lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:Dolibarr/dolibarr into develop_new_collapse_batch_detail

Browse Source
This commit is contained in:
Gauthier PC portable 024 2021-04-27 09:28:08 +02:00
commit ed8b9fda13
280 changed files with 9802 additions and 21297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
COPYRIGHT
View File

@ -54,7 +54,7 @@ jQuery TableDnD 0.6 GPL and MIT License Yes
jQuery Timepicker 1.1.0 GPL and MIT License Yes JS library Timepicker addon for Datepicker
jsGanttImproved 2.7.3 BSD License Yes JS library (to build Gantt reports)
JsTimezoneDetect 1.0.6 MIT License Yes JS library to detect user timezone
SwaggerUI 2.0.24 GPL-2+ Yes JS library to offer the REST API explorer
SwaggerUI 2.2.10 GPL-2+ Yes JS library to offer the REST API explorer
Image libraries:
Octicons 8.1 MIT Yes

2
build/rpm/dolibarr_fedora.spec
View File

@ -185,6 +185,7 @@ done >>%{name}.lang
%_datadir/dolibarr/htdocs/don
%_datadir/dolibarr/htdocs/ecm
%_datadir/dolibarr/htdocs/emailcollector
%_datadir/dolibarr/htdocs/eventorganization
%_datadir/dolibarr/htdocs/expedition
%_datadir/dolibarr/htdocs/expensereport
%_datadir/dolibarr/htdocs/exports
@ -206,6 +207,7 @@ done >>%{name}.lang
%_datadir/dolibarr/htdocs/mrp
%_datadir/dolibarr/htdocs/multicurrency
%_datadir/dolibarr/htdocs/opensurvey
%_datadir/dolibarr/htdocs/partnership
%_datadir/dolibarr/htdocs/paybox
%_datadir/dolibarr/htdocs/paypal
%_datadir/dolibarr/htdocs/printing

5
build/rpm/dolibarr_generic.spec
View File

@ -67,7 +67,8 @@ Requires: httpd, php >= 5.3.0, php-cli, php-gd, php-ldap, php-imap, php-mbstring
Requires: mysql-server, mysql
Requires: php-mysqli >= 4.1.0
%endif
%endif
%endif%_datadir/dolibarr/htdocs/eventorganization
%endif
# Set yes to build test package, no for release (this disable need of /usr/bin/php not found by OpenSuse)
@ -265,6 +266,7 @@ done >>%{name}.lang
%_datadir/dolibarr/htdocs/don
%_datadir/dolibarr/htdocs/ecm
%_datadir/dolibarr/htdocs/emailcollector
%_datadir/dolibarr/htdocs/eventorganization
%_datadir/dolibarr/htdocs/expedition
%_datadir/dolibarr/htdocs/expensereport
%_datadir/dolibarr/htdocs/exports
@ -286,6 +288,7 @@ done >>%{name}.lang
%_datadir/dolibarr/htdocs/mrp
%_datadir/dolibarr/htdocs/multicurrency
%_datadir/dolibarr/htdocs/opensurvey
%_datadir/dolibarr/htdocs/partnership
%_datadir/dolibarr/htdocs/paybox
%_datadir/dolibarr/htdocs/paypal
%_datadir/dolibarr/htdocs/printing

2
build/rpm/dolibarr_mandriva.spec
View File

@ -182,6 +182,7 @@ done >>%{name}.lang
%_datadir/dolibarr/htdocs/don
%_datadir/dolibarr/htdocs/ecm
%_datadir/dolibarr/htdocs/emailcollector
%_datadir/dolibarr/htdocs/eventorganization
%_datadir/dolibarr/htdocs/expedition
%_datadir/dolibarr/htdocs/expensereport
%_datadir/dolibarr/htdocs/exports
@ -203,6 +204,7 @@ done >>%{name}.lang
%_datadir/dolibarr/htdocs/mrp
%_datadir/dolibarr/htdocs/multicurrency
%_datadir/dolibarr/htdocs/opensurvey
%_datadir/dolibarr/htdocs/partnership
%_datadir/dolibarr/htdocs/paybox
%_datadir/dolibarr/htdocs/paypal
%_datadir/dolibarr/htdocs/printing

2
build/rpm/dolibarr_opensuse.spec
View File

@ -193,6 +193,7 @@ done >>%{name}.lang
%_datadir/dolibarr/htdocs/don
%_datadir/dolibarr/htdocs/ecm
%_datadir/dolibarr/htdocs/emailcollector
%_datadir/dolibarr/htdocs/eventorganization
%_datadir/dolibarr/htdocs/expedition
%_datadir/dolibarr/htdocs/expensereport
%_datadir/dolibarr/htdocs/exports
@ -214,6 +215,7 @@ done >>%{name}.lang
%_datadir/dolibarr/htdocs/mrp
%_datadir/dolibarr/htdocs/multicurrency
%_datadir/dolibarr/htdocs/opensurvey
%_datadir/dolibarr/htdocs/partnership
%_datadir/dolibarr/htdocs/paybox
%_datadir/dolibarr/htdocs/paypal
%_datadir/dolibarr/htdocs/printing

10
dev/dolibarr_changes.txt
View File

@ -225,9 +225,6 @@ JQUERYFILETREE:
RESTLER:
--------
Change content of file htdocs/includes/restler/framework/Luracast/Restler/explorer/index.html
+With swagger 2:
* Add line into Util.php to complete function
@ -249,6 +246,13 @@ Change content of file htdocs/includes/restler/framework/Luracast/Restler/explor
if (!is_string($haystack)) return false;
+With swagger 2 provided into /explorer:
----------------------------------------
Change content of file htdocs/includes/restler/framework/Luracast/Restler/explorer/index.html
PARSEDOWN
---------

2
htdocs/accountancy/admin/accountmodel.php
View File

@ -442,7 +442,7 @@ if ($id) {
} else {
$sql .= " WHERE ";
}
$sql .= " c.rowid = ".$search_country_id;
$sql .= " c.rowid = ".((int) $search_country_id);
}
// If sort order is "country", we use country_code instead

2
htdocs/accountancy/bookkeeping/card.php
View File

@ -563,7 +563,7 @@ if ($action == 'create') {
{
$sqlmid = 'SELECT rowid as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."facture as fac";
$sqlmid .= " WHERE fac.rowid=" . $object->fk_doc;
$sqlmid .= " WHERE fac.rowid=" . ((int) $object->fk_doc);
dol_syslog("accountancy/bookkeeping/card.php::sqlmid=" . $sqlmid, LOG_DEBUG);
$resultmid = $db->query($sqlmid);
if ($resultmid) {

10
htdocs/accountancy/class/accountancycategory.class.php
View File

@ -473,7 +473,7 @@ class AccountancyCategory // extends CommonObject
$sql .= " SELECT DISTINCT aa.account_number";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
$sql .= " AND asy.rowid = ".$conf->global->CHARTOFACCOUNTS;
$sql .= " AND asy.rowid = ".((int) $conf->global->CHARTOFACCOUNTS);
$sql .= " AND aa.active = 1";
$sql .= " AND aa.entity = ".$conf->entity.")";
$sql .= " GROUP BY t.numero_compte, t.label_operation, t.doc_ref";
@ -562,7 +562,7 @@ class AccountancyCategory // extends CommonObject
$sql = "SELECT aa.rowid, aa.account_number";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
$sql .= " AND asy.rowid = ".$conf->global->CHARTOFACCOUNTS;
$sql .= " AND asy.rowid = ".((int) $conf->global->CHARTOFACCOUNTS);
$sql .= " AND aa.active = 1";
$sql .= " AND aa.entity = ".$conf->entity;
$sql .= " ORDER BY LENGTH(aa.account_number) DESC;"; // LENGTH is ok with mysql and postgresql
@ -589,8 +589,8 @@ class AccountancyCategory // extends CommonObject
$accountincptsadded[$account_number_formated] = 1;
// We found an account number that is in list $cpts of account to add
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account";
$sql .= " SET fk_accounting_category=".$id_cat;
$sql .= " WHERE rowid=".$obj->rowid;
$sql .= " SET fk_accounting_category=".((int) $id_cat);
$sql .= " WHERE rowid=".((int) $obj->rowid);
dol_syslog(__METHOD__, LOG_DEBUG);
$resqlupdate = $this->db->query($sql);
if (!$resqlupdate) {
@ -629,7 +629,7 @@ class AccountancyCategory // extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account as aa";
$sql .= " SET fk_accounting_category= 0";
$sql .= " WHERE aa.rowid= ".$cpt_id;
$sql .= " WHERE aa.rowid = ".((int) $cpt_id);
$this->db->begin();
dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG);

2
htdocs/accountancy/class/accountancyexport.class.php
View File

@ -557,7 +557,7 @@ class AccountancyExport
$Tab['signe_montant'] = '+';
// The amount must be in centimes without decimal points.
$Tab['montant'] = str_pad(abs(($data->debit - $abs->credit) * 100), 12, '0', STR_PAD_LEFT);
$Tab['montant'] = str_pad(abs(($data->debit - $data->credit) * 100), 12, '0', STR_PAD_LEFT);
$Tab['contrepartie'] = str_repeat(' ', 8);
// Force date format : %d%m%y

4
htdocs/accountancy/class/accountingaccount.class.php
View File

@ -347,10 +347,10 @@ class AccountingAccount extends CommonObject
$sql .= " , label = ".($this->label ? "'".$this->db->escape($this->label)."'" : "''");
$sql .= " , labelshort = ".($this->labelshort ? "'".$this->db->escape($this->labelshort)."'" : "''");
$sql .= " , fk_accounting_category = ".(empty($this->account_category) ? 0 : (int) $this->account_category);
$sql .= " , fk_user_modif = ".$user->id;
$sql .= " , fk_user_modif = ".((int) $user->id);
$sql .= " , active = ".(int) $this->active;
$sql .= " , reconcilable = ".(int) $this->reconcilable;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG);
$result = $this->db->query($sql);

12
htdocs/accountancy/class/bookkeeping.class.php
View File

@ -371,8 +371,8 @@ class BookKeeping extends CommonObject
$sql .= ", ".(!isset($this->date_lim_reglement) || dol_strlen($this->date_lim_reglement) == 0 ? 'NULL' : "'".$this->db->idate($this->date_lim_reglement)."'");
$sql .= ", '".$this->db->escape($this->doc_type)."'";
$sql .= ", '".$this->db->escape($this->doc_ref)."'";
$sql .= ", ".$this->fk_doc;
$sql .= ", ".$this->fk_docdet;
$sql .= ", ".((int) $this->fk_doc);
$sql .= ", ".((int) $this->fk_docdet);
$sql .= ", ".(!empty($this->thirdparty_code) ? ("'".$this->db->escape($this->thirdparty_code)."'") : "NULL");
$sql .= ", ".(!empty($this->subledger_account) ? ("'".$this->db->escape($this->subledger_account)."'") : "NULL");
$sql .= ", ".(!empty($this->subledger_label) ? ("'".$this->db->escape($this->subledger_label)."'") : "NULL");
@ -632,8 +632,8 @@ class BookKeeping extends CommonObject
$sql .= ' '.(!isset($this->date_lim_reglement) || dol_strlen($this->date_lim_reglement) == 0 ? 'NULL' : "'".$this->db->idate($this->date_lim_reglement)."'").',';
$sql .= ' '.(!isset($this->doc_type) ? 'NULL' : "'".$this->db->escape($this->doc_type)."'").',';
$sql .= ' '.(!isset($this->doc_ref) ? 'NULL' : "'".$this->db->escape($this->doc_ref)."'").',';
$sql .= ' '.(empty($this->fk_doc) ? '0' : $this->fk_doc).',';
$sql .= ' '.(empty($this->fk_docdet) ? '0' : $this->fk_docdet).',';
$sql .= ' '.(empty($this->fk_doc) ? '0' : (int) $this->fk_doc).',';
$sql .= ' '.(empty($this->fk_docdet) ? '0' : (int) $this->fk_docdet).',';
$sql .= ' '.(!isset($this->thirdparty_code) ? 'NULL' : "'".$this->db->escape($this->thirdparty_code)."'").',';
$sql .= ' '.(!isset($this->subledger_account) ? 'NULL' : "'".$this->db->escape($this->subledger_account)."'").',';
$sql .= ' '.(!isset($this->subledger_label) ? 'NULL' : "'".$this->db->escape($this->subledger_label)."'").',';
@ -1860,7 +1860,7 @@ class BookKeeping extends CommonObject
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.account_number = ab.numero_compte";
$sql .= " AND aa.active = 1";
$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
$sql .= " AND asy.rowid = " . $pcgver;
$sql .= " AND asy.rowid = " . ((int) $pcgver);
$sql .= " AND ab.entity IN (" . getEntity('accountancy') . ")";
$sql .= " ORDER BY account_number ASC";
*/
@ -1893,7 +1893,7 @@ class BookKeeping extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON aa.account_number = ab.numero_compte";
$sql .= " AND aa.active = 1";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
$sql .= " AND asy.rowid = ".$pcgver;
$sql .= " AND asy.rowid = ".((int) $pcgver);
$sql .= " AND ab.entity IN (".getEntity('accountancy').")";
$sql .= " ORDER BY account_number ASC";

4
htdocs/accountancy/customer/index.php
View File

@ -110,13 +110,13 @@ if ($action == 'validatehistory') {
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet";
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
$sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number";
$sql1 .= " AND " . MAIN_DB_PREFIX . "facturedet.fk_code_ventilation = 0";
} else {
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet as fd, " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number";
$sql1 .= " AND fd.fk_code_ventilation = 0";
}*/

4
htdocs/accountancy/expensereport/index.php
View File

@ -103,13 +103,13 @@ if ($action == 'validatehistory') {
$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det";
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
$sql1 .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst";
$sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=".$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
$sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
$sql1 .= " AND accnt.active = 1 AND t.accountancy_code = accnt.account_number";
$sql1 .= " AND ".MAIN_DB_PREFIX."expensereport_det.fk_code_ventilation = 0";
} else {
$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd, ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst";
$sql1 .= " SET erd.fk_code_ventilation = accnt.rowid";
$sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=".$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
$sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
$sql1 .= " AND accnt.active = 1 AND t.accountancy_code=accnt.account_number";
$sql1 .= " AND erd.fk_code_ventilation = 0";
}

