lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into 14a22

Browse Source
This commit is contained in:
Alexandre SPANGARO 2021-04-04 06:03:41 +02:00
commit f64d0377c5
437 changed files with 8872 additions and 3648 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitattributes vendored
View File

@ -18,6 +18,7 @@
*.pp text eol=lf
*.sh text eol=lf
*.yaml text eol=lf
*.conf text eol=lf
.bash_aliases text eol=lf
@ -26,6 +27,7 @@
*.ico binary
*.png binary
*.jpg binary
*.jpeg binary
*.odt binary
*.odf binary
*.frm binary

6
.github/CODE_OF_CONDUCT.md vendored
View File

@ -77,8 +77,8 @@ contact@dolibarr.org
## 10. License and attribution
This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](http://creativecommons.org/licenses/by-sa/3.0/).
This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](https://creativecommons.org/licenses/by-sa/3.0/).
Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](http://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy).
Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](https://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy).
Retrieved on November 22, 2016 from [http://citizencodeofconduct.org/](http://citizencodeofconduct.org/)
Retrieved on November 22, 2016 from [https://citizencodeofconduct.org/](http://citizencodeofconduct.org/)

2
COPYING
View File

@ -1,7 +1,7 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.

22
ChangeLog
View File

@ -25,7 +25,7 @@ Following changes may create regressions for some external modules, but were nec
* Field "total" renamed into "total_ttc" for table lx_propal, llx_supplier_proposal for better field name consistency
* If your database is PostgreSql, you must use version 9.1.0 or more (Dolibarr need the SQL function CONCAT)
* If your database is MySql or MariaDB, you need at least version 5.1
* Function set_price_level() has been renamed into setPriceLevel() to follow camelcase rules
***** ChangeLog for 13.0.2 compared to 13.0.1 *****
@ -49,21 +49,21 @@ FIX: #16533
FIX: #16629
FIX: #16671 Can not generate zip file of documents in backup tool
FIX: Add "Now" link on social charges creation card
FIX: avoid undefined url and missing token
FIX: avoid undefined URL and missing token
FIX: Bad project filter in ticket list
FIX: Buttons to disable bindings not working
FIX: class not found when creating recuring invoice from invoice+discount
FIX: File attachment on lots
FIX: File attachment on lots/batches
FIX: handling $heightforinfotot when he's superior to a page height on Supplier Invoice
FIX: hourglass and hide button to pay
FIX: massaction validate invoice do not regenerate pdf
FIX: massaction validate invoice do not regenerate PDF
FIX: missing mp4 video mime
FIX: picto on shipment to reset qty to 0. Some quantities were not reset.
FIX: Protection to avoid #16504
FIX: rounding amount on card updating
FIX: Rounding amount on social charges card updating
FIX: rounding amount on social charges card updating
FIX: select list dependencies now work for ModuleBuilder sellist field
FIX: Status in popup of member in widget
FIX: status in popup of member in widget
FIX: status on tooltip on widgets
FIX: Timezone management for datetime on list of events
FIX: Timezone management for datetime with modulebuilder and extrafields
@ -94,9 +94,9 @@ FIX: #16135
FIX: #16143
FIX: #16156
FIX: #16160
FIX: #16165 Create customer discount without vat
FIX: #16165 Create customer discount without VAT
FIX: #16185
FIX: #16189, fix download/see check deposit PDF
FIX: #16189 fix download/see check deposit PDF
FIX: #16215
FIX: Accountancy - label_operation is used instead of label_compte
FIX: Add critical price patch
@ -106,7 +106,7 @@ FIX: cash fence for takepos with multientity
FIX: CSRF errors on margin forms
FIX: encoding status in graph of vendor proposals
FIX: Fix detect dispached product and set to received completely when the supplier order have services (support STOCK_SUPPORTS_SERVICES)
FIX: Hide/Unhide external ICSS calendars
FIX: hide/unhide external ICS calendars
FIX: link to create event when task is in a project with a thirdparty
FIX: Localtax must be converted with price2num
FIX: manage price min for PRODUIT_CUSTOMER_PRICES
@ -127,7 +127,7 @@ FIX: warning when adding a line if $remise_percent is an empty string
FIX: status late on purchase orders
FIX: ODT generation very slow
FIX: amount in summary of report
FIX: vat value when code contains number
FIX: VAT value when code contains number
FIX: payment term label on PDF
FIX: date selector when using reduced year (like on smartphone)
@ -146,7 +146,7 @@ NEW: Accountancy - add options to disable binding on sales, purchases & expense
NEW: Accountancy balance - add a menu entry to show subtotal by group
NEW: Accountancy - change menu disposition
NEW: Accountancy - on transfers, select the periodicity by default
NEW: Accountancy - Add export for Gestinum (v3 & v5) #15180
NEW: Accountancy - add export for Gestinum (v3 & v5) #15180
NEW: new currency rate editor
NEW: Solve blocking feature. Can increase stock of a Kit without changing subproduct stock.
NEW: add a widget to show the customers with outstanding limits reached

5
README.md
View File

@ -98,7 +98,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog)
### Main application/modules (all optional)
- Customers, Prospects (Leads) and/or Suppliers directory + Contacts
- Members management
- Members/Membership management
- Products and/or Services catalog
- Commercial proposals management
- Customer & Supplier Orders management
@ -112,6 +112,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog)
- Shared calendar/agenda (with ical and vcal export for third party tools integration)
- Opportunities or Leads management
- Projects & Tasks management
- Ticket System
- Contracts management
- Interventions management
- Employee's leave requests management
@ -160,7 +161,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog)
- Canadian double taxes (federal/province) and other countries using cumulative VAT
- Tunisian tax stamp
- Argentina invoice numbering using A,B,C...
- Compatible with [European directives](http://europa.eu/legislation_summaries/taxation/l31057_en.htm) (2006/112/CE ... 2010/45/UE)
- Compatible with [European directives] (https://europa.eu/legislation_summaries/taxation/l31057_en.htm) (2006/112/CE ... 2010/45/UE)
- Compatible with European GDPR rules
- ...
- Flexible PDF & ODT generation for invoices, proposals, orders...

4
build/pdf/htmldoc_en.book
View File

@ -1,4 +1,4 @@
#HTMLDOC 1.8.27
-t pdf14 -f "../../doc/dolibarr_en.pdf" --webpage --no-title --logoimage "../../doc/images/dolibarr_256x256.png" --linkcolor #2200c0 --linkstyle plain --size Universal --left 0.30in --right 0.30in --top 0.40in --bottom 0.30in --header ... --header1 ... --footer c/d --nup 1 --tocheader ... --tocfooter ... --portrait --color --no-pscommands --no-xrxcomments --compression=9 --jpeg=50 --fontsize 10.0 --fontspacing 1.0 --headingfont Helvetica --bodyfont Helvetica --headfootsize 9.0 --headfootfont Helvetica --charset iso-8859-1 --links --no-embedfonts --pagemode document --pagelayout single --firstpage p1 --pageeffect none --pageduration 10 --effectduration 1.0 --no-encryption --permissions all --owner-password "" --user-password "" --browserwidth 680 --no-strict --no-overflow
http://wiki.dolibarr.org/index.php/Main_Page
http://wiki.dolibarr.org/index.php/What_Dolibarr_Do
https://wiki.dolibarr.org/index.php/Home
https://wiki.dolibarr.org/index.php/What_Dolibarr_Does

2
build/sitemap/README
View File

@ -1,5 +1,5 @@
# Format of sitemap file is available at
# http://www.sitemaps.org/protocol.html
# https://www.sitemaps.org/protocol.html
# To build a sitemap from urllist-bing.txt, run
# google-sitemapgen --config=config-bing.xml --testing

1
composer.json
View File

@ -29,7 +29,6 @@
"ckeditor/ckeditor" : "4.12.1",
"mike42/escpos-php" : "2.2",
"mobiledetect/mobiledetectlib" : "2.8.34",
"phpoffice/phpexcel" : "1.8.1",
"restler/framework" : "3.0.0-RC6",
"tecnickcom/tcpdf" : "6.3.2",
"nnnick/chartjs" : "^2.9",

4
dev/initdata/generate-product.php
View File

@ -102,8 +102,8 @@ for ($s = 0; $s < GEN_NUMBER_PRODUIT; $s++) {
$produit->ref = ($produit->type?'S':'P').time().$s;
$produit->label = 'Label '.time().$s;
$produit->description = 'Description '.time().$s;
$produit->price = mt_rand(1, 1000);
$produit->tva_tx = "19.6";
$produit->price = mt_rand(1, 999.99);
$produit->tva_tx = "20.0";
$ret=$produit->create($user);
if ($ret < 0) {
print "Error $ret - ".$produit->error."\n";

2
dev/resources/iso-normes/company_ids.txt
View File

@ -1,2 +1,2 @@
Spain https://incwell.eu/en/company-formation-spain/
France https://www.economie.gouv.fr/entreprises/numeros-identification-entreprise

11
doc/user/README-DE.md
View File

@ -6,7 +6,10 @@ Benutzeranleitung
--------------------------------
Alle Dolibarr-Informationen sind online verfuegbar ueber die Webseiten:
https://www.dolibarr.de
oder
https://www.dolibarr.org
https://wiki.dolibarr.org
https://www.dolibarr.de (de) oder https://www.dolibarr.org (intl)
https://wiki.dolibarr.org/index.php/Hauptseite (de)

6
htdocs/accountancy/admin/account.php
View File

@ -218,7 +218,7 @@ if ($db->type == 'pgsql') {
} else {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = aa.account_parent AND a2.entity = ".$conf->entity;
}
$sql .= " WHERE asy.rowid = ".$pcgver;
$sql .= " WHERE asy.rowid = ".((int) $pcgver);
//print $sql;
if (strlen(trim($search_account))) {
$lengthpaddingaccount = 0;
@ -349,7 +349,7 @@ if ($resql) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON a.fk_country = c.rowid AND c.active = 1";
$sql .= " WHERE a.active = 1";
dol_syslog('accountancy/admin/account.php $sql='.$sql);
print $sql;
$resqlchart = $db->query($sql);
if ($resqlchart) {
$numbis = $db->num_rows($resqlchart);
@ -430,7 +430,7 @@ if ($resql) {
print_liste_field_titre($arrayfields['aa.account_parent']['label'], $_SERVER["PHP_SELF"], "aa.account_parent", "", $param, '', $sortfield, $sortorder, 'left ');
}
if (!empty($arrayfields['aa.pcg_type']['checked'])) {
print_liste_field_titre($arrayfields['aa.pcg_type']['label'], $_SERVER["PHP_SELF"], 'aa.pcg_type', '', $param, '', $sortfield, $sortorder, '', $arrayfields['aa.pcg_type']['help']);
print_liste_field_titre($arrayfields['aa.pcg_type']['label'], $_SERVER["PHP_SELF"], 'aa.pcg_type', '', $param, '', $sortfield, $sortorder, '', $arrayfields['aa.pcg_type']['help'], 1);
}
if ($conf->global->MAIN_FEATURES_LEVEL >= 2) {
if (!empty($arrayfields['aa.reconcilable']['checked'])) {

2
htdocs/accountancy/admin/categories_list.php
View File

@ -149,7 +149,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
// Check that all fields are filled
$ok = 1;
foreach ($listfield as $f => $value) {
if ($value == 'formula' && empty($_POST['formula'])) {
if ($value == 'formula' && !GETPOST('formula')) {
continue;
}
if ($value == 'range_account' && empty($_POST['range_account'])) {

2
htdocs/accountancy/admin/index.php
View File

@ -81,7 +81,7 @@ if ($action == 'update') {
$constvalue = GETPOST($constname, 'alpha');
if ($constname == 'ACCOUNTING_DATE_START_BINDING') {
$constvalue = dol_mktime(12, 0, 0, GETPOST($constname.'month', 'int'), GETPOST($constname.'day', 'int'), GETPOST($constname.'year', 'int'));
$constvalue = dol_mktime(0, 0, 0, GETPOST($constname.'month', 'int'), GETPOST($constname.'day', 'int'), GETPOST($constname.'year', 'int'));
}
if (!dolibarr_set_const($db, $constname, $constvalue, 'chaine', 0, '', $conf->entity)) {

16
htdocs/accountancy/admin/productaccount.php
View File

@ -189,13 +189,13 @@ if ($action == 'update') {
$db->begin();
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_perentity (fk_product, entity, " . $accountancy_field_name . ")";
$sql .= " VALUES (" . ((int) $productid) . ", " . ((int) $conf->entity) . ", " . $accounting->account_number . ")";
$sql .= " ON DUPLICATE KEY UPDATE " . $accountancy_field_name . " = " . $accounting->account_number;
$sql = "INSERT INTO ".MAIN_DB_PREFIX."product_perentity (fk_product, entity, '".$db->escape($accountancy_field_name)."')";
$sql .= " VALUES (".((int) $productid).", ".((int) $conf->entity).", '".$db->escape($accounting->account_number)."')";
$sql .= " ON DUPLICATE KEY UPDATE ".$accountancy_field_name." = '".$db->escape($accounting->account_number)."'";
} else {
$sql = " UPDATE ".MAIN_DB_PREFIX."product";
$sql .= " SET " . $accountancy_field_name . " = " . $accounting->account_number;
$sql .= " WHERE rowid = " . ((int) $productid);
$sql .= " SET ".$accountancy_field_name." = '".$db->escape($accounting->account_number)."'";
$sql .= " WHERE rowid = ".((int) $productid);
}
dol_syslog("/accountancy/admin/productaccount.php sql=".$sql, LOG_DEBUG);
@ -280,14 +280,14 @@ $sql .= " p.tms, p.fk_product_type as product_type,";
$sql .= " aa.rowid as aaid";
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.account_number = pa." . $accountancy_field_name . " AND aa.fk_pcg_version = '" . $db->escape($pcgvercode) . "'";
} else {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.account_number = p." . $accountancy_field_name . " AND aa.fk_pcg_version = '" . $db->escape($pcgvercode) . "'";
}
$sql .= ' WHERE p.entity IN ('.getEntity('product').')';
if (strlen(trim($search_current_account))) {
$sql .= natural_search((!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa." : "p.") . $accountancy_field_name, $search_current_account);
$sql .= natural_search((empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p." : "pa.") . $accountancy_field_name, $search_current_account);
}
if ($search_current_account_valid == 'withoutvalidaccount') {
$sql .= " AND aa.account_number IS NULL";
@ -466,7 +466,7 @@ if ($result) {
} else {
print_liste_field_titre("OnBuy", $_SERVER["PHP_SELF"], "p.tobuy", "", $param, '', $sortfield, $sortorder, 'center ');
}
print_liste_field_titre("CurrentDedicatedAccountingAccount", $_SERVER["PHP_SELF"], (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa." : "p.") . $accountancy_field_name, "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("CurrentDedicatedAccountingAccount", $_SERVER["PHP_SELF"], (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p." : "pa.") . $accountancy_field_name, "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("AssignDedicatedAccountingAccount");
$clickpitco = $form->showCheckAddButtons('checkforselect', 1);
print_liste_field_titre($clickpitco, '', '', '', '', '', '', '', 'center ');

