From f89195e39fe015adc14bdcd9aa61414fd75babf4 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Thu, 21 May 2020 23:23:59 +0200 Subject: [PATCH 01/13] Fix SQL IF for PGSQL --- htdocs/margin/tabs/productMargins.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index 57eef531342..4551557e95a 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -136,9 +136,9 @@ if ($id > 0 || ! empty($ref)) $sql.= " f.datef, f.paye, f.fk_statut as statut, f.type,"; if (!$user->rights->societe->client->voir && !$socid) $sql.= " sc.fk_soc, sc.fk_user,"; $sql.= " sum(d.total_ht) as selling_price,"; // may be negative or positive - $sql.= " IF(f.type = 2, -1, 1) * sum(d.qty) as qty,"; // not always positive in case of Credit note - $sql.= " IF(f.type = 2, -1, 1) * sum(d.qty * d.buy_price_ht) as buying_price,"; // not always positive in case of Credit note - $sql.= " IF(f.type = 2, -1, 1) * sum(abs(d.total_ht) - (d.buy_price_ht * d.qty)) as marge" ; // not always positive in case of Credit note + $sql.= " ".$db->ifsql('f.type = 2', -1, 1)." * sum(d.qty) as qty,"; // not always positive in case of Credit note + $sql.= " ".$db->ifsql('f.type = 2', -1, 1)." * sum(d.qty * d.buy_price_ht) as buying_price,"; // not always positive in case of Credit note + $sql.= " ".$db->ifsql('f.type = 2', -1, 1)." * sum(abs(d.total_ht) - (d.buy_price_ht * d.qty)) as marge" ; // not always positive in case of Credit note $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql.= ", ".MAIN_DB_PREFIX."facture as f"; $sql.= ", ".MAIN_DB_PREFIX."facturedet as d"; From 2595f571c74ef424add3c3ca687b769f90df3cb0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 25 May 2020 00:21:09 +0200 Subject: [PATCH 02/13] Fix exclude credit note when searching situation invoice to use for next --- htdocs/core/class/html.form.class.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index acbd15712e5..ec7bfeab7c4 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -3582,10 +3582,11 @@ class Form $opt = ''; $sql = 'SELECT rowid, ref, situation_cycle_ref, situation_counter, situation_final, fk_soc'; - $sql.= ' FROM ' . MAIN_DB_PREFIX . 'facture'; - $sql.= ' WHERE entity IN ('.getEntity('invoice').')'; - $sql.= ' AND situation_counter>=1'; - $sql.= ' ORDER by situation_cycle_ref, situation_counter desc'; + $sql .= ' FROM ' . MAIN_DB_PREFIX . 'facture'; + $sql .= ' WHERE entity IN ('.getEntity('invoice').')'; + $sql .= ' AND situation_counter>=1'; + $sql .= ' AND type <> 2'; + $sql .= ' ORDER by situation_cycle_ref, situation_counter desc'; $resql = $this->db->query($sql); if ($resql && $this->db->num_rows($resql) > 0) { // Last seen cycle From e02aa4e41b3a5c74fc0e5d60699bae5354e51229 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 26 May 2020 23:22:14 +0200 Subject: [PATCH 03/13] FIX Default bank account was not loaded for document generation. --- htdocs/core/class/commondocgenerator.class.php | 4 ++-- htdocs/societe/class/societe.class.php | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php index 56910b43e4a..4a8e097fd6d 100644 --- a/htdocs/core/class/commondocgenerator.class.php +++ b/htdocs/core/class/commondocgenerator.class.php @@ -212,8 +212,8 @@ abstract class CommonDocGenerator 'company_idprof6'=>$object->idprof6, 'company_note_public'=>$object->note_public, 'company_note_private'=>$object->note_private, - 'company_default_bank_iban'=>$object->bank_account->iban, - 'company_default_bank_bic'=>$object->bank_account->bic + 'company_default_bank_iban'=>(is_object($object->bank_account) ? $object->bank_account->iban : ''), + 'company_default_bank_bic'=>(is_object($object->bank_account) ? $object->bank_account->bic : '') ); // Retrieve extrafields diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 9cc36dbb7b4..67bdbf5142c 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -636,6 +636,12 @@ class Societe extends CommonObject */ public $multicurrency_code; + /** + * @var Account Default BAN account + */ + public $bank_account; + + /** * Constructor * @@ -4155,6 +4161,17 @@ class Societe extends CommonObject } } + if (! isset($this->bank_account)) { + require_once DOL_DOCUMENT_ROOT.'