From a5814ce77907f7a2c7b874b493324596a64796b0 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 9 Feb 2018 11:00:43 +0100 Subject: [PATCH 01/18] Fix: nocheck for "fournisseur", already check with "societe" --- htdocs/core/lib/security.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index e84eef83924..f8753193888 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -382,7 +382,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh $checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet','project'); // Test for project object $checktask = array('projet_task'); - $nocheck = array('barcode','stock'); // No test + $nocheck = array('barcode','stock','fournisseur'); // No test $checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...). // If dbtablename not defined, we use same name for table than module name From 448fcae02fc36f196883460814f0df8416d2b0c8 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 12 Feb 2018 09:03:53 +0100 Subject: [PATCH 02/18] Fix: move "fournisseur" in $checksoc --- htdocs/core/lib/security.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 50ce574e271..14ff7bfdf53 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -378,11 +378,11 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh if ($feature == 'task') $feature='projet_task'; $check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company) - $checksoc = array('societe'); // Test for societe object + $checksoc = array('societe','fournisseur'); // Test for societe object $checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet','project'); // Test for project object $checktask = array('projet_task'); - $nocheck = array('barcode','stock','fournisseur'); // No test + $nocheck = array('barcode','stock'); // No test $checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...). // If dbtablename not defined, we use same name for table than module name From 24cc687724758e474d2e772a41532e252ec884e3 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 12 Feb 2018 09:28:41 +0100 Subject: [PATCH 03/18] Fix: you can't check "fournisseur" with checkUserAccessToObject without object ID --- htdocs/core/lib/security.lib.php | 2 +- htdocs/product/fournisseurs.php | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 14ff7bfdf53..c204809e9a1 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -378,7 +378,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh if ($feature == 'task') $feature='projet_task'; $check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company) - $checksoc = array('societe','fournisseur'); // Test for societe object + $checksoc = array('societe'); // Test for societe object $checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet','project'); // Test for project object $checktask = array('projet_task'); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 2c49319fc19..9c91b5e11d7 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -51,6 +51,8 @@ $cost_price=GETPOST('cost_price', 'alpha'); $backtopage=GETPOST('backtopage','alpha'); $error=0; +if (!$user->rights->fournisseur->lire) accessforbidden(); + // If socid provided by ajax company selector if (! empty($_REQUEST['search_fourn_id'])) { @@ -63,7 +65,7 @@ if (! empty($_REQUEST['search_fourn_id'])) $fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : '')); $fieldtype = (! empty($ref) ? 'ref' : 'rowid'); if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit|service&fournisseur',$fieldvalue,'product&product','','',$fieldtype); +$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype); $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit; $sortfield = GETPOST("sortfield",'alpha'); From ef051716410fcb7eef18447f6facc1086924beec Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Mon, 12 Feb 2018 13:48:43 +0100 Subject: [PATCH 04/18] Fix : contract service list context was mixing up with service list from product/service module --- htdocs/contrat/services.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contrat/services.php b/htdocs/contrat/services.php index f21c476fe35..09df597d017 100644 --- a/htdocs/contrat/services.php +++ b/htdocs/contrat/services.php @@ -75,7 +75,7 @@ $opclotureyear=GETPOST('opclotureyear'); $filter_opcloture=GETPOST('filter_opcloture'); // Initialize context for list -$contextpage=GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'servicelist'.$mode; +$contextpage=GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'contractservicelist'.$mode; // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array $hookmanager->initHooks(array($contextpage)); From 6f7d6f977bd49a122095e6e4da7af556392457b0 Mon Sep 17 00:00:00 2001 From: De Coninck Laurent Date: Mon, 12 Feb 2018 15:47:04 +0100 Subject: [PATCH 05/18] fix error in latest release --- htdocs/compta/tva/class/tva.class.