diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 351ab9212bc..e543b7e6bd1 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -1036,10 +1036,11 @@ if ($action == 'create') { //print ''; print '        
'; print img_picto($langs->trans("Recurrence"), 'recurring', 'class="paddingright2"'); - print ''; + print ''; $selectedrecurrulefreq = 'no'; $selectedrecurrulebymonthday = ''; $selectedrecurrulebyday = ''; + $reg = array(); if ($object->recurrule && preg_match('/FREQ=([A-Z]+)/i', $object->recurrule, $reg)) { $selectedrecurrulefreq = $reg[1]; } diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 7d03def1464..22419629333 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -373,6 +373,16 @@ class ActionComm extends CommonObject */ public $status; + /** + * Properties to manage the recurring events + */ + public $recurid; + public $recurrule; + public $recurdateend; + + public $calling_duration; + + /** * Typical value for a event that is in a todo state */ diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index d7d86589dff..668787349be 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1613,7 +1613,7 @@ if ($action == 'create' && $usercancreate) { $fk_account = $soc->fk_account; $availability_id = 0; $shipping_method_id = $soc->shipping_method_id; - $warehouse_id = $soc->warehouse_id; + $warehouse_id = $soc->fk_warehouse; $demand_reason_id = $soc->demand_reason_id; $remise_percent = $soc->remise_percent; $remise_absolue = 0; @@ -1702,7 +1702,7 @@ if ($action == 'create' && $usercancreate) { // Contacts (ask contact only if thirdparty already defined). print "".$langs->trans("DefaultContact").''; print img_picto('', 'contact', 'class="pictofixedwidth"'); - print $form->selectcontacts($soc->id, $contactid, 'contactid', 1, $srccontactslist, '', 1, 'maxwidth200 widthcentpercentminusx'); + print $form->selectcontacts($soc->id, $contactid, 'contactid', 1, !empty($srccontactslist)?$srccontactslist:"", '', 1, 'maxwidth200 widthcentpercentminusx'); print ''; // Ligne info remises tiers @@ -1726,7 +1726,7 @@ if ($action == 'create' && $usercancreate) { // Date delivery planned print ''.$langs->trans("DateDeliveryPlanned").''; print ''; - $date_delivery = ($date_delivery ? $date_delivery : $object->date_delivery); + $date_delivery = ($date_delivery ? $date_delivery : $object->delivery_date); print $form->selectDate($date_delivery ? $date_delivery : -1, 'liv_', 1, 1, 1); print "\n"; print ''; @@ -1807,7 +1807,12 @@ if ($action == 'create' && $usercancreate) { } // Other attributes - $parameters = array('objectsrc' => $objectsrc, 'socid'=>$socid); + $parameters = array(); + if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { + $parameters['objectsrc'] = $objectsrc; + } + $parameters['socid'] = $socid; + // Note that $action and $object may be modified by hook $reshook = $hookmanager->executeHooks('formObjectOptions', $parameters, $object, $action); print $hookmanager->resPrint; diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index bd4ac38f135..e9d1a449b0c 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -3282,6 +3282,25 @@ class Facture extends CommonInvoice } } + /* + * Set situation_final to 0 if is a credit note and the invoice source is a invoice situation (case when invoice situation is at 100%) + * So we can continue to create new invoice situation + */ + if (!$error && $this->type == self::TYPE_CREDIT_NOTE && $this->fk_facture_source > 0) { + $invoice_situation = new Facture($this->db); + $result = $invoice_situation->fetch($this->fk_facture_source); + if ($result > 0 && $invoice_situation->type == self::TYPE_SITUATION && $invoice_situation->situation_final == 1) { + $invoice_situation->situation_final = 0; + // Disable triggers because module can force situation_final to 1 by triggers (ex: SubTotal) + $result = $invoice_situation->setFinal($user, 1); + } + if ($result < 0) { + $this->error = $invoice_situation->error; + $this->errors = $invoice_situation->errors; + $error++; + } + } + // Trigger calls if (!