diff --git a/ChangeLog b/ChangeLog index 951c4297f0c..7537a891c9b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,54 @@ Following changes may create regressions for some external modules, but were nec * If your database is MySql or MariaDB, you need at least version 5.1 + +***** ChangeLog for 13.0.2 compared to 13.0.1 ***** + +FIX: 11.0 - $this->socid injected in query without checking for empty value +FIX: #16096 #16085 Any call of ajax pages must provide the token +FIX: #16296 +FIX: #16325 +FIX: #16341 : Fetch the Product ExtraFields in Shippment lines +FIX: #16366 +FIX: #16393 Do not sanitize +FIX: #16420 #16423 #16488 #16477 +FIX: #16431 +FIX: #16465 +FIX: #16480 +FIX: #16485 +FIX: #16487 +FIX: #16503 +FIX: #16530 +FIX: #16533 +FIX: #16629 +FIX: #16671 Can not generate zip file of documents in backup tool +FIX: Add "Now" link on social charges creation card +FIX: avoid undefined url and missing token +FIX: Bad project filter in ticket list +FIX: Buttons to disable bindings not working +FIX: class not found when creating recuring invoice from invoice+discount +FIX: File attachment on lots +FIX: handling $heightforinfotot when he's superior to a page height on Supplier Invoice +FIX: hourglass and hide button to pay +FIX: massaction validate invoice do not regenerate pdf +FIX: missing mp4 video mime +FIX: picto on shipment to reset qty to 0. Some quantities were not reset. +FIX: Protection to avoid #16504 +FIX: rounding amount on card updating +FIX: Rounding amount on social charges card updating +FIX: select list dependencies now work for ModuleBuilder sellist field +FIX: Status in popup of member in widget +FIX: status on tooltip on widgets +FIX: Timezone management for datetime on list of events +FIX: Timezone management for datetime with modulebuilder and extrafields +FIX: Total_ht not show in contract link element +FIX: use post instead get +FIX: use var "saved_url" instead global var "$url" +FIX: Various payment - Missing fields for check transmitter & bank name +FIX: warning if setup of chart of account is not yet done. +FIX: wrong extension + + ***** ChangeLog for 13.0.1 compared to 13.0.0 ***** FIX: 10.0 before crediting a withdrawal receipt, check whether it has been credited already. diff --git a/build/debian/control b/build/debian/control index eed54669555..059325eecb9 100755 --- a/build/debian/control +++ b/build/debian/control @@ -33,7 +33,7 @@ Depends: libapache2-mod-php5 | libapache2-mod-php5filter | php5-cgi | php5-fpm | Recommends: apache2 | lighttpd | httpd, mariadb-server | virtual-mysql-server, # Required PHP extensions for debian 9 but we can't add them into a Depends, it does not exists on debian 7 and 8 - php-xml, php-mbstring + php-xml, php-mbstring, php-intl Suggests: www-browser, php5-geoip Description: Web based software to manage a company or foundation Dolibarr ERP & CRM is an easy to use open source/free software package for diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php index 253c320bde0..caf98c7d91c 100644 --- a/htdocs/accountancy/admin/card.php +++ b/htdocs/accountancy/admin/card.php @@ -212,8 +212,10 @@ $accountsystem = new AccountancySystem($db); $accountsystem->fetch($conf->global->CHARTOFACCOUNTS); $title = $langs->trans('AccountAccounting')." - ".$langs->trans('Card'); -$helpurl = ''; -llxheader('', $title, $helpurl); + +$help_url = 'EN:Category:Accounting'; + +llxheader('', $title, $help_url); // Create mode diff --git a/htdocs/accountancy/admin/fiscalyear_card.php b/htdocs/accountancy/admin/fiscalyear_card.php index aef52a91236..7fdd7c19e32 100644 --- a/htdocs/accountancy/admin/fiscalyear_card.php +++ b/htdocs/accountancy/admin/fiscalyear_card.php @@ -298,10 +298,10 @@ if ($action == 'create') { print dol_get_fiche_end(); + /* + * Action bar + */ if (!empty($user->rights->accounting->fiscalyear->write)) { - /* - * Barre d'actions - */ print '
'; print ''.$langs->trans('Modify').''; diff --git a/htdocs/accountancy/admin/index.php b/htdocs/accountancy/admin/index.php index 21ee5ce20e9..b5443486648 100644 --- a/htdocs/accountancy/admin/index.php +++ b/htdocs/accountancy/admin/index.php @@ -7,6 +7,7 @@ * Copyright (C) 2014 Juanjo Menent * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2017 Laurent Destailleur + * Copyright (C) 2021 Ferran Marcet * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -383,11 +384,11 @@ foreach ($list_binding as $key) { print ''; print ''.$langs->trans("ACCOUNTING_DISABLE_BINDING_ON_SALES").''; if (!empty($conf->global->ACCOUNTING_DISABLE_BINDING_ON_SALES)) { - print ''; + print ''; print img_picto($langs->trans("Activated"), 'switch_on'); print ''; } else { - print ''; + print ''; print img_picto($langs->trans("Disabled"), 'switch_off'); print ''; } @@ -396,11 +397,11 @@ print ''; print ''; print ''.$langs->trans("ACCOUNTING_DISABLE_BINDING_ON_PURCHASES").''; if (!empty($conf->global->ACCOUNTING_DISABLE_BINDING_ON_PURCHASES)) { - print ''; + print ''; print img_picto($langs->trans("Activated"), 'switch_on'); print ''; } else { - print ''; + print ''; print img_picto($langs->trans("Disabled"), 'switch_off'); print ''; } @@ -409,11 +410,11 @@ print ''; print ''; print ''.$langs->trans("ACCOUNTING_DISABLE_BINDING_ON_EXPENSEREPORTS").''; if (!empty($conf->global->ACCOUNTING_DISABLE_BINDING_ON_EXPENSEREPORTS)) { - print ''; + print ''; print img_picto($langs->trans("Activated"), 'switch_on'); print ''; } else { - print ''; + print ''; print img_picto($langs->trans("Disabled"), 'switch_off'); print ''; } diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index 35473c6329e..e03790a8995 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -135,6 +135,18 @@ if (!empty($search_accountancy_code_end)) { $param .= '&search_accountancy_code_end='.$search_accountancy_code_end; } +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + + + /* * Action */ diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php index 3ab9ed0a702..60645353976 100644 --- a/htdocs/accountancy/bookkeeping/card.php +++ b/htdocs/accountancy/bookkeeping/card.php @@ -44,13 +44,6 @@ $id = GETPOST('id', 'int'); // id of record $mode = GETPOST('mode', 'aZ09'); // '' or '_tmp' $piece_num = GETPOST("piece_num", 'int'); // id of transaction (several lines share the same transaction id) -// Security check -if ($user->socid > 0) { - accessforbidden(); -} - -$mesg = ''; - $accountingaccount = new AccountingAccount($db); $accountingjournal = new AccountingJournal($db); @@ -83,6 +76,17 @@ if (!empty($update)) { $object = new BookKeeping($db); +// Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Actions diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 8ca4175f87f..40a8284adc4 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -3,7 +3,7 @@ * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2013-2020 Alexandre Spangaro * Copyright (C) 2016-2017 Laurent Destailleur - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -171,6 +171,16 @@ if (empty($listofformat[$formatexportset])) { $error = 0; +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Actions @@ -471,7 +481,7 @@ if (count($filter) > 0) { } } $sql .= ' WHERE t.entity IN ('.getEntity('accountancy').')'; -if ($conf->global->ACCOUNTING_REEXPORT == 0) { +if (empty($conf->global->ACCOUNTING_REEXPORT)) { $sql .= " AND t.date_export IS NULL"; } if (count($sqlwhere) > 0) { @@ -487,7 +497,7 @@ if (!empty($sortfield)) { // Must be after definition of $sql if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->export) { // TODO Replace the fetchAll + ->export later that consume too much memory on large export with the query($sql) and loop on each line to export them. - $result = $object->fetchAll($sortorder, $sortfield, 0, 0, $filter, 'AND', $conf->global->ACCOUNTING_REEXPORT); + $result = $object->fetchAll($sortorder, $sortfield, 0, 0, $filter, 'AND', (empty($conf->global->ACCOUNTING_REEXPORT) ? 0 : 1)); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/accountancy/bookkeeping/listbyaccount.php b/htdocs/accountancy/bookkeeping/listbyaccount.php index 99b644d1e0a..24bcc4706c1 100644 --- a/htdocs/accountancy/bookkeeping/listbyaccount.php +++ b/htdocs/accountancy/bookkeeping/listbyaccount.php @@ -163,6 +163,16 @@ if ($search_date_end && empty($search_date_endyear)) { $search_date_endday = $tmparray['mday']; } +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Action diff --git a/htdocs/accountancy/bookkeeping/listbysubaccount.php b/htdocs/accountancy/bookkeeping/listbysubaccount.php index 72b6574bea5..129e695de3c 100644 --- a/htdocs/accountancy/bookkeeping/listbysubaccount.php +++ b/htdocs/accountancy/bookkeeping/listbysubaccount.php @@ -163,10 +163,21 @@ if ($search_date_end && empty($search_date_endyear)) { $search_date_endday = $tmparray['mday']; } +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Action */ + if (GETPOST('cancel', 'alpha')) { $action = 'list'; $massaction = ''; } diff --git a/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php b/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php index a2192d5ea60..0064e8c4715 100644 --- a/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php +++ b/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php @@ -94,6 +94,16 @@ if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Action @@ -128,7 +138,7 @@ $form = new Form($db); $formaccounting = new FormAccounting($db); $title = $object->name." - ".$langs->trans('TabLetteringCustomer'); -$help_url = 'EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas'; +$help_url = 'EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas|DE:Modul_Geschäftspartner'; llxHeader('', $title, $help_url); $head = societe_prepare_head($object); diff --git a/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php b/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php index f8167846aff..a73f711e15a 100644 --- a/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php +++ b/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php @@ -94,10 +94,21 @@ if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Action */ + if ($action == 'lettering') { $result = $lettering->updateLettering($toselect); @@ -127,7 +138,7 @@ $form = new Form($db); $formaccounting = new FormAccounting($db); $title = $object->name." - ".$langs->trans('TabLetteringSupplier'); -$help_url = 'EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas'; +$help_url = 'EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas|DE:Modul_Geschäftspartner'; llxHeader('', $title, $help_url); $head = societe_prepare_head($object); diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index 94e59de1812..3ba552cdfa4 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -35,17 +35,6 @@ $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); -// Security check -if (empty($conf->accounting->enabled)) { - accessforbidden(); -} -if ($user->socid > 0) { - accessforbidden(); -} -if (!$user->rights->accounting->fiscalyear->write) { - accessforbidden(); -} - $object = new BookKeeping($db); $month_start = ($conf->global->SOCIETE_FISCAL_MONTH_START ? ($conf->global->SOCIETE_FISCAL_MONTH_START) : 1); @@ -67,10 +56,23 @@ $search_date_start = dol_mktime(0, 0, 0, $month_start, 1, $year_start); $search_date_end = dol_get_last_day($year_end, $month_end); $year_current = $year_start; +// Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (!$user->rights->accounting->fiscalyear->write) { + accessforbidden(); +} + + /* * Actions */ -if ($action == 'validate_movements_confirm' && $user->rights->accounting->fiscalyear->write) { + +if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting->fiscalyear->write)) { $result = $object->fetchAll(); if ($result < 0) { diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index 1209576ddba..98e9151877e 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -38,9 +38,16 @@ $codeventil = GETPOST('codeventil', 'int'); $id = GETPOST('id', 'int'); // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* diff --git a/htdocs/accountancy/customer/lines.php b/htdocs/accountancy/customer/lines.php index 983e7957583..3b14450fab1 100644 --- a/htdocs/accountancy/customer/lines.php +++ b/htdocs/accountancy/customer/lines.php @@ -80,13 +80,17 @@ if (!$sortorder) { } // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } -if (!$user->rights->accounting->bind->write) { +if (empty($user->rights->accounting->mouvements->lire)) { accessforbidden(); } + $formaccounting = new FormAccounting($db); @@ -112,7 +116,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_tvaintra = ''; } -if (is_array($changeaccount) && count($changeaccount) > 0) { +if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) { $error = 0; if (!(GETPOST('account_parent', 'int') >= 0)) { diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index 8d5c2788425..7014474ce4f 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -88,10 +88,13 @@ if (!$sortorder) { } // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } -if (!$user->rights->accounting->bind->write) { +if (empty($user->rights->accounting->mouvements->lire)) { accessforbidden(); } @@ -148,7 +151,7 @@ if (empty($reshook)) { } -if ($massaction == 'ventil') { +if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $msg = ''; //print '
' . $langs->trans("Processing") . '...
'; diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index f997f666e6e..200a493cfed 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -42,9 +42,15 @@ $codeventil = GETPOST('codeventil', 'int'); $id = GETPOST('id', 'int'); // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} /* diff --git a/htdocs/accountancy/expensereport/index.php b/htdocs/accountancy/expensereport/index.php index ffa0bfcc07d..38f7f596932 100644 --- a/htdocs/accountancy/expensereport/index.php +++ b/htdocs/accountancy/expensereport/index.php @@ -32,17 +32,6 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; // Load translation files required by the page $langs->loadLangs(array("compta", "bills", "other", "main", "accountancy")); -// Security check -if (empty($conf->accounting->enabled)) { - accessforbidden(); -} -if ($user->socid > 0) { - accessforbidden(); -} -if (!$user->rights->accounting->bind->write) { - accessforbidden(); -} - $month_start = ($conf->global->SOCIETE_FISCAL_MONTH_START ? ($conf->global->SOCIETE_FISCAL_MONTH_START) : 1); if (GETPOST("year", 'int')) { $year_start = GETPOST("year", 'int'); @@ -65,13 +54,23 @@ $year_current = $year_start; // Validate History $action = GETPOST('action', 'aZ09'); +// Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} /* * Actions */ -if ($action == 'clean' || $action == 'validatehistory') { +if (($action == 'clean' || $action == 'validatehistory') && $user->rights->accounting->bind->write) { // Clean database $db->begin(); $sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd"; diff --git a/htdocs/accountancy/expensereport/lines.php b/htdocs/accountancy/expensereport/lines.php index 3c4760b3730..d29e39d7f37 100644 --- a/htdocs/accountancy/expensereport/lines.php +++ b/htdocs/accountancy/expensereport/lines.php @@ -74,13 +74,17 @@ if (!$sortorder) { } // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } -if (!$user->rights->accounting->bind->write) { +if (empty($user->rights->accounting->mouvements->lire)) { accessforbidden(); } + $formaccounting = new FormAccounting($db); @@ -102,7 +106,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_year = ''; } -if (is_array($changeaccount) && count($changeaccount) > 0) { +if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) { $error = 0; if (!(GETPOST('account_parent', 'int') >= 0)) { diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 05476756531..84cd64bb44f 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -83,19 +83,22 @@ if (!$sortorder) { } } -// Security check -if ($user->socid > 0) { - accessforbidden(); -} -if (!$user->rights->accounting->bind->write) { - accessforbidden(); -} - $formaccounting = new FormAccounting($db); $accounting = new AccountingAccount($db); $chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version'); +// Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Action @@ -130,7 +133,7 @@ $permissiontodelete = $user->rights->expensereport->delete; $uploaddir = $conf->expensereport->dir_output; include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php'; -if ($massaction == 'ventil') { +if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $msg = ''; //print '
' . $langs->trans("Processing") . '...
'; if (!empty($mesCasesCochees)) { diff --git a/htdocs/accountancy/index.php b/htdocs/accountancy/index.php index 242fc71d80c..94dc6aa05c9 100644 --- a/htdocs/accountancy/index.php +++ b/htdocs/accountancy/index.php @@ -31,13 +31,20 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; // Load translation files required by the page $langs->loadLangs(array("compta", "bills", "other", "accountancy", "loans", "banks", "admin", "dict")); +// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks +$hookmanager->initHooks(array('accountancyindex')); + // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} -// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks -$hookmanager->initHooks(array('accountancyindex')); /* diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index b79b8433c03..9093721bff6 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -7,7 +7,7 @@ * Copyright (C) 2013-2019 Alexandre Spangaro * Copyright (C) 2013-2014 Florian Henry * Copyright (C) 2013-2014 Olivier Geffroy - * Copyright (C) 2017-2020 Frédéric France + * Copyright (C) 2017-2021 Frédéric France * Copyright (C) 2018 Ferran Marcet * Copyright (C) 2018 Eric Seigne * Copyright (C) 2021 Gauthier VERDOL @@ -83,7 +83,13 @@ $now = dol_now(); $action = GETPOST('action', 'aZ09'); // Security check -if ($user->socid > 0 && empty($id_journal)) { +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { accessforbidden(); } @@ -954,13 +960,18 @@ if (empty($action) || $action == 'view') { $nom = $langs->trans("FinanceJournal").' | '.$accountingjournalstatic->getNomUrl(0, 1, 1, '', 1); $builddate = dol_now(); //$description = $langs->trans("DescFinanceJournal") . '
'; - $description .= $langs->trans("DescJournalOnlyBindedVisible").'
'; + $description = $langs->trans("DescJournalOnlyBindedVisible").'
'; - $listofchoices = array('notyet'=>$langs->trans("NotYetInGeneralLedger"), 'already'=>$langs->trans("AlreadyInGeneralLedger")); + $listofchoices = array( + 'notyet'=>$langs->trans("NotYetInGeneralLedger"), + 'already'=>$langs->trans("AlreadyInGeneralLedger") + ); $period = $form->selectDate($date_start ? $date_start : -1, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end ? $date_end : -1, 'date_end', 0, 0, 0, '', 1, 0); $period .= ' - '.$langs->trans("JournalizationInLedgerStatus").' '.$form->selectarray('in_bookkeeping', $listofchoices, $in_bookkeeping, 1); $varlink = 'id_journal='.$id_journal; + $periodlink = ''; + $exportlink = ''; journalHead($nom, '', $period, $periodlink, $description, $builddate, $exportlink, array('action' => ''), '', $varlink); diff --git a/htdocs/accountancy/journal/expensereportsjournal.php b/htdocs/accountancy/journal/expensereportsjournal.php index 9010261dbe0..2f7569ab152 100644 --- a/htdocs/accountancy/journal/expensereportsjournal.php +++ b/htdocs/accountancy/journal/expensereportsjournal.php @@ -58,13 +58,21 @@ if ($in_bookkeeping == '') { $now = dol_now(); // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Actions */ + $accountingaccount = new AccountingAccount($db); // Get informations of journal diff --git a/htdocs/accountancy/journal/purchasesjournal.php b/htdocs/accountancy/journal/purchasesjournal.php index 46363fb3a09..f6fa5c4b76a 100644 --- a/htdocs/accountancy/journal/purchasesjournal.php +++ b/htdocs/accountancy/journal/purchasesjournal.php @@ -57,17 +57,25 @@ if ($in_bookkeeping == '') { $now = dol_now(); +$hookmanager->initHooks(array('purchasesjournal')); +$parameters = array(); + // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} -$hookmanager->initHooks(array('purchasesjournal')); -$parameters = array(); /* * Actions */ + $reshook = $hookmanager->executeHooks('doActions', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks $accountingaccount = new AccountingAccount($db); diff --git a/htdocs/accountancy/journal/sellsjournal.php b/htdocs/accountancy/journal/sellsjournal.php index 16209e1a241..9a00adf3473 100644 --- a/htdocs/accountancy/journal/sellsjournal.php +++ b/htdocs/accountancy/journal/sellsjournal.php @@ -59,13 +59,20 @@ if ($in_bookkeeping == '') { $now = dol_now(); +$hookmanager->initHooks(array('sellsjournal')); +$parameters = array(); + // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} -$hookmanager->initHooks(array('sellsjournal')); -$parameters = array(); /* * Actions diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 0d86b928a26..eee2059c660 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -42,9 +42,15 @@ $codeventil = GETPOST('codeventil', 'int'); $id = GETPOST('id', 'int'); // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} /* diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index 937173fc1e6..7ef09acf91a 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -69,12 +69,23 @@ $action = GETPOST('action', 'aZ09'); $chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version'); +// Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Actions */ -if ($action == 'clean' || $action == 'validatehistory') { +if (($action == 'clean' || $action == 'validatehistory') && $user->rights->accounting->bind->write) { // Clean database $db->begin(); $sql1 = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det as fd"; diff --git a/htdocs/accountancy/supplier/lines.php b/htdocs/accountancy/supplier/lines.php index 6bdc714ec4c..f661ba42ce9 100644 --- a/htdocs/accountancy/supplier/lines.php +++ b/htdocs/accountancy/supplier/lines.php @@ -80,16 +80,19 @@ if (!$sortorder) { } } +$formaccounting = new FormAccounting($db); + // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } -if (!$user->rights->accounting->bind->write) { +if (empty($user->rights->accounting->mouvements->lire)) { accessforbidden(); } -$formaccounting = new FormAccounting($db); - /* * Actions diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index d49effd791d..ea61a686883 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -88,14 +88,6 @@ if (!$sortorder) { } } -// Security check -if ($user->socid > 0) { - accessforbidden(); -} -if (!$user->rights->accounting->bind->write) { - accessforbidden(); -} - // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('accountancysupplierlist')); @@ -107,6 +99,17 @@ $aarowid_p = $accounting->fetch('', $conf->global->ACCOUNTING_PRODUCT_BUY_ACCOUN $chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version'); +// Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Actions diff --git a/htdocs/adherents/admin/adherent.php b/htdocs/adherents/admin/adherent.php index adcf7d49311..3d40f8d758b 100644 --- a/htdocs/adherents/admin/adherent.php +++ b/htdocs/adherents/admin/adherent.php @@ -8,7 +8,7 @@ * Copyright (C) 2011-2012 Juanjo Menent * Copyright (C) 2012 J. Fernando Lagrange * Copyright (C) 2015 Jean-François Ferry - * Copyright (C) 2020 Frédéric France + * Copyright (C) 2020-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -178,7 +178,7 @@ if ($action == 'unset') { $form = new Form($db); -$help_url = 'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros'; +$help_url = 'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros|DE:Modul_Mitglieder'; llxHeader('', $langs->trans("MembersSetup"), $help_url); @@ -254,7 +254,8 @@ if ($conf->facture->enabled) { if (!empty($conf->product->enabled) || !empty($conf->service->enabled)) { print ''.$langs->trans("ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS").''; print ''; - $form->select_produits($conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS, 'ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS', '', 0); + $selected = (empty($conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS) ? '' : $conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS); + $form->select_produits($selected, 'ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS', '', 0); print ''; } print "\n"; diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 896dddd55e3..b34e39872ac 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -769,7 +769,7 @@ $formfile = new FormFile($db); $formcompany = new FormCompany($db); $title = $langs->trans("Member")." - ".$langs->trans("Card"); -$help_url = 'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros'; +$help_url = 'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros|DE:Modul_Mitglieder'; llxHeader('', $title, $help_url); $countrynotdefined = $langs->trans("ErrorSetACountryFirst").' ('.$langs->trans("SeeAbove").')'; @@ -1691,6 +1691,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { */ print '
'; + $isinspip = 0; $parameters = array(); $reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been if (empty($reshook)) { @@ -1818,7 +1819,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print '
'; print ''; // ancre - // Documents generes + // Generated documents $filename = dol_sanitizeFileName($object->ref); //$filename = 'tmp_cards.php'; //$filedir = $conf->adherent->dir_output . '/' . get_exdir($object->id, 2, 0, 0, $object, 'member') . dol_sanitizeFileName($object->ref); @@ -1827,7 +1828,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $genallowed = $user->rights->adherent->lire; $delallowed = $user->rights->adherent->creer; - print $formfile->showdocuments('member', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', $object->default_lang, '', $object); + print $formfile->showdocuments('member', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', (empty($object->default_lang) ? '' : $object->default_lang), '', $object); $somethingshown = $formfile->numoffiles; // Show links to link elements diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index 843ca08a5df..89baf2f5ec5 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -131,9 +131,8 @@ print '
'; print dol_get_fiche_end(); /* - * Barre d'actions + * Action bar */ - print '
