diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index b28c81a25b1..5b89eefc4f7 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -49,8 +49,8 @@ $boxes = array(); */ if ($action == 'addconst') { - dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", $_POST["MAIN_BOXES_MAXLINES"], '', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", $_POST["MAIN_ACTIVATE_FILECACHE"], 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", GETPOST("MAIN_BOXES_MAXLINES", 'int'), '', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", GETPOST("MAIN_ACTIVATE_FILECACHE", 'alpha'), 'chaine', 0, '', $conf->entity); } if ($action == 'add') { diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index d78ba486224..f0bb3ea9067 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -211,7 +211,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha')) dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION", $uselocaltax1, 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION", $uselocaltax2, 'chaine', 0, '', $conf->entity); - if ($_POST["optionlocaltax1"] == "localtax1on") { + if (GETPOST("optionlocaltax1") == "localtax1on") { if (!GETPOSTISSET('lt1')) { dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", 0, 'chaine', 0, '', $conf->entity); } else { @@ -219,7 +219,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha')) } dolibarr_set_const($db, "MAIN_INFO_LOCALTAX_CALC1", GETPOST("clt1", 'aZ09'), 'chaine', 0, '', $conf->entity); } - if ($_POST["optionlocaltax2"] == "localtax2on") { + if (GETPOST("optionlocaltax2") == "localtax2on") { if (!GETPOSTISSET('lt2')) { dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", 0, 'chaine', 0, '', $conf->entity); } else { diff --git a/htdocs/admin/delais.php b/htdocs/admin/delais.php index 6c0cd230cc9..4fe21a8460b 100644 --- a/htdocs/admin/delais.php +++ b/htdocs/admin/delais.php @@ -181,7 +181,7 @@ if ($action == 'update') { } } - dolibarr_set_const($db, "MAIN_DISABLE_METEO", $_POST["MAIN_DISABLE_METEO"], 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_DISABLE_METEO", GETPOST("MAIN_DISABLE_METEO"), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_USE_METEO_WITH_PERCENTAGE", GETPOST("MAIN_USE_METEO_WITH_PERCENTAGE"), 'chaine', 0, '', $conf->entity); // For update value with percentage diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index be9cc16f59e..9d05ad00377 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -788,7 +788,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) { $msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'
'; }*/ } - if (GETPOSTISSET("country") && ($_POST["country"] == '0') && ($id != 2)) { + if (GETPOSTISSET("country") && (GETPOST("country") == '0') && ($id != 2)) { if (in_array($tablib[$id], array('DictionaryCompanyType', 'DictionaryHolidayTypes'))) { // Field country is no mandatory for such dictionaries $_POST["country"] = ''; } else { @@ -796,25 +796,25 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) { setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities("Country")), null, 'errors'); } } - if (($id == 3 || $id == 42) && !is_numeric($_POST["code"])) { + if (($id == 3 || $id == 42) && !is_numeric(GETPOST("code"))) { $ok = 0; setEventMessages($langs->transnoentities("ErrorFieldMustBeANumeric", $langs->transnoentities("Code")), null, 'errors'); } // Clean some parameters - if ((!empty($_POST["localtax1_type"]) || ($_POST['localtax1_type'] == '0')) && empty($_POST["localtax1"])) { + if ((GETPOST("localtax1_type") || (GETPOST('localtax1_type') == '0')) && !GETPOST("localtax1")) { $_POST["localtax1"] = '0'; // If empty, we force to 0 } - if ((!empty($_POST["localtax2_type"]) || ($_POST['localtax2_type'] == '0')) && empty($_POST["localtax2"])) { + if ((GETPOST("localtax2_type") || (GETPOST('localtax2_type') == '0')) && !GETPOST("localtax2")) { $_POST["localtax2"] = '0'; // If empty, we force to 0 } - if ($_POST["accountancy_code"] <= 0) { + if (GETPOST("accountancy_code") <= 0) { $_POST["accountancy_code"] = ''; // If empty, we force to null } - if ($_POST["accountancy_code_sell"] <= 0) { + if (GETPOST("accountancy_code_sell") <= 0) { $_POST["accountancy_code_sell"] = ''; // If empty, we force to null } - if ($_POST["accountancy_code_buy"] <= 0) { + if (GETPOST("accountancy_code_buy") <= 0) { $_POST["accountancy_code_buy"] = ''; // If empty, we force to null } if ($id == 10 && GETPOSTISSET("code")) { // Spaces are not allowed into code for tax dictionary diff --git a/htdocs/admin/dolistore/ajax/index.html b/htdocs/admin/dolistore/ajax/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/admin/dolistore/ajax/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/admin/external_rss.php b/htdocs/admin/external_rss.php index bbb0f212707..0ef302765e8 100644 --- a/htdocs/admin/external_rss.php +++ b/htdocs/admin/external_rss.php @@ -41,7 +41,6 @@ if (!$user->admin) { accessforbidden(); } -$def = array(); $lastexternalrss = 0; $action = GETPOST('action', 'aZ09'); @@ -56,6 +55,7 @@ $sql .= " WHERE ".$db->decrypt('name')." LIKE 'EXTERNAL_RSS_URLRSS_%'"; //print $sql; $result = $db->query($sql); // We can't use SELECT MAX() because EXTERNAL_RSS_URLRSS_10 is lower than EXTERNAL_RSS_URLRSS_9 if ($result) { + $reg = array(); while ($obj = $db->fetch_object($result)) { preg_match('/([0-9]+)$/i', $obj->name, $reg); if ($reg[1] && $reg[1] > $lastexternalrss) { @@ -70,17 +70,17 @@ if ($action == 'add' || GETPOST("modify")) { $external_rss_title = "external_rss_title_".GETPOST("norss", 'int'); $external_rss_urlrss = "external_rss_urlrss_".GETPOST("norss", 'int'); - if (!empty($_POST[$external_rss_urlrss])) { + if (GETPOST($external_rss_urlrss, 'alpha')) { $boxlabel = '(ExternalRSSInformations)'; - //$external_rss_url = "external_rss_url_" . $_POST["norss"]; + //$external_rss_url = "external_rss_url_" . GETPOST("norss"); $db->begin(); - if ($_POST["modify"]) { + if (GETPOST("modify")) { // Supprime boite box_external_rss de definition des boites /* $sql = "UPDATE ".MAIN_DB_PREFIX."boxes_def"; $sql.= " SET name = '".$db->escape($boxlabel)."'"; - $sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape($_POST["norss"])." %'"; + $sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape(GETPOST("norss"))." %'"; $resql=$db->query($sql); if (! $resql) @@ -95,13 +95,17 @@ if ($action == 'add' || GETPOST("modify")) { $sql .= " VALUES ('box_external_rss.php','".$db->escape(GETPOST("norss", 'int').' ('.GETPOST($external_rss_title, 'alpha')).")')"; if (!$db->query($sql)) { dol_print_error($db); - $err++; + $error++; } + //print $sql;exit; } $result1 = dolibarr_set_const($db, "EXTERNAL_RSS_TITLE_".GETPOST("norss", 'int'), GETPOST($external_rss_title, 'alpha'), 'chaine', 0, '', $conf->entity); if ($result1) { - $result2 = dolibarr_set_const($db, "EXTERNAL_RSS_URLRSS_".GETPOST("norss", 'int'), GETPOST($external_rss_urlrss, 'alpha'), 'chaine', 0, '', $conf->entity); + $consttosave = "EXTERNAL_RSS_URLRSS_".GETPOST("norss", 'int'); + $urltosave = GETPOST($external_rss_urlrss, 'alpha'); + $result2 = dolibarr_set_const($db, $consttosave, $urltosave, 'chaine', 0, '', $conf->entity); + //var_dump($result2);exit; } if ($result1 && $result2) { @@ -115,7 +119,7 @@ if ($action == 'add' || GETPOST("modify")) { } } -if ($_POST["delete"]) { +if (GETPOST("delete")) { if (GETPOST("norss", 'int')) { $db->begin(); @@ -258,14 +262,14 @@ if ($resql) { print ''; - print "".$langs->trans("Title").""; - print "global->$keyrsstitle)."\">"; + print ''.$langs->trans("Title").""; + print ''; print ''."\n"; print ''; print "".$langs->trans("URL").""; - print "global->$keyrssurl)."\">"; + print ''; print ''."\n"; @@ -307,7 +311,7 @@ if ($resql) { // Active $active = _isInBoxList($idrss, $boxlist) ? 'yes' : 'no'; print ''; - print ''.$langs->trans('WidgetEnabled').''; + print ''.$langs->trans('WidgetAvailable').''; print ''.yn($active).''; print ''."