/societe/class/companybankaccount.class.php'; + $bac = new CompanyBankAccount($this->db); + $result = $bac->fetch(0, $this->id); + if ($result > 0) { + $this->bank_account = $bac; + } else { + $this->bank_account = ''; + } + } + $modelpath = "core/modules/societe/doc/"; $result = $this->commonGenerateDocument($modelpath, $modele, $outputlangs, $hidedetails, $hidedesc, $hideref, $moreparams); From 954c29786e7102c7cf3bf771e42d00d5eb81933d Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Wed, 27 May 2020 12:15:42 +0200 Subject: [PATCH 04/13] FIX 10.0 - pagination in prelevement/bons.php --- htdocs/compta/prelevement/bons.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/bons.php b/htdocs/compta/prelevement/bons.php index 27654de1ad0..b5610b81f68 100644 --- a/htdocs/compta/prelevement/bons.php +++ b/htdocs/compta/prelevement/bons.php @@ -36,7 +36,10 @@ $socid = GETPOST('socid', 'int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement', '', '', 'bons'); +$urladd = ''; $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; +if ($limit != $conf->liste_limit) $urladd .= '&limit=' . $limit; + $sortfield = GETPOST('sortfield', 'alpha'); $sortorder = GETPOST('sortorder', 'alpha'); $page = GETPOST('page', 'int'); @@ -102,7 +105,7 @@ if ($result) $num = $db->num_rows($result); $i = 0; - $urladd= "&statut=".$statut; + $urladd .= "&statut=" . $statut; $selectedfields=''; From a207365bd2f3373405e04ebd292b29529d3b4217 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 27 May 2020 13:12:18 +0200 Subject: [PATCH 05/13] FIX XSS using the renaming of .noexe files - reported by Nolan. --- htdocs/core/class/html.formfile.class.php | 3 +- htdocs/core/lib/files.lib.php | 27 +++++++++-------- htdocs/core/tpl/filemanager.tpl.php | 4 +-- htdocs/ecm/class/ecmfiles.class.php | 36 ++++++++++++----------- htdocs/ecm/file_card.php | 26 ++++++++++++---- htdocs/ecm/index.php | 6 ++-- htdocs/langs/en_US/errors.lang | 1 + 7 files changed, 63 insertions(+), 40 deletions(-) diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index ec9dff5f1a3..97a4bdf1948 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -1269,7 +1269,8 @@ class FormFile } else { - print dol_trunc($file['name'], 200); + $filenametoshow = preg_replace('/\.noexe$/', '', $file['name']); + print dol_trunc($filenametoshow, 200); print ''; } // Preview link diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 41d7bf1b294..6614b22e5ed 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -870,7 +870,7 @@ function dol_move($srcfile, $destfile, $newmask = 0, $overwriteifexists = 1, $te { $rel_filetorenamebefore = preg_replace('/^[\\/]/', '', $rel_filetorenamebefore); $rel_filetorenameafter = preg_replace('/^[\\/]/', '', $rel_filetorenameafter); - //var_dump($rel_filetorenamebefore.' - '.$rel_filetorenameafter); + //var_dump($rel_filetorenamebefore.' - '.$rel_filetorenameafter);exit; dol_syslog("Try to rename also entries in database for full relative path before = ".$rel_filetorenamebefore." after = ".$rel_filetorenameafter, LOG_DEBUG); include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php'; @@ -893,6 +893,7 @@ function dol_move($srcfile, $destfile, $newmask = 0, $overwriteifexists = 1, $te $ecmfile->filepath = $rel_dir; $ecmfile->filename = $filename; + $resultecm = $ecmfile->update($user); } elseif ($resultecm == 0) // If no entry were found for src files, create/update target file @@ -995,7 +996,7 @@ function dolCheckVirus($src_file) * @param integer $uploaderrorcode Value of PHP upload error code ($_FILES['field']['error']) * @param int $nohook Disable all hooks * @param string $varfiles _FILES var name - * @return int|string >0 if OK, <0 or string if KO + * @return int|string 1 if OK, 2 if OK and .noexe appended, <0 or string if KO * @see dol_move() */ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disablevirusscan = 0, $uploaderrorcode = 0, $nohook = 0, $varfiles = 'addedfile') @@ -1005,6 +1006,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable $reshook = 0; $file_name = $dest_file; + $successcode = 1; if (empty($nohook)) { @@ -1055,6 +1057,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable if (isAFileWithExecutableContent($dest_file) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED)) { $file_name .