diff --git a/htdocs/.gitignore b/htdocs/.gitignore index 1650ea7e5ae..9d1e0435f86 100644 --- a/htdocs/.gitignore +++ b/htdocs/.gitignore @@ -4,6 +4,7 @@ /dolimed* /ecommerce* /extensions* +/forceproject* /google* /lead /multicompany* diff --git a/htdocs/admin/supplier_proposal.php b/htdocs/admin/supplier_proposal.php index 345f622a533..8fc0c4877c8 100644 --- a/htdocs/admin/supplier_proposal.php +++ b/htdocs/admin/supplier_proposal.php @@ -274,7 +274,7 @@ foreach ($dirmodels as $reldir) while (($file = readdir($handle))!==false) { - if (substr($file, 0, 21) == 'mod_supplier_proposal_' && substr($file, dol_strlen($file)-3, 3) == 'php') + if (substr($file, 0, 22) == 'mod_supplier_proposal_' && substr($file, dol_strlen($file)-3, 3) == 'php') { $file = substr($file, 0, dol_strlen($file)-4); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 8a4aae44c23..e6278d1fc6a 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -1405,7 +1405,7 @@ if (empty($reshook)) $product_desc=(GETPOST('dp_desc')?GETPOST('dp_desc'):''); $price_ht = GETPOST('price_ht'); $price_ht_devise = GETPOST('multicurrency_price_ht'); - $prod_entry_mode = GETPOST('prod_entry_mode'); + $prod_entry_mode = GETPOST('prod_entry_mode','alpha'); if ($prod_entry_mode == 'free') { $idprod=0; @@ -2483,7 +2483,8 @@ if ($action == 'create') else { print '
'; - $tmp=' '; + if (empty($conf->global->INVOICE_CREDIT_NOTE_STANDALONE)) $tmp=' '; + else $tmp=' '; $text = $tmp.$langs->trans("InvoiceAvoir") . ' '; $text.= '('.$langs->trans("YouMustCreateInvoiceFromThird").') '; $desc = $form->textwithpicto($text, $langs->transnoentities("InvoiceAvoirDesc"), 1, 'help', '', 0, 3); @@ -3909,12 +3910,12 @@ else if ($id > 0 || ! empty($ref)) if ($object->situation_cycle_ref && $object->statut == 0) { print '
'; - print '
'; + print ''; print ''; print ''; print ''; - print ''; + print '
'; print ''; diff --git a/htdocs/compta/facture/fiche-rec.php b/htdocs/compta/facture/fiche-rec.php index b09bd7f60f3..cb43c05680b 100644 --- a/htdocs/compta/facture/fiche-rec.php +++ b/htdocs/compta/facture/fiche-rec.php @@ -141,7 +141,7 @@ if (empty($reshook)) if (GETPOST('cancel')) $action=''; // Set note - include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include, not include_once + include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include, not include_once include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php'; // Must be include, not include_once diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index f3f4e689467..fe93387cadb 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -397,8 +397,8 @@ abstract class CommonObject //print "lastname=".$this->lastname." name=".$this->name." nom=".$this->nom."
