From 165d34ec56d12e29b79ab12235d7ca9bffcd9dbb Mon Sep 17 00:00:00 2001 From: Ferran Marcet Date: Fri, 29 Oct 2021 12:49:27 +0200 Subject: [PATCH 01/72] Fix: Import don't work if extrafield is separator --- htdocs/core/modules/modAdherent.class.php | 2 +- htdocs/core/modules/modBom.class.php | 4 ++-- htdocs/core/modules/modCommande.class.php | 4 ++-- htdocs/core/modules/modFournisseur.class.php | 8 ++++---- htdocs/core/modules/modProduct.class.php | 4 ++-- htdocs/core/modules/modProjet.class.php | 2 +- htdocs/core/modules/modPropale.class.php | 4 ++-- htdocs/core/modules/modResource.class.php | 2 +- htdocs/core/modules/modService.class.php | 2 +- htdocs/core/modules/modSociete.class.php | 4 ++-- htdocs/core/modules/modUser.class.php | 2 +- 11 files changed, 19 insertions(+), 19 deletions(-) diff --git a/htdocs/core/modules/modAdherent.class.php b/htdocs/core/modules/modAdherent.class.php index 074969451c1..a3942220286 100644 --- a/htdocs/core/modules/modAdherent.class.php +++ b/htdocs/core/modules/modAdherent.class.php @@ -349,7 +349,7 @@ class modAdherent extends DolibarrModules $this->import_fields_array[$r]['a.fk_soc'] = "ThirdParty"; } // Add extra fields - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'adherent' AND entity IN (0,".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'adherent' AND entity IN (0,".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { // This can fail when class is used on old database (during migration for example) while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/core/modules/modBom.class.php b/htdocs/core/modules/modBom.class.php index 18f46fda70f..febc6135fab 100644 --- a/htdocs/core/modules/modBom.class.php +++ b/htdocs/core/modules/modBom.class.php @@ -352,7 +352,7 @@ class modBom extends DolibarrModules // Add extra fields $import_extrafield_sample = []; - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'bom_bom' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'bom_bom' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { @@ -422,7 +422,7 @@ class modBom extends DolibarrModules ]; // Add extra fields - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'bom_bomline' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'bom_bomline' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/core/modules/modCommande.class.php b/htdocs/core/modules/modCommande.class.php index 4275d806d40..6e486420328 100644 --- a/htdocs/core/modules/modCommande.class.php +++ b/htdocs/core/modules/modCommande.class.php @@ -322,7 +322,7 @@ class modCommande extends DolibarrModules // Add extra fields $import_extrafield_sample = []; - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'commande' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'commande' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { @@ -404,7 +404,7 @@ class modCommande extends DolibarrModules } // Add extra fields - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'commandedet' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'commandedet' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/core/modules/modFournisseur.class.php b/htdocs/core/modules/modFournisseur.class.php index 5d71a5abdc8..4150ab019b3 100644 --- a/htdocs/core/modules/modFournisseur.class.php +++ b/htdocs/core/modules/modFournisseur.class.php @@ -541,7 +541,7 @@ class modFournisseur extends DolibarrModules } // Add extra fields $import_extrafield_sample = []; - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'facture_fourn' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'facture_fourn' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { while ($obj = $this->db->fetch_object($resql)) { @@ -628,7 +628,7 @@ class modFournisseur extends DolibarrModules } // Add extra fields $import_extrafield_sample = []; - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'facture_fourn_det' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'facture_fourn_det' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { while ($obj = $this->db->fetch_object($resql)) { @@ -717,7 +717,7 @@ class modFournisseur extends DolibarrModules // Add extra fields $import_extrafield_sample = []; - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'commande_fournisseur' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'commande_fournisseur' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { @@ -794,7 +794,7 @@ class modFournisseur extends DolibarrModules } // Add extra fields - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'commande_fournisseurdet' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'commande_fournisseurdet' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index 37cda4b7b30..1736abef905 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -636,7 +636,7 @@ class modProduct extends DolibarrModules // Add extra fields $import_extrafield_sample = array(); - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'product' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'product' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { // This can fail when class is used on old database (during migration for example) while ($obj = $this->db->fetch_object($resql)) { @@ -797,7 +797,7 @@ class modProduct extends DolibarrModules // Add extra fields $import_extrafield_sample = array(); - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'product_fournisseur_price' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'product_fournisseur_price' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { // This can fail when class is used on old database (during migration for example) while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/core/modules/modProjet.class.php b/htdocs/core/modules/modProjet.class.php index 7acbb2bfb68..621d799d4f6 100644 --- a/htdocs/core/modules/modProjet.class.php +++ b/htdocs/core/modules/modProjet.class.php @@ -296,7 +296,7 @@ class modProjet extends DolibarrModules $this->import_tables_array[$r] = array('t'=>MAIN_DB_PREFIX.'projet_task', 'extra'=>MAIN_DB_PREFIX.'projet_task_extrafields'); // List of tables to insert into (insert done in same order) $this->import_fields_array[$r] = array('t.fk_projet'=>'ProjectRef*', 't.ref'=>'RefTask*', 't.label'=>'LabelTask*', 't.dateo'=>"DateStart", 't.datee'=>"DateEnd", 't.planned_workload'=>"PlannedWorkload", 't.progress'=>"Progress", 't.note_private'=>"NotePrivate", 't.note_public'=>"NotePublic", 't.datec'=>"DateCreation"); // Add extra fields - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'projet_task' AND entity IN (0,".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'projet_task' AND entity IN (0,".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { // This can fail when class is used on old database (during migration for example) while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/core/modules/modPropale.class.php b/htdocs/core/modules/modPropale.class.php index eb589fc1759..becab61f862 100644 --- a/htdocs/core/modules/modPropale.class.php +++ b/htdocs/core/modules/modPropale.class.php @@ -302,7 +302,7 @@ class modPropale extends DolibarrModules } // Add extra fields $import_extrafield_sample = []; - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'propal' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'propal' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { while ($obj = $this->db->fetch_object($resql)) { @@ -386,7 +386,7 @@ class modPropale extends DolibarrModules } // Add extra fields $import_extrafield_sample = []; - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'propaldet' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'propaldet' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/core/modules/modResource.class.php b/htdocs/core/modules/modResource.class.php index 6f2d3f8d409..7a042cf5ff7 100644 --- a/htdocs/core/modules/modResource.class.php +++ b/htdocs/core/modules/modResource.class.php @@ -268,7 +268,7 @@ class modResource extends DolibarrModules $this->import_tables_array[$r] = array('r'=>MAIN_DB_PREFIX.'resource', 'extra'=>MAIN_DB_PREFIX.'resource_extrafields'); // List of tables to insert into (insert done in same order) $this->import_fields_array[$r] = array('r.ref'=>"ResourceFormLabel_ref*", 'r.fk_code_type_resource'=>'ResourceTypeCode', 'r.description'=>'ResourceFormLabel_description', 'r.note_private'=>"NotePrivate", 'r.note_public'=>"NotePublic", 'r.asset_number'=>'AssetNumber', 'r.datec'=>'DateCreation'); // Add extra fields - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'resource' AND entity IN (0,".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'resource' AND entity IN (0,".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { // This can fail when class is used on old database (during migration for example) while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/core/modules/modService.class.php b/htdocs/core/modules/modService.class.php index 21a26bdc750..60383bf3bea 100644 --- a/htdocs/core/modules/modService.class.php +++ b/htdocs/core/modules/modService.class.php @@ -584,7 +584,7 @@ class modService extends DolibarrModules } // Add extra fields $import_extrafield_sample = array(); - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'product' AND entity IN (0,".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'product' AND entity IN (0,".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { // This can fail when class is used on old database (during migration for example) while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index 7c3d93499e4..41d21874c31 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -496,7 +496,7 @@ class modSociete extends DolibarrModules $this->import_fields_array[$r] += array('s.accountancy_code_sell'=>'ProductAccountancySellCode', 's.accountancy_code_buy'=>'ProductAccountancyBuyCode'); } // Add extra fields - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'societe' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'societe' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { // This can fail when class is used on old database (during migration for example) while ($obj = $this->db->fetch_object($resql)) { @@ -674,7 +674,7 @@ class modSociete extends DolibarrModules 's.note_public' => "NotePublic" ); // Add extra fields - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'socpeople' AND entity IN (0, ".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'socpeople' AND entity IN (0, ".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { // This can fail when class is used on an old database (during a migration for example) while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/core/modules/modUser.class.php b/htdocs/core/modules/modUser.class.php index e54ac7bd440..47cd04ecd26 100644 --- a/htdocs/core/modules/modUser.class.php +++ b/htdocs/core/modules/modUser.class.php @@ -298,7 +298,7 @@ class modUser extends DolibarrModules 'u.statut'=>'Status' ); // Add extra fields - $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'user' AND entity IN (0,".$conf->entity.")"; + $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type != 'separate' AND elementtype = 'user' AND entity IN (0,".$conf->entity.")"; $resql = $this->db->query($sql); if ($resql) { // This can fail when class is used on old database (during migration for example) while ($obj = $this->db->fetch_object($resql)) { From 7b655a1ae2cc79c5da9abe5461fc5131e701fce1 Mon Sep 17 00:00:00 2001 From: atm-greg Date: Mon, 21 Feb 2022 11:25:28 +0100 Subject: [PATCH 02/72] fix missing hooks and line total for totalizable extrafields --- htdocs/reception/list.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index 8f07d1bede7..9f98202099a 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -491,6 +491,9 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."delivery as l ON l.rowid = ee.fk_target"; if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; $sql .= " WHERE e.entity IN (".getEntity('reception').")"; if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all $sql .= " AND e.fk_soc = sc.fk_soc"; @@ -976,6 +979,9 @@ while ($i < min($num, $limit)) { { }*/ print "\n"; + if (!$i) { + $totalarray['nbfield']++; + } } if (!empty($arrayfields['l.ref']['checked']) || !empty($arrayfields['l.date_delivery']['checked'])) { @@ -1071,6 +1077,13 @@ if ($num == 0) { print ''.$langs->trans("NoRecordFound").''; } +// Show total line +include DOL_DOCUMENT_ROOT.'/core/tpl/list_print_total.tpl.php'; + +$parameters = array('arrayfields'=>$arrayfields, 'sql'=>$sql); +$reshook = $hookmanager->executeHooks('printFieldListFooter', $parameters); // Note that $action and $object may have been modified by hook +print $hookmanager->resPrint; + print ""; print ""; print ''; From 1574254dcfeecf2a500cdb777239894f809f2ecc Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Tue, 22 Feb 2022 17:13:26 +0100 Subject: [PATCH 03/72] FIX: viewimage.php: bad call to dol_check_secure_access_document() caused images to be blocked with multicompany from entities > 1 --- htdocs/viewimage.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 3cb23b36fbc..50836186c7f 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -185,7 +185,7 @@ $refname = basename(dirname($original_file)."/"); // Security check if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart', 0, 0, 1); -$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname); +$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $user, $refname); $accessallowed = $check_access['accessallowed']; $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals']; $fullpath_original_file = $check_access['original_file']; // $fullpath_original_file is now a full path name From 0510d84263a9b4088a2855453736a32c0968d5c9 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 23 Feb 2022 06:08:20 +0100 Subject: [PATCH 04/72] FIX Invoice - When you create an invoice and defined a thirdparty, fk_account is not retrieved from company card --- htdocs/compta/facture/card.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 4230a22daaf..ff39e29ab00 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -2898,6 +2898,9 @@ if ($action == 'create') { if (empty($mode_reglement_id)) { $mode_reglement_id = $soc->mode_reglement_id; } + if (empty($fk_account)) { + $fk_account = $soc->fk_account; + } if (!$remise_percent) { $remise_percent = $soc->remise_percent; } @@ -3005,6 +3008,11 @@ if ($action == 'create') { $mode_reglement_id = GETPOST("mode_reglement_id", 'int'); } + // when bank account is empty (means not override by payment mode form a other object, like third-party), try to use default value + if (empty($fk_account)) { + $fk_account = GETPOST("fk_account", 'int'); + } + if (!empty($soc->id)) { $absolute_discount = $soc->getAvailableDiscounts(); } @@ -3607,8 +3615,8 @@ if ($action == 'create') { // Bank Account if (!empty($conf->banque->enabled)) { print ''.$langs->trans('BankAccount').''; - $fk_account = GETPOST('fk_account', 'int'); - print img_picto('', 'bank_account', 'class="pictofixedwidth"').$form->select_comptes(($fk_account < 0 ? '' : $fk_account), 'fk_account', 0, '', 1, '', 0, 'maxwidth200 widthcentpercentminusx', 1); + print img_picto('', 'bank_account', 'class="pictofixedwidth"'); + print $form->select_comptes(GETPOSTISSET('fk_account') ? GETPOST('fk_account') : $fk_account, 'fk_account', 0, '', 1, '', 0, 'maxwidth200 widthcentpercentminusx', 1); print ''; } From c242a0561bbb4c000df21d337b492732597aaf27 Mon Sep 17 00:00:00 2001 From: Francis Appels Date: Fri, 25 Feb 2022 16:11:16 +0100 Subject: [PATCH 05/72] Fix shipping list, e.shipping_method_id should be e.fk_shipping_method. Disabled searchall for shipping method, does not work. --- htdocs/expedition/list.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index 378d95e00c8..2d81c5e0545 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -116,7 +116,7 @@ $fieldstosearchall = array( 'e.ref'=>"Ref", 's.nom'=>"ThirdParty", 'e.note_public'=>'NotePublic', - 'e.shipping_method_id'=>'SendingMethod', + //'e.fk_shipping_method'=>'SendingMethod', // TODO fix this, does not work 'e.tracking_number'=>"TrackingNumber", ); if (empty($user->socid)) { @@ -134,7 +134,7 @@ $arrayfields = array( 'country.code_iso'=>array('label'=>$langs->trans("Country"), 'checked'=>0, 'position'=>7), 'typent.code'=>array('label'=>$langs->trans("ThirdPartyType"), 'checked'=>$checkedtypetiers, 'position'=>8), 'e.date_delivery'=>array('label'=>$langs->trans("DateDeliveryPlanned"), 'checked'=>1, 'position'=>9), - 'e.shipping_method_id'=>array('label'=>$langs->trans('SendingMethod'), 'checked'=>1, 'position'=>10), + 'e.fk_shipping_method'=>array('label'=>$langs->trans('SendingMethod'), 'checked'=>1, 'position'=>10), 'e.tracking_number'=>array('label'=>$langs->trans("TrackingNumber"), 'checked'=>1, 'position'=>11), 'e.weight'=>array('label'=>$langs->trans("Weight"), 'checked'=>0, 'position'=>12), 'e.datec'=>array('label'=>$langs->trans("DateCreation"), 'checked'=>0, 'position'=>500), @@ -654,7 +654,7 @@ if (!empty($arrayfields['e.date_delivery']['checked'])) { print ''; print ''; } -if (!empty($arrayfields['e.shipping_method_id']['checked'])) { +if (!empty($arrayfields['e.fk_shipping_method']['checked'])) { // Delivery method print ''; $shipment->fetch_delivery_methods(); @@ -751,8 +751,8 @@ if (!empty($arrayfields['e.weight']['checked'])) { if (!empty($arrayfields['e.date_delivery']['checked'])) { print_liste_field_titre($arrayfields['e.date_delivery']['label'], $_SERVER["PHP_SELF"], "e.date_delivery", "", $param, '', $sortfield, $sortorder, 'center '); } -if (!empty($arrayfields['e.shipping_method_id']['checked'])) { - print_liste_field_titre($arrayfields['e.shipping_method_id']['label'], $_SERVER["PHP_SELF"], "e.fk_shipping_method", "", $param, '', $sortfield, $sortorder, 'center '); +if (!empty($arrayfields['e.fk_shipping_method']['checked'])) { + print_liste_field_titre($arrayfields['e.fk_shipping_method']['label'], $_SERVER["PHP_SELF"], "e.fk_shipping_method", "", $param, '', $sortfield, $sortorder, 'center '); } if (!empty($arrayfields['e.tracking_number']['checked'])) { print_liste_field_titre($arrayfields['e.tracking_number']['label'], $_SERVER["PHP_SELF"], "e.tracking_number", "", $param, '', $sortfield, $sortorder, 'center '); @@ -901,7 +901,7 @@ while ($i < min($num, $limit)) { print dol_print_date($db->jdate($obj->delivery_date), "dayhour"); print "\n"; } - if (!empty($arrayfields['e.shipping_method_id']['checked'])) { + if (!empty($arrayfields['e.fk_shipping_method']['checked'])) { // Get code using getLabelFromKey $code=$langs->getLabelFromKey($db, $shipment->shipping_method_id, 'c_shipment_mode', 'rowid', 'code'); print ''; From 18a8eac1cd4f79757abd6f48c86e486d6135cfcb Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sat, 26 Feb 2022 07:17:44 +0100 Subject: [PATCH 06/72] Modify fix --- htdocs/compta/facture/card.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index ff39e29ab00..6fdccb366c2 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -3009,9 +3009,7 @@ if ($action == 'create') { } // when bank account is empty (means not override by payment mode form a other object, like third-party), try to use default value - if (empty($fk_account)) { - $fk_account = GETPOST("fk_account", 'int'); - } + $fk_account = GETPOSTISSET("fk_account") ? GETPOST("fk_account", 'int') : $fk_account; if (!empty($soc->id)) { $absolute_discount = $soc->getAvailableDiscounts(); @@ -3616,7 +3614,7 @@ if ($action == 'create') { if (!empty($conf->banque->enabled)) { print ''.$langs->trans('BankAccount').''; print img_picto('', 'bank_account', 'class="pictofixedwidth"'); - print $form->select_comptes(GETPOSTISSET('fk_account') ? GETPOST('fk_account') : $fk_account, 'fk_account', 0, '', 1, '', 0, 'maxwidth200 widthcentpercentminusx', 1); + print $form->select_comptes($fk_account, 'fk_account', 0, '', 1, '', 0, 'maxwidth200 widthcentpercentminusx', 1); print ''; } From 3e41c9cb9769ebabaf7b5ffcdccfe95e28d17c68 Mon Sep 17 00:00:00 2001 From: Francis Appels Date: Sat, 26 Feb 2022 11:13:02 +0100 Subject: [PATCH 07/72] FIX: Show product photo on Supplier order Cornas model. --- .../supplier_order/doc/pdf_cornas.modules.php | 41 +++++++++---------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/htdocs/core/modules/supplier_order/doc/pdf_cornas.modules.php b/htdocs/core/modules/supplier_order/doc/pdf_cornas.modules.php index 5fcd0ee20de..8d8df36e088 100644 --- a/htdocs/core/modules/supplier_order/doc/pdf_cornas.modules.php +++ b/htdocs/core/modules/supplier_order/doc/pdf_cornas.modules.php @@ -546,31 +546,30 @@ class pdf_cornas extends ModelePDFSuppliersOrders $posYAfterDescription = 0; // We start with Photo of product line - if (!empty($imglinesize['width']) && !empty($imglinesize['height']) && ($curY + $imglinesize['height']) > ($this->page_hauteur - ($heightforfooter + $heightforfreetext + $heightforinfotot))) { // If photo too high, we moved completely on new page - $pdf->AddPage('', '', true); - if (!empty($tplidx)) { - $pdf->useTemplate($tplidx); - } - if (empty($conf->global->MAIN_PDF_DONOTREPEAT_HEAD)) { - $this->_pagehead($pdf, $object, 0, $outputlangs); - } - $pdf->setPage($pageposbefore + 1); + if ($this->getColumnStatus('photo')) { + // We start with Photo of product line + if (isset($imglinesize['width']) && isset($imglinesize['height']) && ($curY + $imglinesize['height']) > ($this->page_hauteur - ($heightforfooter + $heightforfreetext + $heightforinfotot))) { // If photo too high, we moved completely on new page + $pdf->AddPage('', '', true); + if (!empty($tplidx)) { + $pdf->useTemplate($tplidx); + } + $pdf->setPage($pageposbefore + 1); - $curY = $tab_top_newpage; + $curY = $tab_top_newpage; - // Allows data in the first page if description is long enough to break in multiples pages - if (!empty($conf->global->MAIN_PDF_DATA_ON_FIRST_PAGE)) { - $showpricebeforepagebreak = 1; - } else { - $showpricebeforepagebreak = 0; + // Allows data in the first page if description is long enough to break in multiples pages + if (!empty($conf->global->MAIN_PDF_DATA_ON_FIRST_PAGE)) { + $showpricebeforepagebreak = 1; + } else { + $showpricebeforepagebreak = 0; + } } - } - if (!empty($imglinesize['width']) && !empty($imglinesize['height'])) { - $curX = $this->posxpicture - 1; - $pdf->Image($realpatharray[$i], $curX + (($this->posxtva - $this->posxpicture - $imglinesize['width']) / 2), $curY, $imglinesize['width'], $imglinesize['height'], '', '', '', 2, 300); // Use 300 dpi - // $pdf->Image does not increase value return by getY, so we save it manually - $posYAfterImage = $curY + $imglinesize['height']; + if (!empty($this->cols['photo']) && isset($imglinesize['width']) && isset($imglinesize['height'])) { + $pdf->Image($realpatharray[$i], $this->getColumnContentXStart('photo'), $curY, $imglinesize['width'], $imglinesize['height'], '', '', '', 2, 300); // Use 300 dpi + // $pdf->Image does not increase value return by getY, so we save it manually + $posYAfterImage = $curY + $imglinesize['height']; + } } // Description of product line $curX = $this->posxdesc - 1; From 9cf5bccf43620e1a74027d16e40fc4ed3dde00a9 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 28 Feb 2022 18:13:29 +0100 Subject: [PATCH 08/72] FIX options should not exists on invoices --- htdocs/compta/facture/card-rec.php | 4 ++-- htdocs/compta/facture/card.php | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php index b15599cc931..a41de0ce755 100644 --- a/htdocs/compta/facture/card-rec.php +++ b/htdocs/compta/facture/card-rec.php @@ -765,8 +765,8 @@ if (empty($reshook)) { // Define special_code for special lines $special_code = GETPOST('special_code', 'int'); - if (!GETPOST('qty', 'alpha')) { - $special_code = 3; + if ($special_code == 3) { + $special_code = 0; // Options should not exists on invoices } /*$line = new FactureLigne($db); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 4230a22daaf..cedb7cdc0de 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -2371,9 +2371,9 @@ if (empty($reshook)) { } // Define special_code for special lines - $special_code = GETPOST('special_code'); - if (!GETPOST('qty')) { - $special_code = 3; + $special_code = GETPOST('special_code', 'int'); + if ($special_code == 3) { + $special_code = 0; // Options should not exists on invoices } $line = new FactureLigne($db); From 5eef80750abc217576cfd670717f724a14ba1e50 Mon Sep 17 00:00:00 2001 From: atm-greg Date: Mon, 28 Feb 2022 18:37:47 +0100 Subject: [PATCH 09/72] fiw visibility can be an expression and can return 0 --- htdocs/core/tpl/extrafields_list_array_fields.tpl.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/core/tpl/extrafields_list_array_fields.tpl.php b/htdocs/core/tpl/extrafields_list_array_fields.tpl.php index f7c9fc201f4..ac6d139033c 100644 --- a/htdocs/core/tpl/extrafields_list_array_fields.tpl.php +++ b/htdocs/core/tpl/extrafields_list_array_fields.tpl.php @@ -18,13 +18,12 @@ if (!empty($extrafieldsobjectkey)) { // $extrafieldsobject is the $object->table if (empty($extrafieldsobjectprefix)) { $extrafieldsobjectprefix = 'ef.'; } - foreach ($extrafields->attributes[$extrafieldsobjectkey]['label'] as $key => $val) { if (!empty($extrafields->attributes[$extrafieldsobjectkey]['list'][$key])) { $arrayfields[$extrafieldsobjectprefix.$key] = array( 'label' => $extrafields->attributes[$extrafieldsobjectkey]['label'][$key], 'type' => $extrafields->attributes[$extrafieldsobjectkey]['type'][$key], - 'checked' => (($extrafields->attributes[$extrafieldsobjectkey]['list'][$key] < 0) ? 0 : 1), + 'checked' => ((dol_eval($extrafields->attributes[$extrafieldsobjectkey]['list'][$key],1) <= 0) ? 0 : 1), 'position' => $extrafields->attributes[$extrafieldsobjectkey]['pos'][$key], 'enabled' => (abs((int) $extrafields->attributes[$extrafieldsobjectkey]['list'][$key]) != 3 && $extrafields->attributes[$extrafieldsobjectkey]['perms'][$key]), 'langfile' => $extrafields->attributes[$extrafieldsobjectkey]['langfile'][$key], From bc8ea7571b12dcea5132899571ccccc2f728d897 Mon Sep 17 00:00:00 2001 From: atm-greg Date: Mon, 28 Feb 2022 18:38:37 +0100 Subject: [PATCH 10/72] perms can be an expression and must be evaluated --- htdocs/core/tpl/extrafields_list_array_fields.tpl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/tpl/extrafields_list_array_fields.tpl.php b/htdocs/core/tpl/extrafields_list_array_fields.tpl.php index ac6d139033c..b633642a129 100644 --- a/htdocs/core/tpl/extrafields_list_array_fields.tpl.php +++ b/htdocs/core/tpl/extrafields_list_array_fields.tpl.php @@ -25,7 +25,7 @@ if (!empty($extrafieldsobjectkey)) { // $extrafieldsobject is the $object->table 'type' => $extrafields->attributes[$extrafieldsobjectkey]['type'][$key], 'checked' => ((dol_eval($extrafields->attributes[$extrafieldsobjectkey]['list'][$key],1) <= 0) ? 