\n"; diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index 81263cba82e..8b799c9c7de 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -96,7 +96,7 @@ if ($action == 'removebackgroundlogin' && !empty($conf->global->MAIN_LOGIN_BACKG if ($action == 'update') { dolibarr_set_const($db, "MAIN_LANG_DEFAULT", GETPOST("MAIN_LANG_DEFAULT", 'aZ09'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", (int) $conf->global->MAIN_IHM_PARAMS_REV + 1, 'chaine', 0, '', $conf->entity); - //dolibarr_set_const($db, "MAIN_MULTILANGS", $_POST["MAIN_MULTILANGS"], 'chaine', 0, '', $conf->entity); + //dolibarr_set_const($db, "MAIN_MULTILANGS", GETPOST("MAIN_MULTILANGS"), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_THEME", GETPOST("main_theme", 'aZ09'), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/mailman.php b/htdocs/admin/mailman.php index b3644036cff..15dcccdb000 100644 --- a/htdocs/admin/mailman.php +++ b/htdocs/admin/mailman.php @@ -46,21 +46,27 @@ $action = GETPOST('action', 'aZ09'); $testsubscribeemail = GETPOST("testsubscribeemail"); $testunsubscribeemail = GETPOST("testunsubscribeemail"); +$error = 0; + + /* * Actions */ // Action updated or added a constant if ($action == 'update' || $action == 'add') { - foreach ($_POST['constname'] as $key => $val) { - $constname = $_POST["constname"][$key]; - $constvalue = $_POST["constvalue"][$key]; - $consttype = $_POST["consttype"][$key]; - $constnote = $_POST["constnote"][$key]; - $res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity); + $tmparray = GETPOST('constname', 'array'); + if (is_array($tmparray)) { + foreach ($tmparray as $key => $val) { + $constname = $tmparray[$key]; + $constvalue = $tmparray[$key]; + $consttype = $tmparray[$key]; + $constnote = $tmparray[$key]; + $res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity); - if (!($res > 0)) { - $error++; + if (!($res > 0)) { + $error++; + } } } diff --git a/htdocs/admin/mails_emailing.php b/htdocs/admin/mails_emailing.php index cb5df373645..511f5dde698 100644 --- a/htdocs/admin/mails_emailing.php +++ b/htdocs/admin/mails_emailing.php @@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors')); $action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel', 'alpha'); if (!$user->admin) { accessforbidden(); @@ -59,7 +60,7 @@ complete_substitutions_array($substitutionarrayfortest, $langs); * Actions */ -if ($action == 'update' && empty($_POST["cancel"])) { +if ($action == 'update' && !$cancel) { // Send mode parameters dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_EMAILING", GETPOST("MAIN_MAIL_SENDMODE_EMAILING"), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_EMAILING", GETPOST("MAIN_MAIL_SMTP_PORT_EMAILING"), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/mails_ticket.php b/htdocs/admin/mails_ticket.php index 14960db11d7..939273c1da2 100644 --- a/htdocs/admin/mails_ticket.php +++ b/htdocs/admin/mails_ticket.php @@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors')); $action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel', 'alpha'); $usersignature = $user->signature; // For action = test or send, we ensure that content is not html, even for signature, because this we want a test with NO html. @@ -59,7 +60,7 @@ if (!$user->admin) { * Actions */ -if ($action == 'update' && empty($_POST["cancel"])) { +if ($action == 'update' && !$cancel) { // Send mode parameters dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_TICKET", GETPOST("MAIN_MAIL_SENDMODE_TICKET"), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_TICKET", GETPOST("MAIN_MAIL_SMTP_PORT_TICKET"), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 8945daa23f8..2e84efbfb06 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -333,8 +333,8 @@ if ($action == 'create') { } else { print ''; } print ''.$langs->trans('DetailType').''; diff --git a/htdocs/admin/multicurrency.php b/htdocs/admin/multicurrency.php index be4de854099..3a479480812 100644 --- a/htdocs/admin/multicurrency.php +++ b/htdocs/admin/multicurrency.php @@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/multicurrency/class/multicurrency.class.php'; $langs->loadLangs(array('admin', 'multicurrency')); // Access control -if (!$user->admin) { +if (!$user->admin || empty($conf->multicurrency->enabled)) { accessforbidden(); } @@ -45,7 +45,7 @@ $action = GETPOST('action', 'aZ09'); * Actions */ - +$reg = array(); if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) { $code = $reg[1]; $value = GETPOST($code, 'alpha'); diff --git a/htdocs/admin/sms.php b/htdocs/admin/sms.php index d2cf26a0c9a..9ddbc3361c8 100644 --- a/htdocs/admin/sms.php +++ b/htdocs/admin/sms.php @@ -66,7 +66,7 @@ if ($action == 'send' && !$_POST['cancel']) { $error = 0; $smsfrom = ''; - if (!empty($_POST["fromsms"])) { + if (GETPOST("fromsms", 'alphanohtml')) { $smsfrom = GETPOST("fromsms", 'alphanohtml'); } if (empty($smsfrom)) { diff --git a/htdocs/api/index.php b/htdocs/api/index.php index bb74144a40d..2ed7d2e08f8 100644 --- a/htdocs/api/index.php +++ b/htdocs/api/index.php @@ -2,6 +2,7 @@ /* Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2016 Laurent Destailleur * Copyright (C) 2017 Regis Houssin + * Copyright (C) 2021 Alexis LAURIER * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -307,12 +308,28 @@ if (!empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' && //var_dump($api->r->apiVersionMap); //exit; +// We do not want that restler output data if we use native compression (default behaviour) but we want to have it returned into a string. +Luracast\Restler\Defaults::$returnResponse = (empty($conf->global->API_DISABLE_COMPRESSION) && !empty($_SERVER['HTTP_ACCEPT_ENCODING'])); + // Call API (we suppose we found it). // The handle will use the file api/temp/routes.php to get data to run the API. If the file exists and the entry for API is not found, it will return 404. +$result = $api->r->handle(); -//Luracast\Restler\Defaults::$returnResponse = true; -//print $api->r->handle(); +if (Luracast\Restler\Defaults::$returnResponse) { + // We try to compress data + if (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'br') !== false && is_callable('brotli_compress')) { + header('Content-Encoding: br'); + $result = brotli_compress($result, 11, BROTLI_TEXT); + } elseif (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'bz') !== false && is_callable('bzcompress')) { + header('Content-Encoding: bz'); + $result = bzcompress($result, 9); + } elseif (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false && is_callable('gzencode')) { + header('Content-Encoding: gzip'); + $result = gzencode($result, 9); + } -$api->r->handle(); + // Restler did not output data yet, we return it now + echo $result; +} //session_destroy(); diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index e30067e8815..5fb1c85dd40 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -66,7 +66,7 @@ $upload_dir = $conf->categorie->multidir_output[$object->entity]; * Actions */ -if (isset($_FILES['userfile']) && $_FILES['userfile']['size'] > 0 && $_POST["sendit"] && !empty($conf->global->MAIN_UPLOAD_DOC)) { +if (isset($_FILES['userfile']) && $_FILES['userfile']['size'] > 0 && GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) { if ($object->id) { $file = $_FILES['userfile']; if (is_array($file['name']) && count($file['name']) > 0) { diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index c70bfb7fe91..8039241a899 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -162,7 +162,7 @@ if (empty($reshook)) { // set accountancy code if ($action == 'setcustomeraccountancycode') { $result = $object->fetch($id); - $object->code_compta = $_POST["customeraccountancycode"]; + $object->code_compta = GETPOST("customeraccountancycode"); $result = $object->update($object->id, $user, 1, 1, 0); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/comm/mailing/advtargetemailing.php b/htdocs/comm/mailing/advtargetemailing.php index 8d57a9ee6a0..4b60fdd3464 100644 --- a/htdocs/comm/mailing/advtargetemailing.php +++ b/htdocs/comm/mailing/advtargetemailing.php @@ -397,7 +397,7 @@ if ($action == 'delete') { } } -if ($_POST["button_removefilter"]) { +if (GETPOST("button_removefilter")) { $search_nom = ''; $search_prenom = ''; $search_email = ''; diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index e0a9138244d..3fc50d03eaf 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -46,6 +46,7 @@ if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AU $id = (GETPOST('mailid', 'int') ? GETPOST('mailid', 'int') : GETPOST('id', 'int')); $action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel'); $confirm = GETPOST('confirm', 'alpha'); $urlfrom = GETPOST('urlfrom'); @@ -393,12 +394,12 @@ if (empty($reshook)) { } // Action send test emailing - if ($action == 'send' && empty($_POST["cancel"])) { + if ($action == 'send' && ! $cancel) { $error = 0; $upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing'); - $object->sendto = $_POST["sendto"]; + $object->sendto = GETPOST("sendto", 'alphawithlgt'); if (!