lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:Dolibarr/dolibarr into dev_EventOrganisation

Browse Source
This commit is contained in:
Florian HENRY 2021-03-26 18:30:08 +01:00
commit f87711bf2f
208 changed files with 2460 additions and 1031 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
SECURITY.md
View File

@ -12,7 +12,7 @@ This file contains some policies about the security reports on Dolibarr ERP CRM
## Reporting a Vulnerability
To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (or alternatively send an email to security@dolibarr.org)
To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (if you have permissions) or alternatively send an email to security@dolibarr.org (for everybody)
## Hunting vulnerabilities on Dolibarr
@ -55,7 +55,7 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us
* $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value)
* $dolibarr_main_force_https must be set to something else than 0.
* The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be set to 1 soon by default)
* The module DebugBar and ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool)
* The module DebugBar and ModuleBuilder must NOT be enabled (by default, these modules are not enabled. They are developer tools)
* ONLY security reports on modules provided by default and with the "stable" status are valid (troubles into "experimental", "developement" or external modules are not valid vulnerabilities).
* The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer).
* The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly.
@ -65,12 +65,12 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us
Scope is the web application (back office) and the APIs.
## Qualifying vulnerabilities for Bug bounty programs
## Qualifying vulnerabilities for reporting
* Remote code execution (RCE)
* Local files access and manipulation (LFI, RFI, XXE, SSRF, XSPA)
* Code injections (HTML, JS, SQL, PHP, ...)
* Cross-Site Scripting (XSS)
* Cross-Site Scripting (XSS), except from setup page of module "External web site" (allowing any content here, editable by admin user only, is accepted on purpose or into module "Web site" when permission to edit website content is allowed).
* Cross-Site Requests Forgery (CSRF) with real security impact (when using GET URLs, CSRF are qualified only for creating, updating or deleting data from pages restricted to admin users)
* Open redirect
* Broken authentication & session management
@ -82,7 +82,7 @@ Scope is the web application (back office) and the APIs.
* Stack traces or path disclosure (for non admin users only)
## Non-qualifying vulnerabilities for Bug bounty programs, but qualified for reporting
## Non-qualifying vulnerabilities for reporting
* "Self" XSS
* SSL/TLS best practices

4
htdocs/accountancy/admin/account.php
View File

@ -582,6 +582,10 @@ if ($resql) {
$i++;
}
if ($num == 0) {
print '<tr><td colspan="'.$totalarray['nbfield'].'"><span class="opacitymedium">'.$langs->trans("None").'</span></td></tr>';
}
print "</table>";
print "</div>";
print '</form>';

4
htdocs/accountancy/admin/accountmodel.php
View File

@ -180,10 +180,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
}
}
// Other checks
if ($tabname[$id] == MAIN_DB_PREFIX."c_actioncomm" && GETPOSTISSET("type") && in_array($_POST["type"], array('system', 'systemauto'))) {
$ok = 0;
setEventMessages($langs->transnoentities('ErrorReservedTypeSystemSystemAuto'), null, 'errors');
}
if (GETPOSTISSET("pcg_version")) {
if (GETPOST("pcg_version") == '0') {
$ok = 0;

2
htdocs/accountancy/admin/categories_list.php
View File

@ -185,7 +185,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
}
}
if (GETPOSTISSET("code")) {
if ($_POST["code"] == '0') {
if (GETPOST("code") == '0') {
$ok = 0;
setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors');
}

4
htdocs/accountancy/admin/fiscalyear_card.php
View File

@ -121,8 +121,8 @@ if ($action == 'confirm_delete' && $confirm == "yes") {
if (!GETPOST('cancel', 'alpha')) {
$result = $object->fetch($id);
$object->date_start = empty($_POST["fiscalyear"]) ? '' : $date_start;
$object->date_end = empty($_POST["fiscalyearend"]) ? '' : $date_end;
$object->date_start = GETPOST("fiscalyear") ? $date_start : '';
$object->date_end = GETPOST("fiscalyearend") ? $date_end : '';
$object->label = GETPOST('label', 'alpha');
$object->statut = GETPOST('statut', 'int');

32
htdocs/adherents/canvas/actions_adherentcard_common.class.php
View File

@ -253,23 +253,23 @@ abstract class ActionsAdherentCardCommon
// phpcs:enable
global $langs, $mysoc;
$this->object->old_name = $_POST["old_name"];
$this->object->old_firstname = $_POST["old_firstname"];
$this->object->old_name = GETPOST("old_name");
$this->object->old_firstname = GETPOST("old_firstname");
$this->object->fk_soc = $_POST["fk_soc"];
$this->object->lastname = $_POST["lastname"];
$this->object->firstname = $_POST["firstname"];
$this->object->civility_id = $_POST["civility_id"];
$this->object->address = $_POST["address"];
$this->object->zip = $_POST["zipcode"];
$this->object->town = $_POST["town"];
$this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id;
$this->object->state_id = $_POST["state_id"];
$this->object->phone_perso = $_POST["phone_perso"];
$this->object->phone_mobile = $_POST["phone_mobile"];
$this->object->email = $_POST["email"];
$this->object->note = $_POST["note"];
$this->object->canvas = $_POST["canvas"];
$this->object->fk_soc = GETPOST("fk_soc");
$this->object->lastname = GETPOST("lastname");
$this->object->firstname = GETPOST("firstname");
$this->object->civility_id = GETPOST("civility_id");
$this->object->address = GETPOST("address");
$this->object->zip = GETPOST("zipcode");
$this->object->town = GETPOST("town");
$this->object->country_id = GETPOST("country_id", 'int') ? GETPOST("country_id", 'int') : $mysoc->country_id;
$this->object->state_id = GETPOST("state_id", 'int');
$this->object->phone_perso = GETPOST("phone_perso");
$this->object->phone_mobile = GETPOST("phone_mobile");
$this->object->email = GETPOST("email", 'alphawithlgt');
$this->object->note = GETPOST("note", 'restricthtml');
$this->object->canvas = GETPOST("canvas");
// We set country_id, and country_code label of the chosen country
if ($this->object->country_id) {

4
htdocs/adherents/class/adherent.class.php
View File

@ -1141,7 +1141,7 @@ class Adherent extends CommonObject
$this->db->begin();
// If user is linked to this member, remove old link to this member
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".((int) $this->id);
dol_syslog(get_class($this)."::setUserId", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1152,7 +1152,7 @@ class Adherent extends CommonObject
// Set link to user
if ($userid > 0) {
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id);
$sql .= " WHERE rowid = ".$userid;
dol_syslog(get_class($this)."::setUserId", LOG_DEBUG);
$resql = $this->db->query($sql);

53
htdocs/adherents/subscription.php
View File

@ -44,6 +44,7 @@ $action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha');
$rowid = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int');
$typeid = GETPOST('typeid', 'int');
$cancel = GETPOST('cancel');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
@ -148,19 +149,18 @@ if (empty($reshook) && $action == 'confirm_create_thirdparty' && $confirm == 'ye
if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer)) {
$error = 0;
if (empty($user->rights->user->user->creer)) { // If can edit only itself user, we can link to itself only
if ($_POST["userid"] != $user->id && $_POST["userid"] != $object->user_id) {
if (GETPOST("userid", 'int') != $user->id && GETPOST("userid", 'int') != $object->user_id) {
$error++;
setEventMessages($langs->trans("ErrorUserPermissionAllowsToLinksToItselfOnly"), null, 'errors');
}
}
if (!$error) {
if ($_POST["userid"] != $object->user_id) { // If link differs from currently in database
$result = $object->setUserId($_POST["userid"]);
if (GETPOST("userid", 'int') != $object->user_id) { // If link differs from currently in database
$result = $object->setUserId(GETPOST("userid", 'int'));
if ($result < 0) {
dol_print_error('', $object->error);
}
$_POST['action'] = '';
$action = '';
}
}
@ -190,14 +190,13 @@ if (empty($reshook) && $action == 'setsocid') {
if ($result < 0) {
dol_print_error('', $object->error);
}
$_POST['action'] = '';
$action = '';
}
}
}
}
if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !$_POST["cancel"]) {
if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !$cancel) {
$error = 0;
$langs->load("banks");
@ -209,25 +208,25 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
$datesubscription = 0;
$datesubend = 0;
$paymentdate = 0;
if ($_POST["reyear"] && $_POST["remonth"] && $_POST["reday"]) {
$datesubscription = dol_mktime(0, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
if (GETPOST("reyear", "int") && GETPOST("remonth", "int") && GETPOST("reday", "int")) {
$datesubscription = dol_mktime(0, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int"));
}
if ($_POST["endyear"] && $_POST["endmonth"] && $_POST["endday"]) {
$datesubend = dol_mktime(0, 0, 0, $_POST["endmonth"], $_POST["endday"], $_POST["endyear"]);
if (GETPOST("endyear", 'int') && GETPOST("endmonth", 'int') && GETPOST("endday", 'int')) {
$datesubend = dol_mktime(0, 0, 0, GETPOST("endmonth", 'int'), GETPOST("endday", 'int'), GETPOST("endyear", 'int'));
}
if ($_POST["paymentyear"] && $_POST["paymentmonth"] && $_POST["paymentday"]) {
$paymentdate = dol_mktime(0, 0, 0, $_POST["paymentmonth"], $_POST["paymentday"], $_POST["paymentyear"]);
if (GETPOST("paymentyear", 'int') && GETPOST("paymentmonth", 'int') && GETPOST("paymentday", 'int')) {
$paymentdate = dol_mktime(0, 0, 0, GETPOST("paymentmonth", 'int'), GETPOST("paymentday", 'int'), GETPOST("paymentyear", 'int'));
}
$amount = price2num(GETPOST("subscription", 'alpha')); // Amount of subscription
$label = $_POST["label"];
$label = GETPOST("label");
// Payment informations
$accountid = $_POST["accountid"];
$operation = $_POST["operation"]; // Payment mode
$accountid = GETPOST("accountid", 'int');
$operation = GETPOST("operation", "alphanohtml"); // Payment mode
$num_chq = GETPOST("num_chq", "alphanohtml");
$emetteur_nom = $_POST["chqemetteur"];
$emetteur_banque = $_POST["chqbank"];
$option = $_POST["paymentsave"];
$emetteur_nom = GETPOST("chqemetteur");
$emetteur_banque = GETPOST("chqbank");
$option = GETPOST("paymentsave");
if (empty($option)) {
$option = 'none';
}
@ -267,19 +266,19 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
$error++;
$action = 'addsubscription';
} else {
if (!empty($conf->banque->enabled) && $_POST["paymentsave"] != 'none') {
if ($_POST["subscription"]) {
if (!$_POST["label"]) {
if (!empty($conf->banque->enabled) && GETPOST("paymentsave") != 'none') {
if (GETPOST("subscription")) {
if (!GETPOST("label")) {
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label"));
}
if ($_POST["paymentsave"] != 'invoiceonly' && !$_POST["operation"]) {
if (GETPOST("paymentsave") != 'invoiceonly' && !GETPOST("operation")) {
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode"));
}
if ($_POST["paymentsave"] != 'invoiceonly' && !($_POST["accountid"] > 0)) {
if (GETPOST("paymentsave") != 'invoiceonly' && !(GETPOST("accountid", 'int') > 0)) {
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("FinancialAccount"));
}
} else {
if ($_POST["accountid"]) {
if (GETPOST("accountid")) {
$errmsg = $langs->trans("ErrorDoNotProvideAccountsIfNullAmount");
}
}
@ -453,7 +452,8 @@ if ($optioncss != '') {
if ($rowid > 0) {
$res = $object->fetch($rowid);
if ($res < 0) {
dol_print_error($db, $object->error); exit;
dol_print_error($db, $object->error);
exit;
}
$adht->fetch($object->typeid);
@ -847,7 +847,7 @@ if ($rowid > 0) {
});
';
if (GETPOST('paymentsave')) {
print '$("#'.GETPOST('paymentsave').'").prop("checked",true);';
print '$("#'.GETPOST('paymentsave', 'aZ09').'").prop("checked", true);';
}
print '});';
print '</script>'."\n";
@ -1038,6 +1038,7 @@ if ($rowid > 0) {
// Bank account
print '<tr class="bankswitchclass"><td class="fieldrequired">'.$langs->trans("FinancialAccount").'</td><td>';
print img_picto('', 'bank_account');
$form->select_comptes(GETPOST('accountid'), 'accountid', 0, '', 2);
print "</td></tr>\n";

6
htdocs/adherents/subscription/list.php
View File

@ -547,8 +547,8 @@ while ($i < min($num, $limit)) {
// Label
if (!empty($arrayfields['t.libelle']['checked'])) {
print '<td>';
print dol_trunc($obj->note, 128);
print '<td class="tdoverflowmax500" title="'.dol_escape_htmltag($obj->note).'">';
print $obj->note;
print '</td>';
if (!$i) {
$totalarray['nbfield']++;
@ -586,7 +586,7 @@ while ($i < min($num, $limit)) {
}
// Price
if (!empty($arrayfields['d.amount']['checked'])) {
print '<td class="right">'.price($obj->subscription).'</td>';
print '<td class="right amount">'.price($obj->subscription).'</td>';
if (!$i) {
$totalarray['nbfield']++;
}

4
htdocs/admin/boxes.php
View File

@ -49,8 +49,8 @@ $boxes = array();
*/
if ($action == 'addconst') {
dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", $_POST["MAIN_BOXES_MAXLINES"], '', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", $_POST["MAIN_ACTIVATE_FILECACHE"], 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", GETPOST("MAIN_BOXES_MAXLINES", 'int'), '', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", GETPOST("MAIN_ACTIVATE_FILECACHE", 'alpha'), 'chaine', 0, '', $conf->entity);
}
if ($action == 'add') {

4
htdocs/admin/company.php
View File

@ -211,7 +211,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION", $uselocaltax1, 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION", $uselocaltax2, 'chaine', 0, '', $conf->entity);
if ($_POST["optionlocaltax1"] == "localtax1on") {
if (GETPOST("optionlocaltax1") == "localtax1on") {
if (!GETPOSTISSET('lt1')) {
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", 0, 'chaine', 0, '', $conf->entity);
} else {
@ -219,7 +219,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
}
dolibarr_set_const($db, "MAIN_INFO_LOCALTAX_CALC1", GETPOST("clt1", 'aZ09'), 'chaine', 0, '', $conf->entity);
}
if ($_POST["optionlocaltax2"] == "localtax2on") {
if (GETPOST("optionlocaltax2") == "localtax2on") {
if (!GETPOSTISSET('lt2')) {
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", 0, 'chaine', 0, '', $conf->entity);
} else {

2
htdocs/admin/delais.php
View File

@ -181,7 +181,7 @@ if ($action == 'update') {
}
}
dolibarr_set_const($db, "MAIN_DISABLE_METEO", $_POST["MAIN_DISABLE_METEO"], 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_DISABLE_METEO", GETPOST("MAIN_DISABLE_METEO"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_USE_METEO_WITH_PERCENTAGE", GETPOST("MAIN_USE_METEO_WITH_PERCENTAGE"), 'chaine', 0, '', $conf->entity);
// For update value with percentage

30
htdocs/admin/dict.php
View File

@ -44,7 +44,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
// Load translation files required by the page
$langs->loadLangs(array("errors", "admin", "main", "companies", "resource", "holiday", "accountancy", "hrm", "orders", "contracts", "projects", "propal", "bills", "interventions"));
$langs->loadLangs(array("errors", "admin", "main", "companies", "resource", "holiday", "accountancy", "hrm", "orders", "contracts", "projects", "propal", "bills", "interventions", "ticket"));
$action = GETPOST('action', 'alpha') ?GETPOST('action', 'alpha') : 'view';
$confirm = GETPOST('confirm', 'alpha');
@ -788,7 +788,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
$msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'<br>';
}*/
}
if (GETPOSTISSET("country") && ($_POST["country"] == '0') && ($id != 2)) {
if (GETPOSTISSET("country") && (GETPOST("country") == '0') && ($id != 2)) {
if (in_array($tablib[$id], array('DictionaryCompanyType', 'DictionaryHolidayTypes'))) { // Field country is no mandatory for such dictionaries
$_POST["country"] = '';
} else {
@ -796,25 +796,25 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities("Country")), null, 'errors');
}
}
if (($id == 3 || $id == 42) && !is_numeric($_POST["code"])) {
if (($id == 3 || $id == 42) && !is_numeric(GETPOST("code"))) {
$ok = 0;
setEventMessages($langs->transnoentities("ErrorFieldMustBeANumeric", $langs->transnoentities("Code")), null, 'errors');
}
// Clean some parameters
if ((!empty($_POST["localtax1_type"]) || ($_POST['localtax1_type'] == '0')) && empty($_POST["localtax1"])) {
if ((GETPOST("localtax1_type") || (GETPOST('localtax1_type') == '0')) && !GETPOST("localtax1")) {
$_POST["localtax1"] = '0'; // If empty, we force to 0
}
if ((!empty($_POST["localtax2_type"]) || ($_POST['localtax2_type'] == '0')) && empty($_POST["localtax2"])) {
if ((GETPOST("localtax2_type") || (GETPOST('localtax2_type') == '0')) && !GETPOST("localtax2")) {
$_POST["localtax2"] = '0'; // If empty, we force to 0
}
if ($_POST["accountancy_code"] <= 0) {
if (GETPOST("accountancy_code") <= 0) {
$_POST["accountancy_code"] = ''; // If empty, we force to null
}
if ($_POST["accountancy_code_sell"] <= 0) {
if (GETPOST("accountancy_code_sell") <= 0) {
$_POST["accountancy_code_sell"] = ''; // If empty, we force to null
}
if ($_POST["accountancy_code_buy"] <= 0) {
if (GETPOST("accountancy_code_buy") <= 0) {
$_POST["accountancy_code_buy"] = ''; // If empty, we force to null
}
if ($id == 10 && GETPOSTISSET("code")) { // Spaces are not allowed into code for tax dictionary
@ -1139,6 +1139,7 @@ if ($action == 'delete') {
}
//var_dump($elementList);
/*
* Show a dictionary
*/
@ -1397,6 +1398,9 @@ if ($id) {
if ($fieldlist[$field] == 'unit_type') {
$valuetoshow = $langs->trans('TypeOfUnit');
}
if ($fieldlist[$field] == 'public' && $tablib[$id] == 'TicketDictCategory') {
$valuetoshow = $langs->trans('TicketGroupIsPublic'); $class = 'center';
}
if ($id == 2) { // Special case for state page
if ($fieldlist[$field] == 'region_id') {
@ -1738,6 +1742,9 @@ if ($id) {
if ($fieldlist[$field] == 'unit_type') {
$valuetoshow = $langs->trans('TypeOfUnit');
}
if ($fieldlist[$field] == 'public' && $tablib[$id] == 'TicketDictCategory') {
$valuetoshow = $langs->trans('TicketGroupIsPublic'); $cssprefix = 'center ';
}
if ($fieldlist[$field] == 'region_id' || $fieldlist[$field] == 'country_id') {
$showfield = 0;
@ -1984,6 +1991,9 @@ if ($id) {
if ($fieldlist[$field] == 'use_default') {
$class .= ' center';
}
if ($fieldlist[$field] == 'public') {
$class .= ' center';
}
// Show value for field
if ($showfield) {
print '<!-- '.$fieldlist[$field].' --><td class="'.$class.'">'.$valuetoshow.'</td>';
@ -2343,10 +2353,10 @@ function fieldList($fieldlist, $obj = '', $tabname = '', $context = '')
if ($fieldlist[$field] == 'code') {
$class = 'maxwidth100';
}
if (in_array($fieldlist[$field], array('dayrule', 'day', 'month', 'year', 'pos', 'use_default', 'affect', 'delay', 'position', 'sortorder', 'sens', 'category_type'))) {
if (in_array($fieldlist[$field], array('dayrule', 'day', 'month', 'year', 'pos', 'use_default', 'affect', 'delay', 'position', 'public', 'sortorder', 'sens', 'category_type'))) {
$class = 'maxwidth50 center';
}
if (in_array($fieldlist[$field], array('use_default'))) {
if (in_array($fieldlist[$field], array('use_default', 'public'))) {
$classtd = 'center';
}
if (in_array($fieldlist[$field], array('libelle', 'label', 'tracking'))) {