0 : 1), 'position' => $extrafields->attributes[$extrafieldsobjectkey]['pos'][$key], - 'enabled' => (abs((int) $extrafields->attributes[$extrafieldsobjectkey]['list'][$key]) != 3 && $extrafields->attributes[$extrafieldsobjectkey]['perms'][$key]), + 'enabled' => (abs((int) $extrafields->attributes[$extrafieldsobjectkey]['list'][$key]) != 3 && dol_eval($extrafields->attributes[$extrafieldsobjectkey]['perms'][$key],1)), 'langfile' => $extrafields->attributes[$extrafieldsobjectkey]['langfile'][$key], 'help' => $extrafields->attributes[$extrafieldsobjectkey]['help'][$key], ); From c2047f1f5d4f4ca6c2daaba50fa37dd82d4e513c Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Mon, 28 Feb 2022 17:46:20 +0000 Subject: [PATCH 11/72] Fixing style errors. --- htdocs/core/tpl/extrafields_list_array_fields.tpl.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/tpl/extrafields_list_array_fields.tpl.php b/htdocs/core/tpl/extrafields_list_array_fields.tpl.php index b633642a129..36eeee89627 100644 --- a/htdocs/core/tpl/extrafields_list_array_fields.tpl.php +++ b/htdocs/core/tpl/extrafields_list_array_fields.tpl.php @@ -23,9 +23,9 @@ if (!empty($extrafieldsobjectkey)) { // $extrafieldsobject is the $object->table $arrayfields[$extrafieldsobjectprefix.$key] = array( 'label' => $extrafields->attributes[$extrafieldsobjectkey]['label'][$key], 'type' => $extrafields->attributes[$extrafieldsobjectkey]['type'][$key], - 'checked' => ((dol_eval($extrafields->attributes[$extrafieldsobjectkey]['list'][$key],1) <= 0) ? 0 : 1), + 'checked' => ((dol_eval($extrafields->attributes[$extrafieldsobjectkey]['list'][$key], 1) <= 0) ? 0 : 1), 'position' => $extrafields->attributes[$extrafieldsobjectkey]['pos'][$key], - 'enabled' => (abs((int) $extrafields->attributes[$extrafieldsobjectkey]['list'][$key]) != 3 && dol_eval($extrafields->attributes[$extrafieldsobjectkey]['perms'][$key],1)), + 'enabled' => (abs((int) $extrafields->attributes[$extrafieldsobjectkey]['list'][$key]) != 3 && dol_eval($extrafields->attributes[$extrafieldsobjectkey]['perms'][$key], 1)), 'langfile' => $extrafields->attributes[$extrafieldsobjectkey]['langfile'][$key], 'help' => $extrafields->attributes[$extrafieldsobjectkey]['help'][$key], ); From ca236c556a63a77d0f97c5af69f956ce885671ce Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 28 Feb 2022 19:45:53 +0100 Subject: [PATCH 12/72] FIX Blocking situation when a payment was deleted in bank. FIX Missing or bad permissions --- htdocs/compta/facture/card.php | 4 +- htdocs/compta/paiement.php | 12 +++- htdocs/compta/paiement/card.php | 67 ++++++++++++++++++- .../compta/paiement/class/paiement.class.php | 2 + htdocs/langs/en_US/banks.lang | 1 + htdocs/societe/class/societe.class.php | 32 ++++----- 6 files changed, 97 insertions(+), 21 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index f2b26c73242..1d57f9c13d4 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -734,7 +734,7 @@ if (empty($reshook)) { } if (!$error) { - // On verifie si la facture a des paiements + // We check if invoice has payments $sql = 'SELECT pf.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf'; $sql .= ' WHERE pf.fk_facture = '.((int) $object->id); @@ -984,7 +984,7 @@ if (empty($reshook)) { $db->rollback(); } } - } elseif ($action == 'confirm_delete_paiement' && $confirm == 'yes' && $usercancreate) { + } elseif ($action == 'confirm_delete_paiement' && $confirm == 'yes' && $usercanissuepayment) { // Delete payment $object->fetch($id); if ($object->statut == Facture::STATUS_VALIDATED && $object->paye == 0) { diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php index 635727233d3..96d482b33ae 100644 --- a/htdocs/compta/paiement.php +++ b/htdocs/compta/paiement.php @@ -75,6 +75,12 @@ $hookmanager->initHooks(array('paiementcard', 'globalcard')); $formquestion = array(); +$usercanissuepayment = !empty($user->rights->facture->paiement); + +$fieldid = 'rowid'; +$isdraft = (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0); +$result = restrictedArea($user, 'facture', $object->id, '', '', 'fk_soc', $fieldid, $isdraft); + /* * Actions @@ -87,7 +93,7 @@ if ($reshook < 0) { } if (empty($reshook)) { - if ($action == 'add_paiement' || ($action == 'confirm_paiement' && $confirm == 'yes')) { + if (($action == 'add_paiement' || ($action == 'confirm_paiement' && $confirm == 'yes')) && $usercanissuepayment) { $error = 0; $datepaye = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); @@ -202,7 +208,7 @@ if (empty($reshook)) { /* * Action confirm_paiement */ - if ($action == 'confirm_paiement' && $confirm == 'yes') { + if ($action == 'confirm_paiement' && $confirm == 'yes' && $usercanissuepayment) { $error = 0; $datepaye = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); @@ -486,7 +492,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie print ''.$langs->trans('AccountToDebit').''; } print ''; - $form->select_comptes($accountid, 'accountid', 0, '', 2); + print $form->select_comptes($accountid, 'accountid', 0, '', 2, '', 0, '', 1); print ''; } else { print ' '; diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index 93fdd415513..8ff229f7ba7 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -64,6 +64,8 @@ if ($socid && $socid != $object->thirdparty->id) { accessforbidden(); } +$error = 0; + /* * Actions @@ -191,6 +193,39 @@ if ($action == 'setdatep' && !empty($_POST['datepday'])) { setEventMessages($langs->trans('PaymentDateUpdateFailed'), null, 'errors'); } } +if ($action == 'createbankpayment' && !empty($user->rights->facture->paiement)) { + $db->begin(); + + // Create the record into bank for the amount of payment $object + if (!$error) { + $label = '(CustomerInvoicePayment)'; + if (GETPOST('type') == Facture::TYPE_CREDIT_NOTE) { + $label = '(CustomerInvoicePaymentBack)'; // Refund of a credit note + } + + $bankaccountid = GETPOST('accountid', 'int'); + if ($bankaccountid > 0) { + $object->paiementcode = $object->type_code; + $object->amounts = $object->getAmountsArray(); + + $result = $object->addPaymentToBank($user, 'payment', $label, $bankaccountid, '', ''); + if ($result < 0) { + setEventMessages($object->error, $object->errors, 'errors'); + $error++; + } + } else { + setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("BankAccount")), null, 'errors'); + $error++; + } + } + + + if (!$error) { + $db->commit(); + } else { + $db->rollback(); + } +} /* @@ -315,7 +350,37 @@ if (!empty($conf->banque->enabled)) { print $bankline->getNomUrl(1, 0, 'showconciliatedandaccounted'); } else { $langs->load("admin"); - print ''.$langs->trans("NoRecordFoundIBankcAccount", $langs->transnoentitiesnoconv("Module85Name")).''; + print ''; + print $langs->trans("NoRecordFoundIBankcAccount", $langs->transnoentitiesnoconv("Module85Name")); + print ''; + if (!empty($user->rights->facture->paiement)) { + // Try to guess $bankaccountidofinvoices that is ID of bank account defined on invoice. + // Return null if not found, return 0 if it has different value for at least 2 invoices, return the value if same on all invoices where a bank is defined. + $amountofpayments = $object->getAmountsArray(); + $bankaccountidofinvoices = null; + foreach ($amountofpayments as $idinvoice => $amountofpayment) { + $tmpinvoice = new Facture($db); + $tmpinvoice->fetch($idinvoice); + if ($tmpinvoice->fk_account > 0 && $bankaccountidofinvoices !== 0) { + if (is_null($bankaccountidofinvoices)) { + $bankaccountidofinvoices = $tmpinvoice->fk_account; + } elseif ($bankaccountidofinvoices != $tmpinvoice->fk_account) { + $bankaccountidofinvoices = 0; + } + } + } + + print '
'; + print ''; + print ''; + print ''; + print ' '.$langs->trans("ToCreateRelatedRecordIntoBank").': '; + print $form->select_comptes($bankaccountidofinvoices, 'accountid', 0, '', 2, '', 0, '', 1); + //print ''; + print ''; + //print ''; + print '
'; + } } print ''; print ''; diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index ab68ac7f9b1..3abf38fb16e 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -951,6 +951,7 @@ class Paiement extends CommonObject * * @param string $filter Filter * @return int|array <0 if KO or array of invoice id + * @see getAmountsArray() */ public function getBillsArray($filter = '') { @@ -984,6 +985,7 @@ class Paiement extends CommonObject * Return list of amounts of payments. * * @return int|array Array of amount of payments + * @see getBillsArray() */ public function getAmountsArray() { diff --git a/htdocs/langs/en_US/banks.lang b/htdocs/langs/en_US/banks.lang index f066877f676..35ec6ac563b 100644 --- a/htdocs/langs/en_US/banks.lang +++ b/htdocs/langs/en_US/banks.lang @@ -182,3 +182,4 @@ IfYouDontReconcileDisableProperty=If you don't make the bank reconciliations on NoBankAccountDefined=No bank account defined NoRecordFoundIBankcAccount=No record found in bank account. Commonly, this occurs when a record has been deleted manually from the list of transaction in the bank account (for example during a reconciliation of the bank account). Another reason is that the payment was recorded when the module "%s" was disabled. AlreadyOneBankAccount=Already one bank account defined +ToCreateRelatedRecordIntoBank=To create missing related bank record \ No newline at end of file diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 8a5f8166106..9fb7783c345 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -41,6 +41,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/commonobject.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/commonincoterm.class.php'; require_once DOL_DOCUMENT_ROOT.'/multicurrency/class/multicurrency.class.php'; + /** * Class to manage third parties objects (customers, suppliers, prospects...) */ @@ -2573,7 +2574,7 @@ class Societe extends CommonObject $name .= ' ('.$this->name_alias.')'; } - $result = ''; $label = ''; + $result = ''; $label = ''; $label2 = ''; $linkstart = ''; $linkend = ''; if (!empty($this->logo) && class_exists('Form')) { @@ -2641,47 +2642,48 @@ class Societe extends CommonObject } $label .= '
'.implode(' ', $phonelist); } + if (!empty($this->address)) { - $label .= '
'.$langs->trans("Address").': '.dol_format_address($this, 1, ' ', $langs); // Address + country + $label2 .= '
'.$langs->trans("Address").': '.dol_format_address($this, 1, ' ', $langs); // Address + country } elseif (!empty($this->country_code)) { - $label .= '
'.$langs->trans('Country').': '.$this->country_code; + $label2 .= '
'.$langs->trans('Country').': '.$this->country_code; } if (!empty($this->tva_intra) || (!empty($conf->global->SOCIETE_SHOW_FIELD_IN_TOOLTIP) && strpos($conf->global->SOCIETE_SHOW_FIELD_IN_TOOLTIP, 'vatnumber') !== false)) { - $label .= '
'.$langs->trans('VATIntra').': '.dol_escape_htmltag($this->tva_intra); + $label2 .= '
'.$langs->trans('VATIntra').': '.dol_escape_htmltag($this->tva_intra); } if (!empty($conf->global->SOCIETE_SHOW_FIELD_IN_TOOLTIP)) { if (strpos($conf->global->SOCIETE_SHOW_FIELD_IN_TOOLTIP, 'profid1') !== false) { - $label .= '
'.$langs->trans('ProfId1'.$this->country_code).': '.$this->idprof1; + $label2 .= '
'.$langs->trans('ProfId1'.$this->country_code).': '.$this->idprof1; } if (strpos($conf->global->SOCIETE_SHOW_FIELD_IN_TOOLTIP, 'profid2') !== false) { - $label .= '
'.$langs->trans('ProfId2'.$this->country_code).': '.$this->idprof2; + $label2 .= '
'.$langs->trans('ProfId2'.$this->country_code).': '.$this->idprof2; } if (strpos($conf->global->SOCIETE_SHOW_FIELD_IN_TOOLTIP, 'profid3') !== false) { - $label .= '
'.$langs->trans('ProfId3'.$this->country_code).': '.$this->idprof3; + $label2 .= '
'.$langs->trans('ProfId3'.$this->country_code).': '.$this->idprof3; } if (strpos($conf->global->SOCIETE_SHOW_FIELD_IN_TOOLTIP, 'profid4') !== false) { - $label .= '
'.$langs->trans('ProfId4'.$this->country_code).': '.$this->idprof4; + $label2 .= '
'.$langs->trans('ProfId4'.$this->country_code).': '.$this->idprof4; } if (strpos($conf->global->SOCIETE_SHOW_FIELD_IN_TOOLTIP, 'profid5') !== false) { - $label .= '
'.$langs->trans('ProfId5'.$this->country_code).': '.$this->idprof5; + $label2 .= '
'.$langs->trans('ProfId5'.$this->country_code).': '.$this->idprof5; } if (strpos($conf->global->SOCIETE_SHOW_FIELD_IN_TOOLTIP, 'profid6') !== false) { - $label .= '
'.$langs->trans('ProfId6'.$this->country_code).': '.$this->idprof6; + $label2 .= '
'.$langs->trans('ProfId6'.$this->country_code).': '.$this->idprof6; } } if (!empty($this->code_client) && ($this->client == 1 || $this->client == 3)) { - $label .= '
'.$langs->trans('CustomerCode').': '.$this->code_client; + $label2 .= '
'.$langs->trans('CustomerCode').': '.$this->code_client; } if (!empty($this->code_fournisseur) && $this->fournisseur) { - $label .= '
'.$langs->trans('SupplierCode').': '.$this->code_fournisseur; + $label2 .= '
'.$langs->trans('SupplierCode').': '.$this->code_fournisseur; } if (!empty($conf->accounting->enabled) && ($this->client == 1 || $this->client == 3)) { - $label .= '
'.$langs->trans('CustomerAccountancyCode').': '.($this->code_compta ? $this->code_compta : $this->code_compta_client); + $label2 .= '
'.$langs->trans('CustomerAccountancyCode').': '.($this->code_compta ? $this->code_compta : $this->code_compta_client); } if (!empty($conf->accounting->enabled) && $this->fournisseur) { - $label .= '
'.$langs->trans('SupplierAccountancyCode').': '.$this->code_compta_fournisseur; + $label2 .= '
'.$langs->trans('SupplierAccountancyCode').': '.$this->code_compta_fournisseur; } - $label .= ''; + $label .= ($label2 ? '
'.$label2 : '').''; // Add type of canvas $linkstart .= (!empty($this->canvas) ? '&canvas='.$this->canvas : ''); From 548cad0508be84499a31c96e1c1c83ccdee35486 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 28 Feb 2022 21:30:12 +0100 Subject: [PATCH 13/72] FIx #20110 --- htdocs/api/class/api.class.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php index 0a84de7b7c1..e4f093be87f 100644 --- a/htdocs/api/class/api.class.php +++ b/htdocs/api/class/api.class.php @@ -348,6 +348,9 @@ class DolibarrApi $operand = preg_replace('/[^a-z0-9\._]/i', '', trim($tmp[0])); $operator = strtoupper(preg_replace('/[^a-z<>=]/i', '', trim($tmp[1]))); + if ($operator == 'NOTLIKE') { + $operator = 'NOT LIKE'; + } $tmpescaped = trim($tmp[2]); $regbis = array(); From d101a457c14311f09900835890bd8f546d3eb53f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 28 Feb 2022 22:21:40 +0100 Subject: [PATCH 14/72] Trans --- htdocs/langs/en_US/stocks.lang | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index ebd67df79c9..98faab0c423 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -254,7 +254,7 @@ ReOpen=Reopen ConfirmFinish=Do you confirm the closing of the inventory ? This will generate all stock movements to update your stock to the real qty you entered into the inventory. ObjectNotFound=%s not found MakeMovementsAndClose=Generate movements and close -AutofillWithExpected=Replace real quantity with expected quantity +AutofillWithExpected=Fill real quantity with expected quantity ShowAllBatchByDefault=By default, show batch details on product "stock" tab CollapseBatchDetailHelp=You can set batch detail default display in stocks module configuration ErrorWrongBarcodemode=Unknown Barcode mode @@ -270,4 +270,5 @@ ErrorOnElementsInventory=Operation canceled for the following reason: ErrorCantFindCodeInInventory=Can't find the following code in inventory QtyWasAddedToTheScannedBarcode=Success !! The quantity was added to all the requested barcode. You can close the Scanner tool. StockChangeDisabled=Change on stock disabled -NoWarehouseDefinedForTerminal=No warehouse defined for terminal \ No newline at end of file +NoWarehouseDefinedForTerminal=No warehouse defined for terminal +ClearQtys=Clear all quantities \ No newline at end of file From 0aa7e7df886767bb9fadb3cf78cf8acf2ee4ee37 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 1 Mar 2022 00:33:24 +0100 Subject: [PATCH 15/72] Fix translation on ticket --- htdocs/takepos/receipt.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/takepos/receipt.php b/htdocs/takepos/receipt.php index 627a6c99565..b834ff64d0a 100644 --- a/htdocs/takepos/receipt.php +++ b/htdocs/takepos/receipt.php @@ -48,7 +48,7 @@ if (!isset($action)) { } include_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; -$langs->loadLangs(array("main", "cashdesk", "companies")); +$langs->loadLangs(array("main", "bills", "cashdesk", "companies")); $place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : 0); // $place is id of table for Bar or Restaurant @@ -68,7 +68,7 @@ if (empty($user->rights->takepos->run)) { top_httphead('text/html'); if ($place > 0) { - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."facture where ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")'"; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."facture where ref='(PROV-POS".$db->escape($_SESSION["takeposterminal"]."-".$place).")'"; $resql = $db->query($sql); $obj = $db->fetch_object($resql); if ($obj) { @@ -79,6 +79,7 @@ $object = new Facture($db); $object->fetch($facid); // Call to external receipt modules if exist +$parameters = array(); $hookmanager->initHooks(array('takeposfrontend'), $facid); $reshook = $hookmanager->executeHooks('TakeposReceipt', $parameters, $object); if (!empty($hookmanager->resPrint)) { From 70a18bc15adec60768e9874b93da85e52f4df47b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 1 Mar 2022 01:28:47 +0100 Subject: [PATCH 16/72] FIX creation of the shipment if order contains services --- htdocs/expedition/class/expedition.class.php | 25 ++++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index 64f0e00d6f8..eb0a5999f29 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -370,13 +370,15 @@ class Expedition extends CommonObject // Insert of lines $num = count($this->lines); for ($i = 0; $i < $num; $i++) { - if (!isset($this->lines[$i]->detail_batch)) { // no batch management - if ($this->create_line($this->lines[$i]->entrepot_id, $this->lines[$i]->origin_line_id, $this->lines[$i]->qty, $this->lines[$i]->rang, $this->lines[$i]->array_options) <= 0) { - $error++; - } - } else { // with batch management - if ($this->create_line_batch($this->lines[$i], $this->lines[$i]->array_options) <= 0) { - $error++; + if (empty($this->lines[$i]->product_type) || !empty($conf->global->STOCK_SUPPORTS_SERVICES)) { + if (!isset($this->lines[$i]->detail_batch)) { // no batch management + if ($this->create_line($this->lines[$i]->entrepot_id, $this->lines[$i]->origin_line_id, $this->lines[$i]->qty, $this->lines[$i]->rang, $this->lines[$i]->array_options) <= 0) { + $error++; + } + } else { // with batch management + if ($this->create_line_batch($this->lines[$i], $this->lines[$i]->array_options) <= 0) { + $error++; + } } } } @@ -916,6 +918,7 @@ class Expedition extends CommonObject // Copy the rang of the order line to the expedition line $line->rang = $orderline->rang; + $line->product_type = $orderline->product_type; if (!empty($conf->stock->enabled) && !empty($orderline->fk_product)) { $fk_product = $orderline->fk_product; @@ -968,6 +971,8 @@ class Expedition extends CommonObject } $this->lines[$num] = $line; + + return 1; } // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps @@ -2602,6 +2607,12 @@ class ExpeditionLigne extends CommonObjectLine */ public $product_desc; + /** + * Type of the product. 0 for product, 1 for service + * @var int + */ + public $product_type = 0; + /** * @var int rang of line */ From bd288f980d271ad8ebb9c24646d5d654e733af90 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 1 Mar 2022 14:52:47 +0100 Subject: [PATCH 17/72] FIX On large proposal or invoice, fix n(n+1) sql into a n sql. --- htdocs/comm/propal/class/propal.class.php | 16 +++++++++++----- htdocs/commande/class/commande.class.php | 15 +++++++++++---- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index fd3bbfe7171..26c01ebd044 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -552,10 +552,11 @@ class Propal extends CommonObject * @param int $origin_id Depend on global conf MAIN_CREATEFROM_KEEP_LINE_ORIGIN_INFORMATION can be Id of origin object (aka line id), else object id * @param double $pu_ht_devise Unit price in currency * @param int $fk_remise_except Id discount if line is from a discount + * @param int $noupdateafterinsertline No update after insert of line * @return int >0 if OK, <0 if KO * @see add_product() */ - public function addline($desc, $pu_ht, $qty, $txtva, $txlocaltax1 = 0.0, $txlocaltax2 = 0.0, $fk_product = 0, $remise_percent = 0.0, $price_base_type = 'HT', $pu_ttc = 0.0, $info_bits = 0, $type = 0, $rang = -1, $special_code = 0, $fk_parent_line = 0, $fk_fournprice = 0, $pa_ht = 0, $label = '', $date_start = '', $date_end = '', $array_options = 0, $fk_unit = null, $origin = '', $origin_id = 0, $pu_ht_devise = 0, $fk_remise_except = 0) + public function addline($desc, $pu_ht, $qty, $txtva, $txlocaltax1 = 0.0, $txlocaltax2 = 0.0, $fk_product = 0, $remise_percent = 0.0, $price_base_type = 'HT', $pu_ttc = 0.0, $info_bits = 0, $type = 0, $rang = -1, $special_code = 0, $fk_parent_line = 0, $fk_fournprice = 0, $pa_ht = 0, $label = '', $date_start = '', $date_end = '', $array_options = 0, $fk_unit = null, $origin = '', $origin_id = 0, $pu_ht_devise = 0, $fk_remise_except = 0, $noupdateafterinsertline = 0) { global $mysoc, $conf, $langs; @@ -744,7 +745,9 @@ class Propal extends CommonObject } // Mise a jour informations denormalisees au niveau de la propale meme - $result = $this->update_price(1, 'auto', 0, $mysoc); // This method is designed to add line from user input so total calculation must be done using 'auto' mode. + if (empty($noupdateafterinsertline)) { + $result = $this->update_price(1, 'auto', 0, $mysoc); // This method is designed to add line from user input so total calculation must be done using 'auto' mode. + } if ($result > 0) { $this->db->commit(); @@ -1007,7 +1010,7 @@ class Propal extends CommonObject */ public function create($user, $notrigger = 0) { - global $conf, $hookmanager; + global $conf, $hookmanager, $mysoc; $error = 0; $now = dol_now(); @@ -1236,7 +1239,10 @@ class Propal extends CommonObject $line->array_options, $line->fk_unit, $origintype, - $originid + $originid, + 0, + 0, + 1 ); if ($result < 0) { @@ -1265,7 +1271,7 @@ class Propal extends CommonObject if (!$error) { // Mise a jour infos denormalisees - $resql = $this->update_price(1); + $resql = $this->update_price(1, 'auto', 0, $mysoc); if ($resql) { $action = 'update'; diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 48b7e499dbb..429996ee314 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -872,7 +872,7 @@ class Commande extends CommonOrder */ public function create($user, $notrigger = 0) { - global $conf, $langs; + global $conf, $langs, $mysoc; $error = 0; // Clean parameters @@ -1039,7 +1039,8 @@ class Commande extends CommonOrder $origintype, $originid, 0, - $line->ref_ext + $line->ref_ext, + 1 ); if ($result < 0) { if ($result != self::STOCK_NOT_ENOUGH_FOR_ORDER) { @@ -1056,6 +1057,8 @@ class Commande extends CommonOrder } } + $result = $this->update_price(1, 'auto', 0, $mysoc); // This method is designed to add line from user input so total calculation must be done using 'auto' mode. + // update ref $initialref = '(PROV'.$this->id.')'; if (!empty($this->ref)) { @@ -1433,6 +1436,7 @@ class Commande extends CommonOrder * @param int $origin_id Depend on global conf MAIN_CREATEFROM_KEEP_LINE_ORIGIN_INFORMATION can be Id of origin object (aka line id), else object id * @param double $pu_ht_devise Unit price in currency * @param string $ref_ext line external reference + * @param int $noupdateafterinsertline No update after insert of line * @return int >0 if OK, <0 if KO * * @see add_product() @@ -1442,7 +1446,7 @@ class Commande extends CommonOrder * par l'appelant par la methode get_default_tva(societe_vendeuse,societe_acheteuse,produit) * et le desc doit deja avoir la bonne valeur (a l'appelant de gerer le multilangue) */ - public function addline($desc, $pu_ht, $qty, $txtva, $txlocaltax1 = 0, $txlocaltax2 = 0, $fk_product = 0, $remise_percent = 0, $info_bits = 0, $fk_remise_except = 0, $price_base_type = 'HT', $pu_ttc = 0, $date_start = '', $date_end = '', $type = 0, $rang = -1, $special_code = 0, $fk_parent_line = 0, $fk_fournprice = null, $pa_ht = 0, $label = '', $array_options = 0, $fk_unit = null, $origin = '', $origin_id = 0, $pu_ht_devise = 0, $ref_ext = '') + public function addline($desc, $pu_ht, $qty, $txtva, $txlocaltax1 = 0, $txlocaltax2 = 0, $fk_product = 0, $remise_percent = 0, $info_bits = 0, $fk_remise_except = 0, $price_base_type = 'HT', $pu_ttc = 0, $date_start = '', $date_end = '', $type = 0, $rang = -1, $special_code = 0, $fk_parent_line = 0, $fk_fournprice = null, $pa_ht = 0, $label = '', $array_options = 0, $fk_unit = null, $origin = '', $origin_id = 0, $pu_ht_devise = 0, $ref_ext = '', $noupdateafterinsertline = 0) { global $mysoc, $conf, $langs, $user; @@ -1653,7 +1657,10 @@ class Commande extends CommonOrder } // Mise a jour informations denormalisees au niveau de la commande meme - $result = $this->update_price(1, 'auto', 0, $mysoc); // This method is designed to add line from user input so total calculation must be done using 'auto' mode. + if (empty($noupdateafterinsertline)) { + $result = $this->update_price(1, 'auto', 0, $mysoc); // This method is designed to add line from user input so total calculation must be done using 'auto' mode. + } + if ($result > 0) { $this->db->commit(); return $this->line->id; From d76e002822b6f34628a11ed41f26db8e4f644671 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 1 Mar 2022 15:17:03 +0100 Subject: [PATCH 18/72] Fix explanation on setup page --- htdocs/admin/receiptprinter.php | 21 +++++++++------------ htdocs/langs/en_US/receiptprinter.lang | 2 +- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/htdocs/admin/receiptprinter.php b/htdocs/admin/receiptprinter.php index a2758304527..cb625dbe039 100644 --- a/htdocs/admin/receiptprinter.php +++ b/htdocs/admin/receiptprinter.php @@ -304,7 +304,15 @@ if ($mode == 'config' && $user->admin) { print ''; print ''.$langs->trans("Name").''; print ''.$langs->trans("Type").''; - print ''.$langs->trans("Profile").''; + print ''; + $htmltext = $langs->trans("PROFILE_DEFAULT").' = '.$langs->trans("PROFILE_DEFAULT_HELP").'
'; + $htmltext .= $langs->trans("PROFILE_SIMPLE").' = '.$langs->trans("PROFILE_SIMPLE_HELP").'
'; + $htmltext .= $langs->trans("PROFILE_EPOSTEP").' = '.$langs->trans("PROFILE_EPOSTEP_HELP").'
'; + $htmltext .= $langs->trans("PROFILE_P822D").' = '.$langs->trans("PROFILE_P822D_HELP").'
'; + $htmltext .= $langs->trans("PROFILE_STAR").' = '.$langs->trans("PROFILE_STAR_HELP").'
'; + + print $form->textwithpicto($langs->trans("Profile"), $htmltext); + print ''; print ''.$langs->trans("Parameters").''; print ''; print "\n"; @@ -386,17 +394,6 @@ if ($mode == 'config' && $user->admin) { print ''; print '
'; - - - print load_fiche_titre($langs->trans("ReceiptPrinterProfileDesc"), '', '')."\n"; - - print ''."\n"; - print ''; - print ''; - print ''; - print ''; - print ''; - print '
'.$langs->trans("PROFILE_DEFAULT").':'.$langs->trans("PROFILE_DEFAULT_HELP").'
'.$langs->trans("PROFILE_SIMPLE").':'.$langs->trans("PROFILE_SIMPLE_HELP").'
'.$langs->trans("PROFILE_EPOSTEP").':'.$langs->trans("PROFILE_EPOSTEP_HELP").'
'.$langs->trans("PROFILE_P822D").':'.$langs->trans("PROFILE_P822D_HELP").'
'.$langs->trans("PROFILE_STAR").':'.$langs->trans("PROFILE_STAR_HELP").'
