diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index c18e0e7a6df..5b91caa2673 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1445,12 +1445,13 @@ class Propal extends CommonObject /** * Load a proposal from database. Get also lines. * - * @param int $rowid id of object to load - * @param string $ref Ref of proposal - * @param string $ref_ext Ref ext of proposal - * @return int >0 if OK, <0 if KO + * @param int $rowid id of object to load + * @param string $ref Ref of proposal + * @param string $ref_ext Ref ext of proposal + * @param int $forceentity Entity id to force + * @return int >0 if OK, <0 if KO */ - public function fetch($rowid, $ref = '', $ref_ext = '') + public function fetch($rowid, $ref = '', $ref_ext = '', $forceentity = 0) { $sql = "SELECT p.rowid, p.ref, p.entity, p.remise, p.remise_percent, p.remise_absolue, p.fk_soc"; $sql .= ", p.total_ttc, p.total_tva, p.localtax1, p.localtax2, p.total_ht"; @@ -1489,10 +1490,15 @@ class Propal extends CommonObject $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_input_reason as dr ON p.fk_input_reason = dr.rowid'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON p.fk_incoterms = i.rowid'; - if ($ref) { - $sql .= " WHERE p.entity IN (".getEntity('propal').")"; // Dont't use entity if you use rowid + if (!empty($ref)) { + if (!empty($forceentity)) { + $sql .= " WHERE p.entity = ".(int) $forceentity; // Check only the current entity because we may have the same reference in several entities + } else { + $sql .= " WHERE p.entity IN (".getEntity('propal').")"; + } $sql .= " AND p.ref='".$this->db->escape($ref)."'"; } else { + // Dont't use entity if you use rowid $sql .= " WHERE p.rowid = ".((int) $rowid); } diff --git a/htdocs/core/lib/signature.lib.php b/htdocs/core/lib/signature.lib.php index c57807800d7..6a8d824872d 100644 --- a/htdocs/core/lib/signature.lib.php +++ b/htdocs/core/lib/signature.lib.php @@ -26,7 +26,7 @@ */ function showOnlineSignatureUrl($type, $ref) { - global $conf, $langs; + global $langs; // Load translation files required by the page $langs->loadLangs(array("payment", "paybox")); @@ -59,7 +59,8 @@ function showOnlineSignatureUrl($type, $ref) */ function getOnlineSignatureUrl($mode, $type, $ref = '', $localorexternal = 1) { - global $conf, $db, $langs, $dolibarr_main_url_root; + global $conf, $dolibarr_main_url_root; + global $object; $ref = str_replace(' ', '', $ref); $out = ''; @@ -90,7 +91,7 @@ function getOnlineSignatureUrl($mode, $type, $ref = '', $localorexternal = 1) if ($mode == 1) { $out .= "hash('".$securekeyseed."' + '".$type."' + proposal_ref)"; } else { - $out .= '&securekey='.dol_hash($securekeyseed.$type.$ref, '0'); + $out .= '&securekey='.dol_hash($securekeyseed.$type.$ref.$object->entity, '0'); } /* if ($mode == 1) { @@ -120,7 +121,7 @@ function getOnlineSignatureUrl($mode, $type, $ref = '', $localorexternal = 1) // For multicompany if (!empty($out) && !empty($conf->multicompany->enabled)) { - $out .= "&entity=".$conf->entity; // Check the entity because we may have the same reference in several entities + $out .= "&entity=".$object->entity; // Check the entity of object because we may have the same reference in several entities } return $out; diff --git a/htdocs/public/onlinesign/newonlinesign.php b/htdocs/public/onlinesign/newonlinesign.php index d1020dc2c1d..9ebea80aeb3 100644 --- a/htdocs/public/onlinesign/newonlinesign.php +++ b/htdocs/public/onlinesign/newonlinesign.php @@ -126,7 +126,7 @@ $creditor = $mysoc->name; $type = $source; if ($source == 'proposal') { $object = new Propal($db); - $object->fetch(0, $ref); + $object->fetch(0, $ref, '', $entity); } else { accessforbidden('Bad value for source'); exit; @@ -139,7 +139,7 @@ if ($source == 'proposal') { $securekeyseed = $conf->global->PROPOSAL_ONLINE_SIGNATURE_SECURITY_TOKEN; } -if (!dol_verifyHash($securekeyseed.