diff --git a/htdocs/compta/dons/class/don.class.php b/htdocs/compta/dons/class/don.class.php index face065425a..075200bccf3 100644 --- a/htdocs/compta/dons/class/don.class.php +++ b/htdocs/compta/dons/class/don.class.php @@ -458,7 +458,7 @@ class Don extends CommonObject $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON cp.id = d.fk_paiement"; $sql.= " WHERE d.rowid = ".$rowid." AND d.entity = ".$conf->entity; - dol_syslog("Don::fetch sql=".$sql); + dol_syslog(get_class($this)."::fetch sql=".$sql); $resql=$this->db->query($sql); if ($resql) { diff --git a/htdocs/compta/dons/fiche.php b/htdocs/compta/dons/fiche.php index 143cda2b27c..5ee0351d559 100644 --- a/htdocs/compta/dons/fiche.php +++ b/htdocs/compta/dons/fiche.php @@ -34,18 +34,24 @@ $langs->load("companies"); $langs->load("donations"); $langs->load("bills"); +$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id'); +$action=GETPOST('action'); + $mesg=""; $mesgs=array(); $don = new Don($db); $donation_date=dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); +// Security check +$result = restrictedArea($user, 'don', $id); + /* * Actions */ -if ($_POST["action"] == 'update') +if ($action == 'update') { if (! empty($_POST['cancel'])) { @@ -58,14 +64,14 @@ if ($_POST["action"] == 'update') if (empty($donation_date)) { $mesgs[]=$langs->trans("ErrorFieldRequired",$langs->trans("Date")); - $_GET["action"] = "create"; + $action = "create"; $error++; } if (! $_POST["amount"] > 0) { $mesgs[]=$langs->trans("ErrorFieldRequired",$langs->trans("Amount")); - $_GET["action"] = "create"; + $action = "create"; $error++; } @@ -100,7 +106,7 @@ if ($_POST["action"] == 'update') } } -if ($_POST["action"] == 'add') +if ($action == 'add') { if (! empty($_POST['cancel'])) { @@ -152,19 +158,19 @@ if ($_POST["action"] == 'add') } } -if ($_GET["action"] == 'delete') +if ($action == 'delete') { $don->delete($_GET["rowid"]); Header("Location: liste.php"); exit; } -if ($_POST["action"] == 'commentaire') +if ($action == 'commentaire') { $don->fetch($_POST["rowid"]); $don->update_note($_POST["commentaire"]); $_GET["rowid"] = $_POST["rowid"]; } -if ($_GET["action"] == 'valid_promesse') +if ($action == 'valid_promesse') { if ($don->valid_promesse($_GET["rowid"], $user->id) >= 0) { @@ -173,7 +179,7 @@ if ($_GET["action"] == 'valid_promesse') } else $mesg=$don->error; } -if ($_GET["action"] == 'set_cancel') +if ($action == 'set_cancel') { if ($don->set_cancel($_GET["rowid"]) >= 0) { @@ -182,7 +188,7 @@ if ($_GET["action"] == 'set_cancel') } else $mesg=$don->error; } -if ($_GET["action"] == 'set_paid') +if ($action == 'set_paid') { if ($don->set_paye($_GET["rowid"], $modepaiement) >= 0) { @@ -191,7 +197,7 @@ if ($_GET["action"] == 'set_paid') } else $mesg=$don->error; } -if ($_GET["action"] == 'set_encaisse') +if ($action == 'set_encaisse') { if ($don->set_encaisse($_GET["rowid"]) >= 0) { @@ -204,7 +210,7 @@ if ($_GET["action"] == 'set_encaisse') /* * Build doc */ -if ($_REQUEST['action'] == 'builddoc') +if ($action == 'builddoc') { $donation = new Don($db); $donation->fetch($_GET['rowid']); @@ -255,7 +261,7 @@ $formcompany = new FormCompany($db); /* */ /* ************************************************************************** */ -if ($_GET["action"] == 'create') +if ($action == 'create') { print_fiche_titre($langs->trans("AddDonation")); @@ -326,10 +332,9 @@ if ($_GET["action"] == 'create') /* */ /* ************************************************************ */ -if ($_GET["rowid"] && $_GET["action"] == 'edit') +if ($id && $_GET["action"] == 'edit') { - $don->id = $_GET["rowid"]; - $don->fetch($_GET["rowid"]); + $don->fetch($id); $h=0; $head[$h][0] = DOL_URL_ROOT."/compta/dons/fiche.php?rowid=".$_GET["rowid"]; @@ -420,11 +425,9 @@ if ($_GET["rowid"] && $_GET["action"] == 'edit') /* Fiche don en mode visu */ /* */ /* ************************************************************ */ -if ($_GET["rowid"] && $_GET["action"] != 'edit') +if ($id && $action != 'edit') { - $don->id = $_GET["rowid"]; - $result=$don->fetch($_GET["rowid"]); - + $result=$don->fetch($id); $h=0; $head[$h][0] = DOL_URL_ROOT."/compta/dons/fiche.php?rowid=".$_GET["rowid"]; diff --git a/htdocs/compta/dons/index.php b/htdocs/compta/dons/index.php index 23bb7ee3d56..e72f49b9cb3 100644 --- a/htdocs/compta/dons/index.php +++ b/htdocs/compta/dons/index.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2011 Laurent Destailleur + * Copyright (C) 2004-2012 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,6 +27,8 @@ require_once(DOL_DOCUMENT_ROOT."/compta/dons/class/don.class.php"); $langs->load("donations"); +if (!$user->rights->don->lire) accessforbidden(); + $donation_static=new Don($db); @@ -34,7 +36,7 @@ $donation_static=new Don($db); * Actions */ - +// None /* diff --git a/htdocs/compta/dons/liste.php b/htdocs/compta/dons/liste.php index feaf89f2565..14be56fdba6 100644 --- a/htdocs/compta/dons/liste.php +++ b/htdocs/compta/dons/liste.php @@ -45,6 +45,7 @@ $search_ref=GETPOST('search_ref'); $search_company=GETPOST('search_company'); $search_name=GETPOST('search_name'); +if (!$user->rights->don->lire) accessforbidden(); /* diff --git a/htdocs/compta/dons/stats.php b/htdocs/compta/dons/stats.php index 7c07f62ef54..369e9a7a785 100644 --- a/htdocs/compta/dons/stats.php +++ b/htdocs/compta/dons/stats.php @@ -26,6 +26,8 @@ require("../../main.inc.php"); $langs->load("donations"); +if (!$user->rights->don->lire) accessforbidden(); + /* * View @@ -77,7 +79,7 @@ else } -$db->close(); - llxFooter(); + +$db->close(); ?> diff --git a/htdocs/core/modules/dons/modules_don.php b/htdocs/core/modules/dons/modules_don.php index df917b1f5d9..4bda754c752 100644 --- a/htdocs/core/modules/dons/modules_don.php +++ b/htdocs/core/modules/dons/modules_don.php @@ -38,8 +38,10 @@ abstract class ModeleDon extends CommonDocGenerator var $error=''; /** - * \brief Return list of active generation modules - * \param $db Database handler + * Return list of active generation modules + * + * @param DoliDB $db Database handler + * @return array List of donation templates */ function liste_modeles($db) {