lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'Dolibarr/develop' into develop

Browse Source
This commit is contained in:
Inovea Conseil 2020-09-24 16:44:35 +02:00
commit eb7a8ccb73
808 changed files with 7461 additions and 4745 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
.github/workflows/exakat.yml vendored Normal file
View File

@ -0,0 +1,17 @@
# See syntax file on https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions
name: "Exakat analysis"
on:
schedule:
- cron: "0 20 * * *"
jobs:
exakat:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Exakat
uses: docker://exakat/exakat-ga
with:
ignore_rules: 'Classes/DontUnsetProperties,Classes/NonPpp,Classes/StaticMethodsCalledFromObject,Classes/UseClassOperator,Functions/UsesDefaultArguments,Php/NoClassInGlobal,Php/ShouldUseCoalesce,Structures/MergeIfThen,Structures/ElseIfElseif,Structures/RepeatedPrint,Structures/UselessParenthesis'
ignore_dirs: '/htdocs/includes,/htdocs/build,/htdocs/dev,/htdocs/doc,/htdocs/scripts,/htdocs/test'

49
ChangeLog
View File

@ -2,6 +2,7 @@
English Dolibarr ChangeLog
--------------------------------------------------------------
***** ChangeLog for 13.0.0 compared to 12.0.0 *****
For users:
NEW: Add module Credit transfer SEPA to manage payment of supplier using bank credit transfer SEPA files
@ -18,8 +19,56 @@ Following changes may create regressions for some external modules, but were nec
* The hidden option HOLIDAY_MORE_PUBLIC_HOLIDAYS has been removed. Use instead the dictionary table if you need to define custom
days of holiday.
* Property num_paiement has been renamed num_payment everywhere for better code consistency.
* If you build a class that implement CommonObject to use the incoterm properties or method (->fk_incoterm, ->label_incoterm, ->location_incoterm),
you must now also include declaration of the Trait CommonIncoterm in your class. All incoterm functions were moved into this Trait.
* The GETPOST(..., 'alpha') has now the same behaviour than GETPOST(..., 'alpahnohtml');
***** ChangeLog for 12.0.3 compared to 12.0.2 *****
FIX: 10.0 - when the mime file name is different from the filesystem name, the attachment name should be the mime filename
FIX: 11.0 - expenses lines overlapping the total amounts frame
FIX: 12.0 - round value of virtual stock on product stock reassort list
FIX: #14469
FIX: #14474 Error when deleting
FIX: #14530
FIX: #14703
FIX: - Accountancy balance Error SQL on entity
FIX: Bad number of subscription (forgotten when member was resiliated)
FIX: bad route url to delete subproduct with API
FIX: Category for suplements not saved
FIX: Compatibility with modules without document generation
FIX: Cron load lang
FIX: CSS
FIX: Error management. Do no try to approve PO if validation fails.
FIX: expenses lines overlapping the frame for total amounts.
FIX: Filter in "billed" of orders was not saved
FIX: infinite fetch object linked loop
FIX: Intervention lose html tags when updating
FIX: JS CRASH - bad usage of moreparam
FIX: lang fr retained warranty
FIX: Look and feel v12: First tab must be name of object
FIX: missing entity check
FIX: missing param for hook
FIX: Missing transaction on PO actions
FIX: MySql Strict mode
FIX: param entity in html form file
FIX: Problems on FEC format
FIX: round stock value on product list
FIX: - Send mail from contact : select mail model
FIX: set sales representatives on create company card
FIX: Setup of stock increase/decrease
FIX: sign of amount with credit note and multicurrencies
FIX: Static property called as non static
FIX: task leftmenu
FIX: title button attribute id empty
FIX: unit price divided by quantity when accepting supplier price proposal
FIX: Update extrafields on line only if it is supported
FIX: Update line of BOM
FIX: using decimal on stock correction
FIX: Visualization rights correction on last modified contacts box
FIX: Wrong redirection
FIX: Yogosha report 4425 (backport)
***** ChangeLog for 12.0.2 compared to 12.0.1 *****
FIX: computation of the bottom margin of <body> returns NaN because body is not loaded yet
FIX: DebugBar hides content at page bottom

22
SECURITY.md
View File

@ -62,13 +62,19 @@ No vulnerability disclosure, including partial is allowed for the moment.
## Scope for qualified vulnerabilities
ONLY vulnerabilities discovered, when the following setup on tested platform is used, are accepted:
ONLY vulnerabilities discovered, when the following setup on test platform is used, are accepted:
* $dolibarr_main_prod must be set to 1 into conf.php
* $dolibarr_nocsrfcheck must be kept to the value 1 into conf.php (this is the default value)
* The module DebugBar must NOT be enabled (by default, this module is not enabled)
* $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value)
* $dolibarr_main_force_https must be set to something else than 0.
* The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be enabled soon by default)
* ONLY security reports on "stable" modules are allowed (troubles into "experimental" and "developement" modules are not accepted).
* The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool)
* The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool)
* ONLY security reports on modules provided by default and with the "stable" status are allowed (troubles into "experimental", "developement" or external modules are not accepted).
* The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer).
* The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly.
* CSRF attacks are accepted for all when using a POST URL, but are accepted only for creating or updating data resctricted to the admin user when using GET URL.
* Ability for a high level user to edit web site pages in the CMS by including javascript is an expected feature.
Scope is the web application (back office) and the APIs.
@ -91,19 +97,19 @@ Scope is the web application (back office) and the APIs.
## Non-qualifying vulnerabilities for Bug bounty programs, but qualified for reporting
* "Self" XSS
* Missing cookie flags
* SSL/TLS best practices
* Denial of Service attacks
* Clickjacking/UI redressing
* Physical or social engineering attempts
* Physical or social engineering attempts or issues that require physical access to a victims computer/device
* Presence of autocomplete attribute on web forms
* Vulnerabilities affecting outdated browsers or platforms
* Issues that require physical access to a victims computer/device
* Logout and other instances of low-severity Cross-Site Request Forgery
* Missing cookie flags
* Missing security-related HTTP headers which do not lead directly to a vulnerability
* Reports from automated web vulnerability scanners (Acunetix, Vega, etc.) that have not been validated
* Invalid or missing SPF (Sender Policy Framework) records (Incomplete or missing SPF/DKIM/DMARC)
* Reports on features flagged as "experimental" or "development"
* Software version disclosure when logged user is admin
* Software version or private IP disclosure when logged user is admin
* Stack traces or path disclosure when logged user is admin
* Any vulnerabilities due to a configuration different than the one defined into chapter "Scope for qualified vulnerabilities".

5
dev/initdemo/initdemo.sh
View File

@ -69,6 +69,7 @@ then
255)
exit;;
esac
rm $fichtemp
# ----------------------------- database name
DIALOG=${DIALOG=dialog}
@ -86,6 +87,7 @@ then
255)
exit;;
esac
rm $fichtemp
# ---------------------------- database port
DIALOG=${DIALOG=dialog}
@ -104,6 +106,7 @@ then
255)
exit;;
esac
rm $fichtemp
# ---------------------------- compte admin mysql
DIALOG=${DIALOG=dialog}
@ -122,6 +125,7 @@ then
255)
exit;;
esac
rm $fichtemp
# ---------------------------- mot de passe admin mysql
DIALOG=${DIALOG=dialog}
@ -140,6 +144,7 @@ then
255)
exit;;
esac
rm $fichtemp
export documentdir=`cat $mydir/../../htdocs/conf/conf.php | grep '^\$dolibarr_main_data_root' | sed -e 's/$dolibarr_main_data_root=//' | sed -e 's/;//' | sed -e "s/'//g" | sed -e 's/"//g' `

166
dev/initdemo/initdemopassword.sh Executable file
View File

@ -0,0 +1,166 @@
#!/bin/sh
#------------------------------------------------------
# Script to reinit admin password.
# Note: "dialog" tool need to be available if no parameter provided.
#
# Laurent Destailleur - eldy@users.sourceforge.net
#------------------------------------------------------
# Usage: initdemopassword.sh confirm
# usage: initdemopassword.sh confirm base port login pass
#------------------------------------------------------
export mydir=`echo "$0" | sed -e 's/initdemopassword.sh//'`;
if [ "x$mydir" = 'x' -o "x$mydir" = 'x./' ]
then
export mydir="."
fi
export id=`id -u`;
# ----------------------------- check if root
if [ "x$id" != "x0" -a "x$id" != "x1001" ]
then
echo "Script must be ran as root"
exit
fi
# ----------------------------- command line params
confirm=$1;
base=$2;
port=$3;
demologin=$4;
demopass=$5;
# ----------------------------- check params
if [ "x$confirm" != "xconfirm" ]
then
echo "----- $0 -----"
echo "Usage: initdemopassword.sh confirm [base port login pass]"
exit
fi
# ----------------------------- if no params on command line
if [ "x$demopass" = "x" ]
then
export dumpfile=`ls -v $mydir/mysqldump_dolibarr_*.sql | tail -n 1`
export dumpfile=`basename $dumpfile`
# ----------------------------- database name
DIALOG=${DIALOG=dialog}
DIALOG="$DIALOG --ascii-lines"
fichtemp=`tempfile 2>/dev/null` || fichtemp=/tmp/test$$
trap "rm -f $fichtemp" 0 1 2 5 15
$DIALOG --title "Init Dolibarr with demo values" --clear \
--inputbox "Mysql database name :" 16 55 dolibarrdemo 2> $fichtemp
valret=$?
case $valret in
0)
base=`cat $fichtemp`;;
1)
exit;;
255)
exit;;
esac
rm $fichtemp
# ---------------------------- database port
DIALOG=${DIALOG=dialog}
fichtemp=`tempfile 2>/dev/null` || fichtemp=/tmp/test$$
trap "rm -f $fichtemp" 0 1 2 5 15
$DIALOG --title "Init Dolibarr with demo values" --clear \
--inputbox "Mysql port (ex: 3306):" 16 55 3306 2> $fichtemp
valret=$?
case $valret in
0)
port=`cat $fichtemp`;;
1)
exit;;
255)
exit;;
esac
rm $fichtemp
# ----------------------------- demo login
DIALOG=${DIALOG=dialog}
DIALOG="$DIALOG --ascii-lines"
fichtemp=`tempfile 2>/dev/null` || fichtemp=/tmp/test$$
trap "rm -f $fichtemp" 0 1 2 5 15
$DIALOG --title "Reset login password" --clear \
--inputbox "Login to reset :" 16 55 dolibarrdemologin 2> $fichtemp
valret=$?
case $valret in
0)
demologin=`cat $fichtemp`;;
1)
exit;;
255)
exit;;
esac
rm fichtemp
# ----------------------------- demo pass
DIALOG=${DIALOG=dialog}
DIALOG="$DIALOG --ascii-lines"
fichtemp=`tempfile 2>/dev/null` || fichtemp=/tmp/test$$
trap "rm -f $fichtemp" 0 1 2 5 15
$DIALOG --title "Reset login password" --clear \
--inputbox "Pass to set :" 16 55 dolibarrdemopass 2> $fichtemp
valret=$?
case $valret in
0)
demopass=`cat $fichtemp`;;
1)
exit;;
255)
exit;;
esac
rm fichtemp
export documentdir=`cat $mydir/../../htdocs/conf/conf.php | grep '^\$dolibarr_main_data_root' | sed -e 's/$dolibarr_main_data_root=//' | sed -e 's/;//' | sed -e "s/'//g" | sed -e 's/"//g' `
# ---------------------------- confirmation
DIALOG=${DIALOG=dialog}
$DIALOG --title "Init demo login with demo values" --clear \
--yesno "Do you confirm ? \n Mysql database : '$base' \n Mysql port : '$port' \n Demo login: '$demologin' \n Demo password : '$demopass'" 15 55
case $? in
0) echo "Ok, start process...";;
1) exit;;
255) exit;;
esac
fi
# ---------------------------- run sql file
if [ "x$passwd" != "x" ]
then
export passwd="-p$passwd"
fi
#echo "mysql -P$port -u$admin $passwd $base < $mydir/$dumpfile"
#mysql -P$port -u$admin $passwd $base < $mydir/$dumpfile
echo "echo \"UPDATE llx_user SET pass_crypted = MD5('$demopass') WHERE login = '$demologin';\" | mysql -P$port $base"
echo "UPDATE llx_user SET pass_crypted = MD5('$demopass') WHERE login = '$demologin';" | mysql -P$port $base
export res=$?
if [ $res -ne 0 ]; then
echo "Error to execute sql with mysql -P$port -u$admin -p***** $base"
exit
fi
if [ "x$res" = "x0" ]
then
echo "Success, file successfully loaded."
else
echo "Error, load failed."
fi
echo