= '.noexe'; + $successcode = 2; } // Security: @@ -1109,7 +1112,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable { if (!empty($conf->global->MAIN_UMASK)) @chmod($file_name_osencoded, octdec($conf->global->MAIN_UMASK)); dol_syslog("Files.lib::dol_move_uploaded_file Success to move ".$src_file." to ".$file_name." - Umask=".$conf->global->MAIN_UMASK, LOG_DEBUG); - return 1; // Success + return $successcode; // Success } else { @@ -1118,7 +1121,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable } } - return 1; // Success + return $successcode; // Success } /** @@ -1173,8 +1176,6 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, } else { - $error = 0; - //print "x".$file." ".$disableglob;exit; $file_osencoded = dol_osencode($file); // New filename encoded in OS filesystem encoding charset if (empty($disableglob) && !empty($file_osencoded)) @@ -1197,10 +1198,11 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $rel_filetodelete = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filename); if (!preg_match('/(\/temp\/|\/thumbs\/|\.meta$)/', $rel_filetodelete)) // If not a tmp file { - $rel_filetodelete = preg_replace('/^[\\/]/', '', $rel_filetodelete); - if (is_object($db) && $indexdatabase) // $db may not be defined when lib is in a context with define('NOREQUIREDB',1) { + $rel_filetodelete = preg_replace('/^[\\/]/', '', $rel_filetodelete); + $rel_filetodelete = preg_replace('/\.noexe$/', '', $rel_filetodelete); + dol_syslog("Try to remove also entries in database for full relative path = ".$rel_filetodelete, LOG_DEBUG); include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php'; $ecmfile = new EcmFiles($db); @@ -1564,6 +1566,7 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess $destfile = dol_string_nohtmltag($destfile); $destfull = dol_string_nohtmltag($destfull); + // Move file from temp directory to final directory. A .noexe may also be appended on file name. $resupload = dol_move_uploaded_file($TFile['tmp_name'][$i], $destfull, $allowoverwrite, 0, $TFile['error'][$i], 0, $varfiles); if (is_numeric($resupload) && $resupload > 0) // $resupload can be 'ErrorFileAlreadyExists' @@ -1600,10 +1603,10 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess // Update table of files if ($donotupdatesession == 1) { - $result = addFileIntoDatabaseIndex($upload_dir, basename($destfile), $TFile['name'][$i], 'uploaded', 0); + $result = addFileIntoDatabaseIndex($upload_dir, basename($destfile).($resupload == 2 ? '.noexe' : ''), $TFile['name'][$i], 'uploaded', 0); if ($result < 0) { - setEventMessages('FailedToAddFileIntoDatabaseIndex', '', 'warnings'); + setEventMessages('WarningFailedToAddFileIntoDatabaseIndex', '', 'warnings'); } } @@ -1714,7 +1717,7 @@ function dol_remove_file_process($filenb, $donotupdatesession = 0, $donotdeletef * See also commonGenerateDocument that also add/update database index when a file is generated. * * @param string $dir Directory name (full real path without ending /) - * @param string $file File name + * @param string $file File name (May end with '.noexe') * @param string $fullpathorig Full path of origin for file (can be '') * @param string $mode How file was created ('uploaded', 'generated', ...) * @param int $setsharekey Set also the share key @@ -1730,7 +1733,7 @@ function addFileIntoDatabaseIndex($dir, $file, $fullpathorig = '', $mode = 'uplo if (!preg_match('/[\\/]temp[\\/]|[\\/]thumbs|\.meta$/', $rel_dir)) // If not a tmp dir { - $filename = basename($file); + $filename = basename(preg_replace('/\.noexe$/', '', $file)); $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir); $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir); diff --git a/htdocs/core/tpl/filemanager.tpl.php b/htdocs/core/tpl/filemanager.tpl.php index 3a3395432de..f95286bbcfc 100644 --- a/htdocs/core/tpl/filemanager.tpl.php +++ b/htdocs/core/tpl/filemanager.tpl.php @@ -178,7 +178,7 @@ if (empty($action) || $action == 'editfile' || $action == 'file_manager' || preg print ''; } - else // Show filtree when ajax is disabled (rare) + else // Show file tree when ajax is disabled (rare) { print ''; @@ -212,7 +212,7 @@ if (empty($action) || $action == 'editfile' || $action == 'file_manager' || preg
entity = trim($this->entity); } if (isset($this->filename)) { - $this->filename = trim($this->filename); + $this->filename = preg_replace('/\.noexe$/', '', trim($this->filename)); } if (isset($this->filepath)) { $this->filepath = trim($this->filepath); @@ -346,12 +346,13 @@ class EcmFiles extends CommonObject $sql .= " t.src_object_id"; $sql .= ' FROM ' . MAIN_DB_PREFIX . $this->table_element . ' as t'; $sql.= ' WHERE 1 = 1'; - /* Fetching this table depends on filepath+filename, it must not depends on entity + /* Fetching this table depends on filepath+filename, it must not depends on entity because filesystem on disk does not know what is Dolibarr entities if (! empty($conf->multicompany->enabled)) { $sql .= " AND entity IN (" . getEntity('ecmfiles') . ")"; }*/ if ($relativepath) { - $sql .= " AND t.filepath = '" . $this->db->escape(dirname($relativepath)) . "' AND t.filename = '".$this->db->escape(basename($relativepath))."'"; + $relativepathwithnoexe = preg_replace('/\.noexe$/', '', $relativepath); // We must never have the .noexe into the database + $sql .= " AND t.filepath = '" . $this->db->escape(dirname($relativepath)) . "' AND t.filename = '".$this->db->escape(basename($relativepathwithnoexe))."'"; $sql .= " AND t.entity = ".$conf->entity; // unique key include the entity so each company has its own index } elseif (! empty($ref)) { // hash of file path @@ -552,46 +553,47 @@ class EcmFiles extends CommonObject // Clean parameters if (isset($this->ref)) { - $this->ref = trim($this->ref); + $this->ref = trim($this->ref); } if (isset($this->label)) { - $this->label = trim($this->label); + $this->label = trim($this->label); } if (isset($this->share)) { - $this->share = trim($this->share); + $this->share = trim($this->share); } if (isset($this->entity)) { - $this->entity = trim($this->entity); + $this->entity = trim($this->entity); } if (isset($this->filename)) { - $this->filename = trim($this->filename); + $this->filename = preg_replace('/\.noexe$/', '', trim($this->filename)); } if (isset($this->filepath)) { - $this->filepath = trim($this->filepath); + $this->filepath = trim($this->filepath); + $this->filepath = preg_replace('/[\\/]+$/', '', $this->filepath); // Remove last / } if (isset($this->fullpath_orig)) { - $this->fullpath_orig = trim($this->fullpath_orig); + $this->fullpath_orig = trim($this->fullpath_orig); } if (isset($this->description)) { - $this->description = trim($this->description); + $this->description = trim($this->description); } if (isset($this->keywords)) { - $this->keywords = trim($this->keywords); + $this->keywords = trim($this->keywords); } if (isset($this->cover)) { - $this->cover = trim($this->cover); + $this->cover = trim($this->cover); } if (isset($this->gen_or_uploaded)) { - $this->gen_or_uploaded = trim($this->gen_or_uploaded); + $this->gen_or_uploaded = trim($this->gen_or_uploaded); } if (isset($this->extraparams)) { - $this->extraparams = trim($this->extraparams); + $this->extraparams = trim($this->extraparams); } if (isset($this->fk_user_m)) { - $this->fk_user_m = trim($this->fk_user_m); + $this->fk_user_m = trim($this->fk_user_m); } if (isset($this->acl)) { - $this->acl = trim($this->acl); + $this->acl = trim($this->acl); } if (isset($this->src_object_type)) { $this->src_object_type = trim($this->src_object_type); diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 3664a2e7f28..e1796068370 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -139,6 +139,12 @@ if ($action == 'update') $oldfile = $olddir.