$object->sendto) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("MailTo")), null, 'errors'); $error++; @@ -537,7 +538,7 @@ if (empty($reshook)) { } // Action of file remove - if (!empty($_POST["removedfile"])) { + if (GETPOST("removedfile")) { $upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing'); require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; @@ -548,7 +549,7 @@ if (empty($reshook)) { } // Action of emailing update - if ($action == 'update' && empty($_POST["removedfile"]) && empty($_POST["cancel"])) { + if ($action == 'update' && !GETPOST("removedfile") && !$cancel) { require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $isupload = 0; @@ -643,7 +644,7 @@ if (empty($reshook)) { } } - if (!empty($_POST["cancel"])) { + if ($cancel) { $action = ''; } } diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php index 2f5e146843b..f1638e9dc37 100644 --- a/htdocs/comm/multiprix.php +++ b/htdocs/comm/multiprix.php @@ -30,6 +30,9 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; // Load translation files required by the page $langs->loadLangs(array('orders', 'companies')); +$action = GETPOST('action', 'alpha'); +$cancel = GETPOST('cancel', 'alpha'); + $id = GETPOST('id', 'int'); $_socid = GETPOST("id", 'int'); // Security check @@ -42,10 +45,10 @@ if ($user->socid > 0) { * Actions */ -if ($_POST["action"] == 'setpricelevel') { +if ($action == 'setpricelevel') { $soc = new Societe($db); $soc->fetch($id); - $soc->set_price_level($_POST["price_level"], $user); + $soc->set_price_level(GETPOST("price_level"), $user); header("Location: multiprix.php?id=".$id); exit; diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index c8c94e7e95a..cecb4fff28a 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -775,9 +775,9 @@ if (empty($reshook)) { $object->generateDocument($object->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref); } } elseif ($action == "setabsolutediscount" && $usercancreate) { - if ($_POST["remise_id"]) { + if (GETPOST("remise_id", "int")) { if ($object->id > 0) { - $result = $object->insert_discount($_POST["remise_id"]); + $result = $object->insert_discount(GETPOST("remise_id", "int")); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index f07b38045f2..22121fa7664 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -245,7 +245,7 @@ if ((GETPOST('confirm_savestatement', 'alpha') || GETPOST('confirm_reconcile', ' foreach ($rowids as $row) { if ($row > 0) { $result = $bankline->fetch($row); - $bankline->num_releve = $num_releve; //$_POST["num_releve"]; + $bankline->num_releve = $num_releve; // GETPOST("num_releve"); $result = $bankline->update_conciliation($user, GETPOST("cat"), GETPOST('confirm_reconcile', 'alpha') ? 1 : 0); // If we confirm_reconcile, we set flag 'rappro' to 1. if ($result < 0) { setEventMessages($bankline->error, $bankline->errors, 'errors'); diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index bf74035d553..33d4bc37aed 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -87,18 +87,18 @@ if ($action == 'add') { $object->ref = dol_string_nospecial(trim(GETPOST('ref', 'alpha'))); $object->label = trim(GETPOST("label", 'alphanohtml')); - $object->courant = $_POST["type"]; - $object->clos = $_POST["clos"]; + $object->courant = GETPOST("type"); + $object->clos = GETPOST("clos"); $object->rappro = (GETPOST("norappro", 'alpha') ? 0 : 1); $object->url = trim(GETPOST("url", 'alpha')); - $object->bank = trim($_POST["bank"]); - $object->code_banque = trim($_POST["code_banque"]); - $object->code_guichet = trim($_POST["code_guichet"]); - $object->number = trim($_POST["number"]); - $object->cle_rib = trim($_POST["cle_rib"]); - $object->bic = trim($_POST["bic"]); - $object->iban = trim($_POST["iban"]); + $object->bank = trim(GETPOST("bank")); + $object->code_banque = trim(GETPOST("code_banque")); + $object->code_guichet = trim(GETPOST("code_guichet")); + $object->number = trim(GETPOST("number")); + $object->cle_rib = trim(GETPOST("cle_rib")); + $object->bic = trim(GETPOST("bic")); + $object->iban = trim(GETPOST("iban")); $object->domiciliation = trim(GETPOST("domiciliation", "nohtml")); $object->proprio = trim(GETPOST("proprio", 'alphanohtml')); @@ -120,10 +120,10 @@ if ($action == 'add') { $object->fk_accountancy_journal = $fk_accountancy_journal; } - $object->solde = $_POST["solde"]; + $object->solde = price2num(GETPOST("solde")); $object->date_solde = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST('reday', 'int'), GETPOST("reyear", 'int')); - $object->currency_code = trim($_POST["account_currency_code"]); + $object->currency_code = trim(GETPOST("account_currency_code")); $object->state_id = GETPOST("account_state_id", 'int'); $object->country_id = GETPOST("account_country_id", 'int'); @@ -187,18 +187,18 @@ if ($action == 'update') { $object->ref = dol_string_nospecial(trim(GETPOST('ref', 'alpha'))); $object->label = trim(GETPOST("label", 'alphanohtml')); - $object->courant = $_POST["type"]; - $object->clos = $_POST["clos"]; + $object->courant = GETPOST("type"); + $object->clos = GETPOST("clos"); $object->rappro = (GETPOST("norappro", 'alpha') ? 0 : 1); $object->url = trim(GETPOST("url", 'alpha')); - $object->bank = trim($_POST["bank"]); - $object->code_banque = trim($_POST["code_banque"]); - $object->code_guichet = trim($_POST["code_guichet"]); - $object->number = trim($_POST["number"]); - $object->cle_rib = trim($_POST["cle_rib"]); - $object->bic = trim($_POST["bic"]); - $object->iban = trim($_POST["iban"]); + $object->bank = trim(GETPOST("bank")); + $object->code_banque = trim(GETPOST("code_banque")); + $object->code_guichet = trim(GETPOST("code_guichet")); + $object->number = trim(GETPOST("number")); + $object->cle_rib = trim(GETPOST("cle_rib")); + $object->bic = trim(GETPOST("bic")); + $object->iban = trim(GETPOST("iban")); $object->domiciliation = trim(GETPOST("domiciliation", "nohtml")); $object->proprio = trim(GETPOST("proprio", 'alphanohtml')); @@ -220,7 +220,7 @@ if ($action == 'update') { $object->fk_accountancy_journal = $fk_accountancy_journal; } - $object->currency_code = trim($_POST["account_currency_code"]); + $object->currency_code = trim(GETPOST("account_currency_code")); $object->state_id = GETPOST("account_state_id", 'int'); $object->country_id = GETPOST("account_country_id", 'int'); @@ -274,7 +274,7 @@ if ($action == 'update') { } } -if ($action == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->banque->configurer) { +if ($action == 'confirm_delete' && GETPOST("confirm") == "yes" && $user->rights->banque->configurer) { // Delete $object = new Account($db); $object->fetch(GETPOST("id", "int")); @@ -462,7 +462,8 @@ if ($action == 'create') { print ''; print '
'; - if ($_POST["type"] == Account::TYPE_SAVINGS || $_POST["type"] == Account::TYPE_CURRENT) { + $type = GETPOST('type'); + if ($type == Account::TYPE_SAVINGS || $type == Account::TYPE_CURRENT) { print ''; // If bank account @@ -988,7 +989,7 @@ if ($action == 'create') { print '
'; - if ($_POST["type"] == Account::TYPE_SAVINGS || $_POST["type"] == Account::TYPE_CURRENT) { + if (GETPOST("type") == Account::TYPE_SAVINGS || GETPOST("type") == Account::TYPE_CURRENT) { print '
'; //print '
