diff --git a/ChangeLog b/ChangeLog
index 3ecdc4d0c54..7e319d3aabe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,96 @@ English Dolibarr ChangeLog
--------------------------------------------------------------
+***** ChangeLog for 7.0.2 compared to 7.0.1 *****
+FIX: #8023
+FIX: #8259 can't update contact birthday with REST API
+FIX: #8359
+FIX: #8389
+FIX: #8478 !empty instead of count to avoid warning
+FIX: #8488
+FIX: #8559 Bug to generate cheque receipt
+FIX: #8571
+FIX: #8574
+FIX: #8580
+FIX: #8650
+FIX: actioncomm export: type filtering not working
+FIX: Add a test to avoid to reset binding by error.
+FIX: addline on invoice supplier manage rank on its own if not provided
+FIX: Add warning when expense report line not into range
+FIX: avoid Error: Call to undefined method mysqli::get_charset()
+FIX: avoid focus problem when select2 is in a modal dialog window
+FIX: Binding pages must start on fiscal month not calendar month
+FIX: button "Classify bill" on supplier order was not visible
+FIX: Button receive products not visible
+FIX: can bypass the CSRF protection with url with domain inside
+FIX: Can't edit option PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY
+FIX: commonobject: don't require notnull field if default set
+FIX: CommonObject: don't require 'notnull' field if 'default' set
+FIX: cron script disabled if module disabled
+FIX: CVE-2018-10092
+FIX: CVE-2018-10094
+FIX: CVE-2018-10095
+FIX: CVE-2018-9019
+FIX: CWE-89
+FIX: Data on income/expense report was always 0
+FIX: default addupdatedelete actions: uniformize add/update value checks
+FIX: default currency not set on supplier order creation from commercial menu #8459
+FIX: delete all product variants of a parent product
+FIX: Detail per account not visible when total < 0
+FIX: DOL_AUTOSET_COOKIE was not correctly setting value of cookie
+FIX: don't print empty date in CommonObject::showOutputField
+FIX: dont print empty date in CommonObject::showOutputField
+FIX: Draft invoice must be excluded from report
+FIX: environment shown on cron card
+FIX: Error in ContractLigne not return to Contract
+FIX: extrafields price and double were lost during a failed post.
+FIX: File name not visible in email preview
+FIX: filter/sorting on extrafield on contact list from contact tab
+FIX: Initial month on report income/expense per predefined group
+FIX: issue #8037
+FIX: Issue #8455
+FIX: issue #8470
+FIX: label in getnomurl projectlist
+FIX: limit access of email template page to internal users
+FIX: look and feel v7 "back to" for bookkeeping record
+FIX: Max nb of generation of recurring invoice should not show warning
+FIX: missing english name for object
+FIX: Missing include
+FIX: missing User object with API REST
+FIX: modulebuilder: could not create html fields
+FIX: modulebuilder: handle 'price' fieldtype
+FIX: multiple creation of same event
+FIX: Name of user not visible on journalizing expense report payments
+FIX: Not approved holidays must not be visible into timesheet
+FIX: Only approved expense report must be journalized
+FIX: payment term doc-specific label was not used
+FIX: payment term doc-specific label was not used (issue #8414)
+FIX: project category is type 6 not 5
+FIX: Projet is not prefilled when created from overwiew page
+FIX: Related contact printed in societe agenda
+FIX: Removed error when no error on accounting setup page
+FIX: remove var_dump
+FIX: sanitize setup params
+FIX: selectForFormsList: entity checked even is object not multi-entity managed
+FIX: service creation, right is tested regarding the product type
+FIX: some localtaxes errors
+FIX: Some report have data when several chart of accounts exists
+FIX: sql error using no category
+FIX: SQL Injection CWE-89
+FIX: Support or multicompany for sheduled jobs
+FIX: Test on mandatory status when closing proposal failed
+FIX: to allow IRPF not null even if main VAT is null.
+FIX: update wrong datetime extrafield
+FIX: Use priority to define order of sheduled jobs
+FIX: various modulebuilder-related issues
+FIX: view of balance before field
+FIX: weird password autocompletion in Goocle Chrome (issue #8479)
+FIX: weird password autocompletion in Google Chrome (issue #8479)
+FIX: When clearing filter, we must not save tmp criterias in session
+FIX: With x extrafields, request for multicompany label was done x times
+FIX: several XSS
+FIX: zip not filtered
+
***** ChangeLog for 7.0.1 compared to 7.0.0 *****
FIX: #8139 User search does not work if MAIN_USE_OLD_SEARCH_FORM, missing list.php
FIX: #8200
@@ -358,7 +448,22 @@ Following changes may create regressions for some external modules, but were nec
-***** ChangeLog for 6.0.6 compared to 6.0.6 *****
+***** ChangeLog for 6.0.7 compared to 6.0.6 *****
+FIX: #8023
+FIX: #8259 can't update contact birthday with REST API
+FIX: #8478 !empty instead of count to avoid warning
+FIX: #8488
+FIX: actioncomm export: type filtering not working
+FIX: addline on invoice supplier manage rank on its own if not provided
+FIX: issue #8037
+FIX: label in getnomurl projectlist
+FIX: payment term doc-specific label was not used
+FIX: payment term doc-specific label was not used (issue #8414)
+FIX: project category is type 6 not 5 !!
+FIX: some localtaxes errors
+FIX: weird password autocompletion in Google Chrome (issue #8479)
+
+***** ChangeLog for 6.0.6 compared to 6.0.5 *****
FIX: #7974 Contract - Invalid reference on the document
FIX: #8139
FIX: #8139 User search does not work if MAIN_USE_OLD_SEARCH_FORM, missing list.php
diff --git a/build/makepack-dolibarr.pl b/build/makepack-dolibarr.pl
index 77d78da1dc5..1ab3269d0de 100755
--- a/build/makepack-dolibarr.pl
+++ b/build/makepack-dolibarr.pl
@@ -466,10 +466,12 @@ if ($nboftargetok) {
$ret=`rm -f $BUILDROOT/$PROJECT/build/dolibarr_*.deb`;
$ret=`rm -f $BUILDROOT/$PROJECT/build/dolibarr_*.dsc`;
$ret=`rm -f $BUILDROOT/$PROJECT/build/dolibarr_*.tar.gz`;
+ $ret=`rm -f $BUILDROOT/$PROJECT/build/dolibarr_*.tar.xz`;
$ret=`rm -f $BUILDROOT/$PROJECT/build/dolibarr-*.deb`;
$ret=`rm -f $BUILDROOT/$PROJECT/build/dolibarr-*.rpm`;
$ret=`rm -f $BUILDROOT/$PROJECT/build/dolibarr-*.tar`;
$ret=`rm -f $BUILDROOT/$PROJECT/build/dolibarr-*.tar.gz`;
+ $ret=`rm -f $BUILDROOT/$PROJECT/build/dolibarr-*.tar.xz`;
$ret=`rm -f $BUILDROOT/$PROJECT/build/dolibarr-*.tgz`;
$ret=`rm -f $BUILDROOT/$PROJECT/build/dolibarr-*.xz`;
$ret=`rm -f $BUILDROOT/$PROJECT/build/dolibarr-*.zip`;
@@ -849,6 +851,8 @@ if ($nboftargetok) {
unlink("$NEWDESTI/${FILENAMEDEB}.changes");
print "Remove target ${FILENAMEDEB}.debian.tar.gz...\n";
unlink("$NEWDESTI/${FILENAMEDEB}.debian.tar.gz");
+ print "Remove target ${FILENAMEDEB}.debian.tar.xz...\n";
+ unlink("$NEWDESTI/${FILENAMEDEB}.debian.tar.xz");
print "Remove target ${FILENAMEDEBNATIVE}.orig.tar.gz...\n";
unlink("$NEWDESTI/${FILENAMEDEBNATIVE}.orig.tar.gz");
@@ -1024,7 +1028,7 @@ if ($nboftargetok) {
$ret=`mv $BUILDROOT/*_all.deb "$NEWDESTI/"`;
$ret=`mv $BUILDROOT/*.dsc "$NEWDESTI/"`;
$ret=`mv $BUILDROOT/*.orig.tar.gz "$NEWDESTI/"`;
- $ret=`mv $BUILDROOT/*.debian.tar.gz "$NEWDESTI/"`;
+ $ret=`mv $BUILDROOT/*.debian.tar.xz "$NEWDESTI/"`;
$ret=`mv $BUILDROOT/*.changes "$NEWDESTI/"`;
next;
}
@@ -1168,7 +1172,7 @@ if ($nboftargetok) {
"$DESTI/package_debian-ubuntu/${FILENAMEDEB}_all.deb"=>'Dolibarr installer for Debian-Ubuntu (DoliDeb)',
"$DESTI/package_debian-ubuntu/${FILENAMEDEB}_amd64.changes"=>'none', # none means it won't be published on SF
"$DESTI/package_debian-ubuntu/${FILENAMEDEB}.dsc"=>'none', # none means it won't be published on SF
- "$DESTI/package_debian-ubuntu/${FILENAMEDEB}.debian.tar.gz"=>'none', # none means it won't be published on SF
+ "$DESTI/package_debian-ubuntu/${FILENAMEDEB}.debian.tar.xz"=>'none', # none means it won't be published on SF
"$DESTI/package_debian-ubuntu/${FILENAMEDEBSHORT}.orig.tar.gz"=>'none', # none means it won't be published on SF
"$DESTI/package_windows/$FILENAMEEXEDOLIWAMP.exe"=>'Dolibarr installer for Windows (DoliWamp)',
"$DESTI/standard/$FILENAMETGZ.tgz"=>'Dolibarr ERP-CRM',
@@ -1181,8 +1185,7 @@ if ($nboftargetok) {
"$DESTI/package_debian-ubuntu/${FILENAMEDEB}_all.deb"=>'package_debian-ubuntu',
"$DESTI/package_debian-ubuntu/${FILENAMEDEB}_amd64.changes"=>'package_debian-ubuntu',
"$DESTI/package_debian-ubuntu/${FILENAMEDEB}.dsc"=>'package_debian-ubuntu',
