From f0f3deb6198130d6e8a150021db0a6422534acbe Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 14 Jan 2023 13:06:13 +0100
Subject: [PATCH] Debug v17

---
 htdocs/compta/bank/class/account.class.php  |  6 +-
 htdocs/user/bank.php                        | 89 +++++++--------------
 htdocs/user/class/userbankaccount.class.php | 61 +++++++++++++-
 htdocs/user/notify/card.php                 |  6 +-
 4 files changed, 95 insertions(+), 67 deletions(-)

diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php
index 4aea92a510e..74db4005126 100644
--- a/htdocs/compta/bank/class/account.class.php
+++ b/htdocs/compta/bank/class/account.class.php
@@ -1077,8 +1077,6 @@ class Account extends CommonObject
 	 */
 	public function delete(User $user = null)
 	{
-		global $conf;
-
 		$error = 0;
 
 		$this->db->begin();
@@ -1096,8 +1094,8 @@ class Account extends CommonObject
 		}
 
 		if (!$error) {
-			$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_account";
-			$sql .= " WHERE rowid = ".((int) $this->rowid);
+			$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element;
+			$sql .= " WHERE rowid = ".((int) $this->id);
 
 			dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 			$result = $this->db->query($sql);
diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php
index fb795ecc6e4..1552ff94d82 100644
--- a/htdocs/user/bank.php
+++ b/htdocs/user/bank.php
@@ -25,7 +25,7 @@
 /**
  *	    \file       htdocs/user/bank.php
  *      \ingroup    HRM
- *		\brief      Tab for HRM
+ *		\brief      Tab for HR and bank
  */
 
 // Load Dolibarr environment
@@ -79,7 +79,6 @@ if (empty($account->userid)) {
 	$account->userid = $object->id;
 }
 
-
 // Define value to know what current user can do on users
 $canadduser = (!empty($user->admin) || $user->rights->user->user->creer || $user->rights->hrm->write_personal_information->write);
 $canreaduser = (!empty($user->admin) || $user->rights->user->user->lire || $user->rights->hrm->read_personal_information->read);
@@ -143,49 +142,6 @@ if ($action == 'add' && !$cancel && $permissiontoaddbankaccount) {
 if ($action == 'update' && !$cancel && $permissiontoaddbankaccount) {
 	$account->userid = $object->id;
 
-	/*
-	if ($action == 'update' && !$cancel)
-	{
-		require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
-
-		if ($canedituser)    // Case we can edit all field
-		{
-			$error = 0;
-
-			if (!$error)
-			{
-				$objectuser->fetch($id);
-
-				$objectuser->oldcopy = dol_clone($objectuser);
-
-				$db->begin();
-
-				$objectuser->default_range = GETPOST('default_range');
-				$objectuser->default_c_exp_tax_cat = GETPOST('default_c_exp_tax_cat');
-
-				if (!$error) {
-					$ret = $objectuser->update($user);
-					if ($ret < 0) {
-						$error++;
-						if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') {
-							$langs->load("errors");
-							setEventMessages($langs->trans("ErrorLoginAlreadyExists", $objectuser->login), null, 'errors');
-						} else {
-							setEventMessages($objectuser->error, $objectuser->errors, 'errors');
-						}
-					}
-				}
-
-				if (!$error && !count($objectuser->errors)) {
-					setEventMessages($langs->trans("UserModified"), null, 'mesgs');
-					$db->commit();
-				} else {
-					$db->rollback();
-				}
-			}
-		}
-	}*/
-
 	$account->bank            = GETPOST('bank', 'alpha');
 	$account->label           = GETPOST('label', 'alpha');
 	$account->courant         = GETPOST('courant', 'alpha');
@@ -214,6 +170,18 @@ if ($action == 'update' && !$cancel && $permissiontoaddbankaccount) {
 	}
 }
 