1
htdocs/admin/dolistore/ajax/index.html Normal file
View File

@ -0,0 +1 @@

28
htdocs/admin/external_rss.php
View File

@ -41,7 +41,6 @@ if (!$user->admin) {
accessforbidden();
}
$def = array();
$lastexternalrss = 0;
$action = GETPOST('action', 'aZ09');
@ -56,6 +55,7 @@ $sql .= " WHERE ".$db->decrypt('name')." LIKE 'EXTERNAL_RSS_URLRSS_%'";
//print $sql;
$result = $db->query($sql); // We can't use SELECT MAX() because EXTERNAL_RSS_URLRSS_10 is lower than EXTERNAL_RSS_URLRSS_9
if ($result) {
$reg = array();
while ($obj = $db->fetch_object($result)) {
preg_match('/([0-9]+)$/i', $obj->name, $reg);
if ($reg[1] && $reg[1] > $lastexternalrss) {
@ -70,17 +70,17 @@ if ($action == 'add' || GETPOST("modify")) {
$external_rss_title = "external_rss_title_".GETPOST("norss", 'int');
$external_rss_urlrss = "external_rss_urlrss_".GETPOST("norss", 'int');
if (!empty($_POST[$external_rss_urlrss])) {
if (GETPOST($external_rss_urlrss, 'alpha')) {
$boxlabel = '(ExternalRSSInformations)';
//$external_rss_url = "external_rss_url_" . $_POST["norss"];
//$external_rss_url = "external_rss_url_" . GETPOST("norss");
$db->begin();
if ($_POST["modify"]) {
if (GETPOST("modify")) {
// Supprime boite box_external_rss de definition des boites
/* $sql = "UPDATE ".MAIN_DB_PREFIX."boxes_def";
$sql.= " SET name = '".$db->escape($boxlabel)."'";
$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape($_POST["norss"])." %'";
$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape(GETPOST("norss"))." %'";
$resql=$db->query($sql);
if (! $resql)
@ -95,13 +95,17 @@ if ($action == 'add' || GETPOST("modify")) {
$sql .= " VALUES ('box_external_rss.php','".$db->escape(GETPOST("norss", 'int').' ('.GETPOST($external_rss_title, 'alpha')).")')";
if (!$db->query($sql)) {
dol_print_error($db);
$err++;
$error++;
}
//print $sql;exit;
}
$result1 = dolibarr_set_const($db, "EXTERNAL_RSS_TITLE_".GETPOST("norss", 'int'), GETPOST($external_rss_title, 'alpha'), 'chaine', 0, '', $conf->entity);
if ($result1) {
$result2 = dolibarr_set_const($db, "EXTERNAL_RSS_URLRSS_".GETPOST("norss", 'int'), GETPOST($external_rss_urlrss, 'alpha'), 'chaine', 0, '', $conf->entity);
$consttosave = "EXTERNAL_RSS_URLRSS_".GETPOST("norss", 'int');
$urltosave = GETPOST($external_rss_urlrss, 'alpha');
$result2 = dolibarr_set_const($db, $consttosave, $urltosave, 'chaine', 0, '', $conf->entity);
//var_dump($result2);exit;
}
if ($result1 && $result2) {
@ -115,7 +119,7 @@ if ($action == 'add' || GETPOST("modify")) {
}
}
if ($_POST["delete"]) {
if (GETPOST("delete")) {
if (GETPOST("norss", 'int')) {
$db->begin();
@ -258,14 +262,14 @@ if ($resql) {
print '<tr class="oddeven">';
print "<td width=\"100px\">".$langs->trans("Title")."</td>";
print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_title_".$idrss."\" value=\"".dol_escape_htmltag($conf->global->$keyrsstitle)."\"></td>";
print '<td class="titlefield">'.$langs->trans("Title")."</td>";
print '<td><input type="text" class="flat minwidth300" name="external_rss_title_'.$idrss.'" value="'.dol_escape_htmltag($conf->global->$keyrsstitle).'"></td>';
print '</tr>'."\n";
print '<tr class="oddeven">';
print "<td>".$langs->trans("URL")."</td>";
print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_urlrss_".$idrss."\" value=\"".dol_escape_htmltag($conf->global->$keyrssurl)."\"></td>";
print '<td><input type="text" class="flat minwidth300" name="external_rss_urlrss_'.$idrss.'" value="'.dol_escape_htmltag($conf->global->$keyrssurl).'"></td>';
print '</tr>'."\n";
@ -307,7 +311,7 @@ if ($resql) {
// Active
$active = _isInBoxList($idrss, $boxlist) ? 'yes' : 'no';
print '<tr class="oddeven">';
print '<td>'.$langs->trans('WidgetEnabled').'</td>';
print '<td>'.$langs->trans('WidgetAvailable').'</td>';
print '<td>'.yn($active).'</td>';
print '</tr>'."\n";

2
htdocs/admin/ihm.php
View File

@ -96,7 +96,7 @@ if ($action == 'removebackgroundlogin' && !empty($conf->global->MAIN_LOGIN_BACKG
if ($action == 'update') {
dolibarr_set_const($db, "MAIN_LANG_DEFAULT", GETPOST("MAIN_LANG_DEFAULT", 'aZ09'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", (int) $conf->global->MAIN_IHM_PARAMS_REV + 1, 'chaine', 0, '', $conf->entity);
//dolibarr_set_const($db, "MAIN_MULTILANGS", $_POST["MAIN_MULTILANGS"], 'chaine', 0, '', $conf->entity);
//dolibarr_set_const($db, "MAIN_MULTILANGS", GETPOST("MAIN_MULTILANGS"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_THEME", GETPOST("main_theme", 'aZ09'), 'chaine', 0, '', $conf->entity);

22
htdocs/admin/mailman.php
View File

@ -46,21 +46,27 @@ $action = GETPOST('action', 'aZ09');
$testsubscribeemail = GETPOST("testsubscribeemail");
$testunsubscribeemail = GETPOST("testunsubscribeemail");
$error = 0;
/*
* Actions
*/
// Action updated or added a constant
if ($action == 'update' || $action == 'add') {
foreach ($_POST['constname'] as $key => $val) {
$constname = $_POST["constname"][$key];
$constvalue = $_POST["constvalue"][$key];
$consttype = $_POST["consttype"][$key];
$constnote = $_POST["constnote"][$key];
$res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity);
$tmparray = GETPOST('constname', 'array');
if (is_array($tmparray)) {
foreach ($tmparray as $key => $val) {
$constname = $tmparray[$key];
$constvalue = $tmparray[$key];
$consttype = $tmparray[$key];
$constnote = $tmparray[$key];
$res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity);
if (!($res > 0)) {
$error++;
if (!($res > 0)) {
$error++;
}
}
}

3
htdocs/admin/mails_emailing.php
View File

@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors'));
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
if (!$user->admin) {
accessforbidden();
@ -59,7 +60,7 @@ complete_substitutions_array($substitutionarrayfortest, $langs);
* Actions
*/
if ($action == 'update' && empty($_POST["cancel"])) {
if ($action == 'update' && !$cancel) {
// Send mode parameters
dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_EMAILING", GETPOST("MAIN_MAIL_SENDMODE_EMAILING"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_EMAILING", GETPOST("MAIN_MAIL_SMTP_PORT_EMAILING"), 'chaine', 0, '', $conf->entity);

3
htdocs/admin/mails_ticket.php
View File

@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors'));
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$usersignature = $user->signature;
// For action = test or send, we ensure that content is not html, even for signature, because this we want a test with NO html.
@ -59,7 +60,7 @@ if (!$user->admin) {
* Actions
*/
if ($action == 'update' && empty($_POST["cancel"])) {
if ($action == 'update' && !$cancel) {
// Send mode parameters
dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_TICKET", GETPOST("MAIN_MAIL_SENDMODE_TICKET"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_TICKET", GETPOST("MAIN_MAIL_SMTP_PORT_TICKET"), 'chaine', 0, '', $conf->entity);

4
htdocs/admin/menus/edit.php
View File

@ -333,8 +333,8 @@ if ($action == 'create') {
} else {
print '<select name="type" class="flat" id="topleft">';
print '<option value="">&nbsp;</option>';
print '<option value="top"'.(!empty($_POST["type"]) && $_POST["type"] == 'top' ? ' selected' : '').'>'.$langs->trans('Top').'</option>';
print '<option value="left"'.(!empty($_POST["type"]) && $_POST["type"] == 'left' ? ' selected' : '').'>'.$langs->trans('Left').'</option>';
print '<option value="top"'.(GETPOST("type") == 'top' ? ' selected' : '').'>'.$langs->trans('Top').'</option>';
print '<option value="left"'.(GETPOST("type") == 'left' ? ' selected' : '').'>'.$langs->trans('Left').'</option>';
print '</select>';
}
print '</td><td>'.$langs->trans('DetailType').'</td></tr>';

4
htdocs/admin/multicurrency.php
View File

@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/multicurrency/class/multicurrency.class.php';
$langs->loadLangs(array('admin', 'multicurrency'));
// Access control
if (!$user->admin) {
if (!$user->admin || empty($conf->multicurrency->enabled)) {
accessforbidden();
}
@ -45,7 +45,7 @@ $action = GETPOST('action', 'aZ09');
* Actions
*/
$reg = array();
if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) {
$code = $reg[1];
$value = GETPOST($code, 'alpha');

2
htdocs/admin/sms.php
View File

@ -66,7 +66,7 @@ if ($action == 'send' && !$_POST['cancel']) {
$error = 0;
$smsfrom = '';
if (!empty($_POST["fromsms"])) {
if (GETPOST("fromsms", 'alphanohtml')) {
$smsfrom = GETPOST("fromsms", 'alphanohtml');
}
if (empty($smsfrom)) {

100
htdocs/admin/ticket_public.php
View File

@ -59,6 +59,38 @@ if ($action == 'setTICKET_ENABLE_PUBLIC_INTERFACE') {
if ($action == 'setvar') {
include_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php";
if (GETPOSTISSET('TICKET_ENABLE_PUBLIC_INTERFACE')) { // only for no js case
$param_enable_public_interface = GETPOST('TICKET_ENABLE_PUBLIC_INTERFACE', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_ENABLE_PUBLIC_INTERFACE', $param_enable_public_interface, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
}
if (GETPOSTISSET('TICKET_EMAIL_MUST_EXISTS')) { // only for no js case
$param_must_exists = GETPOST('TICKET_EMAIL_MUST_EXISTS', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_EMAIL_MUST_EXISTS', $param_must_exists, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
}
if (GETPOSTISSET('TICKET_DISABLE_CUSTOMER_MAILS')) { // only for no js case
$param_disable_email = GETPOST('TICKET_DISABLE_CUSTOMER_MAILS', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_DISABLE_CUSTOMER_MAILS', $param_disable_email, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
}
if (GETPOSTISSET('TICKET_SHOW_COMPANY_LOGO')) { // only for no js case
$param_show_module_logo = GETPOST('TICKET_SHOW_COMPANY_LOGO', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_SHOW_COMPANY_LOGO', $param_show_module_logo, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
}
$topic_interface = GETPOST('TICKET_PUBLIC_INTERFACE_TOPIC', 'nohtml');
if (!empty($topic_interface)) {
$res = dolibarr_set_const($db, 'TICKET_PUBLIC_INTERFACE_TOPIC', $topic_interface, 'chaine', 0, '', $conf->entity);
@ -114,32 +146,6 @@ if ($action == 'setvar') {
if (!($res > 0)) {
$error++;
}
}
if ($action == 'setvarother') {
$param_enable_public_interface = GETPOST('TICKET_ENABLE_PUBLIC_INTERFACE', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_ENABLE_PUBLIC_INTERFACE', $param_enable_public_interface, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
$param_must_exists = GETPOST('TICKET_EMAIL_MUST_EXISTS', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_EMAIL_MUST_EXISTS', $param_must_exists, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
$param_disable_email = GETPOST('TICKET_DISABLE_CUSTOMER_MAILS', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_DISABLE_CUSTOMER_MAILS', $param_disable_email, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
$param_show_module_logo = GETPOST('TICKET_SHOW_COMPANY_LOGO', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_SHOW_COMPANY_LOGO', $param_show_module_logo, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
if ($conf->global->MAIN_FEATURES_LEVEL >= 2) {
$param_notification_also_main_addressemail = GETPOST('TICKET_NOTIFICATION_ALSO_MAIN_ADDRESS', 'alpha');
@ -197,18 +203,16 @@ print '<input type="hidden" id="TICKET_ENABLE_PUBLIC_INTERFACE" name="TICKET_ENA
print '<br><br>';
if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
if (empty($conf->use_javascript_ajax)) {
print '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data" >';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setvarother">';
}
print '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data" >';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setvar">';
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td>'.$langs->trans("Parameters").'</td>';
print '<td class="left">';
print '</td>';
print '<td class="center">';
print '<td class="center width75">';
print '</td>';
print '</tr>';
@ -222,7 +226,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print $form->selectarray("TICKET_EMAIL_MUST_EXISTS", $arrval, $conf->global->TICKET_EMAIL_MUST_EXISTS);
}
print '</td>';
print '<td class="center">';
print '<td class="center width75">';
print $form->textwithpicto('', $langs->trans("TicketsEmailMustExistHelp"), 1, 'help');
print '</td>';
print '</tr>';
@ -255,7 +259,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print $form->selectarray("TICKET_SHOW_COMPANY_LOGO", $arrval, $conf->global->TICKET_SHOW_COMPANY_LOGO);
}
print '</td>';
print '<td class="center">';
print '<td class="center width75">';
print $form->textwithpicto('', $langs->trans("TicketsShowCompanyLogoHelp"), 1, 'help');
print '</td>';
print '</tr>';
@ -271,8 +275,8 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print $form->selectarray("TICKET_NOTIFICATION_ALSO_MAIN_ADDRESS", $arrval, $conf->global->TICKET_NOTIFICATION_ALSO_MAIN_ADDRESS);
}
print '</td>';
print '<td class="center">';
print $form->textwithpicto('', $langs->trans("TicketsEmailAlsoSendToMainAddressHelp"), 1, 'help');
print '<td class="center width75">';
print $form->textwithpicto('', $langs->trans("TicketsEmailAlsoSendToMainAddressHelp", $langs->transnoentitiesnoconv("TicketEmailNotificationTo").' ('.$langs->transnoentitiesnoconv("Creation").')', $langs->trans("Settings")), 1, 'help');
print '</td>';
print '</tr>';
}
@ -282,28 +286,6 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print '</tr>';
}
print '</table>';
print '</div>';
print '<br>';
if (!$conf->use_javascript_ajax) {
print '</form>';
}
// Admin var of module
print load_fiche_titre($langs->trans("TicketParamMail"));
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data" >';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setvar">';
print '<tr class="liste_titre">';
print '<td colspan="3">'.$langs->trans("Parameter").'</td>';
print "</tr>\n";
if (empty($conf->global->FCKEDITOR_ENABLE_MAIL)) {
print '<tr>';
print '<td colspan="3"><div class="info">'.$langs->trans("TicketCkEditorEmailNotActivated").'</div></td>';
@ -316,7 +298,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print '</td><td>';
print '<input type="text" name="TICKET_PUBLIC_INTERFACE_TOPIC" value="'.$conf->global->TICKET_PUBLIC_INTERFACE_TOPIC.'" size="40" ></td>';
print '</td>';
print '<td class="center">';
print '<td class="center width75">';
print $form->textwithpicto('', $langs->trans("TicketPublicInterfaceTopicHelp"), 1, 'help');
print '</td></tr>';