20
htdocs/accountancy/bookkeeping/list.php
View File

@ -45,14 +45,14 @@ $search_mvt_num = GETPOST('search_mvt_num', 'int');
$search_doc_type = GETPOST("search_doc_type", 'alpha');
$search_doc_ref = GETPOST("search_doc_ref", 'alpha');
$search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int'));
$search_date_end = dol_mktime(0, 0, 0, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
$search_date_end = dol_mktime(23, 59, 59, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
$search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int'));
$search_date_creation_start = dol_mktime(0, 0, 0, GETPOST('date_creation_startmonth', 'int'), GETPOST('date_creation_startday', 'int'), GETPOST('date_creation_startyear', 'int'));
$search_date_creation_end = dol_mktime(0, 0, 0, GETPOST('date_creation_endmonth', 'int'), GETPOST('date_creation_endday', 'int'), GETPOST('date_creation_endyear', 'int'));
$search_date_creation_end = dol_mktime(23, 59, 59, GETPOST('date_creation_endmonth', 'int'), GETPOST('date_creation_endday', 'int'), GETPOST('date_creation_endyear', 'int'));
$search_date_modification_start = dol_mktime(0, 0, 0, GETPOST('date_modification_startmonth', 'int'), GETPOST('date_modification_startday', 'int'), GETPOST('date_modification_startyear', 'int'));
$search_date_modification_end = dol_mktime(0, 0, 0, GETPOST('date_modification_endmonth', 'int'), GETPOST('date_modification_endday', 'int'), GETPOST('date_modification_endyear', 'int'));
$search_date_modification_end = dol_mktime(23, 59, 59, GETPOST('date_modification_endmonth', 'int'), GETPOST('date_modification_endday', 'int'), GETPOST('date_modification_endyear', 'int'));
$search_date_export_start = dol_mktime(0, 0, 0, GETPOST('date_export_startmonth', 'int'), GETPOST('date_export_startday', 'int'), GETPOST('date_export_startyear', 'int'));
$search_date_export_end = dol_mktime(0, 0, 0, GETPOST('date_export_endmonth', 'int'), GETPOST('date_export_endday', 'int'), GETPOST('date_export_endyear', 'int'));
$search_date_export_end = dol_mktime(23, 59, 59, GETPOST('date_export_endmonth', 'int'), GETPOST('date_export_endday', 'int'), GETPOST('date_export_endyear', 'int'));
//var_dump($search_date_start);exit;
if (GETPOST("button_delmvt_x") || GETPOST("button_delmvt.x") || GETPOST("button_delmvt")) {
@ -520,7 +520,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex
$sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping";
$sql .= " SET date_export = '".$db->idate($now)."'";
$sql .= " , date_validated = '".$db->idate($now)."'";
$sql .= " WHERE rowid = ".$movement->id;
$sql .= " WHERE rowid = ".((int) $movement->id);
dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG);
$result = $db->query($sql);
@ -727,7 +727,9 @@ if (!empty($arrayfields['t.piece_num']['checked'])) {
}
// Code journal
if (!empty($arrayfields['t.code_journal']['checked'])) {
print '<td class="liste_titre center"><input type="text" name="search_ledger_code" size="3" value="'.(is_array($search_ledger_code) ? join('|', $search_ledger_code) : $search_ledger_code).'"></td>';
print '<td class="liste_titre center">';
print $formaccounting->multi_select_journal($search_ledger_code, 'search_ledger_code', 0, 1, 1, 1);
print '</td>';
}
// Date document
if (!empty($arrayfields['t.doc_date']['checked'])) {
@ -748,12 +750,10 @@ if (!empty($arrayfields['t.doc_ref']['checked'])) {
if (!empty($arrayfields['t.numero_compte']['checked'])) {
print '<td class="liste_titre">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $formaccounting->select_account($search_accountancy_code_start, 'search_accountancy_code_start', 1, array(), 1, 1, 'maxwidth200');
print $formaccounting->select_account($search_accountancy_code_start, 'search_accountancy_code_start', $langs->trans('From'), array(), 1, 1, 'maxwidth200', 1);
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $formaccounting->select_account($search_accountancy_code_end, 'search_accountancy_code_end', 1, array(), 1, 1, 'maxwidth200');
print $formaccounting->select_account($search_accountancy_code_end, 'search_accountancy_code_end', $langs->trans('to'), array(), 1, 1, 'maxwidth200', 1);
print '</div>';
print '</td>';
}

2
htdocs/accountancy/bookkeeping/listbyaccount.php
View File

@ -46,7 +46,7 @@ $search_date_endyear = GETPOST('search_date_endyear', 'int');
$search_date_endmonth = GETPOST('search_date_endmonth', 'int');
$search_date_endday = GETPOST('search_date_endday', 'int');
$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear);
$search_date_end = dol_mktime(0, 0, 0, $search_date_endmonth, $search_date_endday, $search_date_endyear);
$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear);
$search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int'));
$search_date_export_startyear = GETPOST('search_date_export_startyear', 'int');
$search_date_export_startmonth = GETPOST('search_date_export_startmonth', 'int');

4
htdocs/accountancy/class/accountancycategory.class.php
View File

@ -428,7 +428,7 @@ class AccountancyCategory // extends CommonObject
global $conf;
$sql = "SELECT t.rowid, t.account_number, t.label";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t";
$sql .= " WHERE t.fk_accounting_category = ".$id;
$sql .= " WHERE t.fk_accounting_category = ".((int) $id);
$sql .= " AND t.entity = ".$conf->entity;
$this->lines_display = array();
@ -863,7 +863,7 @@ class AccountancyCategory // extends CommonObject
if (!empty($cat_id)) {
$sql = "SELECT t.rowid, t.account_number, t.label as account_label";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t";
$sql .= " WHERE t.fk_accounting_category = ".$cat_id;
$sql .= " WHERE t.fk_accounting_category = ".((int) $cat_id);
$sql .= " AND t.entity = ".$conf->entity;
$sql .= " ORDER BY t.account_number";
} else {

4
htdocs/accountancy/class/accountancyexport.class.php
View File

@ -1644,7 +1644,7 @@ class AccountancyExport
// Get new customer invoice ref and company name
$sql = 'SELECT f.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture as f';
$sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON f.fk_soc = s.rowid';
$sql .= ' WHERE f.rowid = ' . $line->fk_doc;
$sql .= ' WHERE f.rowid = '.((int) $line->fk_doc);
$resql = $this->db->query($sql);
if ($resql) {
if ($obj = $this->db->fetch_object($resql)) {
@ -1658,7 +1658,7 @@ class AccountancyExport
// Get new supplier invoice ref and company name
$sql = 'SELECT ff.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture_fourn as ff';
$sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON ff.fk_soc = s.rowid';
$sql .= ' WHERE ff.rowid = ' . $line->fk_doc;
$sql .= ' WHERE ff.rowid = '.((int) $line->fk_doc);
$resql = $this->db->query($sql);
if ($resql) {
if ($obj = $this->db->fetch_object($resql)) {

101
htdocs/accountancy/class/accountancyimport.class.php Normal file
View File

@ -0,0 +1,101 @@
<?php
/*
* Copyright (C) 2007-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2014 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2015 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2015 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
* Copyright (C) 2016 Pierre-Henry Favre <phf@atm-consulting.fr>
* Copyright (C) 2016-2020 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2017 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2017 Elarifr. Ari Elbaz <github@accedinfo.com>
* Copyright (C) 2017-2019 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2017 André Schild <a.schild@aarboard.ch>
* Copyright (C) 2020 Guillaume Alexandre <guillaume@tag-info.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/accountancy/class/accountancyimport.class.php
* \ingroup Accountancy (Double entries)
* \brief Class accountancy import
*/
/**
* Manage the different format accountancy import
*/
class AccountancyImport
{
/**
* Compute amount
*
* @param array $arrayrecord Array of read values: [fieldpos] => (['val']=>val, ['type']=>-1=null,0=blank,1=string), [fieldpos+1]...
* @param string $fieldname Field name with alias
* @param array $listfields Fields list to add
* @param array $listvalues Values list to add
* @return int <0 if KO, >0 if OK
*/
public function computeAmount(&$arrayrecord, $fieldname, &$listfields, &$listvalues)
{
$fieldArr = explode('.', $fieldname);
if (count($fieldArr) > 0) {
$fieldname = $fieldArr[1];
}
$debit = trim($arrayrecord[11]['val']);
$credit = trim($arrayrecord[12]['val']);
if (!empty($debit)) {
$amount = $debit;
} else {
$amount = $credit;
}
$listfields[] = $fieldname;
$listvalues[] = "'" . abs($amount) . "'";
return 1;
}
/**
* Compute sens
*
* @param array $arrayrecord Array of read values: [fieldpos] => (['val']=>val, ['type']=>-1=null,0=blank,1=string), [fieldpos+1]...
* @param string $fieldname Field name with alias
* @param array $listfields Fields list to add
* @param array $listvalues Values list to add
* @return int <0 if KO, >0 if OK
*/
public function computeDirection(&$arrayrecord, $fieldname, &$listfields, &$listvalues)
{
$fieldArr = explode('.', $fieldname);
if (count($fieldArr) > 0) {
$fieldname = $fieldArr[1];
}
$debit = trim($arrayrecord[11]['val']);
if (!empty($debit)) {
$sens = 'D';
} else {
$sens = 'C';
}
$listfields[] = $fieldname;
$listvalues[] = "'" . $sens . "'";
return 1;
}
}

6
htdocs/accountancy/closure/index.php
View File

@ -91,9 +91,9 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting-
$sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping";
$sql .= " SET date_validated = '".$db->idate($now)."'";
$sql .= " WHERE rowid = ".$movement->id;
$sql .= " AND doc_date >= '" . dol_print_date($date_start, 'dayrfc') . "'";
$sql .= " AND doc_date <= '" . dol_print_date($date_end, 'dayrfc') . "'";
$sql .= " WHERE rowid = ".((int) $movement->id);
$sql .= " AND doc_date >= '" . $db->idate($date_start) . "'";
$sql .= " AND doc_date <= '" . $db->idate($date_end) . "'";
dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG);
$result = $db->query($sql);

4
htdocs/accountancy/customer/card.php
View File

@ -61,7 +61,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) {
}
$sql = " UPDATE ".MAIN_DB_PREFIX."facturedet";
$sql .= " SET fk_code_ventilation = ".$codeventil;
$sql .= " SET fk_code_ventilation = ".((int) $codeventil);
$sql .= " WHERE rowid = ".((int) $id);
$resql = $db->query($sql);
@ -110,7 +110,7 @@ if (!empty($id)) {
$sql .= " FROM ".MAIN_DB_PREFIX."facturedet as l";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON l.fk_code_ventilation = aa.rowid";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = l.fk_facture";

16
htdocs/accountancy/customer/index.php
View File

@ -147,12 +147,12 @@ if ($action == 'validatehistory') {
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
}
$alias_company_accounting = !empty($conf->global->ACCOUNTANCY_COMPANY_SHARED) ? "sa" : "s";
$alias_product_accounting = !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_accounting . ".accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_accounting . ".accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_accounting . ".accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_company_accounting . ".accountancy_code_sell = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
$alias_societe_perentity = empty($conf->global->ACCOUNTANCY_COMPANY_SHARED) ? "s" : "sa";
$alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_perentity . ".accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_perentity . ".accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_perentity . ".accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_societe_perentity . ".accountancy_code_sell = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
@ -207,8 +207,8 @@ if ($action == 'validatehistory') {
if ($objp->aarowid_suggest > 0) {
$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facturedet";
$sqlupdate .= " SET fk_code_ventilation = ".$objp->aarowid_suggest;
$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
$sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest);
$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid);
$resqlupdate = $db->query($sqlupdate);
if (!$resqlupdate) {

4
htdocs/accountancy/customer/lines.php
View File

@ -183,7 +183,7 @@ $sql = "SELECT f.rowid as facid, f.ref as ref, f.type, f.datef, f.ref_client,";
$sql .= " fd.rowid, fd.description, fd.product_type as line_type, fd.total_ht, fd.total_tva, fd.tva_tx, fd.vat_src_code, fd.total_ttc,";
$sql .= " s.rowid as socid, s.nom as name, s.code_compta, s.code_client,";
$sql .= " p.rowid as product_id, p.fk_product_type as product_type, p.ref as product_ref, p.label as product_label,";
if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " pa.accountancy_code_sell,";
} else {
$sql .= " p.accountancy_code_sell,";
@ -198,7 +198,7 @@ $sql .= $hookmanager->resPrint;
$sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = fd.fk_product";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
}
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON aa.rowid = fd.fk_code_ventilation";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = fd.fk_facture";

