diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index 48613e67d43..a1dfb78a2c5 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -7,7 +7,7 @@ * Copyright (C) 2014 Juanjo Menent * Copyright (C) 2016 Ferran Marcet * Copyright (C) 2018 Frédéric France - * Copyright (C) 2018 Charlene Benke + * Copyright (C) 2018-2020 Charlene Benke * Copyright (C) 2019 Nicolas ZABOURI * * This program is free software; you can redistribute it and/or modify @@ -537,7 +537,7 @@ if (!empty($extrafields->attributes[$object->table_element]['label'])) { } // Add fields from hooks $parameters = array(); -$reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook +$reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters, $object); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as country on (country.rowid = s.fk_pays)"; @@ -556,6 +556,9 @@ if ($search_user > 0) $sql .= ", ".MAIN_DB_PREFIX."element_contact as ec"; $sql .= ", ".MAIN_DB_PREFIX."c_type_contact as tc"; } +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; $sql .= ' WHERE cf.fk_soc = s.rowid'; $sql .= ' AND cf.entity IN ('.getEntity('supplier_order').')'; if ($socid > 0) $sql .= " AND s.rowid = ".$socid; @@ -595,7 +598,7 @@ if ($search_project_ref != '') $sql .= natural_search("p.ref", $search_project_r include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; // Add where from hooks $parameters = array(); -$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook +$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $object); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; $sql .= $db->order($sortfield, $sortorder); @@ -675,6 +678,10 @@ if ($resql) // Add $param from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php'; + $parameters = array(); + $reshook = $hookmanager->executeHooks('printFieldListSearchParam', $parameters, $object); // Note that $action and $object may have been modified by hook + $param .= $hookmanager->resPrint; + // List of mass actions available $arrayofmassactions = array( 'generate_doc'=>$langs->trans("ReGeneratePDF"), diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 2e8cd316bc0..1553869d1f1 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -252,7 +252,6 @@ class Productcustomerprice extends CommonObject $sql = "SELECT"; $sql .= " t.rowid,"; - $sql .= " t.entity,"; $sql .= " t.datec,"; $sql .= " t.tms,"; @@ -330,7 +329,6 @@ class Productcustomerprice extends CommonObject $sql = "SELECT"; $sql .= " t.rowid,"; - $sql .= " t.entity,"; $sql .= " t.datec,"; $sql .= " t.tms,"; @@ -363,15 +361,16 @@ class Productcustomerprice extends CommonObject // Manage filter if (count($filter) > 0) { foreach ($filter as $key => $value) { - if (strpos($key, 'date')) // To allow $filter['YEAR(s.dated)']=>$year - { - $sql .= ' AND '.$key.' = \''.$value.'\''; + if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year + $sql .= ' AND '.$key.' = \''.$this->db->escape($value).'\''; } elseif ($key == 'soc.nom') { - $sql .= ' AND '.$key.' LIKE \'%'.$value.'%\''; - } elseif ($key == 'prod.ref') { - $sql .= ' AND '.$key.' LIKE \'%'.$value.'%\''; + $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + } elseif ($key == 'prod.ref' || $key == 'prod.label') { + $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + } elseif ($key == 't.price' || $key == 't.price_ttc') { + $sql .= ' AND ' . $key . ' LIKE \'%' . price2num($value) . '%\''; } else { - $sql .= ' AND '.$key.' = '.$value; + $sql .= ' AND '.$key.' = '.((int) $value); } } } diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index 4a709fb9009..0e4ecfedbcb 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -43,6 +43,9 @@ $langs->loadLangs(array("products", "companies", "bills")); $action = GETPOST('action', 'aZ09'); $search_prod = GETPOST('search_prod', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); +$search_label = GETPOST('search_label', 'alpha'); +$search_price = GETPOST('search_price'); +$search_price_ttc = GETPOST('search_price_ttc'); // Security check $socid = GETPOST('socid', 'int') ?GETPOST('socid', 'int') : GETPOST('id', 'int'); @@ -70,7 +73,7 @@ if (empty($reshook)) { if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) // Both test are required to be compatible with all browsers { - $search_prod = ''; + $search_prod = $search_label = $search_price = $search_price_ttc = ''; } if ($action == 'add_customer_price_confirm' && !$cancel && ($user->rights->produit->creer || $user->rights->service->creer)) { @@ -259,6 +262,18 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { $filter ['prod.ref'] = $search_prod; } + if (! empty($search_label)) { + $filter ['prod.label'] = $search_label; + } + + if (! empty($search_price)) { + $filter ['t.price'] = $search_price; + } + + if (! empty($search_price_ttc)) { + $filter ['t.price_ttc'] = $search_price_ttc; + } + if ($action == 'add_customer_price') { // Create mode @@ -517,7 +532,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { setEventMessages($prodcustprice->error, $prodcustprice->errors, 'errors'); } - $option = '&search_prod='.$search_prod.'&id='.$object->id; + $option = '&search_prod=' . $search_prod . '&id=' . $object->id . '&label=' . $search_label .'&price=' . $search_price . '&price_ttc=' . $search_price_ttc; print ''."\n"; @@ -530,7 +545,8 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''; print ''; - print ''; + print ''; + print ''; print ''; print ''; print ''; @@ -546,7 +562,11 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { { print ''; print ''; - print ''; + print ''; + print ''; + print ''; + print ''; + print ''; // Print the search button print '"; + print ""; print ""; print '"; diff --git a/htdocs/user/vcard.php b/htdocs/user/vcard.php index 5d99a4a9e89..9d8fd6478b4 100644 --- a/htdocs/user/vcard.php +++ b/htdocs/user/vcard.php @@ -40,8 +40,6 @@ if ($user->socid > 0) $socid = $user->socid; $feature2 = 'user'; $result = restrictedArea($user, 'user', $id, 'user', $feature2); -if ($user->id <> $id && !$canreaduser) accessforbidden(); - $result = $user2->fetch($id); if ($result <= 0)
'.$langs->trans("Product").'' . $langs->trans("Ref") . '' . $langs->trans("Product") . ''.$langs->trans("AppliedPricesFrom").''.$langs->trans("PriceBase").''.$langs->trans("VAT").'
   '; $searchpicto = $form->showFilterAndCheckAddButtons(0); @@ -565,6 +585,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { $staticprod->fetch($line->fk_product); print "".$staticprod->getNomUrl(1)."" . $staticprod->label ."".dol_print_date($line->datec, "dayhour")."'.$langs->trans($line->price_base_type)."