18
htdocs/accountancy/journal/bankjournal.php
View File

@ -130,7 +130,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu3 ON bu3.fk_bank = b.rowid A
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu4 ON bu4.fk_bank = b.rowid AND bu4.type='payment_supplier'";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as soc on bu1.url_id=soc.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u on bu2.url_id=u.rowid";
$sql .= " WHERE ba.fk_accountancy_journal=".$id_journal;
$sql .= " WHERE ba.fk_accountancy_journal=".((int) $id_journal);
$sql .= ' AND b.amount != 0 AND ba.entity IN ('.getEntity('bank_account', 0).')'; // We don't share object for accountancy
if ($date_start && $date_end) {
$sql .= " AND b.dateo >= '".$db->idate($date_start)."' AND b.dateo <= '".$db->idate($date_end)."'";
@ -1323,42 +1323,42 @@ function getSourceDocRef($val, $typerecord)
} elseif ($typerecord == 'payment_supplier') {
$sqlmid = 'SELECT payfac.fk_facturefourn as id, f.ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."paiementfourn_facturefourn as payfac, ".MAIN_DB_PREFIX."facture_fourn as f";
$sqlmid .= " WHERE payfac.fk_facturefourn = f.rowid AND payfac.fk_paiementfourn=".$val["paymentsupplierid"];
$sqlmid .= " WHERE payfac.fk_facturefourn = f.rowid AND payfac.fk_paiementfourn=".((int) $val["paymentsupplierid"]);
$ref = $langs->transnoentitiesnoconv("SupplierInvoice");
} elseif ($typerecord == 'payment_expensereport') {
$sqlmid = 'SELECT e.rowid as id, e.ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_expensereport as pe, ".MAIN_DB_PREFIX."expensereport as e";
$sqlmid .= " WHERE pe.rowid=".$val["paymentexpensereport"]." AND pe.fk_expensereport = e.rowid";
$sqlmid .= " WHERE pe.rowid=".((int) $val["paymentexpensereport"])." AND pe.fk_expensereport = e.rowid";
$ref = $langs->transnoentitiesnoconv("ExpenseReport");
} elseif ($typerecord == 'payment_salary') {
$sqlmid = 'SELECT s.rowid as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_salary as s";
$sqlmid .= " WHERE s.rowid=".$val["paymentsalid"];
$sqlmid .= " WHERE s.rowid=".((int) $val["paymentsalid"]);
$ref = $langs->transnoentitiesnoconv("SalaryPayment");
} elseif ($typerecord == 'sc') {
$sqlmid = 'SELECT sc.rowid as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."paiementcharge as sc";
$sqlmid .= " WHERE sc.rowid=".$val["paymentscid"];
$sqlmid .= " WHERE sc.rowid=".((int) $val["paymentscid"]);
$ref = $langs->transnoentitiesnoconv("SocialContribution");
} elseif ($typerecord == 'payment_vat') {
$sqlmid = 'SELECT v.rowid as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."tva as v";
$sqlmid .= " WHERE v.rowid=".$val["paymentvatid"];
$sqlmid .= " WHERE v.rowid=".((int) $val["paymentvatid"]);
$ref = $langs->transnoentitiesnoconv("PaymentVat");
} elseif ($typerecord == 'payment_donation') {
$sqlmid = 'SELECT payd.fk_donation as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_donation as payd";
$sqlmid .= " WHERE payd.fk_donation=".$val["paymentdonationid"];
$sqlmid .= " WHERE payd.fk_donation=".((int) $val["paymentdonationid"]);
$ref = $langs->transnoentitiesnoconv("Donation");
} elseif ($typerecord == 'payment_loan') {
$sqlmid = 'SELECT l.rowid as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_loan as l";
$sqlmid .= " WHERE l.rowid=".$val["paymentloanid"];
$sqlmid .= " WHERE l.rowid=".((int) $val["paymentloanid"]);
$ref = $langs->transnoentitiesnoconv("LoanPayment");
} elseif ($typerecord == 'payment_various') {
$sqlmid = 'SELECT v.rowid as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_various as v";
$sqlmid .= " WHERE v.rowid=".$val["paymentvariousid"];
$sqlmid .= " WHERE v.rowid=".((int) $val["paymentvariousid"]);
$ref = $langs->transnoentitiesnoconv("VariousPayment");
}
// Add warning

4
htdocs/accountancy/supplier/index.php
View File

@ -118,13 +118,13 @@ if ($action == 'validatehistory') {
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facture_fourn_det";
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
$sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facture_fourn_det.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facture_fourn_det.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_buy=accnt.account_number";
$sql1 .= " AND " . MAIN_DB_PREFIX . "facture_fourn_det.fk_code_ventilation = 0";
} else {
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facture_fourn_det as fd, " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_buy=accnt.account_number";
$sql1 .= " AND fd.fk_code_ventilation = 0";
}*/

10
htdocs/adherents/class/adherent.class.php
View File

@ -1570,9 +1570,11 @@ class Adherent extends CommonObject
* @param string $emetteur_nom Name of cheque writer
* @param string $emetteur_banque Name of bank of cheque
* @param string $autocreatethirdparty Auto create new thirdparty if member not yet linked to a thirdparty and we request an option that generate invoice.
* @param string $ext_payment_id External id of payment (for example Stripe charge id)
* @param string $ext_payment_site Name of external paymentmode (for example 'stripe')
* @return int <0 if KO, >0 if OK
*/
public function subscriptionComplementaryActions($subscriptionid, $option, $accountid, $datesubscription, $paymentdate, $operation, $label, $amount, $num_chq, $emetteur_nom = '', $emetteur_banque = '', $autocreatethirdparty = 0)
public function subscriptionComplementaryActions($subscriptionid, $option, $accountid, $datesubscription, $paymentdate, $operation, $label, $amount, $num_chq, $emetteur_nom = '', $emetteur_banque = '', $autocreatethirdparty = 0, $ext_payment_id = '', $ext_payment_site = '')
{
global $conf, $langs, $user, $mysoc;
@ -1597,8 +1599,8 @@ class Adherent extends CommonObject
$inserturlid = $acct->add_url_line($insertid, $this->id, DOL_URL_ROOT.'/adherents/card.php?rowid=', $this->getFullname($langs), 'member');
if ($inserturlid > 0) {
// Update table subscription
$sql = "UPDATE ".MAIN_DB_PREFIX."subscription SET fk_bank=".$insertid;
$sql .= " WHERE rowid=".$subscriptionid;
$sql = "UPDATE ".MAIN_DB_PREFIX."subscription SET fk_bank=".((int) $insertid);
$sql .= " WHERE rowid=".((int) $subscriptionid);
dol_syslog("subscription::subscription", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -1752,6 +1754,8 @@ class Adherent extends CommonObject
$paiement->paiementid = dol_getIdFromCode($this->db, $operation, 'c_paiement', 'code', 'id', 1);
$paiement->num_payment = $num_chq;
$paiement->note_public = $label;
$paiement->ext_payment_id = $ext_payment_id;
$paiement->ext_payment_site = $ext_payment_site;
if (!$error) {
// Create payment line for invoice

2
htdocs/adherents/class/adherent_type.class.php
View File

@ -365,7 +365,7 @@ class AdherentType extends CommonObject
$sql .= "note = '".$this->db->escape($this->note)."',";
$sql .= "vote = ".(integer) $this->db->escape($this->vote).",";
$sql .= "mail_valid = '".$this->db->escape($this->mail_valid)."'";
$sql .= " WHERE rowid =".$this->id;
$sql .= " WHERE rowid =".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {

4
htdocs/adherents/class/subscription.class.php
View File

@ -165,7 +165,7 @@ class Subscription extends CommonObject
} else {
$type = $this->fk_type;
}
$sql .= " VALUES (".$this->fk_adherent.", '".$this->db->escape($type)."', '".$this->db->idate($now)."',";
$sql .= " VALUES (".((int) $this->fk_adherent).", '".$this->db->escape($type)."', '".$this->db->idate($now)."',";
$sql .= " '".$this->db->idate($this->dateh)."',";
$sql .= " '".$this->db->idate($this->datef)."',";
$sql .= " ".$this->amount.",";
@ -217,7 +217,7 @@ class Subscription extends CommonObject
$sql .= " datef,";
$sql .= " subscription, note, fk_bank";
$sql .= " FROM ".MAIN_DB_PREFIX."subscription";
$sql .= " WHERE rowid=".$rowid;
$sql .= " WHERE rowid=".((int) $rowid);
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/adherents/list.php
View File

@ -318,7 +318,7 @@ if ($sall) {
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
}
if ($search_type > 0) {
$sql .= " AND t.rowid=".$db->escape($search_type);
$sql .= " AND t.rowid=".((int) $search_type);
}
if ($search_filter == 'withoutsubscription') {
$sql .= " AND (datefin IS NULL OR t.subscription = 0)";

2
htdocs/adherents/subscription.php
View File

@ -677,7 +677,7 @@ if ($rowid > 0) {
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."subscription as c";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON c.fk_bank = b.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.rowid";
$sql .= " WHERE d.rowid = c.fk_adherent AND d.rowid=".$rowid;
$sql .= " WHERE d.rowid = c.fk_adherent AND d.rowid=".((int) $rowid);
$sql .= $db->order($sortfield, $sortorder);
$result = $db->query($sql);

2
htdocs/adherents/subscription/list.php
View File

@ -170,7 +170,7 @@ if (isset($date_select) && $date_select != '') {
}
if ($search_ref) {
if (is_numeric($search_ref)) {
$sql .= " AND (c.rowid = ".$db->escape($search_ref).")";
$sql .= " AND c.rowid = ".((int) $search_ref);
} else {
$sql .= " AND 1 = 2"; // Always wrong
}

2
htdocs/adherents/type.php
View File

@ -500,7 +500,7 @@ if ($rowid > 0) {
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."adherent_type as t";
$sql .= " WHERE d.fk_adherent_type = t.rowid ";
$sql .= " AND d.entity IN (".getEntity('adherent').")";
$sql .= " AND t.rowid = ".$object->id;
$sql .= " AND t.rowid = ".((int) $object->id);
if ($sall) {
$sql .= natural_search(array("f.firstname", "d.lastname", "d.societe", "d.email", "d.login", "d.address", "d.town", "d.note_public", "d.note_private"), $sall);
}

2
htdocs/admin/accountant.php
View File

@ -17,7 +17,7 @@
/**
* \file htdocs/admin/accountant.php
* \ingroup accountant
* \ingroup core
* \brief Setup page to configure accountant / auditor
*/

68
htdocs/admin/accounting.php Normal file
View File

@ -0,0 +1,68 @@
<?php
/* Copyright (C) 2018 Alexandre Spangaro <aspangaro@open-dsi.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/admin/accounting.php
* \ingroup accounting
* \brief Setup page to configure accountanting module
*/
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
$action = GETPOST('action', 'aZ09');
$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'adminaccoutant'; // To manage different context of search
// Load translation files required by the page
$langs->loadLangs(array('admin', 'companies'));
if (!$user->admin) {
accessforbidden();
}
$error = 0;
/*
* Actions
*/
// Nothing
/*
* View
*/
$help_url = '';
llxHeader('', $langs->trans("ConfigAccountingExpert"), $help_url);
$linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
print load_fiche_titre($langs->trans("ConfigAccountingExpert"), $linkback, 'title_setup');
print "<br>\n";
print '<span class="opacitymedium">'.$langs->trans("AccountancySetupDoneFromAccountancyMenu", $langs->transnoentitiesnoconv("Accounting").' - '.$langs->transnoentitiesnoconv("Setup"))."</span><br>\n";
print "<br>\n";
llxFooter();
$db->close();

8
htdocs/admin/boxes.php
View File

@ -114,8 +114,8 @@ if ($action == 'add') {
if (empty($arrayofexistingboxid[$boxid['value']])) {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."boxes (";
$sql .= "box_id, position, box_order, fk_user, entity";
$sql .= ") values (";
$sql .= $boxid['value'].", ".$pos.", '".(($nbboxonleft > $nbboxonright) ? 'B01' : 'A01')."', ".$fk_user.", ".$conf->entity;
$sql .= ") VALUES (";
$sql .= $boxid['value'].", ".((int) $pos).", '".(($nbboxonleft > $nbboxonright) ? 'B01' : 'A01')."', ".$fk_user.", ".$conf->entity;
$sql .= ")";
dol_syslog("boxes.php activate box", LOG_DEBUG);
@ -156,7 +156,7 @@ if ($action == 'delete') {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes";
$sql .= " WHERE entity = ".$conf->entity;
$sql .= " AND box_id=".$obj->box_id;
$sql .= " AND box_id=".((int) $obj->box_id);
$resql = $db->query($sql);
@ -255,7 +255,7 @@ if ($resql) {
// We renumber the order of the boxes if one of them is in ''
// This occurs just after an insert.
if ($decalage) {
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($decalage)."' WHERE rowid=".$obj->rowid;
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($decalage)."' WHERE rowid=".((int) $obj->rowid);
$db->query($sql);
}
}

2
htdocs/admin/dict.php
View File

@ -1151,7 +1151,7 @@ if ($id) {
$sql .= " WHERE 1 = 1";
}
if ($search_country_id > 0) {
$sql .= " AND c.rowid = ".$search_country_id;
$sql .= " AND c.rowid = ".((int) $search_country_id);
}
if ($search_code != '' && $id == 9) {
$sql .= natural_search("code_iso", $search_code);

2
htdocs/admin/external_rss.php
View File

@ -136,7 +136,7 @@ if (GETPOST("delete")) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes";
$sql .= " WHERE entity = ".$conf->entity;
$sql .= " AND box_id = ".$obj->rowid;
$sql .= " AND box_id = ".((int) $obj->rowid);
$resql = $db->query($sql);
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def";

2
htdocs/admin/mails.php
View File

@ -719,7 +719,7 @@ if ($action == 'edit') {
$liste['user'] = $langs->trans('UserEmail');
$liste['company'] = $langs->trans('CompanyEmail').' ('.(empty($conf->global->MAIN_INFO_SOCIETE_MAIL) ? $langs->trans("NotDefined") : $conf->global->MAIN_INFO_SOCIETE_MAIL).')';
$sql = 'SELECT rowid, label, email FROM '.MAIN_DB_PREFIX.'c_email_senderprofile';
$sql .= ' WHERE active = 1 AND (private = 0 OR private = '.$user->id.')';
$sql .= ' WHERE active = 1 AND (private = 0 OR private = '.((int) $user->id).')';
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);

14
htdocs/admin/modules.php
View File

@ -521,8 +521,8 @@ if ($mode == 'common' || $mode == 'commonkanban') {
$moreforfilter = '<div class="valignmiddle">';
$moreforfilter .= '<div class="floatright right pagination --module-list"><ul><li>';
$moreforfilter .= dolGetButtonTitle($langs->trans('CheckForModuleUpdate'), $langs->trans('CheckForModuleUpdateHelp'), 'fa fa-check-double ', $_SERVER["PHP_SELF"].'?action=checklastversion&token='.newToken().'&mode='.$mode.$param, '', 1, array('morecss'=>'reposition'));
$moreforfilter .= '</li><li>'.dolGetButtonTitleSeparator();
$moreforfilter .= dolGetButtonTitle($langs->trans('CheckForModuleUpdate'), $langs->trans('CheckForModuleUpdate').'<br>'.$langs->trans('CheckForModuleUpdateHelp'), 'fa fa-sync', $_SERVER["PHP_SELF"].'?action=checklastversion&token='.newToken().'&mode='.$mode.$param, '', 1, array('morecss'=>'reposition'));
$moreforfilter .= dolGetButtonTitleSeparator();
$moreforfilter .= dolGetButtonTitle($langs->trans('ViewKanban'), '', 'fa fa-th-list imgforviewmode', $_SERVER["PHP_SELF"].'?mode=commonkanban'.$param, '', ($mode == 'commonkanban' ? 2 : 1), array('morecss'=>'reposition'));
$moreforfilter .= dolGetButtonTitle($langs->trans('ViewList'), '', 'fa fa-list-alt imgforviewmode', $_SERVER["PHP_SELF"].'?mode=common'.$param, '', ($mode == 'common' ? 2 : 1), array('morecss'=>'reposition'));
$moreforfilter .= '</li></ul></div>';
@ -584,6 +584,7 @@ if ($mode == 'common' || $mode == 'commonkanban') {
// Show list of modules
$oldfamily = '';
$foundoneexternalmodulewithupdate = 0;
$linenum = 0;
foreach ($orders as $key => $value) {
$linenum++;
@ -915,6 +916,7 @@ if ($mode == 'common' || $mode == 'commonkanban') {
if ($objMod->needUpdate) {
$versionTitle = $langs->trans('ModuleUpdateAvailable').' : '.$objMod->lastVersion;
print '<span class="badge badge-warning classfortooltip" title="'.dol_escape_htmltag($versionTitle).'">'.$versiontrans.'</span>';
$foundoneexternalmodulewithupdate++;
} else {
print $versiontrans;
}
@ -934,6 +936,14 @@ if ($mode == 'common' || $mode == 'commonkanban') {
}
}
if ($action == 'checklastversion') {
if ($foundoneexternalmodulewithupdate) {
setEventMessages($langs->trans("ModuleUpdateAvailable"), null, 'mesgs');
} else {
setEventMessages($langs->trans("NoExternalModuleWithUpdate"), null, 'mesgs');
}
}
if ($oldfamily) {
if ($mode == 'commonkanban') {
print '</div>';

