diff --git a/htdocs/core/modules/modUser.class.php b/htdocs/core/modules/modUser.class.php index 4b660e6159a..f77f1dacedf 100644 --- a/htdocs/core/modules/modUser.class.php +++ b/htdocs/core/modules/modUser.class.php @@ -239,7 +239,7 @@ class modUser extends DolibarrModules 'u.accountancy_code'=>'Text', 'u.address'=>"Text", 'u.zip'=>"Text", 'u.town'=>"Text", 'u.office_phone'=>'Text', 'u.user_mobile'=>'Text', 'u.office_fax'=>'Text', - 'u.email'=>'Text', 'u.datec'=>"Date", 'u.tms'=>"Date", 'u.admin'=>"Boolean", 'u.statut'=>'Status', 'u.note'=>"Text", 'u.datelastlogin'=>'Date', + 'u.email'=>'Text', 'u.datec'=>"Date", 'u.tms'=>"Date", 'u.admin'=>"Boolean", 'u.statut'=>'Status', 'u.note'=>"Text", 'u.signature'=>"Text", 'u.datelastlogin'=>'Date', 'u.fk_user'=>"List:user:login", 'u.birth'=>'Date', 'u.datepreviouslogin'=>'Date', 'u.fk_soc'=>"List:societe:nom:rowid", 'u.fk_member'=>"List:adherent:firstname", diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php index 93e20b06afe..ae5629b733b 100644 --- a/htdocs/exports/export.php +++ b/htdocs/exports/export.php @@ -388,16 +388,17 @@ if ($step == 4 && $action == 'submitFormField') { $_SESSION["export_filtered_fields"] = array(); foreach ($objexport->array_export_TypeFields[0] as $code => $type) { // $code: s.fieldname $value: Text|Boolean|List:ccc $newcode = (string) preg_replace('/\./', '_', $code); - //print 'xxx'.$code."=".$newcode."=".$type."=".$_POST[$newcode]."\n
"; + //print 'xxx '.$code."=".$newcode."=".$type."=".$_POST[$newcode]."\n
"; + $check = 'alphanohtml'; $filterqualified = 1; - if (!GETPOSTISSET($newcode) || GETPOST($newcode, 'restricthtml') == '') { + if (!GETPOSTISSET($newcode) || GETPOST($newcode, $check) == '') { $filterqualified = 0; - } elseif (preg_match('/^List/', $type) && (is_numeric(GETPOST($newcode, 'restricthtml')) && GETPOST($newcode, 'restricthtml') <= 0)) { + } elseif (preg_match('/^List/', $type) && (is_numeric(GETPOST($newcode, $check)) && GETPOST($newcode, $check) <= 0)) { $filterqualified = 0; } if ($filterqualified) { //print 'Filter on '.$newcode.' type='.$type.' value='.$_POST[$newcode]."\n"; - $objexport->array_export_FilterValue[0][$code] = GETPOST($newcode, 'restricthtml'); + $objexport->array_export_FilterValue[0][$code] = GETPOST($newcode, $check); } } $array_filtervalue = (!empty($objexport->array_export_FilterValue[0]) ? $objexport->array_export_FilterValue[0] : ''); diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php index abeee1a9e26..f93e51dc850 100644 --- a/htdocs/fourn/commande/dispatch.php +++ b/htdocs/fourn/commande/dispatch.php @@ -622,10 +622,11 @@ if ($id > 0 || !empty($ref)) { // if ($mesg) print $mesg; print '
'; - $disabled = 1; + /*$disabled = 1; if (!empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER)) { $disabled = 0; - } + }*/ + $disabled = 0; // This is used to disable or not the bulk selection of target warehouse. No reason to have it disabled so forced to 0. // Line of orders if ($object->statut <= CommandeFournisseur::STATUS_ACCEPTED || $object->statut >= CommandeFournisseur::STATUS_CANCELED) { diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php index c03678151fc..e58ae528f97 100644 --- a/htdocs/install/upgrade.php +++ b/htdocs/install/upgrade.php @@ -309,8 +309,8 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ $filelist = array(); $i = 0; $ok = 0; - $from = '^'.$newversionfrom; - $to = $newversionto.'\.sql$'; + $from = '^'.preg_quote($newversionfrom, '/'); + $to = preg_quote($newversionto.'.sql', '/').'$'; // Get files list $filesindir = array(); @@ -328,9 +328,9 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ // Define which file to run foreach ($filesindir as $file) { - if (preg_match('/'.$from.'/i', $file)) { + if (preg_match('/'.$from.'\-/i', $file)) { $filelist[] = $file; - } elseif (preg_match('/'.$to.'/i', $file)) { // First test may be false if we migrate from x.y.