From f52a2421590b1da441eefd3a811474408c030ee9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 7 Dec 2022 15:54:25 +0100 Subject: [PATCH] FIX #23139 --- htdocs/core/ajax/selectobject.php | 3 ++- htdocs/core/class/html.form.class.php | 27 +++++++++++++++------------ 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/htdocs/core/ajax/selectobject.php b/htdocs/core/ajax/selectobject.php index 31bc791dc10..079224c62a2 100644 --- a/htdocs/core/ajax/selectobject.php +++ b/htdocs/core/ajax/selectobject.php @@ -43,6 +43,7 @@ $objectdesc = GETPOST('objectdesc', 'alpha'); $htmlname = GETPOST('htmlname', 'aZ09'); $outjson = (GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0); $id = GETPOST('id', 'int'); +$filter = GETPOST('filter', 'alphanohtml'); /* @@ -84,7 +85,7 @@ $searchkey = (($id && GETPOST($id, 'alpha')) ? GETPOST($id, 'alpha') : (($htmlna // Add a security test to avoid to get content of all tables restrictedArea($user, $objecttmp->element, $id); -$arrayresult = $form->selectForFormsList($objecttmp, $htmlname, '', 0, $searchkey, '', '', '', 0, 1); +$arrayresult = $form->selectForFormsList($objecttmp, $htmlname, '', 0, $searchkey, '', '', '', 0, 1, 0, '', $filter); $db->close(); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 9e26170f214..5b4923b7cd2 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -7692,9 +7692,10 @@ class Form if ($classname && class_exists($classname)) { $objecttmp = new $classname($this->db); + // Make some replacement $sharedentities = getEntity(strtolower($classname)); - $objecttmp->filter = str_replace( + $filter = str_replace( array('__ENTITY__', '__SHARED_ENTITIES__', '__USER_ID__'), array($conf->entity, $sharedentities, $user->id), $filter @@ -7706,7 +7707,7 @@ class Form return 'Error bad setup of type for field '.join(',', $InfoFieldList); } - //var_dump($objecttmp->filter); + //var_dump($filter); $prefixforautocompletemode = $objecttmp->element; if ($prefixforautocompletemode == 'societe') { $prefixforautocompletemode = 'company'; @@ -7716,7 +7717,7 @@ class Form } $confkeyforautocompletemode = strtoupper($prefixforautocompletemode).'_USE_SEARCH_TO_SELECT'; // For example COMPANY_USE_SEARCH_TO_SELECT - dol_syslog(get_class($this)."::selectForForms object->filter=".$objecttmp->filter, LOG_DEBUG); + dol_syslog(get_class($this)."::selectForForms filter=".$filter, LOG_DEBUG); $out = ''; if (!empty($conf->use_javascript_ajax) && !empty($conf->global->$confkeyforautocompletemode) && !$forcecombo) { // No immediate load of all database @@ -7731,14 +7732,14 @@ class Form $urlforajaxcall = DOL_URL_ROOT.'/core/ajax/selectobject.php'; // No immediate load of all database - $urloption = 'htmlname='.urlencode($htmlname).'&outjson=1&objectdesc='.urlencode($objectdesc).'&filter='.urlencode($objecttmp->filter).($sortfield ? '&sortfield='.urlencode($sortfield) : ''); + $urloption = 'htmlname='.urlencode($htmlname).'&outjson=1&objectdesc='.urlencode($objectdesc).'&filter='.urlencode($filter).($sortfield ? '&sortfield='.urlencode($sortfield) : ''); // Activate the auto complete using ajax call. $out .= ajax_autocompleter($preselectedvalue, $htmlname, $urlforajaxcall, $urloption, $conf->global->$confkeyforautocompletemode, 0, array()); $out .= ''; $out .= ''; } else { - // Immediate load of table record. Note: filter is inside $objecttmp->filter - $out .= $this->selectForFormsList($objecttmp, $htmlname, $preselectedvalue, $showempty, $searchkey, $placeholder, $morecss, $moreparams, $forcecombo, 0, $disabled, $sortfield); + // Immediate load of table record. + $out .= $this->selectForFormsList($objecttmp, $htmlname, $preselectedvalue, $showempty, $searchkey, $placeholder, $morecss, $moreparams, $forcecombo, 0, $disabled, $sortfield, $filter); } return $out; @@ -7789,14 +7790,15 @@ class Form * @param int $outputmode 0=HTML select string, 1=Array * @param int $disabled 1=Html component is disabled * @param string $sortfield Sort field + * @param string $filter Add more filter * @return string|array Return HTML string * @see selectForForms() */ - public function selectForFormsList($objecttmp, $htmlname, $preselectedvalue, $showempty = '', $searchkey = '', $placeholder = '', $morecss = '', $moreparams = '', $forcecombo = 0, $outputmode = 0, $disabled = 0, $sortfield = '') + public function selectForFormsList($objecttmp, $htmlname, $preselectedvalue, $showempty = '', $searchkey = '', $placeholder = '', $morecss = '', $moreparams = '', $forcecombo = 0, $outputmode = 0, $disabled = 0, $sortfield = '', $filter = '') { global $conf, $langs, $user, $hookmanager; - //print "$objecttmp->filter, $htmlname, $preselectedvalue, $showempty = '', $searchkey = '', $placeholder = '', $morecss = '', $moreparams = '', $forcecombo = 0, $outputmode = 0, $disabled"; + //print "$htmlname, $preselectedvalue, $showempty, $searchkey, $placeholder, $morecss, $moreparams, $forcecombo, $outputmode, $disabled"; $prefixforautocompletemode = $objecttmp->element; if ($prefixforautocompletemode == 'societe') { @@ -7882,13 +7884,14 @@ class Form if ($searchkey != '') { $sql .= natural_search(explode(',', $fieldstoshow), $searchkey); } - if ($objecttmp->filter) { // Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" - /*if (! DolibarrApi::_checkFilters($objecttmp->filter)) + + if ($filter) { // Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + /*if (! DolibarrApi::_checkFilters($filter)) { - throw new RestException(503, 'Error when validating parameter sqlfilters '.$objecttmp->filter); + throw new RestException(503, 'Error when validating parameter sqlfilters '.$filter); }*/ $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)'; - $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'Form::forgeCriteriaCallback', $objecttmp->filter).")"; + $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'Form::forgeCriteriaCallback', $filter).")"; } } $sql .= $this->db->order($sortfield ? $sortfield : $fieldstoshow, "ASC");