diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index a3fe601ae6e..7199423669a 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -303,7 +303,9 @@ if (empty($reshook)) { // Fill array 'array_options' with data from add form $ret = $extrafields->setOptionalsFromPost(null, $object); - if ($ret < 0) $error++; + if ($ret < 0) { + $error++; + } // Check if we need to also synchronize user information $nosyncuser = 0; @@ -317,62 +319,66 @@ if (empty($reshook)) { if ($user->id != $object->user_id && empty($user->rights->user->user->password)) $nosyncuserpass = 1; // Disable synchronizing } - $result = $object->update($user, 0, $nosyncuser, $nosyncuserpass); + if (!$error) { + $result = $object->update($user, 0, $nosyncuser, $nosyncuserpass); - if ($result >= 0 && !count($object->errors)) { - $categories = GETPOST('memcats', 'array'); - $object->setCategories($categories); + if ($result >= 0 && !count($object->errors)) { + $categories = GETPOST('memcats', 'array'); + $object->setCategories($categories); - // Logo/Photo save - $dir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos'; - $file_OK = is_uploaded_file($_FILES['photo']['tmp_name']); - if ($file_OK) { - if (GETPOST('deletephoto')) { - require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - $fileimg = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/'.$object->photo; - $dirthumbs = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/thumbs'; - dol_delete_file($fileimg); - dol_delete_dir_recursive($dirthumbs); - } + // Logo/Photo save + $dir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos'; + $file_OK = is_uploaded_file($_FILES['photo']['tmp_name']); + if ($file_OK) { + if (GETPOST('deletephoto')) { + require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + $fileimg = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/'.$object->photo; + $dirthumbs = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/thumbs'; + dol_delete_file($fileimg); + dol_delete_dir_recursive($dirthumbs); + } - if (image_format_supported($_FILES['photo']['name']) > 0) { - dol_mkdir($dir); + if (image_format_supported($_FILES['photo']['name']) > 0) { + dol_mkdir($dir); - if (@is_dir($dir)) { - $newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']); - if (!dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']) > 0) { - setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors'); - } else { - // Create thumbs - $object->addThumbs($newfile); - } - } - } else { - setEventMessages("ErrorBadImageFormat", null, 'errors'); - } - } else { - switch ($_FILES['photo']['error']) { - case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini - case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form - $errors[] = "ErrorFileSizeTooLarge"; - break; - case 3: //uploaded file was only partially uploaded - $errors[] = "ErrorFilePartiallyUploaded"; - break; - } - } + if (@is_dir($dir)) { + $newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']); + if (!dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']) > 0) { + setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors'); + } else { + // Create thumbs + $object->addThumbs($newfile); + } + } + } else { + setEventMessages("ErrorBadImageFormat", null, 'errors'); + } + } else { + switch ($_FILES['photo']['error']) { + case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini + case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form + $errors[] = "ErrorFileSizeTooLarge"; + break; + case 3: //uploaded file was only partially uploaded + $errors[] = "ErrorFilePartiallyUploaded"; + break; + } + } - $rowid = $object->id; - $id = $object->id; - $action = ''; + $rowid = $object->id; + $id = $object->id; + $action = ''; - if (!empty($backtopage)) { - header("Location: ".$backtopage); - exit; - } + if (!empty($backtopage)) { + header("Location: ".$backtopage); + exit; + } + } else { + setEventMessages($object->error, $object->errors, 'errors'); + $action = ''; + } } else { - setEventMessages($object->error, $object->errors, 'errors'); - $action = ''; + $action = 'edit'; } } else { $action = 'edit'; diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index c71029769f2..b6ae7cdbfc2 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -474,7 +474,7 @@ class FormOther //Add hook to filter on user (for exemple on usergroup define in custom modules) if (!empty($reshook)) $sql_usr .= $hookmanager->resArray[1]; } - $sql_usr .= " ORDER BY statut DESC, lastname ASC"; // Do not use 'ORDER BY u.statut' here, not compatible with the UNION. + $sql_usr .= " ORDER BY status DESC, lastname ASC"; // Do not use 'ORDER BY u.statut' here, not compatible with the UNION. //print $sql_usr;exit; $resql_usr = $this->db->query($sql_usr); diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index ffb214e3830..534a7ec09f5 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -175,10 +175,10 @@ if ($action == 'addtimespent' && $user->rights->projet->lire) $action = 'createtime'; $error++; } else { - $object->timespent_note = $_POST["timespent_note"]; + $object->timespent_note = GETPOST('timespent_note', 'alpha'); if (GETPOST('progress', 'int') > 0) $object->progress = GETPOST('progress', 'int'); // If progress is -1 (not defined), we do not change value - $object->timespent_duration = $_POST["timespent_durationhour"] * 60 * 60; // We store duration in seconds - $object->timespent_duration += ($_POST["timespent_durationmin"] ? $_POST["timespent_durationmin"] : 0) * 60; // We store duration in seconds + $object->timespent_duration = GETPOSTINT("timespent_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOSTINT('timespent_durationmin') ? GETPOSTINT('timespent_durationmin') : 0) * 60; // We store duration in seconds if (GETPOST("timehour") != '' && GETPOST("timehour") >= 0) // If hour was entered { $object->timespent_date = dol_mktime(GETPOST("timehour"), GETPOST("timemin"), 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear")); @@ -224,10 +224,10 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us $result = $object->delTimeSpent($user); $object->fetch($id, $ref); - $object->timespent_note = $_POST["timespent_note_line"]; - $object->timespent_old_duration = $_POST["old_duration"]; - $object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds - $object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds + $object->timespent_note = GETPOST('timespent_note_line', 'alpha'); + $object->timespent_old_duration = GETPOST("old_duration"); + $object->timespent_duration = GETPOSTINT("new_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOSTINT("new_durationmin") ? GETPOSTINT('new_durationmin') : 0) * 60; // We store duration in seconds if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) // If hour was entered { $object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); @@ -248,11 +248,11 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us $object->fetch($id, $ref); // TODO Check that ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids)) - $object->timespent_id = $_POST["lineid"]; - $object->timespent_note = $_POST["timespent_note_line"]; - $object->timespent_old_duration = $_POST["old_duration"]; - $object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds - $object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds + $object->timespent_id = GETPOST("lineid", 'int'); + $object->timespent_note = GETPOST('timespent_note_line', 'alpha'); + $object->timespent_old_duration = GETPOST("old_duration"); + $object->timespent_duration = GETPOSTINT("new_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOSTINT("new_durationmin") ? GETPOSTINT('new_durationmin') : 0) * 60; // We store duration in seconds if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) // If hour was entered { $object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); @@ -260,7 +260,7 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us } else { $object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); } - $object->timespent_fk_user = $_POST["userid_line"]; + $object->timespent_fk_user = GETPOST("userid_line", 'int'); $result = $object->updateTimeSpent($user); if ($result >= 0)