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index 187d21cb0a6..dbc18a83605 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -655,7 +655,7 @@ class Tva extends CommonObject * @param string $morecss More CSS * @return string Chaine with URL */ - function getNomUrl($withpicto=0, $option='', $notooltip=0, morecss='') + function getNomUrl($withpicto=0, $option='', $notooltip=0, $morecss='') { global $langs, $conf; @@ -669,6 +669,9 @@ class Tva extends CommonObject $linkclose=''; if (empty($notooltip)) { + + + if (! empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { $label=$langs->trans("ShowMyObject"); From 1052213c978274c3bacb2188aba0c6b4b91f96c3 Mon Sep 17 00:00:00 2001 From: De Coninck Laurent Date: Mon, 12 Feb 2018 18:12:43 +0100 Subject: [PATCH 06/18] Fix 8183 - adherent welcome e-mail Fix the adherent welcome e-mail. [see: #8183] --- htdocs/adherents/type.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index a0f36c409de..01c8841708f 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -96,7 +96,7 @@ if ($action == 'add' && $user->rights->adherent->configurer) $object->label = trim($label); $object->subscription = (int) trim($subscription); $object->note = trim($comment); - $object->mail_valid = (boolean) trim($mail_valid); + $object->mail_valid = $db->escape(trim($mail_valid)); $object->vote = (boolean) trim($vote); // Fill array 'array_options' with data from add form @@ -134,7 +134,7 @@ if ($action == 'update' && $user->rights->adherent->configurer) $object->label = trim($label); $object->subscription = (int) trim($subscription); $object->note = trim($comment); - $object->mail_valid = (boolean) trim($mail_valid); + $object->mail_valid = $db->escape(trim($mail_valid)); $object->vote = (boolean) trim($vote); // Fill array 'array_options' with data from add form From 144c13998a87fba22acf7bbf20f8b89adc2ad2e0 Mon Sep 17 00:00:00 2001 From: atm-quentin Date: Tue, 13 Feb 2018 09:51:33 +0100 Subject: [PATCH 07/18] NEW_einstein_pdf_modules --- .../modules/commande/doc/pdf_einstein.modules.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index d8bfff2e528..9fecdc277b5 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -1311,7 +1311,17 @@ class pdf_einstein extends ModelePDFCommandes if ($showaddress) { // Sender properties - $carac_emetteur = pdf_build_address($outputlangs, $this->emetteur, $object->thirdparty); + $carac_emetteur=''; + // Add internal contact of proposal if defined + $arrayidcontact=$object->getIdContact('internal','SALESREPFOLL'); + if (count($arrayidcontact) > 0) + { + $object->fetch_user($arrayidcontact[0]); + $labelbeforecontactname=($outputlangs->transnoentities("FromContactName")!='FromContactName'?$outputlangs->transnoentities("FromContactName"):$outputlangs->transnoentities("Name")); + $carac_emetteur .= ($carac_emetteur ? "\n" : '' ).$labelbeforecontactname." ".$outputlangs->convToOutputCharset($object->user->getFullName($outputlangs))."\n"; + } + + $carac_emetteur .= pdf_build_address($outputlangs, $this->emetteur, $object->thirdparty); // Show sender $posy=42+$top_shift; From c690dfb25803a2a37b80cecab0b8dbcf19f9eddd Mon Sep 17 00:00:00 2001 From: atm-ph Date: Wed, 14 Feb 2018 10:15:38 +0100 Subject: [PATCH 08/18] Fix apply global progress don't update multicurrency values --- htdocs/compta/facture/class/facture.class.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 3c35a03f218..f7901a364c8 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -2919,6 +2919,9 @@ class Facture extends CommonInvoice $line->total_ttc = $tabprice[2]; $line->total_localtax1 = $tabprice[9]; $line->total_localtax2 = $tabprice[10]; + $line->multicurrency_total_ht = $tabprice[16]; + $line->multicurrency_total_tva = $tabprice[17]; + $line->multicurrency_total_ttc = $tabprice[18]; $line->update($user); $this->update_price(1); $this->db->commit(); From 7bdf335a8e6216b77c37441ad4db22d79dec961f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Feb 2018 14:26:33 +0100 Subject: [PATCH 09/18] Add a fix to clean data --- htdocs/install/repair.php | 53 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 5db07cd1412..4f2e5f53201 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -78,6 +78,7 @@ print 'Option clean_product_stock_batch (0 or \'test\' or \'confirmed\') is '.(G print 'Option set_empty_time_spent_amount (0 or \'test\' or \'confirmed\') is '.(GETPOST('set_empty_time_spent_amount','alpha')?GETPOST('set_empty_time_spent_amount','alpha'):'0').'
'."\n"; print 'Option rebuild_product_thumbs (0 or \'test\' or \'confirmed\') is '.(GETPOST('rebuild_product_thumbs','alpha')?GETPOST('rebuild_product_thumbs','alpha'):'0').'
'."\n"; print 'Option force_disable_of_modules_not_found (0 or \'test\' or \'confirmed\') is '.(GETPOST('force_disable_of_modules_not_found','alpha')?GETPOST('force_disable_of_modules_not_found','alpha'):'0').'
'."\n"; +print 'Option clean_perm_table (0 or \'test\' or \'confirmed\') is '.(GETPOST('clean_perm_table','alpha')?GETPOST('clean_perm_table','alpha'):'0').'
'."\n"; print 'Option force_utf8_on_tables, for mysql/mariadb only (0 or \'test\' or \'confirmed\') is '.(GETPOST('force_utf8_on_tables','alpha')?GETPOST('force_utf8_on_tables','alpha'):'0').'