14
htdocs/accountancy/admin/account.php
View File

@ -54,8 +54,8 @@ if (!$user->rights->accounting->chartofaccount) accessforbidden();
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
$offset = $limit * $page;
@ -230,8 +230,8 @@ if (strlen(trim($search_account))) {
$search_account_tmp_clean = preg_replace('/^\^/', '', $search_account_tmp);
$search_account_clean = preg_replace('/^\^/', '', $search_account);
}
$sql .= " AND (aa.account_number LIKE '".$startchar.$search_account_tmp_clean."'";
$sql .= " OR aa.account_number LIKE '".$startchar.$search_account_clean."%')";
$sql .= " AND (aa.account_number LIKE '".$db->escape($startchar.$search_account_tmp_clean)."'";
$sql .= " OR aa.account_number LIKE '".$db->escape($startchar.$search_account_clean)."%')";
} else $sql .= natural_search("aa.account_number", $search_account_tmp);
}
}
@ -264,14 +264,14 @@ if ($resql)
$num = $db->num_rows($resql);
$param = '';
if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.$contextpage;
if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.$limit;
if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.urlencode($contextpage);
if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.urlencode($limit);
if ($search_account) $param .= '&search_account='.urlencode($search_account);
if ($search_label) $param .= '&search_label='.urlencode($search_label);
if ($search_labelshort) $param .= '&search_labelshort='.urlencode($search_labelshort);
if ($search_accountparent > 0 || $search_accountparent == '0') $param .= '&search_accountparent='.urlencode($search_accountparent);
if ($search_pcgtype) $param .= '&search_pcgtype='.urlencode($search_pcgtype);
if ($optioncss != '') $param .= '&optioncss='.$optioncss;
if ($optioncss != '') $param .= '&optioncss='.urlencode($optioncss);
if (!empty($conf->use_javascript_ajax))
{

20
htdocs/accountancy/admin/accountmodel.php
View File

@ -280,7 +280,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
else $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$i++;
}
$sql .= " WHERE ".$rowidcol." = '".$rowid."'";
$sql .= " WHERE ".$rowidcol." = ".((int) $rowid);
dol_syslog("actionmodify", LOG_DEBUG);
//print $sql;
@ -302,7 +302,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') // delete
{
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol."='".$rowid."'";
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol." = ".((int) $rowid);
dol_syslog("delete", LOG_DEBUG);
$result = $db->query($sql);
@ -323,9 +323,9 @@ if ($action == $acts[0])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$code."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$db->escape($code)."'";
}
$result = $db->query($sql);
@ -341,9 +341,9 @@ if ($action == $acts[1])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$code."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$db->escape($code)."'";
}
$result = $db->query($sql);
@ -359,9 +359,9 @@ if ($action == 'activate_favorite')
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code='".$code."'";
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code='".$db->escape($code)."'";
}
$result = $db->query($sql);
@ -377,9 +377,9 @@ if ($action == 'disable_favorite')
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code='".$code."'";
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code='".$db->escape($code)."'";
}
$result = $db->query($sql);

12
htdocs/accountancy/admin/categories_list.php
View File

@ -271,7 +271,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
else $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$i++;
}
$sql .= " WHERE ".$rowidcol." = '".$rowid."'";
$sql .= " WHERE ".$rowidcol." = ".((int) $rowid);
dol_syslog("actionmodify", LOG_DEBUG);
//print $sql;
@ -293,7 +293,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') // delete
{
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol." = ".((int) $rowid);
dol_syslog("delete", LOG_DEBUG);
$result = $db->query($sql);
@ -314,7 +314,7 @@ if ($action == $acts[0])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code = '".$db->escape($code)."'";
}
@ -332,7 +332,7 @@ if ($action == $acts[1])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code = '".$db->escape($code)."'";
}
@ -350,7 +350,7 @@ if ($action == 'activate_favorite')
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code = '".$db->escape($code)."'";
}
@ -368,7 +368,7 @@ if ($action == 'disable_favorite')
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code = '".$db->escape($code)."'";
}

2
htdocs/accountancy/admin/closure.php
View File

@ -92,7 +92,7 @@ print '<span class="opacitymedium">'.$langs->trans("DefaultClosureDesc").'</span
print '<br>';
print '<form action="'.$_SERVER["PHP_SELF"].'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="update">';
// Define main accounts for closure

4
htdocs/accountancy/admin/fiscalyear.php
View File

@ -29,8 +29,8 @@ $action = GETPOST('action', 'aZ09');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
$offset = $limit * $page;

12
htdocs/accountancy/admin/journals_list.php
View File

@ -274,7 +274,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
else $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$i++;
}
$sql .= " WHERE ".$rowidcol." = '".$rowid."'";
$sql .= " WHERE ".$rowidcol." = ".((int) $rowid);
$sql .= " AND entity = ".$conf->entity;
dol_syslog("actionmodify", LOG_DEBUG);
@ -297,7 +297,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') // delete
{
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol."='".$rowid."'";
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol." = ".((int) $rowid);
$sql .= " AND entity = ".$conf->entity;
dol_syslog("delete", LOG_DEBUG);
@ -319,9 +319,9 @@ if ($action == $acts[0])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$code."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$db->escape($code)."'";
}
$sql .= " AND entity = ".$conf->entity;
@ -338,9 +338,9 @@ if ($action == $acts[1])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$code."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$db->escape($code)."'";
}
$sql .= " AND entity = ".$conf->entity;

14
htdocs/accountancy/admin/productaccount.php
View File

@ -176,7 +176,7 @@ if ($action == 'update') {
if ($accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT') {
$sql .= " SET accountancy_code_sell_export = ".$accounting->account_number;
}
$sql .= " WHERE rowid = ".$productid;
$sql .= " WHERE rowid = ".((int) $productid);
dol_syslog("/accountancy/admin/productaccount.php sql=".$sql, LOG_DEBUG);
if ($db->query($sql))
@ -251,21 +251,21 @@ $sql .= " aa.rowid as aaid";
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON";
if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {
$sql .= " p.accountancy_code_buy = aa.account_number AND aa.fk_pcg_version = '".$pcgvercode."'";
$sql .= " p.accountancy_code_buy = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA')
{
$sql .= " p.accountancy_code_buy_intra = aa.account_number AND aa.fk_pcg_version = '".$pcgvercode."'";
$sql .= " p.accountancy_code_buy_intra = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT')
{
$sql .= " p.accountancy_code_buy_export = aa.account_number AND aa.fk_pcg_version = '".$pcgvercode."'";
$sql .= " p.accountancy_code_buy_export = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL')
{
$sql .= " p.accountancy_code_sell = aa.account_number AND aa.fk_pcg_version = '".$pcgvercode."'";
$sql .= " p.accountancy_code_sell = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA')
{
$sql .= " p.accountancy_code_sell_intra = aa.account_number AND aa.fk_pcg_version = '".$pcgvercode."'";
$sql .= " p.accountancy_code_sell_intra = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} else {
$sql .= " p.accountancy_code_sell_export = aa.account_number AND aa.fk_pcg_version = '".$pcgvercode."'";
$sql .= " p.accountancy_code_sell_export = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
}
$sql .= ' WHERE p.entity IN ('.getEntity('product').')';
if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {

4
htdocs/accountancy/bookkeeping/balance.php
View File

@ -46,8 +46,8 @@ $action = GETPOST('action', 'aZ09');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action
$offset = $limit * $page;

8
htdocs/accountancy/bookkeeping/list.php
View File

@ -91,8 +91,8 @@ $search_not_reconciled = GETPOST('search_reconciled_option', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) { $page = 0; }
$offset = $limit * $page;
@ -640,7 +640,9 @@ $newcardbutton .= dolGetButtonTitle($buttonLabel, $langs->trans("ExportFilteredL
$newcardbutton .= dolGetButtonTitle($langs->trans('GroupByAccountAccounting'), '', 'fa fa-stream paddingleft', DOL_URL_ROOT.'/accountancy/bookkeeping/listbyaccount.php?'.$param);
$newcardbutton .= dolGetButtonTitle($langs->trans('NewAccountingMvt'), '', 'fa fa-plus-circle paddingleft', './card.php?action=create', '', $user->rights->accounting->mouvements->creer);
$url = './card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton .= dolGetButtonTitle($langs->trans('NewAccountingMvt'), '', 'fa fa-plus-circle paddingleft', $url, '', $user->rights->accounting->mouvements->creer);
print_barre_liste($title_page, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $nbtotalofrecords, 'title_accountancy', 0, $newcardbutton, '', $limit);

6
htdocs/accountancy/bookkeeping/listbyaccount.php
View File

@ -39,7 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
// Load translation files required by the page
$langs->loadLangs(array("accountancy"));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int'));
$search_date_end = dol_mktime(0, 0, 0, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
$search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int'));
@ -68,8 +68,8 @@ if (GETPOST("button_delmvt_x") || GETPOST("button_delmvt.x") || GETPOST("button_
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) { $page = 0; }
$offset = $limit * $page;

2
htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php
View File

@ -147,7 +147,7 @@ $sql = "SELECT bk.rowid, bk.doc_date, bk.doc_type, bk.doc_ref, ";
$sql .= " bk.subledger_account, bk.numero_compte , bk.label_compte, bk.debit, ";
$sql .= " bk.credit, bk.montant , bk.sens , bk.code_journal , bk.piece_num, bk.lettering_code ";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as bk";
$sql .= " WHERE (bk.subledger_account = '".$object->code_compta."' AND bk.numero_compte = '".$conf->global->ACCOUNTING_ACCOUNT_CUSTOMER."' )";
$sql .= " WHERE (bk.subledger_account = '".$db->escape($object->code_compta)."' AND bk.numero_compte = '".$db->escape($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER)."' )";
/*
if (dol_strlen($search_date_start) || dol_strlen($search_date_end)) {

2
htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php
View File

@ -146,7 +146,7 @@ $sql = "SELECT bk.rowid, bk.doc_date, bk.doc_type, bk.doc_ref, ";
$sql .= " bk.subledger_account, bk.numero_compte , bk.label_compte, bk.debit, ";
$sql .= " bk.credit, bk.montant , bk.sens , bk.code_journal , bk.piece_num, bk.lettering_code, bk.date_validated ";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as bk";
$sql .= " WHERE (bk.subledger_account = '".$object->code_compta_fournisseur."' AND bk.numero_compte = '".$conf->global->ACCOUNTING_ACCOUNT_SUPPLIER."' )";
$sql .= " WHERE (bk.subledger_account = '".$db->escape($object->code_compta_fournisseur)."' AND bk.numero_compte = '".$db->escape($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER)."' )";
if (dol_strlen($search_date_start) || dol_strlen($search_date_end)) {
$sql .= " AND (bk.doc_date BETWEEN '".$db->idate($search_date_start)."' AND '".$db->idate($search_date_end)."' )";
}

3
htdocs/accountancy/class/accountancyexport.class.php
View File

@ -1160,7 +1160,8 @@ class AccountancyExport
// TYPE C
if ($last_codeinvoice != $line->doc_ref) {
//recherche societe en fonction de son code client
$sql = "SELECT code_client, fk_forme_juridique, nom, address, zip, town, fk_pays, phone, siret FROM ".MAIN_DB_PREFIX."societe WHERE code_client = '".$line->thirdparty_code."'";
$sql = "SELECT code_client, fk_forme_juridique, nom, address, zip, town, fk_pays, phone, siret FROM ".MAIN_DB_PREFIX."societe";
$sql .= " WHERE code_client = '".$this->db->escape($line->thirdparty_code)."'";
$resql = $this->db->query($sql);
if ($resql && $this->db->num_rows($resql) > 0)

2
htdocs/accountancy/class/accountancysystem.class.php
View File

@ -101,7 +101,7 @@ class AccountancySystem
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_system as a";
$sql .= " WHERE";
if ($rowid) {
$sql .= " a.rowid = '".$rowid."'";
$sql .= " a.rowid = ".((int) $rowid);
} elseif ($ref) {
$sql .= " a.pcg_version = '".$this->db->escape($ref)."'";
}

2
htdocs/accountancy/class/accountingjournal.class.php
View File

@ -108,7 +108,7 @@ class AccountingJournal extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_journal";
$sql .= " WHERE";
if ($rowid) {
$sql .= " rowid = ".(int) $rowid;
$sql .= " rowid = ".((int) $rowid);
} elseif ($journal_code)
{
$sql .= " code = '".$this->db->escape($journal_code)."'";