'; if (!empty($conf->global->LDAP_MEMBER_ACTIVE) && $conf->global->LDAP_MEMBER_ACTIVE != 'ldap2dolibarr') { diff --git a/htdocs/adherents/stats/byproperties.php b/htdocs/adherents/stats/byproperties.php index 9f8691a69a6..1238fd0fe15 100644 --- a/htdocs/adherents/stats/byproperties.php +++ b/htdocs/adherents/stats/byproperties.php @@ -59,7 +59,7 @@ $title = $langs->trans("MembersStatisticsByProperties"); print load_fiche_titre($title, '', $memberstatic->picto); -dol_mkdir($dir); +//dol_mkdir($dir); $data = array(); @@ -134,7 +134,7 @@ if ($resql) { } -$head = member_stats_prepare_head($adh); +$head = member_stats_prepare_head($memberstatic); print dol_get_fiche_head($head, 'statsbyproperties', '', -1, ''); @@ -169,7 +169,7 @@ if (!$foundmor) { foreach ($data as $val) { $nb = $val['nb']; - $nbsubscriptions = $val['nbsubscriptions']; + $nbsubscriptions = isset($val['nbsubscriptions']) ? $val['nbsubscriptions'] : 0; $nbactive = $val['nbactive']; print ''; diff --git a/htdocs/adherents/stats/geo.php b/htdocs/adherents/stats/geo.php index 6107669c967..2d1450b8ae5 100644 --- a/htdocs/adherents/stats/geo.php +++ b/htdocs/adherents/stats/geo.php @@ -78,7 +78,7 @@ llxHeader('', $title, '', '', 0, 0, $arrayjs); print load_fiche_titre($title, '', $memberstatic->picto); -dol_mkdir($dir); +//dol_mkdir($dir); if ($mode) { // Define sql @@ -87,7 +87,7 @@ if ($mode) { $tab = 'statscountry'; $data = array(); - $sql .= "SELECT COUNT(DISTINCT d.rowid) as nb, COUNT(s.rowid) as nbsubscriptions, MAX(d.datevalid) as lastdate, MAX(s.dateadh) as lastsubscriptiondate, c.code, c.label"; + $sql = "SELECT COUNT(DISTINCT d.rowid) as nb, COUNT(s.rowid) as nbsubscriptions, MAX(d.datevalid) as lastdate, MAX(s.dateadh) as lastsubscriptiondate, c.code, c.label"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent as d"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as c on d.country = c.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."subscription as s ON s.fk_adherent = d.rowid"; @@ -103,7 +103,7 @@ if ($mode) { $tab = 'statsstate'; $data = array(); - $sql .= "SELECT COUNT(DISTINCT d.rowid) as nb, COUNT(s.rowid) as nbsubscriptions, MAX(d.datevalid) as lastdate, MAX(s.dateadh) as lastsubscriptiondate, co.code, co.label, c.nom as label2"; // + $sql = "SELECT COUNT(DISTINCT d.rowid) as nb, COUNT(s.rowid) as nbsubscriptions, MAX(d.datevalid) as lastdate, MAX(s.dateadh) as lastsubscriptiondate, co.code, co.label, c.nom as label2"; // $sql .= " FROM ".MAIN_DB_PREFIX."adherent as d"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as c on d.state_id = c.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_regions as r on c.fk_region = r.code_region"; @@ -120,7 +120,7 @@ if ($mode) { $tab = 'statsregion'; //onglet $data = array(); //tableau de donnée - $sql .= "SELECT COUNT(DISTINCT d.rowid) as nb, COUNT(s.rowid) as nbsubscriptions, MAX(d.datevalid) as lastdate, MAX(s.dateadh) as lastsubscriptiondate, co.code, co.label, r.nom as label2"; + $sql = "SELECT COUNT(DISTINCT d.rowid) as nb, COUNT(s.rowid) as nbsubscriptions, MAX(d.datevalid) as lastdate, MAX(s.dateadh) as lastsubscriptiondate, co.code, co.label, r.nom as label2"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent as d"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as c on d.state_id = c.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_regions as r on c.fk_region = r.code_region"; @@ -137,7 +137,7 @@ if ($mode) { $tab = 'statstown'; $data = array(); - $sql .= "SELECT COUNT(DISTINCT d.rowid) as nb, COUNT(s.rowid) as nbsubscriptions, MAX(d.datevalid) as lastdate, MAX(s.dateadh) as lastsubscriptiondate, c.code, c.label, d.town as label2"; + $sql = "SELECT COUNT(DISTINCT d.rowid) as nb, COUNT(s.rowid) as nbsubscriptions, MAX(d.datevalid) as lastdate, MAX(s.dateadh) as lastsubscriptiondate, c.code, c.label, d.town as label2"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent as d"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as c on d.country = c.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."subscription as s ON s.fk_adherent = d.rowid"; @@ -207,7 +207,7 @@ if ($mode) { } -$head = member_stats_prepare_head($adh); +$head = member_stats_prepare_head($memberstatic); print dol_get_fiche_head($head, $tab, '', -1, ''); @@ -299,7 +299,7 @@ if ($mode) { print ''; print ''; print ''; - if ($label2) { + if (isset($label2)) { print ''; } print ''; @@ -308,10 +308,10 @@ if ($mode) { print ''; foreach ($data as $val) { - $year = $val['year']; + $year = isset($val['year']) ? $val['year'] : '';; print ''; print ''; - if ($label2) { + if (isset($label2)) { print ''; } print ''; diff --git a/htdocs/adherents/stats/index.php b/htdocs/adherents/stats/index.php index b092c7bcf20..11c0025dcc5 100644 --- a/htdocs/adherents/stats/index.php +++ b/htdocs/adherents/stats/index.php @@ -137,7 +137,7 @@ if (!$mesg) { } -$head = member_stats_prepare_head($adh); +$head = member_stats_prepare_head($memberstatic); print dol_get_fiche_head($head, 'statssubscription', '', -1, ''); diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 6b8b0db608c..8fa87cbb6a6 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -639,7 +639,7 @@ if ($rowid > 0) { /* - * Action buttons + * Action bar */ // Button to create a new subscription if member no draft (-1) neither resiliated (0) neither excluded (-2) diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php index 4b2b4861c1c..575d6d2301b 100644 --- a/htdocs/adherents/subscription/card.php +++ b/htdocs/adherents/subscription/card.php @@ -349,8 +349,7 @@ if ($rowid && $action != 'edit') { print dol_get_fiche_end(); /* - * Barre d'actions - * + * Action bar */ print '
'; @@ -373,7 +372,7 @@ if ($rowid && $action != 'edit') { print '
'; print ''; // ancre - // Documents generes + // Generated documents /* $filename = dol_sanitizeFileName($object->ref); $filedir = $conf->facture->dir_output . '/' . dol_sanitizeFileName($object->ref); diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index 5c60d13c9be..195c2a194ba 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -213,7 +213,8 @@ if ($action == 'confirm_delete' && $user->rights->adherent->configurer) { $form = new Form($db); $formproduct = new FormProduct($db); -$help_url = 'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros'; +$help_url = 'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros|DE:Modul_Mitglieder'; + llxHeader('', $langs->trans("MembersTypeSetup"), $help_url); // List of members type diff --git a/htdocs/adherents/type_translation.php b/htdocs/adherents/type_translation.php index 56dfc05e895..0ce4b2314b4 100644 --- a/htdocs/adherents/type_translation.php +++ b/htdocs/adherents/type_translation.php @@ -175,12 +175,9 @@ print dol_get_fiche_end(); -/* ************************************************************************** */ -/* */ -/* Barre d'action */ -/* */ -/* ************************************************************************** */ - +/* + * Action bar + */ print "\n
\n"; if ($action == '') { diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php index d23bd42848a..54d5158b4ed 100644 --- a/htdocs/admin/agenda_other.php +++ b/htdocs/admin/agenda_other.php @@ -330,16 +330,6 @@ if (empty($conf->global->AGENDA_USE_EVENT_TYPE)) { } print '
'."\n"; -// AGENDA_DEFAULT_VIEW -print ''."\n"; -$htmltext = $langs->trans("ThisValueCanOverwrittenOnUserLevel", $langs->transnoentitiesnoconv("UserGUISetup")); -print ''."\n"; -print ''."\n"; -print ''."\n"; - if (!empty($conf->global->AGENDA_USE_EVENT_TYPE)) { print ''; print ''."\n"; @@ -350,6 +340,16 @@ if (!empty($conf->global->AGENDA_USE_EVENT_TYPE)) { print ''."\n"; } +// AGENDA_DEFAULT_VIEW +print ''."\n"; +$htmltext = $langs->trans("ThisValueCanOverwrittenOnUserLevel", $langs->transnoentitiesnoconv("UserGUISetup")); +print ''."\n"; +print ''."\n"; +print ''."\n"; + // AGENDA_EVENT_DEFAULT_STATUS print ''."\n"; print ''."\n"; diff --git a/htdocs/admin/barcode.php b/htdocs/admin/barcode.php index ecc30c74ac9..e6211f0b56f 100644 --- a/htdocs/admin/barcode.php +++ b/htdocs/admin/barcode.php @@ -121,7 +121,7 @@ if ($action == 'setcoder') { $form = new Form($db); $formbarcode = new FormBarCode($db); -$help_url = 'EN:Module_Barcode|FR:Module_Codes_Barre|ES:Módulo Código de barra'; +$help_url = 'EN:Module_Barcode|FR:Module_Codes_Barre|ES:Módulo Código de barra|DE:Modul_Barcode'; llxHeader('', $langs->trans("BarcodeSetup"), $help_url); $linkback = ''.$langs->trans("BackToModuleList").''; diff --git a/htdocs/admin/dav.php b/htdocs/admin/dav.php index 3d159801173..32b91ed7cea 100644 --- a/htdocs/admin/dav.php +++ b/htdocs/admin/dav.php @@ -58,8 +58,9 @@ include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php'; * View */ +$help_url = 'EN:Module_DAV'; -llxHeader('', $langs->trans("DAVSetup"), $wikihelp); +llxHeader('', $langs->trans("DAVSetup"), $help_url); $linkback = ''.$langs->trans("BackToModuleList").''; print load_fiche_titre($langs->trans("DAVSetup"), $linkback, 'title_setup'); diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index 92b60cce4e2..cfdc196d79d 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -442,7 +442,7 @@ foreach ($configfileparameters as $key => $value) { print img_warning($langs->trans('SwitchThisForABetterSecurity', 0)); } } else { - print ${$newkey}; + print (empty(${$newkey}) ? '' : ${$newkey}); } if ($newkey == 'dolibarr_main_url_root' && ${$newkey} != DOL_MAIN_URL_ROOT) { print ' (currently overwritten by autodetected value: '.DOL_MAIN_URL_ROOT.')'; diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 745b732b6e1..e05fc01fd82 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -25,6 +25,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/memory.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/events.class.php'; // Load translation files required by the page @@ -54,7 +55,12 @@ print load_fiche_titre($langs->trans("PHPSetup"), '', 'folder'); // Get version of PHP $phpversion = version_php(); -print "PHP - ".$langs->trans("Version").": ".$phpversion."
\n"; +print "PHP: ".$langs->trans("Version").": ".$phpversion; +if (function_exists('php_ini_loaded_file')) { + $inipath = php_ini_loaded_file(); + print " - INI: ".$inipath; +} +print "
\n"; // Get versionof web server print "
Web server - ".$langs->trans("Version").": ".$_SERVER["SERVER_SOFTWARE"]."
\n"; @@ -62,6 +68,35 @@ print '
'; print "PHP safe_mode = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0))."
\n"; print "PHP open_basedir = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0))."
\n"; +print "PHP allow_url_fopen = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0))."
\n"; +print "PHP allow_url_include = ".(ini_get('allow_url_include') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_include') : yn(0))."
\n"; +print "PHP disable_functions = "; +$arrayoffunctionsdisabled = explode(',', ini_get('disable_functions')); +$arrayoffunctionstodisable = explode(',', 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals'); +$arrayoffunctionstodisable2 = explode(',', 'exec,passthru,shell_exec,system,proc_open,popen'); +print join(', ', $arrayoffunctionsdisabled); +print "
\n"; +$todisabletext = ''; +foreach ($arrayoffunctionstodisable as $functiontodisable) { + if (! in_array($functiontodisable, $arrayoffunctionsdisabled)) { + $todisabletext .= img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.$functiontodisable; + } +} +if ($todisabletext) { + print $langs->trans("YouShouldDisablePHPFunctions").': '.$todisabletext; + print '
'; +} +$todisabletext = ''; +foreach ($arrayoffunctionstodisable2 as $functiontodisable) { + if (! in_array($functiontodisable, $arrayoffunctionsdisabled)) { + $todisabletext .= img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.$functiontodisable; + } +} +if ($todisabletext) { + print $langs->trans("IfCLINotRequiredYouShouldDisablePHPFunctions").': '.$todisabletext; + print '
'; +} + print '
'; // XDebug @@ -110,6 +145,14 @@ $perms = fileperms($dolibarr_main_document_root.'/'.$conffile); if ($perms) { if (($perms & 0x0004) || ($perms & 0x0002)) { print img_warning().' '.$langs->trans("ConfFileIsReadableOrWritableByAnyUsers"); + // Web user group by default + $labeluser = dol_getwebuser('user'); + $labelgroup = dol_getwebuser('group'); + print ' '.$langs->trans("User").': '.$labeluser.':'.$labelgroup; + if (function_exists('posix_geteuid') && function_exists('posix_getpwuid')) { + $arrayofinfoofuser = posix_getpwuid(posix_geteuid()); + print ' (POSIX '.$arrayofinfoofuser['name'].':'.$arrayofinfoofuser['gecos'].':'.$arrayofinfoofuser['dir'].':'.$arrayofinfoofuser['shell'].')'; + } } else { print img_picto('', 'tick'); } diff --git a/htdocs/admin/system/web.php b/htdocs/admin/system/web.php index 9c54b60f900..93af0097087 100644 --- a/htdocs/admin/system/web.php +++ b/htdocs/admin/system/web.php @@ -59,13 +59,20 @@ print '\n"; + print '\n"; } // Web user group real (detected by 'id' external command) -$arrayout = array(); $varout = 0; -exec('id', $arrayout, $varout); -if (empty($varout)) { // Test command is ok. Work only on Linux OS. - print '\n"; +if (function_exists('exec')) { + $arrayout = array(); $varout = 0; + exec('id', $arrayout, $varout); + if (empty($varout)) { // Test command is ok. Work only on Linux OS. + print '\n"; + } } print '
'.$label.''.$label2.''.$langs->trans("NbOfMembers").' ('.$langs->trans("AllTime").')
'.$val['label'].''.$val['label2'].''.$val['nb'].'
'.$form->textwithpicto($langs->trans("AGENDA_DEFAULT_VIEW"), $htmltext).' '."\n"; -$tmplist = array(''=>' ', 'show_list'=>$langs->trans("ViewList"), 'show_month'=>$langs->trans("ViewCal"), 'show_week'=>$langs->trans("ViewWeek"), 'show_day'=>$langs->trans("ViewDay"), 'show_peruser'=>$langs->trans("ViewPerUser")); -print $form->selectarray('AGENDA_DEFAULT_VIEW', $tmplist, $conf->global->AGENDA_DEFAULT_VIEW); -print '
'.$form->textwithpicto($langs->trans("AGENDA_DEFAULT_VIEW"), $htmltext).' '."\n"; +$tmplist = array(''=>' ', 'show_list'=>$langs->trans("ViewList"), 'show_month'=>$langs->trans("ViewCal"), 'show_week'=>$langs->trans("ViewWeek"), 'show_day'=>$langs->trans("ViewDay"), 'show_peruser'=>$langs->trans("ViewPerUser")); +print $form->selectarray('AGENDA_DEFAULT_VIEW', $tmplist, $conf->global->AGENDA_DEFAULT_VIEW); +print '
'.$langs->trans("AGENDA_EVENT_DEFAULT_STATUS").'
'.$langs->trans("DataRootServer")."".DOL_DATA_ROOT."'.$langs->trans("WebUserGroup")." (env vars)".$labeluser.'/'.$labelgroup."
