lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into 15.0

Browse Source 
Conflicts:
	htdocs/reception/card.php
This commit is contained in:
Laurent Destailleur 2022-01-28 15:57:09 +01:00
commit ef70777cf1
6 changed files with 122 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/modules/modUser.class.php
View File

@ -239,7 +239,7 @@ class modUser extends DolibarrModules
'u.accountancy_code'=>'Text',
'u.address'=>"Text", 'u.zip'=>"Text", 'u.town'=>"Text",
'u.office_phone'=>'Text', 'u.user_mobile'=>'Text', 'u.office_fax'=>'Text',
'u.email'=>'Text', 'u.datec'=>"Date", 'u.tms'=>"Date", 'u.admin'=>"Boolean", 'u.statut'=>'Status', 'u.note'=>"Text", 'u.datelastlogin'=>'Date',
'u.email'=>'Text', 'u.datec'=>"Date", 'u.tms'=>"Date", 'u.admin'=>"Boolean", 'u.statut'=>'Status', 'u.note'=>"Text", 'u.signature'=>"Text", 'u.datelastlogin'=>'Date',
'u.fk_user'=>"List:user:login",
'u.birth'=>'Date',
'u.datepreviouslogin'=>'Date', 'u.fk_soc'=>"List:societe:nom:rowid", 'u.fk_member'=>"List:adherent:firstname",

9
htdocs/exports/export.php
View File

@ -388,16 +388,17 @@ if ($step == 4 && $action == 'submitFormField') {
$_SESSION["export_filtered_fields"] = array();
foreach ($objexport->array_export_TypeFields[0] as $code => $type) { // $code: s.fieldname $value: Text|Boolean|List:ccc
$newcode = (string) preg_replace('/\./', '_', $code);
//print 'xxx'.$code."=".$newcode."=".$type."=".$_POST[$newcode]."\n<br>";
//print 'xxx '.$code."=".$newcode."=".$type."=".$_POST[$newcode]."\n<br>";
$check = 'alphanohtml';
$filterqualified = 1;
if (!GETPOSTISSET($newcode) || GETPOST($newcode, 'restricthtml') == '') {
if (!GETPOSTISSET($newcode) || GETPOST($newcode, $check) == '') {
$filterqualified = 0;
} elseif (preg_match('/^List/', $type) && (is_numeric(GETPOST($newcode, 'restricthtml')) && GETPOST($newcode, 'restricthtml') <= 0)) {
} elseif (preg_match('/^List/', $type) && (is_numeric(GETPOST($newcode, $check)) && GETPOST($newcode, $check) <= 0)) {
$filterqualified = 0;
}
if ($filterqualified) {
//print 'Filter on '.$newcode.' type='.$type.' value='.$_POST[$newcode]."\n";
$objexport->array_export_FilterValue[0][$code] = GETPOST($newcode, 'restricthtml');
$objexport->array_export_FilterValue[0][$code] = GETPOST($newcode, $check);
}
}
$array_filtervalue = (!empty($objexport->array_export_FilterValue[0]) ? $objexport->array_export_FilterValue[0] : '');

5
htdocs/fourn/commande/dispatch.php
View File

@ -622,10 +622,11 @@ if ($id > 0 || !empty($ref)) {
// if ($mesg) print $mesg;
print '<br>';
$disabled = 1;
/*$disabled = 1;
if (!empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER)) {
$disabled = 0;
}
}*/
$disabled = 0; // This is used to disable or not the bulk selection of target warehouse. No reason to have it disabled so forced to 0.
// Line of orders
if ($object->statut <= CommandeFournisseur::STATUS_ACCEPTED || $object->statut >= CommandeFournisseur::STATUS_CANCELED) {

8
htdocs/install/upgrade.php
View File

@ -309,8 +309,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
$filelist = array();
$i = 0;
$ok = 0;
$from = '^'.$newversionfrom;
$to = $newversionto.'\.sql$';
$from = '^'.preg_quote($newversionfrom, '/');
$to = preg_quote($newversionto.'.sql', '/').'$';
// Get files list
$filesindir = array();
@ -328,9 +328,9 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
// Define which file to run
foreach ($filesindir as $file) {
if (preg_match('/'.$from.'/i', $file)) {
if (preg_match('/'.$from.'\-/i', $file)) {
$filelist[] = $file;
} elseif (preg_match('/'.$to.'/i', $file)) { // First test may be false if we migrate from x.y.* to x.y.*
} elseif (preg_match('/\-'.$to.'/i', $file)) { // First test may be false if we migrate from x.y.* to x.y.*
$filelist[] = $file;
}
}