'."\n"; print '
'; @@ -161,6 +162,7 @@ $conf->setValues($db); $oneoptionset=0; $oneoptionset=(GETPOST('standard', 'alpha') || GETPOST('restore_thirdparties_logos','alpha') || GETPOST('clean_linked_elements','alpha') || GETPOST('clean_menus','alpha') || GETPOST('clean_orphelin_dir','alpha') || GETPOST('clean_product_stock_batch','alpha') || GETPOST('set_empty_time_spent_amount','alpha') || GETPOST('rebuild_product_thumbs','alpha') + || GETPOST('clean_perm_table','alpha') || GETPOST('force_disable_of_modules_not_found','alpha') || GETPOST('force_utf8_on_tables','alpha')); if ($ok && $oneoptionset) @@ -901,6 +903,57 @@ if ($ok && GETPOST('set_empty_time_spent_amount','alpha')) } +// clean_old_module_entries: Clean data into const when files of module were removed without being +if ($ok && GETPOST('clean_perm_table','alpha')) +{ + print '
*** Clean table user_rights from lines of external modules no more enabled'; + + $listofmods=''; + foreach($conf->modules as $key => $val) + { + $listofmods.=($listofmods?',':'')."'".$val."'"; + } + $sql = 'SELECT id, libelle, module from '.MAIN_DB_PREFIX.'rights_def WHERE module not in ('.$listofmods.') AND id > 100000'; + $resql = $db->query($sql); + if ($resql) + { + $num = $db->num_rows($resql); + if ($num) + { + $i = 0; + while ($i < $num) + { + $obj=$db->fetch_object($resql); + if ($obj->id > 0) + { + print 'Found line with id '.$obj->id.', label "'.$obj->libelle.'" of module "'.$obj->module.'" to delete'; + if (GETPOST('clean_perm_table','alpha') == 'confirmed') + { + $sqldelete = 'DELETE FROM '.MAIN_DB_PREFIX.'rights_def WHERE id = '.$obj->id; + $resqldelete = $db->query($sqldelete); + if (! $resqldelete) + { + dol_print_error($db); + } + print ' - deleted'; + } + print ''; + } + $i++; + } + } + else + { + print 'No lines of a disabled external module (with id > 100000) found into table rights_def'; + } + } + else + { + dol_print_error($db); + } +} + + // clean_old_module_entries: Clean data into const when files of module were removed without being if ($ok && GETPOST('force_disable_of_modules_not_found','alpha')) { From fa2fddcdc13e77e7f098db4e79cd5574d6e06c74 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 14 Feb 2018 14:30:39 +0100 Subject: [PATCH 10/18] Fix: Update entity field in llx_user_rights and llx_usergroup_rights --- ChangeLog | 4 +- htdocs/install/upgrade2.php | 181 ++++++++++++++++++++++++++++++-- htdocs/langs/en_US/install.lang | 2 + 3 files changed, 178 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index e6d061a58ac..849d8b38855 100644 --- a/ChangeLog +++ b/ChangeLog @@ -287,7 +287,9 @@ Following changes may create regression for some external modules, but were nece exists, but if an external module need action on it, it must provides itself its trigger file. * Use $conf->global->MULTICOMPANY_TRANSVERSE_MODE instead $conf->multicompany->transverse_mode. So, if you set var $multicompany_transverse_mode to 1 into your conf file, you must remove this line and a new key into - the Home - setup - other admin page. + the Home - setup - other admin page. +* If you use Multicompany transverse mode, it will be necessary to check the activation of the modules in the children + entities and to review completely the rights of the groups and the users. * Use getEntity('xxx') instead getEntity('xxx', 1) and use getEntity('xxx', 0) instead getEntity('xxx') * Some other change were done in the way we read permission of a user when module multicompany is enabled. You can retreive the old behavior by adding constant MULTICOMPANY_BACKWARD_COMPATIBILITY to 1. diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index 7bf283f828d..8a8547a926a 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -366,14 +366,27 @@ if (! GETPOST('action','aZ09') || preg_match('/upgrade/i',GETPOST('action','aZ09 migrate_remise_except_entity($db,$langs,$conf); } - // Scripts for last version - $afterversionarray=explode('.','5.0.9'); - $beforeversionarray=explode('.','6.0.9'); - if (versioncompare($versiontoarray,$afterversionarray) >= 0 && versioncompare($versiontoarray,$beforeversionarray) <= 0) - { - // No particular code - } - } + // Scripts for last version + $afterversionarray=explode('.','5.0.9'); + $beforeversionarray=explode('.','6.0.9'); + if (versioncompare($versiontoarray,$afterversionarray) >= 0 && versioncompare($versiontoarray,$beforeversionarray) <= 0) + { + if (! empty($conf->multicompany->enabled)) + { + global $multicompany_transverse_mode; + + // Only if the transverse mode is not used + if (empty($multicompany_transverse_mode)) + { + // Migrate to add entity value into llx_user_rights + migrate_user_rights_entity($db, $langs, $conf); + + // Migrate to add entity value into llx_usergroup_rights + migrate_usergroup_rights_entity($db, $langs, $conf); + } + } + } + } // Code executed only if migrate is LAST ONE. Must always be done. if (versioncompare($versiontoarray,$versionranarray) >= 0 || versioncompare($versiontoarray,$versionranarray) <= -3) @@ -3967,6 +3980,158 @@ function migrate_remise_except_entity($db,$langs,$conf) print ''; } +/** + * Migrate to add entity value into llx_user_rights + * + * @param DoliDB $db Database handler + * @param Translate $langs Object langs + * @param Conf $conf Object conf + * @return void + */ +function migrate_user_rights_entity($db,$langs,$conf) +{ + print ''; + + print ''.$langs->trans('MigrationUserRightsEntity')."