'.$langs->trans("WebUserGroup")." (env vars)".$labeluser.':'.$labelgroup; + if (function_exists('posix_geteuid') && function_exists('posix_getpwuid')) { + $arrayofinfoofuser = posix_getpwuid(posix_geteuid()); + print ' (POSIX '.$arrayofinfoofuser['name'].':'.$arrayofinfoofuser['gecos'].':'.$arrayofinfoofuser['dir'].':'.$arrayofinfoofuser['shell'].')'; + } + print "
'.$langs->trans("WebUserGroup")." (real, 'id' command)".join(',', $arrayout)."
'.$langs->trans("WebUserGroup")." (real, 'id' command)".join(',', $arrayout)."
'; print '
'; diff --git a/htdocs/admin/tools/export_files.php b/htdocs/admin/tools/export_files.php index f68bc7382b5..34685676320 100644 --- a/htdocs/admin/tools/export_files.php +++ b/htdocs/admin/tools/export_files.php @@ -122,7 +122,8 @@ $utils = new Utils($db); if ($compression == 'zip') { $file .= '.zip'; - $ret = dol_compress_dir(DOL_DATA_ROOT, $outputdir."/".$file, $compression, '/(\.back|\.old|\.log|[\\\/]temp[\\\/]|documents[\\\/]admin[\\\/]documents[\\\/])/i'); + $excludefiles = '/(\.back|\.old|\.log|[\/\\\]temp[\/\\\]|documents[\/\\\]admin[\/\\\]documents[\/\\\])/i'; + $ret = dol_compress_dir(DOL_DATA_ROOT, $outputdir."/".$file, $compression, $excludefiles); if ($ret < 0) { if ($ret == -2) { $langs->load("errors"); diff --git a/htdocs/asset/card.php b/htdocs/asset/card.php index e4bf739515f..3d722bca400 100644 --- a/htdocs/asset/card.php +++ b/htdocs/asset/card.php @@ -79,7 +79,7 @@ $permissiontoadd = $user->rights->asset->write; // Used by the include of action $permissiontodelete = $user->rights->asset->delete || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); $permissionnote = $user->rights->asset->write; // Used by the include of actions_setnotes.inc.php $permissiondellink = $user->rights->asset->write; // Used by the include of actions_dellink.inc.php -$upload_dir = $conf->mymodule->multidir_output[isset($object->entity) ? $object->entity : 1]; +$upload_dir = $conf->asset->multidir_output[isset($object->entity) ? $object->entity : 1]; /* diff --git a/htdocs/bom/bom_agenda.php b/htdocs/bom/bom_agenda.php index 2cf66d9c3f5..6a86f1c2258 100644 --- a/htdocs/bom/bom_agenda.php +++ b/htdocs/bom/bom_agenda.php @@ -51,11 +51,6 @@ if (GETPOST('actioncode', 'array')) { } $search_agenda_label = GETPOST('search_agenda_label'); -// Security check - Protection if external user -//if ($user->socid > 0) accessforbidden(); -//if ($user->socid > 0) $socid = $user->socid; -//$result = restrictedArea($user, 'bom', $id); - $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); @@ -87,6 +82,11 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->bom->multidir_output[$object->entity]."/".$object->id; } +// Security check - Protection if external user +//if ($user->socid > 0) accessforbidden(); +//if ($user->socid > 0) $socid = $user->socid; +$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); +restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); /* diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index 5547c21faab..6d2047d3f49 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -75,8 +75,8 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ // Security check - Protection if external user //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; -//$isdraft = (($object->statut == $object::STATUS_DRAFT) ? 1 : 0); -//$result = restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); +$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); +$result = restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); $permissionnote = $user->rights->bom->write; // Used by the include of actions_setnotes.inc.php $permissiondellink = $user->rights->bom->write; // Used by the include of actions_dellink.inc.php diff --git a/htdocs/bom/bom_document.php b/htdocs/bom/bom_document.php index 92babe87003..520dd8bb9d7 100644 --- a/htdocs/bom/bom_document.php +++ b/htdocs/bom/bom_document.php @@ -79,6 +79,12 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->bom->multidir_output[$object->entity ? $object->entity : 1]."/bom/".get_exdir(0, 0, 0, 1, $object); } +// Security check - Protection if external user +//if ($user->socid > 0) accessforbidden(); +//if ($user->socid > 0) $socid = $user->socid; +$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); +restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); + /* * Actions diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php index 4eaef9b096c..eb1852699c0 100644 --- a/htdocs/bom/bom_list.php +++ b/htdocs/bom/bom_list.php @@ -539,7 +539,7 @@ print ''."\n"; // -------------------------------------------------------------------- print ''; foreach ($object->fields as $key => $val) { - $cssforfield = (empty($val['css']) ? '' : $val['css']); + $cssforfield = (empty($val['csslist']) ? (empty($val['css']) ? '' : $val['css']) : $val['csslist']); if ($key == 'status') { $cssforfield .= ($cssforfield ? ' ' : '').'center'; } elseif (in_array($val['type'], array('date', 'datetime', 'timestamp'))) { @@ -591,7 +591,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { // Show here line of result print ''; foreach ($object->fields as $key => $val) { - $cssforfield = (empty($val['css']) ? '' : $val['css']); + $cssforfield = (empty($val['csslist']) ? (empty($val['css']) ? '' : $val['css']) : $val['csslist']); if (in_array($val['type'], array('date', 'datetime', 'timestamp'))) { $cssforfield .= ($cssforfield ? ' ' : '').'center'; } elseif ($key == 'status') { diff --git a/htdocs/bom/bom_note.php b/htdocs/bom/bom_note.php index cd288a3be3c..244bcfd7a49 100644 --- a/htdocs/bom/bom_note.php +++ b/htdocs/bom/bom_note.php @@ -57,9 +57,13 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->bom->multidir_output[$object->entity]."/".$object->id; } -$permissionnote = 1; -//$permissionnote=$user->rights->bom->creer; // Used by the include of actions_setnotes.inc.php +$permissionnote = $user->rights->bom->write; // Used by the include of actions_setnotes.inc.php +// Security check - Protection if external user +//if ($user->socid > 0) accessforbidden(); +//if ($user->socid > 0) $socid = $user->socid; +$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); +restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); /* diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index b3af3a43fd2..47246b8423d 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -63,24 +63,29 @@ class BOM extends CommonObject /** - * 'type' if the field format ('integer', 'integer:ObjectClass:PathToClass[:AddCreateButtonOrNot[:Filter]]', 'varchar(x)', 'double(24,8)', 'real', 'price', 'text', 'html', 'date', 'datetime', 'timestamp', 'duration', 'mail', 'phone', 'url', 'password') + * 'type' field format ('integer', 'integer:ObjectClass:PathToClass[:AddCreateButtonOrNot[:Filter]]', 'sellist:TableName:LabelFieldName[:KeyFieldName[:KeyFieldParent[:Filter]]]', 'varchar(x)', 'double(24,8)', 'real', 'price', 'text', 'text:none', 'html', 'date', 'datetime', 'timestamp', 'duration', 'mail', 'phone', 'url', 'password') * Note: Filter can be a string like "(t.ref:like:'SO-%') or (t.date_creation:<:'20160101') or (t.nature:is:NULL)" * 'label' the translation key. - * 'enabled' is a condition when the field must be managed. + * 'picto' is code of a picto to show before value in forms + * 'enabled' is a condition when the field must be managed (Example: 1 or '$conf->global->MY_SETUP_PARAM) + * 'position' is the sort order of field. + * 'notnull' is set to 1 if not null in database. Set to -1 if we must set data to null if empty ('' or 0). * 'visible' says if field is visible in list (Examples: 0=Not visible, 1=Visible on list and create/update/view forms, 2=Visible on list only, 3=Visible on create/update/view form only (not list), 4=Visible on list and update/view form only (not create). 5=Visible on list and view only (not create/not update). Using a negative value means field is not shown by default on list but can be selected for viewing) * 'noteditable' says if field is not editable (1 or 0) - * 'notnull' is set to 1 if not null in database. Set to -1 if we must set data to null if empty ('' or 0). - * 'default' is a default value for creation (can still be replaced by the global setup of default values) + * 'default' is a default value for creation (can still be overwrote by the Setup of Default Values if field is editable in creation form). Note: If default is set to '(PROV)' and field is 'ref', the default value will be set to '(PROVid)' where id is rowid when a new record is created. * 'index' if we want an index in database. * 'foreignkey'=>'tablename.field' if the field is a foreign key (it is recommanded to name the field fk_...). - * 'position' is the sort order of field. * 'searchall' is 1 if we want to search in this field when making a search from the quick search button. * 'isameasure' must be set to 1 if you want to have a total on list for this field. Field type must be summable like integer or double(24,8). - * 'css' is the CSS style to use on field. For example: 'maxwidth200' - * 'help' is a string visible as a tooltip on field - * 'comment' is not used. You can store here any text of your choice. It is not used by application. + * 'css' and 'cssview' and 'csslist' is the CSS style to use on field. 'css' is used in creation and update. 'cssview' is used in view mode. 'csslist' is used for columns in lists. For example: 'maxwidth200', 'wordbreak', 'tdoverflowmax200' + * 'help' is a 'TranslationString' to use to show a tooltip on field. You can also use 'TranslationString:keyfortooltiponlick' for a tooltip on click. * 'showoncombobox' if value of the field must be visible into the label of the combobox that list record + * 'disabled' is 1 if we want to have the field locked by a 'disabled' attribute. In most cases, this is never set into the definition of $fields into class, but is set dynamically by some part of code. * 'arraykeyval' to set list of value if type is a list of predefined values. For example: array("0"=>"Draft","1"=>"Active","-1"=>"Cancel") + * 'autofocusoncreate' to have field having the focus on a create form. Only 1 field should have this property set to 1. + * 'comment' is not used. You can store here any text of your choice. It is not used by application. + * + * Note: To have value dynamic, you can set value to 0 in definition and edit the value on the fly into the constructor. */ // BEGIN MODULEBUILDER PROPERTIES @@ -92,7 +97,7 @@ class BOM extends CommonObject 'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'notnull'=> 1, 'default'=>1, 'index'=>1, 'position'=>5), 'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'noteditable'=>1, 'visible'=>4, 'position'=>10, 'notnull'=>1, 'default'=>'(PROV)', 'index'=>1, 'searchall'=>1, 'comment'=>"Reference of BOM", 'showoncombobox'=>'1',), 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'notnull'=>1, 'searchall'=>1, 'showoncombobox'=>'1', 'autofocusoncreate'=>1), - 'bomtype' => array('type'=>'integer', 'label'=>'Type', 'enabled'=>1, 'visible'=>1, 'position'=>33, 'notnull'=>1, 'default'=>'0', 'arrayofkeyval'=>array(0=>'Manufacturing', 1=>'Disassemble')), + 'bomtype' => array('type'=>'integer', 'label'=>'Type', 'enabled'=>1, 'visible'=>1, 'position'=>33, 'notnull'=>1, 'default'=>'0', 'arrayofkeyval'=>array(0=>'Manufacturing', 1=>'Disassemble'), 'css'=>'minwidth150', 'csslist'=>'minwidth150'), //'bomtype' => array('type'=>'integer', 'label'=>'Type', 'enabled'=>1, 'visible'=>-1, 'position'=>32, 'notnull'=>1, 'default'=>'0', 'arrayofkeyval'=>array(0=>'Manufacturing')), 'fk_product' => array('type'=>'integer:Product:product/class/product.class.php:1:(finished IS NULL or finished <> 0)', 'label'=>'Product', 'picto'=>'product', 'enabled'=>1, 'visible'=>1, 'position'=>35, 'notnull'=>1, 'index'=>1, 'help'=>'ProductBOMHelp', 'css'=>'maxwidth500'), 'description' => array('type'=>'text', 'label'=>'Description', 'enabled'=>1, 'visible'=>-1, 'position'=>60, 'notnull'=>-1,), diff --git a/htdocs/categories/card.php b/htdocs/categories/card.php index 5b54666b674..9f275033b01 100644 --- a/htdocs/categories/card.php +++ b/htdocs/categories/card.php @@ -97,7 +97,7 @@ $error = 0; // Add action if ($action == 'add' && $user->rights->categorie->creer) { - // Action ajout d'une categorie + // Action add a category if ($cancel) { if ($urlfrom) { header("Location: ".$urlfrom); @@ -167,7 +167,7 @@ if ($action == 'add' && $user->rights->categorie->creer) { // Confirm action if (($action == 'add' || $action == 'confirmed') && $user->rights->categorie->creer) { - // Action confirmation de creation categorie + // Action confirmation of creation category if ($action == 'confirmed') { if ($urlfrom) { header("Location: ".$urlfrom); @@ -208,7 +208,7 @@ if (($action == 'add' || $action == 'confirmed') && $user->rights->categorie->cr $form = new Form($db); $formother = new FormOther($db); -$helpurl = ''; +$helpurl = 'EN:Module_Categories|FR:Module_Catégories'; llxHeader("", $langs->trans("Categories"), $helpurl); if ($user->rights->categorie->creer) { diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index c7e574939ff..e30067e8815 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -153,12 +153,9 @@ if ($object->id) { - /* ************************************************************************** */ - /* */ - /* Barre d'action */ - /* */ - /* ************************************************************************** */ - + /* + * Action bar + */ print '