175
htdocs/reception/card.php
View File

@ -1048,9 +1048,17 @@ if ($action == 'create') {
print "</tr>\n";
}
// $objectsrc->lines contains the line of the purchase order
// $dispatchLines is list of lines with dispatching detail (with product, qty and warehouse). One purchase order line may have n of this dispatch lines.
$arrayofpurchaselinealreadyoutput= array();
// $_POST contains fk_commandefourndet_X_Y where Y is num of product line and X is number of splitted line
$indiceAsked = 1;
while ($indiceAsked <= $numAsked) {
while ($indiceAsked <= $numAsked) { // Loop on $dispatchLines. Warning: $dispatchLines must be sorted by fk_commandefourndet (it is a regroupment key on output)
$product = new Product($db);
// We search the purchase order line that is linked to the dispatchLines
foreach ($objectsrc->lines as $supplierLine) {
if ($dispatchLines[$indiceAsked]['fk_commandefourndet'] == $supplierLine->id) {
$line = $supplierLine;
@ -1072,7 +1080,6 @@ if ($action == 'create') {
print '<!-- line fk_commandefourndet='.$line->id.' for product='.$line->fk_product.' -->'."\n";
print '<tr class="oddeven">'."\n";
// Product label
if ($line->fk_product > 0) { // If predefined product
$product->fetch($line->fk_product);
@ -1081,42 +1088,45 @@ if ($action == 'create') {
print '<td>';
print '<a name="'.$line->id.'"></a>'; // ancre pour retourner sur la ligne
print '<input type="hidden" name="productid'.$indiceAsked.'" value="'.$line->fk_product.'">';
if (! array_key_exists($line->id, $arrayofpurchaselinealreadyoutput)) { // Add test to avoid to show qty twice
print '<input type="hidden" name="productid'.$indiceAsked.'" value="'.$line->fk_product.'">';
// Show product and description
$product_static = $product;
// Show product and description
$product_static = $product;
$text = $product_static->getNomUrl(1);
$text .= ' - '.(!empty($line->label) ? $line->label : $line->product_label);
$description = ($conf->global->PRODUIT_DESC_IN_FORM ? '' : dol_htmlentitiesbr($line->desc));
print $form->textwithtooltip($text, $description, 3, '', '', $i);
$text = $product_static->getNomUrl(1);
$text .= ' - '.(!empty($line->label) ? $line->label : $line->product_label);
$description = ($conf->global->PRODUIT_DESC_IN_FORM ? '' : dol_htmlentitiesbr($line->desc));
print $form->textwithtooltip($text, $description, 3, '', '', $i);
// Show range
print_date_range($db->jdate($line->date_start), $db->jdate($line->date_end));
// Show range
print_date_range($db->jdate($line->date_start), $db->jdate($line->date_end));
// Add description in form
if (!empty($conf->global->PRODUIT_DESC_IN_FORM)) {
print ($line->desc && $line->desc != $line->product_label) ? '<br>'.dol_htmlentitiesbr($line->desc) : '';
// Add description in form
if (!empty($conf->global->PRODUIT_DESC_IN_FORM)) {
print ($line->desc && $line->desc != $line->product_label) ? '<br>'.dol_htmlentitiesbr($line->desc) : '';
}
}
print '</td>';
} else {
print "<td>";
if ($type == 1) {
$text = img_object($langs->trans('Service'), 'service');
} else {
$text = img_object($langs->trans('Product'), 'product');
}
if (! array_key_exists($line->id, $arrayofpurchaselinealreadyoutput)) { // Add test to avoid to show qty twice
if ($type == 1) {
$text = img_object($langs->trans('Service'), 'service');
} else {
$text = img_object($langs->trans('Product'), 'product');
}
if (!empty($line->label)) {
$text .= ' <strong>'.$line->label.'</strong>';
print $form->textwithtooltip($text, $line->desc, 3, '', '', $i);
} else {
print $text.' '.nl2br($line->desc);
}
if (!empty($line->label)) {
$text .= ' <strong>'.$line->label.'</strong>';
print $form->textwithtooltip($text, $line->desc, 3, '', '', $i);
} else {
print $text.' '.nl2br($line->desc);
}
// Show range
print_date_range($db->jdate($line->date_start), $db->jdate($line->date_end));
// Show range
print_date_range($db->jdate($line->date_start), $db->jdate($line->date_end));
}
print "</td>\n";
}
@ -1127,8 +1137,11 @@ if ($action == 'create') {
print '<input type="text" class="maxwidth100" name="comment'.$indiceAsked.'" value="'.$defaultcomment.'">';
print '</td>';
// Qty
print '<td class="center">'.$line->qty;
// Qty in source purchase order line
print '<td class="center">';
if (! array_key_exists($line->id, $arrayofpurchaselinealreadyoutput)) { // Add test to avoid to show qty twice
print $line->qty;
}
print '<input type="hidden" name="fk_commandefournisseurdet'.$indiceAsked.'" value="'.$line->id.'">';
print '<input type="hidden" name="pul'.$indiceAsked.'" value="'.$line->pu_ht.'">';
print '<input name="qtyasked'.$indiceAsked.'" id="qtyasked'.$indiceAsked.'" type="hidden" value="'.$line->qty.'">';
@ -1138,7 +1151,9 @@ if ($action == 'create') {
// Qty already received
print '<td class="center">';
$quantityDelivered = $objectsrc->receptions[$line->id];
print $quantityDelivered;
if (! array_key_exists($line->id, $arrayofpurchaselinealreadyoutput)) { // Add test to avoid to show qty twice
print $quantityDelivered;
}
print '<input name="qtydelivered'.$indiceAsked.'" id="qtydelivered'.$indiceAsked.'" type="hidden" value="'.$quantityDelivered.'">';
print '</td>';
@ -1214,6 +1229,9 @@ if ($action == 'create') {
}
}
}
$arrayofpurchaselinealreadyoutput[$line->id] = $line->id;
print "</tr>\n";
$extralabelslines = $extrafields->attributes[$line->table_element];
@ -1775,7 +1793,9 @@ if ($action == 'create') {
//var_dump($alreadysent);
}
// Loop on each product to send/sent
$arrayofpurchaselinealreadyoutput = array();