* to x.y.* + } elseif (preg_match('/\-'.$to.'/i', $file)) { // First test may be false if we migrate from x.y.* to x.y.* $filelist[] = $file; } } diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index e9dc03d7571..2d7c46e0c85 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -1048,9 +1048,17 @@ if ($action == 'create') { print "\n"; } + // $objectsrc->lines contains the line of the purchase order + // $dispatchLines is list of lines with dispatching detail (with product, qty and warehouse). One purchase order line may have n of this dispatch lines. + + $arrayofpurchaselinealreadyoutput= array(); + + // $_POST contains fk_commandefourndet_X_Y where Y is num of product line and X is number of splitted line $indiceAsked = 1; - while ($indiceAsked <= $numAsked) { + while ($indiceAsked <= $numAsked) { // Loop on $dispatchLines. Warning: $dispatchLines must be sorted by fk_commandefourndet (it is a regroupment key on output) $product = new Product($db); + + // We search the purchase order line that is linked to the dispatchLines foreach ($objectsrc->lines as $supplierLine) { if ($dispatchLines[$indiceAsked]['fk_commandefourndet'] == $supplierLine->id) { $line = $supplierLine; @@ -1072,7 +1080,6 @@ if ($action == 'create') { print ''."\n"; print ''."\n"; - // Product label if ($line->fk_product > 0) { // If predefined product $product->fetch($line->fk_product); @@ -1081,42 +1088,45 @@ if ($action == 'create') { print ''; print ''; // ancre pour retourner sur la ligne - print ''; + if (! array_key_exists($line->id, $arrayofpurchaselinealreadyoutput)) { // Add test to avoid to show qty twice + print ''; - // Show product and description - $product_static = $product; + // Show product and description + $product_static = $product; - $text = $product_static->getNomUrl(1); - $text .= ' - '.(!empty($line->label) ? $line->label : $line->product_label); - $description = ($conf->global->PRODUIT_DESC_IN_FORM ? '' : dol_htmlentitiesbr($line->desc)); - print $form->textwithtooltip($text, $description, 3, '', '', $i); + $text = $product_static->getNomUrl(1); + $text .= ' - '.(!empty($line->label) ? $line->label : $line->product_label); + $description = ($conf->global->PRODUIT_DESC_IN_FORM ? '' : dol_htmlentitiesbr($line->desc)); + print $form->textwithtooltip($text, $description, 3, '', '', $i); - // Show range - print_date_range($db->jdate($line->date_start), $db->jdate($line->date_end)); + // Show range + print_date_range($db->jdate($line->date_start), $db->jdate($line->date_end)); - // Add description in form - if (!empty($conf->global->PRODUIT_DESC_IN_FORM)) { - print ($line->desc && $line->desc != $line->product_label) ? '
'.dol_htmlentitiesbr($line->desc) : ''; + // Add description in form + if (!empty($conf->global->PRODUIT_DESC_IN_FORM)) { + print ($line->desc && $line->desc != $line->product_label) ? '
'.dol_htmlentitiesbr($line->desc) : ''; + } } - print ''; } else { print ""; - if ($type == 1) { - $text = img_object($langs->trans('Service'), 'service'); - } else { - $text = img_object($langs->trans('Product'), 'product'); - } + if (! array_key_exists($line->id, $arrayofpurchaselinealreadyoutput)) { // Add test to avoid to show qty twice + if ($type == 1) { + $text = img_object($langs->trans('Service'), 'service'); + } else { + $text = img_object($langs->trans('Product'), 'product'); + } - if (!empty($line->label)) { - $text .= ' '.$line->label.''; - print $form->textwithtooltip($text, $line->desc, 3, '', '', $i); - } else { - print $text.' '.nl2br($line->desc); - } + if (!empty($line->label)) { + $text .= ' '.$line->label.''; + print $form->textwithtooltip($text, $line->desc, 3, '', '', $i); + } else { + print $text.' '.nl2br($line->desc); + } - // Show range - print_date_range($db->jdate($line->date_start), $db->jdate($line->date_end)); + // Show range + print_date_range($db->jdate($line->date_start), $db->jdate($line->date_end)); + } print "\n"; } @@ -1127,8 +1137,11 @@ if ($action == 'create') { print ''; print ''; - // Qty - print ''.