'; } // mode = template diff --git a/htdocs/langs/en_US/receiptprinter.lang b/htdocs/langs/en_US/receiptprinter.lang index 284c4fa61fa..eb115682726 100644 --- a/htdocs/langs/en_US/receiptprinter.lang +++ b/htdocs/langs/en_US/receiptprinter.lang @@ -7,7 +7,7 @@ TestSentToPrinter=Test Sent To Printer %s ReceiptPrinter=Receipt printers ReceiptPrinterDesc=Setup of receipt printers ReceiptPrinterTemplateDesc=Setup of Templates -ReceiptPrinterTypeDesc=Description of Receipt Printer's type +ReceiptPrinterTypeDesc=Example of possible values for the field "Parameters" according to the type of driver ReceiptPrinterProfileDesc=Description of Receipt Printer's Profile ListPrinters=List of Printers SetupReceiptTemplate=Template Setup From 035bc32323077cb6f1b461aa1b80d07012c31208 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9=20Courtier?= Date: Tue, 1 Mar 2022 16:14:31 +0100 Subject: [PATCH 19/72] Correction of the modification on the fly of the table llx_product_fournisseur_price by an addition in the script creation of the table as well as in the script of version upgrade from 12 ->13 --- htdocs/install/mysql/migration/11.0.0-12.0.0.sql | 2 ++ .../mysql/tables/llx_product_fournisseur_price.sql | 2 +- htdocs/product/admin/product.php | 8 ++++---- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/htdocs/install/mysql/migration/11.0.0-12.0.0.sql b/htdocs/install/mysql/migration/11.0.0-12.0.0.sql index 02eb3c77d4d..a58f175e2fc 100644 --- a/htdocs/install/mysql/migration/11.0.0-12.0.0.sql +++ b/htdocs/install/mysql/migration/11.0.0-12.0.0.sql @@ -43,6 +43,8 @@ create table llx_commande_fournisseur_dispatch_extrafields ALTER TABLE llx_commande_fournisseur_dispatch_extrafields ADD INDEX idx_commande_fournisseur_dispatch_extrafields (fk_object); +ALTER TABLE llx_product_fournisseur_price ADD COLUMN packaging double(24,8) DEFAULT 1; + UPDATE llx_accounting_system SET fk_country = NULL, active = 0 WHERE pcg_version = 'SYSCOHADA'; create table llx_c_shipment_package_type diff --git a/htdocs/install/mysql/tables/llx_product_fournisseur_price.sql b/htdocs/install/mysql/tables/llx_product_fournisseur_price.sql index 7e61a2df6b1..faccd8d2002 100644 --- a/htdocs/install/mysql/tables/llx_product_fournisseur_price.sql +++ b/htdocs/install/mysql/tables/llx_product_fournisseur_price.sql @@ -50,7 +50,7 @@ create table llx_product_fournisseur_price import_key varchar(14), -- Import key delivery_time_days integer, supplier_reputation varchar(10), - + packaging double(24,8) DEFAULT 1, fk_multicurrency integer, multicurrency_code varchar(255), multicurrency_tx double(24,8) DEFAULT 1, diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php index 4ef011b28fc..239dba36a7a 100644 --- a/htdocs/product/admin/product.php +++ b/htdocs/product/admin/product.php @@ -150,7 +150,7 @@ if ($action == 'other') if ($value) { $sql_test = "SELECT count(desc_fourn) as cpt FROM ".MAIN_DB_PREFIX."product_fournisseur_price WHERE 1"; $resql = $db->query($sql_test); - if (!$resql && $db->lasterrno == 'DB_ERROR_NOSUCHFIELD') // if the field does not exist, we create it + if (!$resql && $db->lasterrno() == 'DB_ERROR_NOSUCHFIELD') // if the field does not exist, we create it { $sql_new = "ALTER TABLE ".MAIN_DB_PREFIX."product_fournisseur_price ADD COLUMN desc_fourn text"; $resql_new = $db->query($sql_new); @@ -162,10 +162,10 @@ if ($action == 'other') if ($value) { $sql_test = "SELECT count(packaging) as cpt FROM ".MAIN_DB_PREFIX."product_fournisseur_price WHERE 1"; $resql = $db->query($sql_test); - if (!$resql && $db->lasterrno == 'DB_ERROR_NOSUCHFIELD') // if the field does not exist, we create it + + if ($resql) // if the field does not exist, we create it { - $sql_new = "ALTER TABLE ".MAIN_DB_PREFIX."product_fournisseur_price ADD COLUMN packaging double(24,8) DEFAULT 1"; - $resql_new = $db->query($sql_new); + dol_syslog( $db->lasterrno(),LOG_ERR); } } } From f1af7ca2f226e5a0e33f20b52d66db784bb9552c Mon Sep 17 00:00:00 2001 From: noec764 <58433943+noec764@users.noreply.github.com> Date: Tue, 1 Mar 2022 16:17:32 +0100 Subject: [PATCH 20/72] Update product.php --- htdocs/product/admin/product.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php index 239dba36a7a..7c4172f7977 100644 --- a/htdocs/product/admin/product.php +++ b/htdocs/product/admin/product.php @@ -163,7 +163,7 @@ if ($action == 'other') $sql_test = "SELECT count(packaging) as cpt FROM ".MAIN_DB_PREFIX."product_fournisseur_price WHERE 1"; $resql = $db->query($sql_test); - if ($resql) // if the field does not exist, we create it + if ($resql < 0) { dol_syslog( $db->lasterrno(),LOG_ERR); } From 5c3b0847c23711678847a7c6373d26d498d7c75c Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Tue, 1 Mar 2022 15:20:28 +0000 Subject: [PATCH 21/72] Fixing style errors. --- htdocs/product/admin/product.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php index 7c4172f7977..222e9ffc41f 100644 --- a/htdocs/product/admin/product.php +++ b/htdocs/product/admin/product.php @@ -165,7 +165,7 @@ if ($action == 'other') if ($resql < 0) { - dol_syslog( $db->lasterrno(),LOG_ERR); + dol_syslog($db->lasterrno(), LOG_ERR); } } } From 2a48dd349e7de0d4a38e448b0d2ecbe25e968075 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 1 Mar 2022 16:38:06 +0100 Subject: [PATCH 22/72] Fix #hunterb03d4415-d4f9-48c8-9ae2-d3aa248027b5 --- htdocs/admin/emailcollector_list.php | 4 +-- htdocs/admin/mails_templates.php | 2 +- htdocs/admin/menus/edit.php | 6 ++--- htdocs/bom/bom_list.php | 2 +- .../compta/cashcontrol/cashcontrol_list.php | 4 +-- htdocs/compta/facture/list.php | 4 +-- htdocs/compta/resultat/result.php | 8 +++--- htdocs/core/boxes/box_scheduled_jobs.php | 2 +- htdocs/core/class/commonobject.class.php | 18 ++++++------- htdocs/core/class/extrafields.class.php | 14 +++++----- htdocs/core/class/html.form.class.php | 2 +- htdocs/core/class/html.formother.class.php | 8 +++--- htdocs/core/class/menu.class.php | 2 +- htdocs/core/class/translate.class.php | 4 +-- htdocs/core/customreports.php | 10 +++---- htdocs/core/lib/functions.lib.php | 26 +++++++++++++------ .../core/tpl/admin_extrafields_view.tpl.php | 2 +- .../tpl/extrafields_list_array_fields.tpl.php | 4 +-- .../tpl/extrafields_list_print_fields.tpl.php | 2 +- .../conferenceorbooth_list.php | 4 +-- .../conferenceorboothattendee_list.php | 4 +-- htdocs/hrm/evaluation_list.php | 4 +-- htdocs/hrm/job_list.php | 4 +-- htdocs/hrm/position.php | 4 +-- htdocs/hrm/position_list.php | 4 +-- htdocs/hrm/skill_card.php | 4 +-- htdocs/hrm/skill_list.php | 4 +-- .../knowledgerecord_list.php | 4 +-- htdocs/mrp/mo_list.php | 4 +-- htdocs/partnership/partnership_list.php | 4 +-- htdocs/product/inventory/list.php | 4 +-- htdocs/product/list.php | 4 +-- htdocs/product/stock/list.php | 4 +-- htdocs/product/stock/productlot_list.php | 4 +-- htdocs/projet/class/task.class.php | 1 + htdocs/projet/list.php | 4 +-- .../recruitmentcandidature_list.php | 4 +-- .../recruitmentjobposition_list.php | 4 +-- htdocs/salaries/list.php | 4 +-- htdocs/salaries/payments.php | 4 +-- htdocs/ticket/list.php | 4 +-- htdocs/workstation/workstation_list.php | 6 ++--- test/phpunit/SecurityTest.php | 24 +++++++++++++++-- 43 files changed, 135 insertions(+), 104 deletions(-) diff --git a/htdocs/admin/emailcollector_list.php b/htdocs/admin/emailcollector_list.php index af137a1ecdb..9e93dd78b86 100644 --- a/htdocs/admin/emailcollector_list.php +++ b/htdocs/admin/emailcollector_list.php @@ -109,11 +109,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = dol_eval($val['visible'], 1); + $visible = dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'] ); } diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index fb3a1ccf702..803f3b74536 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -1034,7 +1034,7 @@ if ($resql) { continue; // It means this is a type of template not into elementList (may be because enabled condition of this type is false because module is not enabled) } // Test on 'enabled' - if (!dol_eval($obj->enabled, 1)) { + if (!dol_eval($obj->enabled, 1, 1, '1')) { $i++; continue; // Email template not qualified } diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 02c46d8ca35..a9e2fe9287f 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -464,7 +464,7 @@ if ($action == 'create') { } print ''; print ''.$langs->trans('DetailMenuIdParent'); - print ', '.$langs->trans("Example").': fk_mainmenu=abc&fk_leftmenu=def'; + print ', '.$langs->trans("Example").': fk_mainmenu=abc&fk_leftmenu=def'; print ''; // Niveau @@ -496,7 +496,7 @@ if ($action == 'create') { print ''.$langs->trans('Enabled').''; print ''.$langs->trans('DetailEnabled'); if (!empty($menu->enabled)) { - print ' ('.$langs->trans("ConditionIsCurrently").': '.yn(dol_eval($menu->enabled, 1)).')'; + print ' ('.$langs->trans("ConditionIsCurrently").': '.yn(dol_eval($menu->enabled, 1, 1, '1')).')'; } print ''; @@ -504,7 +504,7 @@ if ($action == 'create') { print ''.$langs->trans('Rights').''; print ''.$langs->trans('DetailRight'); if (!empty($menu->perms)) { - print ' ('.$langs->trans("ConditionIsCurrently").': '.yn(dol_eval($menu->perms, 1)).')'; + print ' ('.$langs->trans("ConditionIsCurrently").': '.yn(dol_eval($menu->perms, 1, 1, '1')).')'; } print ''; diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php index 3cc0dc1753a..48798db9b8f 100644 --- a/htdocs/bom/bom_list.php +++ b/htdocs/bom/bom_list.php @@ -106,7 +106,7 @@ foreach ($object->fields as $key => $val) { $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php index 89781fcb211..7822819c06a 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_list.php +++ b/htdocs/compta/cashcontrol/cashcontrol_list.php @@ -104,11 +104,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 0e3acc45d25..35318174999 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -261,14 +261,14 @@ if (getDolGlobalString("INVOICE_USE_SITUATION") && $conf->global->INVOICE_USE_RE foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $newkey = ''; if (array_key_exists($key, $arrayfields)) { $newkey = $key; } elseif (array_key_exists('t.'.$key, $arrayfields)) { $newkey = 't.'.$key; } elseif (array_key_exists('f.'.$key, $arrayfields)) { $newkey = 'f.'.$key; } elseif (array_key_exists('s.'.$key, $arrayfields)) { $newkey = 's.'.$key; } if ($newkey) { $arrayfields[$newkey] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help' => empty($val['help']) ? '' : $val['help'], ); diff --git a/htdocs/compta/resultat/result.php b/htdocs/compta/resultat/result.php index 635531ab86b..c296d4037e5 100644 --- a/htdocs/compta/resultat/result.php +++ b/htdocs/compta/resultat/result.php @@ -334,7 +334,7 @@ if ($modecompta == 'CREANCES-DETTES') { //var_dump($result); //$r = $AccCat->calculate($result); - $r = dol_eval($result, 1); + $r = dol_eval($result, 1, 1, '1'); //var_dump($r); print ''.price($r).''; @@ -353,7 +353,7 @@ if ($modecompta == 'CREANCES-DETTES') { $result = strtr($formula, $vars); //$r = $AccCat->calculate($result); - $r = dol_eval($result, 1); + $r = dol_eval($result, 1, 1, 1); print ''.price($r).''; $sommes[$code]['N'] += $r; @@ -367,7 +367,7 @@ if ($modecompta == 'CREANCES-DETTES') { $result = strtr($formula, $vars); //$r = $AccCat->calculate($result); - $r = dol_eval($result, 1); + $r = dol_eval($result, 1, 1, 1); print ''.price($r).''; $sommes[$code]['M'][$k] += $r; @@ -381,7 +381,7 @@ if ($modecompta == 'CREANCES-DETTES') { $result = strtr($formula, $vars); //$r = $AccCat->calculate($result); - $r = dol_eval($result, 1); + $r = dol_eval($result, 1, 1, 1); print ''.price($r).''; $sommes[$code]['M'][$k] += $r; diff --git a/htdocs/core/boxes/box_scheduled_jobs.php b/htdocs/core/boxes/box_scheduled_jobs.php index 94695034cce..f2195659654 100644 --- a/htdocs/core/boxes/box_scheduled_jobs.php +++ b/htdocs/core/boxes/box_scheduled_jobs.php @@ -102,7 +102,7 @@ class box_scheduled_jobs extends ModeleBoxes while ($i < $num) { $objp = $this->db->fetch_object($result); - if (dol_eval($objp->test, 1, 1)) { + if (dol_eval($objp->test, 1, 1, '')) { $nextrun = $this->db->jdate($objp->datenextrun); if (empty($nextrun)) { $nextrun = $this->db->jdate($objp->datestart); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 4b3d6fca2d3..179f1255306 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -5675,12 +5675,12 @@ abstract class CommonObject $enabled = 1; if (isset($this->fields[$key]['enabled'])) { - $enabled = dol_eval($this->fields[$key]['enabled'], 1); + $enabled = dol_eval($this->fields[$key]['enabled'], 1, 1, '1'); } /*$perms = 1; if (isset($this->fields[$key]['perms'])) { - $perms = dol_eval($this->fields[$key]['perms'], 1); + $perms = dol_eval($this->fields[$key]['perms'], 1, 1, '1'); }*/ if (empty($enabled)) { continue; @@ -5836,7 +5836,7 @@ abstract class CommonObject if (!empty($extrafields) && !empty($extrafields->attributes[$this->table_element]['computed'][$key])) { //var_dump($conf->disable_compute); if (empty($conf->disable_compute)) { - $this->array_options["options_".$key] = dol_eval($extrafields->attributes[$this->table_element]['computed'][$key], 1, 0); + $this->array_options["options_".$key] = dol_eval($extrafields->attributes[$this->table_element]['computed'][$key], 1, 0, ''); } } } @@ -5967,7 +5967,7 @@ abstract class CommonObject if (!empty($attrfieldcomputed)) { if (!empty($conf->global->MAIN_STORE_COMPUTED_EXTRAFIELDS)) { - $value = dol_eval($attrfieldcomputed, 1, 0); + $value = dol_eval($attrfieldcomputed, 1, 0, ''); dol_syslog($langs->trans("Extrafieldcomputed")." sur ".$attributeLabel."(".$value.")", LOG_DEBUG); $new_array_options[$key] = $value; } else { @@ -6334,7 +6334,7 @@ abstract class CommonObject if (!empty($attrfieldcomputed)) { if (!empty($conf->global->MAIN_STORE_COMPUTED_EXTRAFIELDS)) { - $value = dol_eval($attrfieldcomputed, 1, 0); + $value = dol_eval($attrfieldcomputed, 1, 0, ''); dol_syslog($langs->trans("Extrafieldcomputed")." sur ".$attributeLabel."(".$value.")", LOG_DEBUG); $this->array_options["options_".$key] = $value; } else { @@ -7188,7 +7188,7 @@ abstract class CommonObject if ($computed) { // Make the eval of compute string //var_dump($computed); - $value = dol_eval($computed, 1, 0); + $value = dol_eval($computed, 1, 0, ''); } if (empty($morecss)) { @@ -7713,7 +7713,7 @@ abstract class CommonObject // Test on 'enabled' ('enabled' is different than 'list' = 'visibility') $enabled = 1; if ($enabled && isset($extrafields->attributes[$this->table_element]['enabled'][$key])) { - $enabled = dol_eval($extrafields->attributes[$this->table_element]['enabled'][$key], 1); + $enabled = dol_eval($extrafields->attributes[$this->table_element]['enabled'][$key], 1, 1, '1'); } if (empty($enabled)) { continue; @@ -7721,12 +7721,12 @@ abstract class CommonObject $visibility = 1; if ($visibility && isset($extrafields->attributes[$this->table_element]['list'][$key])) { - $visibility = dol_eval($extrafields->attributes[$this->table_element]['list'][$key], 1); + $visibility = dol_eval($extrafields->attributes[$this->table_element]['list'][$key], 1, 1, '1'); } $perms = 1; if ($perms && isset($extrafields->attributes[$this->table_element]['perms'][$key])) { - $perms = dol_eval($extrafields->attributes[$this->table_element]['perms'][$key], 1); + $perms = dol_eval($extrafields->attributes[$this->table_element]['perms'][$key], 1, 1, '1'); } if (($mode == 'create') && abs($visibility) != 1 && abs($visibility) != 3) { diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 2b827d06f36..ff45a028d51 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -915,9 +915,9 @@ class ExtraFields $unique = $this->attributes[$extrafieldsobjectkey]['unique'][$key]; $required = $this->attributes[$extrafieldsobjectkey]['required'][$key]; $param = $this->attributes[$extrafieldsobjectkey]['param'][$key]; - $perms = dol_eval($this->attributes[$extrafieldsobjectkey]['perms'][$key], 1); + $perms = dol_eval($this->attributes[$extrafieldsobjectkey]['perms'][$key], 1, 1, '1'); $langfile = $this->attributes[$extrafieldsobjectkey]['langfile'][$key]; - $list = dol_eval($this->attributes[$extrafieldsobjectkey]['list'][$key], 1); + $list = dol_eval($this->attributes[$extrafieldsobjectkey]['list'][$key], 1, 1, '1'); $totalizable = $this->attributes[$extrafieldsobjectkey]['totalizable'][$key]; $help = $this->attributes[$extrafieldsobjectkey]['help'][$key]; $hidden = (empty($list) ? 1 : 0); // If empty, we are sure it is hidden, otherwise we show. If it depends on mode (view/create/edit form or list, this must be filtered by caller) @@ -1505,9 +1505,9 @@ class ExtraFields $unique = $this->attributes[$extrafieldsobjectkey]['unique'][$key]; $required = $this->attributes[$extrafieldsobjectkey]['required'][$key]; $param = $this->attributes[$extrafieldsobjectkey]['param'][$key]; - $perms = dol_eval($this->attributes[$extrafieldsobjectkey]['perms'][$key], 1); + $perms = dol_eval($this->attributes[$extrafieldsobjectkey]['perms'][$key], 1, 1, '1'); $langfile = $this->attributes[$extrafieldsobjectkey]['langfile'][$key]; - $list = dol_eval($this->attributes[$extrafieldsobjectkey]['list'][$key], 1); + $list = dol_eval($this->attributes[$extrafieldsobjectkey]['list'][$key], 1, 1, '1'); $help = $this->attributes[$extrafieldsobjectkey]['help'][$key]; $hidden = (empty($list) ? 1 : 0); // If $list empty, we are sure it is hidden, otherwise we show. If it depends on mode (view/create/edit form or list, this must be filtered by caller) } else { @@ -1959,17 +1959,17 @@ class ExtraFields $enabled = 1; if (isset($this->attributes[$object->table_element]['enabled'][$key])) { // 'enabled' is often a condition on module enabled or not - $enabled = dol_eval($this->attributes[$object->table_element]['enabled'][$key], 1); + $enabled = dol_eval($this->attributes[$object->table_element]['enabled'][$key], 1, 1, '1'); } $visibility = 1; if (isset($this->attributes[$object->table_element]['list'][$key])) { // 'list' is option for visibility - $visibility = dol_eval($this->attributes[$object->table_element]['list'][$key], 1); + $visibility = dol_eval($this->attributes[$object->table_element]['list'][$key], 1, 1, '1'); } $perms = 1; if (isset($this->attributes[$object->table_element]['perms'][$key])) { - $perms = dol_eval($this->attributes[$object->table_element]['perms'][$key], 1); + $perms = dol_eval($this->attributes[$object->table_element]['perms'][$key], 1, 1, '1'); } if (empty($enabled)) { continue; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index f25c9aad9d3..975e6ed86ea 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -7424,7 +7424,7 @@ class Form if (!empty($objecttmp->fields)) { // For object that declare it, it is better to use declared fields (like societe, contact, ...) $tmpfieldstoshow = ''; foreach ($objecttmp->fields as $key => $val) { - if (!dol_eval($val['enabled'], 1, 1)) { + if (!dol_eval($val['enabled'], 1, 1, 1, '1')) { continue; } if (!empty($val['showoncombobox'])) { diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index aa0e5486761..6dae77dffa4 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -1501,10 +1501,10 @@ class FormOther 'parent', 'photo', 'socialnetworks', 'webservices_url', 'webservices_key'))) { continue; } - if (isset($val['enabled']) && !dol_eval($val['enabled'], 1)) { + if (isset($val['enabled']) && !dol_eval($val['enabled'], 1, 1, '1')) { continue; } - if (isset($val['visible']) && !dol_eval($val['visible'], 1)) { + if (isset($val['visible']) && !dol_eval($val['visible'], 1, 1, '1')) { continue; } if (preg_match('/^fk_/', $key) && !preg_match('/^fk_statu/', $key)) { @@ -1575,10 +1575,10 @@ class FormOther 'parent', 'photo', 'socialnetworks', 'webservices_url', 'webservices_key'))) { continue; } - if (isset($val['enabled']) && !dol_eval($val['enabled'], 1)) { + if (isset($val['enabled']) && !dol_eval($val['enabled'], 1, 1, '1')) { continue; } - if (isset($val['visible']) && !dol_eval($val['visible'], 1)) { + if (isset($val['visible']) && !dol_eval($val['visible'], 1, 1, '1')) { continue; } if (preg_match('/^fk_/', $key) && !preg_match('/^fk_statu/', $key)) { diff --git a/htdocs/core/class/menu.class.php b/htdocs/core/class/menu.class.php index e88ec701320..eab31288cca 100644 --- a/htdocs/core/class/menu.class.php +++ b/htdocs/core/class/menu.class.php @@ -119,7 +119,7 @@ class Menu { $nb = 0; foreach ($this->liste as $val) { - //if (dol_eval($val['enabled'], 1)) $nb++; + //if (dol_eval($val['enabled'], 1, 1, '1')) $nb++; if (!empty($val['enabled'])) { $nb++; // $val['enabled'] is already evaluated to 0 or 1, no need for dol_eval() } diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php index f881447cd67..5bfdbc7e0f1 100644 --- a/htdocs/core/class/translate.class.php +++ b/htdocs/core/class/translate.class.php @@ -656,7 +656,7 @@ class Translate return $str; } else { // Translation is not available - //if ($key[0] == '$') { return dol_eval($key,1); } + //if ($key[0] == '$') { return dol_eval($key, 1, 1, '1'); } return $this->getTradFromKey($key); } } @@ -722,7 +722,7 @@ class Translate return $str; } else { if ($key[0] == '$') { - return dol_eval($key, 1); + return dol_eval($key, 1, 1, '1'); } return $this->getTradFromKey($key); } diff --git a/htdocs/core/customreports.php b/htdocs/core/customreports.php index fafd1c015e8..0ff8ebc4e64 100644 --- a/htdocs/core/customreports.php +++ b/htdocs/core/customreports.php @@ -371,7 +371,7 @@ print '
'; print '
'.$langs->trans("StatisticsOn").'
'; $newarrayoftype = array(); foreach ($arrayoftype as $key => $val) { - if (dol_eval($val['enabled'], 1)) { + if (dol_eval($val['enabled'], 1, 1, '1')) { $newarrayoftype[$key] = $arrayoftype[$key]; } if ($val['langs']) { @@ -402,7 +402,7 @@ print '
'; // Add measures into array print '
'; foreach ($object->fields as $key => $val) { - if (!empty($val['isameasure']) && (!isset($val['enabled']) || dol_eval($val['enabled'], 1))) { + if (!empty($val['isameasure']) && (!isset($val['enabled']) || dol_eval($val['enabled'], 1, 1, '1'))) { $arrayofmesures['t.'.$key.'-sum'] = $langs->trans($val['label']).' ('.$langs->trans("Sum").')'; $arrayofmesures['t.'.$key.'-average'] = $langs->trans($val['label']).' ('.$langs->trans("Average").')'; $arrayofmesures['t.'.$key.'-min'] = $langs->trans($val['label']).' ('.$langs->trans("Minimum").')'; @@ -412,7 +412,7 @@ foreach ($object->fields as $key => $val) { // Add extrafields to Measures if ($object->isextrafieldmanaged) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - if (!empty($extrafields->attributes[$object->table_element]['totalizable'][$key]) && (!isset($extrafields->attributes[$object->table_element]['enabled'][$key]) || dol_eval($extrafields->attributes[$object->table_element]['enabled'][$key], 1))) { + if (!empty($extrafields->attributes[$object->table_element]['totalizable'][$key]) && (!isset($extrafields->attributes[$object->table_element]['enabled'][$key]) || dol_eval($extrafields->attributes[$object->table_element]['enabled'][$key], 1, 1, '1'))) { $arrayofmesures['te.'.$key.'-sum'] = $langs->trans($extrafields->attributes[$object->table_element]['label'][$key]).' ('.$langs->trans("Sum").')'; $arrayofmesures['te.'.$key.'-average'] = $langs->trans($extrafields->attributes[$object->table_element]['label'][$key]).' ('.$langs->trans("Average").')'; $arrayofmesures['te.'.$key.'-min'] = $langs->trans($extrafields->attributes[$object->table_element]['label'][$key]).' ('.$langs->trans("Minimum").')'; @@ -443,7 +443,7 @@ if ($mode == 'grid') { // YAxis print '
'; foreach ($object->fields as $key => $val) { - if (empty($val['measure']) && (!isset($val['enabled']) || dol_eval($val['enabled'], 1))) { + if (empty($val['measure']) && (!isset($val['enabled']) || dol_eval($val['enabled'], 1, 1, '1'))) { if (in_array($key, array('id', 'rowid', 'entity', 'last_main_doc', 'extraparams'))) { continue; } @@ -464,7 +464,7 @@ if ($mode == 'grid') { // Add measure from extrafields if ($object->isextrafieldmanaged) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - if (!empty($extrafields->attributes[$object->table_element]['totalizable'][$key]) && (!isset($extrafields->attributes[$object->table_element]['enabled'][$key]) || dol_eval($extrafields->attributes[$object->table_element]['enabled'][$key], 1))) { + if (!empty($extrafields->attributes[$object->table_element]['totalizable'][$key]) && (!isset($extrafields->attributes[$object->table_element]['enabled'][$key]) || dol_eval($extrafields->attributes[$object->table_element]['enabled'][$key], 1, 1, '1'))) { $arrayofyaxis['te.'.$key] = array('label' => $extrafields->attributes[$object->table_element]['label'][$key], 'position' => (int) $extrafields->attributes[$object->table_element]['pos'][$key]); } } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 513534ba38c..c6476f98a11 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -8188,12 +8188,13 @@ function verifCond($strToEvaluate) * Replace eval function to add more security. * This function is called by verifCond() or trans() and transnoentitiesnoconv(). * - * @param string $s String to evaluate - * @param int $returnvalue 0=No return (used to execute eval($a=something)). 1=Value of eval is returned (used to eval($something)). - * @param int $hideerrors 1=Hide errors - * @return mixed Nothing or return result of eval + * @param string $s String to evaluate + * @param int $returnvalue 0=No return (used to execute eval($a=something)). 1=Value of eval is returned (used to eval($something)). + * @param int $hideerrors 1=Hide errors + * @param string $onlysimplestring Accept only simple string with char 'a-z0-9\s$_->&|='; + * @return mixed Nothing or return result of eval */ -function dol_eval($s, $returnvalue = 0, $hideerrors = 1) +function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1') { // Only global variables can be changed by eval function and returned to caller global $db, $langs, $user, $conf, $website, $websitepage; @@ -8205,9 +8206,18 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1) global $obj; // To get $obj used into list when dol_eval is used for computed fields and $obj is not yet $object global $soc; // For backward compatibility - // Replace dangerous char (used for RCE), we allow only PHP variable testing. + // Test dangerous char (used for RCE), we allow only PHP variable testing. + if ($onlysimplestring == '1') { + //print preg_quote('$_->&|', '/'); + if (preg_match('/[^a-z0-9\s'.preg_quote('$_->&|=', '/').']/i', $s)) { + return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s; + } + } if (strpos($s, '`') !== false) { - return 'Bad string syntax to evaluate: '.$s; + return 'Bad string syntax to evaluate (backtick char is forbidden): '.$s; + } + if (strpos($s, '.') !== false) { + return 'Bad string syntax to evaluate (dot char is forbidden): '.$s; } // We block use of php exec or php file functions @@ -8215,7 +8225,7 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1) $forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST')); $forbiddenphpfunctions = array("exec", "passthru", "shell_exec", "system", "proc_open", "popen", "eval", "dol_eval", "executeCLI"); - $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "unlink", "mkdir", "rmdir", "symlink", "touch", "umask")); + $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "require", "include", "mkdir", "rmdir", "symlink", "touch", "unlink", "umask")); $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("function", "call_user_func")); $forbiddenphpregex = 'global\s+\$|\b('.implode('|', $forbiddenphpfunctions).')\b'; diff --git a/htdocs/core/tpl/admin_extrafields_view.tpl.php b/htdocs/core/tpl/admin_extrafields_view.tpl.php index d1145229db7..369f60ea201 100644 --- a/htdocs/core/tpl/admin_extrafields_view.tpl.php +++ b/htdocs/core/tpl/admin_extrafields_view.tpl.php @@ -73,7 +73,7 @@ print "\n"; if (isset($extrafields->attributes[$elementtype]['type']) && is_array($extrafields->attributes[$elementtype]['type']) && count($extrafields->attributes[$elementtype]['type'])) { foreach ($extrafields->attributes[$elementtype]['type'] as $key => $value) { - /*if (! dol_eval($extrafields->attributes[$elementtype]['enabled'][$key], 1)) { + /*if (! dol_eval($extrafields->attributes[$elementtype]['enabled'][$key], 1, 1, '1')) { // TODO Uncomment this to exclude extrafields of modules not enabled. Add a link to "Show extrafields disabled" // continue; }*/ diff --git a/htdocs/core/tpl/extrafields_list_array_fields.tpl.php b/htdocs/core/tpl/extrafields_list_array_fields.tpl.php index 36eeee89627..b704891da16 100644 --- a/htdocs/core/tpl/extrafields_list_array_fields.tpl.php +++ b/htdocs/core/tpl/extrafields_list_array_fields.tpl.php @@ -23,9 +23,9 @@ if (!empty($extrafieldsobjectkey)) { // $extrafieldsobject is the $object->table $arrayfields[$extrafieldsobjectprefix.$key] = array( 'label' => $extrafields->attributes[$extrafieldsobjectkey]['label'][$key], 'type' => $extrafields->attributes[$extrafieldsobjectkey]['type'][$key], - 'checked' => ((dol_eval($extrafields->attributes[$extrafieldsobjectkey]['list'][$key], 1) <= 0) ? 0 : 1), + 'checked' => ((dol_eval($extrafields->attributes[$extrafieldsobjectkey]['list'][$key], 1, 1, '1') <= 0) ? 0 : 1), 'position' => $extrafields->attributes[$extrafieldsobjectkey]['pos'][$key], - 'enabled' => (abs((int) $extrafields->attributes[$extrafieldsobjectkey]['list'][$key]) != 3 && dol_eval($extrafields->attributes[$extrafieldsobjectkey]['perms'][$key], 1)), + 'enabled' => (abs((int) $extrafields->attributes[$extrafieldsobjectkey]['list'][$key]) != 3 && dol_eval($extrafields->attributes[$extrafieldsobjectkey]['perms'][$key], 1, 1, '1')), 'langfile' => $extrafields->attributes[$extrafieldsobjectkey]['langfile'][$key], 'help' => $extrafields->attributes[$extrafieldsobjectkey]['help'][$key], ); diff --git a/htdocs/core/tpl/extrafields_list_print_fields.tpl.php b/htdocs/core/tpl/extrafields_list_print_fields.tpl.php index 80d6cd7da56..00c2739e3f8 100644 --- a/htdocs/core/tpl/extrafields_list_print_fields.tpl.php +++ b/htdocs/core/tpl/extrafields_list_print_fields.tpl.php @@ -38,7 +38,7 @@ if (!empty($extrafieldsobjectkey) && !empty($extrafields->attributes[$extrafield //var_dump($extrafields->attributes[$extrafieldsobjectkey]['computed'][$key]); //var_dump($obj); //var_dump($extrafields->attributes[$extrafieldsobjectkey]['computed'][$key]); - $value = dol_eval($extrafields->attributes[$extrafieldsobjectkey]['computed'][$key], 1); + $value = dol_eval($extrafields->attributes[$extrafieldsobjectkey]['computed'][$key], 1, 1, '0'); //var_dump($value); } diff --git a/htdocs/eventorganization/conferenceorbooth_list.php b/htdocs/eventorganization/conferenceorbooth_list.php index d105ad05c43..943205adca2 100644 --- a/htdocs/eventorganization/conferenceorbooth_list.php +++ b/htdocs/eventorganization/conferenceorbooth_list.php @@ -114,11 +114,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/eventorganization/conferenceorboothattendee_list.php b/htdocs/eventorganization/conferenceorboothattendee_list.php index e084c68cfe7..ab2699187b2 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_list.php +++ b/htdocs/eventorganization/conferenceorboothattendee_list.php @@ -122,11 +122,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/hrm/evaluation_list.php b/htdocs/hrm/evaluation_list.php index 35189f11b87..ad99573b096 100644 --- a/htdocs/hrm/evaluation_list.php +++ b/htdocs/hrm/evaluation_list.php @@ -114,11 +114,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/hrm/job_list.php b/htdocs/hrm/job_list.php index 55363d729b5..7644ea1fd0f 100644 --- a/htdocs/hrm/job_list.php +++ b/htdocs/hrm/job_list.php @@ -114,11 +114,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/hrm/position.php b/htdocs/hrm/position.php index d36d352e895..253945e6c5a 100644 --- a/htdocs/hrm/position.php +++ b/htdocs/hrm/position.php @@ -357,11 +357,11 @@ function DisplayPositionList() foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.' . $key] = array( 'label' => $val['label'], 'checked' => (($visible < 0) ? 0 : 1), - 'enabled' => ($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled' => ($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position' => $val['position'], 'help' => isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/hrm/position_list.php b/htdocs/hrm/position_list.php index 1585ed1e03f..13315a2a9bc 100644 --- a/htdocs/hrm/position_list.php +++ b/htdocs/hrm/position_list.php @@ -114,11 +114,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/hrm/skill_card.php b/htdocs/hrm/skill_card.php index a06cf40952a..7c63bb2cff7 100644 --- a/htdocs/hrm/skill_card.php +++ b/htdocs/hrm/skill_card.php @@ -538,11 +538,11 @@ if ($action != "create" && $action != "edit") { foreach ($objectline->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.' . $key] = array( 'label' => $val['label'], 'checked' => (($visible < 0) ? 0 : 1), - 'enabled' => ($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled' => ($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position' => $val['position'], 'help' => isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/hrm/skill_list.php b/htdocs/hrm/skill_list.php index 1fc5440e589..8ef800b3ffc 100644 --- a/htdocs/hrm/skill_list.php +++ b/htdocs/hrm/skill_list.php @@ -114,11 +114,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/knowledgemanagement/knowledgerecord_list.php b/htdocs/knowledgemanagement/knowledgerecord_list.php index aed45b1db26..c4440028e49 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_list.php +++ b/htdocs/knowledgemanagement/knowledgerecord_list.php @@ -114,11 +114,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/mrp/mo_list.php b/htdocs/mrp/mo_list.php index e5648cad5f7..6e15a71e517 100644 --- a/htdocs/mrp/mo_list.php +++ b/htdocs/mrp/mo_list.php @@ -109,11 +109,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/partnership/partnership_list.php b/htdocs/partnership/partnership_list.php index 89394960632..dc9958fa3df 100644 --- a/htdocs/partnership/partnership_list.php +++ b/htdocs/partnership/partnership_list.php @@ -118,11 +118,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php index 41e43fdf433..c4548b3aa66 100644 --- a/htdocs/product/inventory/list.php +++ b/htdocs/product/inventory/list.php @@ -102,11 +102,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/product/list.php b/htdocs/product/list.php index a3ec599dea8..26dbf18e439 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -244,11 +244,11 @@ $arrayfields = array( /*foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = dol_eval($val['visible'], 1); + $visible = dol_eval($val['visible'], 1, 1, '1'); $arrayfields['p.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'] ); } diff --git a/htdocs/product/stock/list.php b/htdocs/product/stock/list.php index 8f24fb9c110..93c963e0065 100644 --- a/htdocs/product/stock/list.php +++ b/htdocs/product/stock/list.php @@ -117,11 +117,11 @@ $arrayfields = array( foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : 'help' ); diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index e5a8b05902e..92172643096 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -104,11 +104,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = dol_eval($val['visible'], 1); + $visible = dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'] ); } diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 56db0bd2a64..3eeb1bb1e4c 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -27,6 +27,7 @@ */ require_once DOL_DOCUMENT_ROOT.'/core/class/commonobject.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/commonobjectline.class.php'; require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index cc9099b463b..36c2fc942b5 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -182,11 +182,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = dol_eval($val['visible'], 1); + $visible = dol_eval($val['visible'], 1, 1, '1'); $arrayfields['p.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/recruitment/recruitmentcandidature_list.php b/htdocs/recruitment/recruitmentcandidature_list.php index f16b8c3dcf9..05cf56636ea 100644 --- a/htdocs/recruitment/recruitmentcandidature_list.php +++ b/htdocs/recruitment/recruitmentcandidature_list.php @@ -151,11 +151,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = dol_eval($val['visible'], 1); + $visible = dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'] ); } diff --git a/htdocs/recruitment/recruitmentjobposition_list.php b/htdocs/recruitment/recruitmentjobposition_list.php index f0935bc8798..c4a43d0bab4 100644 --- a/htdocs/recruitment/recruitmentjobposition_list.php +++ b/htdocs/recruitment/recruitmentjobposition_list.php @@ -153,11 +153,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/salaries/list.php b/htdocs/salaries/list.php index 7a8b3ebca10..2e77c29cd01 100644 --- a/htdocs/salaries/list.php +++ b/htdocs/salaries/list.php @@ -134,11 +134,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/salaries/payments.php b/htdocs/salaries/payments.php index 77cbae397f0..58f5546216f 100644 --- a/htdocs/salaries/payments.php +++ b/htdocs/salaries/payments.php @@ -129,11 +129,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index b2548807be4..f489c9218fc 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -136,11 +136,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); diff --git a/htdocs/workstation/workstation_list.php b/htdocs/workstation/workstation_list.php index 25dcc44de65..0d17232c9db 100644 --- a/htdocs/workstation/workstation_list.php +++ b/htdocs/workstation/workstation_list.php @@ -108,11 +108,11 @@ $arrayfields = array(); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field if (!empty($val['visible'])) { - $visible = (int) dol_eval($val['visible'], 1); + $visible = (int) dol_eval($val['visible'], 1, 1, '1'); $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>$val['position'], 'help' => empty($val['help']) ? '' : $val['help'] ); @@ -130,7 +130,7 @@ $arrayfields['wug.fk_usergroup'] = array( $arrayfields['wr.fk_resource'] = array( 'label'=>$langs->trans('Resources'), 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), 'position'=>1001, 'help' => empty($val['help']) ? '' : $val['help'] ); diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 15e4eaa8bda..a687e6adbd7 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -875,11 +875,18 @@ class SecurityTest extends PHPUnit\Framework\TestCase include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php'; - $result=dol_eval('(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref: "Parent project not found"', 1, 1); + + $s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref: "Parent project not found"'; + $result=dol_eval($s, 1, 1, ''); print "result = ".$result."\n"; $this->assertEquals('Parent project not found', $result); - $result=dol_eval('$a=function() { }; $a;', 1, 1); + $s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref: \'Parent project not found\''; + $result=dol_eval($s, 1, 1, ''); + print "result = ".$result."\n"; + $this->assertEquals('Parent project not found', $result); + + $result=dol_eval('$a=function() { }; $a;', 1, 1, ''); print "result = ".$result."\n"; $this->assertContains('Bad string syntax to evaluate', $result); @@ -898,5 +905,18 @@ class SecurityTest extends PHPUnit\Framework\TestCase $result=dol_eval('`ls`', 1, 0); print "result = ".$result."\n"; $this->assertContains('Bad string syntax to evaluate', $result); + + $result=dol_eval("('ex'.'ec')('echo abc')", 1, 0); + print "result = ".$result."\n"; + $this->assertContains('Bad string syntax to evaluate', $result); + + // Case with param onlysimplestring = 1 + $result=dol_eval('1 && $conf->abc->doesnotexist1 && $conf->def->doesnotexist1', 1, 0); // Should return false and not a 'Bad string syntax to evaluate ...' + print "result = ".$result."\n"; + $this->assertFalse($result); + + $result=dol_eval("(\$a.'aa')", 1, 0); + print "result = ".$result."\n"; + $this->assertContains('Bad string syntax to evaluate', $result); } } From 237b6fc9226e1c3e87d68ddce1f2dc9229473f63 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 1 Mar 2022 17:07:28 +0100 Subject: [PATCH 23/72] Fix value recommended --- htdocs/admin/system/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 9321fa11c12..eb3a6d7c884 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -444,7 +444,7 @@ print '
'; print 'MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."