18
htdocs/accountancy/customer/list.php
View File

@ -218,7 +218,7 @@ if (empty($chartaccountcode)) {
$sql = "SELECT f.rowid as facid, f.ref as ref, f.datef, f.type as ftype,";
$sql .= " l.rowid, l.fk_product, l.description, l.total_ht, l.fk_code_ventilation, l.product_type as type_l, l.tva_tx as tva_tx_line, l.vat_src_code,";
$sql .= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type, p.tva_tx as tva_tx_prod,";
if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " pa.accountancy_code_sell as code_sell, pa.accountancy_code_sell_intra as code_sell_intra, pa.accountancy_code_sell_export as code_sell_export,";
$sql .= " pa.accountancy_code_buy as code_buy, pa.accountancy_code_buy_intra as code_buy_intra, pa.accountancy_code_buy_export as code_buy_export,";
} else {
@ -240,20 +240,20 @@ $sql .= $hookmanager->resPrint;
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
if (!empty($conf->global->ACCOUNTANCY_COMPANY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_accounting as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity);
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_perentity as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as l ON f.rowid = l.fk_facture";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
}
$alias_company_accounting = empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED) ? "s" : "sa";
$alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_accounting . ".accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_accounting . ".accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_accounting . ".accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_company_accounting . ".accountancy_code_sell = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
$alias_societe_perentity = empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED) ? "s" : "sa";
$alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_perentity . ".accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_perentity . ".accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_perentity . ".accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_societe_perentity . ".accountancy_code_sell = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";

2
htdocs/accountancy/expensereport/card.php
View File

@ -64,7 +64,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) {
}
$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det";
$sql .= " SET fk_code_ventilation = ".$codeventil;
$sql .= " SET fk_code_ventilation = ".((int) $codeventil);
$sql .= " WHERE rowid = ".((int) $id);
$resql = $db->query($sql);

4
htdocs/accountancy/expensereport/list.php
View File

@ -153,8 +153,8 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
$ko++;
} else {
$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det";
$sql .= " SET fk_code_ventilation = ".$monCompte;
$sql .= " WHERE rowid = ".$monId;
$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
$sql .= " WHERE rowid = ".((int) $monId);
$accountventilated = new AccountingAccount($db);
$accountventilated->fetch($monCompte, '', 1);

2
htdocs/accountancy/journal/bankjournal.php
View File

@ -421,7 +421,7 @@ if ($result) {
//$tabtp[$obj->rowid][$account_pay_loan] += $obj->amount;
$sqlmid = 'SELECT pl.amount_capital, pl.amount_insurance, pl.amount_interest, l.accountancy_account_capital, l.accountancy_account_insurance, l.accountancy_account_interest';
$sqlmid .= ' FROM '.MAIN_DB_PREFIX.'payment_loan as pl, '.MAIN_DB_PREFIX.'loan as l';
$sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.$obj->rowid;
$sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.((int) $obj->rowid);
dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=".$sqlmid, LOG_DEBUG);
$resultmid = $db->query($sqlmid);

3
htdocs/accountancy/journal/sellsjournal.php
View File

@ -115,8 +115,9 @@ if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " p.accountancy_code_sell";
}
$sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = fd.fk_product";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON aa.rowid = fd.fk_code_ventilation";
$sql .= " JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = fd.fk_facture";

2
htdocs/accountancy/supplier/card.php
View File

@ -64,7 +64,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) {
}
$sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
$sql .= " SET fk_code_ventilation = ".$codeventil;
$sql .= " SET fk_code_ventilation = ".((int) $codeventil);
$sql .= " WHERE rowid = ".((int) $id);
$resql = $db->query($sql);

4
htdocs/accountancy/supplier/index.php
View File

@ -193,8 +193,8 @@ if ($action == 'validatehistory') {
if ($objp->aarowid_suggest > 0) {
$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
$sqlupdate .= " SET fk_code_ventilation = ".$objp->aarowid_suggest;
$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
$sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest);
$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid);
$resqlupdate = $db->query($sqlupdate);
if (!$resqlupdate) {

20
htdocs/accountancy/supplier/list.php
View File

@ -177,8 +177,8 @@ if ($massaction == 'ventil') {
$ko++;
} else {
$sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
$sql .= " SET fk_code_ventilation = ".$monCompte;
$sql .= " WHERE rowid = ".$monId;
$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
$sql .= " WHERE rowid = ".((int) $monId);
$accountventilated = new AccountingAccount($db);
$accountventilated->fetch($monCompte, '', 1);
@ -245,19 +245,19 @@ $sql .= $hookmanager->resPrint;
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
if (!empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_accounting as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity);
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_perentity as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture_fourn_det as l ON f.rowid = l.fk_facture_fourn";
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity);
}
$alias_company_accounting = !empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED) ? "sa" : "s";
$alias_product_accounting = !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_accounting . ".accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_accounting . ".accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_accounting . ".accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_company_accounting . ".accountancy_code_buy = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
$alias_societe_perentity = empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED) ? "s" : "sa";
$alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_perentity . ".accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_perentity . ".accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_perentity . ".accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_societe_perentity . ".accountancy_code_buy = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
// Define begin binding date

2
htdocs/adherents/canvas/actions_adherentcard_common.class.php
View File

@ -273,7 +273,7 @@ abstract class ActionsAdherentCardCommon
// We set country_id, and country_code label of the chosen country
if ($this->object->country_id) {
$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id;
$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

133
htdocs/adherents/card.php
View File

@ -7,6 +7,7 @@
* Copyright (C) 2012-2020 Philippe Grand <philippe.grand@atoo-net.com>
* Copyright (C) 2015-2018 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2018-2020 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2021 Waël Almoman <info@almoman.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -331,62 +332,66 @@ if (empty($reshook)) {
}
}
$result = $object->update($user, 0, $nosyncuser, $nosyncuserpass);
if (!$error) {
$result = $object->update($user, 0, $nosyncuser, $nosyncuserpass);
if ($result >= 0 && !count($object->errors)) {
$categories = GETPOST('memcats', 'array');
$object->setCategories($categories);
if ($result >= 0 && !count($object->errors)) {
$categories = GETPOST('memcats', 'array');
$object->setCategories($categories);
// Logo/Photo save
$dir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos';
$file_OK = is_uploaded_file($_FILES['photo']['tmp_name']);
if ($file_OK) {
if (GETPOST('deletephoto')) {
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$fileimg = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/'.$object->photo;
$dirthumbs = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/thumbs';
dol_delete_file($fileimg);
dol_delete_dir_recursive($dirthumbs);
}
// Logo/Photo save
$dir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos';
$file_OK = is_uploaded_file($_FILES['photo']['tmp_name']);
if ($file_OK) {
if (GETPOST('deletephoto')) {
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$fileimg = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/'.$object->photo;
$dirthumbs = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/thumbs';
dol_delete_file($fileimg);
dol_delete_dir_recursive($dirthumbs);
}
if (image_format_supported($_FILES['photo']['name']) > 0) {
dol_mkdir($dir);
if (image_format_supported($_FILES['photo']['name']) > 0) {
dol_mkdir($dir);
if (@is_dir($dir)) {
$newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']);
if (!dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']) > 0) {
setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors');
} else {
// Create thumbs
$object->addThumbs($newfile);
if (@is_dir($dir)) {
$newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']);
if (!dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']) > 0) {
setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors');
} else {
// Create thumbs
$object->addThumbs($newfile);
}
}
} else {
setEventMessages("ErrorBadImageFormat", null, 'errors');
}
} else {
setEventMessages("ErrorBadImageFormat", null, 'errors');
switch ($_FILES['photo']['error']) {
case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini
case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form
$errors[] = "ErrorFileSizeTooLarge";
break;
case 3: //uploaded file was only partially uploaded
$errors[] = "ErrorFilePartiallyUploaded";
break;
}
}
$rowid = $object->id;
$id = $object->id;
$action = '';
if (!empty($backtopage)) {
header("Location: ".$backtopage);
exit;
}
} else {
switch ($_FILES['photo']['error']) {
case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini
case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form
$errors[] = "ErrorFileSizeTooLarge";
break;
case 3: //uploaded file was only partially uploaded
$errors[] = "ErrorFilePartiallyUploaded";
break;
}
}
$rowid = $object->id;
$id = $object->id;
$action = '';
if (!empty($backtopage)) {
header("Location: ".$backtopage);
exit;
setEventMessages($object->error, $object->errors, 'errors');
$action = '';
}
} else {
setEventMessages($object->error, $object->errors, 'errors');
$action = '';
$action = 'edit';
}
} else {
$action = 'edit';
@ -550,7 +555,6 @@ if (empty($reshook)) {
$db->commit();
$rowid = $object->id;
$id = $object->id;
$action = '';
} else {
$db->rollback();
@ -559,12 +563,41 @@ if (empty($reshook)) {
} else {
setEventMessages($object->error, $object->errors, 'errors');
}
$action = 'create';
}
} else {
$action = 'create';
// Auto-create thirdparty on member creation
if (!empty($conf->global->ADHERENT_DEFAULT_CREATE_THIRDPARTY)) {
if ($result > 0) {
// User creation
$company = new Societe($db);
$companyalias = '';
$fullname = $object->getFullName($langs);
if ($object->morphy == 'mor') {
$companyname = $object->company;
if (!empty($fullname)) {
$companyalias = $fullname;
}
} else {
$companyname = $fullname;
if (!empty($object->company)) {
$companyalias = $object->company;
}
}
$result = $company->create_from_member($object, $companyname, $companyalias);
if ($result < 0) {
$langs->load("errors");
setEventMessages($langs->trans($company->error), null, 'errors');
setEventMessages($company->error, $company->errors, 'errors');
}
} else {
setEventMessages($object->error, $object->errors, 'errors');
}
}
}
$action = ($result < 0 || !$error) ? '' : 'create';
}
if ($user->rights->adherent->supprimer && $action == 'confirm_delete' && $confirm == 'yes') {

10
htdocs/adherents/class/adherent.class.php
View File

@ -692,7 +692,7 @@ class Adherent extends CommonObject
$sql .= ", datevalid = '".$this->db->idate($this->datevalid)."'"; // Must be modified only when validating a member
}
$sql .= ", fk_user_mod = ".($user->id > 0 ? $user->id : 'null'); // Can be null because member can be create by a guest
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
// If we change the type of membership, we set also label of new type
if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) {
@ -964,7 +964,7 @@ class Adherent extends CommonObject
}
// Remove category
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".((int) $rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -975,7 +975,7 @@ class Adherent extends CommonObject
// Remove subscription
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".((int) $rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1007,7 +1007,7 @@ class Adherent extends CommonObject
// Remove adherent
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".((int) $rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1154,7 +1154,7 @@ class Adherent extends CommonObject
// Set link to user
if ($userid > 0) {
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id);
$sql .= " WHERE rowid = ".$userid;
$sql .= " WHERE rowid = ".((int) $userid);
dol_syslog(get_class($this)."::setUserId", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {

2
htdocs/adherents/class/adherent_type.class.php
View File

@ -425,7 +425,7 @@ class AdherentType extends CommonObject
$error = 0;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {

2
htdocs/adherents/class/adherentstats.class.php
View File

@ -72,7 +72,7 @@ class AdherentStats extends Stats
$this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")";
//if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
if ($this->memberid) {
$this->where .= " AND m.rowid = ".$this->memberid;
$this->where .= " AND m.rowid = ".((int) $this->memberid);
}
//if ($this->userid > 0) $this->where.=' AND fk_user_author = '.$this->userid;
}

2
htdocs/adherents/note.php
View File

@ -97,7 +97,7 @@ if ($id) {
print dol_get_fiche_head($head, 'note', $langs->trans("Member"), -1, 'user');
print "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
$linkback = '<a href="'.DOL_URL_ROOT.'/adherents/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';

4
htdocs/adherents/type_translation.php
View File

@ -15,8 +15,8 @@
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
* or see http://www.gnu.org/
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**

2
htdocs/admin/boxes.php
View File

@ -93,7 +93,7 @@ if ($action == 'add') {
$arrayofexistingboxid = array();
$nbboxonleft = $nbboxonright = 0;
$sql = "SELECT box_id, box_order FROM ".MAIN_DB_PREFIX."boxes";
$sql .= " WHERE position = ".$pos." AND fk_user = ".$fk_user." AND entity = ".$conf->entity;
$sql .= " WHERE position = ".((int) $pos)." AND fk_user = ".((int) $fk_user)." AND entity = ".((int) $conf->entity);
dol_syslog("boxes.php activate box", LOG_DEBUG);
$resql = $db->query($sql);
if ($resql) {

4
htdocs/admin/company.php
View File

@ -288,8 +288,8 @@ if ($action == 'addthumb' || $action == 'addthumbsquarred') { // Regenerate thu
} else {
$error++;
$langs->load("errors");
setEventMessages($langs->trans("ErrorFileDoesNotExists", $_GET["file"]), null, 'errors');
dol_syslog($langs->transnoentities("ErrorFileDoesNotExists", $_GET["file"]), LOG_WARNING);
setEventMessages($langs->trans("ErrorFileDoesNotExists", GETPOST("file")), null, 'errors');
dol_syslog($langs->transnoentities("ErrorFileDoesNotExists", GETPOST("file")), LOG_WARNING);
}
}

8
htdocs/admin/dict.php
View File

@ -1915,10 +1915,10 @@ if ($id) {
$showfield = 0;
} elseif ($fieldlist[$field] == 'unicode') {
$valuetoshow = $langs->getCurrencySymbol($obj->code, 1);
} elseif ($fieldlist[$field] == 'label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') {
} elseif ($fieldlist[$field] == 'label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') {
$langs->load("products");
$valuetoshow = $langs->trans($obj->{$fieldlist[$field]});
} elseif ($fieldlist[$field] == 'short_label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') {
} elseif ($fieldlist[$field] == 'short_label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') {
$langs->load("products");
$valuetoshow = $langs->trans($obj->{$fieldlist[$field]});
} elseif (($fieldlist[$field] == 'unit') && ($tabname[$id] == MAIN_DB_PREFIX.'c_paper_format')) {
@ -2056,7 +2056,7 @@ if ($id) {
if ($id == 4) {
print '<td class="nowrap center">';
if ($iserasable) {
print '<a class="reposition" href="'.$url.'action='.$acts[$obj->favorite].'_favorite">'.$actl[$obj->favorite].'</a>';
print '<a class="reposition" href="'.$url.'action='.$acts[$obj->favorite].'_favorite&token='.newToken().'">'.$actl[$obj->favorite].'</a>';
} else {
print $langs->trans("AlwaysActive");
}
@ -2066,7 +2066,7 @@ if ($id) {
// Active
print '<td class="nowrap center">';
if ($canbedisabled) {
print '<a class="reposition" href="'.$url.'action='.$acts[$obj->active].'">'.$actl[$obj->active].'</a>';
print '<a class="reposition" href="'.$url.'action='.$acts[$obj->active].'&token='.newToken().'">'.$actl[$obj->active].'</a>';
} else {
if (in_array($obj->code, array('AC_OTH', 'AC_OTH_AUTO'))) {
print $langs->trans("AlwaysActive");