'; diff --git a/htdocs/compta/bank/line.php b/htdocs/compta/bank/line.php index 410e3a82bea..292a61e8bc6 100644 --- a/htdocs/compta/bank/line.php +++ b/htdocs/compta/bank/line.php @@ -140,9 +140,9 @@ if ($user->rights->banque->modifier && $action == "update") { if (!$error) { $db->begin(); - $amount = price2num($_POST['amount']); - $dateop = dol_mktime(12, 0, 0, $_POST["dateomonth"], $_POST["dateoday"], $_POST["dateoyear"]); - $dateval = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]); + $amount = price2num(GETPOST('amount')); + $dateop = dol_mktime(12, 0, 0, GETPOST("dateomonth"), GETPOST("dateoday"), GETPOST("dateoyear")); + $dateval = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear")); $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; $sql .= " SET "; // Always opened @@ -212,8 +212,8 @@ if ($user->rights->banque->modifier && $action == "update") { // Reconcile if ($user->rights->banque->consolidate && ($action == 'num_releve' || $action == 'setreconcile')) { - $num_rel = trim($_POST["num_rel"]); - $rappro = $_POST['reconciled'] ? 1 : 0; + $num_rel = trim(GETPOST("num_rel")); + $rappro = GETPOST('reconciled') ? 1 : 0; // Check parameters if ($rappro && empty($num_rel)) { diff --git a/htdocs/compta/charges/index.php b/htdocs/compta/charges/index.php index ac908ad3c06..b238e47c50e 100644 --- a/htdocs/compta/charges/index.php +++ b/htdocs/compta/charges/index.php @@ -30,6 +30,7 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/tva.class.php'; +require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/paymentvat.class.php'; require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/chargesociales.class.php'; require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/paymentsocialcontribution.class.php'; require_once DOL_DOCUMENT_ROOT.'/salaries/class/salary.class.php'; @@ -83,6 +84,7 @@ if (!$sortorder) { */ $tva_static = new Tva($db); +$ptva_static = new PaymentVat($db); $socialcontrib = new ChargeSociales($db); $payment_sc_static = new PaymentSocialContribution($db); $sal_static = new Salary($db); @@ -271,20 +273,21 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { print load_fiche_titre($langs->trans("VATDeclarations").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', ''); - $sql = "SELECT pv.rowid, pv.amount, pv.label, pv.datev as dm, pv.fk_bank,"; + $sql = "SELECT ptva.rowid, pv.rowid as id_tva, pv.amount as amount_tva, ptva.amount, pv.label, pv.datev as dm, ptva.datep as date_payment, ptva.fk_bank,"; $sql .= " pct.code as payment_code,"; $sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel"; $sql .= " FROM ".MAIN_DB_PREFIX."tva as pv"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON pv.fk_bank = b.rowid"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."payment_vat as ptva ON (ptva.fk_tva = pv.rowid)"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON (ptva.fk_bank = b.rowid)"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.rowid"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pct ON pv.fk_typepayment = pct.id"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pct ON ptva.fk_typepaiement = pct.id"; $sql .= " WHERE pv.entity IN (".getEntity("tax").")"; if ($year > 0) { // Si period renseignee on l'utilise comme critere de date, sinon on prend date echeance, // ceci afin d'etre compatible avec les cas ou la periode n'etait pas obligatoire $sql .= " AND pv.datev between '".$db->idate(dol_get_first_day($year, 1, false))."' AND '".$db->idate(dol_get_last_day($year, 12, false))."'"; } - if (preg_match('/^pv\./', $sortfield)) { + if (preg_match('/^pv\./', $sortfield) || preg_match('/^ptva\./', $sortfield)) { $sql .= $db->order($sortfield, $sortorder); } @@ -298,13 +301,13 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "pv.datev", "", $param, 'width="140px"', $sortfield, $sortorder); print_liste_field_titre("Label", $_SERVER["PHP_SELF"], "pv.label", "", $param, '', $sortfield, $sortorder); print_liste_field_titre("ExpectedToPay", $_SERVER["PHP_SELF"], "pv.amount", "", $param, 'class="right"', $sortfield, $sortorder); - print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "pv.rowid", "", $param, '', $sortfield, $sortorder); - print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "pv.datev", "", $param, 'align="center"', $sortfield, $sortorder); + print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "ptva.rowid", "", $param, '', $sortfield, $sortorder); + print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "ptva.datep", "", $param, 'align="center"', $sortfield, $sortorder); print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder); if (!empty($conf->banque->enabled)) { print_liste_field_titre("Account", $_SERVER["PHP_SELF"], "ba.label", "", $param, "", $sortfield, $sortorder); } - print_liste_field_titre("PayedByThisPayment", $_SERVER["PHP_SELF"], "pv.amount", "", $param, 'class="right"', $sortfield, $sortorder); + print_liste_field_titre("PayedByThisPayment", $_SERVER["PHP_SELF"], "ptva.amount", "", $param, 'class="right"', $sortfield, $sortorder); print "\n"; $var = 1; while ($i < $num) { @@ -316,17 +319,19 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { print ''; print ''.dol_print_date($db->jdate($obj->dm), 'day').''."\n"; - print "".$obj->label."\n"; + $tva_static->id = $obj->id_tva; + $tva_static->ref = $obj->label; + print "".$tva_static->getNomUrl(1)."\n"; - print ''.price($obj->amount).""; + print ''.price($obj->amount_tva).""; // Ref payment - $tva_static->id = $obj->rowid; - $tva_static->ref = $obj->rowid; - print ''.$tva_static->getNomUrl(1)."\n"; + $ptva_static->id = $obj->rowid; + $ptva_static->ref = $obj->rowid; + print ''.$ptva_static->getNomUrl(1)."\n"; // Date - print ''.dol_print_date($db->jdate($obj->dm), 'day')."\n"; + print ''.dol_print_date($db->jdate($obj->date_payment), 'day')."\n"; // Type payment print ''; @@ -360,7 +365,7 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { $i++; } print ''.$langs->trans("Total").''; - print ''.price($total).''; + print ' '; print ' '; print ' '; print ' '; @@ -440,9 +445,9 @@ while ($j < $numlt) { print ''.price($obj->amount).""; // Ref payment - $tva_static->id = $obj->rowid; - $tva_static->ref = $obj->rowid; - print ''.$tva_static->getNomUrl(1)."\n"; + $ptva_static->id = $obj->rowid; + $ptva_static->ref = $obj->rowid; + print ''.$ptva_static->getNomUrl(1)."\n"; print ''.dol_print_date($db->jdate($obj->dp), 'day')."\n"; print ''.price($obj->amount).""; diff --git a/htdocs/compta/localtax/card.php b/htdocs/compta/localtax/card.php index d4091a6df90..451007932d7 100644 --- a/htdocs/compta/localtax/card.php +++ b/htdocs/compta/localtax/card.php @@ -33,6 +33,8 @@ $langs->loadLangs(array('compta', 'banks', 'bills')); $id = GETPOST("id", 'int'); $action = GETPOST("action", "alpha"); +$cancel = GETPOST('cancel'); + $refund = GETPOST("refund", "int"); if (empty($refund)) { $refund = 0; @@ -57,18 +59,18 @@ $hookmanager->initHooks(array('localtaxvatcard', 'globalcard')); * Actions */ -if ($_POST["cancel"] == $langs->trans("Cancel") && !$id) { +if ($cancel && !$id) { header("Location: list.php?localTaxType=".$lttype); exit; } -if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) { +if ($action == 'add' && $cancel) { $db->begin(); - $datev = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]); - $datep = dol_mktime(12, 0, 0, $_POST["datepmonth"], $_POST["datepday"], $_POST["datepyear"]); + $datev = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear")); + $datep = dol_mktime(12, 0, 0, GETPOST("datepmonth"), GETPOST("datepday"), GETPOST("datepyear")); - $object->accountid = GETPOST("accountid"); + $object->accountid = GETPOST("accountid", 'int'); $object->paymenttype = GETPOST("paiementtype"); $object->datev = $datev; $object->datep = $datep; @@ -165,14 +167,14 @@ if ($action == 'create') { print ''; // Label - print ''.$langs->trans("Label").'transcountry(($lttype == 2 ? "LT2Payment" : "LT1Payment"), $mysoc->country_code)).'">'; + print ''.$langs->trans("Label").'transcountry(($lttype == 2 ? "LT2Payment" : "LT1Payment"), $mysoc->country_code)).'">'; // Amount print ''.$langs->trans("Amount").''; if (!empty($conf->banque->enabled)) { print ''.$langs->trans("Account").''; - $form->select_comptes($_POST["accountid"], "accountid", 0, "courant=1", 2); // Affiche liste des comptes courant + $form->select_comptes(GETPOST("accountid", "int"), "accountid", 0, "courant=1", 2); // Affiche liste des comptes courant print ''; print ''.$langs->trans("PaymentMode").''; diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 847dae1bc29..86153e4b38d 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -117,9 +117,9 @@ if ($action == 'setref' && $user->rights->banque->cheque) { } } -if ($action == 'create' && $_POST["accountid"] > 0 && $user->rights->banque->cheque) { +if ($action == 'create' && GETPOST("accountid", "int") > 0 && $user->rights->banque->cheque) { if (is_array($_POST['toRemise'])) { - $result = $object->create($user, $_POST["accountid"], 0, $_POST['toRemise']); + $result = $object->create($user, GETPOST("accountid", "int"), 0, GETPOST('toRemise')); if ($result > 0) { if ($object->statut == 1) { // If statut is validated, we build doc $object->fetch($object->id); // To force to reload all properties in correct property name @@ -134,7 +134,7 @@ if ($action == 'create' && $_POST["accountid"] > 0 && $user->rights->banque->che $outputlangs = new Translate("", $conf); $outputlangs->setDefaultLang($newlang); } - $result = $object->generatePdf($_POST["model"], $outputlangs); + $result = $object->generatePdf(GETPOST("model"), $outputlangs); } header("Location: ".