216
htdocs/api/admin/explorer.php
View File

@ -1,216 +0,0 @@
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* @deprecated Old explorer. Not using Swagger. See instead explorer in htdocs/api/index.php.
*/
/**
* \defgroup api Module DolibarrApi
* \brief API loader
* Search files htdocs/<module>/class/api_<module>.class.php
* \file htdocs/api/admin/explorer.php
*/
use Luracast\Restler\Routes;
require_once '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/api/class/api.class.php';
require_once DOL_DOCUMENT_ROOT.'/api/class/api_access.class.php';
// Load translation files required by the page
$langs->load("admin");
/*
* View
*/
// Enable and test if module Api is enabled
if (empty($conf->global->MAIN_MODULE_API)) {
dol_syslog("Call Dolibarr API interfaces with module REST disabled");
print $langs->trans("WarningModuleNotActive", 'Api').'.<br><br>';
print $langs->trans("ToActivateModule");
exit;
}
$api = new DolibarrApi($db);
$api->r->addAPIClass('Luracast\\Restler\\Resources'); //this creates resources.json at API Root
$api->r->setSupportedFormats('JsonFormat', 'XmlFormat');
$api->r->addAuthenticationClass('DolibarrApiAccess', '');
$listofapis = array();
$modulesdir = dolGetModulesDirs();
foreach ($modulesdir as $dir) {
/*
* Search available module
*/
//dol_syslog("Scan directory ".$dir." for API modules");
$handle = @opendir(dol_osencode($dir));
if (is_resource($handle)) {
while (($file = readdir($handle)) !== false) {
if (is_readable($dir.$file) && preg_match("/^(mod.*)\.class\.php$/i", $file, $reg)) {
$modulename = $reg[1];
// Defined if module is enabled
$enabled = true;
$module = $part = $obj = strtolower(preg_replace('/^mod/i', '', $modulename));
//if ($part == 'propale') $part='propal';
if ($module == 'societe') {
$obj = 'thirdparty';
}
if ($module == 'categorie') {
$part = 'categories';
$obj = 'category';
}
if ($module == 'facture') {
$part = 'compta/facture';
$obj = 'facture';
}
if ($module == 'ficheinter') {
$obj = 'fichinter';
$part = 'fichinter';
$module = 'fichinter';
}
if (empty($conf->$module->enabled)) {
$enabled = false;
}
if ($enabled) {
/*
* If exists, load the API class for enable module
*
* Search files named api_<object>.class.php into /htdocs/<module>/class directory
*
* @todo : take care of externals module!
* @todo : use getElementProperties() function ?
*/
$dir_part = DOL_DOCUMENT_ROOT.'/'.$part.'/class/';
$handle_part = @opendir(dol_osencode($dir_part));
if (is_resource($handle_part)) {
while (($file_searched = readdir($handle_part)) !== false) {
if (is_readable($dir_part.$file_searched) && preg_match("/^api_(.*)\.class\.php$/i", $file_searched, $reg)) {
$classname = ucwords($reg[1]);
require_once $dir_part.$file_searched;
if (class_exists($classname)) {
dol_syslog("Found API classname=".$classname." into ".$dir);
$listofapis[] = $classname;
}
}
/*
if (is_readable($dir_part.$file_searched) && preg_match("/^(api_.*)\.class\.php$/i",$file_searched,$reg))
{
$classname=$reg[1];
$classname = str_replace('Api_','',ucwords($reg[1])).'Api';
//$classname = str_replace('Api_','',ucwords($reg[1]));
$classname = ucfirst($classname);
require_once $dir_part.$file_searched;
// if (class_exists($classname))
// {
// dol_syslog("Found API classname=".$classname);
// $api->r->addAPIClass($classname,'');
// require_once DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/Routes.php';
// $tmpclass = new ReflectionClass($classname);
// try {
// $classMetadata = CommentParser::parse($tmpclass->getDocComment());
// } catch (Exception $e) {
// throw new RestException(500, "Error while parsing comments of `$classname` class. " . $e->getMessage());
// }
// //$listofapis[]=array('classname'=>$classname, 'fullpath'=>$file_searched);
// }
}*/
}
}
}
}
}
}
}
//var_dump($listofapis);
$listofapis = Routes::toArray(); // @todo api for "status" is lost here
//var_dump($listofapis);
llxHeader();
$linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
print load_fiche_titre($langs->trans("ApiSetup"), $linkback, 'title_setup');
// Define $urlwithroot
$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
$urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
// Show message
print '<br>';
$message = '';
$url = '<a href="'.$urlwithroot.'/api/index.php/login?login='.urlencode($user->login).'&password=yourpassword" target="_blank">'.$urlwithroot.'/api/index.php/login?login='.urlencode($user->login).'&password=yourpassword[&reset=1]</a>';
$message .= $langs->trans("UrlToGetKeyToUseAPIs").':<br>';
$message .= img_picto('', 'globe').' '.$url;
print $message;
print '<br>';
print '<br>';
$oldclass = '';
print $langs->trans("ListOfAvailableAPIs").':<br>';
foreach ($listofapis['v1'] as $key => $val) {
if ($key == 'login') {
continue;
}
if ($key == 'index') {
continue;
}
if ($key) {
foreach ($val as $method => $val2) {
$newclass = $val2['className'];
if (preg_match('/restler/i', $newclass)) {
continue;
}
if ($oldclass != $newclass) {
print "\n<br>\n".$langs->trans("Class").': '.$newclass.'<br>'."\n";
$oldclass = $newclass;
}
//print $key.' - '.$val['classname'].' - '.$val['fullpath']." - ".DOL_MAIN_URL_ROOT.'/api/index.php/'.strtolower(preg_replace('/Api$/','',$val['classname']))."/xxx<br>\n";
$url = $urlwithroot.'/api/index.php/'.$key;
$url .= '?api_key=token';
print img_picto('', 'globe').' '.$method.' <a href="'.$url.'" target="_blank">'.$url."</a><br>\n";
}
}
}
print '<br>';
print '<br>';
print $langs->trans("OnlyActiveElementsAreExposed", DOL_URL_ROOT.'/admin/modules.php');
llxFooter();
$db->close();

87
htdocs/api/admin/explorer_withredoc.php Normal file
View File

@ -0,0 +1,87 @@
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* @deprecated Old explorer. Not using Swagger. See instead explorer in htdocs/api/index.php.
*/
/**
* \defgroup api Module DolibarrApi
* \brief API explorer using the swagger.json file
* \file htdocs/api/admin/explorer_withredoc.php
*/
require_once '../../main.inc.php';
// Enable and test if module Api is enabled
if (empty($conf->global->MAIN_MODULE_API)) {
$langs->load("admin");
dol_syslog("Call of Dolibarr API interfaces with module API REST are disabled");
print $langs->trans("WarningModuleNotActive", 'Api').'.<br><br>';
print $langs->trans("ToActivateModule");
//session_destroy();
exit(0);
}
// Test if explorer is not disabled
if (!empty($conf->global->API_EXPLORER_DISABLED)) {
$langs->load("admin");
dol_syslog("Call Dolibarr API interfaces with module REST disabled");
print $langs->trans("WarningAPIExplorerDisabled").'.<br><br>';
//session_destroy();
exit(0);
}
// Restrict API to some IPs
if (!empty($conf->global->API_RESTRICT_ON_IP)) {
$allowedip = explode(' ', $conf->global->API_RESTRICT_ON_IP);
$ipremote = getUserRemoteIP();
if (!in_array($ipremote, $allowedip)) {
dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->API_RESTRICT_ON_IP);
print 'APIs are not allowed from the IP '.$ipremote;
header('HTTP/1.1 503 API not allowed from your IP '.$ipremote);
//session_destroy();
exit(0);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>ReDoc</title>
<!-- needed for adaptive design -->
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://fonts.googleapis.com/css?family=Montserrat:300,400,700|Roboto:300,400,700" rel="stylesheet">
<!--
ReDoc doesn't change outer page styles
-->
<style>
body {
margin: 0;
padding: 0;
}
</style>
</head>
<body>
<redoc spec-url='<?php echo DOL_MAIN_URL_ROOT.'/api/index.php/explorer/swagger.json?DOLAPIKEY='.GETPOST('DOLAPIKEY', 'aZ09'); ?>'></redoc>
<!--<redoc spec-url='https://demo.dolibarr.org/api/index.php/explorer/swagger.json'></redoc>-->
<!--<redoc spec-url='http://petstore.swagger.io/v2/swagger.json'></redoc>-->
<script src="https://cdn.jsdelivr.net/npm/redoc/bundles/redoc.standalone.js"> </script>
</body>
</html>

8
htdocs/api/admin/index.php
View File

@ -141,7 +141,7 @@ $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domai
$message = '';
$url = $urlwithroot.'/api/index.php/login?login=<strong>auserlogin</strong>&password=<strong>thepassword</strong>[&reset=1]';
$message .= '<span class="opacitymedium">'.$langs->trans("UrlToGetKeyToUseAPIs").':</span><br>';
$message .= img_picto('', 'globe').' '.$url;
$message .= '<div class="urllink">'.img_picto('', 'globe').' '.$url.'</div>';
print $message;
print '<br>';
print '<br>';
@ -150,7 +150,11 @@ print '<br>';
print '<u>'.$langs->trans("ApiExporerIs").':</u><br>';
if (dol_is_dir(DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/explorer')) {
$url = DOL_MAIN_URL_ROOT.'/api/index.php/explorer';
print img_picto('', 'globe').' <a href="'.$url.'" target="_blank">'.$url."</a><br>\n";
print '<div class="urllink">'.img_picto('', 'globe').' <a href="'.$url.'" target="_blank">'.$url."</a></div><br>\n";
print '<div class="opacitymediumxxx"><br><u>'.$langs->trans("SwaggerDescriptionFile").':</u><br>';
$urlswagger = DOL_MAIN_URL_ROOT.'/api/index.php/explorer/swagger.json?DOLAPIKEY=youruserapikey';
print '<div class="urllink">'.img_picto('', 'globe').' <a href="'.$urlswagger.'" target="_blank">'.$urlswagger."</a></div><br>\n";
print '</div>';
} else {
$langs->load("errors");
print info_admin($langs->trans("ErrorNotAvailableWithThisDistribution"), 0, 0, 'error');

31
htdocs/api/index.php
View File

@ -2,6 +2,7 @@
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2017 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2021 Alexis LAURIER <contact@alexislaurier.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -54,6 +55,12 @@ if (!empty($_SERVER['HTTP_DOLAPIENTITY'])) {
define("DOLENTITY", (int) $_SERVER['HTTP_DOLAPIENTITY']);
}
// When we request url to get the json file, we accept Cross site so we can include the descriptor into an external tool.
if (preg_match('/\/explorer\/swagger\.json/', $_SERVER["PHP_SELF"])) {
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE');
header('Access-Control-Allow-Headers: Content-Type, Authorization, api_key, DOLAPIKEY');
}
$res = 0;
if (!$res && file_exists("../main.inc.php")) {
@ -88,7 +95,7 @@ if (!empty($conf->global->MAIN_NGINX_FIX)) {
// Enable and test if module Api is enabled
if (empty($conf->global->MAIN_MODULE_API)) {
$langs->load("admin");
dol_syslog("Call Dolibarr API interfaces with module REST disabled");
dol_syslog("Call of Dolibarr API interfaces with module API REST are disabled");
print $langs->trans("WarningModuleNotActive", 'Api').'.<br><br>';
print $langs->trans("ToActivateModule");
//session_destroy();
@ -307,12 +314,28 @@ if (!empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' &&
//var_dump($api->r->apiVersionMap);
//exit;
// We do not want that restler output data if we use native compression (default behaviour) but we want to have it returned into a string.
Luracast\Restler\Defaults::$returnResponse = (empty($conf->global->API_DISABLE_COMPRESSION) && !empty($_SERVER['HTTP_ACCEPT_ENCODING']));
// Call API (we suppose we found it).
// The handle will use the file api/temp/routes.php to get data to run the API. If the file exists and the entry for API is not found, it will return 404.
$result = $api->r->handle();
//Luracast\Restler\Defaults::$returnResponse = true;
//print $api->r->handle();
if (Luracast\Restler\Defaults::$returnResponse) {
// We try to compress data
if (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'br') !== false && is_callable('brotli_compress')) {
header('Content-Encoding: br');
$result = brotli_compress($result, 11, BROTLI_TEXT);
} elseif (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'bz') !== false && is_callable('bzcompress')) {
header('Content-Encoding: bz');
$result = bzcompress($result, 9);
} elseif (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false && is_callable('gzencode')) {
header('Content-Encoding: gzip');
$result = gzencode($result, 9);
}
$api->r->handle();
// Restler did not output data yet, we return it now
echo $result;
}
//session_destroy();

2
htdocs/bookmarks/bookmarks.lib.php
View File

@ -53,7 +53,7 @@ function printDropdownBookmarksList()
if (is_array($_POST)) {
foreach ($_POST as $key => $val) {
if (preg_match('/^search_/', $key) && $val != '') {
$tmpurl .= ($tmpurl ? '&' : '').$key.'='.$val;
$tmpurl .= ($tmpurl ? '&' : '').http_build_query(array($key => $val));
}
}
}

1
htdocs/cashdesk/admin/cashdesk.php
View File

@ -45,6 +45,7 @@ $langs->loadLangs(array("admin", "cashdesk"));
/*
* Actions
*/
if (GETPOST('action', 'alpha') == 'set') {
$db->begin();

10
htdocs/cashdesk/affContenu.php
View File

@ -22,6 +22,7 @@
* \ingroup cashdesk
* \brief Include to show main page for cashdesk module
*/
require_once 'class/Facturation.class.php';
// Si nouvelle vente, reinitialisation des donnees (destruction de l'objet et vidage de la table contenant la liste des articles)
@ -39,6 +40,15 @@ if (isset($_SESSION['serObjFacturation'])) {
$obj_facturation = new Facturation();
}
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* View
*/
// $obj_facturation contains data for all invoice total + selection of current product
$obj_facturation->calculTotaux(); // Redefine prix_total_ttc, prix_total_ht et montant_tva from $_SESSION['poscart']

4
htdocs/cashdesk/affIndex.php
View File

@ -38,6 +38,10 @@ if ($_SESSION['uid'] <= 0) {
// Load translation files required by the page
$langs->loadLangs(array("companies", "compta", "cashdesk"));
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* View

4
htdocs/cashdesk/affPied.php
View File

@ -21,6 +21,10 @@
* \brief Bottom of main page of point of sale module
*/
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
?>
<!-- affPied.php -->
<div class="pied">

4
htdocs/cashdesk/deconnexion.php
View File

@ -40,5 +40,9 @@ require_once '../main.inc.php';
// This destroy tag that say "Point of Sale session is on".
unset($_SESSION['uid']);
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php');
exit;

3
htdocs/cashdesk/facturation.php
View File

@ -26,6 +26,9 @@
*/
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*

9
htdocs/cashdesk/facturation_dhtml.php
View File

@ -47,6 +47,15 @@ if (!defined('NOREQUIREAJAX')) {
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php';
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* View
*/
top_httphead('text/html');
$search = GETPOST("code", "alpha");

8
htdocs/cashdesk/facturation_verif.php
View File

@ -34,6 +34,14 @@ $action = GETPOST('action', 'aZ09');
$obj_facturation = unserialize($_SESSION['serObjFacturation']);
unset($_SESSION['serObjFacturation']);
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* View
*/
switch ($action) {
default:

5
htdocs/cashdesk/index.php
View File

@ -43,6 +43,11 @@ $err = GETPOST("err");
// Instantiate hooks of thirdparty module only if not already define
$hookmanager->initHooks(array('cashdeskloginpage'));
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* View
*/

6
htdocs/cashdesk/index_verif.php
View File

@ -41,6 +41,12 @@ $bankid_cash = (GETPOST("CASHDESK_ID_BANKACCOUNT_CASH") > 0) ?GETPOST("CASHDESK_
$bankid_cheque = (GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE") > 0) ?GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE", 'int') : $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE;
$bankid_cb = (GETPOST("CASHDESK_ID_BANKACCOUNT_CB") > 0) ?GETPOST("CASHDESK_ID_BANKACCOUNT_CB", 'int') : $conf->global->CASHDESK_ID_BANKACCOUNT_CB;
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
// Check username
if (empty($username)) {
$retour = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Login"));

9
htdocs/cashdesk/validation_ticket.php
View File

@ -26,6 +26,15 @@ require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php';
require_once DOL_DOCUMENT_ROOT.'/cashdesk/class/Facturation.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* Actions
*/
$obj_facturation = unserialize($_SESSION['serObjFacturation']);
unset($_SESSION['serObjFacturation']);

9
htdocs/cashdesk/validation_verif.php
View File

@ -36,6 +36,15 @@ $obj_facturation = unserialize($_SESSION['serObjFacturation']);
$action = GETPOST('action', 'aZ09');
$bankaccountid = GETPOST('cashdeskbank');
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* Actions
*/
switch ($action) {
default:
$redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=validation';

5
htdocs/categories/class/categorie.class.php
View File

@ -1520,7 +1520,6 @@ class Categorie extends CommonObject
return $cats;
}
/**
* Returns categories whose id or name match
* add wildcards in the name unless $exact = true
@ -1555,7 +1554,7 @@ class Categorie extends CommonObject
$sql .= " AND entity IN (".getEntity('category').")";
if ($nom) {
if (!$exact) {
$nom = '%'.str_replace('*', '%', $nom).'%';
$nom = '%'.$this->db->escape(str_replace('*', '%', $nom)).'%';
}
if (!$case) {
$sql .= " AND label LIKE '".$this->db->escape($nom)."'";
@ -1564,7 +1563,7 @@ class Categorie extends CommonObject
}
}
if ($id) {
$sql .= " AND rowid = '".$id."'";
$sql .= " AND rowid = ".((int) $id);
}
$res = $this->db->query($sql);

1
htdocs/categories/edit.php
View File

@ -99,7 +99,6 @@ if ($action == 'update' && $user->rights->categorie->creer) {
$object->visible = $visible;
$object->fk_parent = $parent != -1 ? $parent : 0;
if (empty($object->label)) {
$error++;
$action = 'edit';

8
htdocs/categories/index.php
View File

@ -116,15 +116,15 @@ if (empty($nosearch)) {
print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("FoundCats").'</td></tr>';
foreach ($cats as $cat) {
$color = $categstatic->color ? ' style="background: #'.sprintf("%06s", $categstatic->color).';"' : ' style="background: #bbb"';
print "\t".'<tr class="oddeven">'."\n";
print "\t\t<td>";
$categstatic->id = $cat->id;
$categstatic->ref = $cat->label;
$categstatic->label = $cat->label;
$categstatic->type = $cat->type;
$categstatic->color = $cat->color;
$color = $categstatic->color ? ' style="background: #'.sprintf("%06s", $categstatic->color).';"' : ' style="background: #bbb"';
print "\t".'<tr class="oddeven">'."\n";
print "\t\t<td>";
print '<span class="noborderoncategories"'.$color.'>';
print $categstatic->getNomUrl(1, '');
print '</span>';

2
htdocs/categories/photos.php
View File

@ -66,7 +66,7 @@ $upload_dir = $conf->categorie->multidir_output[$object->entity];
* Actions
*/
if (isset($_FILES['userfile']) && $_FILES['userfile']['size'] > 0 && $_POST["sendit"] && !empty($conf->global->MAIN_UPLOAD_DOC)) {
if (isset($_FILES['userfile']) && $_FILES['userfile']['size'] > 0 && GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) {
if ($object->id) {
$file = $_FILES['userfile'];
if (is_array($file['name']) && count($file['name']) > 0) {

2
htdocs/comm/card.php
View File

@ -162,7 +162,7 @@ if (empty($reshook)) {
// set accountancy code
if ($action == 'setcustomeraccountancycode') {
$result = $object->fetch($id);
$object->code_compta = $_POST["customeraccountancycode"];
$object->code_compta = GETPOST("customeraccountancycode");
$result = $object->update($object->id, $user, 1, 1, 0);
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');

2
htdocs/comm/mailing/advtargetemailing.php
View File

@ -397,7 +397,7 @@ if ($action == 'delete') {
}
}
if ($_POST["button_removefilter"]) {
if (GETPOST("button_removefilter")) {
$search_nom = '';
$search_prenom = '';
$search_email = '';

11
htdocs/comm/mailing/card.php
View File

@ -46,6 +46,7 @@ if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AU
$id = (GETPOST('mailid', 'int') ? GETPOST('mailid', 'int') : GETPOST('id', 'int'));
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel');
$confirm = GETPOST('confirm', 'alpha');
$urlfrom = GETPOST('urlfrom');
@ -393,12 +394,12 @@ if (empty($reshook)) {
}
// Action send test emailing
if ($action == 'send' && empty($_POST["cancel"])) {
if ($action == 'send' && ! $cancel) {
$error = 0;
$upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing');
$object->sendto = $_POST["sendto"];
$object->sendto = GETPOST("sendto", 'alphawithlgt');
if (!$object->sendto) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("MailTo")), null, 'errors');
$error++;
@ -537,7 +538,7 @@ if (empty($reshook)) {
}
// Action of file remove
if (!empty($_POST["removedfile"])) {
if (GETPOST("removedfile")) {
$upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing');
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@ -548,7 +549,7 @@ if (empty($reshook)) {
}
// Action of emailing update
if ($action == 'update' && empty($_POST["removedfile"]) && empty($_POST["cancel"])) {
if ($action == 'update' && !GETPOST("removedfile") && !$cancel) {
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$isupload = 0;
@ -643,7 +644,7 @@ if (empty($reshook)) {
}
}
if (!empty($_POST["cancel"])) {
if ($cancel) {
$action = '';
}
}