16
htdocs/accountancy/class/bookkeeping.class.php
View File

@ -1755,14 +1755,14 @@ class BookKeeping extends CommonObject
$sql .= ' doc_ref, fk_doc, fk_docdet, entity, thirdparty_code, subledger_account, subledger_label,';
$sql .= ' numero_compte, label_compte, label_operation, debit, credit,';
$sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, '.$next_piecenum.", '".$this->db->idate($now)."'";
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.$this->db->escape($piece_num);
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.((int) $piece_num);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
$this->errors[] = 'Error '.$this->db->lasterror();
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
}
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.$this->db->escape($piece_num);
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.((int) $piece_num);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -1770,7 +1770,7 @@ class BookKeeping extends CommonObject
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
}
} elseif ($direction == 1) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.$piece_num;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.((int) $piece_num);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -1785,14 +1785,14 @@ class BookKeeping extends CommonObject
$sql .= ' doc_ref, fk_doc, fk_docdet, thirdparty_code, subledger_account, subledger_label,';
$sql .= ' numero_compte, label_compte, label_operation, debit, credit,';
$sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, piece_num';
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE piece_num = '.$piece_num;
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE piece_num = '.((int) $piece_num);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
$this->errors[] = 'Error '.$this->db->lasterror();
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
}
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.$piece_num;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.((int) $piece_num);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -1910,7 +1910,7 @@ class BookKeeping extends CommonObject
$sql .= " AND asy.rowid = ".$pcgver;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as parent ON aa.account_parent = parent.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as root ON parent.account_parent = root.rowid";
$sql .= " WHERE aa.account_number = '".$account."'";
$sql .= " WHERE aa.account_number = '".$this->db->escape($account)."'";
$sql .= " AND parent.active = 1";
$sql .= " AND root.active = 1";
$sql .= " AND aa.entity IN (".getEntity('accountancy').")";
@ -1948,8 +1948,8 @@ class BookKeeping extends CommonObject
$sql = "SELECT aa.account_number, aa.label, aa.rowid, aa.fk_pcg_version, cat.label as category";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
$sql .= " AND aa.account_number = '".$account."'";
$sql .= " AND asy.rowid = ".$pcgver;
$sql .= " AND aa.account_number = '".$this->db->escape($account)."'";
$sql .= " AND asy.rowid = ".((int) $pcgver);
$sql .= " AND aa.active = 1";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_accounting_category as cat ON aa.fk_accounting_category = cat.rowid";
$sql .= " WHERE aa.entity IN (".getEntity('accountancy').")";

34
htdocs/accountancy/class/lettering.class.php
View File

@ -68,11 +68,11 @@ class Lettering extends BookKeeping
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu ON(bk.fk_doc = bu.fk_bank AND bu.type IN ('payment', 'payment_supplier') ) ";
$sql .= " WHERE ( ";
if ($object->code_compta != "")
$sql .= " bk.subledger_account = '".$object->code_compta."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta)."' ";
if ($object->code_compta != "" && $object->code_compta_fournisseur != "")
$sql .= " OR ";
if ($object->code_compta_fournisseur != "")
$sql .= " bk.subledger_account = '".$object->code_compta_fournisseur."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta_fournisseur)."' ";
$sql .= " ) AND (bk.date_lettering ='' OR bk.date_lettering IS NULL) ";
$sql .= " AND (bk.lettering_code != '' OR bk.lettering_code IS NULL) ";
@ -95,19 +95,19 @@ class Lettering extends BookKeeping
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn facf ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."paiementfourn_facturefourn as payfacf ON payfacf.fk_facturefourn=facf.rowid";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."paiementfourn as payf ON payfacf.fk_paiementfourn=payf.rowid";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON (bk.fk_doc = payf.fk_bank AND bk.code_journal='".$obj->code_journal."')";
$sql .= " WHERE payfacf.fk_paiementfourn = '".$obj->url_id."' ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON (bk.fk_doc = payf.fk_bank AND bk.code_journal='".$this->db->escape($obj->code_journal)."')";
$sql .= " WHERE payfacf.fk_paiementfourn = '".$this->db->escape($obj->url_id)."' ";
$sql .= " AND facf.entity = ".$conf->entity;
$sql .= " AND code_journal IN (SELECT code FROM ".MAIN_DB_PREFIX."accounting_journal WHERE nature=4 AND entity=".$conf->entity.") ";
$sql .= " AND ( ";
if ($object->code_compta != "") {
$sql .= " bk.subledger_account = '".$object->code_compta."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta)."' ";
}
if ($object->code_compta != "" && $object->code_compta_fournisseur != "") {
$sql .= " OR ";
}
if ($object->code_compta_fournisseur != "") {
$sql .= " bk.subledger_account = '".$object->code_compta_fournisseur."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta_fournisseur)."' ";
}
$sql .= " ) ";
@ -129,13 +129,13 @@ class Lettering extends BookKeeping
$sql .= " AND facf.entity = ".$conf->entity;
$sql .= " AND ( ";
if ($object->code_compta != "") {
$sql .= " bk.subledger_account = '".$object->code_compta."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta)."' ";
}
if ($object->code_compta != "" && $object->code_compta_fournisseur != "") {
$sql .= " OR ";
}
if ($object->code_compta_fournisseur != "") {
$sql .= " bk.subledger_account = '".$object->code_compta_fournisseur."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta_fournisseur)."' ";
}
$sql .= ") ";
@ -154,19 +154,19 @@ class Lettering extends BookKeeping
$sql .= " FROM ".MAIN_DB_PREFIX."facture fac ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."paiement_facture as payfac ON payfac.fk_facture=fac.rowid";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."paiement as pay ON payfac.fk_paiement=pay.rowid";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON (bk.fk_doc = pay.fk_bank AND bk.code_journal='".$obj->code_journal."')";
$sql .= " WHERE payfac.fk_paiement = '".$obj->url_id."' ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON (bk.fk_doc = pay.fk_bank AND bk.code_journal='".$this->db->escape($obj->code_journal)."')";
$sql .= " WHERE payfac.fk_paiement = '".$this->db->escape($obj->url_id)."' ";
$sql .= " AND bk.code_journal IN (SELECT code FROM ".MAIN_DB_PREFIX."accounting_journal WHERE nature=4 AND entity=".$conf->entity.") ";
$sql .= " AND fac.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy
$sql .= " AND ( ";
if ($object->code_compta != "") {
$sql .= " bk.subledger_account = '".$object->code_compta."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta)."' ";
}
if ($object->code_compta != "" && $object->code_compta_fournisseur != "") {
$sql .= " OR ";
}
if ($object->code_compta_fournisseur != "") {
$sql .= " bk.subledger_account = '".$object->code_compta_fournisseur."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta_fournisseur)."' ";
}
$sql .= " )";
@ -188,13 +188,13 @@ class Lettering extends BookKeeping
$sql .= " AND fac.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy
$sql .= " AND ( ";
if ($object->code_compta != "") {
$sql .= " bk.subledger_account = '".$object->code_compta."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta)."' ";
}
if ($object->code_compta != "" && $object->code_compta_fournisseur != "") {
$sql .= " OR ";
}
if ($object->code_compta_fournisseur != "") {
$sql .= " bk.subledger_account = '".$object->code_compta_fournisseur."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta_fournisseur)."' ";
}
$sql .= " ) ";
@ -238,7 +238,7 @@ class Lettering extends BookKeeping
$lettre = 'AAA';
$sql = "SELECT DISTINCT lettering_code FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE ";
$sql .= " lettering_code != '' ORDER BY lettering_code DESC limit 1; ";
$sql .= " lettering_code != '' ORDER BY lettering_code DESC limit 1";
$result = $this->db->query($sql);
if ($result) {
@ -252,7 +252,7 @@ class Lettering extends BookKeeping
}
$sql = "SELECT SUM(ABS(debit)) as deb, SUM(ABS(credit)) as cred FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE ";
$sql .= " rowid IN (".implode(',', $ids).") AND date_validated IS NULL ";
$sql .= " rowid IN (".implode(',', $ids).") AND date_validated IS NULL";
$result = $this->db->query($sql);
if ($result) {
$obj = $this->db->fetch_object($result);
@ -272,7 +272,7 @@ class Lettering extends BookKeeping
if (!$error)
{
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping SET";
$sql .= " lettering_code='".$lettre."'";
$sql .= " lettering_code='".$this->db->escape($lettre)."'";
$sql .= " , date_lettering = '".$this->db->idate($now)."'"; // todo correct date it's false
$sql .= " WHERE rowid IN (".implode(',', $ids).") AND date_validated IS NULL ";
$this->db->begin();

2
htdocs/accountancy/customer/card.php
View File

@ -30,7 +30,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
// Load translation files required by the page
$langs->loadLangs(array("bills", "accountancy"));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');

10
htdocs/accountancy/customer/index.php
View File

@ -131,9 +131,9 @@ if ($action == 'validatehistory') {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as l ON f.rowid = l.fk_facture";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$chartaccountcode."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$chartaccountcode."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$chartaccountcode."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
@ -402,7 +402,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT '".$langs->trans("TotalVente")."' AS total,";
$sql = "SELECT '".$db->escape($langs->trans("TotalVente"))."' AS total,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
if ($j > 12) $j -= 12;
@ -459,7 +459,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT '".$langs->trans("Vide")."' AS marge,";
$sql = "SELECT '".$db->escape($langs->trans("Vide"))."' AS marge,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
if ($j > 12) $j -= 12;

4
htdocs/accountancy/customer/lines.php
View File

@ -61,8 +61,8 @@ $search_tvaintra = GETPOST('search_tvaintra', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) $page = 0;
$offset = $limit * $page;

16
htdocs/accountancy/customer/list.php
View File

@ -40,7 +40,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
// Load translation files required by the page
$langs->loadLangs(array("bills", "companies", "compta", "accountancy", "other", "productbatch"));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$massaction = GETPOST('massaction', 'alpha');
$show_files = GETPOST('show_files', 'int');
$confirm = GETPOST('confirm', 'alpha');
@ -69,8 +69,8 @@ $btn_ventil = GETPOST('ventil', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) { $page = 0; }
$offset = $limit * $page;
@ -161,8 +161,8 @@ if ($massaction == 'ventil') {
$ko++;
} else {
$sql = " UPDATE ".MAIN_DB_PREFIX."facturedet";
$sql .= " SET fk_code_ventilation = ".$monCompte;
$sql .= " WHERE rowid = ".$monId;
$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
$sql .= " WHERE rowid = ".((int) $monId);
$accountventilated = new AccountingAccount($db);
$accountventilated->fetch($monCompte, '');
@ -222,9 +222,9 @@ $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as l ON f.rowid = l.fk_facture";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$chartaccountcode."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$chartaccountcode."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$chartaccountcode."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
// Define begin binding date

2
htdocs/accountancy/expensereport/card.php
View File

@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
// Load translation files required by the page
$langs->loadLangs(array("bills", "accountancy", "trips"));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');

6
htdocs/accountancy/expensereport/index.php
View File

@ -161,7 +161,7 @@ for ($i = 1; $i <= 12; $i++) {
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
@ -234,7 +234,7 @@ for ($i = 1; $i <= 12; $i++) {
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
@ -309,7 +309,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT '".$langs->trans("TotalExpenseReport")."' AS label,";
$sql = "SELECT '".$db->escape($langs->trans("TotalExpenseReport"))."' AS label,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
if ($j > 12) $j -= 12;

4
htdocs/accountancy/expensereport/lines.php
View File

@ -55,8 +55,8 @@ $search_year = GETPOST("search_year", "int");
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) $page = 0;
$pageprev = $page - 1;

8
htdocs/accountancy/expensereport/list.php
View File

@ -38,7 +38,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
// Load translation files required by the page
$langs->loadLangs(array("bills", "companies", "compta", "accountancy", "other", "trips", "productbatch", "hrm"));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$massaction = GETPOST('massaction', 'alpha');
$show_files = GETPOST('show_files', 'int');
$confirm = GETPOST('confirm', 'alpha');
@ -65,8 +65,8 @@ $search_year = GETPOST("search_year", "int");
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) { $page = 0; }
$offset = $limit * $page;
@ -196,7 +196,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as er";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport_det as erd ON er.rowid = erd.fk_expensereport";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_fees as f ON f.id = erd.fk_c_type_fees";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = er.fk_user_author";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON f.accountancy_code = aa.account_number AND aa.fk_pcg_version = '".$chartaccountcode."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON f.accountancy_code = aa.account_number AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " WHERE er.fk_statut IN (".ExpenseReport::STATUS_APPROVED.", ".ExpenseReport::STATUS_CLOSED.") AND erd.fk_code_ventilation <= 0";
// Define begin binding date
if (!empty($conf->global->ACCOUNTING_DATE_START_BINDING)) {

2
htdocs/accountancy/index.php
View File

@ -38,6 +38,7 @@ if ($user->socid > 0)
// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks
$hookmanager->initHooks(array('accountancyindex'));
/*
* Actions
*/
@ -54,6 +55,7 @@ if (GETPOST('addbox')) // Add box (when submit is done from a form when ajax dis
if ($result > 0) setEventMessages($langs->trans("BoxAdded"), null);
}
/*
* View
*/