$_SERVER["PHP_SELF"]."?id=".$object->id); @@ -227,7 +227,7 @@ if ($action == 'builddoc' && $user->rights->banque->cheque) { $outputlangs = new Translate("", $conf); $outputlangs->setDefaultLang($newlang); } - $result = $object->generatePdf($_POST["model"], $outputlangs); + $result = $object->generatePdf(GETPOST("model"), $outputlangs); if ($result <= 0) { dol_print_error($db, $object->error); exit; diff --git a/htdocs/compta/paiement/rapport.php b/htdocs/compta/paiement/rapport.php index 139188c7c1b..ba8c9b2a82f 100644 --- a/htdocs/compta/paiement/rapport.php +++ b/htdocs/compta/paiement/rapport.php @@ -70,14 +70,14 @@ if ($action == 'builddoc') { // We save charset_output to restore it because write_file can change it if needed for // output format that does not support UTF8. $sav_charset_output = $outputlangs->charset_output; - if ($rap->write_file($dir, $_POST["remonth"], $_POST["reyear"], $outputlangs) > 0) { + if ($rap->write_file($dir, GETPOST("remonth", "int"), GETPOST("reyear", "int"), $outputlangs) > 0) { $outputlangs->charset_output = $sav_charset_output; } else { $outputlangs->charset_output = $sav_charset_output; dol_print_error($db, $obj->error); } - $year = $_POST["reyear"]; + $year = GETPOST("reyear", "int"); } diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index bc79ff07d47..e796f039f80 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -32,6 +32,8 @@ $langs->load("bills"); $chid = GETPOST("id", 'int'); $action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel'); + $amounts = array(); // Security check @@ -50,15 +52,15 @@ $charge = new ChargeSociales($db); if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/compta/sociales/card.php?id='.$chid; header("Location: ".$loc); exit; } - $datepaye = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); + $datepaye = dol_mktime(12, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int")); - if (!$_POST["paiementtype"] > 0) { + if (!(GETPOST("paiementtype") > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors'); $error++; $action = 'create'; @@ -68,7 +70,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y $error++; $action = 'create'; } - if (!empty($conf->banque->enabled) && !($_POST["accountid"] > 0)) { + if (!empty($conf->banque->enabled) && !(GETPOST("accountid") > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("AccountToCredit")), null, 'errors'); $error++; $action = 'create'; diff --git a/htdocs/compta/paiement_vat.php b/htdocs/compta/paiement_vat.php index c05e11c554c..7fc81e5ac27 100644 --- a/htdocs/compta/paiement_vat.php +++ b/htdocs/compta/paiement_vat.php @@ -33,6 +33,8 @@ $langs->loadLangs(array("banks", "bills")); $chid = GETPOST("id", 'int'); $action = GETPOST('action', 'alpha'); +$cancel = GETPOST('cancel'); + $amounts = array(); // Security check @@ -49,7 +51,7 @@ if ($user->socid > 0) { if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/compta/tva/card.php?id='.$chid; header("Location: ".$loc); exit; @@ -73,23 +75,23 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y $action = 'create'; } + // Read possible payments + foreach ($_POST as $key => $value) { + if (substr($key, 0, 7) == 'amount_') { + $other_chid = substr($key, 7); + $amounts[$other_chid] = price2num(GETPOST($key)); + } + } + + if ($amounts[key($amounts)] <= 0) { + $error++; + setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Amount")), null, 'errors'); + $action = 'create'; + } + if (!$error) { $paymentid = 0; - // Read possible payments - foreach ($_POST as $key => $value) { - if (substr($key, 0, 7) == 'amount_') { - $other_chid = substr($key, 7); - $amounts[$other_chid] = price2num(GETPOST($key)); - } - } - - if (count($amounts) <= 0) { - $error++; - setEventMessages($langs->trans("ErrorNoPaymentDefined"), null, 'errors'); - $action = 'create'; - } - if (!$error) { $db->begin(); diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index 5470685e8e0..fdb1e3336df 100755 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -41,6 +41,7 @@ $langs->loadLangs(array('compta', 'banks', 'bills')); $id = GETPOST("id", 'int'); $action = GETPOST("action", "alpha"); +$cancel = GETPOST('cancel'); $confirm = GETPOST('confirm'); $refund = GETPOST("refund", "int"); if (GETPOSTISSET('auto_create_paiement') || $action === 'add') { @@ -74,7 +75,7 @@ $hookmanager->initHooks(array('taxvatcard', 'globalcard')); * Actions */ -if ($_POST["cancel"] == $langs->trans("Cancel") && !$id) { +if ($cancel && !$id) { header("Location: list.php"); exit; } @@ -135,7 +136,7 @@ if ($action == 'reopen' && $user->rights->tax->charges->creer) { } } -if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) { +if ($action == 'add' && $cancel) { $error = 0; $object->fk_account = GETPOST("accountid", 'int'); diff --git a/htdocs/contact/canvas/actions_contactcard_common.class.php b/htdocs/contact/canvas/actions_contactcard_common.class.php index a32263cd65e..332b7dd36c6 100644 --- a/htdocs/contact/canvas/actions_contactcard_common.class.php +++ b/htdocs/contact/canvas/actions_contactcard_common.class.php @@ -283,28 +283,28 @@ abstract class ActionsContactCardCommon // phpcs:enable global $langs, $mysoc; - $this->object->old_name = $_POST["old_name"]; - $this->object->old_firstname = $_POST["old_firstname"]; + $this->object->old_name = GETPOST("old_name"); + $this->object->old_firstname = GETPOST("old_firstname"); - $this->object->socid = $_POST["socid"]; - $this->object->lastname = $_POST["name"]; - $this->object->firstname = $_POST["firstname"]; - $this->object->civility_id = $_POST["civility_id"]; - $this->object->poste = $_POST["poste"]; - $this->object->address = $_POST["address"]; - $this->object->zip = $_POST["zipcode"]; - $this->object->town = $_POST["town"]; - $this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id; - $this->object->state_id = $_POST["state_id"]; - $this->object->phone_pro = $_POST["phone_pro"]; - $this->object->phone_perso = $_POST["phone_perso"]; - $this->object->phone_mobile = $_POST["phone_mobile"]; - $this->object->fax = $_POST["fax"]; - $this->object->email = $_POST["email"]; - $this->object->jabberid = $_POST["jabberid"]; - $this->object->priv = $_POST["priv"]; - $this->object->note = $_POST["note"]; - $this->object->canvas = $_POST["canvas"]; + $this->object->socid = GETPOST("socid"); + $this->object->lastname = GETPOST("name"); + $this->object->firstname = GETPOST("firstname"); + $this->object->civility_id = GETPOST("civility_id"); + $this->object->poste = GETPOST("poste"); + $this->object->address = GETPOST("address"); + $this->object->zip = GETPOST("zipcode"); + $this->object->town = GETPOST("town"); + $this->object->country_id = GETPOST("country_id") ? GETPOST("country_id") : $mysoc->country_id; + $this->object->state_id = GETPOST("state_id"); + $this->object->phone_pro = GETPOST("phone_pro"); + $this->object->phone_perso = GETPOST("phone_perso"); + $this->object->phone_mobile = GETPOST("phone_mobile"); + $this->object->fax = GETPOST("fax"); + $this->object->email = GETPOST("email"); + $this->object->jabberid = GETPOST("jabberid"); + $this->object->priv = GETPOST("priv"); + $this->object->note = GETPOST("note", "restricthtml"); + $this->object->canvas = GETPOST("canvas"); // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 421b88ea6b8..b337f0980e6 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -561,7 +561,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $object->state_id = GETPOST("state_id"); // We set country_id, country_code and label for the selected country - $object->country_id = $_POST["country_id"] ?GETPOST("country_id") : (empty($objsoc->country_id) ? $mysoc->country_id : $objsoc->country_id); + $object->country_id = GETPOST("country_id") ? GETPOST("country_id", "int") : (empty($objsoc->country_id) ? $mysoc->country_id : $objsoc->country_id); if ($object->country_id) { $tmparray = getCountry($object->country_id, 'all'); $object->country_code = $tmparray['code']; diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index 807d54c4651..628c73b0afc 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -49,8 +49,8 @@ if ($action == 'update' && !GETPOST("cancel") && $user->rights->societe->contact $ret = $object->fetch($id); // Note: Correct date should be completed with location to have exact GM time of birth. - $object->birthday = dol_mktime(0, 0, 0, $_POST["birthdaymonth"], $_POST["birthdayday"], $_POST["birthdayyear"]); - $object->birthday_alert = $_POST["birthday_alert"]; + $object->birthday = dol_mktime(0, 0, 0, GETPOST("birthdaymonth"), GETPOST("birthdayday"), GETPOST("birthdayyear")); + $object->birthday_alert = GETPOST("birthday_alert"); if (GETPOST('deletephoto')) { $object->photo = ''; diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 8f8f8e665f7..f56b9f6070e 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -912,8 +912,8 @@ class FormMail extends Form } } - if (GETPOSTISSET("message") && !