2
htdocs/admin/payment.php
View File

@ -189,7 +189,7 @@ foreach ($dirmodels as $reldir) {
if ($conf->global->PAYMENT_ADDON == $file || $conf->global->PAYMENT_ADDON.'.php' == $file) {
print img_picto($langs->trans("Activated"), 'switch_on');
} else {
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?action=setmo&token='.newToken().'&value='.preg_replace('/\.php$/', '', $file).'&scan_dir='.$module->scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"), 'switch_off').'</a>';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?action=setmod&token='.newToken().'&value='.preg_replace('/\.php$/', '', $file).'&scan_dir='.$module->scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"), 'switch_off').'</a>';
}
print '</td>';

2
htdocs/admin/security.php
View File

@ -71,7 +71,7 @@ if ($action == 'activate_encrypt') {
if (dol_hash($obj->pass)) {
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
$sql .= " SET pass_crypted = '".dol_hash($obj->pass)."', pass = NULL";
$sql .= " WHERE rowid=".$obj->rowid;
$sql .= " WHERE rowid=".((int) $obj->rowid);
//print $sql;
$resql2 = $db->query($sql);

2
htdocs/admin/system/filecheck.php
View File

@ -124,7 +124,7 @@ if ($enableremotecheck) {
print '<input type="radio" name="target" id="checkboxremote" value="remote"'.(GETPOST('target') == 'remote' ? 'checked="checked"' : '').'> <label for="checkboxremote">'.$langs->trans("RemoteSignature").'</label> = ';
print '<input name="xmlremote" class="flat minwidth400" value="'.dol_escape_htmltag($xmlremote).'"><br>';
} else {
print '<input type="radio" name="target" value="remote" disabled="disabled"> '.$langs->trans("RemoteSignature").' = '.$xmlremote;
print '<input type="radio" name="target" value="remote" disabled="disabled"> '.$langs->trans("RemoteSignature").' = '.dol_escape_htmltag($xmlremote);
if (!GETPOST('xmlremote')) {
print ' <span class="warning">('.$langs->trans("FeatureAvailableOnlyOnStable").')</span>';
}

8
htdocs/admin/translation.php
View File

@ -289,7 +289,7 @@ if ($mode == 'overwrite') {
print "\n";
print '<tr class="oddeven"><td>';
print $formadmin->select_language(GETPOST('langcode'), 'langcode', 0, null, 1, 0, $disablededit ? 1 : 0, 'maxwidthonsmartphone', 1);
print $formadmin->select_language(GETPOST('langcode'), 'langcode', 0, null, 1, 0, $disablededit ? 1 : 0, 'maxwidth250', 1);
print '</td>'."\n";
print '<td>';
print '<input type="text" class="flat maxwidthonsmartphone"'.$disablededit.' name="transkey" id="transkey" value="'.(!empty($transkey) ? $transkey : "").'">';
@ -338,7 +338,7 @@ if ($mode == 'overwrite') {
print '<td>'.$obj->transkey.'</td>'."\n";
// Value
print '<td>';
print '<td class="small">';
/*print '<input type="hidden" name="const['.$i.'][rowid]" value="'.$obj->rowid.'">';
print '<input type="hidden" name="const['.$i.'][lang]" value="'.$obj->lang.'">';
print '<input type="hidden" name="const['.$i.'][name]" value="'.$obj->transkey.'">';
@ -482,7 +482,7 @@ if ($mode == 'searchkey') {
print '<tr class="oddeven"><td>';
//print $formadmin->select_language($langcode,'langcode',0,null,$langs->trans("All"),0,0,'',1);
print $formadmin->select_language($langcode, 'langcode', 0, null, 0, 0, 0, 'maxwidthonsmartphone', 1);
print $formadmin->select_language($langcode, 'langcode', 0, null, 0, 0, 0, 'maxwidth250', 1);
print '</td>'."\n";
print '<td>';
print '<input type="text" class="flat maxwidthonsmartphone" name="transkey" value="'.$transkey.'">';
@ -529,7 +529,7 @@ if ($mode == 'searchkey') {
if ($i > ($offset + $limit)) {
break;
}
print '<tr class="oddeven"><td>'.$langcode.'</td><td>'.$key.'</td><td>';
print '<tr class="oddeven"><td>'.$langcode.'</td><td>'.$key.'</td><td class="small">';
print dol_escape_htmltag($val);
print '</td><td class="right nowraponall">';
if (!empty($newlangfileonly->tab_translate[$key])) {

24
htdocs/api/class/api.class.php
View File

@ -73,22 +73,24 @@ class DolibarrApi
}
/**
* Executed method when API is called without parameter
* Check and convert a string depending on its type/name.
*
* Display a short message an return a http code 200
*
* @return array
* @param string $field Field name
* @param string $value Value to check/clean
* @param stdClass $object Object
* @return string Value cleaned
*/
/* Disabled, most APIs does not share same signature for method index
function index()
protected function checkValForAPI($field, $value, $object)
{
return array(
'success' => array(
'code' => 200,
'message' => __class__.' is up and running!'
)
);
}*/
// TODO Use type detected in $object->fields
if (in_array($field, array('note', 'note_private', 'note_public', 'desc', 'description'))) {
return checkVal($value, 'restricthtml');
} else {
return checkVal($value, 'alphanohtml');
}
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
/**

7
htdocs/api/class/api_login.class.php
View File

@ -31,8 +31,13 @@ class Login
*/
public function __construct()
{
global $db;
global $conf, $db;
$this->db = $db;
//$conf->global->MAIN_MODULE_API_LOGIN_DISABLED = 1;
if (!empty($conf->global->MAIN_MODULE_API_LOGIN_DISABLED)) {
throw new RestException(403, "Error login APIs are disabled. You must get the token from backoffice to be able to use APIs");
}
}
/**

8
htdocs/api/class/api_setup.class.php
View File

@ -1631,8 +1631,8 @@ class Setup extends DolibarrApi
global $langs, $conf;
if (!DolibarrApiAccess::$user->admin
&& (empty($conf->global->API_LOGIN_ALLOWED_FOR_INTEGRITY_CHECK) || DolibarrApiAccess::$user->login != $conf->global->API_LOGIN_ALLOWED_FOR_INTEGRITY_CHECK)) {
throw new RestException(403, 'Error API open to admin users only or to the users with logins defined into constant API_LOGIN_ALLOWED_FOR_INTEGRITY_CHECK');
&& (empty($conf->global->API_LOGINS_ALLOWED_FOR_INTEGRITY_CHECK) || DolibarrApiAccess::$user->login != $conf->global->API_LOGINS_ALLOWED_FOR_INTEGRITY_CHECK)) {
throw new RestException(403, 'Error API open to admin users only or to the users with logins defined into constant API_LOGINS_ALLOWED_FOR_INTEGRITY_CHECK');
}
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@ -1937,8 +1937,8 @@ class Setup extends DolibarrApi
global $conf;
if (!DolibarrApiAccess::$user->admin
&& (empty($conf->global->API_LOGIN_ALLOWED_FOR_GET_MODULES) || DolibarrApiAccess::$user->login != $conf->global->API_LOGIN_ALLOWED_FOR_GET_MODULES)) {
throw new RestException(403, 'Error API open to admin users only or to the users with logins defined into constant API_LOGIN_ALLOWED_FOR_GET_MODULES');
&& (empty($conf->global->API_LOGINS_ALLOWED_FOR_GET_MODULES) || DolibarrApiAccess::$user->login != $conf->global->API_LOGINS_ALLOWED_FOR_GET_MODULES)) {
throw new RestException(403, 'Error API open to admin users only or to the users with logins defined into constant API_LOGINS_ALLOWED_FOR_GET_MODULES');
}
sort($conf->modules);

32
htdocs/api/index.php
View File

@ -119,7 +119,7 @@ if (preg_match('/api\/index\.php\/explorer/', $url) && !empty($conf->global->API
// Analyze URLs
// index.php/explorer do a redirect to index.php/explorer/
// index.php/explorer/ called by swagger to build explorer page
// index.php/explorer/ called by swagger to build explorer page index.php/explorer/index.html
// index.php/explorer/.../....png|.css|.js called by swagger for resources to build explorer page
// index.php/explorer/resources.json called by swagger to get list of all services
// index.php/explorer/resources.json/xxx called by swagger to get detail of services xxx
@ -218,6 +218,11 @@ if (!empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/swagger.json' || $
continue;
}
//$conf->global->MAIN_MODULE_API_LOGIN_DISABLED = 1;
if ($file_searched == 'api_login.class.php' && !empty($conf->global->MAIN_MODULE_API_LOGIN_DISABLED)) {
continue;
}
$regapi = array();
if (is_readable($dir_part.$file_searched) && preg_match("/^api_(.*)\.class\.php$/i", $file_searched, $regapi)) {
$classname = ucwords($regapi[1]);
@ -291,6 +296,29 @@ if (!empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' &&
$classname = ucwords($moduleobject);
// Test rules on endpoints. For example:
// $conf->global->API_ENDPOINT_RULES = 'endpoint1:1,endpoint2:1,...'
if (!empty($conf->global->API_ENDPOINT_RULES)) {
$listofendpoints = explode(',', $conf->global->API_ENDPOINT_RULES);
$endpointisallowed = false;
foreach ($listofendpoints as $endpointrule) {
$tmparray = explode(':', $endpointrule);
if ($classfile == $tmparray[0] && $tmparray[1] == 1) {
$endpointisallowed = true;
break;
}
}
if (! $endpointisallowed) {
dol_syslog('The API with endpoint /'.$classfile.' is forbidden by config API_ENDPOINT_RULES', LOG_WARNING);
print 'The API with endpoint /'.$classfile.' is forbidden by config API_ENDPOINT_RULES';
header('HTTP/1.1 501 API is forbidden by API_ENDPOINT_RULES');
//session_destroy();
exit(0);
}
}
dol_syslog('Search api file /'.$moduledirforclass.'/class/api_'.$classfile.'.class.php => dir_part_file='.$dir_part_file.' classname='.$classname);
$res = false;
@ -314,7 +342,7 @@ if (!empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' &&
//var_dump($api->r->apiVersionMap);
//exit;
// We do not want that restler output data if we use native compression (default behaviour) but we want to have it returned into a string.
// We do not want that restler outputs data if we use native compression (default behaviour) but we want to have it returned into a string.
Luracast\Restler\Defaults::$returnResponse = (empty($conf->global->API_DISABLE_COMPRESSION) && !empty($_SERVER['HTTP_ACCEPT_ENCODING']));
// Call API (we suppose we found it).

2
htdocs/asset/class/asset_type.class.php
View File

@ -188,7 +188,7 @@ class AssetType extends CommonObject
$sql .= "accountancy_code_depreciation_asset = '".$this->db->escape($this->accountancy_code_depreciation_asset)."',";
$sql .= "accountancy_code_depreciation_expense = '".$this->db->escape($this->accountancy_code_depreciation_expense)."',";
$sql .= "note = '".$this->db->escape($this->note)."'";
$sql .= " WHERE rowid =".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {

2
htdocs/blockedlog/class/authority.class.php
View File

@ -148,7 +148,7 @@ class BlockedLogAuthority
global $langs;
dol_syslog(get_class($this)."::fetch id=".$id, LOG_DEBUG);
dol_syslog(get_class($this)."::fetch id=".((int) $id), LOG_DEBUG);
if (empty($id) && empty($signature)) {
$this->error = 'BadParameter';

2
htdocs/bom/bom_agenda.php
View File

@ -126,7 +126,7 @@ $form = new Form($db);
if ($object->id > 0) {
$title = $langs->trans("Agenda");
//if (! empty($conf->global->MAIN_HTML_TITLE) && preg_match('/thirdpartynameonly/',$conf->global->MAIN_HTML_TITLE) && $object->name) $title=$object->name." - ".$title;
$help_url = '';
$help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:Módulo_Agenda';
llxHeader('', $title, $help_url);
if (!empty($conf->notification->enabled)) {

4
htdocs/bom/bom_card.php
View File

@ -241,8 +241,8 @@ $formfile = new FormFile($db);
$title = $langs->trans('BOM');
llxHeader('', $title, '');
$help_url ='EN:Module_BOM';
llxHeader('', $title, $help_url);
// Example : Adding jquery code
print '<script type="text/javascript" language="javascript">

5
htdocs/bom/bom_document.php
View File

@ -100,8 +100,9 @@ include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
$form = new Form($db);
$title = $langs->trans("BillOfMaterials").' - '.$langs->trans("Files");
$help_url = '';
//$help_url='EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas';
$help_url = 'EN:Module_BOM';
llxHeader('', $title, $help_url);
if ($object->id) {

8
htdocs/bom/bom_list.php
View File

@ -278,10 +278,12 @@ $form = new Form($db);
$now = dol_now();
//$help_url="EN:Module_BillOfMaterials|FR:Module_BillOfMaterials_FR|ES:Módulo_BillOfMaterials";
$help_url = '';
$help_url = 'EN:Module_BOM';
$title = $langs->trans('ListOfBOMs');
llxHeader('', $title, $help_url);
// Build and execute select
// --------------------------------------------------------------------
@ -393,7 +395,7 @@ if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $
// Output page
// --------------------------------------------------------------------
llxHeader('', $title, $help_url);
// llxHeader('', $title, $help_url);
$arrayofselected = is_array($toselect) ? $toselect : array();