+if ($action == 'delete_confirmed' && !$cancel && $permissiontoaddbankaccount) {
+	$result = $account->delete($user);
+	if ($result < 0) {
+		setEventMessages($account->error, $account->errors, 'errors');
+	} else {
+		setEventMessages($langs->trans("RecordDeleted"), null, 'mesgs');
+		header("Location: ".DOL_URL_ROOT.'/user/bank.php?id='.$object->id);
+		exit;
+	}
+	$action = '';
+}
+
 // update birth
 if ($action == 'setbirth' && $canadduser && !$cancel) {
 	$object->birth = dol_mktime(0, 0, 0, GETPOST('birthmonth', 'int'), GETPOST('birthday', 'int'), GETPOST('birthyear', 'int'));
@@ -819,32 +787,32 @@ if ($action != 'edit' && $action != 'create') {		// If not bank account yet, $ac
 	if ($account->id > 0) {
 		print '<tr class="oddeven">';
 		// Label
-		print '<td>'.$account->label.'</td>';
+		print '<td>'.dol_escape_htmltag($account->label).'</td>';
 		// Bank name
-		print '<td>'.$account->bank.'</td>';
+		print '<td>'.dol_escape_htmltag($account->bank).'</td>';
 		// Account number
 		print '<td>';
-		$string = '';
+		$stringescaped = '';
 		foreach ($account->getFieldsToShow() as $val) {
 			if ($val == 'BankCode') {
-				$string .= $account->code_banque.' ';
+				$stringescaped .= dol_escape_htmltag($account->code_banque).' ';
 			} elseif ($val == 'BankAccountNumber') {
-				$string .= $account->number.' ';
+				$stringescaped .= dol_escape_htmltag($account->number).' ';
 			} elseif ($val == 'DeskCode') {
-				$string .= $account->code_guichet.' ';
+				$stringescaped .= dol_escape_htmltag($account->code_guichet).' ';
 			} elseif ($val == 'BankAccountNumberKey') {
-				$string .= $account->cle_rib.' ';
+				$stringescaped .= dol_escape_htmltag($account->cle_rib).' ';
 			}
 		}
 		if (!empty($account->label) && $account->number) {
 			if (!checkBanForAccount($account)) {
-				$string .= ' '.img_picto($langs->trans("ValueIsNotValid"), 'warning');
+				$stringescaped .= ' '.img_picto($langs->trans("ValueIsNotValid"), 'warning');
 			} else {
-				$string .= ' '.img_picto($langs->trans("ValueIsValid"), 'info');
+				$stringescaped .= ' '.img_picto($langs->trans("ValueIsValid"), 'info');
 			}
 		}
 
-		print $string;
+		print $stringescaped;
 		print '</td>';
 		// IBAN
 		print '<td>'.getIbanHumanReadable($account);
@@ -855,7 +823,8 @@ if ($action != 'edit' && $action != 'create') {		// If not bank account yet, $ac
 		}
 		print '</td>';
 		// BIC
-		print '<td>'.$account->bic;
+		print '<td>';
+		print dol_escape_htmltag($account->bic);
 		if (!empty($account->bic)) {
 			if (!checkSwiftForAccount($account)) {
 				print ' '.img_picto($langs->trans("SwiftNotValid"), 'warning');
@@ -869,9 +838,13 @@ if ($action != 'edit' && $action != 'create') {		// If not bank account yet, $ac
 		// Edit/Delete
 		print '<td class="right nowraponall">';
 		if ($permissiontoaddbankaccount) {
-			print '<a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&bankid='.$account->id.'&action=edit&token='.newToken().'">';
+			print '<a class="editfielda marginleftonly marginrightonly" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&bankid='.$account->id.'&action=edit&token='.newToken().'">';
 			print img_picto($langs->trans("Modify"), 'edit');
 			print '</a>';
+
+			print '<a class="editfielda marginleftonly marginrightonly reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&bankid='.$account->id.'&action=delete_confirmed&token='.newToken().'">';
+			print img_picto($langs->trans("Delete"), 'delete');
+			print '</a>';
 		}
 		print '</td>';
 