$line->qty; + // Qty in source purchase order line + print ''; + if (! array_key_exists($line->id, $arrayofpurchaselinealreadyoutput)) { // Add test to avoid to show qty twice + print $line->qty; + } print ''; print ''; print ''; @@ -1138,7 +1151,9 @@ if ($action == 'create') { // Qty already received print ''; $quantityDelivered = $objectsrc->receptions[$line->id]; - print $quantityDelivered; + if (! array_key_exists($line->id, $arrayofpurchaselinealreadyoutput)) { // Add test to avoid to show qty twice + print $quantityDelivered; + } print ''; print ''; @@ -1214,6 +1229,9 @@ if ($action == 'create') { } } } + + $arrayofpurchaselinealreadyoutput[$line->id] = $line->id; + print "\n"; $extralabelslines = $extrafields->attributes[$line->table_element]; @@ -1775,7 +1793,9 @@ if ($action == 'create') { //var_dump($alreadysent); } - // Loop on each product to send/sent + $arrayofpurchaselinealreadyoutput = array(); + + // Loop on each product to send/sent. Warning: $lines must be sorted by ->fk_commandefourndet (it is a regroupment key on output) for ($i = 0; $i < $num_prod; $i++) { print ''; // id of order line print ''; @@ -1797,32 +1817,35 @@ if ($action == 'create') { } print ''; - - $text = $lines[$i]->product->getNomUrl(1); - $text .= ' - '.$label; - $description = (!empty($conf->global->PRODUIT_DESC_IN_FORM) ? '' : dol_htmlentitiesbr($lines[$i]->product->description)); - print $form->textwithtooltip($text, $description, 3, '', '', $i); - print_date_range(!empty($lines[$i]->date_start) ? $lines[$i]->date_start : 0, !empty($lines[$i]->date_end) ? $lines[$i]->date_end : 0); - if (!empty($conf->global->PRODUIT_DESC_IN_FORM)) { - print (!empty($lines[$i]->product->description) && $lines[$i]->description != $lines[$i]->product->description) ? '
'.dol_htmlentitiesbr($lines[$i]->description) : ''; + if (!array_key_exists($lines[$i]->fk_commandefourndet, $arrayofpurchaselinealreadyoutput)) { + $text = $lines[$i]->product->getNomUrl(1); + $text .= ' - '.$label; + $description = (!empty($conf->global->PRODUIT_DESC_IN_FORM) ? '' : dol_htmlentitiesbr($lines[$i]->product->description)); + print $form->textwithtooltip($text, $description, 3, '', '', $i); + print_date_range(!empty($lines[$i]->date_start) ? $lines[$i]->date_start : 0, !empty($lines[$i]->date_end) ? $lines[$i]->date_end : 0); + if (!empty($conf->global->PRODUIT_DESC_IN_FORM)) { + print (!empty($lines[$i]->product->description) && $lines[$i]->description != $lines[$i]->product->description) ? '
'.dol_htmlentitiesbr($lines[$i]->description) : ''; + } } print "\n"; } else { print ""; - if ($lines[$i]->product_type == Product::TYPE_SERVICE) { - $text = img_object($langs->trans('Service'), 'service'); - } else { - $text = img_object($langs->trans('Product'), 'product'); - } + if (!array_key_exists($lines[$i]->fk_commandefourndet, $arrayofpurchaselinealreadyoutput)) { + if ($lines[$i]->product_type == Product::TYPE_SERVICE) { + $text = img_object($langs->trans('Service'), 'service'); + } else { + $text = img_object($langs->trans('Product'), 'product'); + } - if (!empty($lines[$i]->label)) { - $text .= ' '.$lines[$i]->label.''; - print $form->textwithtooltip($text, $lines[$i]->description, 3, '', '', $i); - } else { - print $text.' '.nl2br($lines[$i]->description); - } + if (!empty($lines[$i]->label)) { + $text .= ' '.$lines[$i]->label.''; + print $form->textwithtooltip($text, $lines[$i]->description, 3, '', '', $i); + } else { + print $text.' '.nl2br($lines[$i]->description); + } - print_date_range($lines[$i]->date_start, $lines[$i]->date_end); + print_date_range($lines[$i]->date_start, $lines[$i]->date_end); + } print "\n"; } @@ -1834,33 +1857,39 @@ if ($action == 'create') { // Qty ordered - print ''.