++++----- htdocs/core/modules/modFckeditor.class.php | 2 +- htdocs/core/tpl/commonfields_edit.tpl.php | 2 +- htdocs/knowledgemanagement/knowledgerecord_card.php | 2 +- htdocs/mrp/class/api_mos.class.php | 4 ++-- 7 files changed, 11 insertions(+), 12 deletions(-) diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index 5b9a11dcf5f..9d8f655a608 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -265,7 +265,7 @@ if ($action == 'update') { $_SESSION["mainmenu"] = ""; // The menu manager may have changed - header("Location: ".$_SERVER["PHP_SELF"]."?mainmenu=home&leftmenu=setup".'&mode='.$mode.(GETPOSTISSET('page_y', 'int') ? '&page_y='.GETPOST('page_y', 'int') : '')); + header("Location: ".$_SERVER["PHP_SELF"]."?mainmenu=home&leftmenu=setup".'&mode='.$mode.(GETPOSTISSET('page_y') ? '&page_y='.GETPOST('page_y', 'int') : '')); exit; } diff --git a/htdocs/compta/prelevement/class/rejetprelevement.class.php b/htdocs/compta/prelevement/class/rejetprelevement.class.php index 4a515357495..c10b0de662c 100644 --- a/htdocs/compta/prelevement/class/rejetprelevement.class.php +++ b/htdocs/compta/prelevement/class/rejetprelevement.class.php @@ -100,7 +100,7 @@ class RejetPrelevement $facs = $this->getListInvoices(1); require_once DOL_DOCUMENT_ROOT.'/compta/prelevement/class/ligneprelevement.class.php'; - $lipre = new LignePrelevement($this->db, $user); + $lipre = new LignePrelevement($this->db); $lipre->fetch($id); $this->db->begin(); diff --git a/htdocs/core/class/validate.class.php b/htdocs/core/class/validate.class.php index 61b8931179e..1b2447dc23a 100644 --- a/htdocs/core/class/validate.class.php +++ b/htdocs/core/class/validate.class.php @@ -46,13 +46,12 @@ class Validate /** - * Constructor + * Constructor * - * @param DoliDB $db Database handler - * @param Translate $outputLang output lang for error - * @return null + * @param DoliDB $db Database handler + * @param Translate $outputLang Output lang for error */ - public function __construct($db, $outputLang = false) + public function __construct($db, $outputLang = null) { global $langs; diff --git a/htdocs/core/modules/modFckeditor.class.php b/htdocs/core/modules/modFckeditor.class.php index 7742051989e..94912030a56 100644 --- a/htdocs/core/modules/modFckeditor.class.php +++ b/htdocs/core/modules/modFckeditor.class.php @@ -63,7 +63,7 @@ class modFckeditor extends DolibarrModules $this->config_page_url = array("fckeditor.php"); // Dependencies - $this->disabled = (in_array(constant('JS_CKEDITOR'), array('disabled', 'disabled/')) ? 1 : 0); // A condition to disable module (used for native debian packages) + $this->disabled = in_array(constant('JS_CKEDITOR'), array('disabled', 'disabled/')); $this->depends = array(); $this->requiredby = array('modWebsites'); diff --git a/htdocs/core/tpl/commonfields_edit.tpl.php b/htdocs/core/tpl/commonfields_edit.tpl.php index a56ca8d865a..abf3144de8f 100644 --- a/htdocs/core/tpl/commonfields_edit.tpl.php +++ b/htdocs/core/tpl/commonfields_edit.tpl.php @@ -81,7 +81,7 @@ foreach ($object->fields as $key => $val) { } elseif ($val['type'] == 'price') { $value = GETPOSTISSET($key) ? price2num(GETPOST($key)) : price2num($object->$key); } elseif ($key == 'lang') { - $value = GETPOSTISSET($key, 'aZ09') ? GETPOST($key, 'aZ09') : $object->lang; + $value = GETPOSTISSET($key) ? GETPOST($key, 'aZ09') : $object->lang; } else { $value = GETPOSTISSET($key) ? GETPOST($key, 'alpha') : $object->$key; } diff --git a/htdocs/knowledgemanagement/knowledgerecord_card.php b/htdocs/knowledgemanagement/knowledgerecord_card.php index 68ab9fe98f4..08092696cab 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_card.php +++ b/htdocs/knowledgemanagement/knowledgerecord_card.php @@ -120,7 +120,7 @@ if (empty($reshook)) { // Upadate / add for lang if (($action == 'update' || $action == 'add') && !empty($permissiontoadd)) { - $object->lang = GETPOSTISSET('langkm', 'aZ09')?GETPOST('langkm', 'aZ09'):$object->lang; + $object->lang = (GETPOSTISSET('langkm') ? GETPOST('langkm', 'aZ09') : $object->lang); } // Actions cancel, add, update, update_extras, confirm_validate, confirm_delete, confirm_deleteline, confirm_clone, confirm_close, confirm_setdraft, confirm_reopen diff --git a/htdocs/mrp/class/api_mos.class.php b/htdocs/mrp/class/api_mos.class.php index ed17db03db6..a59a7247338 100644 --- a/htdocs/mrp/class/api_mos.class.php +++ b/htdocs/mrp/class/api_mos.class.php @@ -370,12 +370,12 @@ class Mos extends DolibarrApi $qtytoprocess = $value["qty"]; if (isset($value["fk_warehouse"])) { // If there is a warehouse to set if (!($value["fk_warehouse"] > 0)) { // If there is no warehouse set. - throw new RestException(500, "Field fk_warehouse must be > 0 in ".$arrayname); $error++; + throw new RestException(500, "Field fk_warehouse must be > 0 in ".$arrayname); } if ($tmpproduct->status_batch) { - throw new RestException(500, "Product ".$tmpproduct->ref."must be in batch"); $error++; + throw new RestException(500, "Product ".$tmpproduct->ref."must be in batch"); } } $idstockmove = 0;