'."\n"; if ($action != 'ajout_photo' && $user->rights->categorie->creer) { diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index de59aca376d..cd5d7ad8214 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -224,12 +224,9 @@ print dol_get_fiche_end(); -/* ************************************************************************** */ -/* */ -/* Barre d'action */ -/* */ -/* ************************************************************************** */ - +/* + * Action bar + */ print "\n
\n"; if ($action == '') { diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 066001f6aa7..391b418f5b8 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -2121,9 +2121,8 @@ if ($id > 0) { /* - * Barre d'actions + * Action bar */ - print '
'; $parameters = array(); @@ -2161,7 +2160,7 @@ if ($id > 0) { print ''; // ancre /* - * Documents generes + * Generated documents */ $filedir = $conf->agenda->multidir_output[$conf->entity].'/'.$object->id; diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index ab6de76f340..21c130cafac 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -743,7 +743,7 @@ class ActionComm extends CommonObject $sql .= " a.fk_element as elementid, a.elementtype,"; $sql .= " a.priority, a.fulldayevent, a.location, a.transparency,"; $sql .= " a.email_msgid, a.email_subject, a.email_from, a.email_to, a.email_tocc, a.email_tobcc, a.errors_to,"; - $sql .= " c.id as type_id, c.code as type_code, c.libelle as type_label, c.color as type_color, c.picto as type_picto,"; + $sql .= " c.id as type_id, c.type as type_type, c.code as type_code, c.libelle as type_label, c.color as type_color, c.picto as type_picto,"; $sql .= " s.nom as socname,"; $sql .= " u.firstname, u.lastname as lastname,"; $sql .= " num_vote, event_paid, a.status"; @@ -779,8 +779,9 @@ class ActionComm extends CommonObject $this->type_code = $obj->type_code; $this->type_color = $obj->type_color; $this->type_picto = $obj->type_picto; - $transcode = $langs->trans("Action".$obj->type_code); - $this->type = (($transcode != "Action".$obj->type_code) ? $transcode : $obj->type_label); + $this->type = $obj->type_type; + /*$transcode = $langs->trans("Action".$obj->type_code); + $this->type = (($transcode != "Action".$obj->type_code) ? $transcode : $obj->type_label); */ $transcode = $langs->trans("Action".$obj->type_code.'Short'); $this->type_short = (($transcode != "Action".$obj->type_code.'Short') ? $transcode : ''); diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 3616de126be..6c92f07085b 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -1138,7 +1138,11 @@ if (count($listofextcals)) { if (isset($icalevent['DTSTART;VALUE=DATE'])) { // fullday event // For full day events, date are also GMT but they wont but converted using tz during output $datestart = dol_stringtotime($icalevent['DTSTART;VALUE=DATE'], 1); - $dateend = dol_stringtotime($icalevent['DTEND;VALUE=DATE'], 1) - 1; // We remove one second to get last second of day + if (empty($icalevent['DTEND;VALUE=DATE'])) { + $dateend = $datestart + 86400 - 1; + } else { + $dateend = dol_stringtotime($icalevent['DTEND;VALUE=DATE'], 1) - 1; // We remove one second to get last second of day + } //print 'x'.$datestart.'-'.$dateend;exit; //print dol_print_date($dateend,'dayhour','gmt'); $event->fulldayevent = 1; @@ -1212,7 +1216,7 @@ if (count($listofextcals)) { // LOW = 0 to 4 // MEDIUM = 5 // HIGH = 6 to 9 - if ($icalevent['PRIORITY']) { + if (!empty($icalevent['PRIORITY'])) { $event->priority = $icalevent['PRIORITY']; } @@ -1233,7 +1237,7 @@ if (count($listofextcals)) { // X-MICROSOFT-CDO-BUSYSTATUS:OOF + TRANSP:OPAQUE => Away from the office / off-site } - if ($icalevent['LOCATION']) { + if (!empty($icalevent['LOCATION'])) { $event->location = $icalevent['LOCATION']; } diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index 07ab4f797de..c70bfb7fe91 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -305,7 +305,9 @@ $title = $langs->trans("CustomerCard"); if (!empty($conf->global->MAIN_HTML_TITLE) && preg_match('/thirdpartynameonly/', $conf->global->MAIN_HTML_TITLE) && $object->name) { $title = $object->name; } -$help_url = 'EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas'; + +$help_url = 'EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas|DE:Modul_Geschäftspartner'; + llxHeader('', $title, $help_url); @@ -1334,9 +1336,8 @@ if ($object->id > 0) { /* - * Barre d'actions + * Action bar */ - print '
'; $parameters = array(); diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index 87345bb905e..b720ff638c9 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -441,7 +441,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { * Draft purchase orders */ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) || !empty($conf->supplier_order->enabled)) && $user->rights->fournisseur->commande->lire) { - $sql = "SELECT cf.rowid, cf.ref, cf.ref_supplier, cf.total_ttc, cf.fk_statut as status"; + $sql = "SELECT cf.rowid, cf.ref, cf.ref_supplier, cf.total_ht, cf.total_tva, cf.total_ttc, cf.fk_statut as status"; $sql .= ", s.rowid as socid, s.nom as name, s.name_alias"; $sql .= ", s.code_client, s.code_compta, s.client"; $sql .= ", s.code_fournisseur, s.code_compta_fournisseur, s.fournisseur"; @@ -485,7 +485,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $supplierorderstatic->id = $obj->rowid; $supplierorderstatic->ref = $obj->ref; - $supplierorderstatic->ref_supplier = $obj->ref_suppliert; + $supplierorderstatic->ref_supplier = $obj->ref_supplier; $supplierorderstatic->total_ht = $obj->total_ht; $supplierorderstatic->total_tva = $obj->total_tva; $supplierorderstatic->total_ttc = $obj->total_ttc; @@ -882,7 +882,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $filename = dol_sanitizeFileName($obj->ref); $filedir = $conf->propal->multidir_output[$obj->entity].'/'.dol_sanitizeFileName($obj->ref); - $urlsource = $_SERVER['PHP_SELF'].'?id='.$obj->propalid; + //$urlsource = $_SERVER['PHP_SELF'].'?id='.$obj->propalid; $warning = ($db->jdate($obj->dfv) < ($now - $conf->propal->cloture->warning_delay)) ? img_warning($langs->trans("Late")) : ''; print ''; @@ -998,7 +998,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $filename = dol_sanitizeFileName($obj->ref); $filedir = $conf->commande->dir_output.'/'.dol_sanitizeFileName($obj->ref); - $urlsource = $_SERVER['PHP_SELF'].'?id='.$obj->propalid; + //$urlsource = $_SERVER['PHP_SELF'].'?id='.$obj->propalid; //$warning = ($db->jdate($obj->dfv) < ($now - $conf->propal->cloture->warning_delay)) ? img_warning($langs->trans("Late")) : ''; print ''; @@ -1013,7 +1013,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { print ''; print ''.$companystatic->getNomUrl(1, 'customer', 44).''; - print ''.dol_print_date($db->jdate($obj->dp), 'day').''; + print ''.dol_print_date($db->jdate($obj->dv), 'day').''; print ''.price(!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc).''; print ''.$orderstatic->LibStatut($obj->fk_statut, $obj->billed, 3).''; diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index a206e61064f..2b27d7ee451 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -1425,7 +1425,7 @@ if (!empty($conf->projet->enabled)) { $formproject = new FormProjets($db); } -$help_url = 'EN:Commercial_Proposals|FR:Proposition_commerciale|ES:Presupuestos'; +$help_url = 'EN:Commercial_Proposals|FR:Proposition_commerciale|ES:Presupuestos|DE:Modul_Angebote'; llxHeader('', $langs->trans('Proposal'), $help_url); $now = dol_now(); @@ -2602,7 +2602,7 @@ if ($action == 'create') { print '
'; print ''; // ancre /* - * Documents generes + * Generated documents */ $objref = dol_sanitizeFileName($object->ref); $filedir = $conf->propal->multidir_output[$object->entity]."/".dol_sanitizeFileName($object->ref); diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php index e18891f3c60..3cb6de90a8d 100644 --- a/htdocs/comm/propal/stats/index.php +++ b/htdocs/comm/propal/stats/index.php @@ -81,7 +81,7 @@ $langs->loadLangs(array('propal', 'other', 'companies')); if ($mode == 'customer') { $picto = 'propal'; $title = $langs->trans("ProposalsStatistics"); - $dir = $conf->propale->dir_temp; + $dir = $conf->propal->dir_temp; $cat_type = Categorie::TYPE_CUSTOMER; $cat_label = $langs->trans("Category").' '.lcfirst($langs->trans("Customer")); } diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 74de84b861a..a46e7df6b75 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1393,7 +1393,7 @@ if (empty($reshook)) { * View */ -llxHeader('', $langs->trans('Order'), 'EN:Customers_Orders|FR:Commandes_Clients|ES:Pedidos de clientes'); +llxHeader('', $langs->trans('Order'), 'EN:Customers_Orders|FR:Commandes_Clients|ES:Pedidos de clientes|DE:Modul_Kundenaufträge'); $form = new Form($db); $formfile = new FormFile($db); diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index cc744f9eb56..b29b594f8f2 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -2265,6 +2265,7 @@ class Commande extends CommonOrder $sql .= ' FROM '.MAIN_DB_PREFIX.'expedition as e'; $sql .= ', '.MAIN_DB_PREFIX.'element_element as el'; $sql .= ' WHERE el.fk_source = '.$this->id; + $sql .= " AND el.sourcetype = 'commande'"; $sql .= " AND el.fk_target = e.rowid"; $sql .= " AND el.targettype = 'shipping'"; @@ -3686,7 +3687,7 @@ class Commande extends CommonOrder $label .= ' '.$this->getLibStatut(5); } $label .= '
'.$langs->trans('Ref').': '.$this->ref; - $label .= '
'.$langs->trans('RefCustomer').': '.($this->ref_customer ? $this->ref_customer : $this->ref_client); + $label .= '
'.$langs->trans('RefCustomer').': '.(empty($this->ref_customer) ? (empty($this->ref_client) ? '' : $this->ref_client) : $this->ref_customer); if (!empty($this->total_ht)) { $label .= '
'.$langs->trans('AmountHT').': '.price($this->total_ht, 0, $langs, 0, -1, -1, $conf->currency); } diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 217b735a299..b621ad9752f 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -10,7 +10,6 @@ * Copyright (C) 2018 Ferran Marcet * Copyright (C) 2018 Frédéric France * Copyright (C) 2021 Gauthier VERDOL - * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -644,20 +643,21 @@ if ($search_description) { } $sql .= natural_search("b.label", $search_description_to_use); // Warning some text are just translation keys, not translated strings } + if ($search_bid > 0) { - $sql .= " AND b.rowid=l.lineid AND l.fk_categ=".$search_bid; + $sql .= " AND b.rowid = l.lineid AND l.fk_categ = ".((int) $search_bid); } if (!empty($search_type)) { - $sql .= " AND b.fk_type = '".$db->escape($search_type)."' "; + $sql .= " AND b.fk_type = '".$db->escape($search_type)."'"; } // Search criteria amount -$search_debit = price2num(str_replace('-', '', $search_debit)); -$search_credit = price2num(str_replace('-', '', $search_credit)); if ($search_debit) { - $sql .= natural_search('- b.amount', $search_debit, 1); + $sql .= natural_search('ABS(b.amount)', $search_debit, 1); + $sql .= ' AND b.amount <= 0'; } if ($search_credit) { $sql .= natural_search('b.amount', $search_credit, 1); + $sql .= ' AND b.amount >= 0'; } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index 74791c14898..ccc834835a4 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -54,12 +54,6 @@ $langs->loadLangs(array("banks", "bills", "categories", "companies", "compta")); $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); -// Security check -$id = GETPOST("id", 'int') ? GETPOST("id", 'int') : GETPOST('ref', 'alpha'); -$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid'; - -$result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid); - $object = new Account($db); $extrafields = new ExtraFields($db); @@ -69,6 +63,12 @@ $extrafields->fetch_name_optionals_label($object->table_element); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('bankcard', 'globalcard')); +// Security check +$id = GETPOST("id", 'int') ? GETPOST("id", 'int') : GETPOST('ref', 'alpha'); +$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid'; +$result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid); + + /* * Actions */ @@ -305,7 +305,7 @@ if (!empty($conf->accounting->enabled)) { $countrynotdefined = $langs->trans("ErrorSetACountryFirst").' ('.$langs->trans("SeeAbove").')'; $title = $langs->trans("FinancialAccount")." - ".$langs->trans("Card"); -$helpurl = ""; +$helpurl = "EN:Module_Banks_and_Cash"; llxHeader("", $title, $helpurl); @@ -777,7 +777,7 @@ if ($action == 'create') { print dol_get_fiche_end(); /* - * Barre d'actions + * Action bar */ print '