2
htdocs/accountancy/supplier/card.php
View File

@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
// Load translation files required by the page
$langs->loadLangs(array("bills", "accountancy"));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');

12
htdocs/accountancy/supplier/index.php
View File

@ -128,9 +128,9 @@ if ($action == 'validatehistory') {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture_fourn_det as l ON f.rowid = l.fk_facture_fourn";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$chartaccountcode."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$chartaccountcode."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$chartaccountcode."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
@ -232,7 +232,7 @@ for ($i = 1; $i <= 12; $i++) {
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
@ -305,7 +305,7 @@ for ($i = 1; $i <= 12; $i++) {
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
@ -380,7 +380,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT '".$langs->trans("CAHTF")."' AS label,";
$sql = "SELECT '".$db->escape($langs->trans("CAHTF"))."' AS label,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
if ($j > 12) $j -= 12;

4
htdocs/accountancy/supplier/lines.php
View File

@ -62,8 +62,8 @@ $search_tvaintra = GETPOST('search_tvaintra', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) $page = 0;
$offset = $limit * $page;

12
htdocs/accountancy/supplier/list.php
View File

@ -40,7 +40,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
// Load translation files required by the page
$langs->loadLangs(array("bills", "companies", "compta", "accountancy", "other", "productbatch"));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$massaction = GETPOST('massaction', 'alpha');
$show_files = GETPOST('show_files', 'int');
$confirm = GETPOST('confirm', 'alpha');
@ -69,8 +69,8 @@ $btn_ventil = GETPOST('ventil', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) { $page = 0; }
$offset = $limit * $page;
@ -226,9 +226,9 @@ $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture_fourn_det as l ON f.rowid = l.fk_facture_fourn";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$chartaccountcode."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$chartaccountcode."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$chartaccountcode."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
// Define begin binding date

2
htdocs/adherents/admin/adherent.php
View File

@ -41,7 +41,7 @@ if (!$user->admin) accessforbidden();
$type = array('yesno', 'texte', 'chaine');
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
/*

6
htdocs/adherents/admin/adherent_emails.php
View File

@ -41,7 +41,7 @@ if (!$user->admin) accessforbidden();
$oldtypetonewone = array('texte'=>'text', 'chaine'=>'string'); // old type to new ones
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$error = 0;
@ -83,9 +83,9 @@ if ($action == 'update' || $action == 'add') {
$constlineid = GETPOST('rowid', 'int');
$constname = GETPOST('constname', 'alpha');
$constvalue = (GETPOSTISSET('constvalue_'.$constname) ? GETPOST('constvalue_'.$constname, 'alpha') : GETPOST('constvalue'));
$constvalue = (GETPOSTISSET('constvalue_'.$constname) ? GETPOST('constvalue_'.$constname, 'alphanohtml') : GETPOST('constvalue'));
$consttype = (GETPOSTISSET('consttype_'.$constname) ? GETPOST('consttype_'.$constname, 'alphanohtml') : GETPOST('consttype'));
$constnote = (GETPOSTISSET('constnote_'.$constname) ? GETPOST('constnote_'.$constname, 'none') : GETPOST('constnote'));
$constnote = (GETPOSTISSET('constnote_'.$constname) ? GETPOST('constnote_'.$constname, 'restricthtml') : GETPOST('constnote'));
$typetouse = empty($oldtypetonewone[$consttype]) ? $consttype : $oldtypetonewone[$consttype];
$constvalue = preg_replace('/:member$/', '', $constvalue);

2
htdocs/adherents/admin/adherent_extrafields.php
View File

@ -39,7 +39,7 @@ $tmptype2label = ExtraFields::$type2label;
$type2label = array('');
foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val);
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$attrname = GETPOST('attrname', 'alpha');
$elementtype = 'adherent'; //Must be the $table_element of the class that manage extrafield

2
htdocs/adherents/admin/adherent_type_extrafields.php
View File

@ -42,7 +42,7 @@ $tmptype2label = ExtraFields::$type2label;
$type2label = array('');
foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val);
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$attrname = GETPOST('attrname', 'alpha');
$elementtype = 'adherent_type'; //Must be the $table_element of the class that manage extrafield

2
htdocs/adherents/admin/website.php
View File

@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php';
// Load translation files required by the page
$langs->loadLangs(array("admin", "members"));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
if (!$user->admin) accessforbidden();

31
htdocs/adherents/card.php
View File

@ -45,7 +45,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
// Load translation files required by the page
$langs->loadLangs(array("companies", "bills", "members", "users", "other", "paypal"));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');
$confirm = GETPOST('confirm', 'alpha');
@ -82,7 +82,7 @@ if (!empty($canvas)) {
}
// Security check
$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', $objcanvas);
$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', 0);
if ($id > 0) {
// Load member
@ -152,7 +152,7 @@ if (empty($reshook)) {
if (!$error) {
if ($socid != $object->socid) { // If link differs from currently in database
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."adherent";
$sql .= " WHERE socid = '".$socid."'";
$sql .= " WHERE socid = ".((int) $socid);
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql) {
@ -254,7 +254,7 @@ if (empty($reshook)) {
$object->firstname = trim(GETPOST("firstname", 'alphanohtml'));
$object->lastname = trim(GETPOST("lastname", 'alphanohtml'));
$object->gender = trim(GETPOST("gender", 'alphanohtml'));
$object->login = trim(GETPOST("login", 'alpha'));
$object->login = trim(GETPOST("login", 'alphanohtml'));
$object->pass = trim(GETPOST("pass", 'alpha'));
$object->societe = trim(GETPOST("societe", 'alphanohtml')); // deprecated
@ -404,10 +404,9 @@ if (empty($reshook)) {
// $facebook=GETPOST("member_facebook", 'alpha');
// $linkedin=GETPOST("member_linkedin", 'alpha');
$email = preg_replace('/\s+/', '', GETPOST("member_email", 'alpha'));
$login = GETPOST("member_login", 'alpha');
$login = GETPOST("member_login", 'alphanohtml');
$pass = GETPOST("password", 'alpha');
$photo = GETPOST("photo", 'alpha');
//$comment=GETPOST("comment",'none');
$morphy = GETPOST("morphy", 'alphanohtml');
$public = GETPOST("public", 'alphanohtml');
@ -836,7 +835,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Login
if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) {
print '<tr><td><span class="fieldrequired">'.$langs->trans("Login").' / '.$langs->trans("Id").'</span></td><td><input type="text" name="member_login" class="minwidth300" maxlength="50" value="'.(isset($_POST["member_login"]) ?GETPOST("member_login", 'alpha', 2) : $object->login).'" autofocus="autofocus"></td></tr>';
print '<tr><td><span class="fieldrequired">'.$langs->trans("Login").' / '.$langs->trans("Id").'</span></td><td><input type="text" name="member_login" class="minwidth300" maxlength="50" value="'.(GETPOSTISSET("member_login") ? GETPOST("member_login", 'alphanohtml', 2) : $object->login).'" autofocus="autofocus"></td></tr>';
}
// Password
@ -884,7 +883,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Gender
print '<tr><td>'.$langs->trans("Gender").'</td>';
print '<td>';
$arraygender = array('man'=>$langs->trans("Genderman"), 'woman'=>$langs->trans("Genderwoman"));
$arraygender = array('man'=>$langs->trans("Genderman"), 'woman'=>$langs->trans("Genderwoman"), 'other'=>$langs->trans("Genderother"));
print $form->selectarray('gender', $arraygender, GETPOST('gender', 'alphanohtml'), 1, 0, 0, '', 0, 0, 0, '', '', 1);
print '</td></tr>';
@ -942,7 +941,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
}
// Birth Date
print "<tr><td>".$langs->trans("DateToBirth")."</td><td>\n";
print "<tr><td>".$langs->trans("DateOfBirth")."</td><td>\n";
print $form->selectDate(($object->birth ? $object->birth : -1), 'birth', '', '', 1, 'formsoc');
print "</td></tr>\n";
@ -1063,7 +1062,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Login
if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) {
print '<tr><td><span class="fieldrequired">'.$langs->trans("Login").' / '.$langs->trans("Id").'</span></td><td><input type="text" name="login" class="minwidth300" maxlength="50" value="'.(isset($_POST["login"]) ?GETPOST("login", 'alpha', 2) : $object->login).'"></td></tr>';
print '<tr><td><span class="fieldrequired">'.$langs->trans("Login").' / '.$langs->trans("Id").'</span></td><td><input type="text" name="login" class="minwidth300" maxlength="50" value="'.(GETPOSTISSET("login") ? GETPOST("login", 'alphanohtml', 2) : $object->login).'"></td></tr>';
}
// Password
@ -1107,7 +1106,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Gender
print '<tr><td>'.$langs->trans("Gender").'</td>';
print '<td>';
$arraygender = array('man'=>$langs->trans("Genderman"), 'woman'=>$langs->trans("Genderwoman"));
$arraygender = array('man'=>$langs->trans("Genderman"), 'woman'=>$langs->trans("Genderwoman"), 'other'=>$langs->trans("Genderother"));
print $form->selectarray('gender', $arraygender, GETPOSTISSET('gender') ? GETPOST('gender', 'alphanohtml') : $object->gender, 1, 0, 0, '', 0, 0, 0, '', '', 1);
print '</td></tr>';
@ -1175,7 +1174,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
}
// Birth Date
print "<tr><td>".$langs->trans("DateToBirth")."</td><td>\n";
print "<tr><td>".$langs->trans("DateOfBirth")."</td><td>\n";
print $form->selectDate(($object->birth ? $object->birth : -1), 'birth', '', '', 1, 'formsoc');
print "</td></tr>\n";
@ -1455,7 +1454,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Login
if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) {
print '<tr><td class="titlefield">'.$langs->trans("Login").' / '.$langs->trans("Id").'</td><td class="valeur">'.$object->login.'&nbsp;</td></tr>';
print '<tr><td class="titlefield">'.$langs->trans("Login").' / '.$langs->trans("Id").'</td><td class="valeur">'.dol_escape_htmltag($object->login).'</td></tr>';
}
// Type
@ -1472,10 +1471,10 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
print '</td></tr>';
// Company
print '<tr><td>'.$langs->trans("Company").'</td><td class="valeur">'.$object->company.'</td></tr>';
print '<tr><td>'.$langs->trans("Company").'</td><td class="valeur">'.dol_escape_htmltag($object->company).'</td></tr>';
// Civility
print '<tr><td>'.$langs->trans("UserTitle").'</td><td class="valeur">'.$object->getCivilityLabel().'&nbsp;</td>';
print '<tr><td>'.$langs->trans("UserTitle").'</td><td class="valeur">'.$object->getCivilityLabel().'</td>';
print '</tr>';
// Password
@ -1570,7 +1569,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
print '<table class="border tableforfield tableforfield" width="100%">';
// Birth Date
print '<tr><td class="titlefield">'.$langs->trans("DateToBirth").'</td><td class="valeur">'.dol_print_date($object->birth, 'day').'</td></tr>';
print '<tr><td class="titlefield">'.$langs->trans("DateOfBirth").'</td><td class="valeur">'.dol_print_date($object->birth, 'day').'</td></tr>';
// Public
print '<tr><td>'.$langs->trans("Public").'</td><td class="valeur">'.yn($object->public).'</td></tr>';

4
htdocs/adherents/class/adherent.class.php
View File

@ -282,7 +282,7 @@ class Adherent extends CommonObject
'phone' => array('type' => 'varchar(30)', 'label' => 'Phone', 'enabled' => 1, 'visible' => -1, 'position' => 115),
'phone_perso' => array('type' => 'varchar(30)', 'label' => 'Phone perso', 'enabled' => 1, 'visible' => -1, 'position' => 120),
'phone_mobile' => array('type' => 'varchar(30)', 'label' => 'Phone mobile', 'enabled' => 1, 'visible' => -1, 'position' => 125),
'birth' => array('type' => 'date', 'label' => 'DateToBirth', 'enabled' => 1, 'visible' => -1, 'position' => 130),
'birth' => array('type' => 'date', 'label' => 'DateOfBirth', 'enabled' => 1, 'visible' => -1, 'position' => 130),
'photo' => array('type' => 'varchar(255)', 'label' => 'Photo', 'enabled' => 1, 'visible' => -1, 'position' => 135),
'public' => array('type' => 'smallint(6)', 'label' => 'Public', 'enabled' => 1, 'visible' => -1, 'notnull' => 1, 'position' => 145),
'datefin' => array('type' => 'datetime', 'label' => 'DateEnd', 'enabled' => 1, 'visible' => -1, 'position' => 150),
@ -1117,7 +1117,7 @@ class Adherent extends CommonObject
// Remove link to third party onto any other members
if ($thirdpartyid > 0) {
$sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET fk_soc = null";
$sql .= " WHERE fk_soc = '".$thirdpartyid."'";
$sql .= " WHERE fk_soc = ".((int) $thirdpartyid);
$sql .= " AND entity = ".$conf->entity;
dol_syslog(get_class($this)."::setThirdPartyId", LOG_DEBUG);
$resql = $this->db->query($sql);