\n"; $lastname=$this->lastname; $firstname=$this->firstname; - if (empty($lastname)) $lastname=(isset($this->lastname)?$this->lastname:(isset($this->name)?$this->name:(isset($this->nom)?$this->nom:''))); - + if (empty($lastname)) $lastname=(isset($this->lastname)?$this->lastname:(isset($this->name)?$this->name:(isset($this->nom)?$this->nom:(isset($this->societe)?$this->societe:(isset($this->company)?$this->company:''))))); + $ret=''; if ($option && $this->civility_id) { diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 561504f7845..0807461e9e6 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -577,16 +577,16 @@ class Form jQuery(".massaction").hide(); } } - + jQuery(document).ready(function () { initCheckForSelect(); jQuery(".checkforselect").click(function() { initCheckForSelect(); }); jQuery(".massactionselect").change(function() { - var massaction = $( this ).val(); + var massaction = $( this ).val(); var urlform = $( this ).closest("form").attr("action").replace("#show_files",""); - if (massaction == "builddoc") + if (massaction == "builddoc") { urlform = urlform + "#show_files"; } @@ -989,7 +989,7 @@ class Form $out.= ajax_autocompleter($selected, $htmlname, DOL_URL_ROOT.'/societe/ajax/company.php', $urloption, $conf->global->COMPANY_USE_SEARCH_TO_SELECT, 0, $ajaxoptions); $out.=''; if (empty($hidelabel)) print $langs->trans("RefOrLabel").' : '; @@ -1034,7 +1034,7 @@ class Form { global $conf,$user,$langs; - $out=''; + $out=''; $num=0; $outarray=array(); @@ -1076,8 +1076,6 @@ class Form $resql=$this->db->query($sql); if ($resql) { - $events = null; - if ($conf->use_javascript_ajax && ! $forcecombo) { include_once DOL_DOCUMENT_ROOT . '/core/lib/ajax.lib.php'; @@ -4178,7 +4176,7 @@ class Form } print ''; } - if ($more) + if ($more) { print '
'; print $more; @@ -5017,10 +5015,16 @@ class Form * @param string $sort 'ASC' or 'DESC' = Sort on label, '' or 'NONE' or 'POS' = Do not sort, we keep original order * @param string $morecss Add more class to css styles * @param int $addjscombo Add js combo +<<<<<<< HEAD * @param string $moreparamonempty Add more param on the empty option line. Not used if show_empty not set * @param int $disablebademail Check if an email is found into value and if not disable and colorize entry * @param int $nohtmlescape No html escaping. * @return string HTML select string +======= + * @param string $moreparamonempty Add more param on the empty option line. Not used if show_empty not set. + * @param int $disablebademail Check if an email is found into value and if not disable and colorize entry. + * @return string HTML select string. +>>>>>>> branch '5.0' of git@github.com:Dolibarr/dolibarr.git * @see multiselectarray */ static function selectarray($htmlname, $array, $id='', $show_empty=0, $key_in_label=0, $value_as_key=0, $moreparam='', $translate=0, $maxlen=0, $disabled=0, $sort='', $morecss='', $addjscombo=0, $moreparamonempty='',$disablebademail=0, $nohtmlescape=0) @@ -5594,7 +5598,7 @@ class Form { $listofidcompanytoscan=$object->thirdparty->id; if (($object->thirdparty->parent > 0) && ! empty($conf->global->THIRDPARTY_INCLUDE_PARENT_IN_LINKTO)) $listofidcompanytoscan.=','.$object->thirdparty->parent; - + $possiblelinks=array( 'propal'=>array('enabled'=>$conf->propal->enabled, 'perms'=>1, 'label'=>'LinkToProposal', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('propal',1).')'), 'order'=>array('enabled'=>$conf->commande->enabled, 'perms'=>1, 'label'=>'LinkToOrder', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('commande',1).')'), @@ -5606,7 +5610,7 @@ class Form 'invoice_supplier'=>array('enabled'=>$conf->fournisseur->facture->enabled , 'perms'=>1, 'label'=>'LinkToSupplierInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_fourn as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('facture_fourn',1).')') ); } - + global $action; // Can complete the possiblelink array @@ -5845,7 +5849,7 @@ class Form //print "paramid=$paramid,morehtml=$morehtml,shownav=$shownav,$fieldid,$fieldref,$morehtmlref,$moreparam"; $object->load_previous_next_ref((isset($object->next_prev_filter)?$object->next_prev_filter:''),$fieldid,$nodbprefix); - + $navurl = $_SERVER["PHP_SELF"]; // Special case for project/task page if ($paramid == 'project_ref') @@ -5902,11 +5906,11 @@ class Form } else if (in_array($object->element, array('action', 'agenda'))) { - $ret.=$object->ref.'
'.$object->label; + $ret.=$object->ref.'