7
htdocs/comm/multiprix.php
View File

@ -30,6 +30,9 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
// Load translation files required by the page
$langs->loadLangs(array('orders', 'companies'));
$action = GETPOST('action', 'alpha');
$cancel = GETPOST('cancel', 'alpha');
$id = GETPOST('id', 'int');
$_socid = GETPOST("id", 'int');
// Security check
@ -42,10 +45,10 @@ if ($user->socid > 0) {
* Actions
*/
if ($_POST["action"] == 'setpricelevel') {
if ($action == 'setpricelevel') {
$soc = new Societe($db);
$soc->fetch($id);
$soc->set_price_level($_POST["price_level"], $user);
$soc->set_price_level(GETPOST("price_level"), $user);
header("Location: multiprix.php?id=".$id);
exit;

4
htdocs/comm/propal/card.php
View File

@ -775,9 +775,9 @@ if (empty($reshook)) {
$object->generateDocument($object->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref);
}
} elseif ($action == "setabsolutediscount" && $usercancreate) {
if ($_POST["remise_id"]) {
if (GETPOST("remise_id", "int")) {
if ($object->id > 0) {
$result = $object->insert_discount($_POST["remise_id"]);
$result = $object->insert_discount(GETPOST("remise_id", "int"));
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
}

2
htdocs/compta/bank/bankentries_list.php
View File

@ -245,7 +245,7 @@ if ((GETPOST('confirm_savestatement', 'alpha') || GETPOST('confirm_reconcile', '
foreach ($rowids as $row) {
if ($row > 0) {
$result = $bankline->fetch($row);
$bankline->num_releve = $num_releve; //$_POST["num_releve"];
$bankline->num_releve = $num_releve; // GETPOST("num_releve");
$result = $bankline->update_conciliation($user, GETPOST("cat"), GETPOST('confirm_reconcile', 'alpha') ? 1 : 0); // If we confirm_reconcile, we set flag 'rappro' to 1.
if ($result < 0) {
setEventMessages($bankline->error, $bankline->errors, 'errors');

49
htdocs/compta/bank/card.php
View File

@ -87,18 +87,18 @@ if ($action == 'add') {
$object->ref = dol_string_nospecial(trim(GETPOST('ref', 'alpha')));
$object->label = trim(GETPOST("label", 'alphanohtml'));
$object->courant = $_POST["type"];
$object->clos = $_POST["clos"];
$object->courant = GETPOST("type");
$object->clos = GETPOST("clos");
$object->rappro = (GETPOST("norappro", 'alpha') ? 0 : 1);
$object->url = trim(GETPOST("url", 'alpha'));
$object->bank = trim($_POST["bank"]);
$object->code_banque = trim($_POST["code_banque"]);
$object->code_guichet = trim($_POST["code_guichet"]);
$object->number = trim($_POST["number"]);
$object->cle_rib = trim($_POST["cle_rib"]);
$object->bic = trim($_POST["bic"]);
$object->iban = trim($_POST["iban"]);
$object->bank = trim(GETPOST("bank"));
$object->code_banque = trim(GETPOST("code_banque"));
$object->code_guichet = trim(GETPOST("code_guichet"));
$object->number = trim(GETPOST("number"));
$object->cle_rib = trim(GETPOST("cle_rib"));
$object->bic = trim(GETPOST("bic"));
$object->iban = trim(GETPOST("iban"));
$object->domiciliation = trim(GETPOST("domiciliation", "nohtml"));
$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
@ -120,10 +120,10 @@ if ($action == 'add') {
$object->fk_accountancy_journal = $fk_accountancy_journal;
}
$object->solde = $_POST["solde"];
$object->solde = price2num(GETPOST("solde"));
$object->date_solde = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST('reday', 'int'), GETPOST("reyear", 'int'));
$object->currency_code = trim($_POST["account_currency_code"]);
$object->currency_code = trim(GETPOST("account_currency_code"));
$object->state_id = GETPOST("account_state_id", 'int');
$object->country_id = GETPOST("account_country_id", 'int');
@ -187,18 +187,18 @@ if ($action == 'update') {
$object->ref = dol_string_nospecial(trim(GETPOST('ref', 'alpha')));
$object->label = trim(GETPOST("label", 'alphanohtml'));
$object->courant = $_POST["type"];
$object->clos = $_POST["clos"];
$object->courant = GETPOST("type");
$object->clos = GETPOST("clos");
$object->rappro = (GETPOST("norappro", 'alpha') ? 0 : 1);
$object->url = trim(GETPOST("url", 'alpha'));
$object->bank = trim($_POST["bank"]);
$object->code_banque = trim($_POST["code_banque"]);
$object->code_guichet = trim($_POST["code_guichet"]);
$object->number = trim($_POST["number"]);
$object->cle_rib = trim($_POST["cle_rib"]);
$object->bic = trim($_POST["bic"]);
$object->iban = trim($_POST["iban"]);
$object->bank = trim(GETPOST("bank"));
$object->code_banque = trim(GETPOST("code_banque"));
$object->code_guichet = trim(GETPOST("code_guichet"));
$object->number = trim(GETPOST("number"));
$object->cle_rib = trim(GETPOST("cle_rib"));
$object->bic = trim(GETPOST("bic"));
$object->iban = trim(GETPOST("iban"));
$object->domiciliation = trim(GETPOST("domiciliation", "nohtml"));
$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
@ -220,7 +220,7 @@ if ($action == 'update') {
$object->fk_accountancy_journal = $fk_accountancy_journal;
}
$object->currency_code = trim($_POST["account_currency_code"]);
$object->currency_code = trim(GETPOST("account_currency_code"));
$object->state_id = GETPOST("account_state_id", 'int');
$object->country_id = GETPOST("account_country_id", 'int');
@ -274,7 +274,7 @@ if ($action == 'update') {
}
}
if ($action == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->banque->configurer) {
if ($action == 'confirm_delete' && GETPOST("confirm") == "yes" && $user->rights->banque->configurer) {
// Delete
$object = new Account($db);
$object->fetch(GETPOST("id", "int"));
@ -462,7 +462,8 @@ if ($action == 'create') {
print '</table>';
print '<br>';
if ($_POST["type"] == Account::TYPE_SAVINGS || $_POST["type"] == Account::TYPE_CURRENT) {
$type = GETPOST('type');
if ($type == Account::TYPE_SAVINGS || $type == Account::TYPE_CURRENT) {
print '<table class="border centpercent">';
// If bank account
@ -988,7 +989,7 @@ if ($action == 'create') {
print '</table>';
if ($_POST["type"] == Account::TYPE_SAVINGS || $_POST["type"] == Account::TYPE_CURRENT) {
if (GETPOST("type") == Account::TYPE_SAVINGS || GETPOST("type") == Account::TYPE_CURRENT) {
print '<br>';
//print '<div class="underbanner clearboth"></div>';

10
htdocs/compta/bank/line.php
View File

@ -140,9 +140,9 @@ if ($user->rights->banque->modifier && $action == "update") {
if (!$error) {
$db->begin();
$amount = price2num($_POST['amount']);
$dateop = dol_mktime(12, 0, 0, $_POST["dateomonth"], $_POST["dateoday"], $_POST["dateoyear"]);
$dateval = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]);
$amount = price2num(GETPOST('amount'));
$dateop = dol_mktime(12, 0, 0, GETPOST("dateomonth"), GETPOST("dateoday"), GETPOST("dateoyear"));
$dateval = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear"));
$sql = "UPDATE ".MAIN_DB_PREFIX."bank";
$sql .= " SET ";
// Always opened
@ -212,8 +212,8 @@ if ($user->rights->banque->modifier && $action == "update") {
// Reconcile
if ($user->rights->banque->consolidate && ($action == 'num_releve' || $action == 'setreconcile')) {
$num_rel = trim($_POST["num_rel"]);
$rappro = $_POST['reconciled'] ? 1 : 0;
$num_rel = trim(GETPOST("num_rel"));
$rappro = GETPOST('reconciled') ? 1 : 0;
// Check parameters
if ($rappro && empty($num_rel)) {

43
htdocs/compta/charges/index.php
View File

@ -30,6 +30,7 @@
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/tva.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/paymentvat.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/chargesociales.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/paymentsocialcontribution.class.php';
require_once DOL_DOCUMENT_ROOT.'/salaries/class/salary.class.php';
@ -83,6 +84,7 @@ if (!$sortorder) {
*/
$tva_static = new Tva($db);
$ptva_static = new PaymentVat($db);
$socialcontrib = new ChargeSociales($db);
$payment_sc_static = new PaymentSocialContribution($db);
$sal_static = new Salary($db);
@ -132,7 +134,7 @@ print "<br>";
if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
// Social contributions only
print load_fiche_titre($langs->trans("SocialContributionsPayments").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', '');
print load_fiche_titre($langs->trans("SocialContributions").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', '');
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
@ -269,22 +271,23 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
$tva = new Tva($db);
print load_fiche_titre($langs->trans("VATPayments").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', '');
print load_fiche_titre($langs->trans("VATDeclarations").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', '');
$sql = "SELECT pv.rowid, pv.amount, pv.label, pv.datev as dm, pv.fk_bank,";
$sql = "SELECT ptva.rowid, pv.rowid as id_tva, pv.amount as amount_tva, ptva.amount, pv.label, pv.datev as dm, ptva.datep as date_payment, ptva.fk_bank,";
$sql .= " pct.code as payment_code,";
$sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel";
$sql .= " FROM ".MAIN_DB_PREFIX."tva as pv";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON pv.fk_bank = b.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."payment_vat as ptva ON (ptva.fk_tva = pv.rowid)";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON (ptva.fk_bank = b.rowid)";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pct ON pv.fk_typepayment = pct.id";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pct ON ptva.fk_typepaiement = pct.id";
$sql .= " WHERE pv.entity IN (".getEntity("tax").")";
if ($year > 0) {
// Si period renseignee on l'utilise comme critere de date, sinon on prend date echeance,
// ceci afin d'etre compatible avec les cas ou la periode n'etait pas obligatoire
$sql .= " AND pv.datev between '".$db->idate(dol_get_first_day($year, 1, false))."' AND '".$db->idate(dol_get_last_day($year, 12, false))."'";
}
if (preg_match('/^pv\./', $sortfield)) {
if (preg_match('/^pv\./', $sortfield) || preg_match('/^ptva\./', $sortfield)) {
$sql .= $db->order($sortfield, $sortorder);
}
@ -298,13 +301,13 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "pv.datev", "", $param, 'width="140px"', $sortfield, $sortorder);
print_liste_field_titre("Label", $_SERVER["PHP_SELF"], "pv.label", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("ExpectedToPay", $_SERVER["PHP_SELF"], "pv.amount", "", $param, 'class="right"', $sortfield, $sortorder);
print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "pv.rowid", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "pv.datev", "", $param, 'align="center"', $sortfield, $sortorder);
print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "ptva.rowid", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "ptva.datep", "", $param, 'align="center"', $sortfield, $sortorder);
print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder);
if (!empty($conf->banque->enabled)) {
print_liste_field_titre("Account", $_SERVER["PHP_SELF"], "ba.label", "", $param, "", $sortfield, $sortorder);
}
print_liste_field_titre("PayedByThisPayment", $_SERVER["PHP_SELF"], "pv.amount", "", $param, 'class="right"', $sortfield, $sortorder);
print_liste_field_titre("PayedByThisPayment", $_SERVER["PHP_SELF"], "ptva.amount", "", $param, 'class="right"', $sortfield, $sortorder);
print "</tr>\n";
$var = 1;
while ($i < $num) {
@ -316,17 +319,19 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
print '<tr class="oddeven">';
print '<td class="left">'.dol_print_date($db->jdate($obj->dm), 'day').'</td>'."\n";
print "<td>".$obj->label."</td>\n";
$tva_static->id = $obj->id_tva;
$tva_static->ref = $obj->label;
print "<td>".$tva_static->getNomUrl(1)."</td>\n";
print '<td class="right">'.price($obj->amount)."</td>";
print '<td class="right">'.price($obj->amount_tva)."</td>";
// Ref payment
$tva_static->id = $obj->rowid;
$tva_static->ref = $obj->rowid;
print '<td class="left">'.$tva_static->getNomUrl(1)."</td>\n";
$ptva_static->id = $obj->rowid;
$ptva_static->ref = $obj->rowid;
print '<td class="left">'.$ptva_static->getNomUrl(1)."</td>\n";
// Date
print '<td class="center">'.dol_print_date($db->jdate($obj->dm), 'day')."</td>\n";
print '<td class="center">'.dol_print_date($db->jdate($obj->date_payment), 'day')."</td>\n";
// Type payment
print '<td>';
@ -360,7 +365,7 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
$i++;
}
print '<tr class="liste_total"><td colspan="2">'.$langs->trans("Total").'</td>';
print '<td class="right">'.price($total).'</td>';
print '<td>&nbsp;</td>';
print '<td>&nbsp;</td>';
print '<td>&nbsp;</td>';
print '<td>&nbsp;</td>';
@ -440,9 +445,9 @@ while ($j < $numlt) {
print '<td class="right">'.price($obj->amount)."</td>";
// Ref payment
$tva_static->id = $obj->rowid;
$tva_static->ref = $obj->rowid;
print '<td class="left">'.$tva_static->getNomUrl(1)."</td>\n";
$ptva_static->id = $obj->rowid;
$ptva_static->ref = $obj->rowid;
print '<td class="left">'.$ptva_static->getNomUrl(1)."</td>\n";
print '<td class="center">'.dol_print_date($db->jdate($obj->dp), 'day')."</td>\n";
print '<td class="right">'.price($obj->amount)."</td>";

8
htdocs/compta/facture/class/facture.class.php
View File

@ -5367,9 +5367,11 @@ class FactureLigne extends CommonInvoiceLine
return -1;
}
// if buy price not defined, define buyprice as configured in margin admin
// if buy price not provided, define buyprice as configured in margin admin
if ($this->pa_ht == 0 && $pa_ht_isemptystring) {
if (($result = $this->defineBuyPrice($this->subprice, $this->remise_percent, $this->fk_product)) < 0) {
// We call defineBuyPrice only if data was not provided (if input was '0', we will not go here and value will remaine '0')
$result = $this->defineBuyPrice($this->subprice, $this->remise_percent, $this->fk_product);
if ($result < 0) {
return $result;
} else {
$this->pa_ht = $result;
@ -5410,7 +5412,7 @@ class FactureLigne extends CommonInvoiceLine
$sql .= ", total_localtax2=".price2num($this->total_localtax2);
}
$sql .= ", fk_product_fournisseur_price=".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null");
$sql .= ", buy_price_ht='".price2num($this->pa_ht)."'";
$sql .= ", buy_price_ht=".(($this->pa_ht || $this->pa_ht === 0 || $this->pa_ht === '0') ? price2num($this->pa_ht) : "null"); // $this->pa_ht should always be defined (set to 0 or to sell price depending on option)
$sql .= ", fk_parent_line=".($this->fk_parent_line > 0 ? $this->fk_parent_line : "null");
if (!empty($this->rang)) {
$sql .= ", rang=".$this->rang;

16
htdocs/compta/localtax/card.php
View File

@ -33,6 +33,8 @@ $langs->loadLangs(array('compta', 'banks', 'bills'));
$id = GETPOST("id", 'int');
$action = GETPOST("action", "alpha");
$cancel = GETPOST('cancel');
$refund = GETPOST("refund", "int");
if (empty($refund)) {
$refund = 0;
@ -57,18 +59,18 @@ $hookmanager->initHooks(array('localtaxvatcard', 'globalcard'));
* Actions
*/
if ($_POST["cancel"] == $langs->trans("Cancel") && !$id) {
if ($cancel && !$id) {
header("Location: list.php?localTaxType=".$lttype);
exit;
}
if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) {
if ($action == 'add' && $cancel) {
$db->begin();
$datev = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]);
$datep = dol_mktime(12, 0, 0, $_POST["datepmonth"], $_POST["datepday"], $_POST["datepyear"]);
$datev = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear"));
$datep = dol_mktime(12, 0, 0, GETPOST("datepmonth"), GETPOST("datepday"), GETPOST("datepyear"));
$object->accountid = GETPOST("accountid");
$object->accountid = GETPOST("accountid", 'int');
$object->paymenttype = GETPOST("paiementtype");
$object->datev = $datev;
$object->datep = $datep;
@ -165,14 +167,14 @@ if ($action == 'create') {
print '</td></tr>';
// Label
print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td><td><input name="label" class="minwidth200" value="'.($_POST["label"] ?GETPOST("label", '', 2) : $langs->transcountry(($lttype == 2 ? "LT2Payment" : "LT1Payment"), $mysoc->country_code)).'"></td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td><td><input name="label" class="minwidth200" value="'.(GETPOSTISSET("label") ? GETPOST("label", '', 2) : $langs->transcountry(($lttype == 2 ? "LT2Payment" : "LT1Payment"), $mysoc->country_code)).'"></td></tr>';
// Amount
print '<tr><td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input name="amount" size="10" value="'.GETPOST("amount").'"></td></tr>';
if (!empty($conf->banque->enabled)) {
print '<tr><td class="fieldrequired">'.$langs->trans("Account").'</td><td>';
$form->select_comptes($_POST["accountid"], "accountid", 0, "courant=1", 2); // Affiche liste des comptes courant
$form->select_comptes(GETPOST("accountid", "int"), "accountid", 0, "courant=1", 2); // Affiche liste des comptes courant
print '</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans("PaymentMode").'</td><td>';

8
htdocs/compta/paiement/cheque/card.php
View File

@ -117,9 +117,9 @@ if ($action == 'setref' && $user->rights->banque->cheque) {
}
}
if ($action == 'create' && $_POST["accountid"] > 0 && $user->rights->banque->cheque) {
if ($action == 'create' && GETPOST("accountid", "int") > 0 && $user->rights->banque->cheque) {
if (is_array($_POST['toRemise'])) {
$result = $object->create($user, $_POST["accountid"], 0, $_POST['toRemise']);
$result = $object->create($user, GETPOST("accountid", "int"), 0, GETPOST('toRemise'));
if ($result > 0) {
if ($object->statut == 1) { // If statut is validated, we build doc
$object->fetch($object->id); // To force to reload all properties in correct property name
@ -134,7 +134,7 @@ if ($action == 'create' && $_POST["accountid"] > 0 && $user->rights->banque->che
$outputlangs = new Translate("", $conf);
$outputlangs->setDefaultLang($newlang);
}
$result = $object->generatePdf($_POST["model"], $outputlangs);
$result = $object->generatePdf(GETPOST("model"), $outputlangs);
}
header("Location: ".$_SERVER["PHP_SELF"]."?id=".$object->id);
@ -227,7 +227,7 @@ if ($action == 'builddoc' && $user->rights->banque->cheque) {
$outputlangs = new Translate("", $conf);
$outputlangs->setDefaultLang($newlang);
}
$result = $object->generatePdf($_POST["model"], $outputlangs);
$result = $object->generatePdf(GETPOST("model"), $outputlangs);
if ($result <= 0) {
dol_print_error($db, $object->error);
exit;