$oldlabel; $newfile = $newdir.$newlabel; + $newfileformove = $newfile; + // If old file end with .noexe, new file must also end with .noexe + if (preg_match('/\.noexe$/', $oldfile) && ! preg_match('/\.noexe$/', $newfileformove)) { + $newfileformove .= '.noexe'; + } + //var_dump($oldfile);var_dump($newfile);exit; // Now we update index of file $db->begin(); @@ -146,7 +152,7 @@ if ($action == 'update') //print $oldfile.' - '.$newfile; if ($newlabel != $oldlabel) { - $result = dol_move($oldfile, $newfile); // This include update of database + $result = dol_move($oldfile, $newfileformove); // This include update of database if (!$result) { $langs->load('errors'); @@ -190,7 +196,7 @@ if ($action == 'update') $object->entity = $conf->entity; $object->filepath = preg_replace('/[\\/]+$/', '', $newdirrelativetodocument); $object->filename = $newlabel; - $object->label = md5_file(dol_osencode($newfile)); // hash of file content + $object->label = md5_file(dol_osencode($newfileformove)); // hash of file content $object->fullpath_orig = ''; $object->gen_or_uploaded = 'unknown'; $object->description = ''; // indexed content @@ -208,6 +214,11 @@ if ($action == 'update') $db->commit(); $urlfile = $newlabel; + // If old file end with .noexe, new file must also end with .noexe + if (preg_match('/\.noexe$/', $newfileformove)) { + $urlfile .= '.noexe'; + } + header('Location: '.$_SERVER["PHP_SELF"].'?urlfile='.urlencode($urlfile).'§ion='.urlencode($section)); exit; } @@ -264,9 +275,13 @@ while ($tmpecmdir && $result > 0) $i++; } +$urlfiletoshow = preg_replace('/\.noexe$/', '', $urlfile); + $s = img_picto('', 'object_dir').' '.$langs->trans("ECMRoot").' -> '.$s.' -> '; -if ($action == 'edit') $s .= ''; -else $s .= $urlfile; +if ($action == 'edit') $s .= ''; +else $s .= $urlfiletoshow; + +$morehtml = ''; $object->ref = ''; // Force to hide ref dol_banner_tab($object, '', $morehtml, 0, '', '', $s); @@ -289,10 +304,9 @@ print dol_print_size($totalsize); print ''; */ +// Hash of file content print ''.$langs->trans("HashOfFileContent").''; $object = new EcmFiles($db); -//$filenametosearch=basename($filepath); -//$filedirtosearch=basedir($filepath); $object->fetch(0, '', $filepathtodocument); if (!empty($object->label)) { diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index e51efb01aaa..852d148e258 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -124,15 +124,17 @@ if ($action == 'confirm_deletefile') if (GETPOST('confirm') == 'yes') { // GETPOST('urlfile','alpha') is full relative URL from ecm root dir. Contains path of all sections. - //var_dump(GETPOST('urlfile'));exit; $upload_dir = $conf->ecm->dir_output.($relativepath?'/'.$relativepath:''); $file = $upload_dir . "/" . GETPOST('urlfile', 'alpha'); + //var_dump($file);exit; $ret=dol_delete_file($file); // This include also the delete from file index in database. if ($ret) { - setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile', 'alpha')), null, 'mesgs'); + $urlfiletoshow = GETPOST('urlfile', 'alpha'); + $urlfiletoshow = preg_replace('/\.noexe$/', '', $urlfiletoshow); + setEventMessages($langs->trans("FileWasRemoved", $urlfiletoshow), null, 'mesgs'); $result=$ecmdir->changeNbOfFiles('-'); } else diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index c5b61e50ed6..d145e75bad6 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -255,3 +255,4 @@ WarningNumberOfRecipientIsRestrictedInMassAction=Warning, number of different re WarningDateOfLineMustBeInExpenseReportRange=Warning, the date of line is not in the range of the expense report WarningProjectClosed=Project is closed. You must re-open it first. WarningSomeBankTransactionByChequeWereRemovedAfter=Some bank transaction were removed after that the receipt including them were generated. So nb of cheques and total of receipt may differ from number and total in list. +WarningFailedToAddFileIntoDatabaseIndex=Warnin, failed to add file entry into ECM database index table \ No newline at end of file From d491f2cf541a375ec0077893874d9b4087fb8dfb Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Wed, 27 May 2020 18:27:10 +0200 Subject: [PATCH 06/13] [pgsql] type of llx_adherent_type.subscription is VARCHAR(3) so quotes are mandatory --- htdocs/adherents/class/adherent.