\n"; + + $error = 0; + + dolibarr_install_syslog("upgrade2::migrate_user_rights_entity"); + + $db->begin(); + + $sqlSelect = "SELECT u.rowid, u.entity"; + $sqlSelect.= " FROM ".MAIN_DB_PREFIX."user as u"; + $sqlSelect.= " WHERE u.entity > 1"; + //print $sqlSelect; + + $resql = $db->query($sqlSelect); + if ($resql) + { + $i = 0; + $num = $db->num_rows($resql); + + if ($num) + { + while ($i < $num) + { + $obj = $db->fetch_object($resql); + + $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."user_rights SET"; + $sqlUpdate.= " entity = " . $obj->entity; + $sqlUpdate.= " WHERE fk_user = " . $obj->rowid; + + $result=$db->query($sqlUpdate); + if (! $result) + { + $error++; + dol_print_error($db); + } + + print ". "; + $i++; + } + } + else + { + print $langs->trans('AlreadyDone')."
\n"; + } + + if (! $error) + { + $db->commit(); + } + else + { + $db->rollback(); + } + } + else + { + dol_print_error($db); + $db->rollback(); + } + + + print ''; +} + +/** + * Migrate to add entity value into llx_usergroup_rights + * + * @param DoliDB $db Database handler + * @param Translate $langs Object langs + * @param Conf $conf Object conf + * @return void + */ +function migrate_usergroup_rights_entity($db,$langs,$conf) +{ + print ''; + + print ''.$langs->trans('MigrationUserGroupRightsEntity')."
\n"; + + $error = 0; + + dolibarr_install_syslog("upgrade2::migrate_usergroup_rights_entity"); + + $db->begin(); + + $sqlSelect = "SELECT u.rowid, u.entity"; + $sqlSelect.= " FROM ".MAIN_DB_PREFIX."usergroup as u"; + $sqlSelect.= " WHERE u.entity > 1"; + //print $sqlSelect; + + $resql = $db->query($sqlSelect); + if ($resql) + { + $i = 0; + $num = $db->num_rows($resql); + + if ($num) + { + while ($i < $num) + { + $obj = $db->fetch_object($resql); + + $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."usergroup_rights SET"; + $sqlUpdate.= " entity = " . $obj->entity; + $sqlUpdate.= " WHERE fk_usergroup = " . $obj->rowid; + + $result=$db->query($sqlUpdate); + if (! $result) + { + $error++; + dol_print_error($db); + } + + print ". "; + $i++; + } + } + else + { + print $langs->trans('AlreadyDone')."
\n"; + } + + if (! $error) + { + $db->commit(); + } + else + { + $db->rollback(); + } + } + else + { + dol_print_error($db); + $db->rollback(); + } + + + print ''; +} + /** * Migration directory * diff --git a/htdocs/langs/en_US/install.lang b/htdocs/langs/en_US/install.lang index 4bd1bba3e9a..ed5cdab1b99 100644 --- a/htdocs/langs/en_US/install.lang +++ b/htdocs/langs/en_US/install.lang @@ -193,6 +193,8 @@ MigrationCategorieAssociation=Migration of categories MigrationEvents=Migration of events to add event owner into assignement table MigrationRemiseEntity=Update entity field value of llx_societe_remise MigrationRemiseExceptEntity=Update entity field value of llx_societe_remise_except +MigrationUserRightsEntity=Update entity field value of llx_user_rights +MigrationUserGroupRightsEntity=Update entity field value of llx_usergroup_rights MigrationReloadModule=Reload module %s ShowNotAvailableOptions=Show not available options HideNotAvailableOptions=Hide not available options From 9f883f3401a74db987b90c0008e7fad826c0877f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Feb 2018 14:50:22 +0100 Subject: [PATCH 11/18] Fix install log disappeared --- htdocs/install/check.php | 6 +++++- htdocs/install/repair.php | 10 ++++------ htdocs/install/step5.php | 6 ++++++ htdocs/install/upgrade2.php | 8 +++++++- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/htdocs/install/check.php b/htdocs/install/check.php index 50409fb55e5..7e6d15115d5 100644 --- a/htdocs/install/check.php +++ b/htdocs/install/check.php @@ -35,7 +35,7 @@ $allowinstall = 0; $allowupgrade = false; $checksok = 1; -$setuplang=GETPOST("selectlang",'',3)?GETPOST("selectlang",'',3):$langs->getDefaultLang(); +$setuplang=GETPOST("selectlang",'az09',3)?GETPOST("selectlang",'az09',3):$langs->getDefaultLang(); $langs->setDefaultLang($setuplang); $langs->load("install"); @@ -345,6 +345,10 @@ else $conf->db->dolibarr_main_db_cryptkey = $dolibarr_main_db_cryptkey; $conf->setValues($db); + // Reset forced setup after the setValues + if (defined('SYSLOG_FILE')) $conf->global->SYSLOG_FILE=constant('SYSLOG_FILE'); + $conf->global->MAIN_ENABLE_LOG_TO_HTML = 1; + // Current version is $conf->global->MAIN_VERSION_LAST_UPGRADE // Version to install is DOL_VERSION $dolibarrlastupgradeversionarray=preg_split('/[\.-]/',isset($conf->global->MAIN_VERSION_LAST_UPGRADE) ? $conf->global->MAIN_VERSION_LAST_UPGRADE : (isset($conf->global->MAIN_VERSION_LAST_INSTALL)?