6
htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php
View File

@ -7,7 +7,7 @@
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* https://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
@ -16,11 +16,11 @@
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
* needs please refer to https://www.prestashop.com for more information.
*
* @author PrestaShop SA <contact@prestashop.com>
* @copyright 2007-2013 PrestaShop SA
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
* @license https://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
* International Registered Trademark & Property of PrestaShop SA
* PrestaShop Webservice Library
* @package PrestaShopWebservice

36
htdocs/admin/eventorganization.php
View File

@ -52,6 +52,8 @@ $arrayofparameters = array(
'EVENTORGANIZATION_TASK_LABEL'=>array('type'=>'textarea','enabled'=>1),
'EVENTORGANIZATION_CATEG_THIRDPARTY_CONF'=>array('type'=>'category:'.Categorie::TYPE_CUSTOMER, 'enabled'=>1),
'EVENTORGANIZATION_CATEG_THIRDPARTY_BOOTH'=>array('type'=>'category:'.Categorie::TYPE_CUSTOMER, 'enabled'=>1),
//'EVENTORGANIZATION_FILTERATTENDEES_CAT'=>array('type'=>'category:'.Categorie::TYPE_CUSTOMER, 'enabled'=>1),
//'EVENTORGANIZATION_FILTERATTENDEES_TYPE'=>array('type'=>'thirdparty_type:', 'enabled'=>1),
'EVENTORGANIZATION_TEMPLATE_EMAIL_ASK_CONF'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1),
'EVENTORGANIZATION_TEMPLATE_EMAIL_ASK_BOOTH'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1),
'EVENTORGANIZATION_TEMPLATE_EMAIL_AFT_SUBS_BOOTH'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1),
@ -144,7 +146,7 @@ if ($action == 'updateMask') {
}
}
}
} elseif ($action == 'setdoc') {
}/* elseif ($action == 'setdoc') {
// Set or unset default model
$tmpobjectkey = GETPOST('object');
if (!empty($tmpobjectkey)) {
@ -167,7 +169,7 @@ if ($action == 'updateMask') {
$constforval = 'EVENTORGANIZATION_'.strtoupper($tmpobjectkey).'_ADDON_PDF';
dolibarr_del_const($db, $constforval, $conf->entity);
}
}
}*/
@ -177,7 +179,7 @@ if ($action == 'updateMask') {
$form = new Form($db);
$dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']);
//$dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']);
$page_name = "EventOrganizationSetup";
llxHeader('', $langs->trans($page_name));
@ -249,6 +251,10 @@ if ($action == 'edit') {
$tmp = explode(':', $val['type']);
print img_picto('', 'category', 'class="pictofixedwidth"');
print $formother->select_categories($tmp[1], $conf->global->{$constname}, $constname, 0, $langs->trans('CustomersProspectsCategoriesShort'));
} elseif (preg_match('/thirdparty_type/', $val['type'])) {
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
$formcompany = new FormCompany($db);
print $formcompany->selectProspectCustomerType($conf->global->{$constname}, $constname);
} else {
print '<input name="'.$constname.'" class="flat '.(empty($val['css']) ? 'minwidth200' : $val['css']).'" value="'.$conf->global->{$constname}.'">';
}
@ -309,6 +315,16 @@ if ($action == 'edit') {
}
print '<div class="select2-container-multi-dolibarr" style="width: 90%;"><ul class="select2-choices-dolibarr">' . implode(' ', $toprint) . '</ul></div>';
}
} elseif (preg_match('/thirdparty_type/', $val['type'])) {
if ($conf->global->{$constname}==2) {
print $langs->trans("Prospect");
} elseif ($conf->global->{$constname}==3) {
print $langs->trans("ProspectCustomer");
} elseif ($conf->global->{$constname}==1) {
print $langs->trans("Customer");
} elseif ($conf->global->{$constname}==0) {
print $langs->trans("NorProspectNorCustomer");
}
} else {
print $conf->global->{$constname};
}
@ -327,7 +343,7 @@ if ($action == 'edit') {
}
$moduledir = 'eventorganization';
/*$moduledir = 'eventorganization';
$myTmpObjects = array();
$myTmpObjects['MyObject'] = array('includerefgeneration'=>0, 'includedocgeneration'=>0);
@ -337,9 +353,6 @@ foreach ($myTmpObjects as $myTmpObjectKey => $myTmpObjectArray) {
continue;
}
if ($myTmpObjectArray['includerefgeneration']) {
/*
* Orders Numbering model
*/
$setupnotempty++;
print load_fiche_titre($langs->trans("NumberingModules", $myTmpObjectKey), '', '');
@ -444,9 +457,7 @@ foreach ($myTmpObjects as $myTmpObjectKey => $myTmpObjectArray) {
}
if ($myTmpObjectArray['includedocgeneration']) {
/*
* Document templates generators
*/
$setupnotempty++;
$type = strtolower($myTmpObjectKey);
@ -588,10 +599,7 @@ foreach ($myTmpObjects as $myTmpObjectKey => $myTmpObjectArray) {
print '</table>';
}
}
if (empty($setupnotempty)) {
print '<br>'.$langs->trans("NothingToSetup");
}
*/
// Page end
print dol_get_fiche_end();

113
htdocs/admin/eventorganization_confboothattendee_extrafields.php Normal file
View File

@ -0,0 +1,113 @@
<?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2012 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2014 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* \file admin/conferenceorboothattendee_extrafields.php
* \ingroup eventorganization
* \brief Page to setup extra fields of conferenceorboothattendee
*/
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/eventorganization.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
// Load translation files required by the page
$langs->loadLangs(array('eventorganization', 'admin'));
$extrafields = new ExtraFields($db);
$form = new Form($db);
// List of supported format
$tmptype2label = ExtraFields::$type2label;
$type2label = array('');
foreach ($tmptype2label as $key => $val) {
$type2label[$key] = $langs->transnoentitiesnoconv($val);
}
$action = GETPOST('action', 'aZ09');
$attrname = GETPOST('attrname', 'alpha');
$elementtype = 'eventorganization_conferenceorboothattendee'; //Must be the $table_element of the class that manage extrafield
if (!$user->admin) {
accessforbidden();
}
/*
* Actions
*/
require DOL_DOCUMENT_ROOT.'/core/actions_extrafields.inc.php';
/*
* View
*/
llxHeader('', $langs->trans("EventOrganizationSetup"), $help_url);
$linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
print load_fiche_titre($langs->trans("EventOrganizationSetup"), $linkback, 'title_setup');
$head = eventorganizationAdminPrepareHead();
print dol_get_fiche_head($head, 'conferenceorboothattendee_extrafields', $langs->trans("ConferenceOrBoothAttendeeExtraFields"), -1, 'account');
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_view.tpl.php';
print dol_get_fiche_end();
// Buttons
if ($action != 'create' && $action != 'edit') {
print '<div class="tabsAction">';
print "<a class=\"butAction\" href=\"".$_SERVER["PHP_SELF"]."?action=create#newattrib\">".$langs->trans("NewAttribute")."</a>";
print "</div>";
}
/*
* Creation of an optional field
*/
if ($action == 'create') {
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/*
* Edition of an optional field
*/
if ($action == 'edit' && !empty($attrname)) {
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_edit.tpl.php';
}
// End of page
llxFooter();
$db->close();

2
htdocs/admin/external_rss.php
View File

@ -140,7 +140,7 @@ if (GETPOST("delete")) {
$resql = $db->query($sql);
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def";
$sql .= " WHERE rowid = ".$obj->rowid;
$sql .= " WHERE rowid = ".((int) $obj->rowid);
$resql = $db->query($sql);
if (!$resql) {

16
htdocs/admin/menus/index.php
View File

@ -111,13 +111,13 @@ if ($action == 'up') {
}
$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m";
$sql .= " SET m.position = ".$previous['order'];
$sql .= " WHERE m.rowid = ".$current['rowid']; // Up the selected entry
$sql .= " SET m.position = ".((int) $previous['order']);
$sql .= " WHERE m.rowid = ".((int) $current['rowid']); // Up the selected entry
dol_syslog("admin/menus/index.php ".$sql);
$db->query($sql);
$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m";
$sql .= " SET m.position = ".($current['order'] != $previous['order'] ? $current['order'] : $current['order'] + 1);
$sql .= " WHERE m.rowid = ".$previous['rowid']; // Descend celui du dessus
$sql .= " SET m.position = ".((int) ($current['order'] != $previous['order'] ? $current['order'] : $current['order'] + 1));
$sql .= " WHERE m.rowid = ".((int) $previous['rowid']); // Descend celui du dessus
dol_syslog("admin/menus/index.php ".$sql);
$db->query($sql);
} elseif ($action == 'down') {
@ -162,13 +162,13 @@ if ($action == 'up') {
}
$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m";
$sql .= " SET m.position = ".($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1); // Down the selected entry
$sql .= " WHERE m.rowid = ".$current['rowid'];
$sql .= " SET m.position = ".((int) ($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1)); // Down the selected entry
$sql .= " WHERE m.rowid = ".((int) $current['rowid']);
dol_syslog("admin/menus/index.php ".$sql);
$db->query($sql);
$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; // Up the next entry
$sql .= " SET m.position = ".$current['order'];
$sql .= " WHERE m.rowid = ".$next['rowid'];
$sql .= " SET m.position = ".((int) $current['order']);
$sql .= " WHERE m.rowid = ".((int) $next['rowid']);
dol_syslog("admin/menus/index.php ".$sql);
$db->query($sql);
} elseif ($action == 'confirm_delete' && $confirm == 'yes') {

76
htdocs/admin/pdf.php
View File

@ -68,6 +68,20 @@ if ($action == 'update') {
dolibarr_set_const($db, "MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT", GETPOST("MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_TVAINTRA_NOT_IN_ADDRESS", GETPOST("MAIN_TVAINTRA_NOT_IN_ADDRESS"), 'chaine', 0, '', $conf->entity);
if (!empty($conf->projet->enabled)) {
if (GETPOST('PDF_SHOW_PROJECT_REF_OR_LABEL') == 'no') {
dolibarr_del_const($db, "PDF_SHOW_PROJECT", $conf->entity);
dolibarr_del_const($db, "PDF_SHOW_PROJECT_TITLE", $conf->entity);
} elseif (GETPOST('PDF_SHOW_PROJECT_REF_OR_LABEL') == 'showprojectref') {
dolibarr_set_const($db, "PDF_SHOW_PROJECT", GETPOST("PDF_SHOW_PROJECT_REF_OR_LABEL"), 'chaine', 0, '', $conf->entity);
dolibarr_del_const($db, "PDF_SHOW_PROJECT_TITLE", $conf->entity);
} elseif (GETPOST('PDF_SHOW_PROJECT_REF_OR_LABEL') == 'showprojectlabel') {
dolibarr_del_const($db, "PDF_SHOW_PROJECT", $conf->entity);
dolibarr_set_const($db, "PDF_SHOW_PROJECT_TITLE", GETPOST("PDF_SHOW_PROJECT_REF_OR_LABEL"), 'chaine', 0, '', $conf->entity);
}
}
dolibarr_set_const($db, "MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS", GETPOST("MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_GENERATE_DOCUMENTS_HIDE_DESC", GETPOST("MAIN_GENERATE_DOCUMENTS_HIDE_DESC"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_GENERATE_DOCUMENTS_HIDE_REF", GETPOST("MAIN_GENERATE_DOCUMENTS_HIDE_REF"), 'chaine', 0, '', $conf->entity);
@ -290,6 +304,40 @@ print '<tr class="oddeven"><td>'.$langs->trans("MAIN_DOCUMENTS_LOGO_HEIGHT").'</
print '<input type="text" class="maxwidth50" name="MAIN_DOCUMENTS_LOGO_HEIGHT" value="'.(!empty($conf->global->MAIN_DOCUMENTS_LOGO_HEIGHT) ? $conf->global->MAIN_DOCUMENTS_LOGO_HEIGHT : 20).'">';
print '</td></tr>';
// Show project
if (!empty($conf->projet->enabled)) {
print '<tr class="oddeven"><td>'.$langs->trans("PDF_SHOW_PROJECT").'</td><td>';
$tmparray = array('no' => 'No', 'showprojectref' => 'RefProject', 'showprojectlabel' => 'ShowProjectLabel');
$showprojectref = empty($conf->global->PDF_SHOW_PROJECT) ? (empty($conf->global->PDF_SHOW_PROJECT_TITLE) ? 'no' : 'showprojectlabel') : 'showprojectref';
print $form->selectarray('PDF_SHOW_PROJECT_REF_OR_LABEL', $tmparray, $showprojectref, 0, 0, 0, '', 1);
print '</td></tr>';
}
//Invert sender and recipient
print '<tr class="oddeven"><td>'.$langs->trans("SwapSenderAndRecipientOnPDF").'</td><td>';
print $form->selectyesno('MAIN_INVERT_SENDER_RECIPIENT', (!empty($conf->global->MAIN_INVERT_SENDER_RECIPIENT)) ? $conf->global->MAIN_INVERT_SENDER_RECIPIENT : 0, 1);
print '</td></tr>';
// Place customer adress to the ISO location
print '<tr class="oddeven"><td>'.$langs->trans("PlaceCustomerAddressToIsoLocation").'</td><td>';
print $form->selectyesno('MAIN_PDF_USE_ISO_LOCATION', (!empty($conf->global->MAIN_PDF_USE_ISO_LOCATION)) ? $conf->global->MAIN_PDF_USE_ISO_LOCATION : 0, 1);
print '</td></tr>';
// Use 2 languages into PDF
print '<tr class="oddeven"><td>'.$langs->trans("PDF_USE_ALSO_LANGUAGE_CODE").'</td><td>';
//if (! empty($conf->global->MAIN_MULTILANGS))
//{
$selected = GETPOSTISSET('PDF_USE_ALSO_LANGUAGE_CODE') ? GETPOST('PDF_USE_ALSO_LANGUAGE_CODE') : (!empty($conf->global->PDF_USE_ALSO_LANGUAGE_CODE) ? $conf->global->PDF_USE_ALSO_LANGUAGE_CODE : 0);
print $formadmin->select_language($selected, 'PDF_USE_ALSO_LANGUAGE_CODE', 0, null, 1);
//} else {
// print '<span class="opacitymedium">'.$langs->trans("MultiLangNotEnabled").'</span>';
//}
print '</td></tr>';
//Desc
print '<tr class="oddeven"><td>'.$langs->trans("HideDescOnPDF").'</td><td>';
@ -308,38 +356,18 @@ print '<tr class="oddeven"><td>'.$langs->trans("HideDetailsOnPDF").'</td><td>';
print $form->selectyesno('MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS', (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS)) ? $conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS : 0, 1);
print '</td></tr>';
//Invert sender and recipient
// SHOW_SUBPRODUCT_REF_IN_PDF - Option to show the detail of product ref for kits.
print '<tr class="oddeven"><td>'.$langs->trans("SwapSenderAndRecipientOnPDF").'</td><td>';
print $form->selectyesno('MAIN_INVERT_SENDER_RECIPIENT', (!empty($conf->global->MAIN_INVERT_SENDER_RECIPIENT)) ? $conf->global->MAIN_INVERT_SENDER_RECIPIENT : 0, 1);
print '</td></tr>';
// Place customer adress to the ISO location
print '<tr class="oddeven"><td>'.$langs->trans("PlaceCustomerAddressToIsoLocation").'</td><td>';
print $form->selectyesno('MAIN_PDF_USE_ISO_LOCATION', (!empty($conf->global->MAIN_PDF_USE_ISO_LOCATION)) ? $conf->global->MAIN_PDF_USE_ISO_LOCATION : 0, 1);
print '<tr class="oddeven"><td>'.$langs->trans("SHOW_SUBPRODUCT_REF_IN_PDF", $langs->transnoentitiesnoconv("AssociatedProductsAbility"), $langs->transnoentitiesnoconv("Products")).'</td><td>';
print $form->selectyesno('SHOW_SUBPRODUCT_REF_IN_PDF', (!empty($conf->global->SHOW_SUBPRODUCT_REF_IN_PDF)) ? $conf->global->SHOW_SUBPRODUCT_REF_IN_PDF : 0, 1);
print '</td></tr>';
// Show more details in footer
print '<tr class="oddeven"><td>'.$langs->trans("ShowDetailsInPDFPageFoot").'</td><td>';
print $form->selectarray('MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS', $arraydetailsforpdffoot, (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS) ? $conf->global->MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS : 0));
print '</td></tr>';
print '<tr class="oddeven"><td>'.$langs->trans("PDF_USE_ALSO_LANGUAGE_CODE").'</td><td>';
//if (! empty($conf->global->MAIN_MULTILANGS))
//{
$selected = GETPOSTISSET('PDF_USE_ALSO_LANGUAGE_CODE') ? GETPOST('PDF_USE_ALSO_LANGUAGE_CODE') : (!empty($conf->global->PDF_USE_ALSO_LANGUAGE_CODE) ? $conf->global->PDF_USE_ALSO_LANGUAGE_CODE : 0);
print $formadmin->select_language($selected, 'PDF_USE_ALSO_LANGUAGE_CODE', 0, null, 1);
//} else {
// print '<span class="opacitymedium">'.$langs->trans("MultiLangNotEnabled").'</span>';
//}
print '</td></tr>';
// SHOW_SUBPRODUCT_REF_IN_PDF - Option to show the detail of product ref for kits.
print '<tr class="oddeven"><td>'.$langs->trans("SHOW_SUBPRODUCT_REF_IN_PDF", $langs->transnoentitiesnoconv("AssociatedProductsAbility"), $langs->transnoentitiesnoconv("Products")).'</td><td>';
print $form->selectyesno('SHOW_SUBPRODUCT_REF_IN_PDF', (!empty($conf->global->SHOW_SUBPRODUCT_REF_IN_PDF)) ? $conf->global->SHOW_SUBPRODUCT_REF_IN_PDF : 0, 1);
print '</td></tr>';
print '</table>';
print '</div>';