- "$DESTI/package_debian-ubuntu/${FILENAMEDEB}.debian.tar.gz"=>'package_debian-ubuntu',
- "$DESTI/package_debian-ubuntu/${FILENAMEDEBSHORT}.orig.tar.gz"=>'package_debian-ubuntu',
+ "$DESTI/package_debian-ubuntu/${FILENAMEDEB}.debian.tar.xz"=>'package_debian-ubuntu',
"$DESTI/package_debian-ubuntu/${FILENAMEDEBSHORT}.orig.tar.gz"=>'package_debian-ubuntu',
"$DESTI/package_windows/$FILENAMEEXEDOLIWAMP.exe"=>'package_windows',
"$DESTI/standard/$FILENAMETGZ.tgz"=>'standard',
diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php
index 98ecd8e327c..8eca415bff9 100644
--- a/htdocs/accountancy/admin/account.php
+++ b/htdocs/accountancy/admin/account.php
@@ -176,10 +176,10 @@ $pcgver = $conf->global->CHARTOFACCOUNTS;
$sql = "SELECT aa.rowid, aa.fk_pcg_version, aa.pcg_type, aa.pcg_subtype, aa.account_number, aa.account_parent , aa.label, aa.active, ";
$sql .= " a2.rowid as rowid2, a2.label as label2, a2.account_number as account_number2";
$sql .= " FROM " . MAIN_DB_PREFIX . "accounting_account as aa";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version AND aa.entity = " . $conf->entity;
// Dirty hack wainting that foreign key account_parent is an integer to be compared correctly with rowid
-if ($db->type == 'pgsql') $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = CAST(aa.account_parent AS INTEGER)";
-else $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = CAST(aa.account_parent AS UNSIGNED)";
+if ($db->type == 'pgsql') $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = CAST(aa.account_parent AS INTEGER) AND a2.entity = " . $conf->entity;
+else $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = CAST(aa.account_parent AS UNSIGNED) AND a2.entity = " . $conf->entity;
$sql .= " WHERE asy.rowid = " . $pcgver;
if (strlen(trim($search_account))) $sql .= natural_search("aa.account_number", $search_account);
diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php
index f3924f73a76..df4f5d7c3f5 100644
--- a/htdocs/accountancy/admin/accountmodel.php
+++ b/htdocs/accountancy/admin/accountmodel.php
@@ -45,7 +45,7 @@ $langs->loadLangs(array("errors","admin","companies","resource","holiday","compt
$action=GETPOST('action','alpha')?GETPOST('action','alpha'):'view';
$confirm=GETPOST('confirm','alpha');
-$id=GETPOST('id','int');
+$id=31;
$rowid=GETPOST('rowid','alpha');
$code=GETPOST('code','alpha');
@@ -58,8 +58,8 @@ $listoffset=GETPOST('listoffset');
$listlimit=GETPOST('listlimit')>0?GETPOST('listlimit'):1000;
$active = 1;
-$sortfield = GETPOST("sortfield",'alpha');
-$sortorder = GETPOST("sortorder",'alpha');
+$sortfield = GETPOST("sortfield",'aZ09comma');
+$sortorder = GETPOST("sortorder",'aZ09comma');
$page = GETPOST("page",'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
$offset = $listlimit * $page ;
@@ -84,59 +84,48 @@ $hookmanager->initHooks(array('admin'));
$tabname=array();
$tabname[31]= MAIN_DB_PREFIX."accounting_system";
-$tabname[32]= MAIN_DB_PREFIX."c_accounting_category";
// Dictionary labels
$tablib=array();
$tablib[31]= "Pcg_version";
-$tablib[32]= "DictionaryAccountancyCategory";
// Requests to extract data
$tabsql=array();
$tabsql[31]= "SELECT s.rowid as rowid, pcg_version, s.label, s.fk_country as country_id, c.code as country_code, c.label as country, s.active FROM ".MAIN_DB_PREFIX."accounting_system as s, ".MAIN_DB_PREFIX."c_country as c WHERE s.fk_country=c.rowid and c.active=1";
-$tabsql[32]= "SELECT a.rowid as rowid, a.code as code, a.label, a.range_account, a.sens, a.category_type, a.formula, a.position as position, a.fk_country as country_id, c.code as country_code, c.label as country, a.active FROM ".MAIN_DB_PREFIX."c_accounting_category as a, ".MAIN_DB_PREFIX."c_country as c WHERE a.fk_country=c.rowid and c.active=1";
// Criteria to sort dictionaries
$tabsqlsort=array();
$tabsqlsort[31]="pcg_version ASC";
-$tabsqlsort[32]="position ASC";
// Nom des champs en resultat de select pour affichage du dictionnaire
$tabfield=array();
$tabfield[31]= "pcg_version,label,country_id,country";
-$tabfield[32]= "code,label,range_account,sens,category_type,formula,position,country_id,country";
// Nom des champs d'edition pour modification d'un enregistrement
$tabfieldvalue=array();
$tabfieldvalue[31]= "pcg_version,label,country";
-$tabfieldvalue[32]= "code,label,range_account,sens,category_type,formula,position,country";
// Nom des champs dans la table pour insertion d'un enregistrement
$tabfieldinsert=array();
$tabfieldinsert[31]= "pcg_version,label,fk_country";
-$tabfieldinsert[32]= "code,label,range_account,sens,category_type,formula,position,fk_country";
// Nom du rowid si le champ n'est pas de type autoincrement
// Example: "" if id field is "rowid" and has autoincrement on
// "nameoffield" if id field is not "rowid" or has not autoincrement on
$tabrowid=array();
$tabrowid[31]= "";
-$tabrowid[32]= "";
// Condition to show dictionary in setup page
$tabcond=array();
$tabcond[31]= ! empty($conf->accounting->enabled);
-$tabcond[32]= ! empty($conf->accounting->enabled);
// List of help for fields
$tabhelp=array();
$tabhelp[31] = array('pcg_version'=>$langs->trans("EnterAnyCode"));
-$tabhelp[32] = array('code'=>$langs->trans("EnterAnyCode"));
// List of check for fields (NOT USED YET)
$tabfieldcheck=array();
$tabfieldcheck[31] = array();
-$tabfieldcheck[32] = array();
// Define elementList and sourceList (used for dictionary type of contacts "llx_c_type_contact")
@@ -484,7 +473,7 @@ print " \n";
// Confirmation de la suppression de la ligne
if ($action == 'delete')
{
- print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid.'&code='.$code.'&id='.$id, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
+ print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.urlencode($page).'&':'').'sortfield='.urlencode($sortfield).'&sortorder='.urlencode($sortorder).'&rowid='.urlencode($rowid).'&code='.urlencode($code).'&id='.urlencode($id), $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
}
//var_dump($elementList);
@@ -503,24 +492,9 @@ if ($id)
$sql.= " c.rowid = ".$search_country_id;
}
- if ($sortfield)
- {
- // If sort order is "country", we use country_code instead
- if ($sortfield == 'country') $sortfield='country_code';
- $sql.= " ORDER BY ".$sortfield;
- if ($sortorder)
- {
- $sql.=" ".strtoupper($sortorder);
- }
- $sql.=", ";
- // Clear the required sort criteria for the tabsqlsort to be able to force it with selected value
- $tabsqlsort[$id]=preg_replace('/([a-z]+\.)?'.$sortfield.' '.$sortorder.',/i','',$tabsqlsort[$id]);
- $tabsqlsort[$id]=preg_replace('/([a-z]+\.)?'.$sortfield.',/i','',$tabsqlsort[$id]);
- }
- else {
- $sql.=" ORDER BY ";
- }
- $sql.=$tabsqlsort[$id];
+ // If sort order is "country", we use country_code instead
+ if ($sortfield == 'country') $sortfield='country_code';
+ $sql.=$db->order($sortfield,$sortorder);
$sql.=$db->plimit($listlimit+1,$offset);
//print $sql;
diff --git a/htdocs/accountancy/admin/categories.php b/htdocs/accountancy/admin/categories.php
index 7ab463e3179..9c40802c925 100644
--- a/htdocs/accountancy/admin/categories.php
+++ b/htdocs/accountancy/admin/categories.php
@@ -88,7 +88,7 @@ $formaccounting = new FormAccounting($db);
llxheader('', $langs->trans('AccountingCategory'));
-$linkback = ''.$langs->trans("BackToList").'';
+$linkback = ''.$langs->trans("BackToList").'';
print load_fiche_titre($langs->trans('AccountingCategory'), $linkback);
diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php
index fb7561dda94..40ea103a12f 100644
--- a/htdocs/accountancy/admin/categories_list.php
+++ b/htdocs/accountancy/admin/categories_list.php
@@ -54,8 +54,8 @@ $listoffset=GETPOST('listoffset');
$listlimit=GETPOST('listlimit')>0?GETPOST('listlimit'):1000;
$active = 1;
-$sortfield = GETPOST("sortfield",'alpha');
-$sortorder = GETPOST("sortorder",'alpha');
+$sortfield = GETPOST("sortfield",'aZ09comma');
+$sortorder = GETPOST("sortorder",'aZ09comma');
$page = GETPOST("page",'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
$offset = $listlimit * $page ;
@@ -300,7 +300,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') // delete
if ($tabrowid[$id]) { $rowidcol=$tabrowid[$id]; }
else { $rowidcol="rowid"; }
- $sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol." = '".$this->db->escape($rowid)."'";
+ $sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