@@ -880,7 +853,7 @@ if ($action != 'edit' && $action != 'create') {		// If not bank account yet, $ac
 
 
 	if ($account->id == 0) {
-		$colspan = 6;
+		$colspan = 7;
 		print '<tr><td colspan="'.$colspan.'"><span class="opacitymedium">'.$langs->trans("NoBANRecord").'</span></td></tr>';
 	}
 
diff --git a/htdocs/user/class/userbankaccount.class.php b/htdocs/user/class/userbankaccount.class.php
index 6e9cc8e52af..857f60d55e5 100644
--- a/htdocs/user/class/userbankaccount.class.php
+++ b/htdocs/user/class/userbankaccount.class.php
@@ -117,8 +117,6 @@ class UserBankAccount extends Account
 	 */
 	public function update(User $user = null, $notrigger = 0)
 	{
-		global $conf;
-
 		if (!$this->id) {
 			$this->create();
 		}
@@ -193,7 +191,7 @@ class UserBankAccount extends Account
 				$obj = $this->db->fetch_object($resql);
 
 				$this->id = $obj->rowid;
-				$this->userid = $obj->fk_soc;
+				$this->userid = $obj->fk_user;
 				$this->bank = $obj->bank;
 				$this->code_banque = $obj->code_banque;
 				$this->code_guichet = $obj->code_guichet;
@@ -226,6 +224,63 @@ class UserBankAccount extends Account
 		}
 	}
 
+	/**
+	 *  Delete user bank account from database
+	 *
+	 *	@param	User	$user	User deleting
+	 *  @return int             <0 if KO, >0 if OK
+	 */
+	public function delete(User $user = null)
+	{
+		$error = 0;
+
+		$this->db->begin();
+
+		// Delete link between tag and bank account
+		/*
+		if (!$error) {
+			$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_account";
+			$sql .= " WHERE fk_account = ".((int) $this->id);
+
+			$resql = $this->db->query($sql);
+			if (!$resql) {
+				$error++;
+				$this->error = "Error ".$this->db->lasterror();
+			}
+		}
+		*/
+
+		if (!$error) {
+			$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element;
+			$sql .= " WHERE rowid = ".((int) $this->id);
+
+			dol_syslog(get_class($this)."::delete", LOG_DEBUG);
+			$result = $this->db->query($sql);
+			if ($result) {
+				// Remove extrafields
+				/*
+				if (!$error) {
+					$result = $this->deleteExtraFields();
+					if ($result < 0) {
+						$error++;
+						dol_syslog(get_class($this)."::delete error -4 ".$this->error, LOG_ERR);
+					}
+				}*/
+			} else {
+				$error++;
+				$this->error = "Error ".$this->db->lasterror();
+			}
+		}
+
+		if (!$error) {
+			$this->db->commit();
+			return 1;
+		} else {
+			$this->db->rollback();
+			return -1;
+		}
+	}
+
 	/**
 	 * Return RIB
 	 *
diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php
index e20d7be3d9a..f55a42ca159 100644
--- a/htdocs/user/notify/card.php
+++ b/htdocs/user/notify/card.php
@@ -332,7 +332,8 @@ if ($result > 0) {
 				$userstatic->email = $obj->email;
 				$userstatic->statut = $obj->status;
 
-				print '<tr class="oddeven"><td>'.$userstatic->getNomUrl(1);
+				print '<tr class="oddeven">';
+				print '<td>'.$userstatic->getNomUrl(1);
 				if ($obj->type == 'email') {
 					if (isValidEmail($obj->email)) {
 						print ' &lt;'.$obj->email.'&gt;';
@@ -359,8 +360,9 @@ if ($result > 0) {
 				$i++;
 			}
 			$db->free($resql);
+		} else {
+			print '<tr><td colspan="4"><span class="opacitymedium">'.$langs->trans("None").'</span></td></tr>';
 		}
-
 		// List of notifications enabled for fixed email
 		/*
 		foreach($conf->global as $key => $val) {