'.$object->label; } else if ($fieldref != 'none') $ret.=dol_htmlentities($object->$fieldref); - - + + if ($morehtmlref) { $ret.=' '.$morehtmlref; diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 2fa2599e4d3..3c37a18ab27 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1064,7 +1064,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon='', $noprint= if (get_class($filterobj) == 'Societe') $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid"; if (get_class($filterobj) == 'Adherent') $sql.= ", ".MAIN_DB_PREFIX."adherent as m"; if (get_class($filterobj) == 'CommandeFournisseur') $sql.= ", ".MAIN_DB_PREFIX."commande_fournisseur as o"; - $sql.= " WHERE u.rowid = a.fk_user_author"; + $sql.= " WHERE u.rowid = a.fk_user_action"; $sql.= " AND a.entity IN (".getEntity('agenda', 1).")"; if (get_class($filterobj) == 'Societe' && $filterobj->id) $sql.= " AND a.fk_soc = ".$filterobj->id; if (get_class($filterobj) == 'Project' && $filterobj->id) $sql.= " AND a.fk_project = ".$filterobj->id; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 9ecfdc037f3..6aa19c4ae3b 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -406,6 +406,9 @@ function GETPOST($paramname, $check='', $method=0, $filter=NULL, $options=NULL) case 'int': if (! is_numeric($out)) { $out=''; } break; + case 'intcomma': + if (preg_match('/[^0-9,]+/i',$out)) $out=''; + break; case 'alpha': $out=trim($out); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. diff --git a/htdocs/resource/list.php b/htdocs/resource/list.php index f8a1fb6be61..44524cd7acd 100644 --- a/htdocs/resource/list.php +++ b/htdocs/resource/list.php @@ -91,15 +91,11 @@ if (empty($sortorder)) $sortorder="ASC"; if (empty($sortfield)) $sortfield="t.rowid"; if (empty($arch)) $arch = 0; -$page = GETPOST('page','int'); -if ($page == -1) { - $page = 0 ; -} +$limit = GETPOST("limit")?GETPOST("limit","int"):$conf->liste_limit; +$page = GETPOST("page"); $page = is_numeric($page) ? $page : 0; $page = $page == -1 ? 0 : $page; -if (! $sortfield) $sortfield="p.ref"; -if (! $sortorder) $sortorder="ASC"; -$offset = $conf->liste_limit * $page ; +$offset = $limit * $page ; $pageprev = $page - 1; $pagenext = $page + 1; diff --git a/htdocs/theme/eldy/style.css.php b/htdocs/theme/eldy/style.css.php index 3e995d83c83..33bba8f1404 100644 --- a/htdocs/theme/eldy/style.css.php +++ b/htdocs/theme/eldy/style.css.php @@ -956,7 +956,7 @@ div.vmenu, td.vmenu { } .side-nav { position: absolute; - z-index: 200; + z-index: 90; display: none; } div.blockvmenulogo @@ -4133,7 +4133,7 @@ span.noborderoncategories { /* ============================================================================== */ ul.ulselectedfields { - z-index: 100; /* To have the select box appears on first plan even when near buttons are decorated by jmobile */ + z-index: 95; /* To have the select box appears on first plan even when near buttons are decorated by jmobile */ } dl.dropdown { margin:0px; diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 4fd3d736f04..a1851dc4a76 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -943,7 +943,7 @@ td.showDragHandle { position: fixed; top: 50px; - z-index: 200; + z-index: 90; -webkit-transform: translateZ(0); -moz-transform: translateZ(0); -ms-transform: translateZ(0); @@ -1000,7 +1000,7 @@ div.login_block { position: auto; top: auto; - z-index: 200; + z-index: 90; } div.login_block { /* position: initial !important;*/ @@ -1010,7 +1010,7 @@ div.login_block { padding-left: 0 ! important; } #id-left { - z-index: 201; + z-index: 91; background: #FFF; border-right: 1px solid rgba(0,0,0,0.3); browser->layout, array('phone','tablet')) && ((GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER)) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))) { ?