4
htdocs/compta/paiement/rapport.php
View File

@ -70,14 +70,14 @@ if ($action == 'builddoc') {
// We save charset_output to restore it because write_file can change it if needed for
// output format that does not support UTF8.
$sav_charset_output = $outputlangs->charset_output;
if ($rap->write_file($dir, $_POST["remonth"], $_POST["reyear"], $outputlangs) > 0) {
if ($rap->write_file($dir, GETPOST("remonth", "int"), GETPOST("reyear", "int"), $outputlangs) > 0) {
$outputlangs->charset_output = $sav_charset_output;
} else {
$outputlangs->charset_output = $sav_charset_output;
dol_print_error($db, $obj->error);
}
$year = $_POST["reyear"];
$year = GETPOST("reyear", "int");
}

10
htdocs/compta/paiement_charge.php
View File

@ -32,6 +32,8 @@ $langs->load("bills");
$chid = GETPOST("id", 'int');
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel');
$amounts = array();
// Security check
@ -50,15 +52,15 @@ $charge = new ChargeSociales($db);
if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) {
$error = 0;
if ($_POST["cancel"]) {
if ($cancel) {
$loc = DOL_URL_ROOT.'/compta/sociales/card.php?id='.$chid;
header("Location: ".$loc);
exit;
}
$datepaye = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
$datepaye = dol_mktime(12, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int"));
if (!$_POST["paiementtype"] > 0) {
if (!(GETPOST("paiementtype") > 0)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors');
$error++;
$action = 'create';
@ -68,7 +70,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
$error++;
$action = 'create';
}
if (!empty($conf->banque->enabled) && !($_POST["accountid"] > 0)) {
if (!empty($conf->banque->enabled) && !(GETPOST("accountid") > 0)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("AccountToCredit")), null, 'errors');
$error++;
$action = 'create';

32
htdocs/compta/paiement_vat.php
View File

@ -33,6 +33,8 @@ $langs->loadLangs(array("banks", "bills"));
$chid = GETPOST("id", 'int');
$action = GETPOST('action', 'alpha');
$cancel = GETPOST('cancel');
$amounts = array();
// Security check
@ -49,7 +51,7 @@ if ($user->socid > 0) {
if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) {
$error = 0;
if ($_POST["cancel"]) {
if ($cancel) {
$loc = DOL_URL_ROOT.'/compta/tva/card.php?id='.$chid;
header("Location: ".$loc);
exit;
@ -73,23 +75,23 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
$action = 'create';
}
// Read possible payments
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == 'amount_') {
$other_chid = substr($key, 7);
$amounts[$other_chid] = price2num(GETPOST($key));
}
}
if ($amounts[key($amounts)] <= 0) {
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Amount")), null, 'errors');
$action = 'create';
}
if (!$error) {
$paymentid = 0;
// Read possible payments
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == 'amount_') {
$other_chid = substr($key, 7);
$amounts[$other_chid] = price2num(GETPOST($key));
}
}
if (count($amounts) <= 0) {
$error++;
setEventMessages($langs->trans("ErrorNoPaymentDefined"), null, 'errors');
$action = 'create';
}
if (!$error) {
$db->begin();

2
htdocs/compta/sociales/card.php
View File

@ -180,7 +180,7 @@ if ($action == 'add' && $user->rights->tax->charges->creer) {
}
if ($action == 'update' && !$_POST["cancel"] && $user->rights->tax->charges->creer) {
if ($action == 'update' && !GETPOST("cancel") && $user->rights->tax->charges->creer) {
$amount = price2num(GETPOST('amount'), 'MT');
if (!$dateech) {

7
htdocs/compta/tva/card.php
View File

@ -41,6 +41,7 @@ $langs->loadLangs(array('compta', 'banks', 'bills'));
$id = GETPOST("id", 'int');
$action = GETPOST("action", "alpha");
$cancel = GETPOST('cancel');
$confirm = GETPOST('confirm');
$refund = GETPOST("refund", "int");
if (GETPOSTISSET('auto_create_paiement') || $action === 'add') {
@ -74,7 +75,7 @@ $hookmanager->initHooks(array('taxvatcard', 'globalcard'));
* Actions
*/
if ($_POST["cancel"] == $langs->trans("Cancel") && !$id) {
if ($cancel && !$id) {
header("Location: list.php");
exit;
}
@ -135,7 +136,7 @@ if ($action == 'reopen' && $user->rights->tax->charges->creer) {
}
}
if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) {
if ($action == 'add' && $cancel) {
$error = 0;
$object->fk_account = GETPOST("accountid", 'int');
@ -260,7 +261,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') {
}
}
if ($action == 'update' && !$_POST["cancel"] && $user->rights->tax->charges->creer) {
if ($action == 'update' && !GETPOST("cancel") && $user->rights->tax->charges->creer) {
$amount = price2num(GETPOST('amount'));
if (empty($amount)) {

42
htdocs/contact/canvas/actions_contactcard_common.class.php
View File

@ -283,28 +283,28 @@ abstract class ActionsContactCardCommon
// phpcs:enable
global $langs, $mysoc;
$this->object->old_name = $_POST["old_name"];
$this->object->old_firstname = $_POST["old_firstname"];
$this->object->old_name = GETPOST("old_name");
$this->object->old_firstname = GETPOST("old_firstname");
$this->object->socid = $_POST["socid"];
$this->object->lastname = $_POST["name"];
$this->object->firstname = $_POST["firstname"];
$this->object->civility_id = $_POST["civility_id"];
$this->object->poste = $_POST["poste"];
$this->object->address = $_POST["address"];
$this->object->zip = $_POST["zipcode"];
$this->object->town = $_POST["town"];
$this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id;
$this->object->state_id = $_POST["state_id"];
$this->object->phone_pro = $_POST["phone_pro"];
$this->object->phone_perso = $_POST["phone_perso"];
$this->object->phone_mobile = $_POST["phone_mobile"];
$this->object->fax = $_POST["fax"];
$this->object->email = $_POST["email"];
$this->object->jabberid = $_POST["jabberid"];
$this->object->priv = $_POST["priv"];
$this->object->note = $_POST["note"];
$this->object->canvas = $_POST["canvas"];
$this->object->socid = GETPOST("socid");
$this->object->lastname = GETPOST("name");
$this->object->firstname = GETPOST("firstname");
$this->object->civility_id = GETPOST("civility_id");
$this->object->poste = GETPOST("poste");
$this->object->address = GETPOST("address");
$this->object->zip = GETPOST("zipcode");
$this->object->town = GETPOST("town");
$this->object->country_id = GETPOST("country_id") ? GETPOST("country_id") : $mysoc->country_id;
$this->object->state_id = GETPOST("state_id");
$this->object->phone_pro = GETPOST("phone_pro");
$this->object->phone_perso = GETPOST("phone_perso");
$this->object->phone_mobile = GETPOST("phone_mobile");
$this->object->fax = GETPOST("fax");
$this->object->email = GETPOST("email");
$this->object->jabberid = GETPOST("jabberid");
$this->object->priv = GETPOST("priv");
$this->object->note = GETPOST("note", "restricthtml");
$this->object->canvas = GETPOST("canvas");
// We set country_id, and country_code label of the chosen country
if ($this->object->country_id) {

2
htdocs/contact/card.php
View File

@ -561,7 +561,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
$object->state_id = GETPOST("state_id");
// We set country_id, country_code and label for the selected country
$object->country_id = $_POST["country_id"] ?GETPOST("country_id") : (empty($objsoc->country_id) ? $mysoc->country_id : $objsoc->country_id);
$object->country_id = GETPOST("country_id") ? GETPOST("country_id", "int") : (empty($objsoc->country_id) ? $mysoc->country_id : $objsoc->country_id);
if ($object->country_id) {
$tmparray = getCountry($object->country_id, 'all');
$object->country_code = $tmparray['code'];

6
htdocs/contact/perso.php
View File

@ -45,12 +45,12 @@ $object = new Contact($db);
* Action
*/
if ($action == 'update' && !$_POST["cancel"] && $user->rights->societe->contact->creer) {
if ($action == 'update' && !GETPOST("cancel") && $user->rights->societe->contact->creer) {
$ret = $object->fetch($id);
// Note: Correct date should be completed with location to have exact GM time of birth.
$object->birthday = dol_mktime(0, 0, 0, $_POST["birthdaymonth"], $_POST["birthdayday"], $_POST["birthdayyear"]);
$object->birthday_alert = $_POST["birthday_alert"];
$object->birthday = dol_mktime(0, 0, 0, GETPOST("birthdaymonth"), GETPOST("birthdayday"), GETPOST("birthdayyear"));
$object->birthday_alert = GETPOST("birthday_alert");
if (GETPOST('deletephoto')) {
$object->photo = '';

12
htdocs/contrat/card.php
View File

@ -2008,7 +2008,7 @@ if ($action == 'create') {
if (empty($user->socid)) {
if ($object->statut == 1) {
if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->contrat->creer)) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&token='.newToken().'&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#">'.$langs->trans('SendMail').'</a></div>';
}
@ -2017,14 +2017,14 @@ if ($action == 'create') {
if ($object->statut == 0 && $nbofservices) {
if ($user->rights->contrat->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=valid">'.$langs->trans("Validate").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=valid&amp;token='.newToken().'">'.$langs->trans("Validate").'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.$langs->trans("NotEnoughPermissions").'">'.$langs->trans("Validate").'</a></div>';
}
}
if ($object->statut == 1) {
if ($user->rights->contrat->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=reopen">'.$langs->trans("Modify").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=reopen&amp;token='.newToken().'">'.$langs->trans("Modify").'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.$langs->trans("NotEnoughPermissions").'">'.$langs->trans("Modify").'</a></div>';
}
@ -2050,14 +2050,14 @@ if ($action == 'create') {
if ($object->nbofservicesclosed > 0 || $object->nbofserviceswait > 0) {
if ($user->rights->contrat->activer) {
print '<div class="inline-block divButAction"><a class="butAction" id="btnactivateall" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=activate">'.$langs->trans("ActivateAllContracts").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" id="btnactivateall" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=activate&amp;token='.newToken().'">'.$langs->trans("ActivateAllContracts").'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" id="btnactivateall" href="#">'.$langs->trans("ActivateAllContracts").'</a></div>';
}
}
if ($object->nbofservicesclosed < $nbofservices) {
if ($user->rights->contrat->desactiver) {
print '<div class="inline-block divButAction"><a class="butAction" id="btncloseall" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=close">'.$langs->trans("CloseAllContracts").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" id="btncloseall" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=close&amp;token='.newToken().'">'.$langs->trans("CloseAllContracts").'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" id="btncloseall" href="#">'.$langs->trans("CloseAllContracts").'</a></div>';
}
@ -2081,7 +2081,7 @@ if ($action == 'create') {
// Clone
if ($user->rights->contrat->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;socid='.$object->socid.'&amp;action=clone&amp;object='.$object->element.'">'.$langs->trans("ToClone").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;socid='.$object->socid.'&amp;action=clone&amp;token='.newToken().'&amp;object='.$object->element.'">'.$langs->trans("ToClone").'</a></div>';
}
// On peut supprimer entite si

1
htdocs/contrat/note.php
View File

@ -180,6 +180,7 @@ if ($id > 0 || !empty($ref)) {
//print '<br>';
$cssclass='fieldtitle';
include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php';
print dol_get_fiche_end();

2
htdocs/core/ajax/row.php
View File

@ -95,7 +95,7 @@ if (GETPOST('roworder', 'alpha', 2) && GETPOST('table_element_line', 'aZ09', 2)
} else {
$tmparray = explode('_', $table_element_line);
$tmpmodule = $tmparray[0]; $tmpobject = preg_replace('/line$/', '', $tmparray[1]);
if (!empty($tmpmodule) && !empty($tmpobject) && !empty($conf->$tmpmodule->enabled) && !empty($user->rights->$tmpobject->read)) {
if (!empty($tmpmodule) && !empty($tmpobject) && !empty($conf->$tmpmodule->enabled) && !empty($user->rights->$tmpobject->write)) {
$perm = 1;
}
}

7
htdocs/core/class/commonobject.class.php
View File

@ -1072,9 +1072,9 @@ abstract class CommonObject
// Insert into database
$sql = "INSERT INTO ".MAIN_DB_PREFIX."element_contact";
$sql .= " (element_id, fk_socpeople, datecreate, statut, fk_c_type_contact) ";
$sql .= " VALUES (".$this->id.", ".$fk_socpeople." , ";
$sql .= " VALUES (".$this->id.", ".((int) $fk_socpeople)." , ";
$sql .= "'".$this->db->idate($datecreate)."'";
$sql .= ", 4, ".$id_type_contact;
$sql .= ", 4, ".((int) $id_type_contact);
$sql .= ")";
$resql = $this->db->query($sql);
@ -7688,7 +7688,8 @@ abstract class CommonObject
$buyPrice = 0;
if (($unitPrice > 0) && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull == 1)) { // In most cases, test here is false
if (($unitPrice > 0) && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull > 0)) {
// When ForceBuyingPriceIfNull is set
$buyPrice = $unitPrice * (1 - $discountPercent / 100);
} else {
// Get cost price for margin calculation

6
htdocs/core/class/discount.class.php
View File

@ -144,13 +144,13 @@ class DiscountAbsolute
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fsup ON sr.fk_invoice_supplier_source = fsup.rowid";
$sql .= " WHERE sr.entity IN (".getEntity('invoice').")";
if ($rowid) {
$sql .= " AND sr.rowid=".$rowid;
$sql .= " AND sr.rowid=".((int) $rowid);
}
if ($fk_facture_source) {
$sql .= " AND sr.fk_facture_source=".$fk_facture_source;
$sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source);
}
if ($fk_invoice_supplier_source) {
$sql .= " AND sr.fk_invoice_supplier_source=".$fk_invoice_supplier_source;
$sql .= " AND sr.fk_invoice_supplier_source = ".((int) $fk_invoice_supplier_source);
}
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);

4
htdocs/core/class/html.form.class.php
View File

@ -2008,7 +2008,9 @@ class Form
if (!$obj->entity) {
$moreinfo .= ($moreinfo ? ' - ' : ' (').$langs->trans("AllEntities");
} else {
$moreinfo .= ($moreinfo ? ' - ' : ' (').($obj->label ? $obj->label : $langs->trans("EntityNameNotDefined"));
if ($obj->entity != $conf->entity) {
$moreinfo .= ($moreinfo ? ' - ' : ' (').($obj->label ? $obj->label : $langs->trans("EntityNameNotDefined"));
}
}
}
$moreinfo .= ($moreinfo ? ')' : '');

4
htdocs/core/class/html.formaccounting.class.php
View File

@ -364,7 +364,7 @@ class FormAccounting extends Form
$sql = "SELECT DISTINCT aa.account_number, aa.label, aa.labelshort, aa.rowid, aa.fk_pcg_version";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
$sql .= " AND asy.rowid = ".$conf->global->CHARTOFACCOUNTS;
$sql .= " AND asy.rowid = ".((int) $conf->global->CHARTOFACCOUNTS);
$sql .= " AND aa.active = 1";
$sql .= " AND aa.entity=".$conf->entity;
$sql .= " ORDER BY aa.account_number";
@ -380,7 +380,7 @@ class FormAccounting extends Form
$num_rows = $this->db->num_rows($resql);
if ($num_rows == 0) {
if ($num_rows == 0 && (empty($conf->global->CHARTOFACCOUNTS) || $conf->global->CHARTOFACCOUNTS < 0)) {
$langs->load("errors");
$showempty = $langs->trans("ErrorYouMustFirstSetupYourChartOfAccount");
} else {

4
htdocs/core/class/html.formmail.class.php
View File

@ -912,8 +912,8 @@ class FormMail extends Form
}
}
if (GETPOSTISSET("message") && !$_POST['modelselected']) {
$defaultmessage = $_POST["message"];
if (GETPOSTISSET("message") && !GETPOST('modelselected')) {
$defaultmessage = GETPOST("message", "restricthtml");
} else {
$defaultmessage = make_substitutions($defaultmessage, $this->substit);
// Clean first \n and br (to avoid empty line when CONTACTCIVNAME is empty)

6
htdocs/core/class/html.formmargin.class.php
View File

@ -90,8 +90,10 @@ class FormMargin
$line->pa_ht = $product->fourn_unitprice * (1 - $product->fourn_remise_percent / 100);
}
}
// si prix d'achat non renseigné et devrait l'être, alors prix achat = prix vente
if ((!isset($line->pa_ht) || $line->pa_ht == 0) && $line->subprice > 0 && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull == 1)) {
// If buy price is not defined (null), we will use the sell price. If defined to 0 (it means it was forced to 0 during insert, for example for a free to get product), we must still use 0.
//if ((!isset($line->pa_ht) || $line->pa_ht == 0) && $line->subprice > 0 && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull > 0)) {
if ((!isset($line->pa_ht)) && $line->subprice > 0 && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull > 0)) {
$line->pa_ht = $line->subprice * (1 - ($line->remise_percent / 100));
}