$_POST['modelselected']) { - $defaultmessage = $_POST["message"]; + if (GETPOSTISSET("message") && !GETPOST('modelselected')) { + $defaultmessage = GETPOST("message", "restricthtml"); } else { $defaultmessage = make_substitutions($defaultmessage, $this->substit); // Clean first \n and br (to avoid empty line when CONTACTCIVNAME is empty) diff --git a/htdocs/core/class/rssparser.class.php b/htdocs/core/class/rssparser.class.php index 0f09d232712..c11bdd5563d 100644 --- a/htdocs/core/class/rssparser.class.php +++ b/htdocs/core/class/rssparser.class.php @@ -181,7 +181,7 @@ class RssParser * @param string $urlRSS Url to parse * @param int $maxNb Max nb of records to get (0 for no limit) * @param int $cachedelay 0=No cache, nb of seconds we accept cache files (cachedir must also be defined) - * @param string $cachedir Directory where to save cache file + * @param string $cachedir Directory where to save cache file (For example $conf->externalrss->dir_temp) * @return int <0 if KO, >0 if OK */ public function parser($urlRSS, $maxNb = 0, $cachedelay = 60, $cachedir = '') @@ -189,6 +189,7 @@ class RssParser global $conf; include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + include_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; $rss = ''; $str = ''; // This will contain content of feed @@ -225,21 +226,10 @@ class RssParser $str = file_get_contents($newpathofdestfile); } else { try { - ini_set("user_agent", "Dolibarr ERP-CRM RSS reader"); - ini_set("max_execution_time", $conf->global->MAIN_USE_RESPONSE_TIMEOUT); - ini_set("default_socket_timeout", $conf->global->MAIN_USE_RESPONSE_TIMEOUT); - - $opts = array('http'=>array('method'=>"GET")); - if (!empty($conf->global->MAIN_USE_CONNECT_TIMEOUT)) { - $opts['http']['timeout'] = $conf->global->MAIN_USE_CONNECT_TIMEOUT; + $result = getURLContent($this->_urlRSS, 'GET', '', 1, array(), array('http', 'https'), 0); + if (!empty($result['content'])) { + $str = $result['content']; } - if (!empty($conf->global->MAIN_PROXY_USE)) { - $opts['http']['proxy'] = 'tcp://'.$conf->global->MAIN_PROXY_HOST.':'.$conf->global->MAIN_PROXY_PORT; - } - //var_dump($opts);exit; - $context = stream_context_create($opts); - - $str = file_get_contents($this->_urlRSS, false, $context); } catch (Exception $e) { print 'Error retrieving URL '.$this->_urlRSS.' - '.$e->getMessage(); } diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 72de6036e8f..7157b1a7c62 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -568,7 +568,7 @@ function dolibarr_get_const($db, $name, $entity = 1) * @param DoliDB $db Database handler * @param string $name Name of constant * @param string $value Value of constant - * @param string $type Type of constante (chaine par defaut) + * @param string $type Type of constant ('chaine by default) * @param int $visible Is constant visible in Setup->Other page (0 by default) * @param string $note Note on parameter * @param int $entity Multi company id (0 means all entities) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index c6d4960ca3a..6769c9a58d7 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -3531,14 +3531,15 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'delete', 'dolly', 'dollyrevert', 'donation', 'download', 'edit', 'ellipsis-h', 'email', 'eraser', 'external-link-alt', 'external-link-square-alt', 'filter', 'file-code', 'file-export', 'file-import', 'file-upload', 'folder', 'folder-open', 'globe', 'globe-americas', 'grip', 'grip_title', 'group', 'help', 'holiday', - 'info', 'intervention', 'inventory', 'label', 'language', 'link', 'list', 'listlight', 'loan', 'lot', 'long-arrow-alt-right', + 'info', 'intervention', 'inventory', 'intracommreport', + 'label', 'language', 'link', 'list', 'listlight', 'loan', 'lot', 'long-arrow-alt-right', 'margin', 'map-marker-alt', 'member', 'meeting', 'money-bill-alt', 'movement', 'mrp', 'note', 'next', 'object_accounting', 'object_account', 'object_accountline', 'object_action', 'object_asset', 'object_barcode', 'object_bill', 'object_billr', 'object_billa', 'object_billd', 'object_bom', 'object_category', 'conferenceorbooth', 'object_conversation', 'object_bookmark', 'object_bug', 'object_clock', 'object_dolly', 'object_dollyrevert', 'object_folder', 'object_folder-open','object_generic', 'object_list-alt', 'object_calendar', 'object_calendarweek', 'object_calendarmonth', 'object_calendarday', 'object_calendarperuser', 'object_cash-register', 'object_company', 'object_contact', 'object_contract', 'object_cron', 'object_donation', 'object_dynamicprice', - 'object_globe', 'object_holiday', 'object_hrm', 'object_invoice', 'object_intervention', 'object_inventory', 'object_label', + 'object_globe', 'object_holiday', 'object_hrm', 'object_invoice', 'object_intervention', 'object_inventory', 'object_intracommreport', 'object_label', 'object_margin', 'object_members', 'object_money-bill-alt', 'object_multicurrency', 'object_order', 'object_payment', 'object_lot', 'object_mrp', 'object_other', 'object_payment', 'object_pdf', 'object_product', 'object_propal', @@ -3586,7 +3587,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'email'=>'at', 'edit'=>'pencil-alt', 'grip_title'=>'arrows-alt', 'grip'=>'arrows-alt', 'help'=>'question-circle', 'generic'=>'file', 'holiday'=>'umbrella-beach', - 'info'=>'info-circle', 'inventory'=>'boxes', 'label'=>'layer-group', 'loan'=>'money-bill-alt', + 'info'=>'info-circle', 'inventory'=>'boxes', 'intracommreport'=>'globe-europe', 'label'=>'layer-group', 'loan'=>'money-bill-alt', 'member'=>'user-alt', 'meeting'=>'chalkboard-teacher', 'mrp'=>'cubes', 'next'=>'arrow-alt-circle-right', 'trip'=>'wallet', 'group'=>'users', 'movement'=>'people-carry', 'sign-out'=>'sign-out-alt', diff --git a/htdocs/core/modules/modIntracommreport.class.php b/htdocs/core/modules/modIntracommreport.class.php index 077f51ab519..47ef889e2dd 100644 --- a/htdocs/core/modules/modIntracommreport.class.php +++ b/htdocs/core/modules/modIntracommreport.class.php @@ -44,13 +44,13 @@ class modIntracommreport extends DolibarrModules $this->numero = 68000; $this->family = "financial"; - $this->module_position = '100'; + $this->module_position = '60'; // Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module) $this->name = preg_replace('/^mod/i', '', get_class($this)); $this->description = "Intracomm report management (Support for French DEB/DES format)"; // Possible values for version are: 'development', 'experimental', 'dolibarr' or 'dolibarr_deprecated' or version - $this->version = 'development'; + $this->version = 'experimental'; $this->const_name = 'MAIN_MODULE_'.strtoupper($this->name); $this->picto = 'intracommreport'; diff --git a/htdocs/core/modules/modProductBatch.class.php b/htdocs/core/modules/modProductBatch.class.php index 3d8359ebc3a..79529898bb0 100644 --- a/htdocs/core/modules/modProductBatch.class.php +++ b/htdocs/core/modules/modProductBatch.class.php @@ -76,8 +76,24 @@ class modProductBatch extends DolibarrModules $this->need_dolibarr_version = array(3, 0); // Minimum version of Dolibarr required by module $this->langfiles = array("productbatch"); + // Constants // Constants $this->const = array(); + $r = 0; + + $this->const[$r][0] = "PRODUCTBATCH_LOT_ADDON"; + $this->const[$r][1] = "chaine"; + $this->const[$r][2] = "mod_lot_free"; + $this->const[$r][3] = 'Module to control