"; print '
'; -print 'MAIN_SECURITY_CSRF_WITH_TOKEN = '.(empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 2)' : $conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)."
"; +print 'MAIN_SECURITY_CSRF_WITH_TOKEN = '.(empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN).'   ('.$langs->trans("Recommended").': 2)'."
"; print '
'; print 'MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL = '.(empty($conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)' : $conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL)."
"; From b79ad197ec3760f844e37a8d52f63ea47ea162a1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 1 Mar 2022 17:29:22 +0100 Subject: [PATCH 24/72] FIX Missing the field date start/end in export supplier invoice/order --- htdocs/core/modules/modFournisseur.class.php | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/htdocs/core/modules/modFournisseur.class.php b/htdocs/core/modules/modFournisseur.class.php index 0f730f773bb..a9760c62c04 100644 --- a/htdocs/core/modules/modFournisseur.class.php +++ b/htdocs/core/modules/modFournisseur.class.php @@ -293,7 +293,8 @@ class modFournisseur extends DolibarrModules 'f.rowid'=>"InvoiceId", 'f.ref'=>"InvoiceRef", 'f.ref_supplier'=>"RefSupplier", 'f.datec'=>"InvoiceDateCreation", 'f.datef'=>"DateInvoice", 'f.date_lim_reglement'=>'DateMaxPayment', 'f.total_ht'=>"TotalHT", 'f.total_ttc'=>"TotalTTC", 'f.total_tva'=>"TotalVAT", 'f.paye'=>"InvoicePaid", 'f.fk_statut'=>'InvoiceStatus', 'f.note_public'=>"InvoiceNote", 'fd.rowid'=>'LineId', 'fd.description'=>"LineDescription", 'fd.tva_tx'=>"LineVATRate", 'fd.qty'=>"LineQty", 'fd.remise_percent'=>"Discount", 'fd.total_ht'=>"LineTotalHT", - 'fd.total_ttc'=>"LineTotalTTC", 'fd.tva'=>"LineTotalVAT", 'fd.product_type'=>'TypeOfLineServiceOrProduct', 'fd.fk_product'=>'ProductId', + 'fd.total_ttc'=>"LineTotalTTC", 'fd.tva'=>"LineTotalVAT", 'fd.date_start'=>"DateStart", 'fd.date_end'=>"DateEnd", 'fd.special_code'=>'SpecialCode', + 'fd.product_type'=>'TypeOfLineServiceOrProduct', 'fd.fk_product'=>'ProductId', 'p.ref'=>'ProductRef', 'p.label'=>'ProductLabel', 'p.accountancy_code_buy'=>'ProductAccountancyBuyCode', 'project.rowid'=>'ProjectId', 'project.ref'=>'ProjectRef', 'project.title'=>'ProjectLabel' ); @@ -314,7 +315,8 @@ class modFournisseur extends DolibarrModules 's.nom'=>'Text', 'ps.nom'=>'Text', 's.address'=>'Text', 's.zip'=>'Text', 's.town'=>'Text', 'c.code'=>'Text', 's.phone'=>'Text', 's.siren'=>'Text', 's.siret'=>'Text', 's.ape'=>'Text', 's.idprof4'=>'Text', 's.idprof5'=>'Text', 's.idprof6'=>'Text', 's.code_compta'=>'Text', 's.code_compta_fournisseur'=>'Text', 's.tva_intra'=>'Text', 'f.ref'=>"Text", 'f.ref_supplier'=>"Text", 'f.datec'=>"Date", 'f.datef'=>"Date", 'f.date_lim_reglement'=>'Date', 'f.total_ht'=>"Numeric", 'f.total_ttc'=>"Numeric", 'f.total_tva'=>"Numeric", 'f.paye'=>"Boolean", 'f.fk_statut'=>'Status', 'f.note_public'=>"Text", 'fd.description'=>"Text", 'fd.tva_tx'=>"Text", - 'fd.qty'=>"Numeric", 'fd.total_ht'=>"Numeric", 'fd.total_ttc'=>"Numeric", 'fd.tva'=>"Numeric", 'fd.product_type'=>'Numeric', 'fd.fk_product'=>'List:product:label', + 'fd.qty'=>"Numeric", 'fd.total_ht'=>"Numeric", 'fd.total_ttc'=>"Numeric", 'fd.tva'=>"Numeric", 'fd.date_start'=>"Date", 'fd.date_end'=>"Date", 'fd.special_code'=>"Numeric", + 'fd.product_type'=>'Numeric', 'fd.fk_product'=>'List:product:label', 'p.ref'=>'Text', 'p.label'=>'Text', 'project.ref'=>'Text', 'project.title'=>'Text' ); $this->export_entities_array[$r] = array( @@ -322,7 +324,8 @@ class modFournisseur extends DolibarrModules 's.ape'=>'company', 's.idprof4'=>'company', 's.idprof5'=>'company', 's.idprof6'=>'company', 's.code_compta'=>'company', 's.code_compta_fournisseur'=>'company', 's.tva_intra'=>'company', 'f.rowid'=>"invoice", 'f.ref'=>"invoice", 'f.ref_supplier'=>"invoice", 'f.datec'=>"invoice", 'f.datef'=>"invoice", 'f.date_lim_reglement'=>'invoice', 'f.total_ht'=>"invoice", 'f.total_ttc'=>"invoice", 'f.total_tva'=>"invoice", 'f.paye'=>"invoice", 'f.fk_statut'=>'invoice', 'f.note_public'=>"invoice", 'fd.rowid'=>'invoice_line', 'fd.description'=>"invoice_line", 'fd.tva_tx'=>"invoice_line", 'fd.qty'=>"invoice_line", - 'fd.remise_percent'=>"invoice_line", 'fd.total_ht'=>"invoice_line", 'fd.total_ttc'=>"invoice_line", 'fd.tva'=>"invoice_line", 'fd.product_type'=>'invoice_line', 'fd.fk_product'=>'product', + 'fd.remise_percent'=>"invoice_line", 'fd.total_ht'=>"invoice_line", 'fd.total_ttc'=>"invoice_line", 'fd.tva'=>"invoice_line", 'fd.date_start'=>"invoice_line", 'fd.date_end'=>"invoice_line", 'fd.special_code'=>"invoice_line", + 'fd.product_type'=>'invoice_line', 'fd.fk_product'=>'product', 'p.ref'=>'product', 'p.label'=>'product', 'p.accountancy_code_buy'=>'product', 'project.rowid'=>'project', 'project.ref'=>'project', 'project.title'=>'project' ); $this->export_dependencies_array[$r] = array('invoice_line'=>'fd.rowid', 'product'=>'fd.rowid'); // To add unique key if we ask a field of a child to avoid the DISTINCT to discard them @@ -432,7 +435,8 @@ class modFournisseur extends DolibarrModules 'f.total_ht'=>"TotalHT", 'f.total_ttc'=>"TotalTTC", 'f.total_tva'=>"TotalVAT", 'f.fk_statut'=>'Status', 'f.date_valid'=>'DateValidation', 'f.date_approve'=>'DateApprove', 'f.date_approve2'=>'DateApprove2', 'f.note_public'=>"NotePublic", 'f.note_private'=>"NotePrivate", 'uv.login'=>'UserValidation', 'ua1.login'=>'ApprovedBy', 'ua2.login'=>'ApprovedBy2', 'fd.rowid'=>'LineId', 'fd.description'=>"LineDescription", 'fd.tva_tx'=>"LineVATRate", 'fd.qty'=>"LineQty", 'fd.remise_percent'=>"Discount", 'fd.total_ht'=>"LineTotalHT", 'fd.total_ttc'=>"LineTotalTTC", - 'fd.total_tva'=>"LineTotalVAT", 'fd.product_type'=>'TypeOfLineServiceOrProduct', 'fd.ref'=>'RefSupplier', 'fd.fk_product'=>'ProductId', + 'fd.total_tva'=>"LineTotalVAT", 'fd.date_start'=>"DateStart", 'fd.date_end'=>"DateEnd", 'fd.special_code'=>'SpecialCode', + 'fd.product_type'=>'TypeOfLineServiceOrProduct', 'fd.ref'=>'RefSupplier', 'fd.fk_product'=>'ProductId', 'p.ref'=>'ProductRef', 'p.label'=>'ProductLabel', 'project.rowid'=>'ProjectId', 'project.ref'=>'ProjectRef', 'project.title'=>'ProjectLabel' ); if (!empty($conf->multicurrency->enabled)) { @@ -452,13 +456,15 @@ class modFournisseur extends DolibarrModules 'f.date_creation'=>"Date", 'f.date_commande'=>"Date", 'f.date_livraison'=>"Date", 'f.total_ht'=>"Numeric", 'f.total_ttc'=>"Numeric", 'f.total_tva'=>"Numeric", 'f.fk_statut'=>'Status', 'f.date_valid'=>'Date', 'f.date_approve'=>'Date', 'f.date_approve2'=>'Date', 'f.note_public'=>"Text", 'f.note_private'=>"Text", 'fd.description'=>"Text", 'fd.tva_tx'=>"Numeric", 'fd.qty'=>"Numeric", 'fd.remise_percent'=>"Numeric", 'fd.total_ht'=>"Numeric", 'fd.total_ttc'=>"Numeric", 'fd.total_tva'=>"Numeric", + 'fd.date_start'=>"Date", 'fd.date_end'=>"Date", 'fd.special_code'=>"Numeric", 'fd.product_type'=>'Numeric', 'fd.ref'=>'Text', 'fd.fk_product'=>'List:product:label', 'p.ref'=>'Text', 'p.label'=>'Text', 'project.ref'=>'Text', 'project.title'=>'Text' ); $this->export_entities_array[$r] = array( 's.rowid'=>"company", 's.nom'=>'company', 'ps.nom'=>'company', 's.address'=>'company', 's.zip'=>'company', 's.town'=>'company', 'c.code'=>'company', 's.phone'=>'company', 's.siren'=>'company', 's.siret'=>'company', 's.ape'=>'company', 's.idprof4'=>'company', 's.idprof5'=>'company', 's.idprof6'=>'company', 's.tva_intra'=>'company', 'uv.login'=>'user', 'ua1.login'=>'user', 'ua2.login'=>'user', 'fd.rowid'=>'order_line', 'fd.description'=>"order_line", 'fd.tva_tx'=>"order_line", 'fd.qty'=>"order_line", 'fd.remise_percent'=>"order_line", - 'fd.total_ht'=>"order_line", 'fd.total_ttc'=>"order_line", 'fd.total_tva'=>"order_line", 'fd.product_type'=>'order_line', 'fd.ref'=>'order_line', 'fd.fk_product'=>'product', + 'fd.total_ht'=>"order_line", 'fd.total_ttc'=>"order_line", 'fd.total_tva'=>"order_line", 'fd.date_start'=>"order_line", 'fd.date_end'=>"order_line", 'fd.special_code'=>"order_line", + 'fd.product_type'=>'order_line', 'fd.ref'=>'order_line', 'fd.fk_product'=>'product', 'p.ref'=>'product', 'p.label'=>'product', 'project.rowid'=>'project', 'project.ref'=>'project', 'project.title'=>'project' ); $this->export_dependencies_array[$r] = array('order_line'=>'fd.rowid', 'product'=>'fd.rowid'); // To add unique key if we ask a field of a child to avoid the DISTINCT to discard them From 883f13b38892c8e98ef6f1cf456129aba7d914a1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 1 Mar 2022 18:14:24 +0100 Subject: [PATCH 25/72] Fix regression verifCond --- htdocs/core/lib/functions.lib.php | 27 ++++++++++++++++++++++----- test/phpunit/SecurityTest.php | 8 ++++++-- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index c6476f98a11..c6ceadf0a71 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -8167,7 +8167,7 @@ function dol_getIdFromCode($db, $key, $tablename, $fieldkey = 'code', $fieldid = * Verify if condition in string is ok or not * * @param string $strToEvaluate String with condition to check - * @return boolean True or False. Note: It returns True if $strToEvaluate is '' + * @return boolean True or False. Note: It returns also True if $strToEvaluate is '' */ function verifCond($strToEvaluate) { @@ -8178,8 +8178,10 @@ function verifCond($strToEvaluate) //print $strToEvaluate."
\n"; $rights = true; if (isset($strToEvaluate) && $strToEvaluate !== '') { - $str = 'if(!('.$strToEvaluate.')) { $rights = false; }'; - dol_eval($str); // The dol_eval must contains all the global $xxx used into a condition + $str = 'if(!('.$strToEvaluate.')) $rights = false;'; + dol_eval($str, 0, 1, '2'); // The dol_eval must contains all the global $xxx used into a condition + //$rep = dol_eval($strToEvaluate, 1, 1 , '1'); // The dol_eval must contains all the global $xxx used into a condition + //$rights = ($rep ? true : false); } return $rights; } @@ -8191,7 +8193,7 @@ function verifCond($strToEvaluate) * @param string $s String to evaluate * @param int $returnvalue 0=No return (used to execute eval($a=something)). 1=Value of eval is returned (used to eval($something)). * @param int $hideerrors 1=Hide errors - * @param string $onlysimplestring Accept only simple string with char 'a-z0-9\s$_->&|='; + * @param string $onlysimplestring 0=Accept all chars, 1=Accept only simple string with char 'a-z0-9\s$_->&|=';, 2=Accept also '!?():";' * @return mixed Nothing or return result of eval */ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1') @@ -8210,7 +8212,22 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1' if ($onlysimplestring == '1') { //print preg_quote('$_->&|', '/'); if (preg_match('/[^a-z0-9\s'.preg_quote('$_->&|=', '/').']/i', $s)) { - return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s; + if ($returnvalue) { + return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s; + } else { + dol_syslog('Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s); + return ''; + } + } + } elseif ($onlysimplestring == '2') { + //print preg_quote('$_->&|', '/'); + if (preg_match('/[^a-z0-9\s'.preg_quote('$_->&|=!?():";', '/').']/i', $s)) { + if ($returnvalue) { + return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s; + } else { + dol_syslog('Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s); + return ''; + } } } if (strpos($s, '`') !== false) { diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index a687e6adbd7..7194c1cbfd4 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -876,12 +876,12 @@ class SecurityTest extends PHPUnit\Framework\TestCase include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php'; - $s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref: "Parent project not found"'; + $s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : "Parent project not found"'; $result=dol_eval($s, 1, 1, ''); print "result = ".$result."\n"; $this->assertEquals('Parent project not found', $result); - $s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref: \'Parent project not found\''; + $s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : \'Parent project not found\''; $result=dol_eval($s, 1, 1, ''); print "result = ".$result."\n"; $this->assertEquals('Parent project not found', $result); @@ -910,6 +910,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase print "result = ".$result."\n"; $this->assertContains('Bad string syntax to evaluate', $result); + $result=dol_eval("sprintf(\"%s%s\", \"ex\", \"ec\")('echo abc')", 1, 0, ''); + print "result = ".$result."\n"; + $this->assertContains('Bad string syntax to evaluate', $result); + // Case with param onlysimplestring = 1 $result=dol_eval('1 && $conf->abc->doesnotexist1 && $conf->def->doesnotexist1', 1, 0); // Should return false and not a 'Bad string syntax to evaluate ...' print "result = ".$result."\n"; From 2e38caa950aab06339d3e7f4abb5fc4d522cd26b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 1 Mar 2022 18:22:09 +0100 Subject: [PATCH 26/72] phpunit --- test/phpunit/SecurityTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 7194c1cbfd4..636309f2349 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -910,7 +910,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase print "result = ".$result."\n"; $this->assertContains('Bad string syntax to evaluate', $result); - $result=dol_eval("sprintf(\"%s%s\", \"ex\", \"ec\")('echo abc')", 1, 0, ''); + $result=dol_eval("sprintf(\"%s%s\", \"ex\", \"ec\")('echo abc')", 1, 0); print "result = ".$result."\n"; $this->assertContains('Bad string syntax to evaluate', $result); From 3e1580475c1b0855fe33de7ad657467661ad6f9b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 1 Mar 2022 18:22:09 +0100 Subject: [PATCH 27/72] Fix phpunit --- htdocs/core/lib/functions.lib.php | 2 +- test/phpunit/SecurityTest.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index c6ceadf0a71..191ad2da21f 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -8211,7 +8211,7 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1' // Test dangerous char (used for RCE), we allow only PHP variable testing. if ($onlysimplestring == '1') { //print preg_quote('$_->&|', '/'); - if (preg_match('/[^a-z0-9\s'.preg_quote('$_->&|=', '/').']/i', $s)) { + if (preg_match('/[^a-z0-9\s'.preg_quote('$_->&|=!?():"', '/').']/i', $s)) { if ($returnvalue) { return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s; } else { diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 7194c1cbfd4..b96887b6152 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -910,12 +910,12 @@ class SecurityTest extends PHPUnit\Framework\TestCase print "result = ".$result."\n"; $this->assertContains('Bad string syntax to evaluate', $result); - $result=dol_eval("sprintf(\"%s%s\", \"ex\", \"ec\")('echo abc')", 1, 0, ''); + $result=dol_eval("sprintf(\"%s%s\", \"ex\", \"ec\")('echo abc')", 1, 0); print "result = ".$result."\n"; $this->assertContains('Bad string syntax to evaluate', $result); // Case with param onlysimplestring = 1 - $result=dol_eval('1 && $conf->abc->doesnotexist1 && $conf->def->doesnotexist1', 1, 0); // Should return false and not a 'Bad string syntax to evaluate ...' + $result=dol_eval('1 && getDolGlobalInt("doesnotexist1") && $conf->global->MAIN_FEATURES_LEVEL', 1, 0); // Should return false and not a 'Bad string syntax to evaluate ...' print "result = ".$result."\n"; $this->assertFalse($result); From 8051128665cfcc8bb14c7ca9b5b6d942b278dc31 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 2 Mar 2022 11:37:19 +0100 Subject: [PATCH 28/72] Split section experimental and stable --- htdocs/admin/system/security.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index eb3a6d7c884..118fab39f80 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -405,7 +405,7 @@ print '

'; print '
'; -print load_fiche_titre($langs->trans("OtherSetup").' ('.$langs->trans("Experimental").')', '', 'folder'); +print load_fiche_titre($langs->trans("OtherSetup"), '', 'folder'); //print ''.$langs->trans("PasswordEncryption").': '; @@ -438,19 +438,24 @@ print '
'; print 'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE).'   ('.$langs->trans("Recommended").': 1)
'; print '
'; +print 'MAIN_SECURITY_CSRF_WITH_TOKEN = '.(empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN).'   ('.$langs->trans("Recommended").': 2)'."
"; +print '
'; + +print '
'; +print '
'; + + +print load_fiche_titre($langs->trans("OtherSetup").' ('.$langs->trans("Experimental").')', '', 'folder'); + print 'MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."
"; print '
'; print 'MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': 1)' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."
"; print '
'; -print 'MAIN_SECURITY_CSRF_WITH_TOKEN = '.(empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN).'   ('.$langs->trans("Recommended").': 2)'."
"; -print '
'; - print 'MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL = '.(empty($conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)' : $conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL)."
"; print '
'; - print 'MAIN_EXEC_USE_POPEN = '; if (empty($conf->global->MAIN_EXEC_USE_POPEN)) { print ''.$langs->trans("Undefined").''; From 5ffac5f3ee16abd1764e4345992ba1074bab202f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 2 Mar 2022 11:38:32 +0100 Subject: [PATCH 29/72] Fix typo --- htdocs/core/modules/modAccounting.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/modAccounting.class.php b/htdocs/core/modules/modAccounting.class.php index e0bf3a9bbc5..21b20d063ed 100644 --- a/htdocs/core/modules/modAccounting.class.php +++ b/htdocs/core/modules/modAccounting.class.php @@ -256,7 +256,7 @@ class modAccounting extends DolibarrModules $r++; $this->export_code[$r] = $this->rights_class.'_'.$r; $this->export_label[$r] = 'Chartofaccounts'; - $this->export_icon[$r] = 'accounting'; + $this->export_icon[$r] = $this->picto; $this->export_permission[$r] = array(array("accounting", "chartofaccount")); $this->export_fields_array[$r] = array('ac.rowid'=>'ChartofaccountsId', 'ac.pcg_version'=>'Chartofaccounts', 'aa.rowid'=>'ID', 'aa.account_number'=>"AccountAccounting", 'aa.label'=>"Label", 'aa.account_parent'=>"Accountparent", 'aa.pcg_type'=>"Pcgtype", 'aa.active'=>'Status'); $this->export_TypeFields_array[$r] = array('ac.rowid'=>'List:accounting_system:pcg_version', 'ac.pcg_version'=>'Text', 'aa.rowid'=>'Numeric', 'aa.account_number'=>"Text", 'aa.label'=>"Text", 'aa.account_parent'=>"Text", 'aa.pcg_type'=>'Text', 'aa.active'=>'Status'); From d15c30359004b07d61830dc69eb8ae5d88b55ee2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 2 Mar 2022 11:57:19 +0100 Subject: [PATCH 30/72] Fix missing button --- htdocs/website/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/website/index.php b/htdocs/website/index.php index cdf425e3ae3..8ac4d612264 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -2807,7 +2807,7 @@ if (!GETPOST('hide_websitemenu')) { print $langs->trans("PageContainer").': '; print ''; - print ''; + print ''; print 'ref).'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("AddPage")).'">'; print ''; From 66b0f253b69b2147825ab61b15638ce42e3cd25c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 2 Mar 2022 12:41:21 +0100 Subject: [PATCH 31/72] Clean code --- htdocs/core/class/doleditor.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/doleditor.class.php b/htdocs/core/class/doleditor.class.php index 927674942e7..89f6df0cd32 100644 --- a/htdocs/core/class/doleditor.class.php +++ b/htdocs/core/class/doleditor.class.php @@ -316,7 +316,7 @@ class DolEditor jQuery(".buttonforacesave").click(function() { console.log("We click on savefile button for component '.$this->htmlname.'"); var aceEditor = window.ace.edit("'.$this->htmlname.'aceeditorid") - console.log(aceEditor.getSession().getValue()); + //console.log(aceEditor.getSession().getValue()); jQuery("#'.$this->htmlname.'").val(aceEditor.getSession().getValue()); /*if (jQuery("#'.$this->htmlname.'").html().length > 0) return true; else return false;*/ From 940417efe2869db1613926ce59b219d25afdafca Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 2 Mar 2022 15:13:17 +0100 Subject: [PATCH 32/72] FIX payment not completed when using Paypal. --- htdocs/public/payment/paymentok.php | 72 +++++++++++++++++++++++++++-- 1 file changed, 67 insertions(+), 5 deletions(-) diff --git a/htdocs/public/payment/paymentok.php b/htdocs/public/payment/paymentok.php index 499ff2c4e31..5bf78e9e17a 100644 --- a/htdocs/public/payment/paymentok.php +++ b/htdocs/public/payment/paymentok.php @@ -245,7 +245,7 @@ if (!empty($conf->paypal->enabled)) { $fulltag = $FULLTAG; $payerID = $PAYPALPAYERID; // Set by newpayment.php - $paymentType = $_SESSION['PaymentType']; + $paymentType = $_SESSION['PaymentType']; // Value can be 'Mark', 'Sole', 'Sale' for example $currencyCodeType = $_SESSION['currencyCodeType']; $FinalPaymentAmt = $_SESSION["FinalPaymentAmt"]; // From env @@ -406,10 +406,19 @@ if ($ispaymentok) { $paymentTypeId = $conf->global->STRIPE_PAYMENT_MODE_FOR_PAYMENTS; } if (empty($paymentTypeId)) { + dol_syslog("paymentType = ".$paymentType, LOG_DEBUG, 0, '_payment'); + if (empty($paymentType)) { $paymentType = 'CB'; } + // May return nothing when paymentType means nothing + // (for example when paymentType is 'Mark', 'Sole', 'Sale', for paypal) $paymentTypeId = dol_getIdFromCode($db, $paymentType, 'c_paiement', 'code', 'id', 1); + + // If previous line has returned nothing, we force to get the ID of payment of Credit Card (hard coded code 'CB'). + if (empty($paymentTypeId) || $paymentTypeId < 0) { + $paymentTypeId = dol_getIdFromCode($db, 'CB', 'c_paiement', 'code', 'id', 1); + } } dol_syslog("FinalPaymentAmt=".$FinalPaymentAmt." paymentTypeId=".$paymentTypeId." paymentType=".$paymentType." currencyCodeType=".$currencyCodeType, LOG_DEBUG, 0, '_payment'); @@ -783,10 +792,19 @@ if ($ispaymentok) { $paymentTypeId = $conf->global->STRIPE_PAYMENT_MODE_FOR_PAYMENTS; } if (empty($paymentTypeId)) { + dol_syslog("paymentType = ".$paymentType, LOG_DEBUG, 0, '_payment'); + if (empty($paymentType)) { $paymentType = 'CB'; } + // May return nothing when paymentType means nothing + // (for example when paymentType is 'Mark', 'Sole', 'Sale', for paypal) $paymentTypeId = dol_getIdFromCode($db, $paymentType, 'c_paiement', 'code', 'id', 1); + + // If previous line has returned nothing, we force to get the ID of payment of Credit Card (hard coded code 'CB'). + if (empty($paymentTypeId) || $paymentTypeId < 0) { + $paymentTypeId = dol_getIdFromCode($db, 'CB', 'c_paiement', 'code', 'id', 1); + } } // Do action only if $FinalPaymentAmt is set (session variable is cleaned after this page to avoid duplicate actions when page is POST a second time) @@ -876,12 +894,29 @@ if ($ispaymentok) { $FinalPaymentAmt = $_SESSION["FinalPaymentAmt"]; $paymentTypeId = 0; - if ($paymentmethod == 'paybox') $paymentTypeId = $conf->global->PAYBOX_PAYMENT_MODE_FOR_PAYMENTS; - if ($paymentmethod == 'paypal') $paymentTypeId = $conf->global->PAYPAL_PAYMENT_MODE_FOR_PAYMENTS; - if ($paymentmethod == 'stripe') $paymentTypeId = $conf->global->STRIPE_PAYMENT_MODE_FOR_PAYMENTS; + if ($paymentmethod == 'paybox') { + $paymentTypeId = $conf->global->PAYBOX_PAYMENT_MODE_FOR_PAYMENTS; + } + if ($paymentmethod == 'paypal') { + $paymentTypeId = $conf->global->PAYPAL_PAYMENT_MODE_FOR_PAYMENTS; + } + if ($paymentmethod == 'stripe') { + $paymentTypeId = $conf->global->STRIPE_PAYMENT_MODE_FOR_PAYMENTS; + } if (empty($paymentTypeId)) { - if (empty($paymentType)) $paymentType = 'CB'; + dol_syslog("paymentType = ".$paymentType, LOG_DEBUG, 0, '_payment'); + + if (empty($paymentType)) { + $paymentType = 'CB'; + } + // May return nothing when paymentType means nothing + // (for example when paymentType is 'Mark', 'Sole', 'Sale', for paypal) $paymentTypeId = dol_getIdFromCode($db, $paymentType, 'c_paiement', 'code', 'id', 1); + + // If previous line has returned nothing, we force to get the ID of payment of Credit Card (hard coded code 'CB'). + if (empty($paymentTypeId) || $paymentTypeId < 0) { + $paymentTypeId = dol_getIdFromCode($db, 'CB', 'c_paiement', 'code', 'id', 1); + } } // Do action only if $FinalPaymentAmt is set (session variable is cleaned after this page to avoid duplicate actions when page is POST a second time) @@ -986,10 +1021,19 @@ if ($ispaymentok) { $paymentTypeId = $conf->global->STRIPE_PAYMENT_MODE_FOR_PAYMENTS; } if (empty($paymentTypeId)) { + dol_syslog("paymentType = ".$paymentType, LOG_DEBUG, 0, '_payment'); + if (empty($paymentType)) { $paymentType = 'CB'; } + // May return nothing when paymentType means nothing + // (for example when paymentType is 'Mark', 'Sole', 'Sale', for paypal) $paymentTypeId = dol_getIdFromCode($db, $paymentType, 'c_paiement', 'code', 'id', 1); + + // If previous line has returned nothing, we force to get the ID of payment of Credit Card (hard coded code 'CB'). + if (empty($paymentTypeId) || $paymentTypeId < 0) { + $paymentTypeId = dol_getIdFromCode($db, 'CB', 'c_paiement', 'code', 'id', 1); + } } // Do action only if $FinalPaymentAmt is set (session variable is cleaned after this page to avoid duplicate actions when page is POST a second time) @@ -1091,10 +1135,19 @@ if ($ispaymentok) { $paymentTypeId = $conf->global->STRIPE_PAYMENT_MODE_FOR_PAYMENTS; } if (empty($paymentTypeId)) { + dol_syslog("paymentType = ".$paymentType, LOG_DEBUG, 0, '_payment'); + if (empty($paymentType)) { $paymentType = 'CB'; } + // May return nothing when paymentType means nothing + // (for example when paymentType is 'Mark', 'Sole', 'Sale', for paypal) $paymentTypeId = dol_getIdFromCode($db, $paymentType, 'c_paiement', 'code', 'id', 1); + + // If previous line has returned nothing, we force to get the ID of payment of Credit Card (hard coded code 'CB'). + if (empty($paymentTypeId) || $paymentTypeId < 0) { + $paymentTypeId = dol_getIdFromCode($db, 'CB', 'c_paiement', 'code', 'id', 1); + } } // Do action only if $FinalPaymentAmt is set (session variable is cleaned after this page to avoid duplicate actions when page is POST a second time) @@ -1272,10 +1325,19 @@ if ($ispaymentok) { $paymentTypeId = $conf->global->STRIPE_PAYMENT_MODE_FOR_PAYMENTS; } if (empty($paymentTypeId)) { + dol_syslog("paymentType = ".$paymentType, LOG_DEBUG, 0, '_payment'); + if (empty($paymentType)) { $paymentType = 'CB'; } + // May return nothing when paymentType means nothing + // (for example when paymentType is 'Mark', 'Sole', 'Sale', for paypal) $paymentTypeId = dol_getIdFromCode($db, $paymentType, 'c_paiement', 'code', 'id', 1); + + // If previous line has returned nothing, we force to get the ID of payment of Credit Card (hard coded code 'CB'). + if (empty($paymentTypeId) || $paymentTypeId < 0) { + $paymentTypeId = dol_getIdFromCode($db, 'CB', 'c_paiement', 'code', 'id', 1); + } } // Do action only if $FinalPaymentAmt is set (session variable is cleaned after this page to avoid duplicate actions when page is POST a second time) From 987b32ef196bc63467243aec071b2940de806641 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 2 Mar 2022 22:04:44 +0100 Subject: [PATCH 33/72] Fix a default value is creating a letal blocking situation --- htdocs/accountancy/bookkeeping/list.php | 4 ++-- htdocs/core/class/html.form.class.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index b67b134e3e1..b2d05452416 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -682,13 +682,13 @@ if ($action == 'export_file') { 'name' => 'notifiedexportdate', 'type' => 'checkbox', 'label' => $langs->trans('NotifiedExportDate'), - 'value' => (!empty($conf->global->ACCOUNTING_DEFAULT_NOT_NOTIFIED_EXPORT_DATE) ? 'false' : 'true'), + 'value' => (empty($conf->global->ACCOUNTING_DEFAULT_NOTIFIED_EXPORT_DATE) ? '' : 'true'), ); $form_question['notifiedvalidationdate'] = array( 'name' => 'notifiedvalidationdate', 'type' => 'checkbox', 'label' => $langs->trans('NotifiedValidationDate'), - 'value' => (!empty($conf->global->ACCOUNTING_DEFAULT_NOT_NOTIFIED_VALIDATION_DATE) ? 'false' : 'true'), + 'value' => (empty($conf->global->ACCOUNTING_DEFAULT_NOTIFIED_VALIDATION_DATE) ? '' : 'true'), ); $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?'.$param, $langs->trans("ExportFilteredList").' ('.$listofformat[$formatexportset].')', $langs->trans('ConfirmExportFile'), 'export_fileconfirm', $form_question, '', 1, 300, 600); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 975e6ed86ea..87d3d63cec1 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -4807,7 +4807,7 @@ class Form $more .= '
'; $more .= '
'.$input['label'].'