$conf->global->MAIN_VERSION_LAST_INSTALL:'')); diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 4f2e5f53201..bc2f165a30c 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -42,10 +42,8 @@ error_reporting(0); @set_time_limit(120); error_reporting($err); -$setuplang=GETPOST("selectlang",'',3)?GETPOST("selectlang",'',3):'auto'; +$setuplang=GETPOST("selectlang",'az09',3)?GETPOST("selectlang",'az09',3):'auto'; $langs->setDefaultLang($setuplang); -$versionfrom=GETPOST("versionfrom",'',3)?GETPOST("versionfrom",'',3):(empty($argv[1])?'':$argv[1]); -$versionto=GETPOST("versionto",'',3)?GETPOST("versionto",'',3):(empty($argv[2])?'':$argv[2]); $langs->loadLangs(array("admin","install","other")); @@ -155,7 +153,9 @@ if ($ok) } $conf->setValues($db); - +// Reset forced setup after the setValues +if (defined('SYSLOG_FILE')) $conf->global->SYSLOG_FILE=constant('SYSLOG_FILE'); +$conf->global->MAIN_ENABLE_LOG_TO_HTML = 1; /* Start action here */ @@ -588,8 +588,6 @@ if ($ok && GETPOST('clean_menus','alpha')) // clean_orphelin_dir: Run purge of directory if ($ok && GETPOST('clean_orphelin_dir','alpha')) { - $conf->setValues($db); - $listmodulepart=array('company','invoice','invoice_supplier','propal','order','order_supplier','contract','tax'); foreach ($listmodulepart as $modulepart) { diff --git a/htdocs/install/step5.php b/htdocs/install/step5.php index b7d320aab59..df8ec9812c1 100644 --- a/htdocs/install/step5.php +++ b/htdocs/install/step5.php @@ -165,6 +165,9 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i',$action)) if ($db->connected) { $conf->setValues($db); + // Reset forced setup after the setValues + if (defined('SYSLOG_FILE')) $conf->global->SYSLOG_FILE=constant('SYSLOG_FILE'); + $conf->global->MAIN_ENABLE_LOG_TO_HTML = 1; // Create admin user include_once DOL_DOCUMENT_ROOT .'/user/class/user.class.php'; @@ -295,6 +298,9 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i',$action)) if ($db->connected) { $conf->setValues($db); + // Reset forced setup after the setValues + if (defined('SYSLOG_FILE')) $conf->global->SYSLOG_FILE=constant('SYSLOG_FILE'); + $conf->global->MAIN_ENABLE_LOG_TO_HTML = 1; // Define if we need to update the MAIN_VERSION_LAST_UPGRADE value in database $tagdatabase=false; diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index 430c6f46c94..6dbcae4cd24 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -163,7 +163,13 @@ if (! GETPOST('action','aZ09') || preg_match('/upgrade/i',GETPOST('action','aZ09 $conf->db->dolibarr_main_db_cryptkey = $dolibarr_main_db_cryptkey; // Chargement config - if (! $error) $conf->setValues($db); + if (! $error) + { + $conf->setValues($db); + // Reset forced setup after the setValues + if (defined('SYSLOG_FILE')) $conf->global->SYSLOG_FILE=constant('SYSLOG_FILE'); + $conf->global->MAIN_ENABLE_LOG_TO_HTML = 1; + } /*************************************************************************************** From ca71d90d96231c3037a927291e364c5a4d8b37e1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Feb 2018 14:57:53 +0100 Subject: [PATCH 12/18] Fix help --- htdocs/install/repair.php | 103 +++++++++++++++++++------------------- 1 file changed, 51 insertions(+), 52 deletions(-) diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index bc2f165a30c..229ae0a3c3e 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -901,61 +901,10 @@ if ($ok && GETPOST('set_empty_time_spent_amount','alpha')) } -// clean_old_module_entries: Clean data into const when files of module were removed without being -if ($ok && GETPOST('clean_perm_table','alpha')) -{ - print '
*** Clean table user_rights from lines of external modules no more enabled'; - - $listofmods=''; - foreach($conf->modules as $key => $val) - { - $listofmods.=($listofmods?',':'')."'".$val."'"; - } - $sql = 'SELECT id, libelle, module from '.MAIN_DB_PREFIX.'rights_def WHERE module not in ('.$listofmods.') AND id > 100000'; - $resql = $db->query($sql); - if ($resql) - { - $num = $db->num_rows($resql); - if ($num) - { - $i = 0; - while ($i < $num) - { - $obj=$db->fetch_object($resql); - if ($obj->id > 0) - { - print 'Found line with id '.$obj->id.', label "'.$obj->libelle.'" of module "'.$obj->module.'" to delete'; - if (GETPOST('clean_perm_table','alpha') == 'confirmed') - { - $sqldelete = 'DELETE FROM '.MAIN_DB_PREFIX.'rights_def WHERE id = '.