dol_syslog("delete", LOG_DEBUG);
$result = $db->query($sql);
@@ -324,10 +324,10 @@ if ($action == $acts[0])
else { $rowidcol="rowid"; }
if ($rowid) {
- $sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol." = '".$this->db->escape($rowid)."'";
+ $sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
}
elseif ($code) {
- $sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code = '".$this->db->escape($code)."'";
+ $sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code = '".$db->escape($code)."'";
}
$result = $db->query($sql);
@@ -344,10 +344,10 @@ if ($action == $acts[1])
else { $rowidcol="rowid"; }
if ($rowid) {
- $sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol." = '".$this->db->escape($rowid)."'";
+ $sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
}
elseif ($code) {
- $sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code = '".$this->db->escape($code)."'";
+ $sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code = '".$db->escape($code)."'";
}
$result = $db->query($sql);
@@ -364,10 +364,10 @@ if ($action == 'activate_favorite')
else { $rowidcol="rowid"; }
if ($rowid) {
- $sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol." = '".$this->db->escape($rowid)."'";
+ $sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
}
elseif ($code) {
- $sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code = '".$this->db->escape($code)."'";
+ $sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code = '".$db->escape($code)."'";
}
$result = $db->query($sql);
@@ -384,10 +384,10 @@ if ($action == 'disable_favorite')
else { $rowidcol="rowid"; }
if ($rowid) {
- $sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol." = '".$this->db->escape($rowid)."'";
+ $sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
}
elseif ($code) {
- $sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code = '".$this->db->escape($code)."'";
+ $sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code = '".$db->escape($code)."'";
}
$result = $db->query($sql);
@@ -437,24 +437,9 @@ if ($id)
$sql.= " (a.fk_country = ".$search_country_id." OR a.fk_country = 0)";
}
- if ($sortfield)
- {
- // If sort order is "country", we use country_code instead
- if ($sortfield == 'country') $sortfield='country_code';
- $sql.= " ORDER BY ".$sortfield;
- if ($sortorder)
- {
- $sql.=" ".strtoupper($sortorder);
- }
- $sql.=", ";
- // Clear the required sort criteria for the tabsqlsort to be able to force it with selected value
- $tabsqlsort[$id]=preg_replace('/([a-z]+\.)?'.$sortfield.' '.$sortorder.',/i','',$tabsqlsort[$id]);
- $tabsqlsort[$id]=preg_replace('/([a-z]+\.)?'.$sortfield.',/i','',$tabsqlsort[$id]);
- }
- else {
- $sql.=" ORDER BY ";
- }
- $sql.=$tabsqlsort[$id];
+ // If sort order is "country", we use country_code instead
+ if ($sortfield == 'country') $sortfield='country_code';
+ $sql.=$db->order($sortfield,$sortorder);
$sql.=$db->plimit($listlimit+1,$offset);
//print $sql;
@@ -793,7 +778,7 @@ if ($id)
print '
';
if (empty($obj->formula))
{
- print '';
+ print '';
print $langs->trans("ListOfAccounts");
print '';
}
diff --git a/htdocs/accountancy/admin/journals_list.php b/htdocs/accountancy/admin/journals_list.php
index 7612e7b261a..971fdc20811 100644
--- a/htdocs/accountancy/admin/journals_list.php
+++ b/htdocs/accountancy/admin/journals_list.php
@@ -36,7 +36,7 @@ $langs->load("accountancy");
$action=GETPOST('action','alpha')?GETPOST('action','alpha'):'view';
$confirm=GETPOST('confirm','alpha');
-$id=GETPOST('id','int');
+$id=35;
$rowid=GETPOST('rowid','alpha');
$code=GETPOST('code','alpha');
@@ -400,24 +400,9 @@ if ($id)
$sql=$tabsql[$id];
$sql.= " WHERE a.entity = ".$conf->entity;
- if ($sortfield)
- {
- // If sort order is "country", we use country_code instead
- if ($sortfield == 'country') $sortfield='country_code';
- $sql.= " ORDER BY ".$sortfield;
- if ($sortorder)
- {
- $sql.=" ".strtoupper($sortorder);
- }
- $sql.=", ";
- // Clear the required sort criteria for the tabsqlsort to be able to force it with selected value
- $tabsqlsort[$id]=preg_replace('/([a-z]+\.)?'.$sortfield.' '.$sortorder.',/i','',$tabsqlsort[$id]);
- $tabsqlsort[$id]=preg_replace('/([a-z]+\.)?'.$sortfield.',/i','',$tabsqlsort[$id]);
- }
- else {
- $sql.=" ORDER BY ";
- }
- $sql.=$tabsqlsort[$id];
+ // If sort order is "country", we use country_code instead
+ if ($sortfield == 'country') $sortfield='country_code';
+ $sql.=$db->order($sortfield,$sortorder);
$sql.=$db->plimit($listlimit+1,$offset);
$fieldlist=explode(',',$tabfield[$id]);
diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php
index 6b7e925832b..3f5c11691ad 100644
--- a/htdocs/accountancy/class/accountingaccount.class.php
+++ b/htdocs/accountancy/class/accountingaccount.class.php
@@ -84,7 +84,8 @@ class AccountingAccount extends CommonObject
* @param int $limittocurrentchart 1=Do not load record if it is into another accounting system
* @return int <0 if KO, 0 if not found, Id of record if OK and found
*/
- function fetch($rowid = null, $account_number = null, $limittocurrentchart = 0) {
+ function fetch($rowid = null, $account_number = null, $limittocurrentchart = 0)
+ {
global $conf;
if ($rowid || $account_number) {
@@ -96,10 +97,10 @@ class AccountingAccount extends CommonObject
if ($rowid) {
$sql .= " a.rowid = '" . $rowid . "'";
} elseif ($account_number) {
- $sql .= " a.account_number = '" . $account_number . "'";
+ $sql .= " a.account_number = '" . $this->db->escape($account_number) . "'";
}
if (! empty($limittocurrentchart)) {
- $sql .= ' AND a.fk_pcg_version IN (SELECT pcg_version FROM ' . MAIN_DB_PREFIX . 'accounting_system WHERE rowid=' . $conf->global->CHARTOFACCOUNTS . ')';
+ $sql .= ' AND a.fk_pcg_version IN (SELECT pcg_version FROM ' . MAIN_DB_PREFIX . 'accounting_system WHERE rowid=' . $this->db->escape($conf->global->CHARTOFACCOUNTS) . ')';
}
dol_syslog(get_class($this) . "::fetch sql=" . $sql, LOG_DEBUG);
@@ -203,7 +204,7 @@ class AccountingAccount extends CommonObject
$sql .= ", " . (empty($this->account_number) ? 'NULL' : "'" . $this->db->escape($this->account_number) . "'");
$sql .= ", " . (empty($this->account_parent) ? 'NULL' : "'" . $this->db->escape($this->account_parent) . "'");
$sql .= ", " . (empty($this->label) ? 'NULL' : "'" . $this->db->escape($this->label) . "'");
- $sql .= ", " . (empty($this->account_category) ? 'NULL' : "'" . $this->db->escape($this->account_category) . "'");
+ $sql .= ", " . (empty($this->account_category) ? '0' : $this->db->escape($this->account_category));
$sql .= ", " . $user->id;
$sql .= ", " . (! isset($this->active) ? 'NULL' : $this->db->escape($this->active));
$sql .= ")";
@@ -274,7 +275,7 @@ class AccountingAccount extends CommonObject
$sql .= " , account_number = '" . $this->db->escape($this->account_number) . "'";
$sql .= " , account_parent = '" . $this->db->escape($this->account_parent) . "'";
$sql .= " , label = " . ($this->label ? "'" . $this->db->escape($this->label) . "'" : "null");
- $sql .= " , fk_accounting_category = '" . $this->db->escape($this->account_category) . "'";
+ $sql .= " , fk_accounting_category = " . (empty($this->account_category) ? 0 : $this->db->escape($this->account_category));
$sql .= " , fk_user_modif = " . $user->id;
$sql .= " , active = " . $this->active;
$sql .= " WHERE rowid = " . $this->id;
diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php
index 438c7cd5227..72ac51e1799 100644
--- a/htdocs/admin/dict.php
+++ b/htdocs/admin/dict.php
@@ -965,14 +965,14 @@ if (empty($id))
print " \n";
-$param = '&id='.$id;
-if ($search_country_id > 0) $param.= '&search_country_id='.$search_country_id;
+$param = '&id='.urlencode($id);
+if ($search_country_id > 0) $param.= '&search_country_id='.urlencode($search_country_id);
if ($search_code != '') $param.= '&search_code='.urlencode($search_country_id);
if ($entity != '') $param.= '&entity=' . (int) $entity;
$paramwithsearch = $param;
-if ($sortorder) $paramwithsearch.= '&sortorder='.$sortorder;
-if ($sortfield) $paramwithsearch.= '&sortfield='.$sortfield;
-if (GETPOST('from')) $paramwithsearch.= '&from='.GETPOST('from','alpha');
+if ($sortorder) $paramwithsearch.= '&sortorder='.urlencode($sortorder);
+if ($sortfield) $paramwithsearch.= '&sortfield='.urlencode($sortfield);
+if (GETPOST('from')) $paramwithsearch.= '&from='.urlencode(GETPOST('from','alpha'));