$error && !$notrigger) { // Call trigger diff --git a/htdocs/core/ajax/pingresult.php b/htdocs/core/ajax/pingresult.php index 202dfbae390..8e3cc622512 100644 --- a/htdocs/core/ajax/pingresult.php +++ b/htdocs/core/ajax/pingresult.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2019-2022 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,7 +17,8 @@ /** * \file htdocs/core/ajax/pingresult.php - * \brief File to save result of an anonymous ping into database (1 ping is done per installation) + * \brief Page called after a ping was done in js to the official dolibarr ping service. + * This ajax URL is called with parameter 'firstpingok' or 'firstpingko' depending on the result of the ping. */ if (!defined('NOTOKENRENEWAL')) { diff --git a/htdocs/core/boxes/box_dolibarr_state_board.php b/htdocs/core/boxes/box_dolibarr_state_board.php index b25a42228e7..4b85ce9d396 100644 --- a/htdocs/core/boxes/box_dolibarr_state_board.php +++ b/htdocs/core/boxes/box_dolibarr_state_board.php @@ -209,7 +209,7 @@ class box_dolibarr_state_board extends ModeleBoxes 'expensereports' => DOL_URL_ROOT . '/expensereport/list.php?mainmenu=hrm&leftmenu=expensereport', 'holidays' => DOL_URL_ROOT . '/holiday/list.php?mainmenu=hrm&leftmenu=holiday', 'ticket' => DOL_URL_ROOT . '/ticket/list.php?leftmenu=ticket', - 'dolresource' => DOL_URL_ROOT . '/resource/list.php?mainmenu=tools', + 'dolresource' => DOL_URL_ROOT . '/resource/list.php?mainmenu=agenda', ); $titres = array( 'users' => "Users", diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 79b6932c72c..4d83acfe44c 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -4986,7 +4986,7 @@ abstract class CommonObject } $text .= ' - '.(!empty($line->label) ? $line->label : $label); - $description .= (!empty($conf->global->PRODUIT_DESC_IN_FORM) ? '' : dol_htmlentitiesbr($line->description)); // Description is what to show on popup. We shown nothing if already into desc. + $description .= (!empty($conf->global->PRODUIT_DESC_IN_FORM) ? '' : (!empty($line->description) ? dol_htmlentitiesbr($line->description) : '')); // Description is what to show on popup. We shown nothing if already into desc. } $line->pu_ttc = price2num((!empty($line->subprice) ? $line->subprice : 0) * (1 + ((!empty($line->tva_tx) ? $line->tva_tx : 0) / 100)), 'MU'); @@ -7498,33 +7498,35 @@ abstract class CommonObject $resql = $this->db->query($sql); if ($resql) { $value = ''; // value was used, so now we reste it to use it to build final output + $numrows = $this->db->num_rows($resql); + if ($numrows) { + $obj = $this->db->fetch_object($resql); - $obj = $this->db->fetch_object($resql); + // Several field into label (eq table:code|libelle:rowid) + $fields_label = explode('|', $InfoFieldList[1]); - // Several field into label (eq table:code|libelle:rowid) - $fields_label = explode('|', $InfoFieldList[1]); - - if (is_array($fields_label) && count($fields_label) > 1) { - foreach ($fields_label as $field_toshow) { - $translabel = ''; - if (!empty($obj->$field_toshow)) { - $translabel = $langs->trans($obj->$field_toshow); + if (is_array($fields_label) && count($fields_label) > 1) { + foreach ($fields_label as $field_toshow) { + $translabel = ''; + if (!empty($obj->$field_toshow)) { + $translabel = $langs->trans($obj->$field_toshow); + } + if ($translabel != $field_toshow) { + $value .= dol_trunc($translabel, 18).' '; + } else { + $value .= $obj->$field_toshow.' '; + } } - if ($translabel != $field_toshow) { - $value .= dol_trunc($translabel, 18).' '; - } else { - $value .