40
htdocs/bookmarks/card.php
View File

@ -46,6 +46,9 @@ $position = GETPOST("position", "int");
$backtopage = GETPOST('backtopage', 'alpha');
$object = new Bookmark($db);
if ($id > 0) {
$object->fetch($id);
}
/*
@ -133,7 +136,7 @@ $form = new Form($db);
$head = array();
$h = 1;
$head[$h][0] = $_SERVER["PHP_SELF"].($object->id ? 'id='.$object->id : '');
$head[$h][0] = $_SERVER["PHP_SELF"].($object->id ? '?id='.$object->id : '');
$head[$h][1] = $langs->trans("Bookmark");
$head[$h][2] = 'card';
$h++;
@ -153,25 +156,25 @@ if ($action == 'create') {
print load_fiche_titre($langs->trans("NewBookmark"));
print dol_get_fiche_head($head, $hselected, $langs->trans("Bookmark"), 0, 'bookmark');
print dol_get_fiche_head($head, $hselected, $langs->trans("Bookmark"), -1, 'bookmark');
print '<table class="border centpercent tableforfieldcreate">';
print '<tr><td class="titlefieldcreate fieldrequired">'.$langs->trans("BookmarkTitle").'</td><td><input id="titlebookmark" class="flat minwidth300" name="title" value="'.dol_escape_htmltag($title).'"></td><td class="hideonsmartphone">'.$langs->trans("SetHereATitleForLink").'</td></tr>';
print '<tr><td class="titlefieldcreate fieldrequired">'.$langs->trans("BookmarkTitle").'</td><td><input id="titlebookmark" class="flat minwidth300" name="title" value="'.dol_escape_htmltag($title).'"></td><td class="hideonsmartphone"><span class="opacitymedium">'.$langs->trans("SetHereATitleForLink").'</span></td></tr>';
dol_set_focus('#titlebookmark');
// Url
print '<tr><td class="fieldrequired">'.$langs->trans("UrlOrLink").'</td><td><input class="flat quatrevingtpercent" name="url" value="'.dol_escape_htmltag($url).'"></td><td class="hideonsmartphone">'.$langs->trans("UseAnExternalHttpLinkOrRelativeDolibarrLink").'</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans("UrlOrLink").'</td><td><input class="flat quatrevingtpercent" name="url" value="'.dol_escape_htmltag($url).'"></td><td class="hideonsmartphone"><span class="opacitymedium">'.$langs->trans("UseAnExternalHttpLinkOrRelativeDolibarrLink").'</span></td></tr>';
// Target
print '<tr><td>'.$langs->trans("BehaviourOnClick").'</td><td>';
$liste = array(0=>$langs->trans("ReplaceWindow"), 1=>$langs->trans("OpenANewWindow"));
print $form->selectarray('target', $liste, 1);
print '</td><td class="hideonsmartphone">'.$langs->trans("ChooseIfANewWindowMustBeOpenedOnClickOnBookmark").'</td></tr>';
print '</td><td class="hideonsmartphone"><span class="opacitymedium">'.$langs->trans("ChooseIfANewWindowMustBeOpenedOnClickOnBookmark").'</span></td></tr>';
// Owner
print '<tr><td>'.$langs->trans("Owner").'</td><td>';
print img_picto('', 'user').' '.$form->select_dolusers(GETPOSTISSET('userid') ? GETPOST('userid', 'int') : $user->id, 'userid', 1, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth300');
print '<tr><td>'.$langs->trans("Visibility").'</td><td>';
print img_picto('', 'user').' '.$form->select_dolusers(GETPOSTISSET('userid') ? GETPOST('userid', 'int') : $user->id, 'userid', 0, '', 0, ($user->admin ? '' : array($user->id)), '', 0, 0, 0, '', ($user->admin) ? 1 : 0, '', 'maxwidth300');
print '</td><td class="hideonsmartphone">&nbsp;</td></tr>';
// Position
@ -193,19 +196,6 @@ if ($action == 'create') {
if ($id > 0 && !preg_match('/^add/i', $action)) {
/*
* Fact bookmark mode or visually edition
*/
$object->fetch($id);
$hselected = 'card';
$head = array(
array(
'',
$langs->trans('Card'),
'card'
)
);
if ($action == 'edit') {
print '<form name="edit" method="POST" action="'.$_SERVER["PHP_SELF"].'" enctype="multipart/form-data">';
@ -216,7 +206,6 @@ if ($id > 0 && !preg_match('/^add/i', $action)) {
print '<input type="hidden" name="backtopage" value="'.$backtopage.'">';
}
print dol_get_fiche_head($head, $hselected, $langs->trans("Bookmark"), -1, 'bookmark');
$linkback = '<a href="'.DOL_URL_ROOT.'/bookmarks/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
@ -259,7 +248,10 @@ if ($id > 0 && !preg_match('/^add/i', $action)) {
if ($action == 'edit') {
print '<input class="flat minwidth500 quatrevingtpercent" name="url" value="'.(GETPOSTISSET("url") ? GETPOST("url") : $object->url).'">';
} else {
print '<a href="'.(preg_match('/^http/i', $object->url) ? $object->url : DOL_URL_ROOT.$object->url).'"'.($object->target ? ' target="_blank"' : '').'>'.$object->url.'</a>';
print '<a href="'.(preg_match('/^http/i', $object->url) ? $object->url : DOL_URL_ROOT.$object->url).'"'.($object->target ? ' target="_blank"' : '').'>';
print img_picto('', 'globe', 'class="paddingright"');
print $object->url;
print '</a>';
}
print '</td></tr>';
@ -277,7 +269,7 @@ if ($id > 0 && !preg_match('/^add/i', $action)) {
}
print '</td></tr>';
print '<tr><td>'.$langs->trans("Owner").'</td><td>';
print '<tr><td>'.$langs->trans("Visibility").'</td><td>';
if ($action == 'edit' && $user->admin) {
print img_picto('', 'user').' '.$form->select_dolusers(GETPOSTISSET('userid') ? GETPOST('userid', 'int') : ($object->fk_user ? $object->fk_user : ''), 'userid', 1, '', 0, '', '', 0, 0, 0, '', 0, '', 'maxwidth300');
} else {
@ -286,7 +278,7 @@ if ($id > 0 && !preg_match('/^add/i', $action)) {
$fuser->fetch($object->fk_user);
print $fuser->getNomUrl(1);
} else {
print $langs->trans("Public");
print '<span class="opacitymedium">'.$langs->trans("Everybody").'</span>';
}
}
print '</td></tr>';

2
htdocs/bookmarks/class/bookmark.class.php
View File

@ -219,7 +219,7 @@ class Bookmark extends CommonObject
$sql .= " ,title = '".$this->db->escape($this->title)."'";
$sql .= " ,favicon = '".$this->db->escape($this->favicon)."'";
$sql .= " ,position = ".(int) $this->position;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("Bookmark::update", LOG_DEBUG);
if ($this->db->query($sql)) {

18
htdocs/bookmarks/list.php
View File

@ -181,7 +181,7 @@ print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "b.rowid", "", $param, 'ali
print_liste_field_titre("Title", $_SERVER["PHP_SELF"], "b.title", "", $param, 'align="left"', $sortfield, $sortorder);
print_liste_field_titre("Link", $_SERVER["PHP_SELF"], "b.url", "", $param, 'align="left"', $sortfield, $sortorder);
print_liste_field_titre("Target", '', '', '', '', 'align="center"');
print_liste_field_titre("Owner", $_SERVER["PHP_SELF"], "u.lastname", "", $param, 'align="center"', $sortfield, $sortorder);
print_liste_field_titre("Visibility", $_SERVER["PHP_SELF"], "u.lastname", "", $param, 'align="center"', $sortfield, $sortorder);
print_liste_field_titre("Date", $_SERVER["PHP_SELF"], "b.dateb", "", $param, 'align="center"', $sortfield, $sortorder);
print_liste_field_titre("Position", $_SERVER["PHP_SELF"], "b.position", "", $param, 'class="right"', $sortfield, $sortorder);
print_liste_field_titre('');
@ -204,8 +204,10 @@ while ($i < min($num, $limit)) {
print '</td>';
$linkintern = 0;
$title = $obj->title;
$link = $obj->url;
$title = $obj->title;
$link = $obj->url;
$canedit = $user->rights->bookmark->supprimer;
$candelete = $user->rights->bookmark->creer;
// Title
print "<td>";
@ -251,7 +253,11 @@ while ($i < min($num, $limit)) {
$tmpuser = $cacheOfUsers[$obj->fk_user];
print $tmpuser->getNomUrl(1);
} else {
print $langs->trans("Public");
print '<span class="opacitymedium">'.$langs->trans("Everybody").'</span>';
if (!$user->admin) {
$candelete = false;
$canedit = false;
}
}
print "</td>\n";
@ -263,10 +269,10 @@ while ($i < min($num, $limit)) {
// Actions
print '<td class="nowrap right">';
if ($user->rights->bookmark->creer) {
if ($canedit) {
print '<a class="editfielda" href="'.DOL_URL_ROOT.'/bookmarks/card.php?action=edit&token='.newToken().'&id='.$obj->rowid.'&backtopage='.urlencode($_SERVER["PHP_SELF"]).'">'.img_edit()."</a>";
}
if ($user->rights->bookmark->supprimer) {
if ($candelete) {
print '<a class="marginleftonly" href="'.$_SERVER["PHP_SELF"].'?action=delete&token='.newToken().'&id='.$obj->rowid.'">'.img_delete().'</a>';
} else {
print "&nbsp;";

8
htdocs/categories/class/categorie.class.php
View File

@ -897,6 +897,8 @@ class Categorie extends CommonObject
$categories = array();
$type = checkVal($type, 'aZ09');
$sub_type = $type;
$subcol_name = "fk_".$type;
if ($type == "customer") {
@ -917,9 +919,9 @@ class Categorie extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."categorie as s";
$sql .= " , ".MAIN_DB_PREFIX."categorie_".$sub_type." as sub ";
$sql .= ' WHERE s.entity IN ('.getEntity('category').')';
$sql .= ' AND s.type='.$idoftype;
$sql .= ' AND s.type='.((int) $idoftype);
$sql .= ' AND s.rowid = sub.fk_categorie';
$sql .= ' AND sub.'.$subcol_name.' = '.$id;
$sql .= ' AND sub.'.$subcol_name.' = '.((int) $id);
$sql .= $this->db->order($sortfield, $sortorder);
@ -1470,7 +1472,7 @@ class Categorie extends CommonObject
// Load bank categories
$sql = "SELECT c.label, c.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."bank_class as a, ".MAIN_DB_PREFIX."bank_categ as c";
$sql .= " WHERE a.lineid=".$id." AND a.fk_categ = c.rowid";
$sql .= " WHERE a.lineid=".((int) $id)." AND a.fk_categ = c.rowid";
$sql .= " AND c.entity IN (".getEntity('category').")";
$sql .= " ORDER BY c.label";

2
htdocs/comm/action/card.php
View File

@ -1395,7 +1395,7 @@ if ($id > 0) {
// Confirmation suppression action
if ($action == 'delete') {
print $form->formconfirm("card.php?id=".$id, $langs->trans("DeleteAction"), $langs->trans("ConfirmDeleteAction"), "confirm_delete", '', '', 1);
print $form->formconfirm("card.php?id=".urlencode($id), $langs->trans("DeleteAction"), $langs->trans("ConfirmDeleteAction"), "confirm_delete", '', '', 1);
}
if ($action == 'edit') {

2
htdocs/comm/action/class/actioncomm.class.php
View File

@ -2436,7 +2436,7 @@ class ActionComm extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."actioncomm ";
$sql .= " SET percent = ".(int) $percent;
$sql .= " WHERE id=".$id;
$sql .= " WHERE id = ".((int) $id);
if ($this->db->query($sql)) {
$this->db->commit();

13
htdocs/comm/action/class/api_agendaevents.class.php
View File

@ -217,7 +217,7 @@ class AgendaEvents extends DolibarrApi
$result = $this->_validate($request_data);
foreach ($request_data as $field => $value) {
$this->actioncomm->$field = $value;
$this->actioncomm->$field = $this->checkValForAPI($field, $value, $this->actioncomm);
}
/*if (isset($request_data["lines"])) {
$lines = array();
@ -226,6 +226,7 @@ class AgendaEvents extends DolibarrApi
}
$this->expensereport->lines = $lines;
}*/
if ($this->actioncomm->create(DolibarrApiAccess::$user) < 0) {
throw new RestException(500, "Error creating event", array_merge(array($this->actioncomm->error), $this->actioncomm->errors));
}
@ -268,7 +269,8 @@ class AgendaEvents extends DolibarrApi
if ($field == 'id') {
continue;
}
$this->actioncomm->$field = $value;
$this->actioncomm->$field = $this->checkValForAPI($field, $value, $this->actioncomm);
}
if ($this->actioncomm->update(DolibarrApiAccess::$user, 1) > 0) {
@ -299,7 +301,7 @@ class AgendaEvents extends DolibarrApi
}
if (!DolibarrApiAccess::$user->rights->agenda->allactions->delete && DolibarrApiAccess::$user->id != $this->actioncomm->userownerid) {
throw new RestException(401, "Insufficient rights to delete an Agenda Event of owner id ".$request_data['userownerid'].' Your id is '.DolibarrApiAccess::$user->id);
throw new RestException(401, "Insufficient rights to delete an Agenda Event of owner id ".$this->actioncomm->userownerid.' Your id is '.DolibarrApiAccess::$user->id);
}
if (!$result) {
@ -398,9 +400,12 @@ class AgendaEvents extends DolibarrApi
unset($object->civility_id);
unset($object->contact);
unset($object->societe);
unset($object->demand_reason_id);
unset($object->transport_mode_id);
unset($object->region_id);
unset($object->actions);
unset($object->lines);
unset($object->modelpdf);
return $object;
}

8
htdocs/comm/action/index.php
View File

@ -720,7 +720,7 @@ if ($action == 'show_day') {
$sql .= ')';
}
if ($type) {
$sql .= " AND ca.id = ".$type;
$sql .= " AND ca.id = ".((int) $type);
}
if ($status == '0') {
$sql .= " AND a.percent = 0";
@ -874,10 +874,10 @@ if ($showbirthday) {
$sql .= ' WHERE (priv=0 OR (priv=1 AND fk_user_creat='.$user->id.'))';
$sql .= " AND sp.entity IN (".getEntity('socpeople').")";
if ($action == 'show_day') {
$sql .= ' AND MONTH(birthday) = '.$month;
$sql .= ' AND DAY(birthday) = '.$day;
$sql .= ' AND MONTH(birthday) = '.((int) $month);
$sql .= ' AND DAY(birthday) = '.((int) $day);
} else {
$sql .= ' AND MONTH(birthday) = '.$month;
$sql .= ' AND MONTH(birthday) = '.((int) $month);
}
$sql .= ' ORDER BY birthday';

2
htdocs/comm/action/pertype.php
View File

@ -592,7 +592,7 @@ if ($action == 'show_day') {
$sql .= ')';
}
if ($type) {
$sql .= " AND ca.id = ".$type;
$sql .= " AND ca.id = ".((int) $type);
}
if ($status == '0') {
$sql .= " AND a.percent = 0";

2
htdocs/comm/action/peruser.php
View File

@ -613,7 +613,7 @@ if ($action == 'show_day') {
$sql .= ')';
}
if ($type) {
$sql .= " AND ca.id = ".$type;
$sql .= " AND ca.id = ".((int) $type);
}
if ($status == '0') {
$sql .= " AND a.percent = 0";