// Confirmation de la suppression de la ligne
@@ -999,10 +999,10 @@ if ($id)
{
// If sort order is "country", we use country_code instead
if ($sortfield == 'country') $sortfield='country_code';
- $sql.= " ORDER BY ".$sortfield;
+ $sql.= " ORDER BY ".$db->escape($sortfield);
if ($sortorder)
{
- $sql.=" ".strtoupper($sortorder);
+ $sql.=" ".strtoupper($db->escape($sortorder));
}
$sql.=", ";
// Clear the required sort criteria for the tabsqlsort to be able to force it with selected value
diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php
index fb2729bb77b..24bd6a7b8fe 100644
--- a/htdocs/admin/mails_templates.php
+++ b/htdocs/admin/mails_templates.php
@@ -430,24 +430,9 @@ if ($search_type_template != '' && $search_type_template != '-1') $sql.=natural_
if ($search_lang) $sql.=natural_search('lang', $search_lang);
if ($search_fk_user != '' && $search_fk_user != '-1') $sql.=natural_search('fk_user', $search_fk_user, 2);
if ($search_topic) $sql.=natural_search('topic', $search_topic);
-if ($sortfield)
-{
- // If sort order is "country", we use country_code instead
- if ($sortfield == 'country') $sortfield='country_code';
- $sql.= " ORDER BY ".$sortfield;
- if ($sortorder)
- {
- $sql.=" ".strtoupper($sortorder);
- }
- $sql.=", ";
- // Clear the required sort criteria for the tabsqlsort to be able to force it with selected value
- $tabsqlsort[$id]=preg_replace('/([a-z]+\.)?'.$sortfield.' '.$sortorder.',/i','',$tabsqlsort[$id]);
- $tabsqlsort[$id]=preg_replace('/([a-z]+\.)?'.$sortfield.',/i','',$tabsqlsort[$id]);
-}
-else {
- $sql.=" ORDER BY ";
-}
-$sql.=$tabsqlsort[$id];
+// If sort order is "country", we use country_code instead
+if ($sortfield == 'country') $sortfield='country_code';
+$sql.=$db->order($sortfield,$sortorder);
$sql.=$db->plimit($listlimit+1,$offset);
//print $sql;
diff --git a/htdocs/admin/system/filecheck.php b/htdocs/admin/system/filecheck.php
index 60c20dfafe7..fa9d46bf327 100644
--- a/htdocs/admin/system/filecheck.php
+++ b/htdocs/admin/system/filecheck.php
@@ -72,7 +72,7 @@ print ' ';
$file_list = array('missing' => array(), 'updated' => array());
// Local file to compare to
-$xmlshortfile = GETPOST('xmlshortfile')?GETPOST('xmlshortfile'):'/install/filelist-'.DOL_VERSION.'.xml';
+$xmlshortfile = GETPOST('xmlshortfile','alpha')?GETPOST('xmlshortfile','alpha'):'/install/filelist-'.DOL_VERSION.(empty($conf->global->MAIN_FILECHECK_LOCAL_SUFFIX)?'':$conf->global->MAIN_FILECHECK_LOCAL_SUFFIX).'.xml';
$xmlfile = DOL_DOCUMENT_ROOT.$xmlshortfile;
// Remote file to compare to
$xmlremote = GETPOST('xmlremote');
@@ -83,8 +83,8 @@ if (empty($xmlremote)) $xmlremote = 'https://www.dolibarr.org/files/stable/signa
// Test if remote test is ok
-$enableremotecheck = True;
-if (preg_match('/beta|alpha|rc/i', DOL_VERSION) || ! empty($conf->global->MAIN_ALLOW_INTEGRITY_CHECK_ON_UNSTABLE)) $enableremotecheck=False;
+$enableremotecheck = true;
+if (preg_match('/beta|alpha|rc/i', DOL_VERSION) || ! empty($conf->global->MAIN_ALLOW_INTEGRITY_CHECK_ON_UNSTABLE)) $enableremotecheck=false;
$enableremotecheck = true;
print '
';
// Contact pour cette action
- if (! empty($objcon->id) && isset($histo[$key]['contact_id']) && $histo[$key]['contact_id'] > 0)
+ if (empty($objcon->id) && isset($histo[$key]['contact_id']) && $histo[$key]['contact_id'] > 0)
{
$contactstatic->lastname=$histo[$key]['lastname'];
$contactstatic->firstname=$histo[$key]['firstname'];
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 37e957c868c..78010725086 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -578,12 +578,12 @@ function GETPOST($paramname, $check='none', $method=0, $filter=NULL, $options=NU
{
//var_dump($paramname.' - '.$out.' '.$user->default_values[$relativepathstring]['filters'][$paramname]);
- // We save search key only if:
- // - not empty, or
- // - if value is empty and a default value exists that is not empty (it means we did a filter to an empty value when default was not).
+ // We save search key only if $out not empty that means:
+ // - posted value not empty, or
+ // - if posted value is empty and a default value exists that is not empty (it means we did a filter to an empty value when default was not).
//if (! empty($out) || ! empty($user->default_values[$relativepathstring]['filters'][$paramname]))
- if (! empty($out))
+ if ($out != '') // $out = '0' like 'abc' is a search criteria to keep
{
$user->lastsearch_values_tmp[$relativepathstring][$paramname]=$out;
}
@@ -4261,7 +4261,8 @@ function get_localtax($vatrate, $local, $thirdparty_buyer="", $thirdparty_seller
if ($local == 2)
{
- if (! $mysoc->localtax2_assuj || (string) $vatratecleaned == "0") return 0;
+ //if (! $mysoc->localtax2_assuj || (string) $vatratecleaned == "0") return 0;
+ if (! $mysoc->localtax2_assuj) return 0; // If main vat is 0, IRPF may be different than 0.
if ($thirdparty_seller->id == $mysoc->id)
{
if (! $thirdparty_buyer->localtax2_assuj) return 0;
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index a901dd817d5..c9968bb459f 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -384,7 +384,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
if ($feature == 'project') $feature='projet';
if ($feature == 'task') $feature='projet_task';
- $check = array('adherent','banque','don','user','usergroup','produit','service','produit|service','categorie','resource'); // Test on entity only (Objects with no link to company)
+ $check = array('adherent','banque','don','user','usergroup','product','produit','service','produit|service','categorie','resource'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for societe object
$checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet','project'); // Test for project object
diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index e930a0ab8b9..0104f787bf8 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -4,6 +4,7 @@
* Copyright (C) 2012-2015 Juanjo Menent
* Copyright (C) 2013 Cédric Salvador
* Copyright (C) 2015 Marcos García
+ * Copyright (C) 2018 Ferran Marcet
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -802,7 +803,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
$newmenu->add("/compta/facture/card.php?action=create",$langs->trans("NewBill"),1,$user->rights->facture->creer);
$newmenu->add("/compta/facture/list.php?leftmenu=customers_bills",$langs->trans("List"),1,$user->rights->facture->lire, '', $mainmenu, 'customers_bills_list');
- if ($usemenuhider || empty($leftmenu) || preg_match('/customers_bills(|draft|notpaid|paid|canceled)$/', $leftmenu))
+ if ($usemenuhider || empty($leftmenu) || preg_match('/customers_bills(|_draft|_notpaid|_paid|_canceled)$/', $leftmenu))
{
$newmenu->add("/compta/facture/list.php?leftmenu=customers_bills_draft&search_status=0",$langs->trans("BillShortStatusDraft"),2,$user->rights->facture->lire);
$newmenu->add("/compta/facture/list.php?leftmenu=customers_bills_notpaid&search_status=1",$langs->trans("BillShortStatusNotPaid"),2,$user->rights->facture->lire);
@@ -1257,18 +1258,18 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
if (! empty($conf->stock->enabled))
{
$langs->load("stocks");
- if (empty($conf->global->MAIN_USE_ADVANCED_PERMS))
- {
- $newmenu->add("/product/inventory/list.php?leftmenu=stock", $langs->trans("Inventory"), 0, $user->rights->stock->lire, '', $mainmenu, 'stock');
- $newmenu->add("/product/inventory/card.php?action=create", $langs->trans("NewInventory"), 1, $user->rights->stock->creer);
- $newmenu->add("/product/inventory/list.php", $langs->trans("List"), 1, $user->rights->stock->lire);
- }
- else
- {
- $newmenu->add("/product/inventory/list.php?leftmenu=stock", $langs->trans("Inventory"), 0, $user->rights->stock->advance_inventory->read, '', $mainmenu, 'stock');
- $newmenu->add("/product/inventory/card.php?action=create", $langs->trans("NewInventory"), 1, $user->rights->stock->advance_inventory->write);
- $newmenu->add("/product/inventory/list.php", $langs->trans("List"), 1, $user->rights->stock->advance_inventory->read);
- }
+ if (empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+ {
+ $newmenu->add("/product/inventory/list.php?leftmenu=stock", $langs->trans("Inventory"), 0, $user->rights->stock->lire, '', $mainmenu, 'stock');
+ $newmenu->add("/product/inventory/card.php?action=create", $langs->trans("NewInventory"), 1, $user->rights->stock->creer);