6
htdocs/adherents/class/adherentstats.class.php
View File

@ -92,7 +92,7 @@ class AdherentStats extends Stats
$sql = "SELECT date_format(p.dateadh,'%m') as dm, count(*)";
$sql .= " FROM ".$this->from;
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE date_format(p.dateadh,'%Y') = '".$year."'";
$sql .= " WHERE date_format(p.dateadh,'%Y') = ".((int) $year);
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
@ -133,7 +133,7 @@ class AdherentStats extends Stats
$sql = "SELECT date_format(p.dateadh,'%m') as dm, sum(p.".$this->field.")";
$sql .= " FROM ".$this->from;
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE date_format(p.dateadh,'%Y') = '".$year."'";
$sql .= " WHERE date_format(p.dateadh,'%Y') = ".((int) $year);
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
@ -154,7 +154,7 @@ class AdherentStats extends Stats
$sql = "SELECT date_format(p.dateadh,'%m') as dm, avg(p.".$this->field.")";
$sql .= " FROM ".$this->from;
//if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE date_format(p.dateadh,'%Y') = '".$year."'";
$sql .= " WHERE date_format(p.dateadh,'%Y') = ".((int) $year);
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');

14
htdocs/adherents/class/api_members.class.php
View File

@ -227,7 +227,7 @@ class Members extends DolibarrApi
}
// Select members of given category
if ($category > 0) {
$sql .= " AND c.fk_categorie = ".$db->escape($category);
$sql .= " AND c.fk_categorie = ".$this->db->escape($category);
$sql .= " AND c.fk_member = t.rowid ";
}
// Add sql filters
@ -239,23 +239,23 @@ class Members extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min) {
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$member = new Adherent($this->db);
if ($member->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($member);
@ -263,7 +263,7 @@ class Members extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve member list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve member list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No member found');

12
htdocs/adherents/class/api_memberstypes.class.php
View File

@ -109,23 +109,23 @@ class MembersTypes extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min) {
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$membertype = new AdherentType($this->db);
if ($membertype->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($membertype);
@ -133,7 +133,7 @@ class MembersTypes extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve member type list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve member type list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No member type found');

12
htdocs/adherents/class/api_subscriptions.class.php
View File

@ -107,22 +107,22 @@ class Subscriptions extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
while ($i < min($limit, $num)) {
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$subscription = new Subscription($this->db);
if ($subscription->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($subscription);
@ -130,7 +130,7 @@ class Subscriptions extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve subscription list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve subscription list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No Subscription found');

2
htdocs/adherents/document.php
View File

@ -38,7 +38,7 @@ $langs->loadLangs(array("companies", "members", "other"));
$id = GETPOST('id', 'int');
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha');
// Security check

4
htdocs/adherents/index.php
View File

@ -282,7 +282,7 @@ print '</div><div class="fichetwothirdright"><div class="ficheaddleft">';
/*
* Latest modified members
*/
$max = 5;
$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
$sql = "SELECT a.rowid, a.statut, a.lastname, a.firstname, a.societe as company, a.fk_soc,";
$sql .= " a.tms as datem, datefin as date_end_subscription,";
@ -337,7 +337,7 @@ if ($resql) {
/*
* Last modified subscriptions
*/
$max = 5;
$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
$sql = "SELECT a.rowid, a.statut, a.lastname, a.firstname, a.societe as company, a.fk_soc,";
$sql .= " datefin as date_end_subscription,";

21
htdocs/adherents/list.php
View File

@ -281,7 +281,7 @@ if ($search_ref) {
if ($search_civility) $sql .= natural_search("d.civility", $search_civility);
if ($search_firstname) $sql .= natural_search("d.firstname", $search_firstname);
if ($search_lastname) $sql .= natural_search(array("d.firstname", "d.lastname", "d.societe"), $search_lastname);
if ($search_gender != '' && $search_gender != '-1') $sql .= " AND d.gender = '".$search_gender."'";
if ($search_gender != '' && $search_gender != '-1') $sql .= natural_search("d.gender", $search_gender);
if ($search_login) $sql .= natural_search("d.login", $search_login);
if ($search_company) $sql .= natural_search("s.nom", $search_company);
if ($search_email) $sql .= natural_search("d.email", $search_email);
@ -370,6 +370,7 @@ if ($search_lastname) $param .= "&search_lastname=".urlencode($search_lastname)
if ($search_gender) $param .= "&search_gender=".urlencode($search_gender);
if ($search_login) $param .= "&search_login=".urlencode($search_login);
if ($search_email) $param .= "&search_email=".urlencode($search_email);
if ($search_categ) $param .= "&search_categ=".urlencode($search_categ);
if ($search_company) $param .= "&search_company=".urlencode($search_company);
if ($search_address != '') $param .= "&search_address=".urlencode($search_address);
if ($search_town != '') $param .= "&search_town=".urlencode($search_town);
@ -477,7 +478,7 @@ if (!empty($arrayfields['d.lastname']['checked'])) {
}
if (!empty($arrayfields['d.gender']['checked'])) {
print '<td class="liste_titre">';
$arraygender = array('man'=>$langs->trans("Genderman"), 'woman'=>$langs->trans("Genderwoman"));
$arraygender = array('man'=>$langs->trans("Genderman"), 'woman'=>$langs->trans("Genderwoman"), 'other'=>$langs->trans("Genderother"));
print $form->selectarray('search_gender', $arraygender, $search_gender, 1);
print '</td>';
}
@ -502,16 +503,16 @@ if (!empty($arrayfields['t.libelle']['checked'])) {
if (!empty($arrayfields['d.address']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth75imp" type="text" name="search_address" value="'.$search_address.'"></td>';
print '<input class="flat maxwidth75imp" type="text" name="search_address" value="'.dol_escape_htmltag($search_address).'"></td>';
}
if (!empty($arrayfields['d.zip']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth50imp" type="text" name="search_zip" value="'.$search_zip.'"></td>';
print '<input class="flat maxwidth50imp" type="text" name="search_zip" value="'.dol_escape_htmltag($search_zip).'"></td>';
}
if (!empty($arrayfields['d.town']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth75imp" type="text" name="search_town" value="'.$search_town.'"></td>';
print '<input class="flat maxwidth75imp" type="text" name="search_town" value="'.dol_escape_htmltag($search_town).'"></td>';
}
// State
if (!empty($arrayfields['state.nom']['checked'])) {
@ -528,24 +529,24 @@ if (!empty($arrayfields['country.code_iso']['checked'])) {
// Phone pro
if (!empty($arrayfields['d.phone']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth75imp" type="text" name="search_phone" value="'.$search_phone.'"></td>';
print '<input class="flat maxwidth75imp" type="text" name="search_phone" value="'.dol_escape_htmltag($search_phone).'"></td>';
}
// Phone perso
if (!empty($arrayfields['d.phone_perso']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth50" type="text" name="search_phone_perso" value="'.$search_phone_perso.'"></td>';
print '<input class="flat maxwidth50" type="text" name="search_phone_perso" value="'.dol_escape_htmltag($search_phone_perso).'"></td>';
}
// Phone mobile
if (!empty($arrayfields['d.phone_mobile']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth75imp" type="text" name="search_phone_mobile" value="'.$search_phone_mobile.'"></td>';
print '<input class="flat maxwidth75imp" type="text" name="search_phone_mobile" value="'.dol_escape_htmltag($search_phone_mobile).'"></td>';
}
// Email
if (!empty($arrayfields['d.email']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth75imp" type="text" name="search_email" value="'.$search_email.'"></td>';
print '<input class="flat maxwidth75imp" type="text" name="search_email" value="'.dol_escape_htmltag($search_email).'"></td>';
}
// End of subscription date
if (!empty($arrayfields['d.datefin']['checked'])) {
print '<td class="liste_titre left">';
print '</td>';

2
htdocs/adherents/note.php
View File

@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php';
// Load translation files required by the page
$langs->loadLangs(array("companies", "members", "bills"));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$id = GETPOST('id', 'int');
// Security check

5
htdocs/adherents/stats/byproperties.php
View File

@ -141,10 +141,11 @@ if (!count($data)) {
}
// Print array
print '<div class="div-table-responsive">'; // You can use div-table-responsive-no-min if you dont need reserved height for your table
print '<table class="liste centpercent">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("MemberNature").'</td>';
print '<td class="right">'.$langs->trans("NbOfMembers").' ('.$langs->trans("AllTime").')</td>';
print '<td class="right">'.$langs->trans("NbOfMembers").' <span class="opacitymedium">('.$langs->trans("AllTime").')</span></td>';
print '<td class="right">'.$langs->trans("NbOfActiveMembers").'</td>';
print '<td class="center">'.$langs->trans("LastMemberDate").'</td>';
print '<td class="right">'.$langs->trans("NbOfSubscriptions").'</td>';
@ -170,7 +171,7 @@ foreach ($data as $val) {
}
print '</table>';
print '</div>';
dol_fiche_end();

10
htdocs/adherents/stats/geo.php
View File

@ -45,7 +45,7 @@ $startyear = $year - 2;
$endyear = $year;
// Load translation files required by the page
$langs->loadLangs(array("companies", "members"));
$langs->loadLangs(array("companies", "members", "banks"));
/*
@ -272,12 +272,13 @@ if (count($arrayjs) && $mode == 'memberbycountry') {
}
if ($mode) {
// Print array / Affiche le tableau
print '<table class="liste centpercent">';
// Print array
print '<div class="div-table-responsive">'; // You can use div-table-responsive-no-min if you dont need reserved height for your table
print '<table class="liste centpercent">';
print '<tr class="liste_titre">';
print '<td>'.$label.'</td>';
if ($label2) print '<td class="center">'.$label2.'</td>';
print '<td class="right">'.$langs->trans("NbOfMembers").' ('.$langs->trans("AllTime").')</td>';
print '<td class="right">'.$langs->trans("NbOfMembers").' <span class="opacitymedium">('.$langs->trans("AllTime").')</span></td>';
print '<td class="center">'.$langs->trans("LastMemberDate").'</td>';
print '<td class="center">'.$langs->trans("LatestSubscriptionDate").'</td>';
print '</tr>';
@ -294,6 +295,7 @@ if ($mode) {
}
print '</table>';
print '</div>';
}

8
htdocs/adherents/subscription.php
View File

@ -40,15 +40,15 @@ require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingjournal.class.php';
$langs->loadLangs(array("companies", "bills", "members", "users", "mails", 'other'));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha');
$rowid = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int');
$typeid = GETPOST('typeid', 'int');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
$offset = $limit * $page;
@ -628,7 +628,7 @@ if ($rowid > 0) {
$subscriptionstatic->ref = $objp->crowid;
$subscriptionstatic->id = $objp->crowid;
$typeid = ($objp->cfk_type > 0 ? $objp->cfk_type : $adh->typeid);
$typeid = $objp->cfk_type;
if ($typeid > 0) {
$adht->fetch($typeid);
}

14
htdocs/adherents/subscription/list.php
View File

@ -147,13 +147,15 @@ $sql .= " c.rowid as crowid, c.fk_type, c.subscription,";
$sql .= " c.dateadh, c.datef, c.datec as date_creation, c.tms as date_update,";
$sql .= " c.fk_bank as bank, c.note,";
$sql .= " b.fk_account";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."subscription as c";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d";
$sql .= " JOIN ".MAIN_DB_PREFIX."subscription as c on d.rowid = c.fk_adherent";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."adherent_extrafields as ef on (d.rowid = ef.fk_object)";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON c.fk_bank=b.rowid";
$sql .= " WHERE d.rowid = c.fk_adherent";
$sql .= " AND d.entity IN (".getEntity('adherent').")";
if (isset($date_select) && $date_select != '') {
$sql .= " AND c.dateadh >= '".$date_select."-01-01 00:00:00'";
$sql .= " AND c.dateadh < '".($date_select + 1)."-01-01 00:00:00'";
$sql .= " WHERE d.entity IN (".getEntity('adherent').")";
if (isset($date_select) && $date_select != '')
{
$sql .= " AND c.dateadh >= '".((int) $date_select)."-01-01 00:00:00'";
$sql .= " AND c.dateadh < '".((int) $date_select + 1)."-01-01 00:00:00'";
}
if ($search_ref) {
if (is_numeric($search_ref)) $sql .= " AND (c.rowid = ".$db->escape($search_ref).")";