45
htdocs/comm/index.php
View File

@ -37,6 +37,8 @@ require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
require_once DOL_DOCUMENT_ROOT.'/societe/class/client.class.php';
require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/order.lib.php';
// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array
$hookmanager = new HookManager($db);
@ -66,6 +68,8 @@ if ($user->socid > 0) {
}
restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
$maxofloop = (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD);
/*
* Actions
@ -100,6 +104,11 @@ print load_fiche_titre($langs->trans("CommercialArea"), '', 'commercial');
print '<div class="fichecenter"><div class="fichethirdleft">';
print getCustomerProposalPieChart($socid);
print '<br>';
print getCustomerOrderPieChart($socid);
print '<br>';
/*
* Draft customer proposals
*/
@ -129,14 +138,14 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
if ($resql) {
$total = 0;
$num = $db->num_rows($resql);
$nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD));
$nbofloop = min($num, $maxofloop);
startSimpleTable("ProposalsDraft", "comm/propal/list.php", "search_status=".Propal::STATUS_DRAFT, 2, $num);
if ($num > 0) {
$i = 0;
$othernb = 0;
while ($i < $num && $i < $conf->liste_limit) {
while ($i < $nbofloop) {
$obj = $db->fetch_object($resql);
if ($i >= $max) {
@ -181,7 +190,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
if ($othernb) {
print '<tr class="oddeven">';
print '<td class="nowrap" colspan="5">';
print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
print '<span class="opacitymedium">'.$langs->trans("More").'...'.($othernb < $maxofloop ? ' ('.$othernb.')' : '').'</span>';
print '</td>';
print "</tr>\n";
}
@ -219,21 +228,21 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$resql = $db->query($sql);
if ($resql) {
$total = 0;
$num = $db->num_rows($resql);
$nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD));
$nbofloop = min($num, $maxofloop);
startSimpleTable("SupplierProposalsDraft", "supplier_proposal/list.php", "search_status=".SupplierProposal::STATUS_DRAFT, 2, $num);
if ($num > 0) {
$i = 0;
$othernb = 0;
while ($i < $num && $i < $conf->liste_limit) {
while ($i < $nbofloop) {
$obj = $db->fetch_object($resql);
if ($i >= $max) {
@ -277,7 +286,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
if ($othernb) {
print '<tr class="oddeven">';
print '<td class="nowrap" colspan="5">';
print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
print '<span class="opacitymedium">'.$langs->trans("More").'...'.($othernb < $maxofloop ? ' ('.$othernb.')' : '').'</span>';
print '</td>';
print "</tr>\n";
}
@ -315,21 +324,21 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);
if ($resql) {
$total = 0;
$num = $db->num_rows($resql);
$nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD));
$nbofloop = min($num, $maxofloop);
startSimpleTable("DraftOrders", "commande/list.php", "search_status=".Commande::STATUS_DRAFT, 2, $num);
if ($num > 0) {
$i = 0;
$othernb = 0;
while ($i < $num && $i < $conf->liste_limit) {
while ($i < $nbofloop) {
$obj = $db->fetch_object($resql);
if ($i >= $max) {
@ -374,7 +383,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
if ($othernb) {
print '<tr class="oddeven">';
print '<td class="nowrap" colspan="5">';
print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
print '<span class="opacitymedium">'.$langs->trans("More").'...'.($othernb < $maxofloop ? ' ('.$othernb.')' : '').'</span>';
print '</td>';
print "</tr>\n";
}
@ -419,14 +428,14 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
if ($resql) {
$total = 0;
$num = $db->num_rows($resql);
$nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD));
$nbofloop = min($num, $maxofloop);
startSimpleTable("DraftSuppliersOrders", "fourn/commande/list.php", "search_status=".CommandeFournisseur::STATUS_DRAFT, 2, $num);
if ($num > 0) {
$i = 0;
$othernb = 0;
while ($i < $num && $i < $conf->liste_limit) {
while ($i < $nbofloop) {
$obj = $db->fetch_object($resql);
if ($i >= $max) {
@ -471,7 +480,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
if ($othernb) {
print '<tr class="oddeven">';
print '<td class="nowrap" colspan="5">';
print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
print '<span class="opacitymedium">'.$langs->trans("More").'...'.($othernb < $maxofloop ? ' ('.$othernb.')' : '').'</span>';
print '</td>';
print "</tr>\n";
}
@ -605,7 +614,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY s.datec DESC";
$sql .= $db->plimit($max, 0);
@ -711,7 +720,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max + 1, 0);
@ -786,7 +795,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY p.rowid DESC";
@ -902,7 +911,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY c.rowid DESC";

2
htdocs/comm/mailing/advtargetemailing.php
View File

@ -379,7 +379,7 @@ if ($action == 'deletefilter') {
if ($action == 'delete') {
// Ici, rowid indique le destinataire et id le mailing
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid=".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid = ".((int) $rowid);
$resql = $db->query($sql);
if ($resql) {
if (!empty($id)) {

4
htdocs/comm/mailing/card.php
View File

@ -308,7 +308,7 @@ if (empty($reshook)) {
dol_syslog("comm/mailing/card.php: ok for #".$i.($mail->error ? ' - '.$mail->error : ''), LOG_DEBUG);
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles";
$sql .= " SET statut=1, date_envoi='".$db->idate($now)."' WHERE rowid=".$obj->rowid;
$sql .= " SET statut=1, date_envoi = '".$db->idate($now)."' WHERE rowid=".((int) $obj->rowid);
$resql2 = $db->query($sql);
if (!$resql2) {
dol_print_error($db);
@ -378,7 +378,7 @@ if (empty($reshook)) {
}
}
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing SET statut=".$statut." WHERE rowid=".$object->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing SET statut=".((int) $statut)." WHERE rowid = ".((int) $object->id);
dol_syslog("comm/mailing/card.php: update global status", LOG_DEBUG);
$resql2 = $db->query($sql);
if (!$resql2) {

4
htdocs/comm/mailing/cibles.php
View File

@ -104,8 +104,6 @@ if ($action == 'add') {
}
if ($result > 0) {
setEventMessages($langs->trans("XTargetsAdded", $result), null, 'mesgs');
//header("Location: ".$_SERVER['PHP_SELF']."?id=".$id);
//exit;
$action = '';
}
if ($result == 0) {
@ -167,7 +165,7 @@ if (GETPOST('exportcsv', 'int')) {
if ($action == 'delete') {
// Ici, rowid indique le destinataire et id le mailing
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid=".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid = ".((int) $rowid);
$resql = $db->query($sql);
if ($resql) {
if (!empty($id)) {

5
htdocs/comm/mailing/class/advtargetemailing.class.php
View File

@ -616,6 +616,10 @@ class AdvanceTargetingMailing extends CommonObject
if ($arrayquery['options_'.$key] != '') {
$sqlwhere[] = " (te.".$key." = ".((int) $arrayquery['options_'.$key]).")";
}
} elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'link') {
if ($arrayquery['options_'.$key] > 0) {
$sqlwhere[]= " (te.".$key." = ".((int) $arrayquery['options_'.$key]).")";
}
} else {
if (is_array($arrayquery['options_'.$key])) {
$sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))";
@ -642,7 +646,6 @@ class AdvanceTargetingMailing extends CommonObject
if ($num) {
while ($i < $num) {
$obj = $this->db->fetch_object($resql);
$this->thirdparty_lines[$i] = $obj->rowid;
$i++;

4
htdocs/comm/propal/card.php
View File

@ -1248,7 +1248,7 @@ if (empty($reshook)) {
if (empty($user->rights->margins->creer)) {
foreach ($object->lines as &$line) {
if ($line->id == GETPOST('lineid')) {
if ($line->id == GETPOST('lineid', 'int')) {
$fournprice = $line->fk_fournprice;
$buyingprice = $line->pa_ht;
break;
@ -2433,7 +2433,7 @@ if ($action == 'create') {
// Show object lines
$result = $object->getLinesArray();
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid')).'" method="POST">
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">

12
htdocs/comm/propal/class/api_proposals.class.php
View File

@ -328,6 +328,9 @@ class Proposals extends DolibarrApi
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label);
$updateRes = $this->propal->addline(
$request_data->desc,
$request_data->subprice,
@ -337,8 +340,8 @@ class Proposals extends DolibarrApi
$request_data->localtax2_tx,
$request_data->fk_product,
$request_data->remise_percent,
'HT',
0,
$request_data->price_base_type ? $request_data->price_base_type : 'HT',
$request_data->subprice,
$request_data->info_bits,
$request_data->product_type,
$request_data->rang,
@ -392,6 +395,9 @@ class Proposals extends DolibarrApi
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label);
$propalline = new PropaleLigne($this->db);
$result = $propalline->fetch($lineid);
if ($result <= 0) {
@ -407,7 +413,7 @@ class Proposals extends DolibarrApi
isset($request_data->localtax1_tx) ? $request_data->localtax1_tx : $propalline->localtax1_tx,
isset($request_data->localtax2_tx) ? $request_data->localtax2_tx : $propalline->localtax2_tx,
isset($request_data->desc) ? $request_data->desc : $propalline->desc,
'HT',
isset($request_data->price_base_type) ? $request_data->price_base_type : 'HT',
isset($request_data->info_bits) ? $request_data->info_bits : $propalline->info_bits,
isset($request_data->special_code) ? $request_data->special_code : $propalline->special_code,
isset($request_data->fk_parent_line) ? $request_data->fk_parent_line : $propalline->fk_parent_line,

2
htdocs/comm/propal/class/propal.class.php
View File

@ -1477,7 +1477,7 @@ class Propal extends CommonObject
$sql .= " WHERE p.entity IN (".getEntity('propal').")"; // Dont't use entity if you use rowid
$sql .= " AND p.ref='".$this->db->escape($ref)."'";
} else {
$sql .= " WHERE p.rowid=".$rowid;
$sql .= " WHERE p.rowid = ".((int) $rowid);
}
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);

122
htdocs/comm/propal/index.php
View File

@ -28,6 +28,7 @@
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php';
// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array
$hookmanager = new HookManager($db);
@ -45,6 +46,7 @@ if (isset($user->socid) && $user->socid > 0) {
$action = '';
$socid = $user->socid;
}
restrictedArea($user, 'propal');
@ -65,124 +67,8 @@ print load_fiche_titre($langs->trans("ProspectionArea"), '', 'propal');
print '<div class="fichecenter">';
print '<div class="fichethirdleft">';
/*
* Statistics
*/
$listofstatus = array(Propal::STATUS_DRAFT, Propal::STATUS_VALIDATED, Propal::STATUS_SIGNED, Propal::STATUS_NOTSIGNED, Propal::STATUS_BILLED);
$sql = "SELECT count(p.rowid) as nb, p.fk_statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."propal as p";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND p.fk_soc = s.rowid";
if ($user->socid) {
$sql .= ' AND p.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
$sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")";
$sql .= " GROUP BY p.fk_statut";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
$total = 0;
$totalinprocess = 0;
$dataseries = array();
$colorseries = array();
$vals = array();
while ($i < $num) {
$obj = $db->fetch_object($resql);
if ($obj) {
$vals[$obj->status] = $obj->nb;
$totalinprocess += $obj->nb;
$total += $obj->nb;
}
$i++;
}
$db->free($resql);
include DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/theme_vars.inc.php';
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder nohover centpercent">';
print '<tr class="liste_titre">';
print '<td colspan="2">'.$langs->trans("Statistics").' - '.$langs->trans("Proposals").'</td>';
print '</tr>';
foreach ($listofstatus as $status) {
$dataseries[] = array($propalstatic->LibStatut($status, 1), (isset($vals[$status]) ? (int) $vals[$status] : 0));
if ($status == Propal::STATUS_DRAFT) {
$colorseries[$status] = '-'.$badgeStatus0;
}
if ($status == Propal::STATUS_VALIDATED) {
$colorseries[$status] = $badgeStatus1;
}
if ($status == Propal::STATUS_SIGNED) {
$colorseries[$status] = $badgeStatus4;
}
if ($status == Propal::STATUS_NOTSIGNED) {
$colorseries[$status] = $badgeStatus9;
}
if ($status == Propal::STATUS_BILLED) {
$colorseries[$status] = $badgeStatus6;
}
if (empty($conf->use_javascript_ajax)) {
print '<tr class="oddeven">';
print '<td>'.$propalstatic->LibStatut($status, 0).'</td>';
print '<td class="right"><a href="list.php?statut='.$status.'">'.(isset($vals[$status]) ? $vals[$status] : 0).'</a></td>';
print "</tr>\n";
}
}
if ($conf->use_javascript_ajax) {
print '<tr>';
print '<td align="center" colspan="2">';
include_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
$dolgraph = new DolGraph();
$dolgraph->SetData($dataseries);
$dolgraph->SetDataColor(array_values($colorseries));
$dolgraph->setShowLegend(2);
$dolgraph->setShowPercent(1);
$dolgraph->SetType(array('pie'));
$dolgraph->setHeight('200');
$dolgraph->draw('idgraphthirdparties');
print $dolgraph->show($total ? 0 : 1);
print '</td>';
print '</tr>';
}
//if ($totalinprocess != $total)
//{
// print '<tr class="liste_total">';
// print '<td>'.$langs->trans("Total").' ('.$langs->trans("CustomersOrdersRunning").')</td>';
// print '<td class="right">'.$totalinprocess.'</td>';
// print '</tr>';
//}
print '<tr class="liste_total">';
print '<td>'.$langs->trans("Total").'</td>';
print '<td class="right">'.$total.'</td>';
print '</tr>';
print '</table>';
print '</div>';
print '<br>';
} else {
dol_print_error($db);
}
print getCustomerProposalPieChart($socid);
print '<br>';
/*
* Draft proposals

2
htdocs/comm/prospect/index.php
View File

@ -194,7 +194,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY p.rowid DESC";
$sql .= $db->plimit(5, 0);

4
htdocs/commande/card.php
View File

@ -1052,7 +1052,7 @@ if (empty($reshook)) {
if (!$error) {
if (empty($user->rights->margins->creer)) {
foreach ($object->lines as &$line) {
if ($line->id == GETPOST('lineid')) {
if ($line->id == GETPOST('lineid', 'int')) {
$fournprice = $line->fk_fournprice;
$buyingprice = $line->pa_ht;
break;
@ -2416,7 +2416,7 @@ if ($action == 'create' && $usercancreate) {
*/
$result = $object->getLinesArray();
print '<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid')).'" method="POST">
print '<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">

16
htdocs/commande/class/api_orders.class.php
View File

@ -331,7 +331,12 @@ class Orders extends DolibarrApi
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label);
$updateRes = $this->commande->addline(
$request_data->desc,
$request_data->subprice,
@ -343,8 +348,8 @@ class Orders extends DolibarrApi
$request_data->remise_percent,
$request_data->info_bits,
$request_data->fk_remise_except,
'HT',
0,
$request_data->price_base_type ? $request_data->price_base_type : 'HT',
$request_data->subprice,
$request_data->date_start,
$request_data->date_end,
$request_data->product_type,
@ -394,7 +399,12 @@ class Orders extends DolibarrApi
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label);
$updateRes = $this->commande->updateline(
$lineid,
$request_data->desc,
@ -404,7 +414,7 @@ class Orders extends DolibarrApi
$request_data->tva_tx,
$request_data->localtax1_tx,
$request_data->localtax2_tx,
'HT',
$request_data->price_base_type ? $request_data->price_base_type : 'HT',
$request_data->info_bits,
$request_data->date_start,
$request_data->date_end,

