From b13fc30a0a7a96ac152b68813aade802cf032234 Mon Sep 17 00:00:00 2001 From: Henry Date: Sat, 4 Sep 2021 12:25:40 +0800 Subject: [PATCH 01/32] Update dolibarr.php --- htdocs/admin/system/dolibarr.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index 0271488b65a..a39d4dc2a8c 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -505,7 +505,7 @@ if ($resql) { $obj = $db->fetch_object($resql); print ''; - print ''.$obj->name.''."\n"; + print ''.$obj->name.''."\n"; print ''; if (isASecretKey($obj->name)) { if (empty($dolibarr_main_prod)) { From 456f25d57e95ed5528e3f1eb08a034f5268547ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sat, 4 Sep 2021 11:30:03 +0200 Subject: [PATCH 02/32] fix #17634 --- htdocs/main.inc.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index a56054b9594..cc2a21b9f84 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -1766,6 +1766,7 @@ function top_menu_user($hideloginname = 0, $urllogout = '') global $dolibarr_main_authentication, $dolibarr_main_demo; global $menumanager; + $langs->load('companies'); $userImage = $userDropDownImage = ''; if (!empty($user->photo)) { From 1c97393a6900c8e1af792408fe405842b90494c0 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sun, 5 Sep 2021 15:35:06 +0200 Subject: [PATCH 03/32] FIX increase maxlength of password input --- htdocs/user/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index cb7aa69949c..8622e293906 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -3,7 +3,7 @@ * Copyright (C) 2002-2003 Jean-Louis Bergamo * Copyright (C) 2004-2020 Laurent Destailleur * Copyright (C) 2004 Eric Seigne - * Copyright (C) 2005-2018 Regis Houssin + * Copyright (C) 2005-2021 Regis Houssin * Copyright (C) 2005 Lionel Cousteix * Copyright (C) 2011 Herve Prot * Copyright (C) 2012-2018 Juanjo Menent @@ -2290,7 +2290,7 @@ if ($action == 'create' || $action == 'adduserldap') { } if (preg_match('/dolibarr/', $dolibarr_main_authentication)) { if ($caneditpassword) { - $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').''; + $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').''; } else { $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').preg_replace('/./i', '*', $object->pass); } From be1c08ddfe322c8f44a5e4a7474bd39f6f630bec Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Mon, 6 Sep 2021 12:30:39 +0200 Subject: [PATCH 04/32] FIX : salary extrafields don't work and table is not well named --- htdocs/core/tpl/extrafields_view.tpl.php | 3 +++ .../install/mysql/migration/13.0.0-14.0.0.sql | 2 ++ ...key.sql => llx_salary_extrafields.key.sql} | 2 +- ...afields.sql => llx_salary_extrafields.sql} | 4 ++-- .../salaries/admin/salaries_extrafields.php | 2 +- htdocs/salaries/card.php | 24 +++++++++++++++++++ 6 files changed, 33 insertions(+), 4 deletions(-) rename htdocs/install/mysql/tables/{llx_payment_salary_extrafields.key.sql => llx_salary_extrafields.key.sql} (89%) rename htdocs/install/mysql/tables/{llx_payment_salary_extrafields.sql => llx_salary_extrafields.sql} (91%) diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index 3f2ab773b06..0a2348f5858 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -194,6 +194,9 @@ if (empty($reshook) && isset($extrafields->attributes[$object->table_element]['l if ($object->element == 'contact') { $permok = $user->rights->societe->contact->creer; } + if($object->element == 'salary') { + $permok = $user->rights->salaries->read; + } $isdraft = ((isset($object->statut) && $object->statut == 0) || (isset($object->status) && $object->status == 0)); if (($isdraft || !empty($extrafields->attributes[$object->table_element]['alwayseditable'][$tmpkeyextra])) diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index d50b6991261..7c1815377be 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -349,6 +349,8 @@ UPDATE llx_payment_salary SET ref = rowid WHERE ref IS NULL; ALTER TABLE llx_salary ALTER COLUMN paye set default 0; +ALTER TABLE llx_payment_salary_extrafields RENAME TO llx_salary_extrafields; + DELETE FROM llx_boxes WHERE box_id IN (SELECT rowid FROM llx_boxes_def WHERE file IN ('box_graph_ticket_by_severity', 'box_ticket_by_severity.php', 'box_nb_ticket_last_x_days.php', 'box_nb_tickets_type.php', 'box_new_vs_close_ticket.php')); DELETE FROM llx_boxes_def WHERE file IN ('box_graph_ticket_by_severity', 'box_ticket_by_severity.php', 'box_nb_ticket_last_x_days.php', 'box_nb_tickets_type.php', 'box_new_vs_close_ticket.php'); diff --git a/htdocs/install/mysql/tables/llx_payment_salary_extrafields.key.sql b/htdocs/install/mysql/tables/llx_salary_extrafields.key.sql similarity index 89% rename from htdocs/install/mysql/tables/llx_payment_salary_extrafields.key.sql rename to htdocs/install/mysql/tables/llx_salary_extrafields.key.sql index 9231351a749..9c6e047d9ee 100644 --- a/htdocs/install/mysql/tables/llx_payment_salary_extrafields.key.sql +++ b/htdocs/install/mysql/tables/llx_salary_extrafields.key.sql @@ -17,4 +17,4 @@ -- =================================================================== -ALTER TABLE llx_payment_salary_extrafields ADD INDEX idx_payment_salary_extrafields (fk_object); +ALTER TABLE llx_salary_extrafields ADD INDEX idx_salary_extrafields (fk_object); diff --git a/htdocs/install/mysql/tables/llx_payment_salary_extrafields.sql b/htdocs/install/mysql/tables/llx_salary_extrafields.sql similarity index 