// Loop on each product to send/sent. Warning: $lines must be sorted by ->fk_commandefourndet (it is a regroupment key on output)
for ($i = 0; $i < $num_prod; $i++) {
print '<!-- origin line id = '.(!empty($lines[$i]->origin_line_id) ? $lines[$i]->origin_line_id : 0).' -->'; // id of order line
print '<tr class="oddeven">';
@ -1797,32 +1817,35 @@ if ($action == 'create') {
}
print '<td>';
$text = $lines[$i]->product->getNomUrl(1);
$text .= ' - '.$label;
$description = (!empty($conf->global->PRODUIT_DESC_IN_FORM) ? '' : dol_htmlentitiesbr($lines[$i]->product->description));
print $form->textwithtooltip($text, $description, 3, '', '', $i);
print_date_range(!empty($lines[$i]->date_start) ? $lines[$i]->date_start : 0, !empty($lines[$i]->date_end) ? $lines[$i]->date_end : 0);
if (!empty($conf->global->PRODUIT_DESC_IN_FORM)) {
print (!empty($lines[$i]->product->description) && $lines[$i]->description != $lines[$i]->product->description) ? '<br>'.dol_htmlentitiesbr($lines[$i]->description) : '';
if (!array_key_exists($lines[$i]->fk_commandefourndet, $arrayofpurchaselinealreadyoutput)) {
$text = $lines[$i]->product->getNomUrl(1);
$text .= ' - '.$label;
$description = (!empty($conf->global->PRODUIT_DESC_IN_FORM) ? '' : dol_htmlentitiesbr($lines[$i]->product->description));
print $form->textwithtooltip($text, $description, 3, '', '', $i);
print_date_range(!empty($lines[$i]->date_start) ? $lines[$i]->date_start : 0, !empty($lines[$i]->date_end) ? $lines[$i]->date_end : 0);
if (!empty($conf->global->PRODUIT_DESC_IN_FORM)) {
print (!empty($lines[$i]->product->description) && $lines[$i]->description != $lines[$i]->product->description) ? '<br>'.dol_htmlentitiesbr($lines[$i]->description) : '';
}
}
print "</td>\n";
} else {
print "<td>";
if ($lines[$i]->product_type == Product::TYPE_SERVICE) {
$text = img_object($langs->trans('Service'), 'service');
} else {
$text = img_object($langs->trans('Product'), 'product');
}
if (!array_key_exists($lines[$i]->fk_commandefourndet, $arrayofpurchaselinealreadyoutput)) {
if ($lines[$i]->product_type == Product::TYPE_SERVICE) {
$text = img_object($langs->trans('Service'), 'service');
} else {
$text = img_object($langs->trans('Product'), 'product');
}
if (!empty($lines[$i]->label)) {
$text .= ' <strong>'.$lines[$i]->label.'</strong>';
print $form->textwithtooltip($text, $lines[$i]->description, 3, '', '', $i);
} else {
print $text.' '.nl2br($lines[$i]->description);
}
if (!empty($lines[$i]->label)) {
$text .= ' <strong>'.$lines[$i]->label.'</strong>';
print $form->textwithtooltip($text, $lines[$i]->description, 3, '', '', $i);
} else {
print $text.' '.nl2br($lines[$i]->description);
}
print_date_range($lines[$i]->date_start, $lines[$i]->date_end);
print_date_range($lines[$i]->date_start, $lines[$i]->date_end);
}
print "</td>\n";
}
@ -1834,33 +1857,39 @@ if ($action == 'create') {
// Qty ordered
print '<td class="center">'.$lines[$i]->qty_asked.'</td>';
print '<td class="center">';
if (!array_key_exists($lines[$i]->fk_commandefourndet, $arrayofpurchaselinealreadyoutput)) {
print $lines[$i]->qty_asked;
}
print '</td>';
// Qty in other receptions (with reception and warehouse used)
if ($origin && $origin_id > 0) {
print '<td class="center nowrap">';
foreach ($alreadysent as $key => $val) {
if ($lines[$i]->fk_commandefourndet == $key) {
$j = 0;
foreach ($val as $receptionline_id => $receptionline_var) {
if ($receptionline_var['reception_id'] == $lines[$i]->fk_reception) {
continue; // We want to show only "other receptions"
}
if (!array_key_exists($lines[$i]->fk_commandefourndet, $arrayofpurchaselinealreadyoutput)) {
foreach ($alreadysent as $key => $val) {
if ($lines[$i]->fk_commandefourndet == $key) {
$j = 0;
foreach ($val as $receptionline_id => $receptionline_var) {
if ($receptionline_var['reception_id'] == $lines[$i]->fk_reception) {
continue; // We want to show only "other receptions"
}
$j++;
if ($j > 1) {
print '<br>';
}
$reception_static->fetch($receptionline_var['reception_id']);
print $reception_static->getNomUrl(1);
print ' - '.$receptionline_var['qty'];
$j++;
if ($j > 1) {
print '<br>';
}
$reception_static->fetch($receptionline_var['reception_id']);
print $reception_static->getNomUrl(1);
print ' - '.$receptionline_var['qty'];
$htmltext = $langs->trans("DateValidation").' : '.(empty($receptionline_var['date_valid']) ? $langs->trans("Draft") : dol_print_date($receptionline_var['date_valid'], 'dayhour'));
if (!empty($conf->stock->enabled) && $receptionline_var['warehouse'] > 0) {
$warehousestatic->fetch($receptionline_var['warehouse']);
$htmltext .= '<br>'.$langs->trans("From").' : '.$warehousestatic->getNomUrl(1, '', 0, 1);
$htmltext = $langs->trans("DateValidation").' : '.(empty($receptionline_var['date_valid']) ? $langs->trans("Draft") : dol_print_date($receptionline_var['date_valid'], 'dayhour'));
if (!empty($conf->stock->enabled) && $receptionline_var['warehouse'] > 0) {
$warehousestatic->fetch($receptionline_var['warehouse']);
$htmltext .= '<br>'.$langs->trans("From").' : '.$warehousestatic->getNomUrl(1, '', 0, 1);
}
print ' '.$form->textwithpicto('', $htmltext, 1);
}
print ' '.$form->textwithpicto('', $htmltext, 1);
}
}
}
@ -1990,6 +2019,8 @@ if ($action == 'create') {
}
print "</tr>";
$arrayofpurchaselinealreadyoutput[$lines[$i]->fk_commandefourndet] = $lines[$i]->fk_commandefourndet;
// Display lines extrafields
$extralabelslines = $extrafields->attributes[$lines[$i]->table_element];
if (!empty($extralabelslines) && is_array($extralabelslines) && count($extralabelslines) > 0) {