'; $more .= ' Date: Wed, 2 Mar 2022 22:04:44 +0100 Subject: [PATCH 34/72] Fix a default value is creating a letal blocking situation --- htdocs/accountancy/bookkeeping/list.php | 4 ++-- htdocs/core/class/html.form.class.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index b67b134e3e1..d110f74a6a6 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -682,13 +682,13 @@ if ($action == 'export_file') { 'name' => 'notifiedexportdate', 'type' => 'checkbox', 'label' => $langs->trans('NotifiedExportDate'), - 'value' => (!empty($conf->global->ACCOUNTING_DEFAULT_NOT_NOTIFIED_EXPORT_DATE) ? 'false' : 'true'), + 'value' => (empty($conf->global->ACCOUNTING_DEFAULT_NOTIFIED_EXPORT_DATE) ? false : true), ); $form_question['notifiedvalidationdate'] = array( 'name' => 'notifiedvalidationdate', 'type' => 'checkbox', 'label' => $langs->trans('NotifiedValidationDate'), - 'value' => (!empty($conf->global->ACCOUNTING_DEFAULT_NOT_NOTIFIED_VALIDATION_DATE) ? 'false' : 'true'), + 'value' => (empty($conf->global->ACCOUNTING_DEFAULT_NOTIFIED_VALIDATION_DATE) ? false : true), ); $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?'.$param, $langs->trans("ExportFilteredList").' ('.$listofformat[$formatexportset].')', $langs->trans('ConfirmExportFile'), 'export_fileconfirm', $form_question, '', 1, 300, 600); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 975e6ed86ea..87d3d63cec1 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -4807,7 +4807,7 @@ class Form $more .= '
'; $more .= '
'.$input['label'].'
'; $more .= ' Date: Wed, 2 Mar 2022 22:20:05 +0100 Subject: [PATCH 35/72] Fix label of menu --- htdocs/accountancy/closure/index.php | 1 - htdocs/langs/en_US/accountancy.lang | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index 6b578bcab71..f02eda61bf6 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -13,7 +13,6 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ /** diff --git a/htdocs/langs/en_US/accountancy.lang b/htdocs/langs/en_US/accountancy.lang index a44c819aa78..6f9d74de7c8 100644 --- a/htdocs/langs/en_US/accountancy.lang +++ b/htdocs/langs/en_US/accountancy.lang @@ -282,7 +282,7 @@ DescClosure=Consult here the number of movements by month who are not validated OverviewOfMovementsNotValidated=Step 1/ Overview of movements not validated. (Necessary to close a fiscal year) AllMovementsWereRecordedAsValidated=All movements were recorded as validated NotAllMovementsCouldBeRecordedAsValidated=Not all movements could be recorded as validated -ValidateMovements=Validate movements +ValidateMovements=Validate and lock record... DescValidateMovements=Any modification or deletion of writing, lettering and deletes will be prohibited. All entries for an exercise must be validated otherwise closing will not be possible ValidateHistory=Bind Automatically From a9a2928e632bbeda9d2dd91af10222e6da39e766 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 3 Mar 2022 00:13:35 +0100 Subject: [PATCH 36/72] Responsive --- htdocs/bookmarks/card.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php index 8833978e054..bbc92a83ef1 100644 --- a/htdocs/bookmarks/card.php +++ b/htdocs/bookmarks/card.php @@ -160,7 +160,7 @@ if ($action == 'create') { print ''; - print ''; + print ''; dol_set_focus('#titlebookmark'); // Url @@ -230,9 +230,9 @@ if ($id > 0 && !preg_match('/^add/i', $action)) { print ''; From 3c3d6ab0da5ddf470c766ac339b2328f9268d9e4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 3 Mar 2022 01:17:44 +0100 Subject: [PATCH 37/72] Fix regression. Add unit test to detect it. --- htdocs/core/lib/functions.lib.php | 31 ++++++++++++++++++------ htdocs/core/modules/modBarcode.class.php | 3 ++- test/phpunit/SecurityTest.php | 9 +++++++ 3 files changed, 35 insertions(+), 8 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 191ad2da21f..9f9435fcdc2 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -8167,7 +8167,7 @@ function dol_getIdFromCode($db, $key, $tablename, $fieldkey = 'code', $fieldid = * Verify if condition in string is ok or not * * @param string $strToEvaluate String with condition to check - * @return boolean True or False. Note: It returns also True if $strToEvaluate is '' + * @return boolean True or False. Note: It returns also True if $strToEvaluate is '' or if error */ function verifCond($strToEvaluate) { @@ -8180,8 +8180,10 @@ function verifCond($strToEvaluate) if (isset($strToEvaluate) && $strToEvaluate !== '') { $str = 'if(!('.$strToEvaluate.')) $rights = false;'; dol_eval($str, 0, 1, '2'); // The dol_eval must contains all the global $xxx used into a condition - //$rep = dol_eval($strToEvaluate, 1, 1 , '1'); // The dol_eval must contains all the global $xxx used into a condition + //var_dump($strToEvaluate); + //$rep = dol_eval($strToEvaluate, 1, 1 , '2'); // The dol_eval must contains all the global $xxx used into a condition //$rights = ($rep ? true : false); + //var_dump($rights); } return $rights; } @@ -8193,7 +8195,7 @@ function verifCond($strToEvaluate) * @param string $s String to evaluate * @param int $returnvalue 0=No return (used to execute eval($a=something)). 1=Value of eval is returned (used to eval($something)). * @param int $hideerrors 1=Hide errors - * @param string $onlysimplestring 0=Accept all chars, 1=Accept only simple string with char 'a-z0-9\s$_->&|=';, 2=Accept also '!?():";' + * @param string $onlysimplestring 0=Accept all chars, 1=Accept only simple string with char 'a-z0-9\s$_->&|=';, 2=Accept also '!?():"\';,/' * @return mixed Nothing or return result of eval */ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1') @@ -8221,7 +8223,7 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1' } } elseif ($onlysimplestring == '2') { //print preg_quote('$_->&|', '/'); - if (preg_match('/[^a-z0-9\s'.preg_quote('$_->&|=!?():";', '/').']/i', $s)) { + if (preg_match('/[^a-z0-9\s'.preg_quote('^$_->&|=!?():"\';,/', '/').']/i', $s)) { if ($returnvalue) { return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s; } else { @@ -8231,10 +8233,20 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1' } } if (strpos($s, '`') !== false) { - return 'Bad string syntax to evaluate (backtick char is forbidden): '.$s; + if ($returnvalue) { + return 'Bad string syntax to evaluate (backtick char is forbidden): '.$s; + } else { + dol_syslog('Bad string syntax to evaluate (backtick char is forbidden): '.$s); + return ''; + } } if (strpos($s, '.') !== false) { - return 'Bad string syntax to evaluate (dot char is forbidden): '.$s; + if ($returnvalue) { + return 'Bad string syntax to evaluate (dot char is forbidden): '.$s; + } else { + dol_syslog('Bad string syntax to evaluate (dot char is forbidden): '.$s); + return ''; + } } // We block use of php exec or php file functions @@ -8256,7 +8268,12 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1' if (strpos($s, '__forbiddenstring__') !== false) { dol_syslog('Bad string syntax to evaluate: '.$s, LOG_WARNING); - return 'Bad string syntax to evaluate: '.$s; + if ($returnvalue) { + return 'Bad string syntax to evaluate: '.$s; + } else { + dol_syslog('Bad string syntax to evaluate: '.$s); + return ''; + } } //print $s."
\n"; diff --git a/htdocs/core/modules/modBarcode.class.php b/htdocs/core/modules/modBarcode.class.php index 877dca880f7..ced58f9b6c4 100644 --- a/htdocs/core/modules/modBarcode.class.php +++ b/htdocs/core/modules/modBarcode.class.php @@ -33,7 +33,6 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; */ class modBarcode extends DolibarrModules { - /** * Constructor. Define names, constants, directories, boxes, permissions * @@ -94,6 +93,7 @@ class modBarcode extends DolibarrModules // Main menu entries $r = 0; + // A menu entry for the Tools top menu $this->menu[$r] = array( 'fk_menu'=>'fk_mainmenu=tools', // Use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode 'mainmenu'=>'tools', @@ -111,6 +111,7 @@ class modBarcode extends DolibarrModules ); $r++; + // A menu entry for the left menu $this->menu[$r] = array( 'fk_menu'=>'fk_mainmenu=home,fk_leftmenu=admintools', // Use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode 'type'=>'left', // This is a Left menu entry diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index b96887b6152..e9a19dd576a 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -914,7 +914,16 @@ class SecurityTest extends PHPUnit\Framework\TestCase print "result = ".$result."\n"; $this->assertContains('Bad string syntax to evaluate', $result); + global $leftmenu; + $leftmenu = 'admintools'; + $conf->barcode->enabled = 1; + $result=dol_eval('$conf->barcode->enabled && preg_match(\'/^(admintools|all)/\',$leftmenu)', 1, 0, '2'); + print "result = ".$result."\n"; + $this->assertTrue($result); + + // Case with param onlysimplestring = 1 + $result=dol_eval('1 && getDolGlobalInt("doesnotexist1") && $conf->global->MAIN_FEATURES_LEVEL', 1, 0); // Should return false and not a 'Bad string syntax to evaluate ...' print "result = ".$result."\n"; $this->assertFalse($result); From 246474b39b06a306ccdb46d48d40daf399492c51 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 3 Mar 2022 02:15:52 +0100 Subject: [PATCH 38/72] Fix phpunit --- test/phpunit/SecurityTest.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index e9a19dd576a..ccbb0b38ded 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -916,8 +916,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase global $leftmenu; $leftmenu = 'admintools'; - $conf->barcode->enabled = 1; - $result=dol_eval('$conf->barcode->enabled && preg_match(\'/^(admintools|all)/\',$leftmenu)', 1, 0, '2'); + $result=dol_eval('$conf->currency && preg_match(\'/^(admintools|all)/\',$leftmenu)', 1, 0, '2'); print "result = ".$result."\n"; $this->assertTrue($result); From 2837c938e6c358022782aac90e9c93a17eb251b7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 3 Mar 2022 09:41:15 +0100 Subject: [PATCH 39/72] Fix help easier to understand to avoid lethal situations. Fix reponsive --- htdocs/accountancy/bookkeeping/list.php | 52 +++++++++++++++---------- htdocs/core/class/html.form.class.php | 2 + htdocs/langs/en_US/accountancy.lang | 13 ++++--- htdocs/theme/eldy/global.inc.php | 4 ++ 4 files changed, 44 insertions(+), 27 deletions(-) diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index d110f74a6a6..d6236af5d02 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -190,7 +190,7 @@ $arrayfields = array( 't.date_creation'=>array('label'=>$langs->trans("DateCreation"), 'checked'=>0), 't.tms'=>array('label'=>$langs->trans("DateModification"), 'checked'=>0), 't.date_export'=>array('label'=>$langs->trans("DateExport"), 'checked'=>1), - 't.date_validated'=>array('label'=>$langs->trans("DateValidation"), 'checked'=>1), + 't.date_validated'=>array('label'=>$langs->trans("DateValidationAndLock"), 'checked'=>1), ); if (empty($conf->global->ACCOUNTING_ENABLE_LETTERING)) { @@ -678,19 +678,28 @@ $formconfirm = ''; if ($action == 'export_file') { $form_question = array(); + // If 1 or not set, we check by default. + $checked = (!isset($conf->global->ACCOUNTING_DEFAULT_NOT_NOTIFIED_EXPORT_DATE) || !empty($conf->global->ACCOUNTING_DEFAULT_NOT_NOTIFIED_EXPORT_DATE)); $form_question['notifiedexportdate'] = array( 'name' => 'notifiedexportdate', 'type' => 'checkbox', 'label' => $langs->trans('NotifiedExportDate'), - 'value' => (empty($conf->global->ACCOUNTING_DEFAULT_NOTIFIED_EXPORT_DATE) ? false : true), + 'value' => $checked, ); + + $form_question['separator'] = array('name'=>'separator', 'type'=>'separator'); + + // If 0 or not set, we NOT check by default. + $checked = (isset($conf->global->ACCOUNTING_DEFAULT_NOT_NOTIFIED_VALIDATION_DATE) || !empty($conf->global->ACCOUNTING_DEFAULT_NOT_NOTIFIED_VALIDATION_DATE)); $form_question['notifiedvalidationdate'] = array( 'name' => 'notifiedvalidationdate', 'type' => 'checkbox', 'label' => $langs->trans('NotifiedValidationDate'), - 'value' => (empty($conf->global->ACCOUNTING_DEFAULT_NOTIFIED_VALIDATION_DATE) ? false : true), + 'value' => $checked, ); + $form_question['separator2'] = array('name'=>'separator2', 'type'=>'separator'); + $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?'.$param, $langs->trans("ExportFilteredList").' ('.$listofformat[$formatexportset].')', $langs->trans('ConfirmExportFile'), 'export_fileconfirm', $form_question, '', 1, 300, 600); } @@ -823,7 +832,7 @@ if (!empty($arrayfields['t.piece_num']['checked'])) { // Code journal if (!empty($arrayfields['t.code_journal']['checked'])) { print ''; } // Date document @@ -845,10 +854,10 @@ if (!empty($arrayfields['t.doc_ref']['checked'])) { if (!empty($arrayfields['t.numero_compte']['checked'])) { print ''; } @@ -1125,24 +1134,25 @@ while ($i < min($num, $limit)) { // Other type } - print '\n"; if (!$i) { $totalarray['nbfield']++; @@ -1167,7 +1177,7 @@ while ($i < min($num, $limit)) { // Label operation if (!empty($arrayfields['t.label_operation']['checked'])) { - print ''; + print ''; if (!$i) { $totalarray['nbfield']++; } @@ -1228,7 +1238,7 @@ while ($i < min($num, $limit)) { // Exported operation date if (!empty($arrayfields['t.date_export']['checked'])) { - print ''; + print ''; if (!$i) { $totalarray['nbfield']++; } @@ -1236,7 +1246,7 @@ while ($i < min($num, $limit)) { // Validated operation date if (!empty($arrayfields['t.date_validated']['checked'])) { - print ''; + print ''; if (!$i) { $totalarray['nbfield']++; } diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 87d3d63cec1..ed73218c609 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -4863,6 +4863,8 @@ class Form $moreonecolumn .= ''."\n"; } elseif ($input['type'] == 'hidden') { // Do nothing more, already added by a previous loop + } elseif ($input['type'] == 'separator') { + $more .= '
'; } else { $more .= 'Error type '.$input['type'].' for the confirm box is not a supported type'; } diff --git a/htdocs/langs/en_US/accountancy.lang b/htdocs/langs/en_US/accountancy.lang index 6f9d74de7c8..fd5ff8461fe 100644 --- a/htdocs/langs/en_US/accountancy.lang +++ b/htdocs/langs/en_US/accountancy.lang @@ -219,12 +219,12 @@ ByPredefinedAccountGroups=By predefined groups ByPersonalizedAccountGroups=By personalized groups ByYear=By year NotMatch=Not Set -DeleteMvt=Delete some operation lines from accounting +DeleteMvt=Delete some lines from accounting DelMonth=Month to delete DelYear=Year to delete DelJournal=Journal to delete -ConfirmDeleteMvt=This will delete all operation lines of the accounting for the year/month and/or for a specific journal (At least one criterion is required). You will have to reuse the feature '%s' to have the deleted record back in the ledger. -ConfirmDeleteMvtPartial=This will delete the transaction from the accounting (all operation lines related to the same transaction will be deleted) +ConfirmDeleteMvt=This will delete all lines in accountancy for the year/month and/or for a specific journal (At least one criterion is required). You will have to reuse the feature '%s' to have the deleted record back in the ledger. +ConfirmDeleteMvtPartial=This will delete the transaction from the accounting (all lines related to the same transaction will be deleted) FinanceJournal=Finance journal ExpenseReportsJournal=Expense reports journal DescFinanceJournal=Finance journal including all the types of payments by bank account @@ -301,7 +301,7 @@ Accounted=Accounted in ledger NotYetAccounted=Not yet transferred to accounting ShowTutorial=Show Tutorial NotReconciled=Not reconciled -WarningRecordWithoutSubledgerAreExcluded=Warning, all operations without subledger account defined are filtered and excluded from this view +WarningRecordWithoutSubledgerAreExcluded=Warning, all lines without subledger account defined are filtered and excluded from this view ## Admin BindingOptions=Binding options @@ -329,8 +329,9 @@ ACCOUNTING_DISABLE_BINDING_ON_PURCHASES=Disable binding & transfer in accountanc ACCOUNTING_DISABLE_BINDING_ON_EXPENSEREPORTS=Disable binding & transfer in accountancy on expense reports (expense reports will not be taken into account in accounting) ## Export -NotifiedExportDate=Flag exported lines as exported (modification of the lines will not be possible) -NotifiedValidationDate=Validate the exported entries (modification or deletion of the lines will not be possible) +NotifiedExportDate=Flag exported lines as Exported (to modify a line, you will need to delete the whole transaction and re-transfert it into accounting) +NotifiedValidationDate=Validate and Lock the exported entries (same effect than the "Closure" feature, modification and deletion of the lines will DEFINITELY not be possible) +DateValidationAndLock=Date validation and lock ConfirmExportFile=Confirmation of the generation of the accounting export file ? ExportDraftJournal=Export draft journal Modelcsv=Model of export diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index b88cecda187..a4020edccdb 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -6204,6 +6204,10 @@ span#select2-boxbookmark-container { overflow: hidden; } +ul.select2-results__options li { + font-size: 0.95em; +} + /* ============================================================================== */ /* For categories */ From 3b06a08aa033c993dc4edf139145778d9cc82bce Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Thu, 3 Mar 2022 13:56:10 +0100 Subject: [PATCH 40/72] FIX: User name in ManufacturingOrder --- htdocs/mrp/class/mo.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index d4abe482a88..97ac9adb6a3 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -112,8 +112,8 @@ class Mo extends CommonObject 'date_creation' => array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>1, 'visible'=>-2, 'position'=>500, 'notnull'=>1,), 'tms' => array('type'=>'timestamp', 'label'=>'DateModification', 'enabled'=>1, 'visible'=>-2, 'position'=>501, 'notnull'=>1,), 'date_valid' => array('type'=>'datetime', 'label'=>'DateValidation', 'enabled'=>1, 'visible'=>-2, 'position'=>502,), - 'fk_user_creat' => array('type'=>'integer', 'label'=>'UserAuthor', 'enabled'=>1, 'visible'=>-2, 'position'=>510, 'notnull'=>1, 'foreignkey'=>'user.rowid', 'csslist'=>'tdoverflowmax100'), - 'fk_user_modif' => array('type'=>'integer', 'label'=>'UserModif', 'enabled'=>1, 'visible'=>-2, 'position'=>511, 'notnull'=>-1, 'csslist'=>'tdoverflowmax100'), + 'fk_user_creat' => array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserAuthor', 'enabled'=>1, 'visible'=>-2, 'position'=>510, 'notnull'=>1, 'foreignkey'=>'user.rowid', 'csslist'=>'tdoverflowmax100'), + 'fk_user_modif' => array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserModif', 'enabled'=>1, 'visible'=>-2, 'position'=>511, 'notnull'=>-1, 'csslist'=>'tdoverflowmax100'), 'date_start_planned' => array('type'=>'datetime', 'label'=>'DateStartPlannedMo', 'enabled'=>1, 'visible'=>1, 'position'=>55, 'notnull'=>-1, 'index'=>1, 'help'=>'KeepEmptyForAsap'), 'date_end_planned' => array('type'=>'datetime', 'label'=>'DateEndPlannedMo', 'enabled'=>1, 'visible'=>1, 'position'=>56, 'notnull'=>-1, 'index'=>1,), 'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>-2, 'position'=>1000, 'notnull'=>-1,), From 8c2c3bf3fbd392db4ba5f816223bc7f64fffabe4 Mon Sep 17 00:00:00 2001 From: Ferran Marcet Date: Fri, 4 Mar 2022 10:06:24 +0100 Subject: [PATCH 41/72] Fix: Can't import thirds. Column Skype doesn't exist --- htdocs/core/modules/modSociete.class.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index e70011a2195..03ca9aa8502 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -5,6 +5,7 @@ * Copyright (C) 2004 Benoit Mortier * Copyright (C) 2005-2013 Regis Houssin * Copyright (C) 2012-2014 Juanjo Menent + * Copyright (C) 2022 Ferran Marcet * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -463,7 +464,6 @@ class modSociete extends DolibarrModules 's.fax' => "Fax", 's.url' => "Url", 's.email' => "Email", - 's.skype' => "Skype", 's.fk_effectif' => "Staff", 's.fk_typent' => "ThirdPartyType", "s.fk_forme_juridique" => "JuridicalStatus", @@ -604,7 +604,6 @@ class modSociete extends DolibarrModules 's.fax' => "eg. +34987654321", 's.url' => "e.g. https://www.mybigcompany.com", 's.email' => "e.g. test@mybigcompany.com", - 's.skype' => "Skype name", 's.fk_effectif' => "1/2/3/5: represents one of the five ranges of employees", 's.fk_typent' => 'matches field "id" (1-9 etc.) OR "code" (TE_SMALL etc.) in table "'.MAIN_DB_PREFIX.'c_typent"', 's.fk_forme_juridique' => '1/2/3 etc...matches field "code" in table "'.MAIN_DB_PREFIX.'c_forme_juridique"', @@ -676,7 +675,6 @@ class modSociete extends DolibarrModules 's.phone_mobile' => "PhoneMobile", 's.fax' => "Fax", 's.email' => "Email", - 's.skype' => "Skype", 's.note_private' => "NotePrivate", 's.note_public' => "NotePublic" ); @@ -742,7 +740,6 @@ class modSociete extends DolibarrModules 's.phone_mobile' => "5551144", 's.fax' => "5551155", 's.email' => "johnsmith@email.com", - 's.skype' => "skype username", 's.note_private' => "My private note", 's.note_public' => "My public note" ); From 82e2f8706a3a30df08bacd684191e6e413c1c7f9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 4 Mar 2022 11:22:08 +0100 Subject: [PATCH 42/72] Doc --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index a9a42c8d878..a65a8f21329 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ For users: NEW: Online proposal signature NEW: Can define some max limit on expense report (per period, per type or expense, ...) +NEW: Provide a special pages for bookmarks and multicompany for a better use of some mobile applications (like DoliDroid) NEW: Allow the use of __NEWREF__ to get for example the new reference a draft order will get after validation. NEW: Add option to disable globaly some notifications emails. NEW: #18401 Add __NEWREF__ subtitute to get new object reference. From 7701ae2d194b404502407849f374974c9e81dd6e Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Fri, 4 Mar 2022 13:55:52 +0100 Subject: [PATCH 43/72] FIX : in case of TVA refund, negative amount must be allowed --- htdocs/compta/paiement_vat.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/paiement_vat.php b/htdocs/compta/paiement_vat.php index 323221f6f2b..d52a8c3941d 100644 --- a/htdocs/compta/paiement_vat.php +++ b/htdocs/compta/paiement_vat.php @@ -83,7 +83,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y } } - if ($amounts[key($amounts)] <= 0) { + if (empty($amounts[key($amounts)])) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Amount")), null, 'errors'); $action = 'create'; From 744b84cb09f53f4856b0e707492b42cb0f983ba5 Mon Sep 17 00:00:00 2001 From: Eric Seigne Date: Fri, 4 Mar 2022 15:20:50 +0100 Subject: [PATCH 44/72] fix #20270 : use product_id in sql only if product_id is defined --- htdocs/product/class/product.class.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index e4724eb051c..dc9a08a24c7 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1803,7 +1803,9 @@ class Product extends CommonObject $sql .= " ,pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code"; if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) $sql .= ", pfp.packaging"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; - $sql .= " WHERE pfp.fk_product = ".$product_id; + $sql .= " WHERE 1=1"; + if ($product_id != 0) { $sql .= " AND pfp.fk_product = '".$product_id."'"; + } if ($fourn_ref != 'none') { $sql .= " AND pfp.ref_fourn = '".$fourn_ref."'"; } if ($fk_soc > 0) { $sql .= " AND pfp.fk_soc = ".$fk_soc; From 444abbbc0e85cc5b318f57578f0715aa656a07e1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 4 Mar 2022 16:44:33 +0100 Subject: [PATCH 45/72] Fix regression --- htdocs/fourn/class/fournisseur.commande.class.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 614130097c5..528bda30442 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -470,15 +470,15 @@ class CommandeFournisseur extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON pfp.entity IN (".getEntity('product_fournisseur_price').") AND l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".((int) $this->socid); + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON pfp.entity IN (".getEntity('product_fournisseur_price').") AND l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND l.qty >= pfp.quantity AND pfp.fk_soc = ".((int) $this->socid); } $sql .= " WHERE l.fk_commande = ".$this->id; if ($only_product) { $sql .= ' AND p.fk_product_type = 0'; } if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { - $sql.= " AND l.qty >= pfp.quantity "; - $sql.= " GROUP BY l.rowid HAVING max_qty = MAX(pfp.quantity) "; + $sql.= " GROUP BY l.rowid"; + $sql.= " HAVING (max_qty = MAX(pfp.quantity) OR max_qty IS NULL)"; } $sql .= " ORDER BY l.rang, l.rowid"; //print $sql; @@ -3528,11 +3528,11 @@ class CommandeFournisseurLigne extends CommonOrderLine $sql .= ' FROM '.MAIN_DB_PREFIX.'commande_fournisseurdet as cd'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON cd.fk_product = p.rowid'; if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON pfp.entity IN (".getEntity('product_fournisseur_price').") AND cd.fk_product = pfp.fk_product and cd.ref = pfp.ref_fourn"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON pfp.entity IN (".getEntity('product_fournisseur_price').") AND cd.fk_product = pfp.fk_product and cd.ref = pfp.ref_fourn AND cd.qty >= pfp.quantity"; } $sql .= ' WHERE cd.rowid = '.((int) $rowid); if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { - $sql .= " AND cd.qty >= pfp.quantity GROUP BY cd.rowid HAVING max_qty = MAX(pfp.quantity)"; + $sql .= " GROUP BY cd.rowid HAVING (max_qty = MAX(pfp.quantity) OR max_qty IS NULL)"; } $result = $this->db->query($sql); if ($result) { From 9d1bcbe55a6c2d83be0c36802ed14eaaefa0fd2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Fri, 4 Mar 2022 18:17:23 +0100 Subject: [PATCH 46/72] Fix wrong upload dir introduced here https://github.com/Dolibarr/dolibarr/pull/19165 --- htdocs/commande/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 990ec43c8ae..b6e16a22a9e 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1371,7 +1371,7 @@ if (empty($reshook)) { include DOL_DOCUMENT_ROOT.'/core/actions_printing.inc.php'; // Actions to build doc - $upload_dir = !empty($conf->propal->multidir_output[$object->entity])?$conf->propal->multidir_output[$object->entity]:$conf->propal->dir_output; + $upload_dir = !empty($conf->commande->multidir_output[$object->entity])?$conf->commande->multidir_output[$object->entity]:$conf->commande->dir_output; $permissiontoadd = $usercancreate; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; From 792dcc63349c88761a71590f490990e65c779235 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 4 Mar 2022 19:14:57 +0100 Subject: [PATCH 47/72] FIX creation of the shipment if order contains services - 2/2 --- htdocs/expedition/card.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index 743930767dd..4bec4220c6c 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -1194,6 +1194,7 @@ if ($action == 'create') { print ''; } else { if (! empty($conf->global->SHIPMENT_GETS_ALL_ORDER_PRODUCTS)) { + print ''; print ''; } From 543c475a71d601d51d46707fcd9a149ead1df3ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Mar 2022 10:56:17 +0100 Subject: [PATCH 48/72] clean comment --- htdocs/fourn/class/fournisseur.facture.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index e9db81e298f..2a1a54e70d3 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -12,7 +12,7 @@ * Copyright (C) 2015-2019 Ferran Marcet * Copyright (C) 2016-2021 Alexandre Spangaro * Copyright (C) 2018 Nicolas ZABOURI - * Copyright (C) 2018-2020 Frédéric France + * Copyright (C) 2018-2022 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -245,7 +245,7 @@ class FactureFournisseur extends CommonInvoice public $multicurrency_total_ht; public $multicurrency_total_tva; public $multicurrency_total_ttc; - //! id of source var_dump($$this);invoice if replacement invoice or credit note + //! id of source invoice if replacement invoice or credit note /** * @var int ID */ From f4cb5810a7f9e398cc4f367ef7bbfe473eb4ba29 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Mar 2022 12:01:34 +0100 Subject: [PATCH 49/72] FIX list of visible type of event was not correctly filtered FIX Error management on mass action "Approve holiday" --- .../comm/action/class/cactioncomm.class.php | 54 +++++++++++++------ htdocs/comm/action/index.php | 52 +++++++++--------- htdocs/core/actions_massactions.inc.php | 24 ++++----- htdocs/core/class/html.form.class.php | 2 +- htdocs/core/tpl/massactions_pre.tpl.php | 4 +- htdocs/holiday/card.php | 4 +- htdocs/langs/en_US/errors.lang | 1 + .../core/modules/modMyModule.class.php | 6 +-- 8 files changed, 85 insertions(+), 62 deletions(-) diff --git a/htdocs/comm/action/class/cactioncomm.class.php b/htdocs/comm/action/class/cactioncomm.class.php index 32c2345a657..8dd6b008045 100644 --- a/htdocs/comm/action/class/cactioncomm.class.php +++ b/htdocs/comm/action/class/cactioncomm.class.php @@ -186,35 +186,55 @@ class CActionComm $qualified = 1; - // $obj->type can be system, systemauto, module, moduleauto, xxx, xxxauto + // $obj->type can be 'system', 'systemauto', 'module', 'moduleauto', 'xxx', 'xxxauto' + // Note: type = system... than type of event is added among other standard events. + // type = module... then type of event is grouped into module defined into module = myobject@mymodule. Example: Event organization or external modules + // type = xxx... then type of event is added into list as a new flat value (not grouped). Example: Agefod external module if ($qualified && $onlyautoornot > 0 && preg_match('/^system/', $obj->type) && !preg_match('/^AC_OTH/', $obj->code)) { $qualified = 0; // We discard detailed system events. We keep only the 2 generic lines (AC_OTH and AC_OTH_AUTO) } if ($qualified && !empty($obj->module)) { - if ($obj->module == 'invoice' && empty($conf->facture->enabled) && empty($user->facture->lire)) { - $qualified = 0; + //var_dump($obj->type.' '.$obj->module.' '); var_dump($user->rights->facture->lire); + $qualified = 0; + // Special cases + if ($obj->module == 'invoice' && !empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) { + $qualified = 1; } - if ($obj->module == 'order' && empty($conf->commande->enabled) && empty($user->commande->lire)) { - $qualified = 0; + if ($obj->module == 'order' && !empty($conf->commande->enabled) && empty($user->rights->commande->lire)) { + $qualified = 1; } - if ($obj->module == 'propal' && empty($conf->propal->enabled) && empty($user->propale->lire)) { - $qualified = 0; + if ($obj->module == 'propal' && !empty($conf->propal->enabled) && !empty($user->rights->propale->lire)) { + $qualified = 1; } - if ($obj->module == 'invoice_supplier' && ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && empty($user->fournisseur->facture->lire)) || (!empty($conf->supplier_invoice->enabled) && empty($user->supplier_invoice->lire)))) { - $qualified = 0; + if ($obj->module == 'invoice_supplier' && ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && !empty($user->rights->fournisseur->facture->lire)) || (!empty($conf->rights->supplier_invoice->enabled) && !empty($user->rights->supplier_invoice->lire)))) { + $qualified = 1; } - if ($obj->module == 'order_supplier' && ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && empty($user->fournisseur->commande->lire)) || (empty($conf->supplier_order->enabled) && empty($user->supplier_order->lire)))) { - $qualified = 0; + if ($obj->module == 'order_supplier' && ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && !empty($user->rights->fournisseur->commande->lire)) || (empty($conf->rights->supplier_order->enabled) && !empty($user->rights->supplier_order->lire)))) { + $qualified = 1; } - if ($obj->module == 'shipping' && empty($conf->expedition->enabled) && empty($user->expedition->lire)) { - $qualified = 0; + if ($obj->module == 'shipping' && !empty($conf->expedition->enabled) && !empty($user->rights->expedition->lire)) { + $qualified = 1; } - if (preg_match('/@eventorganization/', $obj->module) && empty($conf->eventorganization->enabled) && empty($user->eventorganization->read)) { - $qualified = 0; + // For the generic case with type = 'module...' and module = 'myobject@mymodule' + $regs = array(); + if (preg_match('/^module/', $obj->type)) { + if (preg_match('/^(.+)@(.+)$/', $obj->module, $regs)) { + $tmpobject = $regs[1]; + $tmpmodule = $regs[2]; + //var_dump($user->$tmpmodule); + if ($tmpmodule && isset($conf->$tmpmodule) && !empty($conf->$tmpmodule->enabled) && (!empty($user->rights->$tmpmodule->read) || !empty($user->rights->$tmpmodule->lire) || !empty($user->rights->$tmpmodule->$tmpobject->read) || !empty($user->rights->$tmpmodule->$tmpobject->lire))) { + $qualified = 1; + } + } } - if (!preg_match('/^system/', $obj->type) && isset($conf->{$obj->module}) && empty($conf->{$obj->module}->enabled)) { - $qualified = 0; + // For the case type is not 'system...' neither 'module', we just check module is on + if (! in_array($obj->type, array('system', 'systemauto', 'module', 'moduleauto'))) { + $tmpmodule = $obj->module; + //var_dump($tmpmodule); + if ($tmpmodule && isset($conf->$tmpmodule) && !empty($conf->$tmpmodule->enabled)) { + $qualified = 1; + } } } diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 81df122f1a9..6b93e560fd0 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -49,10 +49,11 @@ if (empty($conf->global->AGENDA_EXT_NB)) { } $MAXAGENDA = $conf->global->AGENDA_EXT_NB; -$filter = GETPOST("search_filter", 'alpha', 3) ?GETPOST("search_filter", 'alpha', 3) : GETPOST("filter", 'alpha', 3); -$filtert = GETPOST("search_filtert", "int", 3) ?GETPOST("search_filtert", "int", 3) : GETPOST("filtert", "int", 3); -$usergroup = GETPOST("search_usergroup", "int", 3) ?GETPOST("search_usergroup", "int", 3) : GETPOST("usergroup", "int", 3); -$showbirthday = empty($conf->use_javascript_ajax) ?GETPOST("showbirthday", "int") : 1; +$check_holiday = GETPOST('check_holiday', 'int'); +$filter = GETPOST("search_filter", 'alpha', 3) ? GETPOST("search_filter", 'alpha', 3) : GETPOST("filter", 'alpha', 3); +$filtert = GETPOST("search_filtert", "int", 3) ? GETPOST("search_filtert", "int", 3) : GETPOST("filtert", "int", 3); +$usergroup = GETPOST("search_usergroup", "int", 3) ? GETPOST("search_usergroup", "int", 3) : GETPOST("usergroup", "int", 3); +$showbirthday = empty($conf->use_javascript_ajax) ? GETPOST("showbirthday", "int") : 1; // If not choice done on calendar owner (like on left menu link "Agenda"), we filter on user. if (empty($filtert) && empty($conf->global->AGENDA_ALL_CALENDARS)) { @@ -207,16 +208,16 @@ if (GETPOST("viewperuser", 'alpha') || $mode == 'show_peruser') { } /* -if ($action == 'delete_action' && $user->rights->agenda->delete) { - $event = new ActionComm($db); - $event->fetch($actionid); - $event->fetch_optionals(); - $event->fetch_userassigned(); - $event->oldcopy = clone $event; + if ($action == 'delete_action' && $user->rights->agenda->delete) { + $event = new ActionComm($db); + $event->fetch($actionid); + $event->fetch_optionals(); + $event->fetch_userassigned(); + $event->oldcopy = clone $event; - $result = $event->delete(); -} -*/ + $result = $event->delete(); + } + */ /* @@ -579,10 +580,10 @@ if (!empty($conf->use_javascript_ajax)) { // If javascript on $s .= ''."\n"; // Local calendar - $s .= '
'.$langs->trans("LocalAgenda").'  