91% rename from htdocs/install/mysql/tables/llx_payment_salary_extrafields.sql rename to htdocs/install/mysql/tables/llx_salary_extrafields.sql index 5f15918ef18..bedab6757b4 100644 --- a/htdocs/install/mysql/tables/llx_payment_salary_extrafields.sql +++ b/htdocs/install/mysql/tables/llx_salary_extrafields.sql @@ -16,10 +16,10 @@ -- -- =================================================================== -create table llx_payment_salary_extrafields +create table llx_salary_extrafields ( rowid integer AUTO_INCREMENT PRIMARY KEY, tms timestamp DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - fk_object integer NOT NULL, -- salary payment id + fk_object integer NOT NULL, -- salary id import_key varchar(14) -- import key )ENGINE=innodb; diff --git a/htdocs/salaries/admin/salaries_extrafields.php b/htdocs/salaries/admin/salaries_extrafields.php index 38303518ac4..2354da8048a 100644 --- a/htdocs/salaries/admin/salaries_extrafields.php +++ b/htdocs/salaries/admin/salaries_extrafields.php @@ -42,7 +42,7 @@ foreach ($tmptype2label as $key => $val) { $action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); -$elementtype = 'payment_salary'; //Must be the $table_element of the class that manage extrafield +$elementtype = 'salary'; //Must be the $table_element of the class that manage extrafield if (!$user->admin) { accessforbidden(); diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index d3c7ba504cb..d3cbc5d3904 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -354,6 +354,30 @@ if ($action == 'confirm_clone' && $confirm == 'yes' && ($user->rights->salaries- } } +// Action to update one extrafield +if ($action == "update_extras" && !empty($user->rights->salaries->read)) { + $object->fetch(GETPOST('id', 'int')); + + $attributekey = GETPOST('attribute', 'alpha'); + $attributekeylong = 'options_'.$attributekey; + + if (GETPOSTISSET($attributekeylong.'day') && GETPOSTISSET($attributekeylong.'month') && GETPOSTISSET($attributekeylong.'year')) { + // This is properties of a date + $object->array_options['options_'.$attributekey] = dol_mktime(GETPOST($attributekeylong.'hour', 'int'), GETPOST($attributekeylong.'min', 'int'), GETPOST($attributekeylong.'sec', 'int'), GETPOST($attributekeylong.'month', 'int'), GETPOST($attributekeylong.'day', 'int'), GETPOST($attributekeylong.'year', 'int')); + //var_dump(dol_print_date($object->array_options['options_'.$attributekey]));exit; + } else { + $object->array_options['options_'.$attributekey] = GETPOST($attributekeylong, 'alpha'); + } + + $result = $object->insertExtraFields(empty($triggermodname) ? '' : $triggermodname, $user); + if ($result > 0) { + setEventMessages($langs->trans('RecordSaved'), null, 'mesgs'); + $action = 'view'; + } else { + setEventMessages($object->error, $object->errors, 'errors'); + $action = 'edit_extras'; + } +} /* * View From 383c92f6c62c32d9d7fd846f9b1f50ed49da7b65 Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Mon, 6 Sep 2021 14:52:11 +0200 Subject: [PATCH 05/32] FIX : migration script --- htdocs/install/mysql/migration/13.0.0-14.0.0.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index 7c1815377be..a562f00c295 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -349,6 +349,7 @@ UPDATE llx_payment_salary SET ref = rowid WHERE ref IS NULL; ALTER TABLE llx_salary ALTER COLUMN paye set default 0; +UPDATE llx_extrafields SET elementtype = 'salary' WHERE elementtype = 'payment_salary'; ALTER TABLE llx_payment_salary_extrafields RENAME TO llx_salary_extrafields; DELETE FROM llx_boxes WHERE box_id IN (SELECT rowid FROM llx_boxes_def WHERE file IN ('box_graph_ticket_by_severity', 'box_ticket_by_severity.php', 'box_nb_ticket_last_x_days.php', 'box_nb_tickets_type.php', 'box_new_vs_close_ticket.php')); From 1043bc964ddb714483791efbdb9bad6049c1cbbe Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Mon, 6 Sep 2021 12:58:06 +0000 Subject: [PATCH 06/32] Fixing style errors. --- htdocs/core/tpl/extrafields_view.tpl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index 0a2348f5858..f50276821b1 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -194,7 +194,7 @@ if (empty($reshook) && isset($extrafields->attributes[$object->table_element]['l if ($object->element == 'contact') { $permok = $user->rights->societe->contact->creer; } - if($object->element == 'salary') { + if ($object->element == 'salary') { $permok = $user->rights->salaries->read; } From 18da6e6d6f940c9ba3dbda75648af5186482c0ea Mon Sep 17 00:00:00 2001 From: jyhere Date: Mon, 6 Sep 2021 15:20:47 +0200 Subject: [PATCH 07/32] Update create.php Fix : unable to create a direct debit if ics and ics_transfer are empty even though ics_transfer is only used for bank transfer. --- htdocs/compta/prelevement/create.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index 6f045f3ca74..9a3202540b4 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -95,7 +95,9 @@ if (empty($reshook)) { require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; $bank = new Account($db); $bank->fetch($conf->global->{$default_account}); - if (empty($bank->ics) || empty($bank->ics_transfer)) { + if ((empty($bank->ics) && $type !== 'bank-transfer') + || (empty($bank->ics_transfer) && $type === 'bank-transfer') + ) { $errormessage = str_replace('{url}', $bank->getNomUrl(1, '', '', -1, 1), $langs->trans("ErrorICSmissing", '{url}')); setEventMessages($errormessage, null, 'errors'); header("Location: ".DOL_URL_ROOT.'