'; @@ -904,7 +904,7 @@ if ($action == 'create') { } elseif ($conciliate == -3) { print $langs->trans("No").' ('.$langs->trans("Closed").')'; } else { - print ' 0) ? '' : ' checked="checked"').'"> '.$langs->trans("DisableConciliation"); + print ' 0) ? '' : ' checked="checked"').'"> '; } print ''; diff --git a/htdocs/compta/bank/document.php b/htdocs/compta/bank/document.php index 0add6bf77fd..35102281ae9 100644 --- a/htdocs/compta/bank/document.php +++ b/htdocs/compta/bank/document.php @@ -71,6 +71,7 @@ if ($id > 0 || !empty($ref)) { $object->fetch($id, $ref); } + $result = restrictedArea($user, 'banque', $object->id, 'bank_account', '', ''); diff --git a/htdocs/compta/bank/info.php b/htdocs/compta/bank/info.php index a2a3260775a..c61f6e50bff 100644 --- a/htdocs/compta/bank/info.php +++ b/htdocs/compta/bank/info.php @@ -30,6 +30,18 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; $langs->loadLangs(array('banks', 'categories', 'companies')); $id = GETPOST("rowid", 'int'); +$ref = GETPOST('ref', 'alpha'); + +// Security check +$fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : '')); +$fieldtype = (!empty($ref) ? 'ref' : 'rowid'); +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'banque', $fieldvalue, 'bank_account', '', '', $fieldtype); +if (!$user->rights->banque->lire && !$user->rights->banque->consolidate) { + accessforbidden(); +} /* diff --git a/htdocs/compta/bank/list.php b/htdocs/compta/bank/list.php index 2882a4635fd..9375cf8aaa1 100644 --- a/htdocs/compta/bank/list.php +++ b/htdocs/compta/bank/list.php @@ -62,6 +62,7 @@ if (!empty($conf->categorie->enabled)) { $search_category_list = GETPOST("search_category_".Categorie::TYPE_ACCOUNT."_list", "array"); } +$socid = 0; // Security check if ($user->socid) { $socid = $user->socid; diff --git a/htdocs/compta/bank/transfer.php b/htdocs/compta/bank/transfer.php index 1d0613ead0a..c94f8810cd8 100644 --- a/htdocs/compta/bank/transfer.php +++ b/htdocs/compta/bank/transfer.php @@ -5,7 +5,7 @@ * Copyright (C) 2012 Juanjo Menent * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2015 Marcos García - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -33,7 +33,10 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; // Load translation files required by the page $langs->loadLangs(array("banks", "categories", "multicurrency")); - +$socid = 0; +if ($user->socid > 0) { + $socid = $user->socid; +} if (!$user->rights->banque->transfer) { accessforbidden(); } @@ -230,6 +233,7 @@ $account_from = ''; $account_to = ''; $label = ''; $amount = ''; +$amountto = ''; if ($error) { $account_from = GETPOST('account_from', 'int'); diff --git a/htdocs/compta/bank/treso.php b/htdocs/compta/bank/treso.php index b1dac2858b0..6ccd953a68b 100644 --- a/htdocs/compta/bank/treso.php +++ b/htdocs/compta/bank/treso.php @@ -37,22 +37,23 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; $langs->loadLangs(array('banks', 'categories', 'bills', 'companies')); // Security check -if (isset($_GET["account"]) || isset($_GET["ref"])) { - $id = isset($_GET["account"]) ? $_GET["account"] : (isset($_GET["ref"]) ? $_GET["ref"] : ''); +if (GETPOSTISSET("account") || GETPOSTISSET("ref")) { + $id = GETPOSTISSET("account") ? GETPOST("account") : (GETPOSTISSET("ref") ? GETPOST("ref") : ''); } -$fieldid = isset($_GET["ref"]) ? 'ref' : 'rowid'; +$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid'; if ($user->socid) { $socid = $user->socid; } $result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid); -$vline = isset($_GET["vline"]) ? $_GET["vline"] : $_POST["vline"]; -$page = isset($_GET["page"]) ? $_GET["page"] : 0; +$vline = GETPOST('vline'); +$page = GETPOSTISSET("page") ? GETPOST("page") : 0; // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('banktreso', 'globalcard')); + /* * View */ @@ -68,7 +69,7 @@ $socialcontribstatic = new ChargeSociales($db); $form = new Form($db); -if ($_REQUEST["account"] || $_REQUEST["ref"]) { +if (GETPOST("account") || GETPOST("ref")) { if ($vline) { $viewline = $vline; } else { @@ -76,11 +77,11 @@ if ($_REQUEST["account"] || $_REQUEST["ref"]) { } $object = new Account($db); - if ($_GET["account"]) { - $result = $object->fetch($_GET["account"]); + if (GETPOST("account", 'int')) { + $result = $object->fetch(GETPOST("account", 'int')); } - if ($_GET["ref"]) { - $result = $object->fetch(0, $_GET["ref"]); + if (GETPOST("ref")) { + $result = $object->fetch(0, GETPOST("ref")); $_GET["account"] = $object->id; } @@ -91,6 +92,8 @@ if ($_REQUEST["account"] || $_REQUEST["ref"]) { $linkback = ''.$langs->trans("BackToList").''; + $morehtmlref = ''; + dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref, '', 0, '', '', 1); print dol_get_fiche_end(); diff --git a/htdocs/compta/bank/various_payment/card.php b/htdocs/compta/bank/various_payment/card.php index d19ccbed908..2b4a68bec90 100644 --- a/htdocs/compta/bank/various_payment/card.php +++ b/htdocs/compta/bank/various_payment/card.php @@ -665,7 +665,7 @@ if ($id) { /* - * Action buttons + * Action bar */ print '
'."\n"; diff --git a/htdocs/compta/cashcontrol/cashcontrol_card.php b/htdocs/compta/cashcontrol/cashcontrol_card.php index da018dd1f06..ccaa0158af2 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_card.php +++ b/htdocs/compta/cashcontrol/cashcontrol_card.php @@ -67,11 +67,6 @@ if ($contextpage == 'takepos') { $_GET['optioncss'] = 'print'; } -// Security check -if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) { - accessforbidden(); -} - $arrayofpaymentmode = array('cash'=>'Cash', 'cheque'=>'Cheque', 'card'=>'CreditCard'); $arrayofposavailable = array(); @@ -95,6 +90,15 @@ $hookmanager->initHooks(array('cashcontrolcard', 'globalcard')); // Load object include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. +// Security check +if ($user->socid > 0) { // Protection if external user + //$socid = $user->socid; + accessforbidden(); +} +if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) { + accessforbidden(); +} + /* * Actions diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php index 6c4141e4b6a..3b97b967208 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_list.php +++ b/htdocs/compta/cashcontrol/cashcontrol_list.php @@ -94,14 +94,6 @@ if (!$sortorder) { $sortorder = "ASC"; } -// Security check -$socid = 0; -if ($user->socid > 0) { // Protection if external user - //$socid = $user->socid; - accessforbidden(); -} -//$result = restrictedArea($user, 'monmodule', $id, ''); - // Initialize array of search criterias $search_all = GETPOST("search_all", 'alpha'); $search = array(); @@ -133,6 +125,14 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); +// Security check +if ($user->socid > 0) { // Protection if external user + //$socid = $user->socid; + accessforbidden(); +} +if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) { + accessforbidden(); +} /* diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index f6c58aa858c..95c18dbf261 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -72,6 +72,15 @@ $sday = $cashcontrol->day_close; $posmodule = $cashcontrol->posmodule; $terminalid = $cashcontrol->posnumber; +// Security check +if ($user->socid > 0) { // Protection if external user + //$socid = $user->socid; + accessforbidden(); +} +if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) { + accessforbidden(); +} + /* * View diff --git a/htdocs/compta/deplacement/card.php b/htdocs/compta/deplacement/card.php index 1d294df8cff..3d4693f8c7b 100644 --- a/htdocs/compta/deplacement/card.php +++ b/htdocs/compta/deplacement/card.php @@ -463,9 +463,8 @@ if ($action == 'create') { print '
'; /* - * Barre d'actions + * Action bar */ - print '
'; if ($object->statut < Deplacement::STATUS_REFUNDED) { // if not refunded diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php index 1978a6115b5..167e9e4a577 100644 --- a/htdocs/compta/facture/card-rec.php +++ b/htdocs/compta/facture/card-rec.php @@ -65,7 +65,6 @@ $objecttype = 'facture_rec'; if ($action == "create" || $action == "add") { $objecttype = ''; } -$result = restrictedArea($user, 'facture', $id, $objecttype); $projectid = GETPOST('projectid', 'int'); $year_date_when = GETPOST('year_date_when'); @@ -127,6 +126,8 @@ $now = dol_now(); $error = 0; +$result = restrictedArea($user, 'facture', $object->id, $objecttype); + /* * Actions @@ -1634,8 +1635,8 @@ if ($action == 'create') { print dol_get_fiche_end(); - /** - * Barre d'actions + /* + * Action bar */ print '
'; diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 8c291a0839b..cd1905f528f 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -138,19 +138,19 @@ $permissiondellink = $usercancreate; // Used by the include of actions_dellink.i $permissiontoedit = $usercancreate; // Used by the include of actions_lineupdonw.inc.php $permissiontoadd = $usercancreate; // Used by the include of actions_addupdatedelete.inc.php +// retained warranty invoice available type +$retainedWarrantyInvoiceAvailableType = array(); +if (!empty($conf->global->INVOICE_USE_RETAINED_WARRANTY)) { + $retainedWarrantyInvoiceAvailableType = explode('+', $conf->global->INVOICE_USE_RETAINED_WARRANTY); +} + // Security check $fieldid = (!empty($ref) ? 'ref' : 'rowid'); if ($user->socid) { $socid = $user->socid; } $isdraft = (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0); -$result = restrictedArea($user, 'facture', $id, '', '', 'fk_soc', $fieldid, $isdraft); - -// retained warranty invoice available type -$retainedWarrantyInvoiceAvailableType = array(); -if (!empty($conf->global->INVOICE_USE_RETAINED_WARRANTY)) { - $retainedWarrantyInvoiceAvailableType = explode('+', $conf->global->INVOICE_USE_RETAINED_WARRANTY); -} +$result = restrictedArea($user, 'facture', $object->id, '', '', 'fk_soc', $fieldid, $isdraft); /* @@ -5459,7 +5459,7 @@ if ($action == 'create') { print '
'; print ''; // ancre - // Documents generes + // Generated documents $filename = dol_sanitizeFileName($object->ref); $filedir = $conf->facture->multidir_output[$object->entity].'/'.dol_sanitizeFileName($object->ref); $urlsource = $_SERVER['PHP_SELF'].'?facid='.$object->id; diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 69356287288..b0690675b53 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1543,6 +1543,13 @@ class Facture extends CommonInvoice } } + global $action, $hookmanager; + $hookmanager->initHooks(array('invoicedao')); + $parameters = array('id'=>$this->id, 'getnomurl'=>$result, 'notooltip' => $notooltip, 'addlinktonotes' => $addlinktonotes, 'save_lastsearch_value'=> $save_lastsearch_value, 'target' => $target); + $reshook = $hookmanager->executeHooks('getNomUrl', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks + if ($reshook > 0) $result = $hookmanager->resPrint; + else $result .= $hookmanager->resPrint; + return $result; } @@ -1553,7 +1560,7 @@ class Facture extends CommonInvoice * @param string $ref Reference of invoice * @param string $ref_ext External reference of invoice * @param int $notused Not used - * @param bool $fetch_situation Fetch the previous and next situation in $tab_previous_situation_invoice and $tab_next_situation_invoice + * @param bool $fetch_situation Load also the previous and next situation invoice into $tab_previous_situation_invoice and $tab_next_situation_invoice * @return int >0 if OK, <0 if KO, 0 if not found */ public function fetch($rowid, $ref = '', $ref_ext = '', $notused = '', $fetch_situation = false) diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php index dc1fe1e7c45..19e76b15c5c 100644 --- a/htdocs/compta/facture/contact.php +++ b/htdocs/compta/facture/contact.php @@ -48,9 +48,14 @@ $action = GETPOST('action', 'aZ09'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'facture', $id); $object = new Facture($db); +// Load object +if ($id > 0 || !empty($ref)) { + $ret = $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION); +} + +$result = restrictedArea($user, 'facture', $object->id); /* @@ -58,8 +63,6 @@ $object = new Facture($db); */ if ($action == 'addcontact' && $user->rights->facture->creer) { - $result = $object->fetch($id); - if ($result > 0 && $id > 0) { $contactid = (GETPOST('userid') ? GETPOST('userid', 'int') : GETPOST('contactid', 'int')); $typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type')); @@ -79,14 +82,9 @@ if ($action == 'addcontact' && $user->rights->facture->creer) { } } elseif ($action == 'swapstatut' && $user->rights->facture->creer) { // Toggle the status of a contact - if ($object->fetch($id)) { - $result = $object->swapContactStatus(GETPOST('ligne')); - } else { - dol_print_error($db); - } + $result = $object->swapContactStatus(GETPOST('ligne')); } elseif ($action == 'deletecontact' && $user->rights->facture->creer) { // Deletes a contact - $object->fetch($id); $result = $object->delete_contact($lineid); if ($result >= 0) { diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index c44aeae67ca..4c0544e3810 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -48,12 +48,6 @@ $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'facture', $id, ''); - // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -73,11 +67,17 @@ if (!$sortfield) { } $object = new Facture($db); -if ($object->fetch($id)) { +if ($object->fetch($id, $ref)) { $object->fetch_thirdparty(); $upload_dir = $conf->facture->dir_output."