34
htdocs/core/class/html.formticket.class.php
View File

@ -126,9 +126,10 @@ class FormTicket
*
* @param int $withdolfichehead With dol_get_fiche_head() and dol_get_fiche_end()
* @param string $mode Mode ('create' or 'edit')
* @param int $public 1=If we show the form for the public interface
* @return void
*/
public function showForm($withdolfichehead = 0, $mode = 'edit')
public function showForm($withdolfichehead = 0, $mode = 'edit', $public = 0)
{
global $conf, $langs, $user, $hookmanager;
@ -182,6 +183,7 @@ class FormTicket
if (isset($this->param['origin']) && $this->param['originid'] > 0) {
// Parse element/subelement (ex: project_task)
$element = $subelement = $this->param['origin'];
$regs = array();
if (preg_match('/^([^_]+)_([^_]+)/i', $this->param['origin'], $regs)) {
$element = $regs[1];
$subelement = $regs[2];
@ -208,7 +210,11 @@ class FormTicket
// Group
print '<tr><td><span class="fieldrequired"><label for="selectcategory_code">'.$langs->trans("TicketCategory").'</span></label></td><td>';
$this->selectGroupTickets((GETPOST('category_code') ? GETPOST('category_code') : $this->category_code), 'category_code', '', 2, 0, 0, 0, 'minwidth200');
$filter = '';
if ($public) {
$filter = 'public=1';
}
$this->selectGroupTickets((GETPOST('category_code') ? GETPOST('category_code') : $this->category_code), 'category_code', $filter, 2, 0, 0, 0, 'minwidth200');
print '</td></tr>';
// Severity
@ -307,7 +313,7 @@ class FormTicket
if ($this->withfile == 2) { // Can add other files
$out .= '<input type="file" class="flat" id="addedfile" name="addedfile" value="'.$langs->trans("Upload").'" />';
$out .= ' ';
$out .= '<input type="submit" class="button" id="addfile" name="addfile" value="'.$langs->trans("MailingAddFile").'" />';
$out .= '<input type="submit" class="button smallpaddingimp" id="addfile" name="addfile" value="'.$langs->trans("MailingAddFile").'" />';
}
$out .= "</td></tr>\n";
@ -439,8 +445,8 @@ class FormTicket
print dol_get_fiche_end();
}
print '<div class="center">';
print '<input class="button" type="submit" name="add" value="'.$langs->trans(($this->withthreadid > 0 ? "SendResponse" : "NewTicket")).'" />';
print '<br><div class="center">';
print '<input class="button" type="submit" name="add" value="'.$langs->trans(($this->withthreadid > 0 ? "SendResponse" : "CreateTicket")).'" />';
if ($this->withcancel) {
print " &nbsp; &nbsp; &nbsp;";
print '<input class="button button-cancel" type="submit" name="cancel" value="'.$langs->trans("Cancel").'">';
@ -551,7 +557,7 @@ class FormTicket
*
* @param string $selected Id categorie pre-selectionnée
* @param string $htmlname Nom de la zone select
* @param string $filtertype To filter on field type in llx_c_ticket_category (array('code'=>xx,'label'=>zz))
* @param string $filtertype To filter on some properties in llx_c_ticket_category ('public = 1'). This parameter must not come from input of users.
* @param int $format 0=id+libelle, 1=code+code, 2=code+libelle, 3=id+code
* @param int $empty 1=peut etre vide, 0 sinon
* @param int $noadmininfo 0=Add admin info, 1=Disable admin info
@ -567,12 +573,6 @@ class FormTicket
dol_syslog(get_class($this)."::selectCategoryTickets ".$selected.", ".$htmlname.", ".$filtertype.", ".$format, LOG_DEBUG);
$filterarray = array();
if ($filtertype != '' && $filtertype != '-1') {
$filterarray = explode(',', $filtertype);
}
$ticketstat->loadCacheCategoriesTickets();
print '<select id="select'.$htmlname.'" class="flat minwidth100'.($morecss ? ' '.$morecss : '').'" name="'.$htmlname.'">';
@ -582,9 +582,11 @@ class FormTicket
if (is_array($ticketstat->cache_category_tickets) && count($ticketstat->cache_category_tickets)) {
foreach ($ticketstat->cache_category_tickets as $id => $arraycategories) {
// On passe si on a demande de filtrer sur des modes de paiments particuliers
if (count($filterarray) && !in_array($arraycategories['type'], $filterarray)) {
continue;
// Exclude some record
if ($filtertype == 'public=1') {
if (empty($arraycategories['public'])) {
continue;
}
}
// We discard empty line if showempty is on because an empty line has already been output.
@ -1081,7 +1083,7 @@ class FormTicket
if ($this->withfile == 2) { // Can add other files
$out .= '<input type="file" class="flat" id="addedfile" name="addedfile" value="'.$langs->trans("Upload").'" />';
$out .= ' ';
$out .= '<input type="submit" class="button" id="'.$addfileaction.'" name="'.$addfileaction.'" value="'.$langs->trans("MailingAddFile").'" />';
$out .= '<input type="submit" class="button smallpaddingimp" id="'.$addfileaction.'" name="'.$addfileaction.'" value="'.$langs->trans("MailingAddFile").'" />';
}
$out .= "</td></tr>\n";

142
htdocs/core/class/notify.class.php
View File

@ -3,6 +3,7 @@
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2014 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2018 Philippe Grand <philippe.grand@atoo-net.com>
* Copyright (C) 2021 Thibault FOUCART <support@ptibogxiv.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -25,7 +26,6 @@
*/
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
/**
* Class to manage notifications
*/
@ -80,8 +80,8 @@ class Notify
'SHIPPING_VALIDATE',
'EXPENSE_REPORT_VALIDATE',
'EXPENSE_REPORT_APPROVE',
'HOLIDAY_VALIDATE',
'HOLIDAY_APPROVE',
'HOLIDAY_VALIDATE',
'HOLIDAY_APPROVE',
'ACTION_CREATE'
);
@ -442,49 +442,54 @@ class Notify
switch ($notifcode) {
case 'BILL_VALIDATE':
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output;
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice');
$object_type = 'facture';
$labeltouse = $conf->global->BILL_VALIDATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextInvoiceValidated", $link);
break;
case 'BILL_PAYED':
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output;
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice');
$object_type = 'facture';
$labeltouse = $conf->global->BILL_PAYED_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextInvoicePayed", $link);
break;
case 'ORDER_VALIDATE':
$link = '<a href="'.$urlwithroot.'/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->commande->dir_output;
$link = '<a href="'.$urlwithroot.'/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->commande->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'commande');
$object_type = 'order';
$labeltouse = $conf->global->ORDER_VALIDATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextOrderValidated", $link);
break;
case 'PROPAL_VALIDATE':
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity];
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal');
$object_type = 'propal';
$labeltouse = $conf->global->PROPAL_VALIDATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextProposalValidated", $link);
break;
case 'PROPAL_CLOSE_SIGNED':
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity];
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal');
$object_type = 'propal';
$labeltouse = $conf->global->PROPAL_CLOSE_SIGNED_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextProposalClosedSigned", $link);
break;
case 'FICHINTER_ADD_CONTACT':
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->ficheinter->dir_output;
$object_type = 'ficheinter';
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextInterventionAddedContact", $link);
break;
case 'FICHINTER_VALIDATE':
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->ficheinter->dir_output;
$object_type = 'ficheinter';
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextInterventionValidated", $link);
break;
case 'ORDER_SUPPLIER_VALIDATE':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->commande->dir_output;
$object_type = 'order_supplier';
$mesg = $outputlangs->transnoentitiesnoconv("Hello").",\n\n";
@ -492,7 +497,7 @@ class Notify
$mesg .= "\n\n".$outputlangs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'ORDER_SUPPLIER_APPROVE':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->commande->dir_output;
$object_type = 'order_supplier';
$mesg = $outputlangs->transnoentitiesnoconv("Hello").",\n\n";
@ -500,7 +505,7 @@ class Notify
$mesg .= "\n\n".$outputlangs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'ORDER_SUPPLIER_REFUSE':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->commande->dir_output;
$object_type = 'order_supplier';
$mesg = $outputlangs->transnoentitiesnoconv("Hello").",\n\n";
@ -508,56 +513,78 @@ class Notify
$mesg .= "\n\n".$outputlangs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'SHIPPING_VALIDATE':
$link = '<a href="'.$urlwithroot.'/expedition/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->expedition->dir_output.'/sending/';
$link = '<a href="'.$urlwithroot.'/expedition/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->expedition->dir_output."/sending/".get_exdir(0, 0, 0, 1, $object, 'shipment');
$object_type = 'expedition';
$labeltouse = $conf->global->SHIPPING_VALIDATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpeditionValidated", $link);
break;
case 'EXPENSE_REPORT_VALIDATE':
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->expensereport->dir_output;
$object_type = 'expensereport';
$labeltouse = $conf->global->EXPENSE_REPORT_VALIDATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpenseReportValidated", $link);
break;
case 'EXPENSE_REPORT_APPROVE':
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->expensereport->dir_output;
$object_type = 'expensereport';
$labeltouse = $conf->global->EXPENSE_REPORT_APPROVE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpenseReportApproved", $link);
break;
case 'HOLIDAY_VALIDATE':
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->holiday->dir_output;
$object_type = 'holiday';
$labeltouse = $conf->global->HOLIDAY_VALIDATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextHolidayValidated", $link);
break;
case 'HOLIDAY_APPROVE':
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->holiday->dir_output;
$object_type = 'holiday';
$labeltouse = $conf->global->HOLIDAY_APPROVE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextHolidayApproved", $link);
break;
break;
case 'ACTION_CREATE':
$link = '<a href="'.$urlwithroot.'/comm/action/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/comm/action/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->agenda->dir_output;
$object_type = 'action';
$labeltouse = $conf->global->ACTION_CREATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextActionAdded", $link);
break;
}
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($this->db);
$arraydefaultmessage = null;
if (!empty($labeltouse)) $arraydefaultmessage = $formmail->getEMailTemplate($this->db, $object_type.'_send', $user, $outputlangs, 0, 1, $labeltouse);
if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) {
$substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object);
complete_substitutions_array($substitutionarray, $outputlangs, $object);
$subject = make_substitutions($arraydefaultmessage->topic, $substitutionarray, $outputlangs);
$message = make_substitutions($arraydefaultmessage->content, $substitutionarray, $outputlangs);
} else {
$message = $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification", $application, $mysoc->name)."\n";
$message .= $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n";
$message .= "\n";
$message .= $mesg;
}
$ref = dol_sanitizeFileName($newref);
$pdf_path = $dir_output."/".$ref."/".$ref.".pdf";
$pdf_path = $dir_output."/".$ref.".pdf";
if (!dol_is_file($pdf_path)) {
// We can't add PDF as it is not generated yet.
$filepdf = '';
} else {
$filepdf = $pdf_path;
$filename_list[] = $filepdf;
$mimetype_list[] = mime_content_type($filepdf);
$mimefilename_list[] = $ref.".pdf";
}
$message = $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification", $application, $mysoc->name)."\n";
$message .= $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n";
$message .= "\n";
$message .= $mesg;
$parameters = array('notifcode'=>$notifcode, 'sendto'=>$sendto, 'replyto'=>$replyto, 'file'=>$filename_list, 'mimefile'=>$mimetype_list, 'filename'=>$mimefilename_list);
if (!isset($action)) {
$action = '';
@ -653,49 +680,49 @@ class Notify
switch ($notifcode) {
case 'BILL_VALIDATE':
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output;
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice');
$object_type = 'facture';
$mesg = $langs->transnoentitiesnoconv("EMailTextInvoiceValidated", $link);
break;
case 'BILL_PAYED':
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output;
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $$conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice');
$object_type = 'facture';
$mesg = $langs->transnoentitiesnoconv("EMailTextInvoicePayed", $link);
break;
case 'ORDER_VALIDATE':
$link = '<a href="'.$urlwithroot.'/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->commande->dir_output;
$link = '<a href="'.$urlwithroot.'/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->commande->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'commande');
$object_type = 'order';
$mesg = $langs->transnoentitiesnoconv("EMailTextOrderValidated", $link);
break;
case 'PROPAL_VALIDATE':
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity];
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal');
$object_type = 'propal';
$mesg = $langs->transnoentitiesnoconv("EMailTextProposalValidated", $link);
break;
case 'PROPAL_CLOSE_SIGNED':
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity];
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal');
$object_type = 'propal';
$mesg = $langs->transnoentitiesnoconv("EMailTextProposalClosedSigned", $link);
break;
case 'FICHINTER_ADD_CONTACT':
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->ficheinter->dir_output;
$object_type = 'ficheinter';
$mesg = $langs->transnoentitiesnoconv("EMailTextInterventionAddedContact", $link);
break;
case 'FICHINTER_VALIDATE':
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output;
$object_type = 'ficheinter';
$mesg = $langs->transnoentitiesnoconv("EMailTextInterventionValidated", $link);
break;
case 'ORDER_SUPPLIER_VALIDATE':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->commande->dir_output;
$object_type = 'order_supplier';
$mesg = $langs->transnoentitiesnoconv("Hello").",\n\n";
@ -703,7 +730,7 @@ class Notify
$mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'ORDER_SUPPLIER_APPROVE':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->commande->dir_output;
$object_type = 'order_supplier';
$mesg = $langs->transnoentitiesnoconv("Hello").",\n\n";
@ -711,7 +738,7 @@ class Notify
$mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'ORDER_SUPPLIER_APPROVE2':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->commande->dir_output;
$object_type = 'order_supplier';
$mesg = $langs->transnoentitiesnoconv("Hello").",\n\n";
@ -719,7 +746,7 @@ class Notify
$mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'ORDER_SUPPLIER_REFUSE':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->dir_output.'/commande/';
$object_type = 'order_supplier';
$mesg = $langs->transnoentitiesnoconv("Hello").",\n\n";
@ -727,37 +754,37 @@ class Notify
$mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'SHIPPING_VALIDATE':
$link = '<a href="'.$urlwithroot.'/expedition/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->expedition->dir_output.'/sending/';
$link = '<a href="'.$urlwithroot.'/expedition/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->expedition->dir_output."/sending/".get_exdir(0, 0, 0, 1, $object, 'shipment');
$object_type = 'order_supplier';
$mesg = $langs->transnoentitiesnoconv("EMailTextExpeditionValidated", $link);
break;
case 'EXPENSE_REPORT_VALIDATE':
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->expensereport->dir_output;
$object_type = 'expensereport';
$mesg = $langs->transnoentitiesnoconv("EMailTextExpenseReportValidated", $link);
break;
case 'EXPENSE_REPORT_APPROVE':
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->expensereport->dir_output;
$object_type = 'expensereport';
$mesg = $langs->transnoentitiesnoconv("EMailTextExpenseReportApproved", $link);
break;
case 'HOLIDAY_VALIDATE':
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->holiday->dir_output;
$object_type = 'holiday';
$mesg = $langs->transnoentitiesnoconv("EMailTextHolidayValidated", $link);
break;
case 'HOLIDAY_APPROVE':
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->holiday->dir_output;
$object_type = 'holiday';
$mesg = $langs->transnoentitiesnoconv("EMailTextHolidayApproved", $link);
break;
break;
case 'ACTION_CREATE':
$link = '<a href="'.$urlwithroot.'/comm/action/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/comm/action/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->agenda->dir_output;
$object_type = 'action';
$mesg = $langs->transnoentitiesnoconv("EMailTextActionAdded", $link);
@ -770,6 +797,9 @@ class Notify
$filepdf = '';
} else {
$filepdf = $pdf_path;
$filename_list[] = $pdf_path;
$mimetype_list[] = mime_content_type($filepdf);
$mimefilename_list[] = $ref.".pdf";
}
$message .= $langs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n";

20
htdocs/core/class/rssparser.class.php
View File

@ -181,7 +181,7 @@ class RssParser
* @param string $urlRSS Url to parse
* @param int $maxNb Max nb of records to get (0 for no limit)
* @param int $cachedelay 0=No cache, nb of seconds we accept cache files (cachedir must also be defined)
* @param string $cachedir Directory where to save cache file
* @param string $cachedir Directory where to save cache file (For example $conf->externalrss->dir_temp)
* @return int <0 if KO, >0 if OK
*/
public function parser($urlRSS, $maxNb = 0, $cachedelay = 60, $cachedir = '')
@ -189,6 +189,7 @@ class RssParser
global $conf;
include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
include_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
$rss = '';
$str = ''; // This will contain content of feed
@ -225,21 +226,10 @@ class RssParser
$str = file_get_contents($newpathofdestfile);
} else {
try {
ini_set("user_agent", "Dolibarr ERP-CRM RSS reader");
ini_set("max_execution_time", $conf->global->MAIN_USE_RESPONSE_TIMEOUT);
ini_set("default_socket_timeout", $conf->global->MAIN_USE_RESPONSE_TIMEOUT);
$opts = array('http'=>array('method'=>"GET"));
if (!empty($conf->global->MAIN_USE_CONNECT_TIMEOUT)) {
$opts['http']['timeout'] = $conf->global->MAIN_USE_CONNECT_TIMEOUT;
$result = getURLContent($this->_urlRSS, 'GET', '', 1, array(), array('http', 'https'), 0);
if (!empty($result['content'])) {
$str = $result['content'];
}
if (!empty($conf->global->MAIN_PROXY_USE)) {
$opts['http']['proxy'] = 'tcp://'.$conf->global->MAIN_PROXY_HOST.':'.$conf->global->MAIN_PROXY_PORT;
}
//var_dump($opts);exit;
$context = stream_context_create($opts);
$str = file_get_contents($this->_urlRSS, false, $context);
} catch (Exception $e) {
print 'Error retrieving URL '.$this->_urlRSS.' - '.$e->getMessage();
}

4
htdocs/core/class/translate.class.php
View File

@ -631,7 +631,7 @@ class Translate
// We replace some HTML tags by __xx__ to avoid having them encoded by htmlentities because
// we want to keep '"' '<b>' '</b>' '<strong' '</strong>' '<a ' '</a>' '<br>' '< ' '<span' '</span>' that are reliable HTML tags inside translation strings.
$str = str_replace(
array('"', '<b>', '</b>', '<u>', '</u>', '<i>', '</i>', '<center>', '</center>', '<strong>', '</strong>', '<a ', '</a>', '<br>', '<span', '</span>', '< ', '>'), // We accept '< ' but not '<'. We can accept however '>'
array('"', '<b>', '</b>', '<u>', '</u>', '<i', '</i>', '<center>', '</center>', '<strong>', '</strong>', '<a ', '</a>', '<br>', '<span', '</span>', '< ', '>'), // We accept '< ' but not '<'. We can accept however '>'
array('__quot__', '__tagb__', '__tagbend__', '__tagu__', '__taguend__', '__tagi__', '__tagiend__', '__tagcenter__', '__tagcenterend__', '__tagb__', '__tagbend__', '__taga__', '__tagaend__', '__tagbr__', '__tagspan__', '__tagspanend__', '__ltspace__', '__gt__'),
$str
);
@ -646,7 +646,7 @@ class Translate
// Restore reliable HTML tags into original translation string
$str = str_replace(
array('__quot__', '__tagb__', '__tagbend__', '__tagu__', '__taguend__', '__tagi__', '__tagiend__', '__tagcenter__', '__tagcenterend__', '__taga__', '__tagaend__', '__tagbr__', '__tagspan__', '__tagspanend__', '__ltspace__', '__gt__'),
array('"', '<b>', '</b>', '<u>', '</u>', '<i>', '</i>', '<center>', '</center>', '<a ', '</a>', '<br>', '<span', '</span>', '< ', '>'),
array('"', '<b>', '</b>', '<u>', '</u>', '<i', '</i>', '<center>', '</center>', '<a ', '</a>', '<br>', '<span', '</span>', '< ', '>'),
$str
);

11
htdocs/core/lib/admin.lib.php
View File

@ -303,14 +303,17 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
if ($offsetforchartofaccount > 0) {
// Replace lines
// 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401, 'PCG99-ABREGE', 'CAPIT', '1234', 1400, '...', 1);'
// 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401, 'PCG99-ABREGE', 'CAPIT', '1234', 1400,...'
// with
// 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401 + 200100000, 'PCG99-ABREGE','CAPIT', '1234', 1400 + 200100000, '...', 1);'
// Note: string with 1234 instead of '1234' is also supported
// 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401 + 200100000, 'PCG99-ABREGE','CAPIT', '1234', 1400 + 200100000,...'
// Note: string with 'PCG99-ABREGE','CAPIT', 1234 instead of 'PCG99-ABREGE','CAPIT', '1234' is also supported
$newsql = preg_replace('/VALUES\s*\(__ENTITY__, \s*(\d+)\s*,(\s*\'[^\',]*\'\s*,\s*\'[^\',]*\'\s*,\s*\'?[^\',]*\'?\s*),\s*\'?([^\',]*)\'?/ims', 'VALUES (__ENTITY__, \1 + '.$offsetforchartofaccount.', \2, \3 + '.$offsetforchartofaccount, $newsql);
$newsql = preg_replace('/([,\s])0 \+ '.$offsetforchartofaccount.'/ims', '\1 0', $newsql);
//var_dump($newsql);
$arraysql[$i] = $newsql;
// FIXME Because we force the rowid during insert, we must also update the sequence with postgresql by running
// SELECT dol_util_rebuild_sequences();
}
}
@ -568,7 +571,7 @@ function dolibarr_get_const($db, $name, $entity = 1)
* @param DoliDB $db Database handler
* @param string $name Name of constant
* @param string $value Value of constant
* @param string $type Type of constante (chaine par defaut)
* @param string $type Type of constant ('chaine by default)
* @param int $visible Is constant visible in Setup->Other page (0 by default)
* @param string $note Note on parameter
* @param int $entity Multi company id (0 means all entities)