/compta/prelevement/create.php'); From 3537f68c7e16a09aea83453022b262d580231e52 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Mon, 6 Sep 2021 13:24:22 +0000 Subject: [PATCH 08/32] Fixing style errors. --- htdocs/compta/prelevement/create.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index 9a3202540b4..172cf020e34 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -96,8 +96,8 @@ if (empty($reshook)) { $bank = new Account($db); $bank->fetch($conf->global->{$default_account}); if ((empty($bank->ics) && $type !== 'bank-transfer') - || (empty($bank->ics_transfer) && $type === 'bank-transfer') - ) { + || (empty($bank->ics_transfer) && $type === 'bank-transfer') + ) { $errormessage = str_replace('{url}', $bank->getNomUrl(1, '', '', -1, 1), $langs->trans("ErrorICSmissing", '{url}')); setEventMessages($errormessage, null, 'errors'); header("Location: ".DOL_URL_ROOT.'/compta/prelevement/create.php'); From 7d8023fea74862012ab35d1e5e0486d1b3743f1e Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 6 Sep 2021 16:21:30 +0200 Subject: [PATCH 09/32] FIX wrong table_element_line --- htdocs/core/ajax/row.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/ajax/row.php b/htdocs/core/ajax/row.php index 95518cbbf66..c55d80ee521 100644 --- a/htdocs/core/ajax/row.php +++ b/htdocs/core/ajax/row.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2010-2021 Regis Houssin * Copyright (C) 2017 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify @@ -79,7 +79,7 @@ if (GETPOST('roworder', 'alpha', 3) && GETPOST('table_element_line', 'aZ09', 3) $perm = 1; } elseif ($table_element_line == 'facturedet' && $user->rights->facture->creer) { $perm = 1; - } elseif ($table_element_line == 'facturerecdet' && $user->rights->facture->creer) { + } elseif ($table_element_line == 'facturedet_rec' && $user->rights->facture->creer) { $perm = 1; } elseif ($table_element_line == 'ecm_files' && $user->rights->ecm->creer) { $perm = 1; From 4aaaa8e21a29995c51e0533968209d8bcb166fa0 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 7 Sep 2021 12:10:35 +0200 Subject: [PATCH 10/32] FIX multicompany transverse mode compatibility --- htdocs/comm/action/peruser.php | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 6b54a327705..cc086a179e0 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -767,11 +767,18 @@ while ($currentdaytoshow < $lastdaytoshow) { } } else { /* Use this list to have for all users */ - $sql = "SELECT u.rowid, u.lastname as lastname, u.firstname, u.statut, u.login, u.admin, u.entity"; - $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; - if ($usergroup > 0) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."usergroup_user as ug ON u.rowid = ug.fk_user"; - $sql .= " WHERE u.statut = 1 AND u.entity IN (".getEntity('user').")"; - if ($usergroup > 0) $sql .= " AND ug.fk_usergroup = ".$usergroup; + $sql = "SELECT u.rowid, u.lastname as lastname, u.firstname, u.statut, u.login, u.admin, u.entity"; + $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; + if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { + $sql .= ", ".MAIN_DB_PREFIX."usergroup_user as ug"; + $sql .= " WHERE ug.entity IN (".getEntity('usergroup').")"; + $sql .= " AND ug.fk_user = u.rowid "; + } else { + if ($usergroup > 0) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."usergroup_user as ug ON u.rowid = ug.fk_user"; + $sql .= " WHERE u.entity IN (".getEntity('user').")"; + } + $sql .= " AND u.statut = 1"; + if ($usergroup > 0) $sql .= " AND ug.fk_usergroup = ".$usergroup; //print $sql; $resql = $db->query($sql); if ($resql) { From 52419f28c530120066033bbdd6a6c7706b25e590 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 7 Sep 2021 12:38:15 +0200 Subject: [PATCH 11/32] FIX add DISTINCT --- htdocs/comm/action/peruser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index cc086a179e0..690f15a1738 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -767,7 +767,7 @@ while ($currentdaytoshow < $lastdaytoshow) { } } else { /* Use this list to have for all users */ - $sql = "SELECT u.rowid, u.lastname as lastname, u.firstname, u.statut, u.login, u.admin, u.entity"; + $sql = "SELECT DISTINCT u.rowid, u.lastname as lastname, u.firstname, u.statut, u.login, u.admin, u.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $sql .= ", ".MAIN_DB_PREFIX."usergroup_user as ug"; From f3babd28194eb3563f43f685ad5caeeef7045cb2 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Tue, 7 Sep 2021 13:59:36 +0200 Subject: [PATCH 12/32] Fix #18633 : fix error message --- htdocs/install/mysql/migration/13.0.0-14.0.0.sql | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index d50b6991261..af3a1662ab6 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -598,3 +598,5 @@ create table llx_onlinesignature -- VMYSQL4.3 ALTER TABLE llx_partnership MODIFY COLUMN date_partnership_end date NULL; -- VPGSQL8.2 ALTER TABLE llx_partnership ALTER COLUMN date_partnership_end DROP NOT NULL; + +Alter TABLE llx_facture_fourn CHANGE fk_mode_transport fk_transport_mode integer From 948d2bc4e99205191cc597c640e069a8b467117f Mon Sep 17 00:00:00 2001 From: Adrien Raze Date: Tue, 7 Sep 2021 14:43:37 +0200 Subject: [PATCH 13/32] FIX : Add token when remove the last widget on home page --- htdocs/core/class/html.formother.