/".dol_sanitizeFileName($object->ref); } +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'facture', $object->id, ''); + /* * Actions diff --git a/htdocs/compta/facture/info.php b/htdocs/compta/facture/info.php index 97646d56103..5b9b7fc4316 100644 --- a/htdocs/compta/facture/info.php +++ b/htdocs/compta/facture/info.php @@ -38,6 +38,25 @@ $langs->loadLangs(array('companies', 'bills')); $id = GETPOST("facid", "int"); $ref = GETPOST("ref", 'alpha'); +$object = new Facture($db); +$extrafields = new ExtraFields($db); + +// Fetch optionals attributes and labels +$extrafields->fetch_name_optionals_label($object->table_element); + +// Load object +if ($id > 0 || !empty($ref)) { + $ret = $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION); +} + +// Security check +$fieldid = (!empty($ref) ? 'ref' : 'rowid'); +if ($user->socid) { + $socid = $user->socid; +} +$isdraft = (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0); +$result = restrictedArea($user, 'facture', $object->id, '', '', 'fk_soc', $fieldid, $isdraft); + /* * View @@ -46,11 +65,10 @@ $ref = GETPOST("ref", 'alpha'); $form = new Form($db); $title = $langs->trans('InvoiceCustomer')." - ".$langs->trans('Info'); -$helpurl = "EN:Customers_Invoices|FR:Factures_Clients|ES:Facturas_a_clientes"; -llxHeader('', $title, $helpurl); +$help_url = "EN:Customers_Invoices|FR:Factures_Clients|ES:Facturas_a_clientes"; + +llxHeader('', $title, $help_url); -$object = new Facture($db); -$object->fetch($id, $ref); $object->fetch_thirdparty(); $object->info($object->id); diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php index e419ed9260b..5d511aa6cd6 100644 --- a/htdocs/compta/facture/invoicetemplate_list.php +++ b/htdocs/compta/facture/invoicetemplate_list.php @@ -165,6 +165,11 @@ if ($socid > 0) { } } +$objecttype = 'facture_rec'; + +$result = restrictedArea($user, 'facture', $object->id, $objecttype); + + /* * Actions */ diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 8f3a54fe4ba..31365b33b58 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -187,7 +187,7 @@ if (empty($user->socid)) { $checkedtypetiers = 0; $arrayfields = array( 'f.ref'=>array('label'=>"Ref", 'checked'=>1, 'position'=>5), - 'f.ref_client'=>array('label'=>"RefCustomer", 'checked'=>1, 'position'=>10), + 'f.ref_client'=>array('label'=>"RefCustomer", 'checked'=>-1, 'position'=>10), 'f.type'=>array('label'=>"Type", 'checked'=>0, 'position'=>15), 'f.date'=>array('label'=>"DateInvoice", 'checked'=>1, 'position'=>20), 'f.date_valid'=>array('label'=>"DateValidation", 'checked'=>0, 'position'=>22), @@ -204,8 +204,8 @@ $arrayfields = array( 'typent.code'=>array('label'=>"ThirdPartyType", 'checked'=>$checkedtypetiers, 'position'=>75), 'f.fk_mode_reglement'=>array('label'=>"PaymentMode", 'checked'=>1, 'position'=>80), 'f.fk_cond_reglement'=>array('label'=>"PaymentConditionsShort", 'checked'=>1, 'position'=>85), - 'f.module_source'=>array('label'=>"Module", 'checked'=>($contextpage == 'poslist' ? 1 : 0), 'enabled'=>($conf->cashdesk->enabled || $conf->takepos->enabled || $conf->global->INVOICE_SHOW_POS), 'position'=>90), - 'f.pos_source'=>array('label'=>"Terminal", 'checked'=>($contextpage == 'poslist' ? 1 : 0), 'enabled'=>($conf->cashdesk->enabled || $conf->takepos->enabled || $conf->global->INVOICE_SHOW_POS), 'position'=>91), + 'f.module_source'=>array('label'=>"Module", 'checked'=>($contextpage == 'poslist' ? 1 : 0), 'enabled'=>((empty($conf->cashdesk->enabled) && empty($conf->takepos->enabled) && empty($conf->global->INVOICE_SHOW_POS)) ? 0 : 1), 'position'=>90), + 'f.pos_source'=>array('label'=>"Terminal", 'checked'=>($contextpage == 'poslist' ? 1 : 0), 'enabled'=>((empty($conf->cashdesk->enabled) && empty($conf->takepos->enabled) && empty($conf->global->INVOICE_SHOW_POS)) ? 0 : 1), 'position'=>91), 'f.total_ht'=>array('label'=>"AmountHT", 'checked'=>1, 'position'=>95), 'f.total_vat'=>array('label'=>"AmountVAT", 'checked'=>0, 'position'=>100), 'f.total_localtax1'=>array('label'=>$langs->transcountry("AmountLT1", $mysoc->country_code), 'checked'=>0, 'enabled'=>($mysoc->localtax1_assuj == "1"), 'position'=>110), @@ -493,6 +493,10 @@ if ($search_user > 0) { $sql .= ", ".MAIN_DB_PREFIX."element_contact as ec"; $sql .= ", ".MAIN_DB_PREFIX."c_type_contact as tc"; } +// Add table from hooks +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; @@ -689,10 +693,19 @@ if (!$sall) { $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key : ''); } } + // Add GroupBy from hooks + $parameters = array('all' => $all, 'fieldstosearchall' => $fieldstosearchall); + $reshook = $hookmanager->executeHooks('printFieldListGroupBy', $parameters, $object); // Note that $action and $object may have been modified by hook + $sql .= $hookmanager->resPrint; } else { $sql .= natural_search(array_keys($fieldstosearchall), $sall); } +// Add HAVING from hooks +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook +$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 ' . $hookmanager->resPrint) : ''; + $sql .= ' ORDER BY '; $listfield = explode(',', $sortfield); $listorder = explode(',', $sortorder); @@ -865,6 +878,10 @@ if ($resql) { // Add $param from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php'; + // Add $param from hooks + $parameters = array(); + $reshook = $hookmanager->executeHooks('printFieldListSearchParam', $parameters, $object); // Note that $action and $object may have been modified by hook + $param .= $hookmanager->resPrint; $arrayofmassactions = array( 'validate'=>$langs->trans("Validate"), diff --git a/htdocs/compta/facture/note.php b/htdocs/compta/facture/note.php index 23d4afb0417..f019d822529 100644 --- a/htdocs/compta/facture/note.php +++ b/htdocs/compta/facture/note.php @@ -41,6 +41,14 @@ $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); +$object = new Facture($db); +// Load object +if ($id > 0 || !empty($ref)) { + $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION); +} + +$permissionnote = $user->rights->facture->creer; // Used by the include of actions_setnotes.inc.php + // Security check $socid = 0; if ($user->socid) { @@ -48,11 +56,6 @@ if ($user->socid) { } $result = restrictedArea($user, 'facture', $id, ''); -$object = new Facture($db); -$object->fetch($id); - -$permissionnote = $user->rights->facture->creer; // Used by the include of actions_setnotes.inc.php - /* * Actions diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index 542d7aeb1bd..a4c19f4d039 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -272,6 +272,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql = "SELECT f.ref, f.rowid, f.total_ht, f.total_tva, f.total_ttc, f.type, f.ref_supplier, f.fk_statut as status, f.paye"; $sql .= ", s.nom as name"; $sql .= ", s.rowid as socid, s.email"; + $sql .= ", s.code_client, s.code_compta"; $sql .= ", s.code_fournisseur, s.code_compta_fournisseur"; $sql .= ", cc.rowid as country_id, cc.code as country_code"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f, ".MAIN_DB_PREFIX."societe as s LEFT JOIN ".MAIN_DB_PREFIX."c_country as cc ON cc.rowid = s.fk_pays"; diff --git a/htdocs/compta/localtax/card.php b/htdocs/compta/localtax/card.php index ee7dbb5e3f4..d4091a6df90 100644 --- a/htdocs/compta/localtax/card.php +++ b/htdocs/compta/localtax/card.php @@ -266,7 +266,7 @@ if ($id) { /* - * Action buttons + * Action bar */ print "
\n"; if ($object->rappro == 0) { diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index 675f8d64bcc..bc79ff07d47 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -227,7 +227,7 @@ if ($action == 'create') { print ''; print ''.$langs->trans("Comments").''; - print ''; + print ''; print ''; print ''; @@ -279,7 +279,7 @@ if ($action == 'create') { } $remaintopay = $objp->amount - $sumpaid; print ''; - print ''; + print ''; } else { print '-'; } diff --git a/htdocs/compta/prelevement/line.php b/htdocs/compta/prelevement/line.php index 4e55a78314f..68ca3795fe3 100644 --- a/htdocs/compta/prelevement/line.php +++ b/htdocs/compta/prelevement/line.php @@ -225,12 +225,9 @@ if ($id) { print ''; } - /* ************************************************************************** */ - /* */ - /* Barre d'action */ - /* */ - /* ************************************************************************** */ - + /* + * Action bar + */ print "
"; if ($action == '') { diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index 9c700f509f9..a22c0c51b73 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -49,18 +49,6 @@ $date_endday = GETPOST('date_endday', 'int'); $date_endyear = GETPOST('date_endyear', 'int'); $showaccountdetail = GETPOST('showaccountdetail', 'aZ09') ?GETPOST('showaccountdetail', 'aZ09') : 'no'; -// Security check -$socid = GETPOST('socid', 'int'); -if ($user->socid > 0) { - $socid = $user->socid; -} -if (!empty($conf->comptabilite->enabled)) { - $result = restrictedArea($user, 'compta', '', '', 'resultat'); -} -if (!empty($conf->accounting->enabled)) { - $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); -} - $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); @@ -151,6 +139,17 @@ if (GETPOST("modecompta", 'alpha')) { $AccCat = new AccountancyCategory($db); +// Security check +$socid = GETPOST('socid', 'int'); +if ($user->socid > 0) { + $socid = $user->socid; +} +if (!empty($conf->comptabilite->enabled)) { + $result = restrictedArea($user, 'compta', '', '', 'resultat'); +} +if (!empty($conf->accounting->enabled)) { + $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); +} /* diff --git a/htdocs/compta/resultat/index.php b/htdocs/compta/resultat/index.php index 228269d135e..e5b86ba762e 100644 --- a/htdocs/compta/resultat/index.php +++ b/htdocs/compta/resultat/index.php @@ -108,6 +108,14 @@ $year_end = $tmpe['year']; $nbofyear = ($year_end - $year_start) + 1; //var_dump("year_start=".$year_start." year_end=".$year_end." nbofyear=".$nbofyear." date_start=".dol_print_date($date_start, 'dayhour')." date_end=".dol_print_date($date_end, 'dayhour')); +// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES' or 'BOOKKEEPING') +$modecompta = $conf->global->ACCOUNTING_MODE; +if (!empty($conf->accounting->enabled)) { + $modecompta = 'BOOKKEEPING'; +} +if (GETPOST("modecompta", 'alpha')) { + $modecompta = GETPOST("modecompta", 'alpha'); +} // Security check $socid = GETPOST('socid', 'int'); @@ -121,15 +129,6 @@ if (!empty($conf->accounting->enabled)) { $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); } -// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES' or 'BOOKKEEPING') -$modecompta = $conf->global->ACCOUNTING_MODE; -if (!empty($conf->accounting->enabled)) { - $modecompta = 'BOOKKEEPING'; -} -if (GETPOST("modecompta", 'alpha')) { - $modecompta = GETPOST("modecompta", 'alpha'); -} - /* * View diff --git a/htdocs/compta/resultat/result.php b/htdocs/compta/resultat/result.php index df3a82a4b7f..91932100565 100644 --- a/htdocs/compta/resultat/result.php +++ b/htdocs/compta/resultat/result.php @@ -144,16 +144,20 @@ if (GETPOST("modecompta")) { $modecompta = GETPOST("modecompta", 'alpha'); } -// Security check -if ($user->socid > 0) { - accessforbidden(); -} -if (!$user->rights->accounting->comptarapport->lire) { - accessforbidden(); -} - $AccCat = new AccountancyCategory($db); +// Security check +$socid = GETPOST('socid', 'int'); +if ($user->socid > 0) { + $socid = $user->socid; +} +if (!empty($conf->comptabilite->enabled)) { + $result = restrictedArea($user, 'compta', '', '', 'resultat'); +} +if (!empty($conf->accounting->enabled)) { + $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); +} + /* * View diff --git a/htdocs/compta/sociales/card.php b/htdocs/compta/sociales/card.php index 430df926859..067c021fe75 100644 --- a/htdocs/compta/sociales/card.php +++ b/htdocs/compta/sociales/card.php @@ -48,7 +48,7 @@ $langs->loadLangs(array('compta', 'bills', 'banks', 'hrm')); $id = GETPOST('id', 'int'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm'); -$projectid = (GETPOST('projectid') ? GETPOST('projectid', 'int') : 0); +$fk_project = (GETPOST('fk_project') ? GETPOST('fk_project', 'int') : 0); $dateech = dol_mktime(GETPOST('echhour'), GETPOST('echmin'), GETPOST('echsec'), GETPOST('echmonth'), GETPOST('echday'), GETPOST('echyear')); $dateperiod = dol_mktime(GETPOST('periodhour'), GETPOST('periodmin'), GETPOST('periodsec'), GETPOST('periodmonth'), GETPOST('periodday'), GETPOST('periodyear')); @@ -93,7 +93,7 @@ if ($action == 'reopen' && $user->rights->tax->charges->creer) { // Link to a project if ($action == 'classin' && $user->rights->tax->charges->creer) { $object->fetch($id); - $object->setProject(GETPOST('projectid')); + $object->setProject(GETPOST('fk_project')); } if ($action == 'setfk_user' && $user->rights->tax->charges->creer) { @@ -360,20 +360,20 @@ if ($action == 'create') { print ''.$langs->trans("Project").''; - print img_picto('', 'project', 'class="pictofixedwidth"').$formproject->select_projects(-1, $projectid, 'fk_project', 0, 0, 1, 1, 0, 0, 0, '', 1); + print img_picto('', 'project', 'class="pictofixedwidth"').$formproject->select_projects(-1, $fk_project, 'fk_project', 0, 0, 1, 1, 0, 0, 0, '', 1); print ''; } // Payment Mode print ''.$langs->trans('PaymentMode').''; - $form->select_types_paiements($mode_reglement_id, 'mode_reglement_id'); + $form->select_types_paiements(GETPOST('mode_reglement_id', 'int'), 'mode_reglement_id'); print ''; // Bank Account if (!empty($conf->banque->enabled)) { print ''.$langs->trans('BankAccount').''; - print img_picto('', 'bank_account', 'class="pictofixedwidth"').$form->select_comptes($fk_account, 'fk_account', 0, '', 2, '', 0, '', 1); + print img_picto('', 'bank_account', 'class="pictofixedwidth"').$form->select_comptes(GETPOST('fk_account', 'int'), 'fk_account', 0, '', 2, '', 0, '', 1); print ''; } @@ -475,7 +475,7 @@ if ($id > 0) { $morehtmlref .= '