4
htdocs/admin/perms.php
View File

@ -159,8 +159,8 @@ if ($result) {
// TODO Define familyposition
$family = (!empty($modules[$obj->module]->family_position) ? $modules[$obj->module]->family_position : '');
$familyposition = 0;
$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".$modules[$obj->module]->module_position.",";
$sqlupdate .= " family_position = ".$familyposition;
$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".((int) $modules[$obj->module]->module_position).",";
$sqlupdate .= " family_position = ".((int) $familyposition);
$sqlupdate .= " WHERE module_position = 0 AND module = '".$db->escape($obj->module)."'";
$db->query($sqlupdate);
}

2
htdocs/admin/sms.php
View File

@ -156,7 +156,7 @@ asort($listofmethods);
if (!count($listofmethods)) {
$descnosms = $langs->trans("NoSmsEngine", '{Dolistore}');
$descnosms = str_replace('{Dolistore}', '<a href="http://www.dolistore.com/search.php?orderby=position&orderway=desc&search_query=smsmanager">DoliStore</a>', $descnosms);
$descnosms = str_replace('{Dolistore}', '<a href="https://www.dolistore.com/search.php?orderby=position&orderway=desc&search_query=smsmanager">DoliStore</a>', $descnosms);
print '<div class="warning">'.$descnosms.'</div>';
}

11
htdocs/admin/stock.php
View File

@ -673,6 +673,17 @@ if (!empty($conf->global->MAIN_DEFAULT_WAREHOUSE_USER)) {
print "</td>\n";
print "</tr>\n";
}
print '<tr class="oddeven">';
print '<td>'.$langs->trans("WarehouseAskWarehouseOnThirparty").'</td>';
print '<td class="right">';
if ($conf->use_javascript_ajax) {
print ajax_constantonoff('SOCIETE_ASK_FOR_WAREHOUSE');
} else {
$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
print $form->selectarray("SOCIETE_ASK_FOR_WAREHOUSE", $arrval, $conf->global->SOCIETE_ASK_FOR_WAREHOUSE);
}
print '<tr class="oddeven">';
print '<td>'.$langs->trans("WarehouseAskWarehouseDuringPropal").'</td>';
print '<td class="right">';

2
htdocs/admin/translation.php
View File

@ -168,7 +168,7 @@ if ($action == 'add') {
// Delete line from delete picto
if ($action == 'delete') {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".$db->escape($id);
$sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".((int) $id);
$result = $db->query($sql);
if ($result >= 0) {
setEventMessages($langs->trans("RecordDeleted"), null, 'mesgs');

2
htdocs/api/class/api.class.php
View File

@ -237,8 +237,6 @@ class DolibarrApi
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
/**
* Check user access to a resource
*
* Check access by user to a given resource
*
* @param string $resource element to check

22
htdocs/api/class/api_setup.class.php
View File

@ -73,7 +73,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, libelle as label, module";
$sql .= " FROM ".MAIN_DB_PREFIX."c_input_method as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -136,7 +136,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, label, module";
$sql .= " FROM ".MAIN_DB_PREFIX."c_input_reason as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -539,7 +539,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, label";
$sql .= " FROM ".MAIN_DB_PREFIX."c_availability as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -648,7 +648,7 @@ class Setup extends DolibarrApi
$sql = "SELECT id, code, type, libelle as label, module";
$sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
if ($type) {
$sql .= " AND t.type LIKE '%".$this->db->escape($type)."%'";
}
@ -714,7 +714,7 @@ class Setup extends DolibarrApi
$sql = "SELECT id, code, label, accountancy_code, active, module, position";
$sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
if ($module) {
$sql .= " AND t.module LIKE '%".$this->db->escape($module)."%'";
}
@ -778,7 +778,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, element as type, libelle as label, source, module, position";
$sql .= " FROM ".MAIN_DB_PREFIX."c_type_contact as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
if ($type) {
$sql .= " AND type LIKE '%".$this->db->escape($type)."%'";
}
@ -843,7 +843,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, label, module";
$sql .= " FROM ".MAIN_DB_PREFIX."c_civility as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
if ($module) {
$sql .= " AND t.module LIKE '%".$this->db->escape($module)."%'";
}
@ -911,7 +911,7 @@ class Setup extends DolibarrApi
$sql .= " JOIN ".MAIN_DB_PREFIX."multicurrency as m ON m.code=t.code_iso";
$sql .= " JOIN ".MAIN_DB_PREFIX."multicurrency_rate as cr ON (m.rowid = cr.fk_multicurrency)";
}
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
if (!empty($multicurrency)) {
$sql .= " AND m.entity IN (".getEntity('multicurrency').")";
if (!empty($multicurrency) && $multicurrency != 2) {
@ -1242,7 +1242,7 @@ class Setup extends DolibarrApi
//TODO link with multicurrency module
$sql = "SELECT t.rowid, t.code, t.label,t.short_label, t.active, t.scale, t.unit_type";
$sql .= " FROM ".MAIN_DB_PREFIX."c_units as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -1365,7 +1365,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, pos, label, use_default, description";
$sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_category as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -1423,7 +1423,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, pos, label, use_default, color, description";
$sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_severity as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {

2
htdocs/asset/class/asset_type.class.php
View File

@ -238,7 +238,7 @@ class AssetType extends CommonObject
$error = 0;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."asset_type";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {

4
htdocs/bom/bom_note.php
View File

@ -79,8 +79,8 @@ include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include,
$form = new Form($db);
//$help_url='EN:Customers_Orders|FR:Commandes_Clients|ES:Pedidos de clientes';
$help_url = '';
$help_url = 'EN:Module_BOM';
llxHeader('', $langs->trans('BillOfMaterials'), $help_url);
if ($id > 0 || !empty($ref)) {

1
htdocs/bom/tpl/index.html Normal file
View File

@ -0,0 +1 @@

2
htdocs/cashdesk/affContenu.php
View File

@ -26,7 +26,7 @@
require_once 'class/Facturation.class.php';
// Si nouvelle vente, reinitialisation des donnees (destruction de l'objet et vidage de la table contenant la liste des articles)
if ($_GET['id'] == 'NOUV') {
if (GETPOST('id', 'int') == 'NOUV') {
unset($_SESSION['serObjFacturation']);
unset($_SESSION['poscart']);
}

28
htdocs/cashdesk/facturation_verif.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2007-2008 Jeremie Ollivier <jeremie.o@laposte.net>
* Copyright (C) 2008-2010 Laurent Destailleur <eldy@uers.sourceforge.net>
* Copyright (C) 2018 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2018 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -45,14 +45,14 @@ if (empty($user->rights->cashdesk->run)) {
switch ($action) {
default:
if ($_POST['hdnSource'] != 'NULL') {
if (GETPOST('hdnSource') != 'NULL') {
$sql = "SELECT p.rowid, p.ref, p.price, p.tva_tx, p.default_vat_code, p.recuperableonly";
if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) {
$sql .= ", ps.reel";
}
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = ".$conf_fkentrepot;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = ".((int) $conf_fkentrepot);
}
$sql .= " WHERE p.entity IN (".getEntity('product').")";
@ -164,18 +164,18 @@ switch ($action) {
$obj_facturation->vatrate = $vatrate; // Save vat rate (full text vat with code)
// Definition du filtre pour n'afficher que le produit concerne
if ($_POST['hdnSource'] == 'LISTE') {
if (GETPOST('hdnSource') == 'LISTE') {
$filtre = $ret['ref'];
} elseif ($_POST['hdnSource'] == 'REF') {
$filtre = $_POST['txtRef'];
} elseif (GETPOST('hdnSource') == 'REF') {
$filtre = GETPOST('txtRef');
}
$redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation&filtre='.$filtre;
$redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation&filtre='.urlencode($filtre);
} else {
$obj_facturation->raz();
if ($_POST['hdnSource'] == 'REF') {
$redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation&filtre='.$_POST['txtRef'];
if (GETPOST('hdnSource') == 'REF') {
$redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation&filtre='.urlencode(GETPOST('txtRef'));
} else {
$redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation';
}
@ -200,10 +200,10 @@ switch ($action) {
case 'ajout_article':
if (!empty($obj_facturation->id)) { // A product was previously selected and stored in session, so we can add it
dol_syslog("facturation_verif save vat ".$_POST['selTva']);
$obj_facturation->qte($_POST['txtQte']);
$obj_facturation->tva($_POST['selTva']); // id of vat. Saved so we can use it for next product
$obj_facturation->remisePercent($_POST['txtRemise']);
dol_syslog("facturation_verif save vat ".GETPOST('selTva'));
$obj_facturation->qte(GETPOST('txtQte'));
$obj_facturation->tva(GETPOST('selTva')); // id of vat. Saved so we can use it for next product
$obj_facturation->remisePercent(GETPOST('txtRemise'));
$obj_facturation->ajoutArticle(); // This add an entry into $_SESSION['poscart']
// We update prixTotalTtc
}
@ -212,7 +212,7 @@ switch ($action) {
break;
case 'suppr_article':
$obj_facturation->supprArticle($_GET['suppr_id']);
$obj_facturation->supprArticle(GETPOST('suppr_id'));
$redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation';
break;

2
htdocs/cashdesk/validation_verif.php
View File

@ -165,7 +165,7 @@ switch ($action) {
if (empty($cond_reglement_id)) {
$cond_reglement_id = 0; // If cond_reglement_id not found
}
$note .= $_POST['txtaNotes'];
$note .= GETPOST('txtaNotes', 'alphanohtml');
dol_syslog("obj_facturation->getSetPaymentMode()=".$obj_facturation->getSetPaymentMode()." mode_reglement_id=".$mode_reglement_id." cond_reglement_id=".$cond_reglement_id);
$error = 0;

4
htdocs/categories/class/categorie.class.php
View File

@ -604,7 +604,7 @@ class Categorie extends CommonObject
/* FIX #1317 : Check for child category and move up 1 level*/
if (!$error) {
$sql = "UPDATE ".MAIN_DB_PREFIX."categorie";
$sql .= " SET fk_parent = ".$this->fk_parent;
$sql .= " SET fk_parent = ".((int) $this->fk_parent);
$sql .= " WHERE fk_parent = ".$this->id;
if (!$this->db->query($sql)) {
@ -869,7 +869,7 @@ class Categorie extends CommonObject
public function containsObject($type, $object_id)
{
$sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]);
$sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".$object_id;
$sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id);
dol_syslog(get_class($this)."::containsObject", LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {

11
htdocs/comm/action/card.php
View File

@ -80,16 +80,12 @@ $id = GETPOST('id', 'int');
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
$error = GETPOST("error");
$donotclearsession = GETPOST('donotclearsession') ?GETPOST('donotclearsession') : 0;
$cactioncomm = new CActionComm($db);
$object = new ActionComm($db);
$cactioncomm = new CActionComm($db);
$contact = new Contact($db);
$extrafields = new ExtraFields($db);
$formfile = new FormFile($db);
@ -132,6 +128,11 @@ if (!empty($conf->global->AGENDA_REMINDER_EMAIL)) {
$TDurationTypes = array('y'=>$langs->trans('Years'), 'm'=>$langs->trans('Month'), 'w'=>$langs->trans('Weeks'), 'd'=>$langs->trans('Days'), 'h'=>$langs->trans('Hours'), 'i'=>$langs->trans('Minutes'));
$result = restrictedArea($user, 'agenda', $object->id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*
* Actions

6
htdocs/comm/action/class/actioncomm.class.php
View File

@ -407,7 +407,7 @@ class ActionComm extends CommonObject
// Check parameters
if (!isset($this->userownerid) || $this->userownerid === '') { // $this->userownerid may be 0 (anonymous event) of > 0
dol_syslog("You tried to create an event but mandatory property ownerid was not defined", LOG_WARNING);
$this->errors[] = 'ErrorPropertyUserowneridNotDefined';
$this->errors[] = 'ErrorActionCommPropertyUserowneridNotDefined';
return -1;
}
@ -478,7 +478,7 @@ class ActionComm extends CommonObject
$this->type_id = $cactioncomm->id;
$this->type_code = $cactioncomm->code;
} elseif ($result == 0) {
$this->error = 'Failed to get record with id '.$this->type_id.' code '.$this->type_code.' from dictionary "type of events"';
$this->error = $langs->trans('ErrorActionCommBadType', $this->type_id, $this->type_code);
return -1;
} else {
$this->error = $cactioncomm->error;
@ -1367,7 +1367,7 @@ class ActionComm extends CommonObject
$sql .= ' fk_user_author,';
$sql .= ' fk_user_mod';
$sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a';
$sql .= ' WHERE a.id = '.$id;
$sql .= ' WHERE a.id = '.((int) $id);
dol_syslog(get_class($this)."::info", LOG_DEBUG);
$result = $this->db->query($sql);

8
htdocs/comm/action/document.php
View File

@ -54,7 +54,6 @@ if ($user->socid > 0) {
unset($_GET["action"]);
$action = '';
}
$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
$object = new ActionComm($db);
@ -84,10 +83,16 @@ if (!$sortfield) {
$upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref);
$modulepart = 'actions';
$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*
* Actions
*/
include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
@ -98,6 +103,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
$form = new Form($db);
$help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:M&omodulodulo_Agenda';
llxHeader('', $langs->trans("Agenda"), $help_url);

6
htdocs/comm/action/index.php
View File

@ -79,7 +79,6 @@ $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOS
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($socid < 0) {
$socid = '';
}
@ -155,6 +154,11 @@ $langs->loadLangs(array('agenda', 'other', 'commercial'));
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('agenda'));
$result = restrictedArea($user, 'agenda', 0, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*
* Actions

3
htdocs/comm/action/info.php
View File

@ -45,6 +45,9 @@ if ($user->socid > 0) {
}
$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*

7
htdocs/comm/action/list.php
View File

@ -128,7 +128,6 @@ $socid = GETPOST("search_socid", 'int') ?GETPOST("search_socid", 'int') : GETPOS
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($socid < 0) {
$socid = '';
}
@ -165,7 +164,11 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php';
$object->fields = dol_sort_array($object->fields, 'position');
$arrayfields = dol_sort_array($arrayfields, 'position');
//var_dump($_POST);exit;
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*
* Actions

6
htdocs/comm/action/pertype.php
View File

@ -75,7 +75,6 @@ $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOS
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($socid < 0) {
$socid = '';
}
@ -170,6 +169,11 @@ $langs->loadLangs(array('users', 'agenda', 'other', 'commercial'));
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('agenda'));
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*
* Actions

7
htdocs/comm/action/peruser.php
View File

@ -71,12 +71,10 @@ if (!$sortfield) {
$sortfield = "a.datec";
}
// Security check
$socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOST("socid", "int");
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($socid < 0) {
$socid = '';
}
@ -177,6 +175,11 @@ $langs->loadLangs(array('users', 'agenda', 'other', 'commercial'));
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('agenda'));
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*
* Actions

5
htdocs/comm/action/rapport/index.php
View File

@ -59,7 +59,10 @@ $socid = GETPOST('socid', 'int');
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'agenda', $socid, '', 'myactions');
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*

5
htdocs/comm/admin/propaldet_extrafields.php
View File

@ -31,11 +31,6 @@ require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
if (!$user->admin) {
accessforbidden();
}
// Load translation files required by the page
$langs->loadlangs(array('admin', 'other', 'propal'));

29
htdocs/comm/card.php
View File

@ -88,15 +88,10 @@ if (!empty($conf->notification->enabled)) {
$langs->load("mails");
}
// Security check
$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int'));
if ($user->socid > 0) {
$id = $user->socid;
}
$result = restrictedArea($user, 'societe', $id, '&societe');
$action = GETPOST('action', 'aZ09');
$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int'));
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
@ -124,15 +119,6 @@ $extrafields->fetch_name_optionals_label($object->table_element);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('thirdpartycomm', 'globalcard'));
// Security check
$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
if ($object->id > 0) {
if (!($object->client > 0) || empty($user->rights->societe->lire)) {
accessforbidden();
}
}
$now = dol_now();
if ($id > 0 && empty($object->id)) {
@ -142,6 +128,17 @@ if ($id > 0 && empty($object->id)) {
dol_print_error($db, $object->error, $object->errors);
}
}
if ($object->id > 0) {
if (!($object->client > 0) || empty($user->rights->societe->lire)) {
accessforbidden();
}
}
// Security check
if ($user->socid > 0) {
$id = $user->socid;
}
$result = restrictedArea($user, 'societe', $object->id, '&societe', '', 'fk_soc', 'rowid', 0);
/*

1
htdocs/comm/contact.php
View File

@ -54,6 +54,7 @@ $begin = GETPOST('begin', 'alpha');
// Security check
$socid = GETPOST('socid', 'int');
if ($user->socid) {
$action = '';
$socid = $user->socid;
}
$result = restrictedArea($user, 'societe', $socid, '');

15
htdocs/comm/index.php
View File

@ -29,10 +29,6 @@
require '../main.inc.php';
if (!$user->rights->societe->lire) {
accessforbidden();
}
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php';
require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
@ -63,10 +59,21 @@ if (isset($user->socid) && $user->socid > 0) {
$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
$now = dol_now();
// Security check
$socid = GETPOST("socid", 'int');
if ($user->socid > 0) {
$action = '';
$id = $user->socid;
}
restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
/*
* Actions
*/
// None
/*
* View

11
htdocs/comm/mailing/advtargetemailing.php
View File

@ -42,11 +42,6 @@ if (!empty($conf->categorie->enabled)) {
$langs->load("categories");
}
// Security check
if (!$user->rights->mailing->lire || $user->socid > 0) {
accessforbidden();
}
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'aZ09comma');
@ -99,6 +94,12 @@ if ($result < 0) {
}
}
// Security check
if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
accessforbidden();
}
//$result = restrictedArea($user, 'mailing');
/*
* Actions

10
htdocs/comm/mailing/card.php
View File

@ -40,10 +40,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
// Load translation files required by the page
$langs->load("mails");
if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
accessforbidden();
}
$id = (GETPOST('mailid', 'int') ? GETPOST('mailid', 'int') : GETPOST('id', 'int'));
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel');
@ -80,6 +76,10 @@ $listofmethods = array();
$listofmethods['mail'] = 'PHP mail function';
$listofmethods['smtps'] = 'SMTP/SMTPS socket library';
// Security check
if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
accessforbidden();
}
/*
@ -149,7 +149,7 @@ if (empty($reshook)) {
// or sent in error (statut=-1)
$sql = "SELECT mc.rowid, mc.fk_mailing, mc.lastname, mc.firstname, mc.email, mc.other, mc.source_url, mc.source_id, mc.source_type, mc.tag";
$sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc";
$sql .= " WHERE mc.statut < 1 AND mc.fk_mailing = ".$object->id;
$sql .= " WHERE mc.statut < 1 AND mc.fk_mailing = ".((int) $object->id);
$sql .= " ORDER BY mc.statut DESC"; // first status 0, then status -1
dol_syslog("card.php: select targets", LOG_DEBUG);

13
htdocs/comm/mailing/cibles.php
View File

@ -35,12 +35,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
// Load translation files required by the page
$langs->load("mails");
// Security check
if (!$user->rights->mailing->lire || $user->socid > 0) {
accessforbidden();
}
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'aZ09comma');
@ -75,6 +69,13 @@ $object = new Mailing($db);
$result = $object->fetch($id);
// Security check
if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
accessforbidden();
}
//$result = restrictedArea($user, 'mailing');
/*
* Actions
*/

8
htdocs/comm/mailing/class/advtargetemailing.class.php
View File

@ -284,9 +284,9 @@ class AdvanceTargetingMailing extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t";
if (!empty($id)) {
$sql .= " WHERE t.fk_element = ".$id." AND type_element='mailing'";
$sql .= " WHERE t.fk_element = ".((int) $id)." AND type_element = 'mailing'";
} else {
$sql .= " WHERE t.fk_element = ".$this->fk_element." AND type_element='mailing'";
$sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = 'mailing'";
}
dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);
@ -347,9 +347,9 @@ class AdvanceTargetingMailing extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t";
if (!empty($id)) {
$sql .= " WHERE t.fk_element = ".$id." AND type_element='$type_element'";
$sql .= " WHERE t.fk_element = ".((int) $id)." AND type_element = '".$this->db->escape($type_element)."'";
} else {
$sql .= " WHERE t.fk_element = ".$this->fk_element." AND type_element='$type_element'";
$sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = '".$this->db->escape($type_element)."'";
}
dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);

4
htdocs/comm/mailing/class/mailing.class.php
View File

@ -427,7 +427,7 @@ class Mailing extends CommonObject
$sql .= " source_id ,";
$sql .= " source_type";
$sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles";
$sql .= " WHERE fk_mailing = ".$fromid;
$sql .= " WHERE fk_mailing = ".((int) $fromid);
$result = $this->db->query($sql);
if ($result) {
@ -499,7 +499,7 @@ class Mailing extends CommonObject
public function delete($rowid)
{
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing";
$sql .= " WHERE rowid = ".$rowid;
$sql .= " WHERE rowid = ".((int) $rowid);
dol_syslog("Mailing::delete", LOG_DEBUG);
$resql = $this->db->query($sql);

3
htdocs/comm/mailing/info.php
View File

@ -33,9 +33,10 @@ $id = GETPOST('id', 'int');
$langs->load("mails");
// Security check
if (!$user->rights->mailing->lire || $user->socid > 0) {
if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
accessforbidden();
}
//$result = restrictedArea($user, 'mailing');

8
htdocs/comm/mailing/list.php
View File

@ -28,9 +28,6 @@ require_once DOL_DOCUMENT_ROOT.'/comm/mailing/class/mailing.class.php';
// Load translation files required by the page
$langs->load("mails");
// Security check
$result = restrictedArea($user, 'mailing');
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
@ -69,6 +66,11 @@ $fieldstosearchall = array(
'm.titre'=>'Ref',
);
// Security check
if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
accessforbidden();
}
//$result = restrictedArea($user, 'mailing');

12
htdocs/comm/multiprix.php
View File

@ -40,15 +40,23 @@ if ($user->socid > 0) {
$_socid = $user->socid;
}
// Security check
$socid = GETPOST("socid", 'int');
if ($user->socid > 0) {
$action = '';
$id = $user->socid;
}
$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
/*
* Actions
*/
if ($action == 'setpricelevel') {
if ($action == 'setpricelevel' && $user->rights->societe->creer) {
$soc = new Societe($db);
$soc->fetch($id);
$soc->set_price_level(GETPOST("price_level"), $user);
$soc->setPriceLevel(GETPOST("price_level"), $user);
header("Location: multiprix.php?id=".$id);
exit;

18
htdocs/comm/propal/card.php
View File

@ -89,12 +89,6 @@ $hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref', 'int') : (!empty($con
// Nombre de ligne pour choix de produit/service predefinis
$NBLINES = 4;
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'propal', $id);
$object = new Propal($db);
$extrafields = new ExtraFields($db);
@ -134,6 +128,14 @@ $permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc
$permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php
$permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;
$object->id = $user->socid;
}
restrictedArea($user, 'propal', $object->id);
/*
* Actions
*/
@ -642,7 +644,7 @@ if (empty($reshook)) {
if ($object->statut == $object::STATUS_VALIDATED) {
$db->begin();
$result = $object->cloture($user, GETPOST('statut', 'int'), GETPOST('note_private', 'restricthtml'));
$result = $object->signature($user, GETPOST('statut', 'int'), GETPOST('note_private', 'restricthtml'));
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
$error++;
@ -1586,7 +1588,7 @@ if ($action == 'create') {
// Contacts (ask contact only if thirdparty already defined).
print "<tr><td>".$langs->trans("DefaultContact").'</td><td>';
print img_picto('', 'contact');
print $form->selectcontacts($soc->id, $contactid, 'contactid', 1, $srccontactslist);
print $form->selectcontacts($soc->id, $contactid, 'contactid', 1, '', '', 0, 'minwidth300');
print '</td></tr>';
// Third party discounts info line