+ $newmenu->add("/product/inventory/list.php", $langs->trans("List"), 1, $user->rights->stock->lire);
+ }
+ else
+ {
+ $newmenu->add("/product/inventory/list.php?leftmenu=stock", $langs->trans("Inventory"), 0, $user->rights->stock->inventory_advance->read, '', $mainmenu, 'stock');
+ $newmenu->add("/product/inventory/card.php?action=create", $langs->trans("NewInventory"), 1, $user->rights->stock->inventory_advance->write);
+ $newmenu->add("/product/inventory/list.php", $langs->trans("List"), 1, $user->rights->stock->inventory_advance->read);
+ }
}
}
diff --git a/htdocs/core/modules/modStock.class.php b/htdocs/core/modules/modStock.class.php
index c23a02eeac1..daeb948fe4a 100644
--- a/htdocs/core/modules/modStock.class.php
+++ b/htdocs/core/modules/modStock.class.php
@@ -122,31 +122,31 @@ class modStock extends DolibarrModules
$this->rights[5][0] = 1011;
$this->rights[5][1] = 'inventoryReadPermission'; // Permission label
$this->rights[5][3] = 0; // Permission by default for new user (0/1)
- $this->rights[5][4] = 'advance_inventory'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
+ $this->rights[5][4] = 'inventory_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[5][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[6][0] = 1012;
$this->rights[6][1] = 'inventoryCreatePermission'; // Permission label
$this->rights[6][3] = 0; // Permission by default for new user (0/1)
- $this->rights[6][4] = 'advance_inventory'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
+ $this->rights[6][4] = 'inventory_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[6][5] = 'create'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[7][0] = 1013;
$this->rights[7][1] = 'inventoryWritePermission'; // Permission label
$this->rights[7][3] = 0; // Permission by default for new user (0/1)
- $this->rights[7][4] = 'advance_inventory'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
+ $this->rights[7][4] = 'inventory_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[7][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[8][0] = 1014;
$this->rights[8][1] = 'inventoryValidatePermission'; // Permission label
$this->rights[8][3] = 0; // Permission by default for new user (0/1)
- $this->rights[8][4] = 'advance_inventory'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
+ $this->rights[8][4] = 'inventory_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[8][5] = 'validate'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[9][0] = 1015;
$this->rights[9][1] = 'inventoryChangePMPPermission'; // Permission label
$this->rights[9][3] = 0; // Permission by default for new user (0/1)
- $this->rights[9][4] = 'advance_inventory'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
+ $this->rights[9][4] = 'inventory_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[9][5] = 'changePMP'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
}
diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php
index 4dee1f94f24..73e71b46398 100644
--- a/htdocs/fichinter/class/fichinter.class.php
+++ b/htdocs/fichinter/class/fichinter.class.php
@@ -369,8 +369,8 @@ class Fichinter extends CommonObject
$this->statut = $obj->fk_statut;
$this->duration = $obj->duree;
$this->datec = $this->db->jdate($obj->datec);
- $this->datee = $this->db->jdate($obj->dateo);
- $this->dateo = $this->db->jdate($obj->datee);
+ $this->dateo = $this->db->jdate($obj->dateo);
+ $this->datee = $this->db->jdate($obj->datee);
$this->datet = $this->db->jdate($obj->datet);
$this->datev = $this->db->jdate($obj->datev);
$this->datem = $this->db->jdate($obj->datem);
diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php
index 99a6b550f45..b8126b4fcc8 100644
--- a/htdocs/filefunc.inc.php
+++ b/htdocs/filefunc.inc.php
@@ -31,7 +31,7 @@
*/
if (! defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE','Dolibarr');
-if (! defined('DOL_VERSION')) define('DOL_VERSION','7.0.2'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c
+if (! defined('DOL_VERSION')) define('DOL_VERSION','7.0.3'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c
if (! defined('EURO')) define('EURO',chr(128));
diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php
index 8580bec8cd9..bbf5694fc2c 100644
--- a/htdocs/fourn/class/fournisseur.facture.class.php
+++ b/htdocs/fourn/class/fournisseur.facture.class.php
@@ -1402,6 +1402,11 @@ class FactureFournisseur extends CommonInvoice
if (empty($txlocaltax1)) $txlocaltax1=0;
if (empty($txlocaltax2)) $txlocaltax2=0;
+ if ($rang < 0) {
+ $rangmax = $this->line_max();
+ $rang = $rangmax + 1;
+ }
+
$localtaxes_type=getLocalTaxesFromRate($txtva, 0, $mysoc, $this->thirdparty);
// Clean vat code
diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php
index 0198bcc24ac..8ea1f249b7e 100644
--- a/htdocs/fourn/commande/card.php
+++ b/htdocs/fourn/commande/card.php
@@ -1072,8 +1072,6 @@ if (empty($reshook))
$fk_parent_line = 0;
$num = count($lines);
- $productsupplier = new ProductFournisseur($db);
-
for($i = 0; $i < $num; $i ++)
{
@@ -1081,7 +1079,7 @@ if (empty($reshook))
continue;
$label = (! empty($lines[$i]->label) ? $lines[$i]->label : '');
- $desc = (! empty($lines[$i]->desc) ? $lines[$i]->desc : $lines[$i]->libelle);
+ $desc = (! empty($lines[$i]->desc) ? $lines[$i]->desc : $lines[$i]->product_desc);
$product_type = (! empty($lines[$i]->product_type) ? $lines[$i]->product_type : 0);
// Reset fk_parent_line for no child products and special product
@@ -1097,43 +1095,57 @@ if (empty($reshook))
$array_option = $lines[$i]->array_options;
}
- $result = $productsupplier->find_min_price_product_fournisseur($lines[$i]->fk_product, $lines[$i]->qty, $srcobject->socid);
- if ($result>=0)
+ $ref_supplier = '';
+ $product_fourn_price_id = 0;
+ if ($origin == "commande")
{
- $tva_tx = $lines[$i]->tva_tx;
-
- if ($origin=="commande")
+ $productsupplier = new ProductFournisseur($db);
+ $result = $productsupplier->find_min_price_product_fournisseur($lines[$i]->fk_product, $lines[$i]->qty, $srcobject->socid);
+ if ($result > 0)
{
- $soc=new societe($db);
- $soc->fetch($socid);
- $tva_tx=get_default_tva($soc, $mysoc, $lines[$i]->fk_product, $productsupplier->product_fourn_price_id);
+ $ref_supplier = $productsupplier->ref_supplier;
+ $product_fourn_price_id = $productsupplier->product_fourn_price_id;
}
-
- $result = $object->addline(
- $desc,
- $lines[$i]->subprice,
- $lines[$i]->qty,
- $tva_tx,
- $lines[$i]->localtax1_tx,
- $lines[$i]->localtax2_tx,
- $lines[$i]->fk_product > 0 ? $lines[$i]->fk_product : 0,
- $productsupplier->product_fourn_price_id,
- $productsupplier->ref_supplier,
- $lines[$i]->remise_percent,
- 'HT',
- 0,
- $lines[$i]->product_type,
- '',
- '',
- null,
- null,
- array(),
- $lines[$i]->fk_unit,
- 0,
- $element,
- !empty($lines[$i]->id) ? $lines[$i]->id : $lines[$i]->rowid
- );
}
+ else
+ {
+ $ref_supplier = $lines[$i]->ref_fourn;
+ $product_fourn_price_id = 0;
+ }
+
+ $tva_tx = $lines[$i]->tva_tx;
+
+ if ($origin=="commande")
+ {
+ $soc=new societe($db);
+ $soc->fetch($socid);
+ $tva_tx=get_default_tva($soc, $mysoc, $lines[$i]->fk_product, $product_fourn_price_id);
+ }
+
+ $result = $object->addline(
+ $desc,
+ $lines[$i]->subprice,
+ $lines[$i]->qty,
+ $tva_tx,
+ $lines[$i]->localtax1_tx,
+ $lines[$i]->localtax2_tx,
+ $lines[$i]->fk_product > 0 ? $lines[$i]->fk_product : 0,
+ $product_fourn_price_id,
+ $ref_supplier,
+ $lines[$i]->remise_percent,
+ 'HT',
+ 0,
+ $lines[$i]->product_type,
+ '',
+ '',
+ null,
+ null,
+ array(),
+ $lines[$i]->fk_unit,
+ 0,
+ $element,
+ !empty($lines[$i]->id) ? $lines[$i]->id : $lines[$i]->rowid
+ );
if ($result < 0) {
$error++;
diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php
index 950c297fb3b..c8f73111021 100644
--- a/htdocs/holiday/class/holiday.class.php
+++ b/htdocs/holiday/class/holiday.class.php
@@ -779,25 +779,27 @@ class Holiday extends CommonObject
/**
- * Check a user is not on holiday for a particular timestamp
+ * Check that a user is not on holiday for a particular timestamp
*
* @param int $fk_user Id user
* @param timestamp $timestamp Time stamp date for a day (YYYY-MM-DD) without hours (= 12:00AM in english and not 12:00PM that is 12:00)
+ * @param string $status Filter on holiday status. '-1' = no filter.
* @return array array('morning'=> ,'afternoon'=> ), Boolean is true if user is available for day timestamp.