$obj->id; - $resqldelete = $db->query($sqldelete); - if (! $resqldelete) - { - dol_print_error($db); - } - print ' - deleted'; - } - print ''; - } - $i++; - } - } - else - { - print 'No lines of a disabled external module (with id > 100000) found into table rights_def'; - } - } - else - { - dol_print_error($db); - } -} - - // clean_old_module_entries: Clean data into const when files of module were removed without being if ($ok && GETPOST('force_disable_of_modules_not_found','alpha')) { - print '
*** Force modules not found to be disabled'; + print '
*** Force modules not found to be disabled (only modules adding js, css or hooks can be detected as removed)'; $arraylistofkey=array('hooks','js','css'); @@ -1071,6 +1020,56 @@ if ($ok && GETPOST('force_disable_of_modules_not_found','alpha')) } +// clean_old_module_entries: Clean data into const when files of module were removed without being +if ($ok && GETPOST('clean_perm_table','alpha')) +{ + print '
*** Clean table user_rights from lines of external modules no more enabled'; + + $listofmods=''; + foreach($conf->modules as $key => $val) + { + $listofmods.=($listofmods?',':'')."'".$val."'"; + } + $sql = 'SELECT id, libelle, module from '.MAIN_DB_PREFIX.'rights_def WHERE module not in ('.$listofmods.') AND id > 100000'; + $resql = $db->query($sql); + if ($resql) + { + $num = $db->num_rows($resql); + if ($num) + { + $i = 0; + while ($i < $num) + { + $obj=$db->fetch_object($resql); + if ($obj->id > 0) + { + print 'Found line with id '.$obj->id.', label "'.$obj->libelle.'" of module "'.$obj->module.'" to delete'; + if (GETPOST('clean_perm_table','alpha') == 'confirmed') + { + $sqldelete = 'DELETE FROM '.MAIN_DB_PREFIX.'rights_def WHERE id = '.$obj->id; + $resqldelete = $db->query($sqldelete); + if (! $resqldelete) + { + dol_print_error($db); + } + print ' - deleted'; + } + print ''; + } + $i++; + } + } + else + { + print 'No lines of a disabled external module (with id > 100000) found into table rights_def'; + } + } + else + { + dol_print_error($db); + } +} + // clean_linked_elements: Check and clean linked elements From 536eb7e008b8ce0d1e8229feb7e1492b0f4aa4c3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Feb 2018 17:25:13 +0100 Subject: [PATCH 13/18] Fix label of invoice --- htdocs/fourn/card.php | 33 ++++++++++--------- .../fourn/class/fournisseur.facture.class.php | 2 ++ 2 files changed, 19 insertions(+), 16 deletions(-) diff --git a/htdocs/fourn/card.php b/htdocs/fourn/card.php index 5a47ce17089..8d10d55b3bd 100644 --- a/htdocs/fourn/card.php +++ b/htdocs/fourn/card.php @@ -107,7 +107,7 @@ if (empty($reshook)) // Fill array 'array_options' with data from update form $extralabels = $extrafields->fetch_name_optionals_label($object->table_element); $ret = $extrafields->setOptionalsFromPost($extralabels, $object, GETPOST('attribute')); - + if ($ret < 0) $error++; if (! $error) { @@ -456,7 +456,7 @@ if ($object->id > 0) /* - * Last supplier proposal + * Latest supplier proposal */ $proposalstatic = new SupplierProposal($db); @@ -465,7 +465,7 @@ if ($object->id > 0) $sql = "SELECT p.rowid, p.ref, p.date_valid as dc, p.fk_statut, p.total_ht, p.tva as total_tva, p.total as total_ttc"; $sql.= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p "; $sql.= " WHERE p.fk_soc =".$object->id; - $sql.= " AND p.entity =".$conf->entity; + $sql.= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql.= " ORDER BY p.date_valid DESC"; $sql.= " ".$db->plimit($MAXLIST); @@ -528,7 +528,7 @@ if ($object->id > 0) } /* - * Last supplier orders + * Latest supplier orders */ $orderstatic = new CommandeFournisseur($db); @@ -541,6 +541,7 @@ if ($object->id > 0) $sql2.= ' FROM '.MAIN_DB_PREFIX.'societe as s'; $sql2.= ', '.MAIN_DB_PREFIX.'commande_fournisseur as c'; $sql2.= ' WHERE c.fk_soc = s.rowid'; + $sql2.= " AND c.entity IN (".getEntity('commande_fournisseur').")"; $sql2.= ' AND s.rowid = '.$object->id; // Show orders with status validated, shipping started and delivered (well any order we can bill) $sql2.= " AND c.fk_statut IN (5)"; @@ -558,9 +559,9 @@ if ($object->id > 0) // TODO move to DAO class $sql = "SELECT count(p.rowid) as total"; - $sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as p "; + $sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as p"; $sql.= " WHERE p.fk_soc =".$object->id; - $sql.= " AND p.entity =".$conf->entity; + $sql.= " AND p.entity IN (".getEntity('commande_fournisseur').")"; $resql=$db->query($sql); if ($resql) { @@ -569,9 +570,9 @@ if ($object->id > 0) } $sql = "SELECT p.rowid,p.ref, p.date_commande as dc, p.fk_statut, p.total_ht, p.tva as total_tva, p.total_ttc"; - $sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as p "; + $sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as p"; $sql.= " WHERE p.fk_soc =".$object->id; - $sql.= " AND p.entity =".$conf->entity; + $sql.