$type.$ref, $SECUREKEY, '0')) { +if (!dol_verifyHash($securekeyseed.$type.$ref.$object->entity, $SECUREKEY, '0')) { http_response_code(403); print 'Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref); exit(-1); @@ -288,18 +288,8 @@ $error = 0; // Signature on commercial proposal if ($source == 'proposal') { $found = true; - $langs->load("proposal"); - require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; - - $proposal = new Propal($db); - $result = $proposal->fetch('', $ref); - if ($result <= 0) { - $mesg = $proposal->error; - $error++; - } else { - $result = $proposal->fetch_thirdparty($proposal->socid); - } + $result = $object->fetch_thirdparty($object->socid); // Creditor @@ -315,39 +305,39 @@ if ($source == 'proposal') { print ''.$langs->trans("ThirdParty"); print ''; print img_picto('', 'company', 'class="pictofixedwidth"'); - print ''.$proposal->thirdparty->name.''; + print ''.$object->thirdparty->name.''; print ''."\n"; // Amount print ''.$langs->trans("Amount"); print ''; - print ''.price($proposal->total_ttc, 0, $langs, 1, -1, -1, $conf->currency).''; + print ''.price($object->total_ttc, 0, $langs, 1, -1, -1, $conf->currency).''; print ''."\n"; // Object - $text = ''.$langs->trans("SignatureProposalRef", $proposal->ref).''; + $text = ''.$langs->trans("SignatureProposalRef", $object->ref).''; print ''.$langs->trans("Designation"); print ''.$text; - if ($proposal->status == $proposal::STATUS_VALIDATED) { - $directdownloadlink = $proposal->getLastMainDocLink('proposal'); + if ($object->status == $object::STATUS_VALIDATED) { + $directdownloadlink = $object->getLastMainDocLink('proposal'); if ($directdownloadlink) { print '
'; - print img_mime($proposal->last_main_doc, ''); + print img_mime($object->last_main_doc, ''); print $langs->trans("DownloadDocument").''; } } else { - $last_main_doc_file = $proposal->last_main_doc; + $last_main_doc_file = $object->last_main_doc; - if ($proposal->status == $proposal::STATUS_NOTSIGNED) { - $directdownloadlink = $proposal->getLastMainDocLink('proposal'); + if ($object->status == $object::STATUS_NOTSIGNED) { + $directdownloadlink = $object->getLastMainDocLink('proposal'); if ($directdownloadlink) { print '
'; - print img_mime($proposal->last_main_doc, ''); + print img_mime($object->last_main_doc, ''); print $langs->trans("DownloadDocument").''; } - } elseif ($proposal->status == $proposal::STATUS_SIGNED || $proposal->status == $proposal::STATUS_BILLED) { + } elseif ($object->status == $object::STATUS_SIGNED || $object->status == $object::STATUS_BILLED) { if (preg_match('/_signed-(\d+)/', $last_main_doc_file)) { // If the last main doc has been signed $last_main_doc_file_not_signed = preg_replace('/_signed-(\d+)/', '', $last_main_doc_file); @@ -355,10 +345,10 @@ if ($source == 'proposal') { $datefilenotsigned = dol_filemtime($last_main_doc_file_not_signed); if (empty($datefilenotsigned) || $datefilesigned > $datefilenotsigned) { - $directdownloadlink = $proposal->getLastMainDocLink('proposal'); + $directdownloadlink = $object->getLastMainDocLink('proposal'); if ($directdownloadlink) { print '
'; - print img_mime($proposal->last_main_doc, ''); + print img_mime($object->last_main_doc, ''); print $langs->trans("DownloadDocument").''; } } @@ -367,7 +357,7 @@ if ($source == 'proposal') { } print ''; - print ''; + print ''; print ''."\n"; // TODO Add link to download PDF (similar code than for invoice)