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index 038f93d34c6..e81308faf79 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -1206,7 +1206,7 @@ class FormOther async: false }); // We force reload to be sure to get all boxes into list - window.location.search=\'mainmenu='.GETPOST("mainmenu", "aZ09").'&leftmenu='.GETPOST('leftmenu', "aZ09").'&action=delbox\'; + window.location.search=\'mainmenu='.GETPOST("mainmenu", "aZ09").'&leftmenu='.GETPOST('leftmenu', "aZ09").'&action=delbox&token='.newToken().'\'; } else { From e26e6288c208387639e739db618a2201b0476fd9 Mon Sep 17 00:00:00 2001 From: ksar <35605507+ksar-ksar@users.noreply.github.com> Date: Tue, 7 Sep 2021 15:22:02 +0200 Subject: [PATCH 14/32] FIX #18591 : Remove double quotes of SQL Queries FIX #18591 : Remove double quotes of SQL Queries for postgresql compatibility --- htdocs/core/class/dolreceiptprinter.class.php | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/htdocs/core/class/dolreceiptprinter.class.php b/htdocs/core/class/dolreceiptprinter.class.php index 4dfca1186c0..ad2e7ed1181 100644 --- a/htdocs/core/class/dolreceiptprinter.class.php +++ b/htdocs/core/class/dolreceiptprinter.class.php @@ -386,9 +386,9 @@ class dolReceiptPrinter extends Printer { global $conf; $error = 0; - $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'printer_receipt'; - $sql .= ' (name, fk_type, fk_profile, parameter, entity)'; - $sql .= ' VALUES ("'.$this->db->escape($name).'", '.$type.', '.$profile.', "'.$this->db->escape($parameter).'", '.$conf->entity.')'; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."printer_receipt"; + $sql .= " (name, fk_type, fk_profile, parameter, entity)"; + $sql .= " VALUES ('".$this->db->escape($name)."', ".$type.", ".$profile.", '".$this->db->escape($parameter)."', ".$conf->entity.")"; $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -411,12 +411,12 @@ class dolReceiptPrinter extends Printer { global $conf; $error = 0; - $sql = 'UPDATE '.MAIN_DB_PREFIX.'printer_receipt'; - $sql .= ' SET name="'.$this->db->escape($name).'"'; - $sql .= ', fk_type='.$type; - $sql .= ', fk_profile='.$profile; - $sql .= ', parameter="'.$this->db->escape($parameter).'"'; - $sql .= ' WHERE rowid='.$printerid; + $sql = "UPDATE ".MAIN_DB_PREFIX."printer_receipt"; + $sql .= " SET name='".$this->db->escape($name)."'"; + $sql .= ", fk_type=".$type; + $sql .= ", fk_profile=".$profile; + $sql .= ", parameter='".$this->db->escape($parameter)."'"; + $sql .= " WHERE rowid=".$printerid; $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -456,9 +456,9 @@ class dolReceiptPrinter extends Printer { global $conf; $error = 0; - $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'printer_receipt_template'; - $sql .= ' (name, template, entity) VALUES ("'.$this->db->escape($name).'"'; - $sql .= ', "'.$this->db->escape($template).'", '.$conf->entity.')'; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."printer_receipt_template"; + $sql .= " (name, template, entity) VALUES ('".$this->db->escape($name)."'"; + $sql .= ", '".$this->db->escape($template)."', ".$conf->entity.")"; $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -500,10 +500,10 @@ class dolReceiptPrinter extends Printer { global $conf; $error = 0; - $sql = 'UPDATE '.MAIN_DB_PREFIX.'printer_receipt_template'; - $sql .= ' SET name="'.$this->db->escape($name).'"'; - $sql .= ', template="'.$this->db->escape($template).'"'; - $sql .= ' WHERE rowid='.$templateid; + $sql = "UPDATE ".MAIN_DB_PREFIX."printer_receipt_template"; + $sql .= " SET name='".$this->db->escape($name)."'"; + $sql .= ", template='".$this->db->escape($template)."'"; + $sql .= " WHERE rowid=".$templateid; $resql = $this->db->query($sql); if (!$resql) { $error++; From 6c118b4dfbe2cc7a312486cdcbedd086adf28459 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 8 Sep 2021 04:31:38 +0200 Subject: [PATCH 15/32] css --- htdocs/accountancy/journal/expensereportsjournal.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/accountancy/journal/expensereportsjournal.php b/htdocs/accountancy/journal/expensereportsjournal.php index 9633157b5b7..96ab150dd24 100644 --- a/htdocs/accountancy/journal/expensereportsjournal.php +++ b/htdocs/accountancy/journal/expensereportsjournal.php @@ -610,7 +610,7 @@ if (empty($action) || $action == 'view') { $userstatic->id = $tabuser[$key]['id']; $userstatic->name = $tabuser[$key]['name']; print "".$userstatic->getNomUrl(0, 'user', 16).' - '.$accountingaccount->label.""; - print ''.($mt >= 0 ? price($mt) : '').""; + print ''.($mt >= 0 ? price($mt) : '').""; print ''.($mt < 0 ? price(-$mt) : '').""; print ""; } From 8c95ada9fddefd98c5713d5b61c93ddc7cd77823 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 8 Sep 2021 10:25:27 +0200 Subject: [PATCH 16/32] FIX wrong users count in multicompany transverse mode --- htdocs/user/class/user.class.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index df60c0f2fc9..05710ec2f88 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -3298,14 +3298,21 @@ class User extends CommonObject public function load_state_board() { // phpcs:enable + global $conf; $this->nb = array(); - $sql = "SELECT count(u.rowid) as nb"; + $sql = "SELECT DISTINCT count(u.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE u.statut > 0"; + if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { + $sql .