* @see verifDateHolidayCP
*/
- function verifDateHolidayForTimestamp($fk_user, $timestamp)
+ function verifDateHolidayForTimestamp($fk_user, $timestamp, $status='-1')
{
global $langs, $conf;
$isavailablemorning=true;
$isavailableafternoon=true;
- $sql = "SELECT cp.rowid, cp.date_debut as date_start, cp.date_fin as date_end, cp.halfday";
+ $sql = "SELECT cp.rowid, cp.date_debut as date_start, cp.date_fin as date_end, cp.halfday, cp.statut";
$sql.= " FROM ".MAIN_DB_PREFIX."holiday as cp";
$sql.= " WHERE cp.entity IN (".getEntity('holiday').")";
$sql.= " AND cp.fk_user = ".(int) $fk_user;
- $sql.= " AND date_debut <= '".$this->db->idate($timestamp)."' AND date_fin >= '".$this->db->idate($timestamp)."'";
+ $sql.= " AND cp.date_debut <= '".$this->db->idate($timestamp)."' AND cp.date_fin >= '".$this->db->idate($timestamp)."'";
+ if ($status != '-1') $sql.=" AND cp.statut IN (".$this->db->escape($status).")";
$resql = $this->db->query($sql);
if ($resql)
diff --git a/htdocs/install/mysql/migration/6.0.0-7.0.0.sql b/htdocs/install/mysql/migration/6.0.0-7.0.0.sql
index efb47ede029..cf0a8c8cc49 100644
--- a/htdocs/install/mysql/migration/6.0.0-7.0.0.sql
+++ b/htdocs/install/mysql/migration/6.0.0-7.0.0.sql
@@ -577,21 +577,21 @@ ALTER TABLE llx_c_email_senderprofile ADD UNIQUE INDEX uk_c_email_senderprofile(
-- Add new chart of account entries
INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 67,'PC-MIPYME', 'The PYME accountancy Chile plan', 1);
INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 7,'ENG-BASE', 'England plan', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 49,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 60,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 24,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 65,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 71,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 72,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 21,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 16,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 87,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES (147,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES (168,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 73,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 22,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 66,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
-INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 15,'SYSCOHADA', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 49,'SYSCOHADA-BJ', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 60,'SYSCOHADA-BF', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 24,'SYSCOHADA-CM', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 65,'SYSCOHADA-CF', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 71,'SYSCOHADA-KM', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 72,'SYSCOHADA-CG', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 21,'SYSCOHADA-CI', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 16,'SYSCOHADA-GA', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 87,'SYSCOHADA-GQ', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES (147,'SYSCOHADA-ML', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES (168,'SYSCOHADA-NE', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 73,'SYSCOHADA-CD', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 22,'SYSCOHADA-SN', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 66,'SYSCOHADA-TD', 'Plan comptable Ouest-Africain', 1);
+INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 15,'SYSCOHADA-TG', 'Plan comptable Ouest-Africain', 1);
-- Update old chart of account entries
diff --git a/htdocs/modulebuilder/template/dev/codesniffer/DolibarrPSR2.xml b/htdocs/modulebuilder/template/dev/codesniffer/DolibarrPSR2.xml
deleted file mode 100644
index 48d3f5d8d1d..00000000000
--- a/htdocs/modulebuilder/template/dev/codesniffer/DolibarrPSR2.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
- The PSR2 standard with Dolibarr quirks.
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/htdocs/modulebuilder/template/dev/git-hooks/README b/htdocs/modulebuilder/template/dev/git-hooks/README
deleted file mode 100644
index a5d024c1bf5..00000000000
--- a/htdocs/modulebuilder/template/dev/git-hooks/README
+++ /dev/null
@@ -1,15 +0,0 @@
-# Git hooks
-
-Optional [GIT hooks](https://git-scm.com/book/it/v2/Customizing-Git-Git-Hooks) are provided.
-These are just wrappers calling composer scripts.
-They ensure best practices are followed during module development.
-
-Install:
-```sh
-composer git_hooks_install
-```
-
-Remove:
-```sh
-composer git_hooks_remove
-```
diff --git a/htdocs/modulebuilder/template/dev/git-hooks/post-commit b/htdocs/modulebuilder/template/dev/git-hooks/post-commit
deleted file mode 100755
index d44ff23047c..00000000000
--- a/htdocs/modulebuilder/template/dev/git-hooks/post-commit
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-composer git_post_commit
diff --git a/htdocs/modulebuilder/template/dev/git-hooks/pre-commit b/htdocs/modulebuilder/template/dev/git-hooks/pre-commit
deleted file mode 100755
index d8bd735325c..00000000000
--- a/htdocs/modulebuilder/template/dev/git-hooks/pre-commit
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-composer git_pre_commit
diff --git a/htdocs/modulebuilder/template/dev/git-hooks/pre-push b/htdocs/modulebuilder/template/dev/git-hooks/pre-push
deleted file mode 100755
index 61848c24831..00000000000
--- a/htdocs/modulebuilder/template/dev/git-hooks/pre-push
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-composer git_pre_push
diff --git a/htdocs/modulebuilder/template/dev/img/README.md b/htdocs/modulebuilder/template/dev/img/README.md
deleted file mode 100644
index f44c37f30c6..00000000000
--- a/htdocs/modulebuilder/template/dev/img/README.md
+++ /dev/null
@@ -1,53 +0,0 @@
-Source images
-=============
-
-Used to generate icons and publication assets.
-
-Icons
------
-
-### Dolibarr
-
-These resides in the [/img](../../img) directory.
-
-#### Small
-
-Required.
-Name must begin by ```object_```.
-
-- Sample:  [object_mymodule.png](../../img/object_mymodule.png)
-- Size: 14×14 pixels
-- Type: PNG
-
-#### Large
-
-Optional.
-
-- Sample:  [mymodule.png](../../img/mymodule.png)
-- Size: 32×32 pixels
-- Type: PNG
-
-### Dolistore
-
-Designed to fit a 512×512 icon + publisher branding.
-
-- Size: 704×704
-- Type: PNG
-
-Export to 512×512
-
-### Transifex
-
-- Size: 96×96
-- Type: PNG
-
-### Others
-
-To be on the safe side, you may also want to generate all popular sizes:
-- 16×16
-- 32×32
-- 48×48
-- 64×64
-- 128×128
-- 256×256
-- 512×512
diff --git a/htdocs/modulebuilder/template/dev/img/gfdl-129x44.png b/htdocs/modulebuilder/template/dev/img/gfdl-129x44.png
deleted file mode 100644
index f2bacfd179a..00000000000
Binary files a/htdocs/modulebuilder/template/dev/img/gfdl-129x44.png and /dev/null differ
diff --git a/htdocs/modulebuilder/template/dev/img/gfdl-66x23.png b/htdocs/modulebuilder/template/dev/img/gfdl-66x23.png
deleted file mode 100644
index b43479bf3c8..00000000000
Binary files a/htdocs/modulebuilder/template/dev/img/gfdl-66x23.png and /dev/null differ
diff --git a/htdocs/modulebuilder/template/dev/img/gfdl-logo.svg b/htdocs/modulebuilder/template/dev/img/gfdl-logo.svg
deleted file mode 100644
index a0daca0ead8..00000000000
--- a/htdocs/modulebuilder/template/dev/img/gfdl-logo.svg
+++ /dev/null
@@ -1,110 +0,0 @@
-
-
-
-
diff --git a/htdocs/modulebuilder/template/dev/img/gpl-v3-logo.svg b/htdocs/modulebuilder/template/dev/img/gpl-v3-logo.svg
deleted file mode 100644
index 6754c994bda..00000000000
--- a/htdocs/modulebuilder/template/dev/img/gpl-v3-logo.svg
+++ /dev/null
@@ -1,389 +0,0 @@
-
-
-
diff --git a/htdocs/modulebuilder/template/dev/img/gplv3-127x51.png b/htdocs/modulebuilder/template/dev/img/gplv3-127x51.png
deleted file mode 100644
index 3e9136e6266..00000000000
Binary files a/htdocs/modulebuilder/template/dev/img/gplv3-127x51.png and /dev/null differ
diff --git a/htdocs/modulebuilder/template/dev/img/gplv3-88x31.png b/htdocs/modulebuilder/template/dev/img/gplv3-88x31.png
deleted file mode 100644
index ba78d4c4941..00000000000
Binary files a/htdocs/modulebuilder/template/dev/img/gplv3-88x31.png and /dev/null differ
diff --git a/htdocs/modulebuilder/template/dev/img/mymodule.svg b/htdocs/modulebuilder/template/dev/img/mymodule.svg
deleted file mode 100644
index f51ead1a94e..00000000000
--- a/htdocs/modulebuilder/template/dev/img/mymodule.svg
+++ /dev/null
@@ -1,70 +0,0 @@
-
-
-
-
diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php
index 68cefa714c3..c4f92994d7a 100644
--- a/htdocs/modulebuilder/template/myobject_card.php
+++ b/htdocs/modulebuilder/template/myobject_card.php
@@ -112,7 +112,7 @@ if (empty($reshook))
{
$error=0;
- $permissiontoadd = $user->rights->mymodule->create;
+ $permissiontoadd = $user->rights->mymodule->write;
$permissiontodelete = $user->rights->mymodule->delete;
$backurlforlist = dol_buildpath('/mymodule/myobject_list.php',1);
diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php
index b21a6a34046..2e53237659d 100644
--- a/htdocs/product/class/api_products.class.php
+++ b/htdocs/product/class/api_products.class.php
@@ -289,7 +289,7 @@ class Products extends DolibarrApi
}
if ($result < 0) {
- throw new RestException(503, 'Error when retrieve category list : '.$categories->error);
+ throw new RestException(503, 'Error when retrieve category list : '.array_merge(array($categories->error), $categories->errors));
}
return $result;
@@ -323,7 +323,7 @@ class Products extends DolibarrApi
}
if ($result < 0) {