product codes'; + $this->const[$r][4] = 0; + $r++; + + $this->const[$r][0] = "PRODUCTBATCH_SN_ADDON"; + $this->const[$r][1] = "chaine"; + $this->const[$r][2] = "mod_sn_free"; + $this->const[$r][3] = 'Module to control product codes'; + $this->const[$r][4] = 0; + $r++; $this->tabs = array(); diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index d22006a52d0..0312c851de3 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -417,13 +417,11 @@ if (empty($reshook)) { dol_print_error($db, $object->error); } } elseif ($action == "setabsolutediscount" && $usercancreate) { - // POST[remise_id] or POST[remise_id_for_payment] - // We use the credit to reduce amount of invoice - if (!empty($_POST["remise_id"])) { + if (GETPOST("remise_id", "int")) { $ret = $object->fetch($id); if ($ret > 0) { - $result = $object->insert_discount($_POST["remise_id"]); + $result = $object->insert_discount(GETPOST("remise_id", "int")); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } @@ -432,10 +430,10 @@ if (empty($reshook)) { } } // We use the credit to reduce remain to pay - if (!empty($_POST["remise_id_for_payment"])) { + if (GETPOST("remise_id_for_payment", "int")) { require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php'; $discount = new DiscountAbsolute($db); - $discount->fetch($_POST["remise_id_for_payment"]); + $discount->fetch(GETPOST("remise_id_for_payment", "int")); //var_dump($object->getRemainToPay(0)); //var_dump($discount->amount_ttc);exit; @@ -1082,14 +1080,14 @@ if (empty($reshook)) { $prod = new Product($db); $prod->fetch(GETPOST('productid')); $label = $prod->description; - if (trim($_POST['product_desc']) != trim($label)) { - $label = $_POST['product_desc']; + if (trim(GETPOST('product_desc', 'restricthtml')) != trim($label)) { + $label = GETPOST('product_desc', 'restricthtml'); } $type = $prod->type; } else { - $label = $_POST['product_desc']; - $type = $_POST["type"] ? $_POST["type"] : 0; + $label = GETPOST('product_desc', 'restricthtml'); + $type = GETPOST("type") ? GETPOST("type") : 0; } $date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear')); diff --git a/htdocs/modulebuilder/admin/setup.php b/htdocs/modulebuilder/admin/setup.php index e9e3ea752f5..62eccc5be18 100644 --- a/htdocs/modulebuilder/admin/setup.php +++ b/htdocs/modulebuilder/admin/setup.php @@ -33,9 +33,11 @@ if (!$user->admin || empty($conf->modulebuilder->enabled)) { $action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); + /* * Actions */ + if ($action == "update") { $res1 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_README', GETPOST('MODULEBUILDER_SPECIFIC_README', 'restricthtml'), 'chaine', 0, '', $conf->entity); $res2 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTOR', GETPOST('MODULEBUILDER_ASCIIDOCTOR', 'nohtml'), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/multicurrency/multicurrency_rate.php b/htdocs/multicurrency/multicurrency_rate.php index da7921fa7fe..8f5336450b8 100644 --- a/htdocs/multicurrency/multicurrency_rate.php +++ b/htdocs/multicurrency/multicurrency_rate.php @@ -102,11 +102,18 @@ $arrayfields = array( $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); +// Access control +// TODO Open this page to a given permission so a sale representative can modify change rates. Permission should be added into module multicurrency. +// One permission to read rates (history) and one to add/edit rates. +if (!$user->admin || empty($conf->multicurrency->enabled)) { + accessforbidden(); +} /* * Actions */ + if ($action == "create") { if (!empty($rateinput)) { $currencyRate_static = new CurrencyRate($db); @@ -225,6 +232,7 @@ if (empty($reshook)) { include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php'; } + /* * View */ @@ -233,8 +241,9 @@ $htmlother = new FormOther($db); $title = $langs->trans("CurrencyRate"); $page_name = "ListCurrencyRate"; +$help_url = ''; -llxHeader('', $title, $helpurl, ''); +llxHeader('', $title, $help_url, ''); // Subheader $linkback = ''.$langs->trans("BackToModuleList").''; print load_fiche_titre($langs->trans($page_name), $linkback); diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index ede66c3e022..25bd65a77fe 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -66,9 +66,9 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo $nouveauchoix = ''; for ($i = 0; $i < $nbcolonnes; $i++) { - if (isset($_POST["choix$i"]) && $_POST["choix$i"] == '1') { + if (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '1') { $nouveauchoix .= "1"; - } elseif (isset($_POST["choix$i"]) && $_POST["choix$i"] == '2') { + } elseif (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '2') { $nouveauchoix .= "2"; } else { // sinon c'est 0 $nouveauchoix .= "0"; @@ -122,17 +122,16 @@ if ($testmodifier) { $nouveauchoix = ''; for ($i = 0; $i < $nbcolonnes; $i++) { - //var_dump($_POST["choix$i"]); - if (isset($_POST["choix$i"]) && $_POST["choix$i"] == '1') { + if (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '1') { $nouveauchoix .= "1"; - } elseif (isset($_POST["choix$i"]) && $_POST["choix$i"] == '2') { + } elseif (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '2') { $nouveauchoix .= "2"; } else { // sinon c'est 0 $nouveauchoix .= "0"; } } - $idtomodify = $_POST["idtomodify".$modifier]; + $idtomodify = GETPOST("idtomodify".$modifier); $sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_user_studs"; $sql .= " SET reponses = '".$db->escape($nouveauchoix)."'"; $sql .= " WHERE id_users = '".$db->escape($idtomodify)."'"; @@ -169,7 +168,7 @@ if (GETPOST("ajoutercolonne") && GETPOST('nouvellecolonne') && $object->format = } // Add column (with format date) -if (isset($_POST["ajoutercolonne"]) && $object->format == "D") { +if (GETPOSTISSET("ajoutercolonne") && $object->format == "D") { // Security check if (!$user->rights->opensurvey->write) { accessforbidden(); @@ -177,27 +176,27 @@ if (isset($_POST["ajoutercolonne"]) && $object->format == "D") { $nouveauxsujets = $object->sujet; - if (isset($_POST["nouveaujour"]) && $_POST["nouveaujour"] != "vide" && - isset($_POST["nouveaumois"]) && $_POST["nouveaumois"] != "vide" && - isset($_POST["nouvelleannee"]) && $_POST["nouvelleannee"] != "vide") { - $nouvelledate = dol_mktime(0, 0, 0, $_POST["nouveaumois"], $_POST["nouveaujour"], $_POST["nouvelleannee"]); + if (GETPOSTISSET("nouveaujour") && GETPOST("nouveaujour") != "vide" && + GETPOSTISSET("nouveaumois") && GETPOST("nouveaumois") != "vide" && + GETPOSTISSET("nouvelleannee") && GETPOST("nouvelleannee") != "vide") { + $nouvelledate = dol_mktime(0, 0, 0, GETPOST("nouveaumois"), GETPOST("nouveaujour"), GETPOST("nouvelleannee")); - if (isset($_POST["nouvelleheuredebut"]) && $_POST["nouvelleheuredebut"] != "vide") { + if (GETPOSTISSET("nouvelleheuredebut") && GETPOST("nouvelleheuredebut") != "vide") { $nouvelledate .= "@"; $nouvelledate .= GETPOST("nouvelleheuredebut"); $nouvelledate .= "h"; - if ($_POST["nouvelleminutedebut"] != "vide") { + if (GETPOST("nouvelleminutedebut") != "vide") { $nouvelledate .= GETPOST("nouvelleminutedebut"); } } - if (isset($_POST["nouvelleheurefin"]) && $_POST["nouvelleheurefin"] != "vide") { + if (GETPOSTISSET("nouvelleheurefin") && GETPOST("nouvelleheurefin") != "vide") { $nouvelledate .= "-"; $nouvelledate .= GETPOST("nouvelleheurefin"); $nouvelledate .= "h"; - if ($_POST["nouvelleminutefin"] != "vide") { + if (GETPOST("nouvelleminutefin") != "vide") { $nouvelledate .= GETPOST("nouvelleminutefin"); } } diff --git a/htdocs/product/admin/product_lot.php b/htdocs/product/admin/product_lot.php index 13b47e56afd..d1b87bf0b14 100644 --- a/htdocs/product/admin/product_lot.php +++ b/htdocs/product/admin/product_lot.php @@ -69,9 +69,9 @@ if ($action == 'updateMaskLot') { setEventMessages($langs->trans("Error"), null, 'errors'); } } elseif ($action == 'setmodlot') { - dolibarr_set_const($db, "LOT_ADDON", $value, 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "PRODUCTBATCH_LOT_ADDON", $value, 'chaine', 0, '', $conf->entity); } elseif ($action == 'setmodsn') { - dolibarr_set_const($db, "SN_ADDON", $value, 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "PRODUCTBATCH_SN_ADDON", $value, 'chaine', 0, '', $conf->entity); } /* @@ -89,7 +89,7 @@ print load_fiche_titre($langs->trans("ProductLotSetup"), $linkback, 'title_setup $head = product_lot_admin_prepare_head(); -dol_fiche_head($head, 'settings', $langs->trans("Batch"), -1, 'productbatch'); +print dol_get_fiche_head($head, 'settings', $langs->trans("Batch"), -1, 'lot'); /* * Lot Numbering models @@ -140,7 +140,7 @@ foreach ($dirmodels as $reldir) { print ''."