'; + $s .= '
'.$langs->trans("LocalAgenda").'  
'; // Holiday calendar - $s .= '
 
'; + $s .= '
 
'; // External calendars if (is_array($showextcals) && count($showextcals) > 0) { @@ -607,13 +608,13 @@ if (!empty($conf->use_javascript_ajax)) { // If javascript on foreach ($showextcals as $val) { $htmlname = md5($val['name']); - if (!empty($val['default'])) { + if (!empty($val['default']) || GETPOST('check_ext'.$htmlname, 'int')) { $default = "checked"; } else { $default = ''; } - $s .= '
 
'; + $s .= '
 
'; } } @@ -847,6 +848,7 @@ if ($resql) { $event->fk_project = $obj->fk_project; + $event->socid = $obj->fk_soc; $event->thirdparty_id = $obj->fk_soc; $event->contact_id = $obj->fk_contact; @@ -894,13 +896,13 @@ if ($resql) { $daykey = dol_mktime(0, 0, 0, $mois, $jour, $annee, 'gmt'); // $mois, $jour, $annee has been set for user tz $daykeyend = dol_mktime(0, 0, 0, $moisend, $jourend, $anneeend, 'gmt'); // $moisend, $jourend, $anneeend has been set for user tz /* - print 'GMT '.$event->date_start_in_calendar.' '.dol_print_date($event->date_start_in_calendar, 'dayhour', 'gmt').'
'; - print 'TZSERVER '.$event->date_start_in_calendar.' '.dol_print_date($event->date_start_in_calendar, 'dayhour', 'tzserver').'
'; - print 'TZUSERREL '.$event->date_start_in_calendar.' '.dol_print_date($event->date_start_in_calendar, 'dayhour', 'tzuserrel').'
'; - print 'GMT '.$event->date_end_in_calendar.' '.dol_print_date($event->date_end_in_calendar, 'dayhour', 'gmt').'
'; - print 'TZSERVER '.$event->date_end_in_calendar.' '.dol_print_date($event->date_end_in_calendar, 'dayhour', 'tzserver').'
'; - print 'TZUSER '.$event->date_end_in_calendar.' '.dol_print_date($event->date_end_in_calendar, 'dayhour', 'tzuserrel').'
'; - */ + print 'GMT '.$event->date_start_in_calendar.' '.dol_print_date($event->date_start_in_calendar, 'dayhour', 'gmt').'
'; + print 'TZSERVER '.$event->date_start_in_calendar.' '.dol_print_date($event->date_start_in_calendar, 'dayhour', 'tzserver').'
'; + print 'TZUSERREL '.$event->date_start_in_calendar.' '.dol_print_date($event->date_start_in_calendar, 'dayhour', 'tzuserrel').'
'; + print 'GMT '.$event->date_end_in_calendar.' '.dol_print_date($event->date_end_in_calendar, 'dayhour', 'gmt').'
'; + print 'TZSERVER '.$event->date_end_in_calendar.' '.dol_print_date($event->date_end_in_calendar, 'dayhour', 'tzserver').'
'; + print 'TZUSER '.$event->date_end_in_calendar.' '.dol_print_date($event->date_end_in_calendar, 'dayhour', 'tzuserrel').'
'; + */ do { //if ($event->id==408) //print 'daykey='.$daykey.' daykeyend='.$daykeyend.' '.dol_print_date($daykey, 'dayhour', 'gmt').' - '.dol_print_date($event->datep, 'dayhour', 'gmt').' '.dol_print_date($event->datef, 'dayhour', 'gmt').'
'; @@ -1996,7 +1998,7 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa if ($event->type_code != 'ICALEVENT') { $savlabel = $event->label ? $event->label : $event->libelle; $event->label = $titletoshow; - $event->libelle = $titletoshow; + $event->libelle = $titletoshow; // deprecatd // Note: List of users are inside $event->userassigned. Link may be clickable depending on permissions of user. $titletoshow = (($event->type_picto || $event->type_code) ? $event->getTypePicto() : ''); $titletoshow .= $event->getNomUrl(0, $maxnbofchar, 'cal_event cal_event_title', '', 0, 0); diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index 602897d34f9..194ccf40d4d 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -1579,17 +1579,20 @@ if (!$error && ($massaction == 'approveleave' || ($action == 'approveleave' && $ $nbok = 0; foreach ($toselect as $toselectid) { $result = $objecttmp->fetch($toselectid); - if ($result>0) { - if ($objecttmp->statut == Holiday::STATUS_VALIDATED && $user->id == $objecttmp->fk_validator) { + if ($result > 0) { + if ($objecttmp->statut != Holiday::STATUS_VALIDATED) { + setEventMessages($langs->trans('StatusOfRefMustBe', $objecttmp->ref, $langs->transnoentitiesnoconv('Validated')), null, 'warnings'); + continue; + } + if ($user->id == $objecttmp->fk_validator) { $objecttmp->oldcopy = dol_clone($objecttmp); $objecttmp->date_valid = dol_now(); $objecttmp->fk_user_valid = $user->id; $objecttmp->statut = Holiday::STATUS_APPROVED; - $db->begin(); - $verif = $objecttmp->approve($user); + if ($verif <= 0) { setEventMessages($objecttmp->error, $objecttmp->errors, 'errors'); $error++; @@ -1664,14 +1667,9 @@ if (!$error && ($massaction == 'approveleave' || ($action == 'approveleave' && $ } } } - - if (!$error) { - $db->commit(); - $nbok++; - } else { - $db->rollback(); - $action = ''; - } + } else { + $langs->load("errors"); + setEventMessages($langs->trans('ErrorNotApproverForHoliday', $objecttmp->ref), null, 'errors'); } } else { setEventMessages($objecttmp->error, $objecttmp->errors, 'errors'); @@ -1683,7 +1681,7 @@ if (!$error && ($massaction == 'approveleave' || ($action == 'approveleave' && $ if (!$error) { if ($nbok > 1) { setEventMessages($langs->trans("RecordsApproved", $nbok), null, 'mesgs'); - } else { + } elseif ($nbok == 1) { setEventMessages($langs->trans("RecordAproved"), null, 'mesgs'); } $db->commit(); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index ed73218c609..821d87dcd82 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -5037,7 +5037,7 @@ class Form $formconfirm .= ''; $formconfirm .= ''; $formconfirm .= ''."\n"; diff --git a/htdocs/core/tpl/massactions_pre.tpl.php b/htdocs/core/tpl/massactions_pre.tpl.php index b3a40ba3582..de034f652d3 100644 --- a/htdocs/core/tpl/massactions_pre.tpl.php +++ b/htdocs/core/tpl/massactions_pre.tpl.php @@ -212,14 +212,14 @@ if ($massaction == 'presend') { } if ($massaction == 'preenable') { - print $form->formconfirm($_SERVER["PHP_SELF"], $langs->trans("ConfirmMassEnabling"), $langs->trans("ConfirmMassEnablingQuestion", count($toselect)), "enable", null, '', 0, 200, 500, 1); + print $form->formconfirm($_SERVER["PHP_SELF"], $langs->trans("ConfirmMassEnabling"), $langs->trans("ConfirmMassEnablingQuestion", count($toselect)), "enable", null, 'yes', 0, 200, 500, 1); } if ($massaction == 'predisable') { print $form->formconfirm($_SERVER["PHP_SELF"], $langs->trans("ConfirmMassDisabling"), $langs->trans("ConfirmMassDisablingQuestion", count($toselect)), "disable", null, '', 0, 200, 500, 1); } if ($massaction == 'preapproveleave') { - print $form->formconfirm($_SERVER["PHP_SELF"], $langs->trans("ConfirmMassLeaveApproval"), $langs->trans("ConfirmMassLeaveApprovalQuestion", count($toselect)), "approveleave", null, '', 0, 200, 500, 1); + print $form->formconfirm($_SERVER["PHP_SELF"], $langs->trans("ConfirmMassLeaveApproval"), $langs->trans("ConfirmMassLeaveApprovalQuestion", count($toselect)), "approveleave", null, 'yes', 0, 200, 500, 1); } // Allow Pre-Mass-Action hook (eg for confirmation dialog) diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index 44d5fb321e8..091b9ed95a2 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -1083,7 +1083,9 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') { if (empty($include_users)) { print img_warning().' '.$langs->trans("NobodyHasPermissionToValidateHolidays"); } else { - $defaultselectuser = (empty($user->fk_user_holiday_validator) ? $user->fk_user : $user->fk_user_holiday_validator); // Will work only if supervisor has permission to approve so is inside include_users + // Defined default approver (the forced approved of user or the supervisor if no forced value defined) + // Note: This use will be set only if the deinfed approvr has permission to approve so is inside include_users + $defaultselectuser = (empty($user->fk_user_holiday_validator) ? $user->fk_user : $user->fk_user_holiday_validator); if (!empty($conf->global->HOLIDAY_DEFAULT_VALIDATOR)) { $defaultselectuser = $conf->global->HOLIDAY_DEFAULT_VALIDATOR; // Can force default approver } diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index 5a955ec0df3..a3a3b7e5d4f 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -274,6 +274,7 @@ ErrorNotInDictionaryPaymentConditions=Not in Payment Terms Dictionary, please mo ErrorIsNotADraft=%s is not a draft ErrorExecIdFailed=Can't execute command "id" ErrorBadCharIntoLoginName=Unauthorized character in the login name +ErrorNotApproverForHoliday=You are not the approver for leave %s # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup. diff --git a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php index 13e34593bba..02eb1c18fb6 100644 --- a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php +++ b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php @@ -432,7 +432,7 @@ class modMyModule extends DolibarrModules $sql = array(); // Document templates - $moduledir = 'mymodule'; + $moduledir = dol_sanitizeFileName('mymodule'); $myTmpObjects = array(); $myTmpObjects['MyObject'] = array('includerefgeneration'=>0, 'includedocgeneration'=>0); @@ -441,8 +441,8 @@ class modMyModule extends DolibarrModules continue; } if ($myTmpObjectArray['includerefgeneration']) { - $src = DOL_DOCUMENT_ROOT.'/install/doctemplates/mymodule/template_myobjects.odt'; - $dirodt = DOL_DATA_ROOT.'/doctemplates/mymodule'; + $src = DOL_DOCUMENT_ROOT.'/install/doctemplates/'.$moduledir.'/template_myobjects.odt'; + $dirodt = DOL_DATA_ROOT.'/doctemplates/'.$moduledir; $dest = $dirodt.'/template_myobjects.odt'; if (file_exists($src) && !file_exists($dest)) { From 378dab69a6753298b5c8ce490f78e843e080d39a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Mar 2022 13:21:32 +0100 Subject: [PATCH 50/72] FIX #19777 #20281 --- htdocs/compta/paiement/cheque/card.php | 50 ++++++++++++------- .../cheque/class/remisecheque.class.php | 1 + htdocs/core/class/html.formfile.class.php | 4 +- .../modules/cheque/modules_chequereceipts.php | 3 +- htdocs/ecm/class/ecmfiles.class.php | 6 ++- 5 files changed, 40 insertions(+), 24 deletions(-) diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 0dd6c57313e..c109acedf7e 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -41,12 +41,7 @@ $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); -// Security check -$fieldname = (!empty($ref) ? 'ref' : 'rowid'); -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'cheque', $id, 'bordereau_cheque', '', 'fk_user_author', $fieldname); +$object = new RemiseCheque($db); $sortfield = GETPOST('sortfield', 'aZ09comma'); $sortorder = GETPOST('sortorder', 'aZ09comma'); @@ -63,11 +58,22 @@ if (empty($page) || $page == -1) { $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $offset = $limit * $page; -$dir = $conf->bank->dir_output.'/checkdeposits/'; +$upload_dir = $conf->bank->multidir_output[$object->entity ? $object->entity : $conf->entity]."/checkdeposits"; + $filterdate = dol_mktime(0, 0, 0, GETPOST('fdmonth'), GETPOST('fdday'), GETPOST('fdyear')); $filteraccountid = GETPOST('accountid', 'int'); -$object = new RemiseCheque($db); +// Security check +$fieldname = (!empty($ref) ? 'ref' : 'rowid'); +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'cheque', $id, 'bordereau_cheque', '', 'fk_user_author', $fieldname); + +$usercanread = $user->rights->banque->cheque; +$usercancreate = $user->rights->banque->cheque; +$usercandelete = $user->rights->banque->cheque; + /* @@ -242,7 +248,9 @@ if ($action == 'builddoc' && $user->rights->banque->cheque) { $langs->load("other"); - $file = $dir.get_exdir($object->ref, 0, 1, 0, $object, 'cheque').GETPOST('file'); + $filetodelete = GETPOST('file', 'alpha'); + $file = $upload_dir.'/'.$filetodelete; + $ret = dol_delete_file($file, 0, 0, 0, $object); if ($ret) { setEventMessages($langs->trans("FileWasRemoved", GETPOST('file')), null, 'mesgs'); @@ -635,6 +643,12 @@ if ($action == 'new') { $i = 1; if ($num > 0) { while ($objp = $db->fetch_object($resql)) { + $paymentstatic->id = $objp->pid; + $paymentstatic->ref = $objp->pref; + + $accountlinestatic->id = $objp->rowid; + $accountlinestatic->ref = $objp->ref; + print ''; print ''; print ''; // Operation date @@ -644,8 +658,6 @@ if ($action == 'new') { print ''; // Link to payment print ''; // Link to bank transaction print ''; print ''; - if (!$disablemove) { + if (empty($disablemove) && count($filearray) > 1) { print ''; } print "\n"; } + // Get list of files stored into database for same relative directory + if ($relativedir) { + completeFileArrayWithDatabaseInfo($filearray, $relativedir); + + //var_dump($sortfield.' - '.$sortorder); + if ($sortfield && $sortorder) { // If $sortfield is for example 'position_name', we will sort on the property 'position_name' (that is concat of position+name) + $filearray = dol_sort_array($filearray, $sortfield, $sortorder); + } + } + print ''; //print $url.' sortfield='.$sortfield.' sortorder='.$sortorder; print_liste_field_titre('Documents2', $url, "name", "", $param, '', $sortfield, $sortorder, 'left '); @@ -1299,21 +1309,11 @@ class FormFile print_liste_field_titre(''); // Action button print_liste_field_titre(''); - if (!$disablemove) { + if (empty($disablemove) && count($filearray) > 1) { print_liste_field_titre(''); } print "\n"; - // Get list of files stored into database for same relative directory - if ($relativedir) { - completeFileArrayWithDatabaseInfo($filearray, $relativedir); - - //var_dump($sortfield.' - '.$sortorder); - if ($sortfield && $sortorder) { // If $sortfield is for example 'position_name', we will sort on the property 'position_name' (that is concat of position+name) - $filearray = dol_sort_array($filearray, $sortfield, $sortorder); - } - } - $nboffiles = count($filearray); if ($nboffiles > 0) { include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; @@ -1508,18 +1508,18 @@ class FormFile } print ""; - if (empty($disablemove)) { + if (empty($disablemove) && count($filearray) > 1) { if ($nboffiles > 1 && $conf->browser->layout != 'phone') { print ''; } else { - print 'browser->layout != 'phone' && empty($disablemove)) ? ' class="linecolmove tdlineupdown center"' : ' class="linecolmove center"').'>'; + print 'browser->layout != 'phone') ? ' class="linecolmove tdlineupdown center"' : ' class="linecolmove center"').'>'; print ''; } } @@ -1529,7 +1529,7 @@ class FormFile print ''; print ''; print ''; - if (empty($disablemove)) { + if (empty($disablemove) && count($filearray) > 1) { print ''; } } @@ -1540,7 +1540,7 @@ class FormFile } if ($nboffiles == 0) { $colspan = '6'; - if (empty($disablemove)) { + if (empty($disablemove) && count($filearray) > 1) { $colspan++; // 6 columns or 7 } print '
'.$langs->trans("BookmarkTitle").''.$langs->trans("SetHereATitleForLink").'
'.$langs->trans("BookmarkTitle").''.$langs->trans("SetHereATitleForLink").'