> @@ -4224,7 +4224,7 @@ span.noborderoncategories { /* ============================================================================== */ ul.ulselectedfields { - z-index: 100; /* To have the select box appears on first plan even when near buttons are decorated by jmobile */ + z-index: 90; /* To have the select box appears on first plan even when near buttons are decorated by jmobile */ } dl.dropdown { margin:0px; diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php index cd9a16ea2b9..af73e1305bb 100644 --- a/htdocs/user/class/usergroup.class.php +++ b/htdocs/user/class/usergroup.class.php @@ -69,7 +69,7 @@ class UserGroup extends CommonObject /** - * Charge un objet group avec toutes ces caracteristiques (excpet ->members array) + * Charge un objet group avec toutes ces caracteristiques (except ->members array) * * @param int $id id du groupe a charger * @param string $groupname name du groupe a charger @@ -336,16 +336,16 @@ class UserGroup extends CommonObject $error++; dol_print_error($this->db); } - + if (! $error) { $this->context = array('audit'=>$langs->trans("PermissionsAdd")); - + // Call trigger $result=$this->call_trigger('GROUP_MODIFY',$user); if ($result < 0) { $error++; } // End call triggers - } + } } if ($error) { @@ -445,11 +445,11 @@ class UserGroup extends CommonObject $error++; dol_print_error($this->db); } - + if (! $error) { $this->context = array('audit'=>$langs->trans("PermissionsDelete")); - + // Call trigger $result=$this->call_trigger('GROUP_MODIFY',$user); if ($result < 0) { $error++; } @@ -815,7 +815,7 @@ class UserGroup extends CommonObject $muser=new User($this->db); $muser->fetch($val->id); $info2 = $muser->_load_ldap_info(); - $valueofldapfield[] = $muser->_load_ldap_dn($info2); + $valueofldapfield[] = $muser->_load_ldap_dn($info2); } $info[$conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS] = (!empty($valueofldapfield)?$valueofldapfield:''); } @@ -843,7 +843,11 @@ class UserGroup extends CommonObject $this->note='This is a note'; $this->datec=time(); $this->datem=time(); - $this->members=array($user->id); // Members of this group is just me + + // Members of this group is just me + $this->members=array( + $user->id => $user + ); } /** diff --git a/htdocs/user/index.php b/htdocs/user/index.php index 4cec562ce44..8333acbbb79 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -119,9 +119,9 @@ $search_gender=GETPOST('search_gender','alpha'); $search_employee=GETPOST('search_employee','alpha'); $search_accountancy_code=GETPOST('search_accountancy_code','alpha'); $search_email=GETPOST('search_email','alpha'); -$search_statut=GETPOST('search_statut','alpha'); +$search_statut=GETPOST('search_statut','intcomma'); $search_thirdparty=GETPOST('search_thirdparty','alpha'); -$search_supervisor=GETPOST('search_supervisor','alpha'); +$search_supervisor=GETPOST('search_supervisor','intcomma'); $search_previousconn=GETPOST('search_previousconn','alpha'); $optioncss = GETPOST('optioncss','alpha'); @@ -148,7 +148,7 @@ if (empty($reshook)) include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php'; // Purge search criteria - if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") ||GETPOST("button_removefilter")) // All test are required to be compatible with all browsers + if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") ||GETPOST("button_removefilter")) // All tests are required to be compatible with all browsers { $search_user=""; $search_login=""; @@ -204,8 +204,8 @@ else } if ($socid > 0) $sql.= " AND u.fk_soc = ".$socid; //if ($search_user != '') $sql.=natural_search(array('u.login', 'u.lastname', 'u.firstname'), $search_user); -if ($search_supervisor > 0) $sql.= " AND u.fk_user = ".$search_supervisor; -if ($search_thirdparty != '') $sql.=natural_search(array('s.nom'), $search_thirdparty); +if ($search_supervisor > 0) $sql.= " AND u.fk_user = ".$db->escape($search_supervisor); +if ($search_thirdparty != '') $sql.= natural_search(array('s.nom'), $search_thirdparty); if ($search_login != '') $sql.= natural_search("u.login", $search_login); if ($search_lastname != '') $sql.= natural_search("u.lastname", $search_lastname); if ($search_firstname != '') $sql.= natural_search("u.firstname", $search_firstname); @@ -214,9 +214,9 @@ if (is_numeric($search_employee) && $search_employee >= 0) { $sql .= ' AND u.employee = '.(int) $search_employee; } if ($search_accountancy_code != '') $sql.= natural_search("u.accountancy_code", $search_accountancy_code); -if ($search_email != '') $sql.= natural_search("u.email", $search_email); -if ($search_statut != '' && $search_statut >= 0) $sql.= " AND (u.statut=".$search_statut.")"; -if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall); +if ($search_email != '') $sql.= natural_search("u.email", $search_email); +if ($search_statut != '' && $search_statut >= 0) $sql.= " AND u.statut IN (".$db->escape($search_statut).")"; +if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall); // Add where from extra fields foreach ($search_array_options as $key => $val) {