6
htdocs/adherents/type.php
View File

@ -38,7 +38,7 @@ require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php';
$langs->load("members");
$rowid = GETPOST('rowid', 'int');
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');
@ -66,8 +66,8 @@ $subscription = GETPOST("subscription", "int");
$duration_value = GETPOST('duration_value', 'int');
$duration_unit = GETPOST('duration_unit', 'alpha');
$vote = GETPOST("vote", "int");
$comment = GETPOST("comment", 'none');
$mail_valid = GETPOST("mail_valid", 'none');
$comment = GETPOST("comment", 'restricthtml');
$mail_valid = GETPOST("mail_valid", 'restricthtml');
// Security check
$result = restrictedArea($user, 'adherent', $rowid, 'adherent_type');

2
htdocs/adherents/type_ldap.php
View File

@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/ldap.lib.php';
$langs->loadLangs(array("admin", "members", "ldap"));
$id = GETPOST('rowid', 'int');
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
// Security check
$result = restrictedArea($user, 'adherent', $id, 'adherent_type');

2
htdocs/adherents/type_translation.php
View File

@ -35,7 +35,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formadmin.class.php';
$langs->loadLangs(array('members', 'languages'));
$id = GETPOST('rowid', 'int');
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
// Security check

4
htdocs/admin/accountant.php
View File

@ -62,7 +62,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_MAIL", GETPOST("mail", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_WEB", GETPOST("web", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_CODE", GETPOST("code", 'nohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_NOTE", GETPOST("note", 'none'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_NOTE", GETPOST("note", 'restricthtml'), 'chaine', 0, '', $conf->entity);
if ($action != 'updateedit' && !$error)
{
@ -164,7 +164,7 @@ print '<input name="code" id="code" class="minwidth100" value="'.($conf->global-
// Note
print '<tr class="oddeven"><td class="tdtop"><label for="note">'.$langs->trans("Note").'</label></td><td>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOST('note', 'none') ? GETPOST('note', 'none') : $conf->global->MAIN_INFO_ACCOUNTANT_NOTE).'</textarea></td></tr>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOSTISSET('note') ? GETPOST('note', 'restricthtml') : $conf->global->MAIN_INFO_ACCOUNTANT_NOTE).'</textarea></td></tr>';
print '</td></tr>';
print '</table>';

2
htdocs/admin/agenda.php
View File

@ -34,7 +34,7 @@ if (!$user->admin)
// Load translation files required by the page
$langs->loadLangs(array('admin', 'other', 'agenda'));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$search_event = GETPOST('search_event', 'alpha');

2
htdocs/admin/agenda_extrafields.php
View File

@ -45,7 +45,7 @@ $tmptype2label = ExtraFields::$type2label;
$type2label = array('');
foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val);
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$attrname = GETPOST('attrname', 'alpha');
$elementtype = 'actioncomm'; //Must be the $table_element of the class that manage extrafield

2
htdocs/admin/agenda_other.php
View File

@ -37,7 +37,7 @@ if (!$user->admin)
// Load translation files required by the page
$langs->loadLangs(array('admin', 'other', 'agenda', 'users'));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
$param = GETPOST('param', 'alpha');
$cancel = GETPOST('cancel', 'alpha');

2
htdocs/admin/agenda_reminder.php
View File

@ -32,7 +32,7 @@ if (!$user->admin)
// Load translation files required by the page
$langs->loadLangs(array("admin", "other", "agenda"));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
$param = GETPOST('param', 'alpha');
$cancel = GETPOST('cancel', 'alpha');

4
htdocs/admin/bank.php
View File

@ -37,7 +37,7 @@ $langs->loadLangs(array("admin", "companies", "bills", "other", "banks"));
if (!$user->admin)
accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$actionsave = GETPOST('save', 'alpha');
$value = GETPOST('value', 'alpha');
$label = GETPOST('label', 'alpha');
@ -283,7 +283,7 @@ print load_fiche_titre($langs->trans("BankAccountModelModule"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql) {

2
htdocs/admin/bank_extrafields.php
View File

@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label;
$type2label = array('');
foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val);
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$attrname = GETPOST('attrname', 'alpha');
$elementtype = 'bank_account'; //Must be the $element of the class that manage extrafield

12
htdocs/admin/barcode.php
View File

@ -33,7 +33,7 @@ $langs->load("admin");
if (!$user->admin) accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
/*
@ -58,10 +58,10 @@ if ($action == 'setbarcodeproducton')
if ($action == 'setcoder')
{
$coder = GETPOST('coder', 'alpha');
$code_id = GETPOST('code_id', 'alpha');
$code_id = GETPOST('code_id', 'int');
$sqlp = "UPDATE ".MAIN_DB_PREFIX."c_barcode_type";
$sqlp .= " SET coder = '".$coder."'";
$sqlp .= " WHERE rowid = ".$code_id;
$sqlp .= " SET coder = '".$db->escape($coder)."'";
$sqlp .= " WHERE rowid = ".((int) $code_id);
$sqlp .= " AND entity = ".$conf->entity;
$resql = $db->query($sqlp);
@ -104,8 +104,8 @@ if ($action == 'setcoder')
$code_id = $obj->rowid;
$sqlp = "UPDATE ".MAIN_DB_PREFIX."c_barcode_type";
$sqlp .= " SET coder = '".$coder."'";
$sqlp .= " WHERE rowid = ".$code_id;
$sqlp .= " SET coder = '".$db->escape($coder)."'";
$sqlp .= " WHERE rowid = ".((int) $code_id);
$sqlp .= " AND entity = ".$conf->entity;
$upsql = $db->query($sqlp);

6
htdocs/admin/bom.php
View File

@ -32,7 +32,7 @@ $langs->loadLangs(array('admin', 'errors', 'mrp', 'other'));
if (!$user->admin) accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
$label = GETPOST('label', 'alpha');
$scandir = GETPOST('scan_dir', 'alpha');
@ -151,7 +151,7 @@ elseif ($action == 'setdoc')
}
} elseif ($action == 'set_BOM_FREE_TEXT')
{
$freetext = GETPOST("BOM_FREE_TEXT", 'none'); // No alpha here, we want exact string
$freetext = GETPOST("BOM_FREE_TEXT", 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "BOM_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
@ -292,7 +292,7 @@ print load_fiche_titre($langs->trans("BOMsModelModule"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/bom_extrafields.php
View File

@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label;
$type2label = array('');
foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val);
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$attrname = GETPOST('attrname', 'alpha');
$elementtype = 'bom_bom';

16
htdocs/admin/boxes.php
View File

@ -34,7 +34,7 @@ $langs->loadLangs(array('admin', 'boxes', 'accountancy'));
if (!$user->admin) accessforbidden();
$rowid = GETPOST('rowid', 'int');
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
// Define possible position of boxes
@ -192,12 +192,12 @@ if ($action == 'switch')
$newsecondnum = preg_replace('/[a-zA-Z]+/', '', $newsecond);
$newsecond = sprintf("%s%02d", $newsecondchar ? $newsecondchar : 'A', $newsecondnum + 1);
}
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$newfirst."' WHERE rowid=".$objfrom->rowid;
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($newfirst)."' WHERE rowid=".$objfrom->rowid;
dol_syslog($sql);
$resultupdatefrom = $db->query($sql);
if (!$resultupdatefrom) { dol_print_error($db); }
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$newsecond."' WHERE rowid=".$objto->rowid;
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($newsecond)."' WHERE rowid=".$objto->rowid;
dol_syslog($sql);
$resultupdateto = $db->query($sql);
if (!$resultupdateto) { dol_print_error($db); }
@ -261,7 +261,7 @@ if ($resql)
// This occurs just after an insert.
if ($decalage)
{
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$decalage."' WHERE rowid=".$obj->rowid;
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($decalage)."' WHERE rowid=".$obj->rowid;
$db->query($sql);
}
}
@ -286,12 +286,12 @@ if ($resql)
if (preg_match("/[13579]{1}/", substr($record['box_order'], -1)))
{
$box_order = "A0".$record['box_order'];
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE entity = ".$conf->entity." AND box_order = '".$record['box_order']."'";
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$db->escape($box_order)."' WHERE entity = ".$conf->entity." AND box_order = '".$db->escape($record['box_order'])."'";
$resql = $db->query($sql);
} elseif (preg_match("/[02468]{1}/", substr($record['box_order'], -1)))
{
$box_order = "B0".$record['box_order'];
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE entity = ".$conf->entity." AND box_order = '".$record['box_order']."'";
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$db->escape($box_order)."' WHERE entity = ".$conf->entity." AND box_order = '".$db->escape($record['box_order'])."'";
$resql = $db->query($sql);
}
} elseif (dol_strlen($record['box_order']) == 2)
@ -299,12 +299,12 @@ if ($resql)
if (preg_match("/[13579]{1}/", substr($record['box_order'], -1)))
{
$box_order = "A".$record['box_order'];
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE entity = ".$conf->entity." AND box_order = '".$record['box_order']."'";
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$db->escape($box_order)."' WHERE entity = ".$conf->entity." AND box_order = '".$db->escape($record['box_order'])."'";
$resql = $db->query($sql);
} elseif (preg_match("/[02468]{1}/", substr($record['box_order'], -1)))
{
$box_order = "B".$record['box_order'];
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE entity = ".$conf->entity." AND box_order = '".$record['box_order']."'";
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$db->escape($box_order)."' WHERE entity = ".$conf->entity." AND box_order = '".$db->escape($record['box_order'])."'";
$resql = $db->query($sql);
}
}

4
htdocs/admin/chequereceipts.php
View File

@ -37,7 +37,7 @@ $langs->loadLangs(array("admin", "companies", "bills", "other", "banks"));
if (!$user->admin)
accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
@ -72,7 +72,7 @@ if ($action == 'setmod')
if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT')
{
$freetext = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "BANK_CHEQUERECEIPT_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);

6
htdocs/admin/commande.php
View File

@ -41,7 +41,7 @@ $langs->loadLangs(array('admin', 'errors', 'orders', 'other'));
if (!$user->admin) accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
$label = GETPOST('label', 'alpha');
$scandir = GETPOST('scan_dir', 'alpha');
@ -160,7 +160,7 @@ elseif ($action == 'setdoc')
}
} elseif ($action == 'set_ORDER_FREE_TEXT')
{
$freetext = GETPOST("ORDER_FREE_TEXT", 'none'); // No alpha here, we want exact string
$freetext = GETPOST("ORDER_FREE_TEXT", 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "ORDER_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
@ -357,7 +357,7 @@ print load_fiche_titre($langs->trans("OrdersModelModule"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/commande_fournisseur_dispatch_extrafields.php
View File

@ -50,7 +50,7 @@ $tmptype2label = ExtraFields::$type2label;
$type2label = array('');
foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->trans($val);
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$attrname = GETPOST('attrname', 'alpha');
$elementtype = 'commande_fournisseur_dispatch'; //Must be the $table_element of the class that manage extrafield

4
htdocs/admin/company.php
View File

@ -100,7 +100,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note", 'none'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note", 'restricthtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
$dirforimage = $conf->mycompany->dir_output.'/logos/';
@ -524,7 +524,7 @@ print '</td></tr>';
// Note
print '<tr class="oddeven"><td class="tdtop"><label for="note">'.$langs->trans("Note").'</label></td><td>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOST('note', 'none') ? GETPOST('note', 'none') : $conf->global->MAIN_INFO_SOCIETE_NOTE).'</textarea></td></tr>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOSTISSET('note') ? GETPOST('note', 'restricthtml') : $conf->global->MAIN_INFO_SOCIETE_NOTE).'</textarea></td></tr>';
print '</td></tr>';
print '</table>';

2
htdocs/admin/compta.php
View File

@ -36,7 +36,7 @@ $langs->loadLangs(array('admin', 'compta', 'accountancy'));
if (!$user->admin)
accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
// Other parameters ACCOUNTING_*
$list = array(

2
htdocs/admin/confexped.php
View File

@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'sendings', 'deliveries'));
if (!$user->admin)
accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
/*

15
htdocs/admin/const.php
View File

@ -35,19 +35,19 @@ if (!$user->admin)
$rowid = GETPOST('rowid', 'int');
$entity = GETPOST('entity', 'int');
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$update = GETPOST('update', 'alpha');
$delete = GETPOST('delete', 'none'); // Do not use alpha here
$debug = GETPOST('debug', 'int');
$consts = GETPOST('const', 'array');
$constname = GETPOST('constname', 'alphanohtml');
$constvalue = GETPOST('constvalue', 'none'); // We shoul dbe able to send everything here
$constvalue = GETPOST('constvalue', 'restricthtml'); // We should be able to send everything here
$constnote = GETPOST('constnote', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action
$offset = $limit * $page;
@ -207,10 +207,13 @@ print "</tr>\n";
// Line to add new record
print "\n";
print '<tr class="oddeven nohover"><td><input type="text" class="flat minwidth100" name="constname" value="'.$constname.'"></td>'."\n";
print '<tr class="oddeven nohover"><td>';
print '<input type="text" class="flat minwidth300" name="constname" value="'.$constname.'">';
print '</td>'."\n";
print '<td>';
print '<input type="text" class="flat minwidth100" name="constvalue" value="'.$constvalue.'">';
print '</td><td>';
print '</td>';
print '<td>';
print '<input type="text" class="flat minwidth100" name="constnote" value="'.$constnote.'">';
print '</td>';
print '<td>';