= ", ".MAIN_DB_PREFIX."usergroup_user as ug"; + $sql .= " WHERE ug.entity IN (".getEntity('usergroup').")"; + $sql .= " AND ug.fk_user = u.rowid "; + } else { + $sql .= " WHERE u.entity IN (".getEntity('user').")"; + } + $sql .= " AND u.statut > 0"; //$sql.= " AND employee != 0"; - $sql .= " AND u.entity IN (".getEntity('user').")"; $resql = $this->db->query($sql); if ($resql) { From a5e670291e8cedb47d0cb10e3c81841f41236b89 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Wed, 8 Sep 2021 15:36:51 +0200 Subject: [PATCH 17/32] Fix permission for salaries module --- htdocs/core/lib/security.lib.php | 2 +- htdocs/salaries/card.php | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index b297c81035e..4c36244a5bf 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -611,7 +611,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta $feature = 'projet_task'; } - $check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salary', 'website'); // Test on entity only (Objects with no link to company) + $check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object $checkother = array('contact', 'agenda'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet', 'project'); // Test for project object diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index d3c7ba504cb..f83f879cf8e 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -67,9 +67,27 @@ $fk_user = GETPOSTINT('userid'); $object = new Salary($db); $extrafields = new ExtraFields($db); +$childids = $user->getAllChildIds(1); + // fetch optionals attributes and labels $extrafields->fetch_name_optionals_label($object->table_element); +if (($id > 0) || $ref) { + $object->fetch($id, $ref); + + // Check current user can read this leave request + $canread = 0; + if (!empty($user->rights->salaries->readall)) { + $canread = 1; + } + if (!empty($user->rights->salaries->read) && in_array($object->fk_user, $childids)) { + $canread = 1; + } + if (!$canread) { + accessforbidden(); + } +} + // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('salarycard', 'globalcard')); From e9505c1109934e62b34f52e404528056ce0cd9e7 Mon Sep 17 00:00:00 2001 From: MOREAU FRANCK Date: Wed, 8 Sep 2021 18:23:44 +0200 Subject: [PATCH 18/32] Update V14 --- htdocs/core/menus/standard/eldy.lib.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 75055329add..95af5973587 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -384,10 +384,16 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = // Tickets and knwoledge base $tmpentry = array( - 'enabled'=>(!empty($conf->ticket->enabled) || !empty($conf->knwoledgemanagement->enabled)), - 'perms'=>(!empty($user->rights->ticket->read) || !empty($user->rights->knwoledgemanagement->read)), - 'module'=>'ticket|knwoledgemanagement' + 'enabled'=>(!empty($conf->ticket->enabled) || !empty($conf->knowledgemanagement->enabled)), + 'perms'=>(!empty($user->rights->ticket->read) || !empty($user->rights->knowledgemanagement->knowledgerecord->read)), + 'module'=>'ticket|knowledgemanagement' ); + $link = ''; + if(!empty($conf->ticket->enabled)){ + $link = '/ticket/index.php?mainmenu=ticket&leftmenu='; + }else{ + $link = '/knowledgemanagement/knowledgerecord_list.php?mainmenu=ticket&leftmenu='; + } $menu_arr[] = array( 'name' => 'Ticket', 'link' => '/ticket/index.php?mainmenu=ticket&leftmenu=', From 04026dd0b06f330a903a76e45d86109b7d23bc99 Mon Sep 17 00:00:00 2001 From: MOREAU FRANCK Date: Wed, 8 Sep 2021 19:51:34 +0200 Subject: [PATCH 19/32] fix Stickler CI review --- htdocs/core/menus/standard/eldy.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 95af5973587..7c93cd94163 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -389,9 +389,9 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'module'=>'ticket|knowledgemanagement' ); $link = ''; - if(!empty($conf->ticket->enabled)){ + if (!empty($conf->ticket->enabled)) { $link = '/ticket/index.php?mainmenu=ticket&leftmenu='; - }else{ + } else { $link = '/knowledgemanagement/knowledgerecord_list.php?mainmenu=ticket&leftmenu='; } $menu_arr[] = array( From b87ac639fd4ed060e73653f9123420cfa3354c8b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 9 Sep 2021 03:02:18 +0200 Subject: [PATCH 20/32] Update card.php --- htdocs/salaries/card.php | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index f83f879cf8e..6d30ae73e3d 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -72,28 +72,24 @@ $childids = $user->getAllChildIds(1); // fetch optionals attributes and labels $extrafields->fetch_name_optionals_label($object->table_element); -if (($id > 0) || $ref) { - $object->fetch($id, $ref); - - // Check current user can read this leave request - $canread = 0; - if (!empty($user->rights->salaries->readall)) { - $canread = 1; - } - if (!empty($user->rights->salaries->read) && in_array($object->fk_user, $childids)) { - $canread = 1; - } - if (!$canread) { - accessforbidden(); - } -} - // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('salarycard', 'globalcard')); $object = new Salary($db); if ($id > 0 || !empty($ref)) { $object->fetch($id, $ref); + + // Check current user can read this salary + $canread = 0; + if (!empty($user->rights->salaries->readall)) { + $canread = 1; + } + if (!empty($user->rights->salaries->read) && $object->fk_user > 0 && in_array($object->fk_user, $childids)) { + $canread = 1; + } + if (!