150
htdocs/comm/propal/class/propal.class.php
View File

@ -140,6 +140,16 @@ class Propal extends CommonObject
*/
public $date_validation;
/**
* @var integer|string $date_signature;
*/
public $date_signature;
/**
* @var User $user_signature
*/
public $user_signature;
/**
* @var integer|string date of the quote;
*/
@ -1232,7 +1242,7 @@ class Propal extends CommonObject
/*if (! $error && $this->fk_delivery_address)
{
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql.= " SET fk_delivery_address = ".$this->fk_delivery_address;
$sql.= " SET fk_delivery_address = ".((int) $this->fk_delivery_address);
$sql.= " WHERE ref = '".$this->db->escape($this->ref)."'";
$sql.= " AND entity = ".setEntity($this);
@ -2203,7 +2213,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
$sql .= " SET fk_input_reason = ".$id;
$sql .= " SET fk_input_reason = ".((int) $id);
$sql .= " WHERE rowid = ".$this->id;
dol_syslog(__METHOD__, LOG_DEBUG);
@ -2322,13 +2332,13 @@ class Propal extends CommonObject
$remise = trim($remise) ?trim($remise) : 0;
if (!empty($user->rights->propal->creer)) {
$remise = price2num($remise);
$remise = price2num($remise, 2);
$error = 0;
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".$remise;
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise);
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
@ -2380,17 +2390,18 @@ class Propal extends CommonObject
public function set_remise_absolue($user, $remise, $notrigger = 0)
{
// phpcs:enable
$remise = trim($remise) ?trim($remise) : 0;
if (empty($remise)) {
$remise = 0;
}
$remise = price2num($remise);
if (!empty($user->rights->propal->creer)) {
$remise = price2num($remise);
$error = 0;
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
$sql .= " SET remise_absolue = ".$remise;
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET remise_absolue = ".((float) $remise);
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
@ -2435,19 +2446,17 @@ class Propal extends CommonObject
* Reopen the commercial proposal
*
* @param User $user Object user that close
* @param int $statut Statut
* @param int $status Status
* @param string $note Comment
* @param int $notrigger 1=Does not execute triggers, 0= execute triggers
* @return int <0 if KO, >0 if OK
*/
public function reopen($user, $statut, $note = '', $notrigger = 0)
public function reopen($user, $status, $note = '', $notrigger = 0)
{
$this->statut = $statut;
$error = 0;
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".$this->statut.",";
$sql .= " SET fk_statut = ".$status.",";
if (!empty($note)) {
$sql .= " note_private = '".$this->db->escape($note)."',";
}
@ -2484,11 +2493,105 @@ class Propal extends CommonObject
$this->db->rollback();
return -1 * $error;
} else {
$this->statut = $status;
$this->status = $status;
$this->db->commit();
return 1;
}
}
/**
* Sign the commercial proposal
*
* @param User $user Object user that close
* @param int $statut Status
* @param string $note Complete private note with this note
* @param int $notrigger 1=Does not execute triggers, 0=Execute triggers
* @return int <0 if KO, >0 if OK
*/
public function signature($user, $statut, $note = '', $notrigger = 0)
{
global $langs,$conf;
$error = 0;
$now = dol_now();
$this->db->begin();
$newprivatenote = dol_concatdesc($this->note_private, $note);
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".$statut.", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id;
$sql .= " WHERE rowid = ".$this->id;
$resql = $this->db->query($sql);
if ($resql) {
$modelpdf = $conf->global->PROPALE_ADDON_PDF_ODT_CLOSED ? $conf->global->PROPALE_ADDON_PDF_ODT_CLOSED : $this->model_pdf;
$trigger_name = 'PROPAL_CLOSE_REFUSED';
if ($statut == self::STATUS_SIGNED) {
$trigger_name = 'PROPAL_CLOSE_SIGNED';
$modelpdf = $conf->global->PROPALE_ADDON_PDF_ODT_TOBILL ? $conf->global->PROPALE_ADDON_PDF_ODT_TOBILL:$this->model_pdf;
// The connected company is classified as a client
$soc=new Societe($this->db);
$soc->id = $this->socid;
$result = $soc->set_as_client();
if ($result < 0) {
$this->error=$this->db->lasterror();
$this->db->rollback();
return -2;
}
}
if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) {
// Define output language
$outputlangs = $langs;
if (!empty($conf->global->MAIN_MULTILANGS)) {
$outputlangs = new Translate("", $conf);
$newlang = (GETPOST('lang_id', 'aZ09') ? GETPOST('lang_id', 'aZ09') : $this->thirdparty->default_lang);
$outputlangs->setDefaultLang($newlang);
}
//$ret=$object->fetch($id); // Reload to get new records
$this->generateDocument($modelpdf, $outputlangs);
}
if (!$error) {
$this->oldcopy= clone $this;
$this->statut = $statut;
$this->date_signature = $now;
$this->note_private = $newprivatenote;
}
if (!$notrigger && empty($error)) {
// Call trigger
$result=$this->call_trigger($trigger_name, $user);
if ($result < 0) {
$error++;
}
// End call triggers
}
if (!$error ) {
$this->db->commit();
return 1;
} else {
$this->statut = $this->oldcopy->statut;
$this->date_signature = $this->oldcopy->date_signature;
$this->note_private = $this->oldcopy->note_private;
$this->db->rollback();
return -1;
}
} else {
$this->error=$this->db->lasterror();
$this->db->rollback();
return -1;
}
}
/**
* Close the commercial proposal
@ -2511,7 +2614,7 @@ class Propal extends CommonObject
$newprivatenote = dol_concatdesc($this->note_private, $note);
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".$status.", note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id;
$sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id;
$sql .= " WHERE rowid = ".$this->id;
$resql = $this->db->query($sql);
@ -2884,7 +2987,7 @@ class Propal extends CommonObject
// Delete extrafields of lines and lines
if (!$error && !empty($this->table_element_line)) {
$tabletodelete = $this->table_element_line;
$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")";
$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")";
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id;
if (!$this->db->query($sqlef) || !$this->db->query($sql)) {
$error++;
@ -2995,7 +3098,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'propal';
$sql .= ' SET fk_availability = '.$availability_id;
$sql .= ' SET fk_availability = '.((int) $availability_id);
$sql .= ' WHERE rowid='.((int) $this->id);
dol_syslog(__METHOD__.' availability('.$availability_id.')', LOG_DEBUG);
@ -3059,7 +3162,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'propal';
$sql .= ' SET fk_input_reason = '.$demand_reason_id;
$sql .= ' SET fk_input_reason = '.((int) $demand_reason_id);
$sql .= ' WHERE rowid='.((int) $this->id);
dol_syslog(__METHOD__.' demand_reason('.$demand_reason_id.')', LOG_DEBUG);
@ -3113,8 +3216,8 @@ class Propal extends CommonObject
public function info($id)
{
$sql = "SELECT c.rowid, ";
$sql .= " c.datec, c.date_valid as datev, c.date_cloture as dateo,";
$sql .= " c.fk_user_author, c.fk_user_valid, c.fk_user_cloture";
$sql .= " c.datec, c.date_valid as datev, c.date_signature, c.date_cloture as dateo,";
$sql .= " c.fk_user_author, c.fk_user_valid, c.fk_user_signature, c.fk_user_cloture";
$sql .= " FROM ".MAIN_DB_PREFIX."propal as c";
$sql .= " WHERE c.rowid = ".((int) $id);
@ -3128,6 +3231,7 @@ class Propal extends CommonObject
$this->date_creation = $this->db->jdate($obj->datec);
$this->date_validation = $this->db->jdate($obj->datev);
$this->date_signature = $this->db->jdate($obj->date_signature);
$this->date_cloture = $this->db->jdate($obj->dateo);
$cuser = new User($this->db);
@ -3140,6 +3244,12 @@ class Propal extends CommonObject
$this->user_validation = $vuser;
}
if ($obj->fk_user_signature) {
$user_signature = new User($this->db);
$user_signature->fetch($obj->fk_user_signature);
$this->user_signature = $user_signature;
}
if ($obj->fk_user_cloture) {
$cluser = new User($this->db);
$cluser->fetch($obj->fk_user_cloture);

6
htdocs/comm/propal/class/propalestats.class.php
View File

@ -100,18 +100,18 @@ class PropaleStats extends Stats
$this->where .= " AND p.fk_soc = ".$this->socid;
}
if ($this->userid > 0) {
$this->where .= ' AND fk_user_author = '.$this->userid;
$this->where .= ' AND fk_user_author = '.((int) $this->userid);
}
if ($typentid) {
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = p.fk_soc';
$this->where .= ' AND s.fk_typent = '.$typentid;
$this->where .= ' AND s.fk_typent = '.((int) $typentid);
}
if ($categid) {
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = p.fk_soc';
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie';
$this->where .= ' AND c.rowid = '.$categid;
$this->where .= ' AND c.rowid = '.((int) $categid);
}
}

13
htdocs/comm/propal/contact.php
View File

@ -40,12 +40,6 @@ $ref = GETPOST('ref', 'alpha');
$lineid = GETPOST('lineid', 'int');
$action = GETPOST('action', 'aZ09');
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'propal', $id);
$object = new Propal($db);
// Load object
@ -67,6 +61,13 @@ if (!$error) {
exit;
}
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;
$object->id = $user->socid;
}
restrictedArea($user, 'propal', $object->id);
/*
* Add a new contact

7
htdocs/comm/propal/document.php
View File

@ -80,6 +80,13 @@ if (!$sortfield) {
$object = new Propal($db);
$object->fetch($id, $ref);
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;
$object->id = $user->socid;
}
restrictedArea($user, 'propal', $object->id);
/*
* Actions

19
htdocs/comm/propal/index.php
View File

@ -26,15 +26,6 @@
*/
require '../../main.inc.php';
// Security check
$socid = GETPOST('socid', 'int');
if (isset($user->socid) && $user->socid > 0) {
$action = '';
$socid = $user->socid;
}
restrictedArea($user, 'propal');
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
@ -48,9 +39,19 @@ $langs->loadLangs(array('propal', 'companies'));
$now = dol_now();
$max = 5;
// Security check
$socid = GETPOST('socid', 'int');
if (isset($user->socid) && $user->socid > 0) {
$action = '';
$socid = $user->socid;
}
restrictedArea($user, 'propal');
/*
* View
*/
$propalstatic = new Propal($db);
$companystatic = new Societe($db);
$form = new Form($db);

12
htdocs/comm/propal/info.php
View File

@ -39,18 +39,18 @@ $id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alpha');
$socid = GETPOST('socid', 'int');
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'propal', $id);
$object = new Propal($db);
if (!$object->fetch($id, $ref) > 0) {
dol_print_error($db);
exit;
}
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;
$object->id = $user->socid;
}
restrictedArea($user, 'propal', $object->id);
/*

140
htdocs/comm/propal/note.php
View File

@ -40,13 +40,19 @@ $id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alpha');
$action = GETPOST('action', 'aZ09');
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'propale', $id, 'propal');
$now = dol_now();
$object = new Propal($db);
if ($id > 0 || !empty($ref)) {
$object->fetch($id, $ref);
}
// Security check
if ($user->socid > 0) {
$socid = $user->socid;
$object->id = $user->socid;
}
restrictedArea($user, 'propal', $object->id, 'propal');
/*
@ -63,86 +69,78 @@ include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include,
* View
*/
$form = new Form($db);
$help_url = 'EN:Commercial_Proposals|FR:Proposition_commerciale|ES:Presupuestos';
llxHeader('', $langs->trans('Proposal'), $help_url);
$form = new Form($db);
if ($object->id > 0) {
if ($object->fetch_thirdparty() > 0) {
$head = propal_prepare_head($object);
print dol_get_fiche_head($head, 'note', $langs->trans('Proposal'), -1, 'propal');
if ($id > 0 || !empty($ref)) {
if ($mesg) {
print $mesg;
}
$now = dol_now();
if ($object->fetch($id, $ref) > 0) {
if ($object->fetch_thirdparty() > 0) {
$head = propal_prepare_head($object);
print dol_get_fiche_head($head, 'note', $langs->trans('Proposal'), -1, 'propal');
$cssclass = 'titlefield';
//if ($action == 'editnote_public') $cssclass='titlefieldcreate';
//if ($action == 'editnote_private') $cssclass='titlefieldcreate';
$cssclass = 'titlefield';
//if ($action == 'editnote_public') $cssclass='titlefieldcreate';
//if ($action == 'editnote_private') $cssclass='titlefieldcreate';
// Proposal card
// Proposal card
$linkback = '<a href="'.DOL_URL_ROOT.'/comm/propal/list.php?restore_lastsearch_values=1'.(!empty($socid) ? '&socid='.$socid : '').'">'.$langs->trans("BackToList").'</a>';
$linkback = '<a href="'.DOL_URL_ROOT.'/comm/propal/list.php?restore_lastsearch_values=1'.(!empty($socid) ? '&socid='.$socid : '').'">'.$langs->trans("BackToList").'</a>';
$morehtmlref = '<div class="refidno">';
// Ref customer
$morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1);
$morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1);
// Thirdparty
$morehtmlref .= '<br>'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1);
// Project
if (!empty($conf->projet->enabled)) {
$langs->load("projects");
$morehtmlref .= '<br>'.$langs->trans('Project').' ';
if ($user->rights->propal->creer) {
if ($action != 'classify') {
//$morehtmlref.='<a class="editfielda" href="' . $_SERVER['PHP_SELF'] . '?action=classify&amp;id=' . $object->id . '">' . img_edit($langs->transnoentitiesnoconv('SetProject')) . '</a>';
$morehtmlref .= ' : ';
}
if ($action == 'classify') {
//$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1);
$morehtmlref .= '<form method="post" action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'">';
$morehtmlref .= '<input type="hidden" name="action" value="classin">';
$morehtmlref .= '<input type="hidden" name="token" value="'.newToken().'">';
$morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1);
$morehtmlref .= '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
$morehtmlref .= '</form>';
} else {
$morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1);
}
$morehtmlref = '<div class="refidno">';
// Ref customer
$morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1);
$morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1);
// Thirdparty
$morehtmlref .= '<br>'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1);
// Project
if (!empty($conf->projet->enabled)) {
$langs->load("projects");
$morehtmlref .= '<br>'.$langs->trans('Project').' ';
if ($user->rights->propal->creer) {
if ($action != 'classify') {
//$morehtmlref.='<a class="editfielda" href="' . $_SERVER['PHP_SELF'] . '?action=classify&amp;id=' . $object->id . '">' . img_edit($langs->transnoentitiesnoconv('SetProject')) . '</a>';
$morehtmlref .= ' : ';
}
if ($action == 'classify') {
//$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1);
$morehtmlref .= '<form method="post" action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'">';
$morehtmlref .= '<input type="hidden" name="action" value="classin">';
$morehtmlref .= '<input type="hidden" name="token" value="'.newToken().'">';
$morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1);
$morehtmlref .= '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
$morehtmlref .= '</form>';
} else {
if (!empty($object->fk_project)) {
$proj = new Project($db);
$proj->fetch($object->fk_project);
$morehtmlref .= '<a href="'.DOL_URL_ROOT.'/projet/card.php?id='.$object->fk_project.'" title="'.$langs->trans('ShowProject').'">';
$morehtmlref .= $proj->ref;
$morehtmlref .= '</a>';
} else {
$morehtmlref .= '';
}
$morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1);
}
} else {
if (!empty($object->fk_project)) {
$proj = new Project($db);
$proj->fetch($object->fk_project);
$morehtmlref .= '<a href="'.DOL_URL_ROOT.'/projet/card.php?id='.$object->fk_project.'" title="'.$langs->trans('ShowProject').'">';
$morehtmlref .= $proj->ref;
$morehtmlref .= '</a>';
} else {
$morehtmlref .= '';
}
}
$morehtmlref .= '</div>';
dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
print '<div class="fichecenter">';
print '<div class="underbanner clearboth"></div>';
$cssclass = "titlefield";
include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php';
print '</div>';
print dol_get_fiche_end();
}
$morehtmlref .= '</div>';
dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
print '<div class="fichecenter">';
print '<div class="underbanner clearboth"></div>';
$cssclass = "titlefield";
include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php';
print '</div>';
print dol_get_fiche_end();
}
}