- throw new RestException(503, 'Error when retrieve prices list : '.$categories->error);
+ throw new RestException(503, 'Error when retrieve prices list : '.array_merge(array($this->product->error), $this->product->errors));
}
return array(
@@ -365,7 +365,7 @@ class Products extends DolibarrApi
}
if ($result < 0) {
- throw new RestException(503, 'Error when retrieve prices list : '.$categories->error);
+ throw new RestException(503, 'Error when retrieve prices list : '.array_merge(array($this->product->error), $this->product->errors));
}
throw new RestException(501, 'Feature not yet available');
@@ -400,7 +400,7 @@ class Products extends DolibarrApi
}
if ($result < 0) {
- throw new RestException(503, 'Error when retrieve prices list : '.$categories->error);
+ throw new RestException(503, 'Error when retrieve prices list : '.array_merge(array($this->product->error), $this->product->errors));
}
return array(
diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index e36d5970e8f..e989b0eb206 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -1116,7 +1116,7 @@ class Product extends CommonObject
//If it is a parent product, then we remove the association with child products
$prodcomb = new ProductCombination($this->db);
- if ($prodcomb->deleteByFkProductParent($id) < 0) {
+ if ($prodcomb->deleteByFkProductParent($user, $id) < 0) {
$error++;
$this->errors[] = 'Error deleting combinations';
}
diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php
index 30bb3312576..aaba9e8cdfe 100644
--- a/htdocs/product/inventory/card.php
+++ b/htdocs/product/inventory/card.php
@@ -42,7 +42,7 @@ if (empty($conf->global->MAIN_USE_ADVANCED_PERMS))
}
else
{
- $result = restrictedArea($user, 'stock', $id, '', 'advance_inventory');
+ $result = restrictedArea($user, 'stock', $id, '', 'inventory_advance');
}
// Initialize technical objects
@@ -82,8 +82,8 @@ if (empty($conf->global->MAIN_USE_ADVANCED_PERMS))
}
else
{
- $permissiontoadd = $user->rights->stock->advance_inventory->create;
- $permissiontodelete = $user->rights->stock->advance_inventory->write;
+ $permissiontoadd = $user->rights->stock->inventory_advance->create;
+ $permissiontodelete = $user->rights->stock->inventory_advance->write;
}
diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php
index f3089099efe..79f0835e991 100644
--- a/htdocs/product/inventory/list.php
+++ b/htdocs/product/inventory/list.php
@@ -78,7 +78,7 @@ if (empty($conf->global->MAIN_USE_ADVANCED_PERMS))
}
else
{
- $result = restrictedArea($user, 'stock', $objectid, '', 'advance_inventory');
+ $result = restrictedArea($user, 'stock', $objectid, '', 'inventory_advance');
}
// Initialize array of search criterias
diff --git a/htdocs/product/price.php b/htdocs/product/price.php
index a2afb5f9bb8..fc5c20c3d1a 100644
--- a/htdocs/product/price.php
+++ b/htdocs/product/price.php
@@ -152,7 +152,7 @@ if (empty($reshook))
$db->begin();
$resql = $object->update($object->id, $user);
- if (! $resql)
+ if (! $resql || $resql < 0)
{
$error++;
setEventMessages($object->error, $object->errors, 'errors');
diff --git a/htdocs/projet/activity/perday.php b/htdocs/projet/activity/perday.php
index f30b0ac4757..fc78042b83e 100644
--- a/htdocs/projet/activity/perday.php
+++ b/htdocs/projet/activity/perday.php
@@ -49,7 +49,8 @@ $projectid=isset($_GET["id"])?$_GET["id"]:$_POST["projectid"];
// Security check
$socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+// For external user, no check is done on company because readability is managed by public status of project and assignement.
+//if ($user->societe_id > 0) $socid=$user->societe_id;
$result = restrictedArea($user, 'projet', $projectid);
$now=dol_now();
@@ -496,7 +497,8 @@ $restrictviewformytask=(empty($conf->global->PROJECT_TIME_SHOW_TASK_NOT_ASSIGNED
$holiday = new Holiday($db);
$isavailable=array();
-$isavailablefordayanduser = $holiday->verifDateHolidayForTimestamp($usertoprocess->id, $daytoparse); // $daytoparse is a date with hours = 0
+$statusofholidaytocheck = '3';
+$isavailablefordayanduser = $holiday->verifDateHolidayForTimestamp($usertoprocess->id, $daytoparse, $statusofholiday); // $daytoparse is a date with hours = 0
$isavailable[$daytoparse]=$isavailablefordayanduser; // in projectLinesPerWeek later, we are using $firstdaytoshow and dol_time_plus_duree to loop on each day
if (count($tasksarray) > 0)
diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php
index a3c8c9ebe54..a7de08efebe 100644
--- a/htdocs/projet/activity/perweek.php
+++ b/htdocs/projet/activity/perweek.php
@@ -49,7 +49,8 @@ $projectid=isset($_GET["id"])?$_GET["id"]:$_POST["projectid"];
// Security check
$socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+// For external user, no check is done on company because readability is managed by public status of project and assignement.
+// if ($user->societe_id > 0) $socid=$user->societe_id;
$result = restrictedArea($user, 'projet', $projectid);
$now=dol_now();
@@ -503,7 +504,8 @@ for ($i=0;$i<7;$i++)
//print dol_print_date($dayinloopwithouthours, 'dayhour').' ';
//print dol_print_date($dayinloopfromfirstdaytoshow, 'dayhour').' ';
- $isavailablefordayanduser = $holiday->verifDateHolidayForTimestamp($usertoprocess->id, $dayinloopfromfirstdaytoshow);
+ $statusofholidaytocheck = '3';
+ $isavailablefordayanduser = $holiday->verifDateHolidayForTimestamp($usertoprocess->id, $dayinloopfromfirstdaytoshow, $statusofholidaytocheck);
$isavailable[$dayinloopfromfirstdaytoshow]=$isavailablefordayanduser; // in projectLinesPerWeek later, we are using $firstdaytoshow and dol_time_plus_duree to loop on each day
print '
';
}
diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
index d4124024ae2..8cbb45eae37 100644
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -1703,23 +1703,26 @@ class Project extends CommonObject
{
global $conf, $langs;
- $mine=0; $socid=$user->societe_id;
-
- $projectsListId = $this->getProjectsAuthorizedForUser($user,$mine?$mine:($user->rights->projet->all->lire?2:0),1,$socid);
+ // For external user, no check is done on company because readability is managed by public status of project and assignement.
+ //$socid=$user->societe_id;
+ if (! $user->rights->projet->all->lire) $projectsListId = $this->getProjectsAuthorizedForUser($user,0,1,$socid);
+
$sql = "SELECT p.rowid, p.fk_statut as status, p.fk_opp_status, p.datee as datee";
$sql.= " FROM (".MAIN_DB_PREFIX."projet as p";
$sql.= ")";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
- if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
+ // For external user, no check is done on company permission because readability is managed by public status of project and assignement.
+ //if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
$sql.= " WHERE p.fk_statut = 1";
$sql.= " AND p.entity IN (".getEntity('project', 0).')';
- if ($mine || ! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
+ if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
// No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
//if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
- if ($socid) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
- if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
-
+ // For external user, no check is done on company permission because readability is managed by public status of project and assignement.
+ //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
+
+ //print $sql;
$resql=$this->db->query($sql);
if ($resql)
{
diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php
index ab34ec1acb3..29cadb08ad6 100644
--- a/htdocs/projet/class/task.class.php
+++ b/htdocs/projet/class/task.class.php
@@ -1829,28 +1829,31 @@ class Task extends CommonObject
{
global $conf, $langs;
- $mine=0; $socid=$user->societe_id;
-
+ // For external user, no check is done on company because readability is managed by public status of project and assignement.
+ //$socid=$user->societe_id;
+
$projectstatic = new Project($this->db);
- $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1,$socid);
-
+ $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,0,1,$socid);
+
// List of tasks (does not care about permissions. Filtering will be done later)
$sql = "SELECT p.rowid as projectid, p.fk_statut as projectstatus,";
$sql.= " t.rowid as taskid, t.progress as progress, t.fk_statut as status,";
$sql.= " t.dateo as date_start, t.datee as datee";
$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
- if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
+ //if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
$sql.= ", ".MAIN_DB_PREFIX."projet_task as t";
$sql.= " WHERE p.entity IN (".getEntity('project', 0).')';
$sql.= " AND p.fk_statut = 1";
$sql.= " AND t.fk_projet = p.rowid";
$sql.= " AND t.progress < 100"; // tasks to do
- if ($mine || ! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
+ if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
// No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
//if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
if ($socid) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
- if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
+ // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
+ // if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
+
//print $sql;
$resql=$this->db->query($sql);
if ($resql)
diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php
index fde0ed45288..f162aa9db40 100644
--- a/htdocs/projet/contact.php
+++ b/htdocs/projet/contact.php
@@ -49,6 +49,7 @@ $socid=0;
//if ($user->societe_id > 0) $socid = $user->societe_id; // For external user, no check is done on company because readability is managed by public status of project and assignement.