46
htdocs/core/lib/functions.lib.php
View File

@ -355,6 +355,7 @@ function GETPOSTISSET($paramname)
* 'int'=check it's numeric (integer or float)
* 'intcomma'=check it's integer+comma ('1,2,3,4...')
* 'alpha'=Same than alphanohtml since v13
* 'alphawithlgt'=alpha with lgt
* 'alphanohtml'=check there is no html content and no " and no ../
* 'aZ'=check it's a-z only
* 'aZ09'=check it's simple alpha string (recommended for keys)
@ -745,20 +746,29 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
case 'alpha': // No html and no ../ and "
case 'alphanohtml': // Recommended for most scalar parameters and search parameters
if (!is_array($out)) {
$out = dol_string_nohtmltag($out, 0);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
$out = str_replace(array('&quot;', '"'), '', trim($out));
$out = str_replace(array('../'), '', $out);
$out = trim($out);
do {
$oldstringtoclean = $out;
// Note &#38, '&#0000038', '&#x26'... is a simple char like '&' alone but there is no reason to accept such way to encode input data.
$out = str_ireplace(array('&#38', '&#0000038', '&#x26', '&quot', '&#34', '&#0000034', '&#x22', '"', '&#47', '&#0000047', '&#x2F', '../'), '', $out);
} while ($oldstringtoclean != $out);
// keep lines feed
$out = dol_string_nohtmltag($out, 0);
}
break;
case 'alphawithlgt': // No " and no ../ but we keep balanced < > tags with no special chars inside. Can be used for email string like "Name <email>"
if (!is_array($out)) {
$out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8');
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
$out = str_replace(array('&quot;', '"'), '', trim($out));
$out = str_replace(array('../'), '', $out);
$out = trim($out);
do {
$oldstringtoclean = $out;
// Note &#38, '&#0000038', '&#x26'... is a simple char like '&' alone but there is no reason to accept such way to encode input data.
$out = str_ireplace(array('&#38', '&#0000038', '&#x26', '&quot', '&#34', '&#0000034', '&#x22', '"', '&#47', '&#0000047', '&#x2F', '../'), '', $out);
} while ($oldstringtoclean != $out);
}
break;
case 'restricthtml': // Recommended for most html textarea
@ -3521,14 +3531,15 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
'delete', 'dolly', 'dollyrevert', 'donation', 'download', 'edit', 'ellipsis-h', 'email', 'eraser', 'external-link-alt', 'external-link-square-alt',
'filter', 'file-code', 'file-export', 'file-import', 'file-upload', 'folder', 'folder-open', 'globe', 'globe-americas', 'grip', 'grip_title', 'group',
'help', 'holiday',
'info', 'intervention', 'inventory', 'label', 'language', 'link', 'list', 'listlight', 'loan', 'lot', 'long-arrow-alt-right',
'info', 'intervention', 'inventory', 'intracommreport',
'label', 'language', 'link', 'list', 'listlight', 'loan', 'lot', 'long-arrow-alt-right',
'margin', 'map-marker-alt', 'member', 'meeting', 'money-bill-alt', 'movement', 'mrp', 'note', 'next',
'object_accounting', 'object_account', 'object_accountline', 'object_action', 'object_asset', 'object_barcode', 'object_bill', 'object_billr', 'object_billa', 'object_billd', 'object_bom',
'object_category', 'conferenceorbooth', 'object_conversation', 'object_bookmark', 'object_bug', 'object_clock', 'object_dolly', 'object_dollyrevert',
'object_folder', 'object_folder-open','object_generic',
'object_list-alt', 'object_calendar', 'object_calendarweek', 'object_calendarmonth', 'object_calendarday', 'object_calendarperuser',
'object_cash-register', 'object_company', 'object_contact', 'object_contract', 'object_cron', 'object_donation', 'object_dynamicprice',
'object_globe', 'object_holiday', 'object_hrm', 'object_invoice', 'object_intervention', 'object_inventory', 'object_label',
'object_globe', 'object_holiday', 'object_hrm', 'object_invoice', 'object_intervention', 'object_inventory', 'object_intracommreport', 'object_label',
'object_margin', 'object_members', 'object_money-bill-alt', 'object_multicurrency', 'object_order', 'object_payment',
'object_lot', 'object_mrp', 'object_other',
'object_payment', 'object_pdf', 'object_product', 'object_propal',
@ -3538,7 +3549,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
'object_technic', 'object_ticket', 'object_trip', 'object_user', 'object_group', 'object_member',
'object_phoning', 'object_phoning_mobile', 'object_phoning_fax', 'object_email', 'object_website', 'object_movement',
'off', 'on', 'order',
'paiment', 'play', 'pdf', 'playdisabled', 'previous', 'poll', 'pos', 'printer', 'product', 'propal', 'stock', 'resize', 'service', 'stats', 'trip',
'paiment', 'play', 'pdf', 'phone', 'playdisabled', 'previous', 'poll', 'pos', 'printer', 'product', 'propal', 'stock', 'resize', 'service', 'stats', 'trip',
'setup', 'share-alt', 'sign-out', 'split', 'stripe', 'stripe-s', 'switch_off', 'switch_on', 'tools', 'unlink', 'uparrow', 'user', 'vcard', 'wrench',
'github', 'jabber', 'skype', 'twitter', 'facebook', 'linkedin', 'instagram', 'snapchat', 'youtube', 'google-plus-g', 'whatsapp',
'chevron-left', 'chevron-right', 'chevron-down', 'chevron-top', 'commercial', 'companies',
@ -3576,7 +3587,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
'email'=>'at',
'edit'=>'pencil-alt', 'grip_title'=>'arrows-alt', 'grip'=>'arrows-alt', 'help'=>'question-circle',
'generic'=>'file', 'holiday'=>'umbrella-beach',
'info'=>'info-circle', 'inventory'=>'boxes', 'label'=>'layer-group', 'loan'=>'money-bill-alt',
'info'=>'info-circle', 'inventory'=>'boxes', 'intracommreport'=>'globe-europe', 'label'=>'layer-group', 'loan'=>'money-bill-alt',
'member'=>'user-alt', 'meeting'=>'chalkboard-teacher', 'mrp'=>'cubes', 'next'=>'arrow-alt-circle-right',
'trip'=>'wallet', 'group'=>'users', 'movement'=>'people-carry',
'sign-out'=>'sign-out-alt',
@ -6267,16 +6278,20 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed = 1, $pagecodeto =
* @param int $cleanalsosomestyles Remove absolute/fixed positioning from inline styles
* @param int $removeclassattribute 1=Remove the class attribute from tags
* @param int $cleanalsojavascript Remove also occurence of 'javascript:'.
* @param int $allowiframe Allow iframe tags.
* @return string String cleaned
*
* @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_neverthesehtmltags()
*/
function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $removeclassattribute = 1, $cleanalsojavascript = 0)
function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $removeclassattribute = 1, $cleanalsojavascript = 0, $allowiframe = 0)
{
$allowed_tags = array(
"html", "head", "meta", "body", "article", "a", "abbr", "b", "blockquote", "br", "cite", "div", "dl", "dd", "dt", "em", "font", "img", "ins", "hr", "i", "li", "link",
"ol", "p", "q", "s", "section", "span", "strike", "strong", "title", "table", "tr", "th", "td", "u", "ul", "sup", "sub", "blockquote", "pre", "h1", "h2", "h3", "h4", "h5", "h6"
);
if ($allowiframe) {
$allowed_tags[] = "iframe";
}
$allowed_tags_string = join("><", $allowed_tags);
$allowed_tags_string = '<'.$allowed_tags_string.'>';
@ -6322,9 +6337,11 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1,
*
* @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_onlythesehtmltags() dol_string_neverthesehtmltags()
*/
function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes = array("alt", "class", "contenteditable", "data-html", "href", "id", "name", "src", "style", "target", "title"))
function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes = array("allow", "allowfullscreen", "alt", "class", "contenteditable", "data-html", "frameborder", "height", "href", "id", "name", "src", "style", "target", "title", "width"))
{
if (class_exists('DOMDocument') && !empty($stringtoclean)) {
$stringtoclean = '<html><body>'.$stringtoclean.'</body></html>';
$dom = new DOMDocument();
$dom->loadHTML($stringtoclean, LIBXML_ERR_NONE|LIBXML_HTML_NOIMPLIED|LIBXML_HTML_NODEFDTD|LIBXML_NONET|LIBXML_NOWARNING|LIBXML_NOXMLDECL);
if (is_object($dom)) {
@ -6338,7 +6355,12 @@ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes
}
}
return $dom->saveHTML();
$return = $dom->saveHTML();
//$return = '<html><body>aaaa</p>bb<p>ssdd</p>'."\n<p>aaa</p>aa<p>bb</p>";
$return = preg_replace('/^<html><body>/', '', $return);
$return = preg_replace('/<\/body><\/html>$/', '', $return);
return $return;
} else {
return $stringtoclean;
}

5
htdocs/core/lib/product.lib.php
View File

@ -328,6 +328,11 @@ function product_lot_admin_prepare_head()
$h = 0;
$head = array();
$head[$h][0] = DOL_URL_ROOT."/product/admin/product_lot.php";
$head[$h][1] = $langs->trans('Parameters');
$head[$h][2] = 'settings';
$h++;
// Show more tabs from modules
// Entries must be declared in modules descriptor with line
// $this->tabs = array('entity:+tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to add new tab

1
htdocs/core/modules/expensereport/doc/index.html Normal file
View File

@ -0,0 +1 @@

8
htdocs/core/modules/mailings/thirdparties.modules.php
View File

@ -83,13 +83,13 @@ class mailing_thirdparties extends MailingTargets
if (GETPOSTISSET("filter_client") && GETPOST("filter_client") <> '-1') {
$addFilter .= " AND s.client=".((int) GETPOST("filter_client", 'int'));
$addDescription = $langs->trans('ProspectCustomer')."=";
if ($_POST["filter_client"] == 0) {
if (GETPOST("filter_client") == 0) {
$addDescription .= $langs->trans('NorProspectNorCustomer');
} elseif ($_POST["filter_client"] == 1) {
} elseif (GETPOST("filter_client") == 1) {
$addDescription .= $langs->trans('Customer');
} elseif ($_POST["filter_client"] == 2) {
} elseif (GETPOST("filter_client") == 2) {
$addDescription .= $langs->trans('Prospect');
} elseif ($_POST["filter_client"] == 3) {
} elseif (GETPOST("filter_client") == 3) {
$addDescription .= $langs->trans('ProspectCustomer');
} else {
$addDescription .= "Unknown status ".GETPOST("filter_client");

2
htdocs/core/modules/modExternalSite.class.php
View File

@ -67,7 +67,7 @@ class modExternalSite extends DolibarrModules
$this->dirs = array();
// Config pages. Put here list of php page names stored in admmin directory used to setup module
$this->config_page_url = array("externalsite.php@externalsite");
$this->config_page_url = array("index.php@externalsite");
// Dependencies
$this->depends = array(); // List of modules id that must be enabled if this module is enabled

4
htdocs/core/modules/modIntracommreport.class.php
View File

@ -44,13 +44,13 @@ class modIntracommreport extends DolibarrModules
$this->numero = 68000;
$this->family = "financial";
$this->module_position = '100';
$this->module_position = '60';
// Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module)
$this->name = preg_replace('/^mod/i', '', get_class($this));
$this->description = "Intracomm report management (Support for French DEB/DES format)";
// Possible values for version are: 'development', 'experimental', 'dolibarr' or 'dolibarr_deprecated' or version
$this->version = 'development';
$this->version = 'experimental';
$this->const_name = 'MAIN_MODULE_'.strtoupper($this->name);
$this->picto = 'intracommreport';

20
htdocs/core/modules/modProductBatch.class.php
View File

@ -64,8 +64,8 @@ class modProductBatch extends DolibarrModules
// Data directories to create when module is enabled.
$this->dirs = array();
// Config pages. Put here list of php page, stored into /product/admin/ directory, to setup the module.
$this->config_page_url = array("product_lot_extrafields.php@product");
// Config pages. Put here list of php page, stored into productdluo/admin directory, to use to setup module.
$this->config_page_url = array("product_lot.php@product");
// Dependencies
$this->hidden = false; // A condition to hide module
@ -76,8 +76,24 @@ class modProductBatch extends DolibarrModules
$this->need_dolibarr_version = array(3, 0); // Minimum version of Dolibarr required by module
$this->langfiles = array("productbatch");
// Constants
// Constants
$this->const = array();
$r = 0;
$this->const[$r][0] = "PRODUCTBATCH_LOT_ADDON";
$this->const[$r][1] = "chaine";
$this->const[$r][2] = "mod_lot_free";
$this->const[$r][3] = 'Module to control product codes';
$this->const[$r][4] = 0;
$r++;
$this->const[$r][0] = "PRODUCTBATCH_SN_ADDON";
$this->const[$r][1] = "chaine";
$this->const[$r][2] = "mod_sn_free";
$this->const[$r][3] = 'Module to control product codes';
$this->const[$r][4] = 0;
$r++;
$this->tabs = array();

15
htdocs/core/modules/modTicket.class.php
View File

@ -127,16 +127,21 @@ class modTicket extends DolibarrModules
'tabsql' => array(
'SELECT f.rowid as rowid, f.code, f.pos, f.label, f.active, f.use_default FROM '.MAIN_DB_PREFIX.'c_ticket_type as f',
'SELECT f.rowid as rowid, f.code, f.pos, f.label, f.active, f.use_default FROM '.MAIN_DB_PREFIX.'c_ticket_severity as f',
'SELECT f.rowid as rowid, f.code, f.pos, f.label, f.active, f.use_default FROM '.MAIN_DB_PREFIX.'c_ticket_category as f',
'SELECT f.rowid as rowid, f.code, f.pos, f.label, f.active, f.use_default, f.public FROM '.MAIN_DB_PREFIX.'c_ticket_category as f',
'SELECT f.rowid as rowid, f.code, f.pos, f.label, f.active, f.use_default FROM '.MAIN_DB_PREFIX.'c_ticket_resolution as f'
),
'tabsqlsort' => array("pos ASC", "pos ASC", "pos ASC", "pos ASC"),
'tabfield' => array("code,label,pos,use_default", "code,label,pos,use_default", "code,label,pos,use_default", "code,label,pos,use_default"),
'tabfieldvalue' => array("code,label,pos,use_default", "code,label,pos,use_default", "code,label,pos,use_default", "code,label,pos,use_default"),
'tabfieldinsert' => array("code,label,pos,use_default", "code,label,pos,use_default", "code,label,pos,use_default", "code,label,pos,use_default"),
'tabfield' => array("code,label,pos,use_default", "code,label,pos,use_default", "code,label,pos,use_default,public", "code,label,pos,use_default"),
'tabfieldvalue' => array("code,label,pos,use_default", "code,label,pos,use_default", "code,label,pos,use_default,public", "code,label,pos,use_default"),
'tabfieldinsert' => array("code,label,pos,use_default", "code,label,pos,use_default", "code,label,pos,use_default,public", "code,label,pos,use_default"),
'tabrowid' => array("rowid", "rowid", "rowid", "rowid"),
'tabcond' => array($conf->ticket->enabled, $conf->ticket->enabled, $conf->ticket->enabled, $conf->ticket->enabled),
'tabhelp' => array(array('code'=>$langs->trans("EnterAnyCode"), 'use_default'=>$langs->trans("Enter0or1")), array('code'=>$langs->trans("EnterAnyCode"), 'use_default'=>$langs->trans("Enter0or1")), array('code'=>$langs->trans("EnterAnyCode"), 'use_default'=>$langs->trans("Enter0or1")), array('code'=>$langs->trans("EnterAnyCode"), 'use_default'=>$langs->trans("Enter0or1"))),
'tabhelp' => array(
array('code'=>$langs->trans("EnterAnyCode"), 'use_default'=>$langs->trans("Enter0or1")),
array('code'=>$langs->trans("EnterAnyCode"), 'use_default'=>$langs->trans("Enter0or1")),
array('code'=>$langs->trans("EnterAnyCode"), 'use_default'=>$langs->trans("Enter0or1"), 'public'=>$langs->trans("Enter0or1").'<br>'.$langs->trans("TicketGroupIsPublicDesc")),
array('code'=>$langs->trans("EnterAnyCode"), 'use_default'=>$langs->trans("Enter0or1"))
),
);
// Boxes

1
htdocs/core/modules/movement/doc/index.html Normal file
View File

@ -0,0 +1 @@

1
htdocs/core/modules/product/doc/index.html Normal file
View File

@ -0,0 +1 @@

145
htdocs/core/modules/product_batch/mod_lot_advanced.php Normal file
View File

@ -0,0 +1,145 @@
<?php
/* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2008 Raphael Bertrand (Resultic) <raphael.bertrand@resultic.fr>
* Copyright (C) 2019 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2021 Christophe Battarel <christophe@altairis.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/product_batch/mod_lot_advanced.php
* \ingroup productbatch
* \brief File containing class for numbering model of Lot advanced
*/
require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php';
/**
* Class to manage Batch numbering rules advanced
*/
class mod_lot_advanced extends ModeleNumRefBatch
{
/**
* Dolibarr version of the loaded document
* @var string
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
/**
* @var string Error message
*/
public $error = '';
/**
* @var string name
*/
public $name = 'lot_advanced';
/**
* Returns the description of the numbering model
*
* @return string Texte descripif
*/
public function info()
{
global $conf, $langs, $db;
$langs->load("bills");
$form = new Form($db);
$texte = $langs->trans('GenericNumRefModelDesc')."<br>\n";
$texte .= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
$texte .= '<input type="hidden" name="token" value="'.newToken().'">';
$texte .= '<input type="hidden" name="action" value="updateMaskLot">';
$texte .= '<input type="hidden" name="maskconstLot" value="LOT_ADVANCED_MASK">';
$texte .= '<table class="nobordernopadding" width="100%">';
$tooltip = $langs->trans("GenericMaskCodes", $langs->transnoentities("Batch"), $langs->transnoentities("Batch"));
$tooltip .= $langs->trans("GenericMaskCodes2");
$tooltip .= $langs->trans("GenericMaskCodes3");
$tooltip .= $langs->trans("GenericMaskCodes4a", $langs->transnoentities("Batch"), $langs->transnoentities("Batch"));
$tooltip .= $langs->trans("GenericMaskCodes5");
// Parametrage du prefix
$texte .= '<tr><td>'.$langs->trans("Mask").':</td>';
$texte .= '<td class="right">'.$form->textwithpicto('<input type="text" class="flat" size="24" name="maskLot" value="'.$conf->global->LOT_ADVANCED_MASK.'">', $tooltip, 1, 1).'</td>';
$texte .= '<td class="left" rowspan="2">&nbsp; <input type="submit" class="button" value="'.$langs->trans("Modify").'" name="Button"></td>';
$texte .= '</tr>';
$texte .= '</table>';
$texte .= '</form>';
return $texte;
}
/**
* Return an example of numbering
*
* @return string Example
*/
public function getExample()
{
global $conf, $langs, $mysoc;
$old_code_client = $mysoc->code_client;
$old_code_type = $mysoc->typent_code;
$mysoc->code_client = 'CCCCCCCCCC';
$mysoc->typent_code = 'TTTTTTTTTT';
$numExample = $this->getNextValue($mysoc, '');
$mysoc->code_client = $old_code_client;
$mysoc->typent_code = $old_code_type;
if (!$numExample) {
$numExample = $langs->trans('NotConfigured');
}
return $numExample;
}
/**
* Return next free value
*
* @param Product $objprod Object product
* @param Object $object Object we need next value for
* @return string Value if KO, <0 if KO
*/
public function getNextValue($objprod, $object)
{
global $db, $conf;
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
// We get cursor rule
$mask = $conf->global->BATCH_ADVANCED_MASK;
if (!$mask) {
$this->error = 'NotConfigured';
return 0;
}
$date = $object->date;
$numFinal = get_next_value($db, $mask, 'product_lot', 'ref', '', null, $date);
return $numFinal;
}
}