$lines[$i]->qty_asked.''; + print ''; + if (!array_key_exists($lines[$i]->fk_commandefourndet, $arrayofpurchaselinealreadyoutput)) { + print $lines[$i]->qty_asked; + } + print ''; // Qty in other receptions (with reception and warehouse used) if ($origin && $origin_id > 0) { print ''; - foreach ($alreadysent as $key => $val) { - if ($lines[$i]->fk_commandefourndet == $key) { - $j = 0; - foreach ($val as $receptionline_id => $receptionline_var) { - if ($receptionline_var['reception_id'] == $lines[$i]->fk_reception) { - continue; // We want to show only "other receptions" - } + if (!array_key_exists($lines[$i]->fk_commandefourndet, $arrayofpurchaselinealreadyoutput)) { + foreach ($alreadysent as $key => $val) { + if ($lines[$i]->fk_commandefourndet == $key) { + $j = 0; + foreach ($val as $receptionline_id => $receptionline_var) { + if ($receptionline_var['reception_id'] == $lines[$i]->fk_reception) { + continue; // We want to show only "other receptions" + } - $j++; - if ($j > 1) { - print '
'; - } - $reception_static->fetch($receptionline_var['reception_id']); - print $reception_static->getNomUrl(1); - print ' - '.$receptionline_var['qty']; + $j++; + if ($j > 1) { + print '
'; + } + $reception_static->fetch($receptionline_var['reception_id']); + print $reception_static->getNomUrl(1); + print ' - '.$receptionline_var['qty']; - $htmltext = $langs->trans("DateValidation").' : '.(empty($receptionline_var['date_valid']) ? $langs->trans("Draft") : dol_print_date($receptionline_var['date_valid'], 'dayhour')); - if (!empty($conf->stock->enabled) && $receptionline_var['warehouse'] > 0) { - $warehousestatic->fetch($receptionline_var['warehouse']); - $htmltext .= '
'.$langs->trans("From").' : '.$warehousestatic->getNomUrl(1, '', 0, 1); + $htmltext = $langs->trans("DateValidation").' : '.(empty($receptionline_var['date_valid']) ? $langs->trans("Draft") : dol_print_date($receptionline_var['date_valid'], 'dayhour')); + if (!empty($conf->stock->enabled) && $receptionline_var['warehouse'] > 0) { + $warehousestatic->fetch($receptionline_var['warehouse']); + $htmltext .= '
'.$langs->trans("From").' : '.$warehousestatic->getNomUrl(1, '', 0, 1); + } + print ' '.$form->textwithpicto('', $htmltext, 1); } - print ' '.$form->textwithpicto('', $htmltext, 1); } } } @@ -1990,6 +2019,8 @@ if ($action == 'create') { } print ""; + $arrayofpurchaselinealreadyoutput[$lines[$i]->fk_commandefourndet] = $lines[$i]->fk_commandefourndet; + // Display lines extrafields $extralabelslines = $extrafields->attributes[$lines[$i]->table_element]; if (!empty($extralabelslines) && is_array($extralabelslines) && count($extralabelslines) > 0) { diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 95aeb948c1d..15e4eaa8bda 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -359,7 +359,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_POST['param8b']='objnotdefined\''; @@ -501,6 +501,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase print __METHOD__." result param7 = ".$result."\n"; $this->assertEquals('"c:\this is a path~1\aaan &#x;;;;" abcdef', $result); + $result=GETPOST("param8e", 'restricthtml'); + print __METHOD__." result param8e = ".$result."\n"; + $this->assertEquals('', $result); + $result=GETPOST("param12", 'restricthtml'); print __METHOD__." result=".$result."\n"; $this->assertEquals(trim($_POST["param12"]), $result, 'Test a string with DOCTYPE and restricthtml'); @@ -519,7 +523,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $result=GETPOST("param15", 'restricthtml'); // src=>0xbeefed print __METHOD__." result=".$result."\n"; - $this->assertEquals("0xbeefed", $result, 'Test 15a'); // The GETPOST return a harmull string + $this->assertEquals("0xbeefed", $result, 'Test 15'); // The GETPOST return a harmull string // Test with restricthtml + MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES to test disabling of bad atrributes $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 1;