6
htdocs/admin/contract.php
View File

@ -33,7 +33,7 @@ $langs->loadLangs(array("admin", "errors", "contracts"));
if (!$user->admin) accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
$label = GETPOST('label', 'alpha');
$scandir = GETPOST('scan_dir', 'alpha');
@ -143,7 +143,7 @@ elseif ($action == 'setdoc')
dolibarr_set_const($db, "CONTRACT_ADDON", $value, 'chaine', 0, '', $conf->entity);
} elseif ($action == 'set_other')
{
$freetext = GETPOST('CONTRACT_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('CONTRACT_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res1 = dolibarr_set_const($db, "CONTRACT_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
$draft = GETPOST('CONTRACT_DRAFT_WATERMARK', 'alpha');
@ -287,7 +287,7 @@ print load_fiche_titre($langs->trans("TemplatePDFContracts"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/dav.php
View File

@ -32,7 +32,7 @@ if (!$user->admin)
accessforbidden();
// Parameters
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$backtopage = GETPOST('backtopage', 'alpha');

4
htdocs/admin/defaultvalues.php
View File

@ -37,7 +37,7 @@ $langs->loadLangs(array('companies', 'products', 'admin', 'sms', 'other', 'error
if (!$user->admin) accessforbidden();
$id = GETPOST('rowid', 'int');
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$optioncss = GETPOST('optionscss', 'alphanohtml');
$mode = GETPOST('mode', 'aZ09') ?GETPOST('mode', 'aZ09') : 'createform'; // 'createform', 'filters', 'sortorder', 'focus'
@ -61,7 +61,7 @@ $defaulturl = preg_replace('/^\//', '', $defaulturl);
$urlpage = GETPOST('urlpage', 'alphanohtml');
$key = GETPOST('key', 'alphanohtml');
$value = GETPOST('value', 'none');
$value = GETPOST('value', 'restricthtml');
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('admindefaultvalues', 'globaladmin'));

252
htdocs/admin/delais.php
View File

@ -32,7 +32,7 @@ $langs->load("admin");
if (!$user->admin) accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$modules = array(
'agenda' => array(
@ -48,7 +48,7 @@ $modules = array(
),
array(
'code' => 'MAIN_DELAY_TASKS_TODO',
'img' => 'task'
'img' => 'projecttask'
)
),
'propal' => array(
@ -107,10 +107,6 @@ $modules = array(
array(
'code' => 'MAIN_DELAY_MEMBERS',
'img' => 'user'
),
array(
'code' => 'MAIN_DELAY_MEMBERS_SHIFT',
'img' => 'user'
)
),
'expensereport' => array(
@ -229,7 +225,7 @@ if ($action == 'edit')
$value = (!empty($conf->global->{$delay['code']}) ? $conf->global->{$delay['code']}:0);
print '<tr class="oddeven">';
print '<td width="20px">'.img_object('', $delay['img']).'</td>';
print '<td>'.$langs->trans('Delays_'.$delay['code']).'</td><td>';
print '<td>'.$langs->trans('Delays_'.$delay['code']).'</td><td class="nowraponall">';
print '<input class="right maxwidth75" type="number" name="'.$delay['code'].'" value="'.$value.'"> '.$langs->trans("days").'</td></tr>';
}
}
@ -290,148 +286,150 @@ if ($action == 'edit')
print '<br>';
// Show logo for weather
print '<span class="opacitymedium">'.$langs->trans("DescWeather").'</span> ';
if ($action == 'edit') {
$str_mode_std = $langs->trans('MeteoStdModEnabled').' : '.$langs->trans('MeteoUseMod', $langs->transnoentitiesnoconv('MeteoPercentageMod'));
$str_mode_percentage = $langs->trans('MeteoPercentageModEnabled').' : '.$langs->trans('MeteoUseMod', $langs->transnoentitiesnoconv('MeteoStdMod'));
if (empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE)) $str_mode_enabled = $str_mode_std;
else $str_mode_enabled = $str_mode_percentage;
print '<a href="#" onclick="return false;" id="change_mode">'.$str_mode_enabled.'</a>';
print '<input type="hidden" id="MAIN_USE_METEO_WITH_PERCENTAGE" name="MAIN_USE_METEO_WITH_PERCENTAGE" value="'.$conf->global->MAIN_USE_METEO_WITH_PERCENTAGE.'" />';
if ($conf->global->MAIN_DISABLE_METEO != 1) {
// Show logo for weather
print '<span class="opacitymedium">'.$langs->trans("DescWeather").'</span> ';
print '<br><br>';
} else {
if (empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE)) print $langs->trans('MeteoStdModEnabled');
else print $langs->trans('MeteoPercentageModEnabled');
print '<br><br>';
}
if ($action == 'edit') {
$str_mode_std = $langs->trans('MeteoStdModEnabled').' : '.$langs->trans('MeteoUseMod', $langs->transnoentitiesnoconv('MeteoPercentageMod'));
$str_mode_percentage = $langs->trans('MeteoPercentageModEnabled').' : '.$langs->trans('MeteoUseMod', $langs->transnoentitiesnoconv('MeteoStdMod'));
if (empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE)) $str_mode_enabled = $str_mode_std;
else $str_mode_enabled = $str_mode_percentage;
print '<a href="#" onclick="return false;" id="change_mode">'.$str_mode_enabled.'</a>';
print '<input type="hidden" id="MAIN_USE_METEO_WITH_PERCENTAGE" name="MAIN_USE_METEO_WITH_PERCENTAGE" value="'.$conf->global->MAIN_USE_METEO_WITH_PERCENTAGE.'" />';
$offset = 0;
$cursor = 10; // By default
//if (! empty($conf->global->MAIN_METEO_OFFSET)) $offset=$conf->global->MAIN_METEO_OFFSET;
//if (! empty($conf->global->MAIN_METEO_GAP)) $cursor=$conf->global->MAIN_METEO_GAP;
$level0 = $offset; if (!empty($conf->global->MAIN_METEO_LEVEL0)) $level0 = $conf->global->MAIN_METEO_LEVEL0;
$level1 = $offset + 1 * $cursor; if (!empty($conf->global->MAIN_METEO_LEVEL1)) $level1 = $conf->global->MAIN_METEO_LEVEL1;
$level2 = $offset + 2 * $cursor; if (!empty($conf->global->MAIN_METEO_LEVEL2)) $level2 = $conf->global->MAIN_METEO_LEVEL2;
$level3 = $offset + 3 * $cursor; if (!empty($conf->global->MAIN_METEO_LEVEL3)) $level3 = $conf->global->MAIN_METEO_LEVEL3;
$text = ''; $options = 'class="valignmiddle" height="60px"';
print '<br><br>';
} else {
if (empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE)) print $langs->trans('MeteoStdModEnabled');
else print $langs->trans('MeteoPercentageModEnabled');
print '<br><br>';
}
$offset = 0;
$cursor = 10; // By default
//if (! empty($conf->global->MAIN_METEO_OFFSET)) $offset=$conf->global->MAIN_METEO_OFFSET;
//if (! empty($conf->global->MAIN_METEO_GAP)) $cursor=$conf->global->MAIN_METEO_GAP;
$level0 = $offset; if (!empty($conf->global->MAIN_METEO_LEVEL0)) $level0 = $conf->global->MAIN_METEO_LEVEL0;
$level1 = $offset + 1 * $cursor; if (!empty($conf->global->MAIN_METEO_LEVEL1)) $level1 = $conf->global->MAIN_METEO_LEVEL1;
$level2 = $offset + 2 * $cursor; if (!empty($conf->global->MAIN_METEO_LEVEL2)) $level2 = $conf->global->MAIN_METEO_LEVEL2;
$level3 = $offset + 3 * $cursor; if (!empty($conf->global->MAIN_METEO_LEVEL3)) $level3 = $conf->global->MAIN_METEO_LEVEL3;
$text = ''; $options = 'class="valignmiddle" height="60px"';
if ($action == 'edit') {
print '<div id="standard" '.(empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE) ? '' : 'style="display:none;"').'>';
if ($action == 'edit') {
print '<div id="standard" '.(empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE) ? '' : 'style="display:none;"').'>';
print '<div>';
print '<div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 0, $options);
print '= <input type="text" size="2" name="MAIN_METEO_LEVEL0" value="'.$level0.'"/></td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 1, $options);
print '&lt;= <input type="text" size="2" name="MAIN_METEO_LEVEL1" value="'.$level1.'"/></td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 2, $options);
print '&lt;= <input type="text" size="2" name="MAIN_METEO_LEVEL2" value="'.$level2.'"/></td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 3, $options);
print '&lt;= <input type="text" size="2" name="MAIN_METEO_LEVEL3" value="'.$level3.'"/></td>';
print '</div>';
print '</div>';
print '<div>';
print '<div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 0, $options);
print ' &lt;= <input type="text" size="2" name="MAIN_METEO_LEVEL0" value="'.$level0.'"/></td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 1, $options);
print ' &lt;= <input type="text" size="2" name="MAIN_METEO_LEVEL1" value="'.$level1.'"/></td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 2, $options);
print ' &lt;= <input type="text" size="2" name="MAIN_METEO_LEVEL2" value="'.$level2.'"/></td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 3, $options);
print ' &lt;= <input type="text" size="2" name="MAIN_METEO_LEVEL3" value="'.$level3.'"/></td>';
print '</div>';
print '</div>';
print '</div>';
print '</div>';
print '<div id="percentage" '.(empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE) ? 'style="display:none;"' : '').'>';
print '<div id="percentage" '.(empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE) ? 'style="display:none;"' : '').'>';
print '<div>';
print '<div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 0, $options);
print '&lt;= <input type="text" size="2" name="MAIN_METEO_PERCENTAGE_LEVEL0" value="'.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL0.'"/>&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 1, $options);
print '&lt;= <input type="text" size="2" name="MAIN_METEO_PERCENTAGE_LEVEL1" value="'.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL1.'"/>&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 2, $options);
print '&lt;= <input type="text" size="2" name="MAIN_METEO_PERCENTAGE_LEVEL2" value="'.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL2.'"/>&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 3, $options);
print '&lt;= <input type="text" size="2" name="MAIN_METEO_PERCENTAGE_LEVEL3" value="'.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL3.'"/>&nbsp;%</td>';
print '</div>';
print '</div>';
print '<div>';
print '<div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 0, $options);
print ' &lt;= <input type="text" size="2" name="MAIN_METEO_PERCENTAGE_LEVEL0" value="'.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL0.'"/>&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 1, $options);
print ' &lt;= <input type="text" size="2" name="MAIN_METEO_PERCENTAGE_LEVEL1" value="'.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL1.'"/>&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 2, $options);
print ' &lt;= <input type="text" size="2" name="MAIN_METEO_PERCENTAGE_LEVEL2" value="'.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL2.'"/>&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 3, $options);
print ' &lt;= <input type="text" size="2" name="MAIN_METEO_PERCENTAGE_LEVEL3" value="'.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL3.'"/>&nbsp;%</td>';
print '</div>';
print '</div>';
print '</div>';
print '</div>';
?>
?>
<script type="text/javascript">
<script type="text/javascript">
$(document).ready(function() {
$(document).ready(function() {
$("#change_mode").click(function() {
var use_percent = $("#MAIN_USE_METEO_WITH_PERCENTAGE");
var str_mode_std = "<?php print $str_mode_std; ?>";
var str_mode_percentage = "<?php print $str_mode_percentage; ?>";
$("#change_mode").click(function() {
var use_percent = $("#MAIN_USE_METEO_WITH_PERCENTAGE");
var str_mode_std = "<?php print $str_mode_std; ?>";
var str_mode_percentage = "<?php print $str_mode_percentage; ?>";
if(use_percent.val() == 1) {
use_percent.val(0);
$("#standard").show();
$("#percentage").hide();
$(this).html(str_mode_std);
} else {
use_percent.val(1);
$("#standard").hide();
$("#percentage").show();
$(this).html(str_mode_percentage);
}
});
if(use_percent.val() == 1) {
use_percent.val(0);
$("#standard").show();
$("#percentage").hide();
$(this).html(str_mode_std);
} else {
use_percent.val(1);
$("#standard").hide();
$("#percentage").show();
$(this).html(str_mode_percentage);
}
});
});
</script>
</script>
<?php
} else {
if (!empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE)) {
print '<div>';
print '<div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 0, $options);
print '= '.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL0.'&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 1, $options);
print '&lt;= '.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL1.'&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 2, $options);
print '&lt;= '.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL2.'&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 3, $options);
print '&lt;= '.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL3.'&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 4, $options);
print '&gt; '.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL3.'&nbsp;%</td>';
print '</div>';
print '</div>';
<?php
} else {
print '<div>';
print '<div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 0, $options);
print '= '.$level0;
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 1, $options);
print '&lt;= '.$level1;
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 2, $options);
print '&lt;= '.$level2;
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 3, $options);
print '&lt;= '.$level3;
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 4, $options);
print '&gt; '.$level3;
print '</div>';
print '</div>';
if (!empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE)) {
print '<div>';
print '<div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 0, $options);
print ' &lt;= '.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL0.'&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 1, $options);
print ' &lt;= '.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL1.'&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 2, $options);
print ' &lt;= '.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL2.'&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 3, $options);
print ' &lt;= '.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL3.'&nbsp;%</td>';
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 4, $options);
print ' &gt; '.$conf->global->MAIN_METEO_PERCENTAGE_LEVEL3.'&nbsp;%</td>';
print '</div>';
print '</div>';
} else {
print '<div>';
print '<div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 0, $options);
print ' &lt;= '.$level0;
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 1, $options);
print ' &lt;= '.$level1;
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 2, $options);
print ' &lt;= '.$level2;
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 3, $options);
print ' &lt;= '.$level3;
print '</div><div class="inline-block" style="padding-right: 20px">';
print img_weather($text, 4, $options);
print ' &gt; '.$level3;
print '</div>';
print '</div>';
}
}
}
print '</div>';
if ($action == 'edit') {
print '<br><div class="center"><input type="submit" class="button" value="'.$langs->trans("Save").'"></div>';