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 04c5baa642a..eeede7b3810 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -2282,7 +2282,7 @@ class Adherent extends CommonObject $sql.= " WHERE a.fk_adherent_type = t.rowid"; $sql.= " AND a.statut = 1"; $sql.= " AND a.entity IN (".getEntity('adherent').")"; - $sql.= " AND ((a.datefin IS NULL or a.datefin < '".$this->db->idate($now)."') AND t.subscription = 1)"; + $sql.= " AND ((a.datefin IS NULL or a.datefin < '".$this->db->idate($now)."') AND t.subscription = '1')"; $resql=$this->db->query($sql); if ($resql) From edc6abcea83da1430ae8031f70280bba6d9b004f Mon Sep 17 00:00:00 2001 From: atm-lena Date: Thu, 28 May 2020 15:19:37 +0200 Subject: [PATCH 07/13] FIX Rounding Total TVA in "crabe" model pdf --- htdocs/core/modules/facture/doc/pdf_crabe.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index bfa15ebd4b1..c302c2174bf 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -1275,7 +1275,7 @@ class pdf_crabe extends ModelePDFFactures $pdf->MultiCell($col2x - $col1x, $tab2_hl, $totalvat, 0, 'L', 1); $pdf->SetXY($col2x, $tab2_top + $tab2_hl * $index); - $pdf->MultiCell($largcol2, $tab2_hl, price($tvaval, 0, $outputlangs), 0, 'R', 1); + $pdf->MultiCell($largcol2, $tab2_hl, price($tvaval, 0, $outputlangs, '', '', ($conf->global->MAIN_MAX_DECIMALS_TOT ? $conf->global->MAIN_MAX_DECIMALS_TOT : 0)), 0, 'R', 1); } } From 9915d97adf832b230b6950a65b389e1696f43624 Mon Sep 17 00:00:00 2001 From: glu000 Date: Thu, 28 May 2020 16:11:02 +0200 Subject: [PATCH 08/13] Fix #13991 --- htdocs/core/class/extrafields.class.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index ac388b1ef83..50513739ef5 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1686,8 +1686,13 @@ class ExtraFields } elseif ($type == 'select') { - if ($langfile && $param['options'][$value]) $value = $langs->trans($param['options'][$value]); - else $value = $param['options'][$value]; + $valstr = $param['options'][$value]; + if (($pos = strpos($valstr, "|")) !== false) + { + $valstr = substr ($valstr, 0, $pos); + } + if ($langfile && $valstr) $value = $langs->trans($valstr); + else $value = $valstr; } elseif ($type == 'sellist') { From 56259bae9abcac5e74b846202ff284c6a19815f0 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Thu, 28 May 2020 14:18:00 +0000 Subject: [PATCH 09/13] Fixing style errors. --- htdocs/core/class/extrafields.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 50513739ef5..f938426d4ba 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1689,7 +1689,7 @@ class ExtraFields $valstr = $param['options'][$value]; if (($pos = strpos($valstr, "|")) !== false) { - $valstr = substr ($valstr, 0, $pos); + $valstr = substr($valstr, 0, $pos); } if ($langfile && $valstr) $value = $langs->trans($valstr); else $value = $valstr; From bdc73b5cae582ff1f3b935e8064021787ba41e0d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 28 May 2020 17:37:53 +0200 Subject: [PATCH 10/13] Update pdf_crabe.modules.php --- htdocs/core/modules/facture/doc/pdf_crabe.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index c302c2174bf..692e75db82d 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -1275,7 +1275,7 @@ class pdf_crabe extends ModelePDFFactures $pdf->MultiCell($col2x - $col1x, $tab2_hl, $totalvat, 0, 'L', 1); $pdf->SetXY($col2x, $tab2_top + $tab2_hl * $index); - $pdf->MultiCell($largcol2, $tab2_hl, price($tvaval, 0, $outputlangs, '', '', ($conf->global->MAIN_MAX_DECIMALS_TOT ? $conf->global->MAIN_MAX_DECIMALS_TOT : 0)), 0, 'R', 1); + $pdf->MultiCell($largcol2, $tab2_hl, price(price2num($tvaval, 'MT'), 0', $outputlangs), 0, 'R', 1); } } From 8360ca4b20f43772ba9320b1e86896212028eb63 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 28 May 2020 17:38:20 +0200 Subject: [PATCH 11/13] Update pdf_crabe.modules.php --- htdocs/core/modules/facture/doc/pdf_crabe.