'; if ($action == 'edit') { - print 'title).'">'; + print 'title).'">'; } else { - print $object->title; + print dol_escape_htmltag($object->title); } print '
'; - print $formaccounting->multi_select_journal($search_ledger_code, 'search_ledger_code', 0, 1, 1, 1, 'maxwidth150'); + print $formaccounting->multi_select_journal($search_ledger_code, 'search_ledger_code', 0, 1, 1, 1, 'small maxwidth150'); print ''; print '
'; - print $formaccounting->select_account($search_accountancy_code_start, 'search_accountancy_code_start', $langs->trans('From'), array(), 1, 1, 'maxwidth200', 'account'); + print $formaccounting->select_account($search_accountancy_code_start, 'search_accountancy_code_start', $langs->trans('From'), array(), 1, 1, 'maxwidth150', 'account'); print '
'; print '
'; - print $formaccounting->select_account($search_accountancy_code_end, 'search_accountancy_code_end', $langs->trans('to'), array(), 1, 1, 'maxwidth200', 'account'); + print $formaccounting->select_account($search_accountancy_code_end, 'search_accountancy_code_end', $langs->trans('to'), array(), 1, 1, 'maxwidth150', 'account'); print '
'; print '		'; - - print ''; - // Picto + Ref - print '
'; - + $labeltoshow = ''; + $labeltoshowalt = ''; if ($line->doc_type == 'customer_invoice' || $line->doc_type == 'supplier_invoice' || $line->doc_type == 'expense_report') { - print $objectstatic->getNomUrl(1, '', 0, 0, '', 0, -1, 1); - print $documentlink; + $labeltoshow .= $objectstatic->getNomUrl(1, '', 0, 0, '', 0, -1, 1); + $labeltoshow .= $documentlink; + $labeltoshowalt .= $objectstatic->ref; } elseif ($line->doc_type == 'bank') { - print $objectstatic->getNomUrl(1); + $labeltoshow .= $objectstatic->getNomUrl(1); + $labeltoshowalt .= $objectstatic->ref; $bank_ref = strstr($line->doc_ref, '-'); - print " " . $bank_ref; + $labeltoshow .= " " . $bank_ref; + $labeltoshowalt .= " " . $bank_ref; } else { - print $line->doc_ref; + $labeltoshow .= $line->doc_ref; + $labeltoshowalt .= $line->doc_ref; } - print '
'; + print '		'; + print $labeltoshow; print "'.$line->label_operation.''.dol_escape_htmltag($line->label_operation).''.dol_print_date($line->date_export, 'dayhour').''.dol_print_date($line->date_export, 'dayhour').''.dol_print_date($line->date_validation, 'dayhour').''.dol_print_date($line->date_validation, 'dayhour').''.$question.''; $formconfirm .= $this->selectyesno("confirm", $newselectedchoice, 0, false, 0, 0, 'marginleftonly marginrightonly'); - $formconfirm .= ''; + $formconfirm .= ''; $formconfirm .= '
'.$i.''.dol_print_date($db->jdate($objp->date), 'day').''.price($objp->amount).''; - $paymentstatic->id = $objp->pid; - $paymentstatic->ref = $objp->pref; if ($paymentstatic->id) { print $paymentstatic->getNomUrl(1); } else { @@ -654,8 +666,6 @@ if ($action == 'new') { print ''; - $accountlinestatic->id = $objp->rowid; - $accountlinestatic->ref = $objp->ref; if ($accountlinestatic->id > 0) { print $accountlinestatic->getNomUrl(1); } else { @@ -665,10 +675,10 @@ if ($action == 'new') { // Action button print ''; if ($object->statut == 0) { - print 'rowid.'">'.img_delete().''; + print 'rowid.'">'.img_delete().''; } if ($object->statut == 1 && $objp->statut != 2) { - print 'rowid.'">'.img_picto($langs->trans("RejectCheck"), 'disable').''; + print 'rowid.'">'.img_picto($langs->trans("RejectCheck"), 'disable').''; } if ($objp->statut == 2) { print '   '.img_picto($langs->trans('CheckRejected'), 'statut8').''; @@ -724,11 +734,13 @@ print ''; if ($action != 'new') { if ($object->statut == 1) { - $filename = dol_sanitizeFileName($object->ref); - $filedir = $dir.get_exdir($object->ref, 0, 1, 0, $object, 'checkdeposits'); + // Documents + $objref = dol_sanitizeFileName($object->ref); + $filedir = $upload_dir.'/'.$objref; $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; - - print $formfile->showdocuments('remisecheque', $filename, $filedir, $urlsource, 1, 1); + $genallowed = $usercancreate; + $delallowed = $usercandelete; + print $formfile->showdocuments('remisecheque', $objref, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', $langs->defaultlang); print '
'; } diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index c66edfc8fe1..6b1053240c8 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -615,6 +615,7 @@ class RemiseCheque extends CommonObject // We save charset_output to restore it because write_file can change it if needed for // output format that does not support UTF8. $sav_charseSupprimert_output = $outputlangs->charset_output; + $result = $docmodel->write_file($this, $conf->bank->dir_output.'/checkdeposits', $this->ref, $outputlangs); if ($result > 0) { //$outputlangs->charset_output=$sav_charset_output; diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index c64fa50fc56..26d39674e08 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -360,8 +360,8 @@ class FormFile * This also set the property $this->numoffiles * * @param string $modulepart Module the files are related to ('propal', 'facture', 'facture_fourn', 'mymodule', 'mymodule:MyObject', 'mymodule_temp', ...) - * @param string $modulesubdir Existing (so sanitized) sub-directory to scan (Example: '0/1/10', 'FA/DD/MM/YY/9999'). Use '' if file is not into subdir of module. - * @param string $filedir Directory to scan + * @param string $modulesubdir Existing (so sanitized) sub-directory to scan (Example: '0/1/10', 'FA/DD/MM/YY/9999'). Use '' if file is not into a subdir of module. + * @param string $filedir Directory to scan (must not end with a /). Example: '/mydolibarrdocuments/facture/FAYYMM-1234' * @param string $urlsource Url of origin page (for return) * @param int|string[] $genallowed Generation is allowed (1/0 or array list of templates) * @param int $delallowed Remove is allowed (1/0) diff --git a/htdocs/core/modules/cheque/modules_chequereceipts.php b/htdocs/core/modules/cheque/modules_chequereceipts.php index dfdf0fbe363..e50a6877848 100644 --- a/htdocs/core/modules/cheque/modules_chequereceipts.php +++ b/htdocs/core/modules/cheque/modules_chequereceipts.php @@ -126,8 +126,7 @@ abstract class ModeleNumRefChequeReceipts } /** - * \class ModeleChequeReceipts - * \brief Classe mere des modeles de + * Class parent for templates of document generation */ abstract class ModeleChequeReceipts extends CommonDocGenerator { diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index 6c2b8fc4023..1ffe39f26ce 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -327,7 +327,11 @@ class EcmFiles extends CommonObject $resql = $this->db->query($sql); if (!$resql) { $error++; - $this->errors[] = 'Error '.$this->db->lasterror(); + if ($this->db->lasterrno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') { + $this->errors[] = 'Error DB_ERROR_RECORD_ALREADY_EXISTS : '.$this->db->lasterror(); + } else { + $this->errors[] = 'Error '.$this->db->lasterror(); + } dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); } From e13038dc3058b2a4b00c8938cbf5eee18096a95c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Mar 2022 14:06:54 +0100 Subject: [PATCH 51/72] Update product.class.php --- htdocs/product/class/product.class.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index dc9a08a24c7..b08ccb139ba 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1803,8 +1803,9 @@ class Product extends CommonObject $sql .= " ,pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code"; if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) $sql .= ", pfp.packaging"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; - $sql .= " WHERE 1=1"; - if ($product_id != 0) { $sql .= " AND pfp.fk_product = '".$product_id."'"; + $sql .= " WHERE 1 = 1"; + if ($product_id > 0) { + $sql .= " AND pfp.fk_product = ".((int) $product_id); } if ($fourn_ref != 'none') { $sql .= " AND pfp.ref_fourn = '".$fourn_ref."'"; } From e085c3989acc74597e9844d30952b207b3a23990 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Mar 2022 14:59:55 +0100 Subject: [PATCH 52/72] Update product.php --- htdocs/product/admin/product.php | 9 --------- 1 file changed, 9 deletions(-) diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php index 222e9ffc41f..7a2c2c6102e 100644 --- a/htdocs/product/admin/product.php +++ b/htdocs/product/admin/product.php @@ -159,15 +159,6 @@ if ($action == 'other') $value = GETPOST('activate_useProdSupplierPackaging', 'alpha'); $res = dolibarr_set_const($db, "PRODUCT_USE_SUPPLIER_PACKAGING", $value, 'chaine', 0, '', $conf->entity); - if ($value) { - $sql_test = "SELECT count(packaging) as cpt FROM ".MAIN_DB_PREFIX."product_fournisseur_price WHERE 1"; - $resql = $db->query($sql_test); - - if ($resql < 0) - { - dol_syslog($db->lasterrno(), LOG_ERR); - } - } } if ($action == 'specimen') // For products From 028fc4f0041c67cc76e3a3d8957d36e09f166fc7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Mar 2022 15:05:45 +0100 Subject: [PATCH 53/72] Fix field --- htdocs/install/mysql/migration/12.0.0-13.0.0.sql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/12.0.0-13.0.0.sql b/htdocs/install/mysql/migration/12.0.0-13.0.0.sql index cf4b5747684..f76136790c1 100644 --- a/htdocs/install/mysql/migration/12.0.0-13.0.0.sql +++ b/htdocs/install/mysql/migration/12.0.0-13.0.0.sql @@ -562,7 +562,8 @@ INSERT INTO llx_c_socialnetworks (entity, code, label, url, icon, active) VALUES -- VMYSQL4.1 INSERT INTO llx_boxes_def (file, entity) SELECT 'box_customers_outstanding_bill_reached.php', 1 FROM DUAL WHERE NOT EXISTS (SELECT * FROM llx_boxes_def WHERE file = 'box_customers_outstanding_bill_reached.php' AND entity = 1); -- VMYSQL4.1 INSERT INTO llx_boxes_def (file, entity) SELECT 'box_scheduled_jobs.php', 1 FROM DUAL WHERE NOT EXISTS (SELECT * FROM llx_boxes_def WHERE file = 'box_scheduled_jobs.php' AND entity = 1); -ALTER TABLE llx_product_fournisseur_price ADD COLUMN packaging varchar(64); +ALTER TABLE llx_product_fournisseur_price ADD COLUMN packaging varchar(64) DEFAULT NULL; +ALTER TABLE llx_product_fournisseur_price MODIFY COLUMN packaging varchar(64) DEFAULT NULL; ALTER TABLE llx_projet ADD COLUMN fk_opp_status_end integer DEFAULT NULL; From c4061e578deedc08e2205ad4a5354c4d41628305 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Mar 2022 15:06:24 +0100 Subject: [PATCH 54/72] Fix field --- htdocs/install/mysql/migration/13.0.0-14.0.0.sql | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index d03d6b1f75c..e8a3880ff40 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -84,6 +84,9 @@ UPDATE llx_const set value = __ENCRYPT('eldy')__ WHERE __DECRYPT('value')__ = 'a UPDATE llx_const set value = __ENCRYPT('eldy')__ WHERE __DECRYPT('value')__ = 'cameleo'; DELETE FROM llx_user_param where param = 'MAIN_THEME' and value in ('auguria', 'amarok', 'cameleo'); +ALTER TABLE llx_product_fournisseur_price ADD COLUMN packaging varchar(64) DEFAULT NULL; +ALTER TABLE llx_product_fournisseur_price MODIFY COLUMN packaging varchar(64) DEFAULT NULL; + -- For v14 From fa707c601517642dd37711be3ba4ccb8604c5641 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Mar 2022 15:20:55 +0100 Subject: [PATCH 55/72] Fix error from v12 --- htdocs/install/mysql/migration/14.0.0-15.0.0.sql | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/install/mysql/migration/14.0.0-15.0.0.sql b/htdocs/install/mysql/migration/14.0.0-15.0.0.sql index df86c80e72e..5987c4be652 100644 --- a/htdocs/install/mysql/migration/14.0.0-15.0.0.sql +++ b/htdocs/install/mysql/migration/14.0.0-15.0.0.sql @@ -35,6 +35,9 @@ -- VMYSQL4.3 ALTER TABLE llx_partnership MODIFY COLUMN date_partnership_end date NULL; -- VPGSQL8.2 ALTER TABLE llx_partnership ALTER COLUMN date_partnership_end DROP NOT NULL; +ALTER TABLE llx_product_fournisseur_price ADD COLUMN packaging varchar(64) DEFAULT NULL; +ALTER TABLE llx_product_fournisseur_price MODIFY COLUMN packaging varchar(64) DEFAULT NULL; + ALTER TABLE llx_accounting_bookkeeping ADD COLUMN date_export datetime DEFAULT NULL; ALTER TABLE llx_eventorganization_conferenceorboothattendee ADD COLUMN fk_project integer NOT NULL; From fb2fb46d17ae59805ca5df50053c8755fbe5c376 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Mar 2022 16:04:55 +0100 Subject: [PATCH 56/72] FIX Drag and drop line of files on join files tab --- htdocs/core/ajax/row.php | 18 ++++++--- htdocs/core/class/html.formfile.class.php | 38 +++++++++---------- .../tpl/document_actions_post_headers.tpl.php | 2 +- 3 files changed, 32 insertions(+), 26 deletions(-) diff --git a/htdocs/core/ajax/row.php b/htdocs/core/ajax/row.php index 0b1106ca20a..8b16cd4699c 100644 --- a/htdocs/core/ajax/row.php +++ b/htdocs/core/ajax/row.php @@ -81,8 +81,6 @@ if (GETPOST('roworder', 'alpha', 3) && GETPOST('table_element_line', 'aZ09', 3) $perm = 1; } elseif ($table_element_line == 'facturedet_rec' && $user->rights->facture->creer) { $perm = 1; - } elseif ($table_element_line == 'ecm_files' && $user->rights->ecm->creer) { - $perm = 1; } elseif ($table_element_line == 'emailcollector_emailcollectoraction' && $user->admin) { $perm = 1; } elseif ($table_element_line == 'bom_bomline' && $user->rights->bom->write) { @@ -95,10 +93,18 @@ if (GETPOST('roworder', 'alpha', 3) && GETPOST('table_element_line', 'aZ09', 3) $perm = 1; } elseif ($table_element_line == 'facture_fourn_det' && $user->rights->fournisseur->facture->creer) { $perm = 1; - } elseif ($table_element_line == 'ecm_files' && $fk_element == 'fk_product' && (!empty($user->rights->produit->creer) || !empty($user->rights->service->creer))) { - $perm = 1; - } elseif ($table_element_line == 'ecm_files' && $fk_element == 'fk_ticket' && !empty($user->rights->ticket->write)) { - $perm = 1; + } elseif ($table_element_line == 'ecm_files') { // Used when of page "documents.php" + if (!empty($user->rights->ecm->creer)) { + $perm = 1; + } elseif ($fk_element == 'fk_product' && (!empty($user->rights->produit->creer) || !empty($user->rights->service->creer))) { + $perm = 1; + } elseif ($fk_element == 'fk_ticket' && !empty($user->rights->ticket->write)) { + $perm = 1; + } elseif ($fk_element == 'fk_holiday' && !empty($user->rights->holiday->write)) { + $perm = 1; + } elseif ($fk_element == 'fk_soc' && !empty($user->rights->societe->creer)) { + $perm = 1; + } } elseif ($table_element_line == 'product_association' && $fk_element == 'fk_product' && (!empty($user->rights->produit->creer) || !empty($user->rights->service->creer))) { $perm = 1; } elseif ($table_element_line == 'projet_task' && $fk_element == 'fk_projet' && $user->rights->projet->creer) { diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 26d39674e08..cad584e8731 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -1281,12 +1281,22 @@ class FormFile } print '
'; if ($i > 0) { print 'id.'">'.img_up('default', 0, 'imgupforline').''; } - if ($i < $nboffiles - 1) { + if ($i < ($nboffiles - 1)) { print 'id.'">'.img_down('default', 0, 'imgdownforline').''; } print '
'; @@ -2030,7 +2030,7 @@ class FormFile print '
'; print ''; - print ''; + print '
'; print ''; print_liste_field_titre( $langs->trans("Links"), @@ -2115,7 +2115,7 @@ class FormFile print ''; diff --git a/htdocs/projet/activity/perday.php b/htdocs/projet/activity/perday.php index b743dffbc53..c840ff3438a 100644 --- a/htdocs/projet/activity/perday.php +++ b/htdocs/projet/activity/perday.php @@ -349,7 +349,7 @@ $next_day = $next['mday']; $title = $langs->trans("TimeSpent"); -$projectsListId = $projectstatic->getProjectsAuthorizedForUser($usertoprocess, (empty($usertoprocess->id) ? 2 : 0), 1); // Return all project i have permission on. I want my tasks and some of my task may be on a public projet that is not my project +$projectsListId = $projectstatic->getProjectsAuthorizedForUser($usertoprocess, (empty($usertoprocess->id) ? 2 : 0), 1); // Return all project i have permission on (assigned to me+public). I want my tasks and some of my task may be on a public projet that is not my project if ($id) { $project->fetch($id); @@ -476,12 +476,12 @@ if ($usertoprocess->id != $user->id) { $titleassigntask = $langs->transnoentities("AssignTaskToUser", $usertoprocess->getFullName($langs)); } print '
'; -print img_picto('', 'projecttask'); +print img_picto('', 'projecttask', 'class="pictofixedwidth"'); $formproject->selectTasks($socid ? $socid : -1, $taskid, 'taskid', 32, 0, '-- '.$langs->trans("ChooseANotYetAssignedTask").' --', 1, 0, 0, '', '', 'all', $usertoprocess); print '
'; print ' '; print $formcompany->selectTypeContact($object, '', 'type', 'internal', 'rowid', 0, 'maxwidth150onsmartphone'); -print ''; +print ''; print ''; print '
'; @@ -596,10 +596,10 @@ $extrafieldsobjectkey = 'projet_task'; $extrafieldsobjectprefix = 'efpt.'; include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php'; if (!empty($arrayfields['t.planned_workload']['checked'])) { - print ''; + print ''; } if (!empty($arrayfields['t.progress']['checked'])) { - print ''; + print ''; } if (!empty($arrayfields['timeconsumed']['checked'])) { print ''; - print ''; + print ''; } print ''; + print ''; } if (!empty($arrayfields['t.progress']['checked'])) { - print ''; + print ''; } if (!empty($arrayfields['timeconsumed']['checked'])) { print ''; - print ''; + print ''; } for ($idw = 0; $idw < 7; $idw++) { $dayinloopfromfirstdaytoshow = dol_time_plus_duree($firstdaytoshow, $idw, 'd'); // $firstdaytoshow is a date with hours = 0 @@ -691,7 +692,7 @@ for ($idw = 0; $idw < 7; $idw++) { $cssonholiday .= 'onholidayafternoon '; } - print ''; } diff --git a/htdocs/projet/tasks/stats/index.php b/htdocs/projet/tasks/stats/index.php index 70c093f46e3..2ca72552fa4 100644 --- a/htdocs/projet/tasks/stats/index.php +++ b/htdocs/projet/tasks/stats/index.php @@ -180,7 +180,7 @@ print '

'; print '
'; print '
'; print ''.img_edit().''; // id= is included into $param if ($permissiontodelete) { - print '   '.img_delete().''; // id= is included into $param + print '   '.img_delete().''; // id= is included into $param } else { print ' '; } diff --git a/htdocs/core/tpl/document_actions_post_headers.tpl.php b/htdocs/core/tpl/document_actions_post_headers.tpl.php index fdc315a588d..8b48a63e34d 100644 --- a/htdocs/core/tpl/document_actions_post_headers.tpl.php +++ b/htdocs/core/tpl/document_actions_post_headers.tpl.php @@ -66,7 +66,7 @@ if (in_array($modulepart, array('product', 'produit', 'societe', 'user', 'ticket * Confirm form to delete a file */ -if ($action == 'deletefile') { +if ($action == 'deletefile' || $action == 'deletelink') { $langs->load("companies"); // Need for string DeleteFile+ConfirmDeleteFiles print $form->formconfirm( $_SERVER["PHP_SELF"].'?id='.$object->id.'&urlfile='.urlencode(GETPOST("urlfile")).'&linkid='.GETPOST('linkid', 'int').(empty($param) ? '' : $param), From ec77b81d1a6acac46323e952cfe7d8d65c72eaa4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Mar 2022 18:07:20 +0100 Subject: [PATCH 57/72] Prepare 15.0.1 --- htdocs/filefunc.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index 3b21a9bbf37..771cd4ec8a0 100644 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -34,7 +34,7 @@ if (!defined('DOL_APPLICATION_TITLE')) { define('DOL_APPLICATION_TITLE', 'Dolibarr'); } if (!defined('DOL_VERSION')) { - define('DOL_VERSION', '15.0.0'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c + define('DOL_VERSION', '15.0.1'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c } if (!defined('EURO')) { From af542746038e19c031b0c22d329ecf3df7c668c3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Mar 2022 20:09:14 +0100 Subject: [PATCH 58/72] css --- htdocs/theme/eldy/global.inc.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index a4020edccdb..123d24f54f3 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -168,6 +168,10 @@ table.liste th.wrapcolumntitle.liste_titre:not(.maxwidthsearch), table.liste td. .liste_titre input[name=search_day_date_when], .liste_titre input[name=search_month_date_when], .liste_titre input[name=search_year_date_when], .liste_titre input[name=search_dtstartday], .liste_titre input[name=search_dtendday], .liste_titre input[name=search_dtstartmonth], .liste_titre input[name=search_dtendmonth], */ +.liste_titre input[name=search_month] { + margin-right: 4px; +} + select#date_startday, select#date_startmonth, select#date_endday, select#date_endmonth, select#reday, select#remonth, input, input.flat, form.flat select, select, select.flat, .dataTables_length label select { border: none; From 70810dfbab0ad6c22dab26b0f29acdc4c2b065e4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 8 Mar 2022 02:26:04 +0100 Subject: [PATCH 59/72] Doc --- ChangeLog | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/ChangeLog b/ChangeLog index a65a8f21329..e55cfad84d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,34 @@ English Dolibarr ChangeLog -------------------------------------------------------------- +***** ChangeLog for 15.0.1 compared to 15.0.0 ***** +FIX: #19777 #20281 +FIX: bad position of extrafields for interventions +FIX: Blocking situation when a payment was deleted in bank. +FIX: creation of the shipment if order contains services +FIX: Drag and drop line of files on join files tab +FIX: Error management on mass action "Approve holiday" +FIX: error with php8 +FIX: in case of VAT refund, negative amount must be allowed +FIX: invoice pdf: lines originating from deposits were not detailed anymore +FIX: Invoice - When you create an invoice for a given thirdparty, fk_account is not retrieved from company card +FIX: list of visible type of event was not correctly filtered +FIX: Missing or bad permissions +FIX: Missing the field date start/end in export supplier invoice/order +FIX: On large proposal or invoice, fix n(n+1) sql into a n sql. +FIX: options should not exists on invoices +FIX: payment not completed when using Paypal. +FIX: permission to download files of expense report with readall. +FIX- Preview icon in documents list PDF in the admin page third-party +FIX: shipping list, e.shipping_method_id should be e.fk_shipping_method. +FIX: Show product photo on Supplier order Cornas model. +FIX: User name in ManufacturingOrder +FIX: viewimage.php blocks requests with multicompany from other enties +FIX: #yogosha9048 +FIX: #yogosha9054 +FIX: #yogosha9095 + + ***** ChangeLog for 15.0.0 compared to 14.0.0 ***** For users: From 2d93c6b678b5b0bf1c9fb4a345c339edd9845b26 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 8 Mar 2022 19:00:21 +0100 Subject: [PATCH 60/72] Fix template --- .../core/modules/project/doc/pdf_baleine.modules.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/htdocs/core/modules/project/doc/pdf_baleine.modules.php b/htdocs/core/modules/project/doc/pdf_baleine.modules.php index 716c88e1f92..776f2f9d1e6 100644 --- a/htdocs/core/modules/project/doc/pdf_baleine.modules.php +++ b/htdocs/core/modules/project/doc/pdf_baleine.modules.php @@ -432,10 +432,12 @@ class pdf_baleine extends ModelePDFProjects $pdf->MultiCell($this->posxlabel - $this->posxref, 3, $outputlangs->convToOutputCharset($ref), 0, 'L'); // Workload $pdf->SetXY($this->posxworkload, $curY); + $pdf->SetFont('', '', $default_font_size - 2); // We use a smaller font $pdf->MultiCell($this->posxprogress - $this->posxworkload, 3, $planned_workload ? $planned_workload : '', 0, 'R'); // Progress $pdf->SetXY($this->posxprogress, $curY); $pdf->MultiCell($this->posxdatestart - $this->posxprogress, 3, $progress, 0, 'R'); + $pdf->SetFont('', '', $default_font_size - 1); // We restore font // Date start and end $pdf->SetXY($this->posxdatestart, $curY); @@ -640,9 +642,11 @@ class pdf_baleine extends ModelePDFProjects $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell(100, 4, $outputlangs->transnoentities("DateStart")." : ".dol_print_date($object->date_start, 'day', false, $outputlangs, true), '', 'R'); - $posy += 6; - $pdf->SetXY($posx, $posy); - $pdf->MultiCell(100, 4, $outputlangs->transnoentities("DateEnd")." : ".dol_print_date($object->date_end, 'day', false, $outputlangs, true), '', 'R'); + if ($object->date_end) { + $posy += 6; + $pdf->SetXY($posx, $posy); + $pdf->MultiCell(100, 4, $outputlangs->transnoentities("DateEnd")." : ".dol_print_date($object->date_end, 'day', false, $outputlangs, true), '', 'R'); + } if (is_object($object->thirdparty)) { $posy += 6; From c7bb6c3c4c5c5f88359eeb4a470b7ecf6e3159f3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 8 Mar 2022 20:46:56 +0100 Subject: [PATCH 61/72] FIX Upload in the filemanager use the Dolibarr methods --- .../browser/default/frmupload.php | 5 ++++- .../connectors/php/commands.php | 20 +++++++++++++++++-- .../core/filemanagerdol/connectors/php/io.php | 3 ++- .../filemanagerdol/connectors/php/upload.php | 4 +++- 4 files changed, 27 insertions(+), 5 deletions(-) diff --git a/htdocs/core/filemanagerdol/browser/default/frmupload.php b/htdocs/core/filemanagerdol/browser/default/frmupload.php index c82581cc51c..7ab5ee3bffa 100644 --- a/htdocs/core/filemanagerdol/browser/default/frmupload.php +++ b/htdocs/core/filemanagerdol/browser/default/frmupload.php @@ -65,6 +65,7 @@ function SetCurrentFolder( resourceType, folderPath ) function OnSubmit() { + console.log("Click on OnSubmit"); if ( document.getElementById('NewFile').value.length == 0 ) { alert( 'Please select a file from your computer' ); @@ -80,6 +81,8 @@ function OnSubmit() function OnUploadCompleted( errorNumber, data ) { + console.log("errorNumber = "+errorNumber); + // Reset the Upload Worker Frame. window.parent.frames['frmUploadWorker'].location = 'javascript:void(0)' ; @@ -106,7 +109,7 @@ function OnUploadCompleted( errorNumber, data ) alert( 'A file with the same name is already available. The uploaded file has been renamed to "' + data + '"' ); break; case 202: - alert( 'Invalid file' ); + alert( 'Invalid file (Bad extension)' ); break; default: alert( 'Error on file upload. Error number: ' + errorNumber ); diff --git a/htdocs/core/filemanagerdol/connectors/php/commands.php b/htdocs/core/filemanagerdol/connectors/php/commands.php index b4fb1224f4c..6db2c3c1b25 100644 --- a/htdocs/core/filemanagerdol/connectors/php/commands.php +++ b/htdocs/core/filemanagerdol/connectors/php/commands.php @@ -203,12 +203,17 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '') $oFile = isset($_FILES['NewFile']) ? $_FILES['NewFile'] : $_FILES['upload']; + // $resourceType should be 'Image'; + $detectHtml = 0; + // Map the virtual path to the local server path. $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand); // Get the uploaded file name. $sFileName = $oFile['name']; - $sFileName = SanitizeFileName($sFileName); + + //$sFileName = SanitizeFileName($sFileName); + $sFileName = dol_sanitizeFileName($sFileName); $sOriginalFileName = $sFileName; @@ -216,6 +221,8 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '') $sExtension = substr($sFileName, (strrpos($sFileName, '.') + 1)); $sExtension = strtolower($sExtension); + //var_dump($Config); + /* if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) { $sErrorNumber = '202'; @@ -228,6 +235,14 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '') $sErrorNumber = '202'; } } + */ + + include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; + $isImageValid = image_format_supported($sFileName) > 0 ? true : false; + if (!$isImageValid) { + $sErrorNumber = '202'; + } + // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { @@ -241,7 +256,8 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '') $sFileName = RemoveExtension($sOriginalFileName).'('.$iCounter.').'.$sExtension; $sErrorNumber = '201'; } else { - move_uploaded_file($oFile['tmp_name'], $sFilePath); + include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + dol_move_uploaded_file($oFile['tmp_name'], $sFilePath, 0, 0); if (is_file($sFilePath)) { if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { diff --git a/htdocs/core/filemanagerdol/connectors/php/io.php b/htdocs/core/filemanagerdol/connectors/php/io.php index c9fce179799..ba027727db3 100644 --- a/htdocs/core/filemanagerdol/connectors/php/io.php +++ b/htdocs/core/filemanagerdol/connectors/php/io.php @@ -408,7 +408,8 @@ EOF; } $rpl = array('\\' => '\\\\', '"' => '\\"'); - echo 'window.parent.OnUploadCompleted('.$errorNumber.',"'.strtr($fileUrl, $rpl).'","'.strtr($fileName, $rpl).'", "'.strtr($customMsg, $rpl).'");'; + echo 'console.log('.$errorNumber.');'; + echo 'window.parent.OnUploadCompleted('.$errorNumber.', "'.strtr($fileUrl, $rpl).'", "'.strtr($fileName, $rpl).'", "'.strtr($customMsg, $rpl).'");'; echo ''; exit; } diff --git a/htdocs/core/filemanagerdol/connectors/php/upload.php b/htdocs/core/filemanagerdol/connectors/php/upload.php index bd9b9218155..b9296d68bcf 100644 --- a/htdocs/core/filemanagerdol/connectors/php/upload.php +++ b/htdocs/core/filemanagerdol/connectors/php/upload.php @@ -22,11 +22,12 @@ * This is the "File Uploader" for PHP. */ -require 'config.php'; +require 'config.php'; // This include the main.inc.php require 'util.php'; require 'io.php'; require 'commands.php'; + /** * SendError * @@ -63,6 +64,7 @@ if (!IsAllowedType($sType)) { } + // @CHANGE //FileUpload( $sType, $sCurrentFolder, $sCommand ) From e76afe475b3d0b8c1580e15c3bcd8411b78b3929 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Mar 2022 11:02:35 +0100 Subject: [PATCH 62/72] Fix responsive --- htdocs/core/class/html.form.class.php | 6 +++--- htdocs/core/lib/project.lib.php | 4 ++-- htdocs/projet/activity/perday.php | 12 ++++++------ htdocs/projet/activity/perweek.php | 11 ++++++----- htdocs/projet/tasks/stats/index.php | 10 +++++----- htdocs/public/opensurvey/studs.php | 3 ++- 6 files changed, 24 insertions(+), 22 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 821d87dcd82..1b4500cdb27 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -6584,7 +6584,7 @@ class Form // phpcs:enable global $langs; - $retstring = ''; + $retstring = ''; $hourSelected = 0; $minSelected = 0; @@ -6616,7 +6616,7 @@ class Form if ($typehour != 'text') { $retstring .= ' '.$langs->trans('HourShort'); } else { - $retstring .= ':'; + $retstring .= ':'; } // Minutes @@ -6644,7 +6644,7 @@ class Form $retstring .= ' '.$langs->trans('MinuteShort'); } - //$retstring.=" "; + $retstring.=""; if (!empty($nooutput)) { return $retstring; diff --git a/htdocs/core/lib/project.lib.php b/htdocs/core/lib/project.lib.php index 90a67991413..15162c8b273 100644 --- a/htdocs/core/lib/project.lib.php +++ b/htdocs/core/lib/project.lib.php @@ -1561,8 +1561,8 @@ function projectLinesPerDay(&$inc, $parent, $fuser, $lines, &$level, &$projectsr $disabledtask = 1; } - // Form to add new time - print ''; + // Select hour + print ''; $tableCell = $form->selectDate($preselectedday, $lines[$i]->id, 1, 1, 2, "addtime", 0, 0, $disabledtask); print $tableCell; print ''.$langs->trans("PlannedWorkload").''.$langs->trans("PlannedWorkload").''.$langs->trans("ProgressDeclared").'trans("ProgressDeclared")).'">'.$langs->trans("ProgressDeclared").''.$langs->trans("TimeSpent").'
'; @@ -608,7 +608,7 @@ if (!empty($arrayfields['timeconsumed']['checked'])) { print ''.$langs->trans("Everybody").''; print ''; print '		'.$langs->trans("TimeSpent").($usertoprocess->firstname ? '
'.$usertoprocess->getNomUrl(-2).''.dol_trunc($usertoprocess->firstname, 10).'' : '').'		'.$langs->trans("TimeSpent").($usertoprocess->firstname ? '
'.$usertoprocess->getNomUrl(-2).''.dol_trunc($usertoprocess->firstname, 10).'' : '').'		'.$langs->trans("HourStart").''; diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php index 763ecefe650..385565c7616 100644 --- a/htdocs/projet/activity/perweek.php +++ b/htdocs/projet/activity/perweek.php @@ -119,6 +119,7 @@ $extrafields = new ExtraFields($db); // fetch optionals attributes and labels $extrafields->fetch_name_optionals_label($object->table_element); +// Definition of fields for list $arrayfields = array(); /*$arrayfields=array( // Project @@ -441,7 +442,7 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php'; // Show navigation bar $nav = ''.img_previous($langs->trans("Previous"))."\n"; -$nav .= " ".dol_print_date(dol_mktime(0, 0, 0, $first_month, $first_day, $first_year), "%Y").", ".$langs->trans("WeekShort")." ".$week." \n"; +$nav .= ' '.dol_print_date(dol_mktime(0, 0, 0, $first_month, $first_day, $first_year), "%Y").", ".$langs->trans("WeekShort")." ".$week." \n"; $nav .= ''.img_next($langs->trans("Next"))."\n"; $nav .= ' '.$form->selectDate(-1, '', 0, 0, 2, "addtime", 1, 1).' '; $nav .= ' '; @@ -652,10 +653,10 @@ $extrafieldsobjectkey = 'projet_task'; $extrafieldsobjectprefix = 'efpt.'; include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php'; if (!empty($arrayfields['t.planned_workload']['checked'])) { - print ''.$langs->trans("PlannedWorkload").''.$langs->trans("PlannedWorkload").''.$langs->trans("ProgressDeclared").''.$langs->trans("ProgressDeclared").''.$langs->trans("TimeSpent").'
'; @@ -664,7 +665,7 @@ if (!empty($arrayfields['timeconsumed']['checked'])) { print ''.$langs->trans("Everybody").''; print ''; print '		'.$langs->trans("TimeSpent").($usertoprocess->firstname ? '
'.$usertoprocess->getNomUrl(-2).''.dol_trunc($usertoprocess->firstname, 10).'' : '').'		'.$langs->trans("TimeSpent").($usertoprocess->firstname ? '
'.$usertoprocess->getNomUrl(-2).''.dol_trunc($usertoprocess->firstname, 10).'' : '').'		'; + print ''; print dol_print_date($dayinloopfromfirstdaytoshow, '%a'); print '
'.dol_print_date($dayinloopfromfirstdaytoshow, 'dayreduceformat').'
'; -print ''; +print ''; print ''; print ''; print ''; @@ -191,14 +191,14 @@ foreach ($data_all_year as $val) { while ($year && $oldyear > $year + 1) { // If we have empty year $oldyear--; - print ''; - print ''; + print ''; + print ''; print ''; print ''; } - print ''; - print ''; + print ''; + print ''; print ''; print ''; $oldyear = $year; diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index 42cde055ac2..4cabb3448e3 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -286,10 +286,11 @@ print '
'."\n"; // show title of survey $titre = str_replace("\\", "", $object->title); -print ''.dol_htmlentities($titre).'