20
htdocs/commande/class/commande.class.php
View File

@ -1807,7 +1807,7 @@ class Commande extends CommonOrder
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON c.fk_incoterms = i.rowid';
if ($id) {
$sql .= " WHERE c.rowid=".$id;
$sql .= " WHERE c.rowid=".((int) $id);
} else {
$sql .= " WHERE c.entity IN (".getEntity('commande').")"; // Dont't use entity if you use rowid
}
@ -2397,9 +2397,9 @@ class Commande extends CommonOrder
}
/**
* Applique une remise relative
* Set a percentage discount
*
* @param User $user User qui positionne la remise
* @param User $user User setting the discount
* @param float $remise Discount (percent)
* @param int $notrigger 1=Does not execute triggers, 0= execute triggers
* @return int <0 if KO, >0 if OK
@ -2458,7 +2458,7 @@ class Commande extends CommonOrder
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
/**
* Applique une remise absolue
* Set a fixed amount discount
*
* @param User $user User qui positionne la remise
* @param float $remise Discount
@ -2687,7 +2687,7 @@ class Commande extends CommonOrder
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
if ($draft) {
$sql .= " AND c.fk_statut = ".self::STATUS_DRAFT;
@ -3156,7 +3156,9 @@ class Commande extends CommonOrder
$langs->load("errors");
$this->error = $langs->trans('ErrorStockIsNotEnoughToAddProductOnOrder', $product->ref);
$this->errors[] = $this->error;
dol_syslog(get_class($this)."::addline error=Product ".$product->ref.": ".$this->error, LOG_ERR);
$this->db->rollback();
return self::STOCK_NOT_ENOUGH_FOR_ORDER;
}
@ -4206,11 +4208,15 @@ class OrderLine extends CommonOrderLine
$error = 0;
if (empty($this->id) && !empty($this->rowid)) { // For backward compatibility
$this->id = $this->rowid;
}
// check if order line is not in a shipment line before deleting
$sqlCheckShipmentLine = "SELECT";
$sqlCheckShipmentLine .= " ed.rowid";
$sqlCheckShipmentLine .= " FROM ".MAIN_DB_PREFIX."expeditiondet ed";
$sqlCheckShipmentLine .= " WHERE ed.fk_origin_line = ".$this->rowid;
$sqlCheckShipmentLine .= " WHERE ed.fk_origin_line = ".((int) $this->id);
$resqlCheckShipmentLine = $this->db->query($sqlCheckShipmentLine);
if (!$resqlCheckShipmentLine) {
@ -4235,7 +4241,7 @@ class OrderLine extends CommonOrderLine
$this->db->begin();
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."commandedet WHERE rowid=".$this->rowid;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."commandedet WHERE rowid = ".((int) $this->id);
dol_syslog("OrderLine::delete", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/commande/customer.php
View File

@ -105,7 +105,7 @@ if (dol_strlen($begin)) {
$sql .= " AND s.nom like '".$db->escape($begin)."'";
}
if ($socid > 0) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " AND c.fk_statut in (1, 2) AND c.facture = 0";
$sql .= " GROUP BY s.nom";

110
htdocs/commande/index.php
View File

@ -30,6 +30,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/notify.class.php';
require_once DOL_DOCUMENT_ROOT.'/societe/class/client.class.php';
require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/order.lib.php';
if (!$user->rights->commande->lire) {
accessforbidden();
@ -76,113 +77,8 @@ print load_fiche_titre($langs->trans("OrdersArea"), '', 'order');
print '<div class="fichecenter"><div class="fichethirdleft">';
/*
* Statistics
*/
$sql = "SELECT count(c.rowid) as nb, c.fk_statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."commande as c";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('societe').")";
if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
$sql .= " GROUP BY c.fk_statut";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
$total = 0;
$totalinprocess = 0;
$dataseries = array();
$colorseries = array();
$vals = array();
// -1=Canceled, 0=Draft, 1=Validated, 2=Accepted/On process, 3=Closed (Sent/Received, billed or not)
while ($i < $num) {
$row = $db->fetch_row($resql);
if ($row) {
//if ($row[1]!=-1 && ($row[1]!=3 || $row[2]!=1))
{
if (!isset($vals[$row[1]])) {
$vals[$row[1]] = 0;
}
$vals[$row[1]] += $row[0];
$totalinprocess += $row[0];
}
$total += $row[0];
}
$i++;
}
$db->free($resql);
include DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/theme_vars.inc.php';
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder nohover centpercent">';
print '<tr class="liste_titre"><th colspan="2">'.$langs->trans("Statistics").' - '.$langs->trans("CustomersOrders").'</th></tr>'."\n";
$listofstatus = array(0, 1, 2, 3, -1);
foreach ($listofstatus as $status) {
$dataseries[] = array($commandestatic->LibStatut($status, 0, 1, 1), (isset($vals[$status]) ? (int) $vals[$status] : 0));
if ($status == Commande::STATUS_DRAFT) {
$colorseries[$status] = '-'.$badgeStatus0;
}
if ($status == Commande::STATUS_VALIDATED) {
$colorseries[$status] = $badgeStatus1;
}
if ($status == Commande::STATUS_SHIPMENTONPROCESS) {
$colorseries[$status] = $badgeStatus4;
}
if ($status == Commande::STATUS_CLOSED && empty($conf->global->WORKFLOW_BILL_ON_SHIPMENT)) {
$colorseries[$status] = $badgeStatus6;
}
if ($status == Commande::STATUS_CLOSED && (!empty($conf->global->WORKFLOW_BILL_ON_SHIPMENT))) {
$colorseries[$status] = $badgeStatus6;
}
if ($status == Commande::STATUS_CANCELED) {
$colorseries[$status] = $badgeStatus9;
}
if (empty($conf->use_javascript_ajax)) {
print '<tr class="oddeven">';
print '<td>'.$commandestatic->LibStatut($status, 0, 0, 1).'</td>';
print '<td class="right"><a href="list.php?statut='.$status.'">'.(isset($vals[$status]) ? $vals[$status] : 0).' ';
print $commandestatic->LibStatut($status, 0, 3, 1);
print '</a></td>';
print "</tr>\n";
}
}
if ($conf->use_javascript_ajax) {
print '<tr class="impair"><td align="center" colspan="2">';
include_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
$dolgraph = new DolGraph();
$dolgraph->SetData($dataseries);
$dolgraph->SetDataColor(array_values($colorseries));
$dolgraph->setShowLegend(2);
$dolgraph->setShowPercent(1);
$dolgraph->SetType(array('pie'));
$dolgraph->setHeight('200');
$dolgraph->draw('idgraphstatus');
print $dolgraph->show($total ? 0 : 1);
print '</td></tr>';
}
//if ($totalinprocess != $total)
print '<tr class="liste_total"><td>'.$langs->trans("Total").'</td><td class="right">'.$total.'</td></tr>';
print "</table></div><br>";
} else {
dol_print_error($db);
}
print getCustomerOrderPieChart($socid);
print '<br>';
/*

4
htdocs/commande/list.php
View File

@ -359,7 +359,7 @@ if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".$search_product_category;
}
if ($socid > 0) {
$sql .= ' AND s.rowid = '.$socid;
$sql .= ' AND s.rowid = '.((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
@ -374,7 +374,7 @@ if ($sall) {
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
}
if ($search_billed != '' && $search_billed >= 0) {
$sql .= ' AND c.facture = '.$search_billed;
$sql .= ' AND c.facture = '.((int) $search_billed);
}
if ($search_status <> '') {
if ($search_status < 4 && $search_status > -3) {

2
htdocs/compta/bank/account_statement_document.php
View File

@ -129,7 +129,7 @@ if (!empty($numref)) {
$object->fetch_thirdparty();
$upload_dir = $conf->bank->dir_output."/".$id."/statement/".dol_sanitizeFileName($numref);
}
$backtopage = $_SERVER['PHP_SELF']."?account=".$id."&num=".$numref;
$backtopage = $_SERVER['PHP_SELF']."?account=".urlencode($id)."&num=".urlencode($numref);
include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';

30
htdocs/compta/bank/bankentries_list.php
View File

@ -791,7 +791,7 @@ if ($resql) {
$nbmax = 12; // We show last 12 receipts (so we can have more than one year)
$liste = "";
$sql = "SELECT DISTINCT num_releve FROM ".MAIN_DB_PREFIX."bank";
$sql .= " WHERE fk_account=".$object->id." AND num_releve IS NOT NULL";
$sql .= " WHERE fk_account = ".((int) $object->id)." AND num_releve IS NOT NULL";
$sql .= $db->order("num_releve", "DESC");
$sql .= $db->plimit($nbmax + 1);
print '<br>';
@ -967,7 +967,7 @@ if ($resql) {
$moreforfilter = '';
$moreforfilter .= '<div class="divsearchfield">';
$moreforfilter .= $langs->trans('DateOperationShort').' :';
$moreforfilter .= $langs->trans('DateOperationShort').' ';
$moreforfilter .= ($conf->browser->layout == 'phone' ? '<br>' : ' ');
$moreforfilter .= '<div class="nowrap inline-block">';
$moreforfilter .= $form->selectDate($search_dt_start, 'search_start_dt', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')).'</div>';
@ -976,7 +976,7 @@ if ($resql) {
$moreforfilter .= '</div>';
$moreforfilter .= '<div class="divsearchfield">';
$moreforfilter .= $langs->trans('DateValueShort').' : ';
$moreforfilter .= $langs->trans('DateValueShort').' ';
$moreforfilter .= ($conf->browser->layout == 'phone' ? '<br>' : ' ');
$moreforfilter .= '<div class="nowrap inline-block">';
$moreforfilter .= $form->selectDate($search_dv_start, 'search_start_dv', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')).'</div>';
@ -1329,21 +1329,22 @@ if ($resql) {
// Description
if (!empty($arrayfields['b.label']['checked'])) {
print "<td>";
//print "<a href=\"line.php?rowid=".$objp->rowid."&amp;account=".$objp->fk_account."\">";
$labeltoshow = '';
$titletoshow = '';
$reg = array();
preg_match('/\((.+)\)/i', $objp->label, $reg); // Si texte entoure de parenthee on tente recherche de traduction
if ($reg[1] && $langs->trans($reg[1]) != $reg[1]) {
print $langs->trans($reg[1]);
$labeltoshow = $langs->trans($reg[1]);
} else {
if ($objp->label == '(payment_salary)') {
print dol_trunc($langs->trans("SalaryPayment", 40));
$labeltoshow = dol_trunc($langs->trans("SalaryPayment", 40));
} else {
print dol_trunc($objp->label, 40);
$labeltoshow = dol_escape_htmltag($objp->label);
$titletoshow = $objp->label;
}
}
//print "</a>&nbsp;";
print '<td class="tdoverflowmax300"'.($titletoshow ? ' title="'.dol_escape_htmltag($titletoshow).'"' : '').'>';
print $labeltoshow; // Already escaped
// Add links after description
$cachebankaccount = array();
@ -1498,7 +1499,7 @@ if ($resql) {
// Num cheque
if (!empty($arrayfields['b.num_chq']['checked'])) {
print '<td class="nowrap" align="center">'.($objp->num_chq ? $objp->num_chq : "")."</td>\n";
print '<td class="nowrap" align="center">'.($objp->num_chq ? dol_escape_htmltag($objp->num_chq) : "")."</td>\n";
if (!$i) {
$totalarray['nbfield']++;
}
@ -1605,7 +1606,8 @@ if ($resql) {
$totalarray['nbfield']++;
}
}
// Balance
// Balance after
if (!empty($arrayfields['balance']['checked'])) {
if ($mode_balance_ok) {
if ($balance >= 0) {
@ -1626,7 +1628,7 @@ if ($resql) {
// Transaction reconciliated or edit link
if ($bankaccount->canBeConciliated() > 0) {
if ($objp->num_releve) {
print '<a href="releve.php?num='.$objp->num_releve.'&account='.$objp->bankid.'&save_lastsearch_values=1">'.$objp->num_releve.'</a>';
print '<a href="releve.php?num='.urlencode($objp->num_releve).'&account='.urlencode($objp->bankid).'&save_lastsearch_values=1">'.dol_escape_htmltag($objp->num_releve).'</a>';
}
if (!$objp->conciliated && $action == 'reconcile') {
if ($objp->num_releve) {
@ -1644,7 +1646,7 @@ if ($resql) {
if (!empty($arrayfields['b.conciliated']['checked'])) {
print '<td class="nowraponall" align="center">';
print $objp->conciliated ? $langs->trans("Yes") : $langs->trans("No");
print yn($objp->conciliated);
print '</td>';
if (!$i) {
$totalarray['nbfield']++;

33
htdocs/compta/bank/class/account.class.php
View File

@ -508,15 +508,20 @@ class Account extends CommonObject
dol_syslog(__METHOD__.": using numeric operations is deprecated", LOG_WARNING);
}
if (empty($this->id) && !empty($this->rowid)) { // For backward compatibility
$this->id = $this->rowid;
}
// Clean parameters
$emetteur = trim($emetteur);
$banque = trim($banque);
$label = trim($label);
$now = dol_now();
if (is_numeric($oper)) { // Clean operation to have a code instead of a rowid
$sql = "SELECT code FROM ".MAIN_DB_PREFIX."c_paiement";
$sql .= " WHERE id=".$oper;
$sql .= " WHERE id = ".((int) $oper);
$sql .= " AND entity IN (".getEntity('c_paiement').")";
$resql = $this->db->query($sql);
if ($resql) {
@ -533,8 +538,8 @@ class Account extends CommonObject
$this->error = "oper not defined";
return -1;
}
if (!$this->rowid) {
$this->error = "this->rowid not defined";
if (!$this->id) {
$this->error = "this->id not defined";
return -2;
}
if ($this->courant == Account::TYPE_CASH && $oper != 'LIQ') {
@ -555,7 +560,7 @@ class Account extends CommonObject
$accline->label = $label;
$accline->amount = $amount;
$accline->fk_user_author = $user->id;
$accline->fk_account = $this->rowid;
$accline->fk_account = $this->id;
$accline->fk_type = $oper;
$accline->numero_compte = $accountancycode;
$accline->num_releve = $num_releve;
@ -574,10 +579,10 @@ class Account extends CommonObject
if ($accline->insert() > 0) {
if ($categorie > 0) {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (";
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class(";
$sql .= "lineid, fk_categ";
$sql .= ") VALUES (";
$sql .= $accline->id.", ".$categorie;
$sql .= ((int) $accline->id).", '".$this->db->escape($categorie)."'";
$sql .= ")";
$result = $this->db->query($sql);
@ -610,7 +615,7 @@ class Account extends CommonObject
*/
public function create(User $user, $notrigger = 0)
{
global $langs, $conf, $hookmanager;
global $langs, $conf;
$error = 0;
@ -769,7 +774,7 @@ class Account extends CommonObject
*/
public function update(User $user, $notrigger = 0)
{
global $langs, $conf, $hookmanager;
global $langs, $conf;
$error = 0;
@ -795,9 +800,9 @@ class Account extends CommonObject
$sql .= " ref = '".$this->db->escape($this->ref)."'";
$sql .= ",label = '".$this->db->escape($this->label)."'";
$sql .= ",courant = ".$this->courant;
$sql .= ",clos = ".$this->clos;
$sql .= ",rappro = ".$this->rappro;
$sql .= ",courant = ".((int) $this->courant);
$sql .= ",clos = ".((int) $this->clos);
$sql .= ",rappro = ".((int) $this->rappro);
$sql .= ",url = ".($this->url ? "'".$this->db->escape($this->url)."'" : "null");
$sql .= ",account_number = '".$this->db->escape($this->account_number)."'";
$sql .= ",fk_accountancy_journal = ".($this->fk_accountancy_journal > 0 ? $this->db->escape($this->fk_accountancy_journal) : "null");
@ -823,7 +828,7 @@ class Account extends CommonObject
$sql .= ",ics = '".$this->db->escape($this->ics)."'";
$sql .= ",ics_transfer = '".$this->db->escape($this->ics_transfer)."'";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
$result = $this->db->query($sql);
@ -1223,7 +1228,7 @@ class Account extends CommonObject
$sql .= " AND (ba.rappro = 1 AND ba.courant != 2)"; // Compte rapprochable
$sql .= " AND clos = 0";
if ($filteraccountid) {
$sql .= " AND ba.rowid = ".$filteraccountid;
$sql .= " AND ba.rowid = ".((int) $filteraccountid);
}
$resql = $this->db->query($sql);
@ -1278,7 +1283,7 @@ class Account extends CommonObject
$sql .= " AND (ba.rappro = 1 AND ba.courant != 2)"; // Compte rapprochable
$sql .= " AND clos = 0";
if ($filteraccountid) {
$sql .= " AND ba.rowid = ".$filteraccountid;
$sql .= " AND ba.rowid = ".((int) $filteraccountid);
}
$resql = $this->db->query($sql);