13
htdocs/comm/propal/stats/index.php
View File

@ -38,12 +38,6 @@ $WIDTH = DolGraph::getDefaultGraphSizeForStats('width');
$HEIGHT = DolGraph::getDefaultGraphSizeForStats('height');
$mode = GETPOSTISSET("mode") ? GETPOST("mode", 'aZ09') : 'customer';
if ($mode == 'customer' && !$user->rights->propale->lire) {
accessforbidden();
}
if ($mode == 'supplier' && !$user->rights->supplier_proposal->lire) {
accessforbidden();
}
$object_status = GETPOST('object_status', 'intcomma');
$typent_id = GETPOST('typent_id', 'int');
@ -66,6 +60,13 @@ $endyear = $year;
// Load translation files required by the page
$langs->loadLangs(array('orders', 'companies', 'other', 'suppliers', 'supplier_proposal'));
if ($mode == 'customer' && !$user->rights->propale->lire) {
accessforbidden();
}
if ($mode == 'supplier' && !$user->rights->supplier_proposal->lire) {
accessforbidden();
}
/*
* View

10
htdocs/comm/prospect/index.php
View File

@ -30,11 +30,19 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php';
// Load translation files required by the page
$langs->load("propal");
if ($user->socid > 0) {
$socid = $user->socid;
}
// Security check
$socid = GETPOST('socid', 'int');
if ($user->socid) {
$action = '';
$socid = $user->socid;
}
$result = restrictedArea($user, 'propal', $socid, '');
/*
* View

90
htdocs/comm/prospect/recap-prospect.php
View File

@ -1,90 +0,0 @@
<?php
/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/comm/prospect/recap-prospect.php
* \ingroup societe
* \brief Page with prospect summary
*/
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
// Load translation files required by the page
$langs->loadLangs(array('companies', 'other'));
if (!empty($conf->facture->enabled)) {
$langs->load("bills");
}
// Security check
$socid = GETPOST("socid", 'int');
if ($user->socid > 0) {
$action = '';
$socid = $user->socid;
}
/*
* View
*/
llxHeader();
if ($socid > 0) {
$societe = new Societe($db);
$societe->fetch($socid);
/*
* Affichage onglets
*/
$head = societe_prepare_head($societe);
print dol_get_fiche_head($head, 'prospect', $langs->trans("ThirdParty"), 0, 'company');
print "<table width=\"100%\">\n";
print '<tr><td valign="top" width="50%">';
print '<table class="border centpercent">';
// Name
print '<tr><td width="20%">'.$langs->trans("Thirdpary").'</td><td width="80%" colspan="3">'.$societe->getNomUrl(1).'</td></tr>';
// Prefix
if (!empty($conf->global->SOCIETE_USEPREFIX)) { // Old not used prefix field
print '<tr><td>'.$langs->trans("Prefix").'</td><td colspan="3">';
print ($societe->prefix_comm ? $societe->prefix_comm : '&nbsp;');
print '</td></tr>';
}
print "</table>";
print "</td></tr></table>\n";
print '</div>';
print $langs->trans("FeatureNotYetAvailable");
} else {
dol_print_error($db);
}
// End of page
llxFooter();
$db->close();

6
htdocs/comm/recap-client.php
View File

@ -33,12 +33,12 @@ if (!empty($conf->facture->enabled)) {
}
// Security check
$socid = $_GET["socid"];
$socid = GETPOST("socid", 'int');
if ($user->socid > 0) {
$action = '';
$socid = $user->socid;
$id = $user->socid;
}
$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
/*

9
htdocs/comm/remise.php
View File

@ -66,7 +66,7 @@ if (GETPOST('action', 'aZ09') == 'setremise') {
header("Location: ".$backtopage);
exit;
} else {
header("Location: remise.php?id=".$_GET["id"]);
header("Location: remise.php?id=".GETPOST("id", 'int'));
exit;
}
} else {
@ -74,6 +74,12 @@ if (GETPOST('action', 'aZ09') == 'setremise') {
}
}
// Security check
if ($user->socid > 0) {
$id = $user->socid;
}
$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
/*
* View
@ -83,7 +89,6 @@ $form = new Form($db);
llxHeader();
/*********************************************************************************
*
* Mode fiche

18
htdocs/comm/remx.php
View File

@ -46,6 +46,12 @@ if ($user->socid > 0) {
$socid = $user->socid;
}
// Security check
if ($user->socid > 0) {
$id = $user->socid;
}
$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
/*
* Actions
@ -56,7 +62,7 @@ if (GETPOST('cancel', 'alpha') && !empty($backtopage)) {
exit;
}
if ($action == 'confirm_split' && GETPOST("confirm", "alpha") == 'yes') {
if ($action == 'confirm_split' && GETPOST("confirm", "alpha") == 'yes' && $user->rights->societe->creer) {
//if ($user->rights->societe->creer)
//if ($user->rights->facture->creer)
@ -186,7 +192,7 @@ if ($action == 'setremise' && $user->rights->societe->creer) {
}
}
if (GETPOST('action', 'aZ09') == 'confirm_remove' && GETPOST("confirm") == 'yes') {
if (GETPOST('action', 'aZ09') == 'confirm_remove' && GETPOST("confirm") == 'yes' && $user->rights->societe->creer) {
//if ($user->rights->societe->creer)
//if ($user->rights->facture->creer)
@ -481,8 +487,8 @@ if ($socid > 0) {
print '</td>';
if ($user->rights->societe->creer || $user->rights->facture->creer) {
print '<td class="center nowrap">';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=split&remid='.$obj->rowid.($backtopage ? '&backtopage='.urlencode($backtopage) : '').'">'.img_split($langs->trans("SplitDiscount")).'</a>';
print '<a class="reposition marginleftonly" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=remove&remid='.$obj->rowid.($backtopage ? '&backtopage='.urlencode($backtopage) : '').'">'.img_delete($langs->trans("RemoveDiscount")).'</a>';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=split&token='.newToken().'&remid='.$obj->rowid.($backtopage ? '&backtopage='.urlencode($backtopage) : '').'">'.img_split($langs->trans("SplitDiscount")).'</a>';
print '<a class="reposition marginleftonly" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=remove&token='.newToken().'&remid='.$obj->rowid.($backtopage ? '&backtopage='.urlencode($backtopage) : '').'">'.img_delete($langs->trans("RemoveDiscount")).'</a>';
print '</td>';
} else {
print '<td>&nbsp;</td>';
@ -620,8 +626,8 @@ if ($socid > 0) {
print '</td>';
if ($user->rights->societe->creer || $user->rights->facture->creer) {
print '<td class="center nowrap">';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=split&remid='.$obj->rowid.($backtopage ? '&backtopage='.urlencode($backtopage) : '').'">'.img_split($langs->trans("SplitDiscount")).'</a>';
print '<a class="reposition marginleftonly" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=remove&remid='.$obj->rowid.($backtopage ? '&backtopage='.urlencode($backtopage) : '').'">'.img_delete($langs->trans("RemoveDiscount")).'</a>';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=split&token='.newToken().'&remid='.$obj->rowid.($backtopage ? '&backtopage='.urlencode($backtopage) : '').'">'.img_split($langs->trans("SplitDiscount")).'</a>';
print '<a class="reposition marginleftonly" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=remove&token='.newToken().'&remid='.$obj->rowid.($backtopage ? '&backtopage='.urlencode($backtopage) : '').'">'.img_delete($langs->trans("RemoveDiscount")).'</a>';
print '</td>';
} else {
print '<td>&nbsp;</td>';

6
htdocs/commande/card.php
View File

@ -423,7 +423,7 @@ if (empty($reshook)) {
$originidforcontact=$srcobject->origin_id;
}
$sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'";
$sqlcontact.= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'";
$resqlcontact = $db->query($sqlcontact);
if ($resqlcontact)
@ -501,7 +501,7 @@ if (empty($reshook)) {
setEventMessages($object->error, $object->errors, 'errors');
}
} elseif ($action == 'setremise' && $usercancreate) {
$result = $object->setDiscount($user, GETPOST('remise'));
$result = $object->setDiscount($user, price2num(GETPOST('remise'), 2));
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
}
@ -515,7 +515,7 @@ if (empty($reshook)) {
}
} elseif ($action == 'setdate' && $usercancreate) {
// print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$date = dol_mktime(0, 0, 0, GETPOST('order_month'), GETPOST('order_day'), GETPOST('order_year'));
$date = dol_mktime(0, 0, 0, GETPOST('order_month', 'int'), GETPOST('order_day', 'int'), GETPOST('order_year', 'int'));
$result = $object->set_date($user, $date);
if ($result < 0) {

28
htdocs/commande/class/commande.class.php
View File

@ -1113,7 +1113,7 @@ class Commande extends CommonOrder
}
$sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
$sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
$resqlcontact = $this->db->query($sqlcontact);
if ($resqlcontact) {
@ -2331,7 +2331,7 @@ class Commande extends CommonOrder
$sql = "SELECT fk_product, qty";
$sql .= " FROM ".MAIN_DB_PREFIX."commandedet";
$sql .= " WHERE rowid = ".$lineid;
$sql .= " WHERE rowid = ".((int) $lineid);
$result = $this->db->query($sql);
if ($result) {
@ -2413,11 +2413,11 @@ class Commande extends CommonOrder
$this->db->begin();
$remise = price2num($remise);
$remise = price2num($remise, 2);
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
$sql .= ' SET remise_percent = '.$remise;
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;';
$sql .= ' SET remise_percent = '.((float) $remise);
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2468,18 +2468,20 @@ class Commande extends CommonOrder
public function set_remise_absolue($user, $remise, $notrigger = 0)
{
// phpcs:enable
$remise = trim($remise) ?trim($remise) : 0;
if (empty($remise)) {
$remise = 0;
}
$remise = price2num($remise);
if ($user->rights->commande->creer) {
$error = 0;
$this->db->begin();
$remise = price2num($remise);
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
$sql .= ' SET remise_absolue = '.$remise;
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;';
$sql .= ' SET remise_absolue = '.((float) $remise);
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2741,7 +2743,7 @@ class Commande extends CommonOrder
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
$sql .= ' SET fk_availability = '.$availability_id;
$sql .= ' SET fk_availability = '.((int) $availability_id);
$sql .= ' WHERE rowid='.((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
@ -2805,7 +2807,7 @@ class Commande extends CommonOrder
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
$sql .= ' SET fk_input_reason = '.$demand_reason_id;
$sql .= ' SET fk_input_reason = '.((int) $demand_reason_id);
$sql .= ' WHERE rowid='.((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
@ -2867,7 +2869,7 @@ class Commande extends CommonOrder
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET';
$sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : '\''.$this->db->escape($ref_client).'\'');
$sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'");
$sql .= ' WHERE rowid = '.$this->id;
dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG);

4
htdocs/commande/class/commandestats.class.php
View File

@ -100,13 +100,13 @@ class CommandeStats extends Stats
if ($typentid) {
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = c.fk_soc';
$this->where .= ' AND s.fk_typent = '.$typentid;
$this->where .= ' AND s.fk_typent = '.((int) $typentid);
}
if ($categid) {
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cats ON cats.fk_soc = c.fk_soc';
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as cat ON cat.rowid = cats.fk_categorie';
$this->where .= ' AND cat.rowid = '.$categid;
$this->where .= ' AND cat.rowid = '.((int) $categid);
}
}

3
htdocs/compta/bank/annuel.php
View File

@ -138,10 +138,11 @@ $head = bank_prepare_head($object);
print dol_get_fiche_head($head, 'annual', $langs->trans("FinancialAccount"), 0, 'account');
$title = $langs->trans("FinancialAccount")." : ".$object->label;
$link = ($year_start ? "<a href='".$_SERVER["PHP_SELF"]."?account=".$object->id."&year_start=".($year_start - 1)."'>".img_previous('', 'class="valignbottom"')."</a> ".$langs->trans("Year")." <a href='".$_SERVER["PHP_SELF"]."?account=".$object->id."&year_start=".($year_start + 1)."'>".img_next('', 'class="valignbottom"')."</a>" : "");
$link = ($year_start ? '<a href="'.$_SERVER["PHP_SELF"].'?account='.$object->id.'&year_start='.($year_start - 1).'">'.img_previous('', 'class="valignbottom"')."</a> ".$langs->trans("Year").' <a href="'.$_SERVER["PHP_SELF"].'?account='.$object->id.'&year_start='.($year_start + 1).'">'.img_next('', 'class="valignbottom"').'</a>' : '');
$linkback = '<a href="'.DOL_URL_ROOT.'/compta/bank/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
$morehtmlref = '';
if (!empty($id)) {
if (!preg_match('/,/', $id)) {

Some files were not shown because too many files have changed in this diff Show More