$canread) { + accessforbidden(); + } } // Security check From 61d5152209cea58b04ec724639616d7a3624d1bf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 9 Sep 2021 03:23:04 +0200 Subject: [PATCH 21/32] Update eldy.lib.php --- htdocs/core/menus/standard/eldy.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 7c93cd94163..b1f625ac680 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -382,7 +382,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'submenus' => array(), ); - // Tickets and knwoledge base + // Tickets and knowledge base $tmpentry = array( 'enabled'=>(!empty($conf->ticket->enabled) || !empty($conf->knowledgemanagement->enabled)), 'perms'=>(!empty($user->rights->ticket->read) || !empty($user->rights->knowledgemanagement->knowledgerecord->read)), From 77b8d91895a2019dc4783747cec7e75657b99363 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 9 Sep 2021 04:56:25 +0200 Subject: [PATCH 22/32] Update 13.0.0-14.0.0.sql --- htdocs/install/mysql/migration/13.0.0-14.0.0.sql | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index af3a1662ab6..eff69ca5616 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -583,7 +583,7 @@ DROP TABLE llx_categorie_association; DROP TABLE llx_cond_reglement; DROP TABLE llx_zapier_hook_extrafields; -create table llx_onlinesignature +CREATE TABLE llx_onlinesignature ( rowid integer AUTO_INCREMENT PRIMARY KEY, entity integer DEFAULT 1 NOT NULL, @@ -599,4 +599,5 @@ create table llx_onlinesignature -- VMYSQL4.3 ALTER TABLE llx_partnership MODIFY COLUMN date_partnership_end date NULL; -- VPGSQL8.2 ALTER TABLE llx_partnership ALTER COLUMN date_partnership_end DROP NOT NULL; -Alter TABLE llx_facture_fourn CHANGE fk_mode_transport fk_transport_mode integer +ALTER TABLE llx_facture_fourn CHANGE COLUMN fk_mode_transport fk_transport_mode integer; + From ea9a07fb3daa000a536c80d68fc246294b7272c2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 9 Sep 2021 05:11:31 +0200 Subject: [PATCH 23/32] Update dolibarr.php --- htdocs/admin/system/dolibarr.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index a39d4dc2a8c..ace35668e5f 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -505,7 +505,7 @@ if ($resql) { $obj = $db->fetch_object($resql); print ''; - print ''.$obj->name.''."\n"; + print ''.dol_escape_htmltag($obj->name).''."\n"; print ''; if (isASecretKey($obj->name)) { if (empty($dolibarr_main_prod)) { From de97b248f2ddff50ddce7da7b0af8deaa3ad5466 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 9 Sep 2021 05:11:56 +0200 Subject: [PATCH 24/32] Update dolibarr.php --- htdocs/admin/system/dolibarr.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index ace35668e5f..90e35c8e970 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -505,7 +505,7 @@ if ($resql) { $obj = $db->fetch_object($resql); print ''; - print ''.dol_escape_htmltag($obj->name).''."\n"; + print ''.dol_escape_htmltag($obj->name).''."\n"; print ''; if (isASecretKey($obj->name)) { if (empty($dolibarr_main_prod)) { From 303b0e7f311370dc47e58d07c41a85380428c0ce Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 9 Sep 2021 09:21:30 +0200 Subject: [PATCH 25/32] FIX better sql request --- htdocs/user/class/user.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 05710ec2f88..81a408d6212 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -3302,7 +3302,7 @@ class User extends CommonObject $this->nb = array(); - $sql = "SELECT DISTINCT count(u.rowid) as nb"; + $sql = "SELECT COUNT(DISTINCT u.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $sql .= ", ".MAIN_DB_PREFIX."usergroup_user as ug"; From d451703bbf5b0769ff0ec92857a3c3fcd438fee0 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Thu, 9 Sep 2021 11:21:34 +0200 Subject: [PATCH 26/32] Fix : reception list sql error --- htdocs/reception/list.php | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index e4b519517ea..5b4bdf6bb6f 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -85,7 +85,7 @@ $extrafields = new ExtraFields($db); // fetch optionals attributes and labels $extrafields->fetch_name_optionals_label($object->table_element); -$search_array_options = (array) $extrafields->getOptionalsFromPost($object->table_element, '', 'search_'); +$search_array_options = $extrafields->getOptionalsFromPost($object->table_element, '', 'search_'); // List of fields to search into when doing a "search in all" $fieldstosearchall = array( @@ -537,21 +537,7 @@ if ($sall) { } // Add where from extra fields -foreach ($search_array_options as $key => $val) { - $crit = $val; - $tmpkey = preg_replace('/search_options_/', '', $key); - $typ = $extrafields->attributes[$object->table_element]['type'][$tmpkey]; - $mode = 0; - if (in_array($typ, array('int', 'double', 'real'))) { - $mode = 1; // Search on a numeric - } - if (in_array($typ, array('sellist')) && $crit != '0' && $crit != '-1') { - $mode = 2; // Search on a foreign key int - } - if ($crit != '' && (!in_array($typ, array('select', 'sellist')) || $crit != '0')) { - $sql .= natural_search('ef.'.$tmpkey, $crit, $mode); - } -} +include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; // Add where from hooks $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook From 022f3e640d764e37b2f0533f1e099956d1df6652 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Thu, 9 Sep 2021 13:28:30 +0200 Subject: [PATCH 27/32] Fix #18660 : fix rights of supplier order with API --- htdocs/fourn/class/api_supplier_orders.