27
htdocs/compta/bank/class/api_bankaccounts.class.php
View File

@ -29,7 +29,6 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
*/
class BankAccounts extends DolibarrApi
{
/**
* array $FIELDS Mandatory fields, checked when creating an object
*/
@ -158,7 +157,7 @@ class BankAccounts extends DolibarrApi
$account = new Account($this->db);
foreach ($request_data as $field => $value) {
$account->$field = $value;
$account->$field = $this->checkValForAPI($field, $value, $account);
}
// Date of the initial balance (required to create an account).
$account->date_solde = time();
@ -249,6 +248,10 @@ class BankAccounts extends DolibarrApi
$typeto = 'LIQ';
}
// Clean data
$description = checkVal($description, 'alphanohtml');
/**
* Creating bank line records
*/
@ -295,7 +298,9 @@ class BankAccounts extends DolibarrApi
return array(
'success' => array(
'code' => 201,
'message' => 'Internal wire transfer created successfully.'
'message' => 'Internal wire transfer created successfully.',
'bank_id_from' => $bank_line_id_from,
'bank_id_to' => $bank_line_id_to,
)
);
} else {
@ -327,7 +332,7 @@ class BankAccounts extends DolibarrApi
if ($field == 'id') {
continue;
}
$account->$field = $value;
$account->$field = $this->checkValForAPI($field, $value, $account);
}
if ($account->update(DolibarrApiAccess::$user) > 0) {
@ -475,7 +480,7 @@ class BankAccounts extends DolibarrApi
* @param string $accountancycode Accountancy code {@from body}
* @param int $datev Payment date value (timestamp) {@from body} {@type timestamp}
* @param string $num_releve Bank statement numero {@from body}
* @return int ID of line
* @return int ID of line
*
* @url POST {id}/lines
*/
@ -491,6 +496,14 @@ class BankAccounts extends DolibarrApi
throw new RestException(404, 'account not found');
}
$type = checkVal($type);
$label = checkVal($label);
$cheque_number = checkVal($cheque_number);
$cheque_writer = checkVal($cheque_writer);
$cheque_bank = checkVal($cheque_bank);
$accountancycode = checkVal($accountancycode);
$num_releve = checkVal($num_releve);
$result = $account->addline(
$date,
$type,
@ -542,6 +555,10 @@ class BankAccounts extends DolibarrApi
throw new RestException(404, 'account line not found');
}
$url = checkVal($url);
$label = checkVal($label);
$type = checkVal($type);
$result = $account->add_url_line($line_id, $url_id, $url, $label, $type);
if ($result < 0) {
throw new RestException(503, 'Error when adding link to account line: '.$account->error);

17
htdocs/compta/bank/line.php
View File

@ -268,7 +268,7 @@ $sql = "SELECT b.rowid,b.dateo as do,b.datev as dv, b.amount, b.label, b.rappro,
$sql .= " b.num_releve, b.fk_user_author, b.num_chq, b.fk_type, b.fk_account, b.fk_bordereau as receiptid,";
$sql .= " b.emetteur,b.banque";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE rowid=".$rowid;
$sql .= " WHERE rowid=".((int) $rowid);
$sql .= " ORDER BY dateo ASC";
$result = $db->query($sql);
if ($result) {
@ -291,7 +291,7 @@ if ($result) {
// Confirmations
if ($action == 'delete_categ') {
print $form->formconfirm($_SERVER['PHP_SELF']."?rowid=".$rowid."&cat1=".GETPOST("fk_categ")."&orig_account=".$orig_account, $langs->trans("RemoveFromRubrique"), $langs->trans("RemoveFromRubriqueConfirm"), "confirm_delete_categ", '', 'yes', 1);
print $form->formconfirm($_SERVER['PHP_SELF']."?rowid=".urlencode($rowid)."&cat1=".urlencode(GETPOST("fk_categ", 'int'))."&orig_account=".urlencode($orig_account), $langs->trans("RemoveFromRubrique"), $langs->trans("RemoveFromRubriqueConfirm"), "confirm_delete_categ", '', 'yes', 1);
}
print '<form name="update" method="POST" action="'.$_SERVER['PHP_SELF'].'?rowid='.$rowid.'">';
@ -452,7 +452,7 @@ if ($result) {
}
print '</td>';
} else {
print '<td>'.$objp->fk_type.' '.$objp->num_chq.'</td>';
print '<td>'.$objp->fk_type.' '.dol_escape_htmltag($objp->num_chq).'</td>';
}
print "</tr>";
@ -462,7 +462,7 @@ if ($result) {
print "</td>";
if ($user->rights->banque->modifier || $user->rights->banque->consolidate) {
print '<td>';
print '<input type="text" class="flat minwidth200" name="emetteur" value="'.(empty($objp->emetteur) ? '' : stripslashes($objp->emetteur)).'">';
print '<input type="text" class="flat minwidth200" name="emetteur" value="'.(empty($objp->emetteur) ? '' : dol_escape_htmltag($objp->emetteur)).'">';
print '</td>';
} else {
print '<td>'.$objp->emetteur.'</td>';
@ -475,10 +475,10 @@ if ($result) {
print "</td>";
if ($user->rights->banque->modifier || $user->rights->banque->consolidate) {
print '<td>';
print '<input type="text" class="flat minwidth200" name="banque" value="'.(empty($objp->banque) ? '' : $objp->banque).'">';
print '<input type="text" class="flat minwidth200" name="banque" value="'.(empty($objp->banque) ? '' : dol_escape_htmltag($objp->banque)).'">';
print '</td>';
} else {
print '<td>'.$objp->banque.'</td>';
print '<td>'.dol_escape_htmltag($objp->banque).'</td>';
}
print "</tr>";
@ -523,6 +523,7 @@ if ($result) {
print "</tr>";
// Description
$reg = array();
print "<tr><td>".$langs->trans("Label")."</td>";
if ($user->rights->banque->modifier || $user->rights->banque->consolidate) {
print '<td>';
@ -531,7 +532,7 @@ if ($result) {
// Label generique car entre parentheses. On l'affiche en le traduisant
print $langs->trans($reg[1]);
} else {
print $objp->label;
print dol_escape_htmltag($objp->label);
}
print '">';
print '</td>';
@ -541,7 +542,7 @@ if ($result) {
// Label generique car entre parentheses. On l'affiche en le traduisant
print $langs->trans($reg[1]);
} else {
print $objp->label;
print dol_escape_htmltag($objp->label);
}
print '</td>';
}

2
htdocs/compta/bank/various_payment/list.php
View File

@ -226,7 +226,7 @@ $sql .= " WHERE v.entity IN (".getEntity('payment_various').")";
// Search criteria
if ($search_ref) {
$sql .= " AND v.rowid=".$db->escape($search_ref);
$sql .= " AND v.rowid = ".((int) $search_ref);
}
if ($search_label) {
$sql .= natural_search(array('v.label'), $search_label);

2
htdocs/compta/cashcontrol/report.php
View File

@ -342,7 +342,7 @@ if ($resql) {
$sql .= "SET";
$sql .= " cash='".$db->escape($cash)."'";
$sql .= ", card='".$db->escape($bank)."'";
$sql .= " where rowid=".$id;
$sql .= " where rowid = ".((int) $id);
$db->query($sql);
*/

2
htdocs/compta/clients.php
View File

@ -127,7 +127,7 @@ if (dol_strlen($begin)) {
$sql .= natural_search("s.nom", $begin);
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY $sortfield $sortorder ";
$sql .= $db->plimit($conf->liste_limit + 1, $offset);

2
htdocs/compta/deplacement/card.php
View File

@ -366,7 +366,7 @@ if ($action == 'create') {
* Confirm delete trip
*/
if ($action == 'delete') {
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$id, $langs->trans("DeleteTrip"), $langs->trans("ConfirmDeleteTrip"), "confirm_delete");
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".urlencode($id), $langs->trans("DeleteTrip"), $langs->trans("ConfirmDeleteTrip"), "confirm_delete");
}
$soc = new Societe($db);

6
htdocs/compta/facture/card-rec.php
View File

@ -770,7 +770,7 @@ if (empty($reshook)) {
}
/*$line = new FactureLigne($db);
$line->fetch(GETPOST('lineid'));
$line->fetch(GETPOST('lineid', 'int'));
$percent = $line->get_prev_progress($object->id);
if (GETPOST('progress') < $percent)
@ -823,7 +823,7 @@ if (empty($reshook)) {
// Update line
if (!$error) {
$result = $object->updateline(
GETPOST('lineid'),
GETPOST('lineid', 'int'),
$description,
$pu_ht,
$qty,
@ -1597,7 +1597,7 @@ if ($action == 'create') {
// Lines
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#add' : '#line_'.GETPOST('lineid')).'" method="POST">
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#add' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">

20
htdocs/compta/facture/card.php
View File

@ -124,8 +124,11 @@ $usercancreate = $user->rights->facture->creer;
$usercanissuepayment = $user->rights->facture->paiement;
$usercandelete = $user->rights->facture->supprimer;
$usercanvalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $usercancreate) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->facture->invoice_advance->validate)));
$usercansend = (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->facture->invoice_advance->send);
$usercanreopen = (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->facture->invoice_advance->reopen);
$usercansend = (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->facture->invoice_advance->send)));
$usercanreopen = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $usercancreate) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->facture->invoice_advance->reopen)));
if (!empty($conf->global->INVOICE_DISALLOW_REOPEN)) {
$usercanreopen = false;
}
$usercanunvalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($usercancreate)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->facture->invoice_advance->unvalidate)));
$usercanproductignorepricemin = ((!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->produit->ignore_price_min_advance)) || empty($conf->global->MAIN_USE_ADVANCED_PERMS));
@ -193,8 +196,7 @@ if (empty($reshook)) {
setEventMessages($object->error, $object->errors, 'errors');
$action = '';
}
} elseif ($action == 'reopen' && $usercancreate) {
// Change status of invoice
} elseif ($action == 'reopen' && $usercanreopen) {
$result = $object->fetch($id);
if ($object->statut == Facture::STATUS_CLOSED || ($object->statut == Facture::STATUS_ABANDONED && ($object->close_code != 'replaced' || $object->getIdReplacingInvoice() == 0)) || ($object->statut == Facture::STATUS_VALIDATED && $object->paye == 1)) { // ($object->statut == 1 && $object->paye == 1) should not happened but can be found when data are corrupted
@ -238,13 +240,13 @@ if (empty($reshook)) {
$object->fetch($id);
$object->fetch_thirdparty();
$result = $object->deleteline(GETPOST('lineid'));
$result = $object->deleteline(GETPOST('lineid', 'int'));
if ($result > 0) {
// Define output language
$outputlangs = $langs;
$newlang = '';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && !empty($_REQUEST['lang_id'])) {
$newlang = $_REQUEST['lang_id'];
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id')) {
$newlang = GETPOST('lang_id');
}
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) {
$newlang = $object->thirdparty->default_lang;
@ -2416,7 +2418,7 @@ if (empty($reshook)) {
if (!$error) {
if (empty($usercancreatemargin)) {
foreach ($object->lines as &$line) {
if ($line->id == GETPOST('lineid')) {
if ($line->id == GETPOST('lineid', 'int')) {
$fournprice = $line->fk_fournprice;
$buyingprice = $line->pa_ht;
break;
@ -5168,7 +5170,7 @@ if ($action == 'create') {
}
}
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid')).'" method="POST">
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">

14
htdocs/compta/facture/class/api_invoices.class.php
View File

@ -407,7 +407,12 @@ class Invoices extends DolibarrApi
if (!DolibarrApi::_checkAccessToResource('facture', $this->invoice->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label);
$updateRes = $this->invoice->updateline(
$lineid,
$request_data->desc,
@ -419,7 +424,7 @@ class Invoices extends DolibarrApi
$request_data->tva_tx,
$request_data->localtax1_tx,
$request_data->localtax2_tx,
'HT',
$request_data->price_base_type ? $request_data->price_base_type : 'HT',
$request_data->info_bits,
$request_data->product_type,
$request_data->fk_parent_line,
@ -694,6 +699,9 @@ class Invoices extends DolibarrApi
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label);
// Reset fk_parent_line for no child products and special product
if (($request_data->product_type != 9 && empty($request_data->fk_parent_line)) || $request_data->product_type == 9) {
$request_data->fk_parent_line = 0;
@ -717,8 +725,8 @@ class Invoices extends DolibarrApi
$request_data->fk_code_ventilation,
$request_data->info_bits,
$request_data->fk_remise_except,
'HT',
0,
$request_data->price_base_type ? $request_data->price_base_type : 'HT',
$request_data->subprice,
$request_data->product_type,
$request_data->rang,
$request_data->special_code,

18
htdocs/compta/facture/class/facture-rec.class.php
View File

@ -765,7 +765,7 @@ class FactureRec extends CommonInvoice
{
$rowid = $this->id;
dol_syslog(get_class($this)."::delete rowid=".$rowid, LOG_DEBUG);
dol_syslog(get_class($this)."::delete rowid=".((int) $rowid), LOG_DEBUG);
$error = 0;
$this->db->begin();
@ -1153,14 +1153,14 @@ class FactureRec extends CommonInvoice
$sql .= ", date_end_fill=".((int) $date_end_fill);
$sql .= ", fk_product_fournisseur_price=".($fk_fournprice > 0 ? $fk_fournprice : 'null');
$sql .= ", buy_price_ht=".($pa_ht ? price2num($pa_ht) : 0);
$sql .= ", info_bits=".$info_bits;
$sql .= ", rang=".$rang;
$sql .= ", special_code=".$special_code;
$sql .= ", info_bits=".((int) $info_bits);
$sql .= ", rang=".((int) $rang);
$sql .= ", special_code=".((int) $special_code);
$sql .= ", fk_unit=".($fk_unit ? "'".$this->db->escape($fk_unit)."'" : "null");
$sql .= ', multicurrency_subprice = '.$pu_ht_devise;
$sql .= ', multicurrency_total_ht = '.$multicurrency_total_ht;
$sql .= ', multicurrency_total_tva = '.$multicurrency_total_tva;
$sql .= ', multicurrency_total_ttc = '.$multicurrency_total_ttc;
$sql .= ', multicurrency_subprice = '.price2num($pu_ht_devise);
$sql .= ', multicurrency_total_ht = '.price2num($multicurrency_total_ht);
$sql .= ', multicurrency_total_tva = '.price2num($multicurrency_total_tva);
$sql .= ', multicurrency_total_ttc = '.price2num($multicurrency_total_ttc);
$sql .= " WHERE rowid = ".((int) $rowid);
dol_syslog(get_class($this)."::updateline", LOG_DEBUG);
@ -1248,7 +1248,7 @@ class FactureRec extends CommonInvoice
$sql .= ' AND suspended = 0';
$sql .= ' AND entity = '.$conf->entity; // MUST STAY = $conf->entity here
if ($restrictioninvoiceid > 0) {
$sql .= ' AND rowid = '.$restrictioninvoiceid;
$sql .= ' AND rowid = '.((int) $restrictioninvoiceid);
}
$sql .= $this->db->order('entity', 'ASC');
//print $sql;exit;