= " AND p.entity IN (".getEntity('commande_fournisseur').")"; $sql.= " ORDER BY p.date_commande DESC"; $sql.= " ".$db->plimit($MAXLIST); $resql=$db->query($sql); @@ -632,7 +633,7 @@ if ($object->id > 0) } /* - * Last supplier invoices + * Latest supplier invoices */ $langs->load('bills'); @@ -646,7 +647,7 @@ if ($object->id > 0) $sql.= ' FROM '.MAIN_DB_PREFIX.'facture_fourn as f'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON f.rowid=pf.fk_facturefourn'; $sql.= ' WHERE f.fk_soc = '.$object->id; - $sql.= " AND f.entity =".$conf->entity; + $sql.= " AND f.entity IN (".getEntity('facture_fourn').")"; $sql.= ' GROUP BY f.rowid,f.libelle,f.ref,f.ref_supplier,f.fk_statut,f.datef,f.total_ht,f.total_tva,f.total_ttc,f.paye'; $sql.= ' ORDER BY f.datef DESC'; $resql=$db->query($sql); @@ -674,15 +675,15 @@ if ($object->id > 0) print ''; print ''; $facturestatic->id=$obj->rowid; - $facturestatic->ref=($obj->ref?$obj->ref:$obj->rowid).($obj->ref_supplier?' - '.$obj->ref_supplier:''); - $facturestatic->ref_supplier = $obj->ref_supplier; - $facturestatic->total_ht = $obj->total_ht; + $facturestatic->ref=($obj->ref?$obj->ref:$obj->rowid); + $facturestatic->ref_supplier = $obj->ref_supplier; + $facturestatic->libelle = $obj->libelle; + $facturestatic->total_ht = $obj->total_ht; $facturestatic->total_tva = $obj->total_tva; $facturestatic->total_ttc = $obj->total_ttc; - //$facturestatic->ref_supplier=$obj->ref_supplier; print $facturestatic->getNomUrl(1); - //print img_object($langs->trans('ShowBill'),'bill').' '.($obj->ref?$obj->ref:$obj->rowid).' - '.$obj->ref_supplier.''; - print ' '.dol_trunc($obj->libelle,14); + print $obj->ref_supplier?' - '.$obj->ref_supplier:''; + print ($obj->libelle?' - ':'').dol_trunc($obj->libelle,14); print ''; print ''.dol_print_date($db->jdate($obj->df),'day').''; print ''.price($obj->amount).''; diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 444eb5d200a..292466ea0d8 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -1929,6 +1929,8 @@ class FactureFournisseur extends CommonInvoice $label .= '
' . $langs->trans('Ref') . ': ' . $this->ref; if (! empty($this->ref_supplier)) $label.= '
' . $langs->trans('RefSupplier') . ': ' . $this->ref_supplier; + if (! empty($this->libelle)) + $label.= '
' . $langs->trans('Label') . ': ' . $this->libelle; if (! empty($this->total_ht)) $label.= '
' . $langs->trans('AmountHT') . ': ' . price($this->total_ht, 0, $langs, 0, -1, -1, $conf->currency); if (! empty($this->total_tva)) From 8783857aa5969f383489588ef9b2729161306eb6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Feb 2018 20:33:48 +0100 Subject: [PATCH 14/18] Fix tooltip of website editor --- htdocs/langs/en_US/website.lang | 4 +++- htdocs/website/class/websitepage.class.php | 2 ++ htdocs/website/index.php | 24 ++++++++++++++++------ 3 files changed, 23 insertions(+), 7 deletions(-) diff --git a/htdocs/langs/en_US/website.lang b/htdocs/langs/en_US/website.lang index a329661a056..e96e60f14f9 100644 --- a/htdocs/langs/en_US/website.lang +++ b/htdocs/langs/en_US/website.lang @@ -55,7 +55,7 @@ OrEnterPageInfoManually=Or create empty page from scratch... FetchAndCreate=Fetch and Create ExportSite=Export site IDOfPage=Id of page -Banner=Bandeau +Banner=Banner BlogPost=Blog post WebsiteAccount=Web site account WebsiteAccounts=Web site accounts @@ -64,3 +64,5 @@ BackToListOfThirdParty=Back to list for Third Party DisableSiteFirst=Disable website first MyContainerTitle=My web site title AnotherContainer=Another container +OnlyEditionOfSourceForGrabbedContentFuture=Note: only edition of HTML source will be possible when a page content is intiliazed by grabbing it from an external page (WYSIWYG editor will not be available) +OnlyEditionOfSourceForGrabbedContent=Only edition of HTML source is possible when content was grabber from an external site \ No newline at end of file diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index 51c737673a0..408f5d194ae 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -59,10 +59,12 @@ class WebsitePage extends CommonObject public $keywords; public $htmlheader; public $content; + public $grabbed_from; public $status; public $date_creation; public $date_modification; + // BEGIN MODULEBUILDER PROPERTIES /** * @var array Array with all fields and their property. Do not use it as a static var. It may be modified by constructor. diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 6f515568bc2..f57d28a2acb 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -1476,6 +1476,12 @@ if (count($object->records) > 0) //print ''; print ''; + $websitepage = new WebSitePage($db); + if ($pageid > 0 && ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone')) + { + $websitepage->fetch($pageid); + } + if ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone') { $disabled=''; @@ -1516,7 +1522,15 @@ if (count($object->records) > 0) print '   '; print ''; - print ''; + if ($websitepage->grabbed_from) + { + print ''; + } + else + { + print ''; + } + print ''; if ($object->fk_default_home > 0 && $pageid == $object->fk_default_home) print ''; else print ''; @@ -1529,11 +1543,8 @@ if (count($object->records) > 0) print '