'; $morehtmlref .= ''; $morehtmlref .= ''; - $morehtmlref .= $formproject->select_projects(0, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); + $morehtmlref .= $formproject->select_projects(0, $object->fk_project, 'fk_project', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); $morehtmlref .= ''; $morehtmlref .= '
'; } else { diff --git a/htdocs/compta/stats/byratecountry.php b/htdocs/compta/stats/byratecountry.php index 79379ee0b24..1644a4ee5e3 100644 --- a/htdocs/compta/stats/byratecountry.php +++ b/htdocs/compta/stats/byratecountry.php @@ -44,16 +44,16 @@ $modecompta = (GETPOST('modecompta', 'alpha') ? GETPOST('modecompta', 'alpha') : $year = GETPOST("year", 'int'); $month = GETPOST("month", 'int'); if (empty($year)) { - $year_current = strftime("%Y", dol_now()); - $month_current = strftime("%m", dol_now()); + $year_current = dol_print_date(dol_now(), '%Y'); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year_current; } else { $year_current = $year; - $month_current = strftime("%m", dol_now()); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int"); diff --git a/htdocs/compta/stats/cabyprodserv.php b/htdocs/compta/stats/cabyprodserv.php index c6c0e8e0816..25d9d4b9460 100644 --- a/htdocs/compta/stats/cabyprodserv.php +++ b/htdocs/compta/stats/cabyprodserv.php @@ -52,8 +52,8 @@ if (GETPOST("modecompta")) { $modecompta = GETPOST("modecompta"); } -$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"]; -$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"]; +$sortorder = GETPOST("sortorder", 'aZ09'); +$sortfield = GETPOST("sortfield", 'aZ09'); if (!$sortorder) { $sortorder = "asc"; } @@ -89,16 +89,16 @@ $date_endyear = GETPOST("date_endyear"); $date_endmonth = GETPOST("date_endmonth"); $date_endday = GETPOST("date_endday"); if (empty($year)) { - $year_current = strftime("%Y", dol_now()); - $month_current = strftime("%m", dol_now()); + $year_current = dol_print_date(dol_now(), '%Y'); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year_current; } else { $year_current = $year; - $month_current = strftime("%m", dol_now()); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int"); diff --git a/htdocs/compta/stats/cabyuser.php b/htdocs/compta/stats/cabyuser.php index 62e6fb3135d..feae1f83594 100644 --- a/htdocs/compta/stats/cabyuser.php +++ b/htdocs/compta/stats/cabyuser.php @@ -51,8 +51,8 @@ if (GETPOST("modecompta")) { $modecompta = GETPOST("modecompta"); } -$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"]; -$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"]; +$sortorder = GETPOST("sortorder", 'aZ09'); +$sortfield = GETPOST("sortfield", 'aZ09'); if (!$sortorder) { $sortorder = "asc"; } @@ -61,25 +61,25 @@ if (!$sortfield) { } // Date range -$year = GETPOST("year"); -$month = GETPOST("month"); -$date_startyear = GETPOST("date_startyear"); -$date_startmonth = GETPOST("date_startmonth"); -$date_startday = GETPOST("date_startday"); -$date_endyear = GETPOST("date_endyear"); -$date_endmonth = GETPOST("date_endmonth"); -$date_endday = GETPOST("date_endday"); +$year = GETPOST("year", 'int'); +$month = GETPOST("month", 'int'); +$date_startyear = GETPOST("date_startyear", 'int'); +$date_startmonth = GETPOST("date_startmonth", 'int'); +$date_startday = GETPOST("date_startday", 'int'); +$date_endyear = GETPOST("date_endyear", 'int'); +$date_endmonth = GETPOST("date_endmonth", 'int'); +$date_endday = GETPOST("date_endday", 'int'); if (empty($year)) { - $year_current = strftime("%Y", dol_now()); - $month_current = strftime("%m", dol_now()); + $year_current = dol_print_date(dol_now(), '%Y'); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year_current; } else { $year_current = $year; - $month_current = strftime("%m", dol_now()); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, $_REQUEST["date_startmonth"], $_REQUEST["date_startday"], $_REQUEST["date_startyear"]); -$date_end = dol_mktime(23, 59, 59, $_REQUEST["date_endmonth"], $_REQUEST["date_endday"], $_REQUEST["date_endyear"]); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q") ?GETPOST("q") : 0; diff --git a/htdocs/compta/stats/casoc.php b/htdocs/compta/stats/casoc.php index c8c13ca8b27..aedae20b8f0 100644 --- a/htdocs/compta/stats/casoc.php +++ b/htdocs/compta/stats/casoc.php @@ -44,8 +44,8 @@ if (GETPOST("modecompta")) { $modecompta = GETPOST("modecompta"); } -$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"]; -$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"]; +$sortorder = GETPOST("sortorder", 'aZ09'); +$sortfield = GETPOST("sortfield", 'aZ09'); if (!$sortorder) { $sortorder = "asc"; } @@ -83,23 +83,23 @@ $search_societe = GETPOST("search_societe", 'alpha'); $search_zip = GETPOST("search_zip", 'alpha'); $search_town = GETPOST("search_town", 'alpha'); $search_country = GETPOST("search_country", 'alpha'); -$date_startyear = GETPOST("date_startyear", 'alpha'); -$date_startmonth = GETPOST("date_startmonth", 'alpha'); -$date_startday = GETPOST("date_startday", 'alpha'); -$date_endyear = GETPOST("date_endyear", 'alpha'); -$date_endmonth = GETPOST("date_endmonth", 'alpha'); -$date_endday = GETPOST("date_endday", 'alpha'); +$date_startyear = GETPOST("date_startyear", 'int'); +$date_startmonth = GETPOST("date_startmonth", 'int'); +$date_startday = GETPOST("date_startday", 'int'); +$date_endyear = GETPOST("date_endyear", 'int'); +$date_endmonth = GETPOST("date_endmonth", 'int'); +$date_endday = GETPOST("date_endday", 'int'); if (empty($year)) { - $year_current = strftime("%Y", dol_now()); - $month_current = strftime("%m", dol_now()); + $year_current = dol_print_date(dol_now(), '%Y'); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year_current; } else { $year_current = $year; - $month_current = strftime("%m", dol_now()); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int") ?GETPOST("q", "int") : 0; diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php index 083230da668..74589d2e391 100644 --- a/htdocs/compta/stats/index.php +++ b/htdocs/compta/stats/index.php @@ -51,8 +51,8 @@ if (empty($year)) { $month_current = dol_print_date(dol_now(), "%m"); $year_start = $year - ($nbofyear - 1); } -$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear); -$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear); +$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzuserrel'); // We define date_start and date_end if (empty($date_start) || empty($date_end)) { // We define date_start and date_end diff --git a/htdocs/compta/stats/supplier_turnover.php b/htdocs/compta/stats/supplier_turnover.php index b199dcbeb9c..141db21b73e 100644 --- a/htdocs/compta/stats/supplier_turnover.php +++ b/htdocs/compta/stats/supplier_turnover.php @@ -47,8 +47,8 @@ if (empty($year)) { $month_current = strftime("%m", dol_now()); $year_start = $year - ($nbofyear - 1); } -$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear); -$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear); +$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzuserrel'); // We define date_start and date_end if (empty($date_start) || empty($date_end)) { // We define date_start and date_end @@ -120,8 +120,6 @@ if (!empty($conf->accounting->enabled)) { } - - /* * View */ diff --git a/htdocs/compta/stats/supplier_turnover_by_prodserv.php b/htdocs/compta/stats/supplier_turnover_by_prodserv.php index bdf4e5e0f85..26659c851f9 100644 --- a/htdocs/compta/stats/supplier_turnover_by_prodserv.php +++ b/htdocs/compta/stats/supplier_turnover_by_prodserv.php @@ -30,27 +30,14 @@ require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; // Load translation files required by the page $langs->loadLangs(array("products", "categories", "errors", 'accountancy')); -// Security pack (data & check) -$socid = GETPOST('socid', 'int'); - -if ($user->socid > 0) { - $socid = $user->socid; -} -if (!empty($conf->comptabilite->enabled)) { - $result = restrictedArea($user, 'compta', '', '', 'resultat'); -} -if (!empty($conf->accounting->enabled)) { - $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); -} - // Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES') $modecompta = $conf->global->ACCOUNTING_MODE; if (GETPOST("modecompta")) { $modecompta = GETPOST("modecompta"); } -$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"]; -$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"]; +$sortorder = GETPOST("sortorder", 'aZ09'); +$sortfield = GETPOST("sortfield", 'aZ09'); if (!$sortorder) { $sortorder = "asc"; } @@ -84,16 +71,16 @@ $date_endyear = GETPOST("date_endyear"); $date_endmonth = GETPOST("date_endmonth"); $date_endday = GETPOST("date_endday"); if (empty($year)) { - $year_current = strftime("%Y", dol_now()); - $month_current = strftime("%m", dol_now()); + $year_current = dol_print_date(dol_now(), '%Y'); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year_current; } else { $year_current = $year; - $month_current = strftime("%m", dol_now()); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int"); @@ -204,6 +191,19 @@ foreach ($allparams as $key => $value) { $paramslink .= '&'.$key.'='.$value; } +// Security pack (data & check) +$socid = GETPOST('socid', 'int'); + +if ($user->socid > 0) { + $socid = $user->socid; +} +if (!empty($conf->comptabilite->enabled)) { + $result = restrictedArea($user, 'compta', '', '', 'resultat'); +} +if (!empty($conf->accounting->enabled)) { + $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); +} + /* * View diff --git a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php index fbfb0994e4a..0530d58ee87 100644 --- a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php +++ b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php @@ -38,8 +38,8 @@ if (GETPOST("modecompta")) { $modecompta = GETPOST("modecompta"); } -$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"]; -$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"]; +$sortorder = GETPOST("sortorder", 'aZ09'); +$sortfield = GETPOST("sortfield", 'aZ09'); if (!$sortorder) { $sortorder = "asc"; } @@ -59,17 +59,6 @@ if (GETPOST('subcat', 'alpha') === 'yes') { // Hook $hookmanager->initHooks(array('supplierturnoverbythirdpartylist')); -// Security check -if ($user->socid > 0) { - $socid = $user->socid; -} -if (!empty($conf->comptabilite->enabled)) { - $result = restrictedArea($user, 'compta', '', '', 'resultat'); -} -if (!empty($conf->accounting->enabled)) { - $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); -} - // Date range $year = GETPOST("year", 'int'); $month = GETPOST("month", 'int'); @@ -84,16 +73,16 @@ $date_endyear = GETPOST("date_endyear", 'alpha'); $date_endmonth = GETPOST("date_endmonth", 'alpha'); $date_endday = GETPOST("date_endday", 'alpha'); if (empty($year)) { - $year_current = strftime("%Y", dol_now()); - $month_current = strftime("%m", dol_now()); + $year_current = dol_print_date(dol_now(), '%Y'); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year_current; } else { $year_current = $year; - $month_current = strftime("%m", dol_now()); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int") ?GETPOST("q", "int") : 0; @@ -175,6 +164,17 @@ foreach ($allparams as $key => $value) { $paramslink .= '&'.$key.'='.$value; } +// Security check +if ($user->socid > 0) { + $socid = $user->socid; +} +if (!empty($conf->comptabilite->enabled)) { + $result = restrictedArea($user, 'compta', '', '', 'resultat'); +} +if (!empty($conf->accounting->enabled)) { + $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); +} + /* * View diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index 40261cb7f05..71e511397b6 100755 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -722,7 +722,7 @@ if ($id) { } /* - * Action buttons + * Action bar */ print "
\n"; if ($action != 'edit') { diff --git a/htdocs/compta/tva/index.php b/htdocs/compta/tva/index.php index 2b396fe6006..ba2669077c9 100644 --- a/htdocs/compta/tva/index.php +++ b/htdocs/compta/tva/index.php @@ -335,7 +335,7 @@ if ($refresh === true) { $tmp = dol_getdate($date_end); $yend = $tmp['year']; $mend = $tmp['mon']; -//var_dump($m); + //var_dump($m); $total = 0; $subtotalcoll = 0; $subtotalpaye = 0; diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index e75908adc10..bae45672257 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -8,7 +8,7 @@ * Copyright (C) 2013-2016 Alexandre Spangaro * Copyright (C) 2014 Juanjo Menent * Copyright (C) 2015 Jean-François Ferry - * Copyright (C) 2018-2020 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2019 Josep Lluís Amador * Copyright (C) 2020 Open-Dsi * @@ -1035,7 +1035,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Unsubscribe if (!empty($conf->mailing->enabled)) { - if ($conf->use_javascript_ajax && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS==-1) { + if ($conf->use_javascript_ajax && isset($conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS) && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS == -1) { print "\n".'