4
htdocs/admin/emailcollector_card.php
View File

@ -148,7 +148,7 @@ if (GETPOST('addoperation', 'alpha'))
{
$emailcollectoroperation = new EmailCollectorAction($db);
$emailcollectoroperation->type = GETPOST('operationtype', 'aZ09');
$emailcollectoroperation->actionparam = GETPOST('operationparam', 'none');
$emailcollectoroperation->actionparam = GETPOST('operationparam', 'restricthtml');
$emailcollectoroperation->fk_emailcollector = $object->id;
$emailcollectoroperation->status = 1;
$emailcollectoroperation->position = 50;
@ -168,7 +168,7 @@ if ($action == 'updateoperation')
$emailcollectoroperation = new EmailCollectorAction($db);
$emailcollectoroperation->fetch(GETPOST('rowidoperation2', 'int'));
$emailcollectoroperation->actionparam = GETPOST('operationparam2', 'none');
$emailcollectoroperation->actionparam = GETPOST('operationparam2', 'restricthtml');
$result = $emailcollectoroperation->update($user);

4
htdocs/admin/emailcollector_list.php
View File

@ -51,8 +51,8 @@ $id = GETPOST('id', 'int');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action
$offset = $limit * $page;

4
htdocs/admin/events.php
View File

@ -41,8 +41,8 @@ $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always ''
// Load variable for pagination
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters
$offset = $limit * $page;

6
htdocs/admin/expedition.php
View File

@ -40,7 +40,7 @@ $langs->loadLangs(array("admin", "sendings", "deliveries", "other"));
if (!$user->admin)
accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
$label = GETPOST('label', 'alpha');
$scandir = GETPOST('scan_dir', 'alpha');
@ -73,7 +73,7 @@ if ($action == 'updateMask')
}
} elseif ($action == 'set_param')
{
$freetext = GETPOST('SHIPPING_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('SHIPPING_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "SHIPPING_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
if ($res <= 0)
{
@ -296,7 +296,7 @@ $def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);

2
htdocs/admin/expedition_extrafields.php
View File

@ -47,7 +47,7 @@ $tmptype2label = ExtraFields::$type2label;
$type2label = array('');
foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val);
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$attrname = GETPOST('attrname', 'alpha');
$elementtype = 'expedition'; //Must be the $table_element of the class that manage extrafield

2
htdocs/admin/expeditiondet_extrafields.php
View File

@ -48,7 +48,7 @@ $tmptype2label = ExtraFields::$type2label;
$type2label = array('');
foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val);
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$attrname = GETPOST('attrname', 'alpha');
$elementtype = 'expeditiondet'; //Must be the $table_element of the class that manage extrafield

6
htdocs/admin/expensereport.php
View File

@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'errors', 'trips', 'other'));
if (!$user->admin) accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
$label = GETPOST('label', 'alpha');
$scandir = GETPOST('scan_dir', 'alpha');
@ -152,7 +152,7 @@ elseif ($action == 'setdoc')
{
$db->begin();
$freetext = GETPOST('EXPENSEREPORT_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('EXPENSEREPORT_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res1 = dolibarr_set_const($db, "EXPENSEREPORT_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
$draft = GETPOST('EXPENSEREPORT_DRAFT_WATERMARK', 'alpha');
@ -297,7 +297,7 @@ $type = 'expensereport';
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/expensereport_extrafields.php
View File

@ -44,7 +44,7 @@ $tmptype2label = ExtraFields::$type2label;
$type2label = array('');
foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val);
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$attrname = GETPOST('attrname', 'alpha');
$elementtype = 'expensereport'; //Must be the $table_element of the class that manage extrafield

2
htdocs/admin/expensereport_ik.php
View File

@ -37,7 +37,7 @@ if (!$user->admin) accessforbidden();
$error = 0;
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$id = GETPOST('id', 'int');
$ikoffset = GETPOST('ikoffset', 'int');
$coef = GETPOST('coef', 'int');

2
htdocs/admin/expensereport_rules.php
View File

@ -40,7 +40,7 @@ if (!$user->admin) accessforbidden();
$error = false;
$message = false;
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$id = GETPOST('id', 'int');
$apply_to = GETPOST('apply_to');

4
htdocs/admin/export.php
View File

@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'exports', 'other'));
if (!$user->admin)
accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
/*
@ -90,7 +90,7 @@ print '<tr class="oddeven">';
print '<td>'.$langs->trans("EXPORTS_SHARE_MODELS").'</td>';
print '<td class="center" width="20">&nbsp;</td>';
print '<td class="center" width="100">';
echo ajax_constantonoff('EXPORTS_SHARE_MODELS');
print ajax_constantonoff('EXPORTS_SHARE_MODELS');
print '</td></tr>';
print '<tr class="oddeven">';

4
htdocs/admin/external_rss.php
View File

@ -80,8 +80,8 @@ if ($action == 'add' || GETPOST("modify"))
{
// Supprime boite box_external_rss de definition des boites
/* $sql = "UPDATE ".MAIN_DB_PREFIX."boxes_def";
$sql.= " SET name = '".$boxlabel."'";
$sql.= " WHERE file ='box_external_rss.php' AND note like '".$_POST["norss"]." %'";
$sql.= " SET name = '".$db->escape($boxlabel)."'";
$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape($_POST["norss"])." %'";
$resql=$db->query($sql);
if (! $resql)

6
htdocs/admin/facture.php
View File

@ -38,7 +38,7 @@ $langs->loadLangs(array('admin', 'errors', 'other', 'bills'));
if (!$user->admin) accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
$label = GETPOST('label', 'alpha');
$scandir = GETPOST('scan_dir', 'alpha');
@ -180,7 +180,7 @@ elseif ($action == 'setdoc')
}
} elseif ($action == 'set_INVOICE_FREE_TEXT')
{
$freetext = GETPOST('INVOICE_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('INVOICE_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "INVOICE_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
@ -421,7 +421,7 @@ $type = 'invoice';
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/facture_situation.php
View File

@ -38,7 +38,7 @@ $langs->loadLangs(array('admin', 'errors', 'other', 'bills'));
if (!$user->admin) accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
$label = GETPOST('label', 'alpha');
$scandir = GETPOST('scan_dir', 'alpha');

2
htdocs/admin/fckeditor.php
View File

@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
// Load translation files required by the page
$langs->loadLangs(array('admin', 'fckeditor'));
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
// Possible modes are:
// dolibarr_details
// dolibarr_notes

6
htdocs/admin/fichinter.php
View File

@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'errors', 'interventions', 'other'));
if (!$user->admin) accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
$label = GETPOST('label', 'alpha');
$scandir = GETPOST('scan_dir', 'alpha');
@ -144,7 +144,7 @@ elseif ($action == 'setdoc')
dolibarr_set_const($db, "FICHEINTER_ADDON", $value, 'chaine', 0, '', $conf->entity);
} elseif ($action == 'set_FICHINTER_FREE_TEXT')
{
$freetext = GETPOST('FICHINTER_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('FICHINTER_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "FICHINTER_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
if (!$res > 0) $error++;
@ -349,7 +349,7 @@ $type = 'ficheinter';
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

6
htdocs/admin/holiday.php
View File

@ -35,7 +35,7 @@ $langs->loadLangs(array("admin", "errors", "holiday"));
if (!$user->admin) accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
$label = GETPOST('label', 'alpha');
$scandir = GETPOST('scan_dir', 'alpha');
@ -145,7 +145,7 @@ elseif ($action == 'setdoc')
dolibarr_set_const($db, "HOLIDAY_ADDON", $value, 'chaine', 0, '', $conf->entity);
} elseif ($action == 'set_other')
{
$freetext = GETPOST('HOLIDAY_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('HOLIDAY_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res1 = dolibarr_set_const($db, "HOLIDAY_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
$draft = GETPOST('HOLIDAY_DRAFT_WATERMARK', 'alpha');
@ -299,7 +299,7 @@ print load_fiche_titre($langs->trans("TemplatePDFHolidays"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/holiday_extrafields.php
View File

@ -44,7 +44,7 @@ $tmptype2label = ExtraFields::$type2label;
$type2label = array('');
foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val);
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$attrname = GETPOST('attrname', 'alpha');
$elementtype = 'holiday'; //Must be the $table_element of the class that manage extrafield

4
htdocs/admin/ihm.php
View File

@ -164,8 +164,8 @@ if ($action == 'update')
dolibarr_set_const($db, "MAIN_FIRSTNAME_NAME_POSITION", GETPOST("MAIN_FIRSTNAME_NAME_POSITION", 'aZ09'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MOTD", dol_htmlcleanlastbr(GETPOST("main_motd", 'none')), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_HOME", dol_htmlcleanlastbr(GETPOST("main_home", 'none')), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MOTD", dol_htmlcleanlastbr(GETPOST("main_motd", 'restricthtml')), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_HOME", dol_htmlcleanlastbr(GETPOST("main_home", 'restricthtml')), 'chaine', 0, '', $conf->entity);
//dolibarr_set_const($db, "MAIN_BUGTRACK_ENABLELINK", GETPOST('MAIN_BUGTRACK_ENABLELINK', 'aZ09'), 'chaine', 0, '', $conf->entity);
//dolibarr_set_const($db, "MAIN_HELP_DISABLELINK", GETPOST("MAIN_HELP_DISABLELINK", 'aZ09'), 'chaine', 0, '', 0); // Param for all entities

2
htdocs/admin/import.php
View File

@ -38,7 +38,7 @@ $langs->loadLangs(array('admin', 'exports', 'other'));
if (!$user->admin)
accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$value = GETPOST('value', 'alpha');
/*

4
htdocs/admin/limits.php
View File

@ -31,7 +31,7 @@ $langs->loadLangs(array('companies', 'products', 'admin'));
if (!$user->admin) accessforbidden();
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$currencycode = GETPOST('currencycode', 'alpha');
if (!empty($conf->multicurrency->enabled) && !empty($conf->global->MULTICURRENCY_USE_LIMIT_BY_CURRENCY)) {
@ -243,7 +243,7 @@ if (empty($mysoc->country_code))
$sql = "SELECT taux as vat_rate, t.code as vat_code, t.localtax1 as localtax_rate1, t.localtax2 as localtax_rate2";
$sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c";
$sql .= " WHERE t.active=1 AND t.fk_pays = c.rowid AND c.code='".$mysoc->country_code."' AND (t.taux <> 0 OR t.localtax1 <>0 OR t.localtax2 <>0)";
$sql .= " WHERE t.active=1 AND t.fk_pays = c.rowid AND c.code='".$db->escape($mysoc->country_code)."' AND (t.taux <> 0 OR t.localtax1 <>0 OR t.localtax2 <>0)";
$sql .= " ORDER BY t.taux ASC";
$resql = $db->query($sql);
if ($resql)

Some files were not shown because too many files have changed in this diff Show More