105
htdocs/core/modules/product_batch/mod_lot_free.php Normal file
View File

@ -0,0 +1,105 @@
<?php
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2009 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/product/mod_lot_free.php
* \ingroup productbatch
* \brief File containing class for numbering model of Lot free
*/
require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php';
/**
* \class mod_codeproduct_leopard
* \brief Classe permettant la gestion leopard des codes produits
*/
class mod_lot_free extends ModeleNumRefBatch
{
/*
* Attention ce module est utilise par defaut si aucun module n'a
* ete definit dans la configuration
*
* Le fonctionnement de celui-ci doit donc rester le plus ouvert possible
*/
/**
* @var string model name
*/
public $name = 'lot_free';
public $code_modifiable; // Code modifiable
public $code_modifiable_invalide; // Code modifiable si il est invalide
public $code_modifiable_null; // Code modifiables si il est null
public $code_null; // Code facultatif
/**
* Dolibarr version of the loaded document
* @var string
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
/**
* @var int Automatic numbering
*/
public $code_auto;
/**
* Constructor
*/
public function __construct()
{
$this->code_null = 1;
$this->code_modifiable = 1;
$this->code_modifiable_invalide = 1;
$this->code_modifiable_null = 1;
$this->code_auto = 0;
}
/**
* Return description of module
*
* @return string Description of module
*/
public function info()
{
global $langs;
$langs->load("companies");
return $langs->trans("LeopardNumRefModelDesc");
}
/**
* Return an example of result returned by getNextValue
*
* @param product $objproduct Object product
* @param int $type Type of third party (1:customer, 2:supplier, -1:autodetect)
* @return string Return next value
*/
public function getNextValue($objproduct = 0, $type = -1)
{
global $langs;
return '';
}
}

145
htdocs/core/modules/product_batch/mod_lot_standard.php Normal file
View File

@ -0,0 +1,145 @@
<?php
/* Copyright (C) 2005-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2021 Christophe Battarel <christophe@altairis.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/product_batch/mod_lot_standard.php
* \ingroup productbatch
* \brief File of class to manage Lot numbering rules standard
*/
require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php';
/**
* Class to manage MO numbering rules standard
*/
class mod_lot_standard extends ModeleNumRefBatch
{
/**
* Dolibarr version of the loaded document
* @var string
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
public $prefix = 'LOT';
/**
* @var string Error code (or message)
*/
public $error = '';
/**
* @var string name
*/
public $name = 'lot_standard';
/**
* Return description of numbering module
*
* @return string Text with description
*/
public function info()
{
global $langs;
return $langs->trans("SimpleNumRefModelDesc", $this->prefix);
}
/**
* Return an example of numbering
*
* @return string Example
*/
public function getExample()
{
return $this->prefix."0501-0001";
}
/**
* Checks if the numbers already in the database do not
* cause conflicts that would prevent this numbering working.
*
* @return boolean false if conflict, true if ok
*/
public function canBeActivated()
{
global $conf, $langs, $db;
$coyymm = ''; $max = '';
$posindice = strlen($this->prefix) + 6;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql .= " FROM ".MAIN_DB_PREFIX."product_lot";
$sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql) {
$row = $db->fetch_row($resql);
if ($row) { $coyymm = substr($row[0], 0, 6); $max = $row[0]; }
}
if ($coyymm && !preg_match('/'.$this->prefix.'[0-9][0-9][0-9][0-9]/i', $coyymm)) {
$langs->load("errors");
$this->error = $langs->trans('ErrorNumRefModel', $max);
return false;
}
return true;
}
/**
* Return next free value
*
* @param Product $objprod Object product
* @param Object $object Object we need next value for
* @return string Value if KO, <0 if KO
*/
public function getNextValue($objprod, $object)
{
global $db, $conf;
// First, we get the max value
$posindice = strlen($this->prefix) + 6;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql .= " FROM ".MAIN_DB_PREFIX."product_lot";
$sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
if ($obj) $max = intval($obj->max);
else $max = 0;
} else {
dol_syslog("mod_lot_standard::getNextValue", LOG_DEBUG);
return -1;
}
//$date=time();
$date = $object->date_creation;
$yymm = strftime("%y%m", $date);
if ($max >= (pow(10, 4) - 1)) $num = $max + 1; // If counter > 9999, we do not format on 4 chars, we take number as it is
else $num = sprintf("%04s", $max + 1);
dol_syslog("mod_lot_standard::getNextValue return ".$this->prefix.$yymm."-".$num);
return $this->prefix.$yymm."-".$num;
}
}

145
htdocs/core/modules/product_batch/mod_sn_advanced.php Normal file
View File

@ -0,0 +1,145 @@
<?php
/* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2008 Raphael Bertrand (Resultic) <raphael.bertrand@resultic.fr>
* Copyright (C) 2019 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2021 Christophe Battarel <christophe@altairis.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/product_batch/mod_batch_advanced.php
* \ingroup productbatch
* \brief File containing class for numbering model of SN advanced
*/
require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php';
/**
* Class to manage Batch numbering rules advanced
*/
class mod_sn_advanced extends ModeleNumRefBatch
{
/**
* Dolibarr version of the loaded document
* @var string
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
/**
* @var string Error message
*/
public $error = '';
/**
* @var string name
*/
public $name = 'sn_advanced';
/**
* Returns the description of the numbering model
*
* @return string Texte descripif
*/
public function info()
{
global $conf, $langs, $db;
$langs->load("bills");
$form = new Form($db);
$texte = $langs->trans('GenericNumRefModelDesc')."<br>\n";
$texte .= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
$texte .= '<input type="hidden" name="token" value="'.newToken().'">';
$texte .= '<input type="hidden" name="action" value="updateMaskSN">';
$texte .= '<input type="hidden" name="maskconstSN" value="SN_ADVANCED_MASK">';
$texte .= '<table class="nobordernopadding" width="100%">';
$tooltip = $langs->trans("GenericMaskCodes", $langs->transnoentities("Batch"), $langs->transnoentities("Batch"));
$tooltip .= $langs->trans("GenericMaskCodes2");
$tooltip .= $langs->trans("GenericMaskCodes3");
$tooltip .= $langs->trans("GenericMaskCodes4a", $langs->transnoentities("Batch"), $langs->transnoentities("Batch"));
$tooltip .= $langs->trans("GenericMaskCodes5");
// Parametrage du prefix
$texte .= '<tr><td>'.$langs->trans("Mask").':</td>';
$texte .= '<td class="right">'.$form->textwithpicto('<input type="text" class="flat" size="24" name="maskSN" value="'.$conf->global->SN_ADVANCED_MASK.'">', $tooltip, 1, 1).'</td>';
$texte .= '<td class="left" rowspan="2">&nbsp; <input type="submit" class="button" value="'.$langs->trans("Modify").'" name="Button"></td>';
$texte .= '</tr>';
$texte .= '</table>';
$texte .= '</form>';
return $texte;
}
/**
* Return an example of numbering
*
* @return string Example
*/
public function getExample()
{
global $conf, $langs, $mysoc;
$old_code_client = $mysoc->code_client;
$old_code_type = $mysoc->typent_code;
$mysoc->code_client = 'CCCCCCCCCC';
$mysoc->typent_code = 'TTTTTTTTTT';
$numExample = $this->getNextValue($mysoc, '');
$mysoc->code_client = $old_code_client;
$mysoc->typent_code = $old_code_type;
if (!$numExample) {
$numExample = $langs->trans('NotConfigured');
}
return $numExample;
}
/**
* Return next free value
*
* @param Product $objprod Object product
* @param Object $object Object we need next value for
* @return string Value if KO, <0 if KO
*/
public function getNextValue($objprod, $object)
{
global $db, $conf;
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
// We get cursor rule
$mask = $conf->global->BATCH_ADVANCED_MASK;
if (!$mask) {
$this->error = 'NotConfigured';
return 0;
}
$date = $object->date;
$numFinal = get_next_value($db, $mask, 'product_sn', 'ref', '', null, $date);
return $numFinal;
}
}

104
htdocs/core/modules/product_batch/mod_sn_free.php Normal file
View File

@ -0,0 +1,104 @@
<?php
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2009 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/product/mod_sn_free.php
* \ingroup productbatch
* \brief File containing class for numbering model of SN free
*/
require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php';
/**
* \class mod_codeproduct_leopard
* \brief Classe permettant la gestion leopard des codes produits
*/
class mod_sn_free extends ModeleNumRefBatch
{
/*
* Attention ce module est utilise par defaut si aucun module n'a
* ete definit dans la configuration
*
* Le fonctionnement de celui-ci doit donc rester le plus ouvert possible
*/
/**
* @var string model name
*/
public $name = 'sn_free';
public $code_modifiable; // Code modifiable
public $code_modifiable_invalide; // Code modifiable si il est invalide
public $code_modifiable_null; // Code modifiables si il est null
public $code_null; // Code facultatif
/**
* Dolibarr version of the loaded document
* @var string
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
/**
* @var int Automatic numbering
*/
public $code_auto;
/**
* Constructor
*/
public function __construct()
{
$this->code_null = 1;
$this->code_modifiable = 1;
$this->code_modifiable_invalide = 1;
$this->code_modifiable_null = 1;
$this->code_auto = 0;
}
/**
* Return description of module
*
* @return string Description of module
*/
public function info()
{
global $langs;
$langs->load("companies");
return $langs->trans("LeopardNumRefModelDesc");
}
/**
* Return an example of result returned by getNextValue
*
* @param product $objproduct Object product
* @param int $type Type of third party (1:customer, 2:supplier, -1:autodetect)
* @return string Return next value
*/
public function getNextValue($objproduct = 0, $type = -1)
{
global $langs;
return '';
}
}

145
htdocs/core/modules/product_batch/mod_sn_standard.php Normal file
View File

@ -0,0 +1,145 @@
<?php
/* Copyright (C) 2005-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2021 Christophe Battarel <christophe@altairis.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/product_batch/mod_sn_standard.php
* \ingroup productbatch
* \brief File of class to manage SN numbering rules standard
*/
require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php';
/**
* Class to manage MO numbering rules standard
*/
class mod_sn_standard extends ModeleNumRefBatch
{
/**
* Dolibarr version of the loaded document
* @var string
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
public $prefix = 'SN';
/**
* @var string Error code (or message)
*/
public $error = '';
/**
* @var string name
*/
public $name = 'sn_standard';
/**
* Return description of numbering module
*
* @return string Text with description
*/
public function info()
{
global $langs;
return $langs->trans("SimpleNumRefModelDesc", $this->prefix);
}
/**
* Return an example of numbering
*
* @return string Example
*/
public function getExample()
{
return $this->prefix."0501-0001";
}
/**
* Checks if the numbers already in the database do not
* cause conflicts that would prevent this numbering working.
*
* @return boolean false if conflict, true if ok
*/
public function canBeActivated()
{
global $conf, $langs, $db;
$coyymm = ''; $max = '';
$posindice = strlen($this->prefix) + 6;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql .= " FROM ".MAIN_DB_PREFIX."product_lot";
$sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql) {
$row = $db->fetch_row($resql);
if ($row) { $coyymm = substr($row[0], 0, 6); $max = $row[0]; }
}
if ($coyymm && !preg_match('/'.$this->prefix.'[0-9][0-9][0-9][0-9]/i', $coyymm)) {
$langs->load("errors");
$this->error = $langs->trans('ErrorNumRefModel', $max);
return false;
}
return true;
}
/**
* Return next free value
*
* @param Product $objprod Object product
* @param Object $object Object we need next value for
* @return string Value if KO, <0 if KO
*/
public function getNextValue($objprod, $object)
{
global $db, $conf;
// First, we get the max value
$posindice = strlen($this->prefix) + 6;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql .= " FROM ".MAIN_DB_PREFIX."product_lot";
$sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
if ($obj) $max = intval($obj->max);
else $max = 0;
} else {
dol_syslog("mod_sn_standard::getNextValue", LOG_DEBUG);
return -1;
}
//$date=time();
$date = $object->date_creation;
$yymm = strftime("%y%m", $date);
if ($max >= (pow(10, 4) - 1)) $num = $max + 1; // If counter > 9999, we do not format on 4 chars, we take number as it is
else $num = sprintf("%04s", $max + 1);
dol_syslog("mod_sn_standard::getNextValue return ".$this->prefix.$yymm."-".$num);
return $this->prefix.$yymm."-".$num;
}
}

86
htdocs/core/modules/product_batch/modules_product_batch.class.php
View File

@ -65,3 +65,89 @@ abstract class ModelePDFProductBatch extends CommonDocGenerator
return $list;
}
}
/**
* Parent class to manage numbering of batch products
*/
abstract class ModeleNumRefBatch
{
/**
* @var string Error code (or message)
*/
public $error = '';
/**
* Return if a module can be used or not
*
* @return boolean true if module can be used
*/
public function isEnabled()
{
return true;
}
/**
* Returns the default description of the numbering template
*
* @return string Texte descripif
*/
public function info()
{
global $langs;
$langs->load("productbatch");
return $langs->trans("NoDescription");
}
/**
* Returns an example of numbering
*
* @return string Example
*/
public function getExample()
{
global $langs;
$langs->load("productbatch");
return $langs->trans("NoExample");
}
/**
* Checks if the numbers already in the database do not
* cause conflicts that would prevent this numbering working.
*
* @return boolean false if conflict, true if ok
*/
public function canBeActivated()
{
return true;
}
/**
* Returns next assigned value
*
* @param Societe $objsoc Object thirdparty
* @param Object $object Object we need next value for
* @return string Valeur
*/
public function getNextValue($objsoc, $object)
{
global $langs;
return $langs->trans("NotAvailable");
}
/**
* Returns version of numbering module
*
* @return string Valeur
*/
public function getVersion()
{
global $langs;
$langs->load("admin");
if ($this->version == 'development') return $langs->trans("VersionDevelopment");
if ($this->version == 'experimental') return $langs->trans("VersionExperimental");
if ($this->version == 'dolibarr') return DOL_VERSION;
if ($this->version) return $this->version;
return $langs->trans("NotAvailable");
}
}

1
htdocs/core/modules/stock/doc/index.html Normal file
View File

@ -0,0 +1 @@

4
htdocs/core/photos_resize.php
View File

@ -487,8 +487,8 @@ print load_fiche_titre($title);
$infoarray = dol_getImageSize($dir."/".GETPOST("file", 'alpha'));
$height = $infoarray['height'];
$width = $infoarray['width'];
print $langs->trans("CurrentInformationOnImage").': ';
print $langs->trans("Width").': <strong>'.$width.'</strong> x '.$langs->trans("Height").': <strong>'.$height.'</strong><br>';
print '<span class="opacitymedium">'.$langs->trans("CurrentInformationOnImage").': ';
print $langs->trans("Width").': <strong>'.$width.'</strong> x '.$langs->trans("Height").': <strong>'.$height.'</strong></span><br>';
print '<br>'."\n";

2
htdocs/core/tpl/extrafields_view.tpl.php
View File

@ -81,7 +81,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element]
if ($perms && isset($extrafields->attributes[$object->table_element]['perms'][$tmpkeyextra])) {
$perms = dol_eval($extrafields->attributes[$object->table_element]['perms'][$tmpkeyextra], 1);
}
//print $tmpkeyextra.'-'.$enabled.'-'.$perms.'-'.$tmplabelextra.$_POST["options_" . $tmpkeyextra].'<br>'."\n";
//print $tmpkeyextra.'-'.$enabled.'-'.$perms.'<br>'."\n";
if (empty($enabled)) {
continue; // 0 = Never visible field

2
htdocs/core/tpl/notes.tpl.php
View File

@ -24,7 +24,7 @@ if (empty($object) || !is_object($object)) {
}
// $permissionnote must be defined by caller. For example $permissionnote=$user->rights->module->create
// $cssclass must be defined by caller. For example $cssclass='fieldtitle"
// $cssclass must be defined by caller. For example $cssclass='fieldtitle'
$module = $object->element;
$note_public = 'note_public';
$note_private = 'note_private';

15
htdocs/don/payment/payment.php
View File

@ -29,9 +29,10 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
$langs->load("bills");
$chid = GETPOST("rowid");
$chid = GETPOST("rowid", 'int');
$action = GETPOST('action', 'aZ09');
$amounts = array();
$cancel = GETPOST('cancel');
// Security check
$socid = 0;
@ -49,15 +50,15 @@ $object = new Don($db);
if ($action == 'add_payment') {
$error = 0;
if ($_POST["cancel"]) {
if ($cancel) {
$loc = DOL_URL_ROOT.'/don/card.php?rowid='.$chid;
header("Location: ".$loc);
exit;
}
$datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
$datepaid = dol_mktime(12, 0, 0, GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear"));
if (!$_POST["paymenttype"] > 0) {
if (!(GETPOST("paymenttype") > 0)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors');
$error++;
}
@ -65,7 +66,7 @@ if ($action == 'add_payment') {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Date")), null, 'errors');
$error++;
}
if (!empty($conf->banque->enabled) && !$_POST["accountid"] > 0) {
if (!empty($conf->banque->enabled) && !(GETPOST("accountid", 'int') > 0)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("AccountToCredit")), null, 'errors');
$error++;
}
@ -183,8 +184,8 @@ if ($action == 'create') {
print '<table class="border centpercent tableforfieldcreate">';
print '<tr><td class="fieldrequired">'.$langs->trans("Date").'</td><td colspan="2">';
$datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
$datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (empty($_POST["remonth"]) ?-1 : $datepaid) : 0;
$datepaid = dol_mktime(12, 0, 0, GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear"));
$datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (GETPOST("remonth") ? $datepaid : -1) : 0;
print $form->selectDate($datepayment, '', 0, 0, 0, "add_payment", 1, 1, 0, '', '', $object->date, '', 1, $langs->trans("DonationDate"));
print "</td>";
print '</tr>';

Some files were not shown because too many files have changed in this diff Show More