\n"; print ''; - if ($conf->global->LOT_ADDON == $file) { + if ($conf->global->PRODUCTBATCH_LOT_ADDON == $file) { print img_picto($langs->trans("Activated"), 'switch_on'); } else { print ''; @@ -232,7 +232,7 @@ foreach ($dirmodels as $reldir) { print ''."\n"; print ''; - if ($conf->global->SN_ADDON == $file) { + if ($conf->global->PRODUCTBATCH_SN_ADDON == $file) { print img_picto($langs->trans("Activated"), 'switch_on'); } else { print ''; diff --git a/htdocs/product/admin/product_lot_extrafields.php b/htdocs/product/admin/product_lot_extrafields.php index fc14b4c142c..38af3a41f8d 100644 --- a/htdocs/product/admin/product_lot_extrafields.php +++ b/htdocs/product/admin/product_lot_extrafields.php @@ -77,7 +77,7 @@ print load_fiche_titre($title, $linkback, 'title_setup'); $head = product_lot_admin_prepare_head(); -print dol_get_fiche_head($head, 'attributes', $textobject, -1, 'stock'); +print dol_get_fiche_head($head, 'attributes', $textobject, -1, 'lot'); require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_view.tpl.php'; diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 58a177dddc4..2c0531acaea 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -405,8 +405,8 @@ if (empty($reshook)) { if (!empty($conf->global->PRODUIT_MULTIPRICES)) { for ($i = 2; $i <= $conf->global->PRODUIT_MULTIPRICES_LIMIT; $i++) { if (GETPOSTISSET("price_".$i)) { - $object->multiprices["$i"] = price2num($_POST["price_".$i], 'MU'); - $object->multiprices_base_type["$i"] = $_POST["multiprices_base_type_".$i]; + $object->multiprices["$i"] = price2num(GETPOST("price_".$i), 'MU'); + $object->multiprices_base_type["$i"] = GETPOST("multiprices_base_type_".$i); } else { $object->multiprices["$i"] = ""; } diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php index 9a1fa1adf69..6dd6a0ac89d 100644 --- a/htdocs/product/composition/card.php +++ b/htdocs/product/composition/card.php @@ -167,18 +167,18 @@ if ($action == 'search') { } $title = $langs->trans('ProductServiceCard'); -$helpurl = ''; +$help_url = ''; $shortlabel = dol_trunc($object->label, 16); if (GETPOST("type") == '0' || ($object->type == Product::TYPE_PRODUCT)) { $title = $langs->trans('Product')." ".$shortlabel." - ".$langs->trans('AssociatedProducts'); - $helpurl = 'EN:Module_Products|FR:Module_Produits|ES:Módulo_Productos'; + $help_url = 'EN:Module_Products|FR:Module_Produits|ES:Módulo_Productos'; } if (GETPOST("type") == '1' || ($object->type == Product::TYPE_SERVICE)) { $title = $langs->trans('Service')." ".$shortlabel." - ".$langs->trans('AssociatedProducts'); - $helpurl = 'EN:Module_Services_En|FR:Module_Services|ES:Módulo_Servicios'; + $help_url = 'EN:Module_Services_En|FR:Module_Services|ES:Módulo_Servicios'; } -llxHeader('', $title, $helpurl); +llxHeader('', $title, $help_url); $head = product_prepare_head($object); $titre = $langs->trans("CardProduct".$object->type); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 371713f0250..77659142744 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -217,7 +217,7 @@ if (empty($reshook)) { $langs->load("errors"); setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Supplier")), null, 'errors'); } - if (price2num($_POST["price"]) < 0 || $_POST["price"] == '') { + if (price2num(GETPOST("price")) < 0 || GETPOST("price") == '') { if ($price_expression === '') { // Return error of missing price only if price_expression not set $error++; $langs->load("errors"); diff --git a/htdocs/product/stock/movement_card.php b/htdocs/product/stock/movement_card.php index 31c71d9e2bd..3221c23aa8d 100644 --- a/htdocs/product/stock/movement_card.php +++ b/htdocs/product/stock/movement_card.php @@ -179,7 +179,7 @@ if ($action == "correct_stock") { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Product")), null, 'errors'); $action = 'correction'; } - if (!is_numeric($_POST["nbpiece"])) { + if (!is_numeric(GETPOST("nbpiece"))) { $error++; setEventMessages($langs->trans("ErrorFieldMustBeANumeric", $langs->transnoentitiesnoconv("NumberOfUnit")), null, 'errors'); $action = 'correction'; diff --git a/htdocs/product/stock/movement_list.php b/htdocs/product/stock/movement_list.php index aed4278bb0e..50982e0e084 100644 --- a/htdocs/product/stock/movement_list.php +++ b/htdocs/product/stock/movement_list.php @@ -247,7 +247,7 @@ if ($action == "correct_stock") { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Product")), null, 'errors'); $action = 'correction'; } - if (!is_numeric($_POST["nbpiece"])) { + if (!is_numeric(GETPOST("nbpiece"))) { $error++; setEventMessages($langs->trans("ErrorFieldMustBeANumeric", $langs->transnoentitiesnoconv("NumberOfUnit")), null, 'errors'); $action = 'correction'; diff --git a/htdocs/salaries/admin/index.html b/htdocs/salaries/admin/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/salaries/admin/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/salaries/list.php b/htdocs/salaries/list.php index 56aeac32a29..cca41dc2792 100644 --- a/htdocs/salaries/list.php +++ b/htdocs/salaries/list.php @@ -234,7 +234,7 @@ $help_url = ''; $title = $langs->trans('Salaries'); $sql = "SELECT u.rowid as uid, u.lastname, u.firstname, u.login, u.email, u.admin, u.salary as current_salary, u.fk_soc as fk_soc, u.statut as status,"; -$sql .= " s.rowid, s.fk_account, s.paye, s.fk_user, s.amount, s.salary, s.label, s.datesp, s.dateep, ps.fk_typepayment as paymenttype, "; +$sql .= " s.rowid, s.fk_account, s.paye, s.fk_user, s.amount, s.salary, s.label, s.datesp, s.dateep, s.fk_typepayment as paymenttype, "; $sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel, ba.iban_prefix as iban, ba.bic, ba.currency_code,"; $sql .= " pst.code as payment_code,"; $sql .= " SUM(ps.amount) as alreadypayed"; @@ -279,7 +279,7 @@ if ($search_type_id) { $sql .= " AND s.fk_typepayment=".$search_type_id; } $sql .= " GROUP BY u.rowid, u.lastname, u.firstname, u.login, u.email, u.admin, u.salary, u.fk_soc, u.statut,"; -$sql .= " s.rowid, s.fk_account, s.paye, s.fk_user, s.amount, s.salary, s.label, s.datesp, s.dateep, ps.fk_typepayment, s.fk_bank,"; +$sql .= " s.rowid, s.fk_account, s.paye, s.fk_user, s.amount, s.salary, s.label, s.datesp, s.dateep, s.fk_typepayment, s.fk_bank,"; $sql .= " ba.rowid, ba.ref, ba.number, ba.account_number, ba.fk_accountancy_journal, ba.label, ba.iban_prefix, ba.bic, ba.currency_code,"; $sql .= " pst.code"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php index 3b0eda077a2..eb9fe8bfd17 100644 --- a/htdocs/salaries/paiement_salary.php +++ b/htdocs/salaries/paiement_salary.php @@ -74,23 +74,23 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y $action = 'create'; } + // Read possible payments + foreach ($_POST as $key => $value) { + if (substr($key, 0, 7) == 'amount_') { + $other_chid = substr($key, 7); + $amounts[$other_chid] = price2num($_POST[$key]); + } + } + + if ($amounts[key($amounts)] <= 0) { + $error++; + setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Amount")), null, 'errors'); + $action = 'create'; + } + if (!$error) { $paymentid = 0; - // Read possible payments - foreach ($_POST as $key => $value) { - if (substr($key, 0, 7) == 'amount_') { - $other_chid = substr($key, 7); - $amounts[$other_chid] = price2num($_POST[$key]); - } - } - - if (count($amounts) <= 0) { - $error++; - setEventMessages($langs->trans("ErrorNoPaymentDefined"), null, 'errors'); - $action = 'create'; - } - if (!$error) { $db->begin(); @@ -271,12 +271,13 @@ if ($action == 'create') { if ($sumpaid < $objp->amount) { $namef = "amount_".$objp->id; $nameRemain = "remain_".$objp->id; + /* Disabled, we autofil the amount with remain to pay by default if (!empty($conf->use_javascript_ajax)) { print img_picto("Auto fill", 'rightarrow', "class='AutoFillAmount' data-rowid='".$namef."' data-value='".($objp->amount - $sumpaid)."'"); - } + } */ $remaintopay = $objp->amount - $sumpaid; print ''; - print ''; + print ''; } else { print '-'; } diff --git a/htdocs/salaries/payment_salary/index.html b/htdocs/salaries/payment_salary/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/salaries/payment_salary/index.html @@ -0,0 +1 @@ +