8
test/phpunit/SecurityTest.php
View File

@ -359,7 +359,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$_POST['param8b']='<img src=x onerror=alert(document.location) t='; // this is html obfuscated by non closing tag
$_POST['param8c']='< with space after is ok';
$_POST['param8d']='<abc123 is html to clean';
$_POST['param8e']='<123abc is not html to clean';
$_POST['param8e']='<123abc is not html to clean'; // other similar case: '<2021-12-12'
$_POST['param8f']='abc<<svg <><<animate onbegin=alert(document.domain) a';
$_POST["param9"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'objnotdefined\'';
$_POST["param10"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'<abc>objnotdefined\'';
@ -501,6 +501,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print __METHOD__." result param7 = ".$result."\n";
$this->assertEquals('"c:\this is a path~1\aaan &#x;;;;" abcdef', $result);
$result=GETPOST("param8e", 'restricthtml');
print __METHOD__." result param8e = ".$result."\n";
$this->assertEquals('', $result);
$result=GETPOST("param12", 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals(trim($_POST["param12"]), $result, 'Test a string with DOCTYPE and restricthtml');
@ -519,7 +523,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$result=GETPOST("param15", 'restricthtml'); // <img onerror<=alert(document.domain)> src=>0xbeefed
print __METHOD__." result=".$result."\n";
$this->assertEquals("<img onerror=alert(document.domain) src=>0xbeefed", $result, 'Test 15a'); // The GETPOST return a harmull string
$this->assertEquals("<img onerror=alert(document.domain) src=>0xbeefed", $result, 'Test 15'); // The GETPOST return a harmull string
// Test with restricthtml + MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES to test disabling of bad atrributes
$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 1;