'."\n"; +print ''.dol_htmlentities($titre).''; // show description of survey if ($object->description) { + print '

'."\n"; print dol_htmlentitiesbr($object->description); print '
'."\n"; } From 2279674f013bbee1c3581685a3ba76396b449ae3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Mar 2022 15:58:23 +0100 Subject: [PATCH 63/72] Trans --- htdocs/langs/en_US/products.lang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/langs/en_US/products.lang b/htdocs/langs/en_US/products.lang index a8942bd337f..e6903e360da 100644 --- a/htdocs/langs/en_US/products.lang +++ b/htdocs/langs/en_US/products.lang @@ -346,7 +346,7 @@ UseProductFournDesc=Add a feature to define the product description defined by t ProductSupplierDescription=Vendor description for the product UseProductSupplierPackaging=Use packaging on supplier prices (recalculate quantities according to packaging set on supplier price when adding/updating line in supplier documents) PackagingForThisProduct=Packaging -PackagingForThisProductDesc=On supplier order, you will automaticly order this quantity (or a multiple of this quantity). Cannot be less than minimum buying quantity +PackagingForThisProductDesc=You will automaticaly buy a multiple of this quantity. Can't be lower than the minimum purchase quantity QtyRecalculatedWithPackaging=The quantity of the line were recalculated according to supplier packaging #Attributes From cc57d3dbc105e533db8adcfb3a8e4107cc18d53d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Mar 2022 22:25:29 +0100 Subject: [PATCH 64/72] Fix phpcs --- htdocs/product/class/product.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index b08ccb139ba..323c6ffca3c 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1804,7 +1804,7 @@ class Product extends CommonObject if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) $sql .= ", pfp.packaging"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; $sql .= " WHERE 1 = 1"; - if ($product_id > 0) { + if ($product_id > 0) { $sql .= " AND pfp.fk_product = ".((int) $product_id); } if ($fourn_ref != 'none') { $sql .= " AND pfp.ref_fourn = '".$fourn_ref."'"; From eadd8da3d5110640bdaca2ef46cc31f0289c0fd9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Mar 2022 23:32:59 +0100 Subject: [PATCH 65/72] FIX exclusion of other backup files into backup file --- htdocs/admin/tools/export_files.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/tools/export_files.php b/htdocs/admin/tools/export_files.php index a3c20d0dffc..19a3c83a14c 100644 --- a/htdocs/admin/tools/export_files.php +++ b/htdocs/admin/tools/export_files.php @@ -137,7 +137,7 @@ $dirtocompress = basename($fulldirtocompress); if ($compression == 'zip') { $file .= '.zip'; - $excludefiles = '/(\.back|\.old|\.log|\.pdf_preview-.*\.png|[\/\\\]temp[\/\\\]|documents[\/\\\]admin[\/\\\]documents[\/\\\])/i'; + $excludefiles = '/(\.back|\.old|\.log|\.pdf_preview-.*\.png|[\/\\\]temp[\/\\\]|[\/\\\]admin[\/\\\]documents[\/\\\])/i'; //var_dump($fulldirtocompress); //var_dump($outputdir."/".$file);exit; From f6cfe0557bca6a6f076febc0bb2038461780e39d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Mar 2022 23:32:59 +0100 Subject: [PATCH 66/72] FIX exclusion of other backup files into backup file Conflicts: htdocs/admin/tools/export_files.php --- htdocs/admin/tools/export_files.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/admin/tools/export_files.php b/htdocs/admin/tools/export_files.php index 384b08e19cf..4bae5f4862d 100644 --- a/htdocs/admin/tools/export_files.php +++ b/htdocs/admin/tools/export_files.php @@ -126,8 +126,10 @@ $utils = new Utils($db); if ($compression == 'zip') { $file .= '.zip'; - $excludefiles = '/(\.back|\.old|\.log|[\/\\\]temp[\/\\\]|documents[\/\\\]admin[\/\\\]documents[\/\\\])/i'; + + $excludefiles = '/(\.back|\.old|\.log|\.pdf_preview-.*\.png|[\/\\\]temp[\/\\\]|[\/\\\]admin[\/\\\]documents[\/\\\])/i'; $ret = dol_compress_dir(DOL_DATA_ROOT, $outputdir."/".$file, $compression, $excludefiles); + if ($ret < 0) { if ($ret == -2) { $langs->load("errors"); From 5d942c9d1a8d4bb588845aa07612cb0be82de0f2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Mar 2022 15:46:00 +0100 Subject: [PATCH 67/72] Fix infinit logs --- htdocs/core/class/utils.class.php | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index dee63987d45..5cd5625e051 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -292,17 +292,19 @@ class Utils dol_syslog("Run command ".$fullcommandcrypted); $handlein = popen($fullcommandclear, 'r'); $i=0; - while (!feof($handlein)) - { - $i++; // output line number - $read = fgets($handlein); - // Exclude warning line we don't want - if ($i == 1 && preg_match('/Warning.*Using a password/i', $read)) continue; - fwrite($handle,$read); - if (preg_match('/'.preg_quote('-- Dump completed').'/i',$read)) $ok=1; - elseif (preg_match('/'.preg_quote('SET SQL_NOTES=@OLD_SQL_NOTES').'/i',$read)) $ok=1; + if ($handlein) { + while (!feof($handlein)) + { + $i++; // output line number + $read = fgets($handlein); + // Exclude warning line we don't want + if ($i == 1 && preg_match('/Warning.*Using a password/i', $read)) continue; + fwrite($handle,$read); + if (preg_match('/'.preg_quote('-- Dump completed').'/i',$read)) $ok=1; + elseif (preg_match('/'.preg_quote('SET SQL_NOTES=@OLD_SQL_NOTES').'/i',$read)) $ok=1; + } + pclose($handlein); } - pclose($handlein); if ($compression == 'none') fclose($handle); if ($compression == 'gz') gzclose($handle); From 994ea81ce02f015e6d12fccb06ffafe1ce3b66aa Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Mar 2022 17:24:54 +0100 Subject: [PATCH 68/72] Fix test send email feature --- htdocs/admin/mails.php | 5 +-- htdocs/admin/mails_emailing.php | 66 +++++++++++++++++++-------------- 2 files changed, 41 insertions(+), 30 deletions(-) diff --git a/htdocs/admin/mails.php b/htdocs/admin/mails.php index 41a436b70a8..6b700119e8a 100644 --- a/htdocs/admin/mails.php +++ b/htdocs/admin/mails.php @@ -50,7 +50,7 @@ $substitutionarrayfortest = array( //'__EMAIL__' => 'RecipientEMail', // Done into actions_sendmails '__CHECK_READ__' => (!empty($object) && is_object($object) && is_object($object->thirdparty)) ? '' : '', '__USER_SIGNATURE__' => (($user->signature && empty($conf->global->MAIN_MAIL_DO_NOT_USE_SIGN)) ? $usersignature : ''), // Done into actions_sendmails - '__LOGIN__' => 'RecipientLogin', + '__LOGIN__' => $user->login, '__LASTNAME__' => 'RecipientLastname', '__FIRSTNAME__' => 'RecipientFirstname', '__ADDRESS__'=> 'RecipientAddress', @@ -662,7 +662,7 @@ if ($action == 'edit') { print '
'; if (!$conf->use_javascript_ajax && $linuxlike && $conf->global->MAIN_MAIL_SENDMODE_EMAILING == 'mail') { + print ''; } else { + print ''; } - print ''; + print ''; // Port @@ -305,7 +315,7 @@ if ($action == 'edit') { if (!$conf->use_javascript_ajax && $linuxlike && $conf->global->MAIN_MAIL_SENDMODE_EMAILING == 'mail') { print $langs->trans("MAIN_MAIL_SMTP_PORT_NotAvailableOnLinuxLike"); print ''; // STARTTLS - print ''; // SMTP_ALLOW_SELF_SIGNED_EMAILING - print ''."\n"; + print ''."\n"; } //demande de confirmation pour modification de ligne @@ -1021,7 +1023,7 @@ while ($compteur < $num) { if ($compteur == $i) { print ''."\n"; } } From 5516eae05694c23275d8b66c7163c7387173f546 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Mar 2022 21:31:09 +0100 Subject: [PATCH 70/72] FIX type smallint in module builder and case in values of a property --- htdocs/modulebuilder/index.php | 6 +++--- htdocs/modulebuilder/template/class/myobject.class.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 4e66e655f5e..e4513b6ff82 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -2815,7 +2815,7 @@ if ($module == 'initmodule') { print ''; print ''; diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index ca9de1cc5ab..37d1a4d08ab 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -122,7 +122,7 @@ class MyObject extends CommonObject 'last_main_doc' => array('type'=>'varchar(255)', 'label'=>'LastMainDoc', 'enabled'=>1, 'visible'=>0, 'notnull'=>0, 'position'=>600), 'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>-2, 'notnull'=>-1, 'index'=>0, 'position'=>1000), 'model_pdf' => array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>1, 'visible'=>0, 'notnull'=>-1, 'position'=>1010), - 'status' => array('type'=>'smallint', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=> 1, 'default'=>0, 'index'=>1, 'position'=>1000, 'arrayofkeyval'=>array(0=>'Draft', 1=>'Validated', 9=>'Canceled'), 'validate'=>1), + 'status' => array('type'=>'integer', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=> 1, 'default'=>0, 'index'=>1, 'position'=>1000, 'arrayofkeyval'=>array(0=>'Draft', 1=>'Validated', 9=>'Canceled'), 'validate'=>1), ); /** From bc6249f0eba9fad1f184e26cc29d32f3cf3f5f80 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Mar 2022 22:17:04 +0100 Subject: [PATCH 71/72] Better error message --- htdocs/langs/en_US/modulebuilder.lang | 1 + htdocs/modulebuilder/index.php | 55 ++++++++++++++------------- 2 files changed, 30 insertions(+), 26 deletions(-) diff --git a/htdocs/langs/en_US/modulebuilder.lang b/htdocs/langs/en_US/modulebuilder.lang index 61b5c939d12..2c83ada73c2 100644 --- a/htdocs/langs/en_US/modulebuilder.lang +++ b/htdocs/langs/en_US/modulebuilder.lang @@ -145,3 +145,4 @@ TableNotEmptyDropCanceled=Table not empty. Drop has been canceled. ModuleBuilderNotAllowed=The module builder is available but not allowed to your user. ImportExportProfiles=Import and export profiles ValidateModBuilderDesc=Put 1 if this field need to be validated with $this->validateField() or 0 if validation required +WarningDatabaseIsNotUpdated=Warning: The database is not updated automatically, you must destroy tables and disable-enable the module to have tables recreated \ No newline at end of file diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index e4513b6ff82..4bec7027caf 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -1304,33 +1304,33 @@ if ($dirins && $action == 'addproperty' && empty($cancel) && !empty($module) && $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Type")), null, 'errors'); } - } - if (!$error) { - $addfieldentry = array( - 'name'=>GETPOST('propname', 'aZ09'), - 'label'=>GETPOST('proplabel', 'alpha'), - 'type'=>GETPOST('proptype', 'alpha'), - 'arrayofkeyval'=>GETPOST('proparrayofkeyval', 'restricthtml'), // Example json string '{"0":"Draft","1":"Active","-1":"Cancel"}' - 'visible'=>GETPOST('propvisible', 'int'), - 'enabled'=>GETPOST('propenabled', 'int'), - 'position'=>GETPOST('propposition', 'int'), - 'notnull'=>GETPOST('propnotnull', 'int'), - 'index'=>GETPOST('propindex', 'int'), - 'searchall'=>GETPOST('propsearchall', 'int'), - 'isameasure'=>GETPOST('propisameasure', 'int'), - 'comment'=>GETPOST('propcomment', 'alpha'), - 'help'=>GETPOST('prophelp', 'alpha'), - 'css'=>GETPOST('propcss', 'aZ09'), - 'cssview'=>GETPOST('propcssview', 'aZ09'), - 'csslist'=>GETPOST('propcsslist', 'aZ09'), - 'default'=>GETPOST('propdefault', 'restricthtml'), - 'noteditable'=>intval(GETPOST('propnoteditable', 'int')), - 'validate' => GETPOST('propvalidate', 'int') - ); + if (!$error) { + $addfieldentry = array( + 'name'=>GETPOST('propname', 'aZ09'), + 'label'=>GETPOST('proplabel', 'alpha'), + 'type'=>GETPOST('proptype', 'alpha'), + 'arrayofkeyval'=>GETPOST('proparrayofkeyval', 'restricthtml'), // Example json string '{"0":"Draft","1":"Active","-1":"Cancel"}' + 'visible'=>GETPOST('propvisible', 'int'), + 'enabled'=>GETPOST('propenabled', 'int'), + 'position'=>GETPOST('propposition', 'int'), + 'notnull'=>GETPOST('propnotnull', 'int'), + 'index'=>GETPOST('propindex', 'int'), + 'searchall'=>GETPOST('propsearchall', 'int'), + 'isameasure'=>GETPOST('propisameasure', 'int'), + 'comment'=>GETPOST('propcomment', 'alpha'), + 'help'=>GETPOST('prophelp', 'alpha'), + 'css'=>GETPOST('propcss', 'aZ09'), + 'cssview'=>GETPOST('propcssview', 'aZ09'), + 'csslist'=>GETPOST('propcsslist', 'aZ09'), + 'default'=>GETPOST('propdefault', 'restricthtml'), + 'noteditable'=>intval(GETPOST('propnoteditable', 'int')), + 'validate' => GETPOST('propvalidate', 'int') + ); - if (!empty($addfieldentry['arrayofkeyval']) && !is_array($addfieldentry['arrayofkeyval'])) { - $addfieldentry['arrayofkeyval'] = json_decode($addfieldentry['arrayofkeyval'], true); + if (!empty($addfieldentry['arrayofkeyval']) && !is_array($addfieldentry['arrayofkeyval'])) { + $addfieldentry['arrayofkeyval'] = json_decode($addfieldentry['arrayofkeyval'], true); + } } } @@ -1343,8 +1343,9 @@ if ($dirins && $action == 'addproperty' && empty($cancel) && !empty($module) && // Edit the class file to write properties if (!$error) { $moduletype = 'external'; - + var_dump($addfieldentry); $object = rebuildObjectClass($destdir, $module, $objectname, $newmask, $srcdir, $addfieldentry, $moduletype); + if (is_numeric($object) && $object <= 0) { $error++; } @@ -1363,6 +1364,8 @@ if ($dirins && $action == 'addproperty' && empty($cancel) && !empty($module) && if (!$error) { setEventMessages($langs->trans('FilesForObjectUpdated', $objectname), null); + setEventMessages($langs->trans('WarningDatabaseIsNotUpdated'), null); + clearstatcache(true); // Make a redirect to reload all data From 6100bc86f85cd77dd1599b6147d61eae9d197fdb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 11 Mar 2022 10:32:06 +0100 Subject: [PATCH 72/72] FIX css not saved in modulebuilder --- htdocs/langs/en_US/modulebuilder.lang | 2 +- htdocs/modulebuilder/index.php | 38 ++++++++++++++----- .../core/modules/modMyModule.class.php | 2 +- 3 files changed, 31 insertions(+), 11 deletions(-) diff --git a/htdocs/langs/en_US/modulebuilder.lang b/htdocs/langs/en_US/modulebuilder.lang index 2c83ada73c2..87044364b39 100644 --- a/htdocs/langs/en_US/modulebuilder.lang +++ b/htdocs/langs/en_US/modulebuilder.lang @@ -138,7 +138,7 @@ CSSViewClass=CSS for read form CSSListClass=CSS for list NotEditable=Not editable ForeignKey=Foreign key -TypeOfFieldsHelp=Type of fields:
varchar(99), double(24,8), real, text, html, datetime, timestamp, integer, integer:ClassName:relativepath/to/classfile.class.php[:1[:filter]] ('1' means we add a + button after the combo to create the record, 'filter' can be 'status=1 AND fk_user = __USER_ID AND entity IN (__SHARED_ENTITIES__)' for example) +TypeOfFieldsHelp=Type of fields:
varchar(99), double(24,8), real, text, html, datetime, timestamp, integer, integer:ClassName:relativepath/to/classfile.class.php[:1[:filter]]
'1' means we add a + button after the combo to create the record
'filter' is a sql condition, example: 'status=1 AND fk_user=__USER_ID__ AND entity IN (__SHARED_ENTITIES__)' AsciiToHtmlConverter=Ascii to HTML converter AsciiToPdfConverter=Ascii to PDF converter TableNotEmptyDropCanceled=Table not empty. Drop has been canceled. diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 4bec7027caf..ba6e951ae55 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -952,6 +952,18 @@ if ($dirins && $action == 'initobject' && $module && GETPOST('createtablearray', if ($fieldname == 'entity') { $index = 1; } + // css + $css = ''; + $cssview = ''; + $csslist = ''; + if ($fieldname == 'import_key') { + $css = 'minwidth300'; + $cssview = 'wordbreak'; + } + if (in_array($fieldname, array('note_public', 'note_private'))) { + $cssview = 'wordbreak'; + } + $string .= "'".$obj->Field."' =>array('type'=>'".$type."', 'label'=>'".$label."',"; if ($default != '') { @@ -969,6 +981,15 @@ if ($dirins && $action == 'initobject' && $module && GETPOST('createtablearray', if ($index) { $string .= ", 'index'=>".$index; } + if ($css) { + $string .= ", 'css'=>".$css; + } + if ($cssview) { + $string .= ", 'cssview'=>".$cssview; + } + if ($csslist) { + $string .= ", 'csslist'=>".$csslist; + } $string .= "),\n"; $string .= "
"; $i += 5; @@ -1320,9 +1341,9 @@ if ($dirins && $action == 'addproperty' && empty($cancel) && !empty($module) && 'isameasure'=>GETPOST('propisameasure', 'int'), 'comment'=>GETPOST('propcomment', 'alpha'), 'help'=>GETPOST('prophelp', 'alpha'), - 'css'=>GETPOST('propcss', 'aZ09'), - 'cssview'=>GETPOST('propcssview', 'aZ09'), - 'csslist'=>GETPOST('propcsslist', 'aZ09'), + 'css'=>GETPOST('propcss', 'alpha'), // Can be 'maxwidth500 widthcentpercentminusxx' for example + 'cssview'=>GETPOST('propcssview', 'alpha'), + 'csslist'=>GETPOST('propcsslist', 'alpha'), 'default'=>GETPOST('propdefault', 'restricthtml'), 'noteditable'=>intval(GETPOST('propnoteditable', 'int')), 'validate' => GETPOST('propvalidate', 'int') @@ -1343,7 +1364,6 @@ if ($dirins && $action == 'addproperty' && empty($cancel) && !empty($module) && // Edit the class file to write properties if (!$error) { $moduletype = 'external'; - var_dump($addfieldentry); $object = rebuildObjectClass($destdir, $module, $objectname, $newmask, $srcdir, $addfieldentry, $moduletype); if (is_numeric($object) && $object <= 0) { @@ -1940,6 +1960,11 @@ if ($module == 'initmodule') { $head2[$h][2] = 'description'; $h++; + $head2[$h][0] = $_SERVER["PHP_SELF"].'?tab=objects&module='.$module.($forceddirread ? '@'.$dirread : ''); + $head2[$h][1] = $langs->trans("Objects"); + $head2[$h][2] = 'objects'; + $h++; + $head2[$h][0] = $_SERVER["PHP_SELF"].'?tab=languages&module='.$module.($forceddirread ? '@'.$dirread : ''); $head2[$h][1] = $langs->trans("Languages"); $head2[$h][2] = 'languages'; @@ -1950,11 +1975,6 @@ if ($module == 'initmodule') { $head2[$h][2] = 'dictionaries'; $h++; - $head2[$h][0] = $_SERVER["PHP_SELF"].'?tab=objects&module='.$module.($forceddirread ? '@'.$dirread : ''); - $head2[$h][1] = $langs->trans("Objects"); - $head2[$h][2] = 'objects'; - $h++; - $head2[$h][0] = $_SERVER["PHP_SELF"].'?tab=permissions&module='.$module.($forceddirread ? '@'.$dirread : ''); $head2[$h][1] = $langs->trans("Permissions"); $head2[$h][2] = 'permissions'; diff --git a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php index 02eb1c18fb6..874d964ad6e 100644 --- a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php +++ b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php @@ -305,7 +305,7 @@ class modMyModule extends DolibarrModules /* BEGIN MODULEBUILDER LEFTMENU MYOBJECT $this->menu[$r++]=array( 'fk_menu'=>'fk_mainmenu=mymodule', // '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode - 'type'=>'left', // This is a Top menu entry + 'type'=>'left', // This is a Left menu entry 'titre'=>'MyObject', 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth valignmiddle"'), 'mainmenu'=>'mymodule',
'.$langs->trans("Year").''.$langs->trans("NbOfTasks").'
0 ? '&userid='.$userid : '').'">'.$oldyear.'
0 ? '&userid='.$userid : '').'">'.$oldyear.'0
0 ? '&userid='.$userid : '').'">'.$year.'
0 ? '&userid='.$userid : '').'">'.$year.''.$val['nb'].'
'.$langs->trans("MAIN_MAIL_EMAIL_DKIM_ENABLED").''; if (isset($conf->global->MAIN_MAIL_SENDMODE) && in_array($conf->global->MAIN_MAIL_SENDMODE, array('swiftmailer'))) { if (function_exists('openssl_open')) { - print yn($conf->global->MAIN_MAIL_EMAIL_DKIM_ENABLED); + print yn(getDolGlobalInt('MAIN_MAIL_EMAIL_DKIM_ENABLED')); } else { print yn(0).' ('.$langs->trans("YourPHPDoesNotHaveSSLSupport").')'; } @@ -887,7 +887,6 @@ if ($action == 'edit') { } setEventMessages($errormsg, null, 'errors'); - print $errormsg; } print '
'; } diff --git a/htdocs/admin/mails_emailing.php b/htdocs/admin/mails_emailing.php index 6b1aa3334b5..40af4c4ae2a 100644 --- a/htdocs/admin/mails_emailing.php +++ b/htdocs/admin/mails_emailing.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors')); $action = GETPOST('action', 'aZ09'); -$cancel = GETPOST('cancel', 'alpha'); +$cancel = GETPOST('cancel', 'aZ09'); if (!$user->admin) { accessforbidden(); @@ -40,17 +40,22 @@ if (!$user->admin) { $usersignature = $user->signature; // For action = test or send, we ensure that content is not html, even for signature, because this we want a test with NO html. if ($action == 'test' || $action == 'send') { - $usersignature = dol_string_nohtmltag($usersignature); + $usersignature = dol_string_nohtmltag($usersignature, 2); } $substitutionarrayfortest = array( -'__LOGIN__' => $user->login, -'__ID__' => 'TESTIdRecord', -'__EMAIL__' => 'TESTEMail', -'__LASTNAME__' => 'TESTLastname', -'__FIRSTNAME__' => 'TESTFirstname', -'__USER_SIGNATURE__' => (($user->signature && empty($conf->global->MAIN_MAIL_DO_NOT_USE_SIGN)) ? $usersignature : ''), -//'__PERSONALIZED__' => 'TESTPersonalized' // Hiden because not used yet + '__DOL_MAIN_URL_ROOT__'=>DOL_MAIN_URL_ROOT, + '__ID__' => 'RecipientIdRecord', + //'__EMAIL__' => 'RecipientEMail', // Done into actions_sendmails + '__CHECK_READ__' => (!empty($object) && is_object($object) && is_object($object->thirdparty)) ? '' : '', + '__USER_SIGNATURE__' => (($user->signature && empty($conf->global->MAIN_MAIL_DO_NOT_USE_SIGN)) ? $usersignature : ''), // Done into actions_sendmails + '__LOGIN__' => $user->login, + '__LASTNAME__' => 'RecipientLastname', + '__FIRSTNAME__' => 'RecipientFirstname', + '__ADDRESS__'=> 'RecipientAddress', + '__ZIP__'=> 'RecipientZip', + '__TOWN_'=> 'RecipientTown', + '__COUNTRY__'=> 'RecipientCountry' ); complete_substitutions_array($substitutionarrayfortest, $langs); @@ -86,10 +91,10 @@ $trackid = (($action == 'testhtml') ? "testhtml" : "test"); $sendcontext = 'emailing'; // Force to use dedicated context of setup for emailing include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php'; -if ($action == 'presend' && GETPOST('trackid') == 'test') { +if ($action == 'presend' && GETPOST('trackid', 'alphanohtml') == 'test') { $action = 'test'; } -if ($action == 'presend' && GETPOST('trackid') == 'testhtml') { +if ($action == 'presend' && GETPOST('trackid', 'alphanohtml') == 'testhtml') { $action = 'testhtml'; } @@ -271,12 +276,15 @@ if ($action == 'edit') { // Host server - print '
'; + print '
'; print $langs->trans("MAIN_MAIL_SMTP_SERVER_NotAvailableOnLinuxLike"); print ''; - print $langs->trans("SeeLocalSendMailSetup"); + print ''.$langs->trans("SeeLocalSendMailSetup").''; + print ''; $mainserver = (!empty($conf->global->MAIN_MAIL_SMTP_SERVER_EMAILING) ? $conf->global->MAIN_MAIL_SMTP_SERVER_EMAILING : ''); $smtpserver = ini_get('SMTP') ?ini_get('SMTP') : $langs->transnoentities("Undefined"); if ($linuxlike) { @@ -287,17 +295,19 @@ if ($action == 'edit') { print ''; // SuperAdministrator access only if (empty($conf->multicompany->enabled) || ($user->admin && !$user->entity)) { - print ''; + print ''; print ''; - print ''.$langs->trans("SeeLocalSendMailSetup").''; + print ''.$langs->trans("SeeLocalSendMailSetup").''; + print ' '.$langs->trans("SeeLinkToOnlineDocumentation").''; } else { $text = !empty($mainserver) ? $mainserver : $smtpserver; $htmltext = $langs->trans("ContactSuperAdminForChange"); print $form->textwithpicto($text, $htmltext, 1, 'superadmin'); print ''; } + print '
'; - print $langs->trans("SeeLocalSendMailSetup"); + print ''.$langs->trans("SeeLocalSendMailSetup").''; } else { $mainport = (!empty($conf->global->MAIN_MAIL_SMTP_PORT_EMAILING) ? $conf->global->MAIN_MAIL_SMTP_PORT_EMAILING : ''); $smtpport = ini_get('smtp_port') ?ini_get('smtp_port') : $langs->transnoentities("Undefined"); @@ -319,7 +329,7 @@ if ($action == 'edit') { if (empty($conf->multicompany->enabled) || ($user->admin && !$user->entity)) { print ''; print ''; - print ''.$langs->trans("SeeLocalSendMailSetup").''; + print ''.$langs->trans("SeeLocalSendMailSetup").''; } else { $text = (!empty($mainport) ? $mainport : $smtpport); $htmltext = $langs->trans("ContactSuperAdminForChange"); @@ -360,7 +370,6 @@ if ($action == 'edit') { } // TLS - print '
'.$langs->trans("MAIN_MAIL_EMAIL_TLS").''; if (!empty($conf->use_javascript_ajax) || (isset($conf->global->MAIN_MAIL_SENDMODE_EMAILING) && in_array($conf->global->MAIN_MAIL_SENDMODE_EMAILING, array('smtps', 'swiftmailer')))) { if (function_exists('openssl_open')) { @@ -374,7 +383,6 @@ if ($action == 'edit') { print '
'.$langs->trans("MAIN_MAIL_EMAIL_STARTTLS").''; if (!empty($conf->use_javascript_ajax) || (isset($conf->global->MAIN_MAIL_SENDMODE_EMAILING) && in_array($conf->global->MAIN_MAIL_SENDMODE_EMAILING, array('smtps', 'swiftmailer')))) { if (function_exists('openssl_open')) { @@ -388,7 +396,6 @@ if ($action == 'edit') { print '
'.$langs->trans("MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").''; if (!empty($conf->use_javascript_ajax) || (isset($conf->global->MAIN_MAIL_SENDMODE_EMAILING) && in_array($conf->global->MAIN_MAIL_SENDMODE_EMAILING, array('smtps', 'swiftmailer')))) { if (function_exists('openssl_open')) { @@ -414,6 +421,7 @@ if ($action == 'edit') { print ''.$langs->trans("EMailsDesc")."
\n"; print "

\n"; + print '
'; // You can use div-table-responsive-no-min if you dont need reserved height for your table print ''; print ''; @@ -460,7 +468,7 @@ if ($action == 'edit') { print yn(0).' ('.$langs->trans("YourPHPDoesNotHaveSSLSupport").')'; } } else { - print yn(0).' ('.$langs->trans("NotSupported").')'; + print ''.yn(0).' ('.$langs->trans("NotSupported").')'; } print ''; @@ -492,6 +500,7 @@ if ($action == 'edit') { } print '
'.$langs->trans("Parameter").''.$langs->trans("Value").'
'; + print '
'; print dol_get_fiche_end(); @@ -543,6 +552,7 @@ if ($action == 'edit') { // Run the test to connect if ($action == 'testconnect') { + print '
'; print load_fiche_titre($langs->trans("DoTestServerAvailability")); include_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; @@ -573,16 +583,18 @@ if ($action == 'edit') { // Cree l'objet formulaire mail include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; $formmail = new FormMail($db); + $formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test"); $formmail->fromname = (GETPOSTISSET('fromname') ? GETPOST('fromname', 'restricthtml') : $conf->global->MAIN_MAIL_EMAIL_FROM); $formmail->frommail = (GETPOSTISSET('frommail') ? GETPOST('frommail', 'restricthtml') : $conf->global->MAIN_MAIL_EMAIL_FROM); - $formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test"); + $formmail->fromid = $user->id; + $formmail->fromalsorobot = 1; $formmail->withfromreadonly = 0; $formmail->withsubstit = 0; $formmail->withfrom = 1; $formmail->witherrorsto = 1; - $formmail->withto = (!GETPOST('sendto') ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1)); - $formmail->withtocc = (!GETPOST(['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty - $formmail->withtoccc = (!GETPOST(['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty + $formmail->withto = (GETPOSTISSET('sendto') ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1)); + $formmail->withtocc = (GETPOSTISSET(['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty + $formmail->withtoccc = (GETPOSTISSET(['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty $formmail->withtopic = (GETPOSTISSET('subject') ? GETPOST('subject') : $langs->trans("Test")); $formmail->withtopicreadonly = 0; $formmail->withfile = 2; @@ -601,7 +613,7 @@ if ($action == 'edit') { $formmail->param["returnurl"] = $_SERVER["PHP_SELF"]; // Init list of files - if (GETPOST("mode") == 'init') { + if (GETPOST("mode", "aZ09") == 'init') { $formmail->clear_attached_files(); } From 5680e7c3d72594976200ec4cd7ba2fef6e0d7f99 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Mar 2022 18:26:00 +0100 Subject: [PATCH 69/72] FIX Cancel edit on surveyr --- htdocs/opensurvey/results.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index e37f9bf3de5..b807484cfd4 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -53,7 +53,7 @@ $nblines = $object->fetch_lines(); // Return to the results if (GETPOST('retoursondage')) { - header('Location: results.php?id='.GETPOST('id', 'int')); + header('Location: results.php?id='.(GETPOSTISSET('id_sondage') ? GETPOST('id_sondage', 'aZ09') : GETPOST('id', 'int'))); exit; } @@ -588,6 +588,7 @@ if (GETPOST('ajoutsujet')) { $tmparray = array('checkbox'=>$langs->trans("CheckBox"), 'yesno'=>$langs->trans("YesNoList"), 'foragainst'=>$langs->trans("PourContreList")); print $langs->trans("Type").' '.$form->selectarray("typecolonne", $tmparray, GETPOST('typecolonne')).'

'; print ''; + print ''; print '     '; print ''; print '

'."\n"; @@ -663,6 +664,7 @@ $nbcolonnes = substr_count($object->sujet, ',') + 1; print ''."\n"; print ''; +print ''; print '
'."\n"; @@ -851,7 +853,7 @@ while ($compteur < $num) { print '
'."\n"; if ($user->rights->opensurvey->write) { - print ''."\n"; + print ''."\n"; } // Name @@ -1012,7 +1014,7 @@ while ($compteur < $num) { // Button edit at end of line if ($compteur != $ligneamodifier && ($user->rights->opensurvey->write)) { - print ''; print ''; - print ''; + print ''; print ''; print ''; print ''; @@ -2881,8 +2881,8 @@ if ($module == 'initmodule') { print ''; if ($proparrayofkeyval) { - print ''; - print dol_escape_htmltag(json_encode($proparrayofkeyval)); + print ''; + print dol_escape_htmltag(json_encode($proparrayofkeyval, JSON_UNESCAPED_UNICODE)); print ''; } print '