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index 692e75db82d..a32ba1308a3 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -1275,7 +1275,7 @@ class pdf_crabe extends ModelePDFFactures $pdf->MultiCell($col2x - $col1x, $tab2_hl, $totalvat, 0, 'L', 1); $pdf->SetXY($col2x, $tab2_top + $tab2_hl * $index); - $pdf->MultiCell($largcol2, $tab2_hl, price(price2num($tvaval, 'MT'), 0', $outputlangs), 0, 'R', 1); + $pdf->MultiCell($largcol2, $tab2_hl, price(price2num($tvaval, 'MT'), 0, $outputlangs), 0, 'R', 1); } } From 1e208e537f12cf9be59655c728a64ab38df9e39a Mon Sep 17 00:00:00 2001 From: kamel Date: Fri, 29 May 2020 16:24:07 +0200 Subject: [PATCH 12/13] FIX: Fix link of the button to create a credit note and fix the awareness of a error happen when to create a credit note --- htdocs/compta/facture/card.php | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index cb3aa9cd099..b97d22631a1 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -1106,12 +1106,12 @@ if (empty($reshook)) } // Add link between credit note and origin - if(! empty($object->fk_facture_source)) { + if(! empty($object->fk_facture_source) && $id>0) { $facture_source->fetch($object->fk_facture_source); $facture_source->fetchObjectLinked(); - if(! empty($facture_source->linkedObjectsIds)) { - foreach($facture_source->linkedObjectsIds as $sourcetype => $TIds) { + if (!empty($facture_source->linkedObjectsIds)) { + foreach ($facture_source->linkedObjectsIds as $sourcetype => $TIds) { $object->add_object_linked($sourcetype, current($TIds)); } } @@ -4835,9 +4835,8 @@ elseif ($id > 0 || ! empty($ref)) // Create a credit note if (($object->type == Facture::TYPE_STANDARD || $object->type == Facture::TYPE_DEPOSIT || $object->type == Facture::TYPE_PROFORMA) && $object->statut > 0 && $usercancreate) { - if (! $objectidnext) - { - print '
' . $langs->trans("CreateCreditNote") . '
'; + if (! $objectidnext) { + print '
' . $langs->trans("CreateCreditNote") . '
'; } } From e223189507a74d268ce4ab19e9e68855f7403765 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 30 May 2020 14:20:04 +0200 Subject: [PATCH 13/13] FIX #14002 --- htdocs/fichinter/list.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index fd45d2daecb..ef6b9241c8d 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -75,8 +75,6 @@ $pagenext = $page + 1; if (!$sortorder) $sortorder = "DESC"; if (!$sortfield) { - //if (empty($conf->global->FICHINTER_DISABLE_DETAILS)) $sortfield="fd.date"; - //else $sortfield = "f.ref"; } @@ -203,7 +201,7 @@ foreach ($arrayfields as $tmpkey => $tmpval) $sql = "SELECT"; $sql .= " f.ref, f.rowid, f.fk_statut, f.description, f.datec as date_creation, f.tms as date_update, f.note_private,"; -if (empty($conf->global->FICHINTER_DISABLE_DETAILS) && $atleastonefieldinlines) $sql .= "fd.rowid as lineid, fd.description as descriptiondetail, fd.date as dp, fd.duree,"; +if (empty($conf->global->FICHINTER_DISABLE_DETAILS) && $atleastonefieldinlines) $sql .= " fd.rowid as lineid, fd.description as descriptiondetail, fd.date as dp, fd.duree,"; $sql .= " s.nom as name, s.rowid as socid, s.client"; if (!empty($conf->projet->enabled)) { $sql .= ", pr.rowid as projet_id, pr.ref as projet_ref, pr.title as projet_title"; @@ -245,7 +243,7 @@ if ($search_contrat_ref) { $sql .= natural_search('c.ref', $search_contrat_ref); } if ($search_desc) { - if (empty($conf->global->FICHINTER_DISABLE_DETAILS)) $sql .= natural_search(array('f.description', 'fd.description'), $search_desc); + if (empty($conf->global->FICHINTER_DISABLE_DETAILS) && $atleastonefieldinlines) $sql .= natural_search(array('f.description', 'fd.description'), $search_desc); else $sql .= natural_search(array('f.description'), $search_desc); } if ($search_status != '' && $search_status >= 0) {