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/fourn/class/api_supplier_orders.class.php b/htdocs/fourn/class/api_supplier_orders.class.php index d4eedcd0fd9..b02de6629e9 100644 --- a/htdocs/fourn/class/api_supplier_orders.class.php +++ b/htdocs/fourn/class/api_supplier_orders.class.php @@ -224,7 +224,7 @@ class SupplierOrders extends DolibarrApi */ public function post($request_data = null) { - if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer || !DolibarrApiAccess::$user->rights->supplier_order->creer) { + if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer) { throw new RestException(401, "Insuffisant rights"); } // Check mandatory fields @@ -260,7 +260,7 @@ class SupplierOrders extends DolibarrApi */ public function put($id, $request_data = null) { - if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer || !DolibarrApiAccess::$user->rights->supplier_order->creer) { + if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer) { throw new RestException(401); } @@ -340,7 +340,7 @@ class SupplierOrders extends DolibarrApi */ public function validate($id, $idwarehouse = 0, $notrigger = 0) { - if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer || !DolibarrApiAccess::$user->rights->supplier_order->creer) { + if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer) { throw new RestException(401); } $result = $this->order->fetch($id); From 8af6b8679ef08595e49e53740bff7ce2e5e88992 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Thu, 9 Sep 2021 14:40:39 +0200 Subject: [PATCH 28/32] update with fournisseur && supplier_order --- htdocs/fourn/class/api_supplier_orders.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/fourn/class/api_supplier_orders.class.php b/htdocs/fourn/class/api_supplier_orders.class.php index b02de6629e9..2549423a73f 100644 --- a/htdocs/fourn/class/api_supplier_orders.class.php +++ b/htdocs/fourn/class/api_supplier_orders.class.php @@ -224,7 +224,7 @@ class SupplierOrders extends DolibarrApi */ public function post($request_data = null) { - if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer) { + if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer && !DolibarrApiAccess::$user->rights->supplier_order->creer) { throw new RestException(401, "Insuffisant rights"); } // Check mandatory fields @@ -260,7 +260,7 @@ class SupplierOrders extends DolibarrApi */ public function put($id, $request_data = null) { - if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer) { + if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer && !DolibarrApiAccess::$user->rights->supplier_order->creer) { throw new RestException(401); } @@ -340,7 +340,7 @@ class SupplierOrders extends DolibarrApi */ public function validate($id, $idwarehouse = 0, $notrigger = 0) { - if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer) { + if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer && !DolibarrApiAccess::$user->rights->supplier_order->creer) { throw new RestException(401); } $result = $this->order->fetch($id); From ad0c4c518fba33b4b672f87fc0b76ac8a779cdc5 Mon Sep 17 00:00:00 2001 From: fr69400 <82267780+fr69400@users.noreply.github.com> Date: Mon, 6 Sep 2021 15:19:35 +0200 Subject: [PATCH 29/32] Update row.php right write doesn't exist for supplier_proposal ->line order dont works --- htdocs/core/ajax/row.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/ajax/row.php b/htdocs/core/ajax/row.php index c55d80ee521..7b271fafdf2 100644 --- a/htdocs/core/ajax/row.php +++ b/htdocs/core/ajax/row.php @@ -89,7 +89,7 @@ if (GETPOST('roworder', 'alpha', 3) && GETPOST('table_element_line', 'aZ09', 3) $perm = 1; } elseif ($table_element_line == 'mrp_production' && $user->rights->mrp->write) { $perm = 1; - } elseif ($table_element_line == 'supplier_proposaldet' && $user->rights->supplier_proposal->write) { + } elseif ($table_element_line == 'supplier_proposaldet' && $user->rights->supplier_proposal->creer) { $perm = 1; } elseif ($table_element_line == 'commande_fournisseurdet' && $user->rights->fournisseur->commande->creer) { $perm = 1; From 4928d03c4f5fa7622b305875bab941da033913f3 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Thu, 9 Sep 2021 14:44:17 +0200 Subject: [PATCH 30/32] update to have modify ! to empty() --- htdocs/fourn/class/api_supplier_orders.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/fourn/class/api_supplier_orders.class.php b/htdocs/fourn/class/api_supplier_orders.class.php index 2549423a73f..f221035a2ab 100644 --- a/htdocs/fourn/class/api_supplier_orders.class.php +++ b/htdocs/fourn/class/api_supplier_orders.class.php @@ -224,7 +224,7 @@ class SupplierOrders extends DolibarrApi */ public function post($request_data = null) { - if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer && !DolibarrApiAccess::$user->rights->supplier_order->creer) { + if (empty(DolibarrApiAccess::$user->rights->fournisseur->commande->creer) && empty(DolibarrApiAccess::$user->rights->supplier_order->creer)) { throw new RestException(401, "Insuffisant rights"); } // Check mandatory fields @@ -260,7 +260,7 @@ class SupplierOrders extends DolibarrApi */ public function put($id, $request_data = null) { - if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer && !DolibarrApiAccess::$user->rights->supplier_order->creer) { + if (empty(DolibarrApiAccess::$user->rights->fournisseur->commande->creer) && empty(DolibarrApiAccess::$user->rights->supplier_order->creer)) { throw new RestException(401); } @@ -340,7 +340,7 @@ class SupplierOrders extends DolibarrApi */ public function validate($id, $idwarehouse = 0, $notrigger = 0) { - if (!DolibarrApiAccess::$user->rights->fournisseur->commande->creer && !DolibarrApiAccess::$user->rights->supplier_order->creer) { + if (empty(DolibarrApiAccess::$user->rights->fournisseur->commande->creer) && empty(DolibarrApiAccess::$user->rights->supplier_order->creer)) { throw new RestException(401); } $result = $this->order->fetch($id); From 654bf4d672c1dfecc643dd656eb7b4a3deb2e0f9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 9 Sep 2021 15:07:55 +0200 Subject: [PATCH 31/32] Fix name of index #18623 --- htdocs/install/mysql/migration/13.0.0-14.0.0.sql | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index c95aaeffae6..89d0d2d0ce1 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -12,8 +12,8 @@ -- To change type of field: ALTER TABLE llx_table MODIFY COLUMN name varchar(60); -- To drop a foreign key: ALTER TABLE llx_table DROP FOREIGN KEY fk_name; -- To create a unique index ALTER TABLE llx_table ADD UNIQUE INDEX uk_table_field (field); --- To drop an index: -- VMYSQL4.1 DROP INDEX nomindex on llx_table --- To drop an index: -- VPGSQL8.2 DROP INDEX nomindex +-- To drop an index: -- VMYSQL4.1 DROP INDEX nomindex on llx_table; +-- To drop an index: -- VPGSQL8.2 DROP INDEX nomindex; -- To make pk to be auto increment (mysql): -- VMYSQL4.3 ALTER TABLE llx_table CHANGE COLUMN rowid rowid INTEGER NOT NULL AUTO_INCREMENT; -- To make pk to be auto increment (postgres): -- -- VPGSQL8.2 CREATE SEQUENCE llx_table_rowid_seq OWNED BY llx_table.rowid; @@ -351,6 +351,10 @@ ALTER TABLE llx_salary ALTER COLUMN paye set default 0; UPDATE llx_extrafields SET elementtype = 'salary' WHERE elementtype = 'payment_salary'; ALTER TABLE llx_payment_salary_extrafields RENAME TO llx_salary_extrafields; +-- VMYSQL4.1 DROP INDEX idx_payment_salary_extrafields on llx_salary_extrafields; +-- VPGSQL8.2 DROP INDEX idx_payment_salary_extrafields; +ALTER TABLE llx_salary_extrafields ADD INDEX idx_salary_extrafields (fk_object); + DELETE FROM llx_boxes WHERE box_id IN (SELECT rowid FROM llx_boxes_def WHERE file IN ('box_graph_ticket_by_severity', 'box_ticket_by_severity.php', 'box_nb_ticket_last_x_days.php', 'box_nb_tickets_type.php', 'box_new_vs_close_ticket.php')); DELETE FROM llx_boxes_def WHERE file IN ('box_graph_ticket_by_severity', 'box_ticket_by_severity.php', 'box_nb_ticket_last_x_days.php', 'box_nb_tickets_type.php', 'box_new_vs_close_ticket.php'); From 5406e3d34ecbfccde3ca16d837e7f0ce5938f850 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 9 Sep 2021 16:06:16 +0200 Subject: [PATCH 32/32] Fix phpcs --- htdocs/comm/action/peruser.php | 24 ++++++++++++------------ htdocs/user/class/user.class.php | 10 +++++----- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 52736f9ca36..14d052d0257 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -892,20 +892,20 @@ while ($currentdaytoshow < $lastdaytoshow) { } } else { /* Use this list to have for all users */ - $sql = "SELECT DISTINCT u.rowid, u.lastname as lastname, u.firstname, u.statut, u.login, u.admin, u.entity"; - $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; - if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { - $sql .= ", ".MAIN_DB_PREFIX."usergroup_user as ug"; - $sql .= " WHERE ug.entity IN (".getEntity('usergroup').")"; - $sql .= " AND ug.fk_user = u.rowid "; - } else { - if ($usergroup > 0) { + $sql = "SELECT DISTINCT u.rowid, u.lastname as lastname, u.firstname, u.statut, u.login, u.admin, u.entity"; + $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; + if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { + $sql .= ", ".MAIN_DB_PREFIX."usergroup_user as ug"; + $sql .= " WHERE ug.entity IN (".getEntity('usergroup').")"; + $sql .= " AND ug.fk_user = u.rowid "; + } else { + if ($usergroup > 0) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."usergroup_user as ug ON u.rowid = ug.fk_user"; } - $sql .= " WHERE u.entity IN (".getEntity('user').")"; - } - $sql .= " AND u.statut = 1"; - if ($usergroup > 0) { + $sql .= " WHERE u.entity IN (".getEntity('user').")"; + } + $sql .= " AND u.statut = 1"; + if ($usergroup > 0) { $sql .= " AND ug.fk_usergroup = ".((int) $usergroup); } diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index c2e10f74770..0a352210d41 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -3350,18 +3350,18 @@ class User extends CommonObject public function load_state_board() { // phpcs:enable - global $conf; + global $conf; $this->nb = array(); $sql = "SELECT COUNT(DISTINCT u.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { - $sql .= ", ".MAIN_DB_PREFIX."usergroup_user as ug"; - $sql .= " WHERE ug.entity IN (".getEntity('usergroup').")"; - $sql .= " AND ug.fk_user = u.rowid "; + $sql .= ", ".MAIN_DB_PREFIX."usergroup_user as ug"; + $sql .= " WHERE ug.entity IN (".getEntity('usergroup').")"; + $sql .= " AND ug.fk_user = u.rowid"; } else { - $sql .= " WHERE u.entity IN (".getEntity('user').")"; + $sql .= " WHERE u.entity IN (".getEntity('user').")"; } $sql .= " AND u.statut > 0"; //$sql.= " AND employee != 0";