$result = restrictedArea($user, 'projet', $id,'projet&project');
+$hookmanager->initHooks(array('projectcontactcard','globalcard'));
/*
* Actions
diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php
index 8b791b7a9c7..dd19ceeb263 100644
--- a/htdocs/projet/element.php
+++ b/htdocs/projet/element.php
@@ -146,7 +146,7 @@ $morehtmlref.='';
if (! $user->rights->projet->all->lire)
{
$objectsListId = $object->getProjectsAuthorizedForUser($user,0,0);
- $object->next_prev_filter=" rowid in (".(count($objectsListId)?join(',',array_keys($objectsListId)):'0').")";
+ $object->next_prev_filter=" te.rowid in (".(count($objectsListId)?join(',',array_keys($objectsListId)):'0').")";
}
dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
diff --git a/htdocs/projet/index.php b/htdocs/projet/index.php
index c922ca0514b..1ff9e22041d 100644
--- a/htdocs/projet/index.php
+++ b/htdocs/projet/index.php
@@ -290,7 +290,10 @@ if ( $resql )
print $langs->trans("OthersNotLinkedToThirdParty");
}
print '';
- print '
';
diff --git a/htdocs/variants/class/ProductCombination.class.php b/htdocs/variants/class/ProductCombination.class.php
index 4f647aa2cb3..92bba2f70f8 100644
--- a/htdocs/variants/class/ProductCombination.class.php
+++ b/htdocs/variants/class/ProductCombination.class.php
@@ -275,10 +275,11 @@ class ProductCombination
/**
* Deletes all product combinations of a parent product
*
- * @param int $fk_product_parent Rowid of parent product
+ * @param User $user Object user
+ * @param int $fk_product_parent Rowid of parent product
* @return int <0 KO >0 OK
*/
- public function deleteByFkProductParent($fk_product_parent)
+ public function deleteByFkProductParent($user, $fk_product_parent)
{
$this->db->begin();
@@ -289,11 +290,11 @@ class ProductCombination
$res = $prodstatic->fetch($prodcomb->fk_product_child);
if ($res > 0) {
- $res = $prodcomb->delete();
+ $res = $prodcomb->delete($user);
}
if ($res > 0 && !$prodstatic->isObjectUsed($prodstatic->id)) {
- $res = $prodstatic->delete();
+ $res = $prodstatic->delete($user);
}
if ($res < 0) {
diff --git a/htdocs/variants/generator.php b/htdocs/variants/generator.php
index d4162899874..4daa2d8f45a 100644
--- a/htdocs/variants/generator.php
+++ b/htdocs/variants/generator.php
@@ -95,7 +95,7 @@ if ($_POST) {
$delete_prev_comb_res = 1;
if (!$donotremove) {
- $delete_prev_comb_res = $combination->deleteByFkProductParent($id);
+ $delete_prev_comb_res = $combination->deleteByFkProductParent($user, $id);
}
//Current combinations will be deleted
diff --git a/test/phpunit/AccountingAccountTest.php b/test/phpunit/AccountingAccountTest.php
new file mode 100644
index 00000000000..ba7f567b4a0
--- /dev/null
+++ b/test/phpunit/AccountingAccountTest.php
@@ -0,0 +1,225 @@
+
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ * or see http://www.gnu.org/
+ */
+
+/**
+ * \file test/phpunit/AccountingAccount.php
+ * \ingroup test
+ * \brief PHPUnit test
+ * \remarks To run this script as CLI: phpunit filename.php
+ */
+
+global $conf,$user,$langs,$db;
+//define('TEST_DB_FORCE_TYPE','mysql'); // This is to force using mysql driver
+//require_once 'PHPUnit/Autoload.php';
+require_once dirname(__FILE__).'/../../htdocs/master.inc.php';
+require_once dirname(__FILE__).'/../../htdocs/accountancy/class/accountingaccount.class.php';
+
+if (empty($user->id)) {
+ print "Load permissions for admin user nb 1\n";
+ $user->fetch(1);
+ $user->getrights();
+}
+$conf->global->MAIN_DISABLE_ALL_MAILS=1;
+
+
+/**
+ * Class for PHPUnit tests
+ *
+ * @backupGlobals disabled
+ * @backupStaticAttributes enabled
+ * @remarks backupGlobals must be disabled to have db,conf,user and lang not erased.
+ */
+class AccountingAccountTest extends PHPUnit_Framework_TestCase
+{
+ protected $savconf;
+ protected $savuser;
+ protected $savlangs;
+ protected $savdb;
+
+ /**
+ * Constructor
+ * We save global variables into local variables
+ *
+ * @return AccountingAccountTest
+ */
+ function __construct()
+ {
+ //$this->sharedFixture
+ global $conf,$user,$langs,$db;
+ $this->savconf=$conf;
+ $this->savuser=$user;
+ $this->savlangs=$langs;
+ $this->savdb=$db;
+
+ print __METHOD__." db->type=".$db->type." user->id=".$user->id;
+ //print " - db ".$db->db;
+ print "\n";
+ }
+
+ // Static methods
+ public static function setUpBeforeClass()
+ {
+ global $conf,$user,$langs,$db;
+ $db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
+
+ if (empty($conf->accounting->enabled)) { print __METHOD__." module accouting must be enabled.\n"; die(); }
+
+ print __METHOD__."\n";
+ }
+
+ // tear down after class
+ public static function tearDownAfterClass()
+ {
+ global $conf,$user,$langs,$db;
+ $db->rollback();
+
+ print __METHOD__."\n";
+ }
+
+ /**
+ * Init phpunit tests
+ *
+ * @return void
+ */
+ protected function setUp()
+ {
+ global $conf,$user,$langs,$db;
+ $conf=$this->savconf;
+ $user=$this->savuser;
+ $langs=$this->savlangs;
+ $db=$this->savdb;
+
+ print __METHOD__."\n";
+ //print $db->getVersion()."\n";
+ }
+
+ /**
+ * End phpunit tests
+ *
+ * @return void
+ */
+ protected function tearDown()
+ {
+ print __METHOD__."\n";
+ }
+
+ /**
+ * testAccountingAccountCreate
+ *
+ * @return void
+ */
+ public function testAccountingAccountCreate()
+ {
+ global $conf,$user,$langs,$db;
+ $conf=$this->savconf;
+ $user=$this->savuser;
+ $langs=$this->savlangs;
+ $db=$this->savdb;
+
+ $localobject=new AccountingAccount($this->savdb);
+ $localobject->fk_pcg_version = 'PCG99-ABREGE';
+ $localobject->account_category = 0;
+ $localobject->pcg_type = 'XXXXX';
+ $localobject->pcg_subtype = 'XXXXX';
+ $localobject->account_parent = 0;
+ $localobject->label = 'Account specimen';
+ $localobject->active = 0;
+ $result=$localobject->create($user);
+
+ $this->assertLessThan($result, 0);
+ print __METHOD__." result=".$result."\n";
+ return $result;
+ }
+
+ /**
+ * testAccountingAccountFetch
+ *
+ * @param int $id Id order
+ * @return AccountingAccount
+ *
+ * @depends testAccountingAccountCreate
+ * The depends says test is run only if previous is ok
+ */
+ public function testAccountingAccountFetch($id)
+ {
+ global $conf,$user,$langs,$db;
+ $conf=$this->savconf;
+ $user=$this->savuser;
+ $langs=$this->savlangs;
+ $db=$this->savdb;
+
+ $localobject=new AccountingAccount($this->savdb);
+ $result=$localobject->fetch($id);
+
+ $this->assertLessThan($result, 0);
+ print __METHOD__." id=".$id." result=".$result."\n";
+ return $localobject;
+ }
+
+ /**
+ * testAccountingAccountUpdate
+ *
+ * @param Object $localobject AccountingAccount
+ * @return AccountingAccount
+ *
+ * @depends testAccountingAccountFetch
+ * The depends says test is run only if previous is ok
+ */
+ public function testAccountingAccountUpdate($localobject)
+ {
+ global $conf,$user,$langs,$db;
+ $conf=$this->savconf;
+ $user=$this->savuser;
+ $langs=$this->savlangs;
+ $db=$this->savdb;
+
+ $localobject->label='New label';
+ $result=$localobject->update($user);
+
+ $this->assertLessThan($result, 0);
+ print __METHOD__." id=".$id." result=".$result."\n";
+ return $localobject->id;
+ }
+
+ /**
+ * testAccountingAccountDelete
+ *
+ * @param int $id Id of order
+ * @return void
+ *
+ * @depends testAccountingAccountUpdate
+ * The depends says test is run only if previous is ok
+ */
+ public function testAccountingAccountDelete($id)
+ {
+ global $conf,$user,$langs,$db;
+ $conf=$this->savconf;
+ $user=$this->savuser;
+ $langs=$this->savlangs;
+ $db=$this->savdb;
+
+ $localobject=new AccountingAccount($this->savdb);
+ $result=$localobject->fetch($id);
+ $result=$localobject->delete($user);
+
+ print __METHOD__." id=".$id." result=".$result."\n";
+ $this->assertLessThan($result, 0);
+ return $result;
+ }
+
+}
diff --git a/test/phpunit/AllTests.php b/test/phpunit/AllTests.php
index d1f0e8b5158..baf6b960e2b 100644
--- a/test/phpunit/AllTests.php
+++ b/test/phpunit/AllTests.php
@@ -200,6 +200,9 @@ class AllTests
require_once dirname(__FILE__).'/CategorieTest.php';
$suite->addTestSuite('CategorieTest');
+ require_once dirname(__FILE__).'/AccountingAccountTest.php';
+ $suite->addTestSuite('AccountingAccountTest');
+
require_once dirname(__FILE__).'/RestAPIUserTest.php';
$suite->addTestSuite('RestAPIUserTest');
diff --git a/test/phpunit/CommandeTest.php b/test/phpunit/CommandeTest.php
index 1d0e4fbf616..443bd1d1932 100644
--- a/test/phpunit/CommandeTest.php
+++ b/test/phpunit/CommandeTest.php
@@ -174,7 +174,7 @@ class CommandeTest extends PHPUnit_Framework_TestCase
* @depends testCommandeFetch
* The depends says test is run only if previous is ok
*/
- public function testCommandUpdate($localobject)
+ public function testCommandeUpdate($localobject)
{
global $conf,$user,$langs,$db;
$conf=$this->savconf;
@@ -196,7 +196,7 @@ class CommandeTest extends PHPUnit_Framework_TestCase
* @param Object $localobject Order
* @return Commande
*
- * @depends testCommandUpdate
+ * @depends testCommandeUpdate
* The depends says test is run only if previous is ok
*/
public function testCommandeValid($localobject)