'; - if ($website && $pageid > 0 && ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone')) + if ($pageid > 0 && ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone')) { - $websitepage = new WebSitePage($db); - $websitepage->fetch($pageid); - $realpage=$urlwithroot.'/public/website/index.php?website='.$website.'&pageref='.$websitepage->pageurl; $pagealias = $websitepage->pageurl; @@ -1894,8 +1905,9 @@ if ($action == 'editmeta' || $action == 'createcontainer') print ''; print $langs->trans("URL"); print ''; - print ' '; + print ' '; print ''; + print '

'.info_admin($langs->trans("OnlyEditionOfSourceForGrabbedContentFuture"), 0, 0, '1'); print ''; print ''; From 23ee6748f7244b199cdaeaff5ffe32602d6f1f05 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Feb 2018 20:36:13 +0100 Subject: [PATCH 15/18] Update fournisseurs.php --- htdocs/product/fournisseurs.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 9c91b5e11d7..68f0d673ca4 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -51,8 +51,6 @@ $cost_price=GETPOST('cost_price', 'alpha'); $backtopage=GETPOST('backtopage','alpha'); $error=0; -if (!$user->rights->fournisseur->lire) accessforbidden(); - // If socid provided by ajax company selector if (! empty($_REQUEST['search_fourn_id'])) { @@ -67,6 +65,8 @@ $fieldtype = (! empty($ref) ? 'ref' : 'rowid'); if ($user->societe_id) $socid=$user->societe_id; $result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype); +if (empty($user->rights->fournisseur->lire)) accessforbidden(); + $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit; $sortfield = GETPOST("sortfield",'alpha'); $sortorder = GETPOST("sortorder",'alpha'); From 0d00c51c2aaf0a614eed10ebc912bd903d7aa02a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Feb 2018 20:51:05 +0100 Subject: [PATCH 16/18] Update type.php --- htdocs/adherents/type.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index 01c8841708f..2d36f1d7fc5 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -96,7 +96,7 @@ if ($action == 'add' && $user->rights->adherent->configurer) $object->label = trim($label); $object->subscription = (int) trim($subscription); $object->note = trim($comment); - $object->mail_valid = $db->escape(trim($mail_valid)); + $object->mail_valid = trim($mail_valid); $object->vote = (boolean) trim($vote); // Fill array 'array_options' with data from add form From d0fdf700d77a474ac03fae4cf0868ead674265a5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Feb 2018 20:51:33 +0100 Subject: [PATCH 17/18] Update type.php --- htdocs/adherents/type.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index 2d36f1d7fc5..a66108dec21 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -134,7 +134,7 @@ if ($action == 'update' && $user->rights->adherent->configurer) $object->label = trim($label); $object->subscription = (int) trim($subscription); $object->note = trim($comment); - $object->mail_valid = $db->escape(trim($mail_valid)); + $object->mail_valid = trim($mail_valid); $object->vote = (boolean) trim($vote); // Fill array 'array_options' with data from add form From 7ba55ea12e05c13f8030bc80e4cd6088bbf8cf4a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Feb 2018 22:17:53 +0100 Subject: [PATCH 18/18] Fix phpunit --- test/phpunit/CodingPhpTest.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 2e4deb372eb..6c3a1bda329 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -196,10 +196,10 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase $ok=true; $matches=array(); // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. - preg_match_all('/(...................)\$_SERVER\[\'QUERY_STRING\'\]/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('/(..............)\$_SERVER\[\'QUERY_STRING\'\]/', $filecontent, $matches, PREG_SET_ORDER); foreach($matches as $key => $val) { - if ($val[1] != 'dol_escape_htmltag(' && $val[1] != 'l_string_nohtmltag(') + if ($val[1] != 'scape_htmltag(' && $val[1] != 'ing_nohtmltag(' && $val[1] != 'dol_escape_js(') { $ok=false; break;