22
htdocs/compta/facture/class/facture.class.php
View File

@ -1604,7 +1604,7 @@ class Facture extends CommonInvoice
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON f.fk_incoterms = i.rowid';
if ($rowid) {
$sql .= " WHERE f.rowid=".$rowid;
$sql .= " WHERE f.rowid=".((int) $rowid);
} else {
$sql .= ' WHERE f.entity IN ('.getEntity('invoice').')'; // Dont't use entity if you use rowid
if ($ref) {
@ -3657,7 +3657,7 @@ class Facture extends CommonInvoice
{
global $user;
dol_syslog(get_class($this)."::deleteline rowid=".$rowid, LOG_DEBUG);
dol_syslog(get_class($this)."::deleteline rowid=".((int) $rowid), LOG_DEBUG);
if ($this->statut != self::STATUS_DRAFT) {
$this->error = 'ErrorDeleteLineNotAllowedByObjectStatus';
@ -4902,7 +4902,7 @@ class Facture extends CommonInvoice
* @param int|string $template Name (or id) of email template (Must be a template of type 'facture_send')
* @return int 0 if OK, <>0 if KO (this function is used also by cron so only 0 is OK)
*/
public function sendEmailsReminderOnDueDate($nbdays = 0, $paymentmode = 'all', $template = '')
public function sendEmailsRemindersOnInvoiceDueDate($nbdays = 0, $paymentmode = 'all', $template = '')
{
global $conf, $langs, $user;
@ -4914,12 +4914,12 @@ class Facture extends CommonInvoice
if (empty($conf->facture->enabled)) { // Should not happen. If module disabled, cron job should not be visible.
$langs->load("bills");
$this->output = $langs->trans('ModuleNotEnabled', $langs->transnoentitiesnoconv("Facture"));
$this->output .= $langs->trans('ModuleNotEnabled', $langs->transnoentitiesnoconv("Facture"));
return 0;
}
/*if (empty($conf->global->FACTURE_REMINDER_EMAIL)) {
$langs->load("bills");
$this->output = $langs->trans('EventRemindersByEmailNotEnabled', $langs->transnoentitiesnoconv("Facture"));
$this->output .= $langs->trans('EventRemindersByEmailNotEnabled', $langs->transnoentitiesnoconv("Facture"));
return 0;
}
*/
@ -4941,7 +4941,7 @@ class Facture extends CommonInvoice
$sql .= ", ".MAIN_DB_PREFIX."c_paiement as cp";
}
$sql .= " WHERE f.paye = 0";
$sql .= " AND f.date_lim_reglement = '".$this->db->idate(dol_get_first_hour(dol_time_plus_duree(dol_now(), -1 * $nbdays, 'd'), 'gmt'), 'gmt')."'";
$sql .= " AND f.date_lim_reglement = '".$this->db->idate(dol_get_first_hour(dol_time_plus_duree($now, -1 * $nbdays, 'd'), 'gmt'), 'gmt')."'";
$sql .= " AND f.entity IN (".getEntity('facture').")";
if (!empty($paymentmode) && $paymentmode != 'all') {
$sql .= " AND f.fk_mode_reglement = cp.id AND cp.code = '".$this->db->escape($paymentmode)."'";
@ -4950,6 +4950,8 @@ class Facture extends CommonInvoice
$sql .= $this->db->order("date_lim_reglement", "ASC");
$resql = $this->db->query($sql);
$this->output .= 'Search unpaid invoices with due date = '.$this->db->idate(dol_get_first_hour(dol_time_plus_duree($now, -1 * $nbdays, 'd'), 'gmt'), 'gmt').'<br>';
if ($resql) {
while ($obj = $this->db->fetch_object($resql)) {
if (!$error) {
@ -4969,7 +4971,7 @@ class Facture extends CommonInvoice
$arraymessage = $formmail->getEMailTemplate($this->db, 'facture_send', $user, $outputlangs, (is_numeric($template) ? $template : 0), 1, (is_numeric($template) ? '' : $template));
if (is_numeric($arraymessage) && $arraymessage <= 0) {
$langs->load("bills");
$this->output = $langs->trans('FailedToFindEmailTemplate', $template);
$this->output .= $langs->trans('FailedToFindEmailTemplate', $template);
return 0;
}
@ -5040,7 +5042,7 @@ class Facture extends CommonInvoice
}
if (!$error) {
$this->output = 'Nb of emails sent : '.$nbMailSend;
$this->output .= 'Nb of emails sent : '.$nbMailSend;
$this->db->commit();
return 0;
} else {
@ -5739,8 +5741,8 @@ class FactureLigne extends CommonInvoiceLine
if ($include_credit_note) {
$sql = 'SELECT fd.situation_percent FROM '.MAIN_DB_PREFIX.'facturedet fd';
$sql .= ' JOIN '.MAIN_DB_PREFIX.'facture f ON (f.rowid = fd.fk_facture) ';
$sql .= ' WHERE fd.fk_prev_id ='.$this->fk_prev_id;
$sql .= ' AND f.situation_cycle_ref = '.$invoicecache[$invoiceid]->situation_cycle_ref; // Prevent cycle outed
$sql .= ' WHERE fd.fk_prev_id = '.((int) $this->fk_prev_id);
$sql .= ' AND f.situation_cycle_ref = '.((int) $invoicecache[$invoiceid]->situation_cycle_ref); // Prevent cycle outed
$sql .= ' AND f.type = '.Facture::TYPE_CREDIT_NOTE;
$res = $this->db->query($sql);

2
htdocs/compta/facture/list.php
View File

@ -550,7 +550,7 @@ if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".$db->escape($search_product_category);
}
if ($socid > 0) {
$sql .= ' AND s.rowid = '.$socid;
$sql .= ' AND s.rowid = '.((int) $socid);
}
if ($userid) {
if ($userid == -1) {

3
htdocs/compta/index.php
View File

@ -75,6 +75,9 @@ $maxOpenCount = empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->globa
$hookmanager->initHooks(array('invoiceindex'));
$maxofloop = (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD);
/*
* Actions
*/

2
htdocs/compta/paiement.php
View File

@ -873,7 +873,7 @@ if (!GETPOST('action', 'aZ09')) {
$sql .= ' WHERE p.fk_facture = f.rowid';
$sql .= ' AND f.entity IN ('.getEntity('invoice').')';
if ($socid) {
$sql .= ' AND f.fk_soc = '.$socid;
$sql .= ' AND f.fk_soc = '.((int) $socid);
}
$sql .= ' ORDER BY '.$sortfield.' '.$sortorder;

72
htdocs/compta/paiement/card.php
View File

@ -110,27 +110,69 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture
$db->commit();
// Loop on each invoice linked to this payment to rebuild PDF
$factures = array();
foreach ($factures as $id) {
$fac = new Facture($db);
$fac->fetch($id);
if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) {
$outputlangs = $langs;
if (GETPOST('lang_id', 'aZ09')) {
$outputlangs = new Translate("", $conf);
$outputlangs->setDefaultLang(GETPOST('lang_id', 'aZ09'));
}
$outputlangs = $langs;
if (!empty($_REQUEST['lang_id'])) {
$outputlangs = new Translate("", $conf);
$outputlangs->setDefaultLang($_REQUEST['lang_id']);
}
if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) {
$fac->generateDocument($fac->model_pdf, $outputlangs);
}
$hidedetails = ! empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0;
$hidedesc = ! empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0;
$hideref = !empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0;
$sql = 'SELECT f.rowid as facid';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf,'.MAIN_DB_PREFIX.'facture as f,'.MAIN_DB_PREFIX.'societe as s';
$sql .= ' WHERE pf.fk_facture = f.rowid';
$sql .= ' AND f.fk_soc = s.rowid';
$sql .= ' AND f.entity IN ('.getEntity('invoice').')';
$sql .= ' AND pf.fk_paiement = '.$object->id;
$resql = $db->query($sql);
if ($resql)
{
$i = 0;
$num = $db->num_rows($resql);
if ($num > 0)
{
while ($i < $num)
{
$objp = $db->fetch_object($resql);
$invoice = new Facture($db);
if ($invoice->fetch($objp->facid) <= 0) {
$errors++;
setEventMessages($invoice->error, $invoice->errors, 'errors');
break;
}
if ($invoice->generateDocument($invoice->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref) < 0) {
$errors++;
setEventMessages($invoice->error, $invoice->errors, 'errors');
break;
}
$i++;
}
}
$db->free($resql);
} else {
$errors++;
setEventMessages($db->error, $db->errors, 'errors');
}
}
header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id);
exit;
if (! $errors) {
header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id);
exit;
}
} else {
$db->rollback();
$langs->load("errors");
setEventMessages($object->error, $object->errors, 'errors');
$db->rollback();
}
}

2
htdocs/compta/paiement/cheque/class/remisecheque.class.php
View File

@ -171,7 +171,7 @@ class RemiseCheque extends CommonObject
$sql .= "'".$this->db->idate($now)."'";
$sql .= ", '".$this->db->idate($now)."'";
$sql .= ", ".$user->id;
$sql .= ", ".$account_id;
$sql .= ", ".((int) $account_id);
$sql .= ", 0";
$sql .= ", 0";
$sql .= ", 0";

9
htdocs/compta/paiement/class/paiement.class.php
View File

@ -413,8 +413,15 @@ class Paiement extends CommonObject
$outputlangs = new Translate("", $conf);
$outputlangs->setDefaultLang($newlang);
}
$hidedetails = ! empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0;
$hidedesc = ! empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0;
$hideref = !empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0;
$ret = $invoice->fetch($facid); // Reload to get new records
$result = $invoice->generateDocument($invoice->model_pdf, $outputlangs);
$result = $invoice->generateDocument($invoice->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref);
if ($result < 0) {
setEventMessages($invoice->error, $invoice->errors, 'errors');
$error++;

2
htdocs/compta/prelevement/card.php
View File

@ -380,7 +380,7 @@ if ($id > 0 || $ref) {
$num = $db->num_rows($result);
$i = 0;
$urladd = "&amp;id=".$id;
$urladd = "&id=".urlencode($id);
print '<form method="get" action="'.$_SERVER ['PHP_SELF'].'" name="search_form">'."\n";
print '<input type="hidden" name="id" value="'.$id.'"/>';

6
htdocs/compta/prelevement/class/bonprelevement.class.php
View File

@ -229,9 +229,9 @@ class BonPrelevement extends CommonObject
$sql .= ", cle_rib";
$sql .= ") VALUES (";
$sql .= $this->id;
$sql .= ", ".$client_id;
$sql .= ", ".((int) $client_id);
$sql .= ", '".$this->db->escape($client_nom)."'";
$sql .= ", '".price2num($amount)."'";
$sql .= ", ".((float) price2num($amount));
$sql .= ", '".$this->db->escape($code_banque)."'";
$sql .= ", '".$this->db->escape($code_guichet)."'";
$sql .= ", '".$this->db->escape($number)."'";
@ -290,7 +290,7 @@ class BonPrelevement extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons as p";
$sql .= " WHERE p.entity IN (".getEntity('invoice').")";
if ($rowid > 0) {
$sql .= " AND p.rowid = ".$rowid;
$sql .= " AND p.rowid = ".((int) $rowid);
} else {
$sql .= " AND p.ref = '".$this->db->escape($ref)."'";
}

2
htdocs/compta/prelevement/class/ligneprelevement.class.php
View File

@ -79,7 +79,7 @@ class LignePrelevement
$sql .= ", pl.statut, pl.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl";
$sql .= ", ".MAIN_DB_PREFIX."prelevement_bons as p";
$sql .= " WHERE pl.rowid=".$rowid;
$sql .= " WHERE pl.rowid=".((int) $rowid);
$sql .= " AND p.rowid = pl.fk_prelevement_bons";
$sql .= " AND p.entity = ".$conf->entity;

2
htdocs/compta/prelevement/factures.php
View File

@ -220,7 +220,7 @@ if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
$param = "&id=".$id;
$param = "&id=".urlencode($id);
// Lines of title fields
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';

2
htdocs/compta/prelevement/line.php
View File

@ -275,7 +275,7 @@ if ($id) {
$num = $db->num_rows($result);
$i = 0;
$urladd = "&amp;id=".$id;
$urladd = "&id=".urlencode($id);
print_barre_liste($langs->trans("Bills"), $page, "factures.php", $urladd, $sortfield, $sortorder, '', $num, 0, '');

2
htdocs/compta/prelevement/list.php
View File

@ -125,7 +125,7 @@ if ($type == 'bank-transfer') {
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
if ($search_line) {
$sql .= " AND pl.rowid = '".$db->escape($search_line)."'";

2
htdocs/compta/prelevement/rejets.php
View File

@ -99,7 +99,7 @@ if ($type == 'bank-transfer') {
$sql .= " AND p.type = 'debit-order'";
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $db->plimit($limit + 1, $offset);

19
htdocs/compta/sociales/card.php
View File

@ -134,12 +134,17 @@ if ($action == 'setbankaccount' && $user->rights->tax->charges->creer) {
// Delete social contribution
if ($action == 'confirm_delete' && $confirm == 'yes') {
$object->fetch($id);
$result = $object->delete($user);
if ($result > 0) {
header("Location: list.php");
exit;
$totalpaye = $object->getSommePaiement();
if (empty($totalpaye)) {
$result = $object->delete($user);
if ($result > 0) {
header("Location: list.php");
exit;
} else {
setEventMessages($object->error, $object->errors, 'errors');
}
} else {
setEventMessages($object->error, $object->errors, 'errors');
setEventMessages($langs->trans('DisabledBecausePayments'), null, 'errors');
}
}
@ -771,8 +776,10 @@ if ($id > 0) {
}
// Delete
if ($user->rights->tax->charges->supprimer) {
if ($user->rights->tax->charges->supprimer && empty($totalpaye)) {
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.DOL_URL_ROOT.'/compta/sociales/card.php?id='.$object->id.'&amp;action=delete&amp;token='.newToken().'">'.$langs->trans("Delete").'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.(dol_escape_htmltag($langs->trans("DisabledBecausePayments"))).'">'.$langs->trans("Delete").'</a></div>';
}
print "</div>";

2
htdocs/compta/sociales/class/chargesociales.class.php
View File

@ -147,7 +147,7 @@ class ChargeSociales extends CommonObject
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as p ON cs.fk_mode_reglement = p.id';
$sql .= ' WHERE cs.entity IN ('.getEntity('tax').')';
if ($ref) {
$sql .= " AND cs.rowid = ".$ref;
$sql .= " AND cs.ref = '".$this->db->escape($ref)."'";
} else {
$sql .= " AND cs.rowid = ".((int) $id);
}

2
htdocs/compta/sociales/list.php
View File

@ -195,7 +195,7 @@ $sql .= " WHERE cs.fk_type = c.id";
$sql .= " AND cs.entity = ".$conf->entity;
// Search criteria
if ($search_ref) {
$sql .= " AND cs.rowid=".$db->escape($search_ref);
$sql .= " AND cs.ref = '".$db->escape($search_ref)."'";
}
if ($search_label) {
$sql .= natural_search("cs.libelle", $search_label);

Some files were not shown because too many files have changed in this diff Show More