= $obj->$field_toshow.' '; - } - } - } else { - $translabel = ''; - if (!empty($obj->{$InfoFieldList[1]})) { - $translabel = $langs->trans($obj->{$InfoFieldList[1]}); - } - if ($translabel != $obj->{$InfoFieldList[1]}) { - $value = dol_trunc($translabel, 18); } else { - $value = $obj->{$InfoFieldList[1]}; + $translabel = ''; + if (!empty($obj->{$InfoFieldList[1]})) { + $translabel = $langs->trans($obj->{$InfoFieldList[1]}); + } + if ($translabel != $obj->{$InfoFieldList[1]}) { + $value = dol_trunc($translabel, 18); + } else { + $value = $obj->{$InfoFieldList[1]}; + } } } } else { diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index 6f2669ac877..6d026272cc7 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -1137,7 +1137,7 @@ if ($resql) { $url .= '&socid='.((int) $socid); $url .= '&backtopage='.urlencode(DOL_URL_ROOT.'/fourn/commande/list.php?socid='.((int) $socid)); } - $newcardbutton = dolGetButtonTitle($langs->trans('NewSupplierOrderShort'), '', 'fa fa-plus-circle', $url, '', $permissitiontoadd); + $newcardbutton = dolGetButtonTitle($langs->trans('NewSupplierOrderShort'), '', 'fa fa-plus-circle', $url, '', $permissiontoadd); // Lines of title fields print '
'; diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 5344d68c342..9b2beafe8a4 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -3370,7 +3370,7 @@ if (!function_exists("llxFooter")) { url: '', timeout: 500, // timeout milliseconds cache: false, - data: { hash_algo: 'md5', hash_unique_id: '', action: 'firstpingok', token: 'notrequired' }, // for update + data: { hash_algo: 'md5', hash_unique_id: '', action: 'firstpingok', token: '' }, // for update }); }, error: function (data,status,xhr) { // error callback function @@ -3380,7 +3380,7 @@ if (!function_exists("llxFooter")) { url: '', timeout: 500, // timeout milliseconds cache: false, - data: { hash_algo: 'md5', hash_unique_id: '', action: 'firstpingko', token: 'notrequired' }, + data: { hash_algo: 'md5', hash_unique_id: '', action: 'firstpingko', token: '' }, }); } }); diff --git a/htdocs/modulebuilder/template/myobject_agenda.php b/htdocs/modulebuilder/template/myobject_agenda.php index 6b6f60bf8c6..740d419719a 100644 --- a/htdocs/modulebuilder/template/myobject_agenda.php +++ b/htdocs/modulebuilder/template/myobject_agenda.php @@ -290,7 +290,7 @@ if ($object->id > 0) { print '
'; if (isModEnabled('agenda') && (!empty($user->rights->agenda->myactions->read) || !empty($user->rights->agenda->allactions->read))) { - $param = '&id='.$object->id.'&socid='.$socid; + $param = '&id='.$object->id.(!empty($socid) ? '&socid='.$socid : ''); if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) { $param .= '&contextpage='.urlencode($contextpage); } diff --git a/htdocs/public/emailing/mailing-unsubscribe.php b/htdocs/public/emailing/mailing-unsubscribe.php index 76a73e8de05..7c85d9a2fc0 100644 --- a/htdocs/public/emailing/mailing-unsubscribe.php +++ b/htdocs/public/emailing/mailing-unsubscribe.php @@ -157,6 +157,10 @@ if (!empty($tag) && ($unsuscrib == '1')) { header("Content-type: text/html; charset=".$conf->file->character_set_client); + // Security options + header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on) + header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) + print ''; print "\n"; print "\n"; diff --git a/htdocs/public/members/public_card.php b/htdocs/public/members/public_card.php index a6512b83a60..d58b6448edb 100644 --- a/htdocs/public/members/public_card.php +++ b/htdocs/public/members/public_card.php @@ -147,16 +147,8 @@ $db->close(); */ function llxHeaderVierge($title, $head = "") { - global $user, $conf, $langs; + top_htmlhead($head, $title); - header("Content-type: text/html; charset=".$conf->file->character_set_client); - print "\n"; - print "\n"; - print "".$title."\n"; - if ($head) { - print $head."\n"; - } - print "\n"; print ''."\n"; } diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php index 4bf2a6b94bf..178af5fce11 100644 --- a/htdocs/public/members/public_list.php +++ b/htdocs/public/members/public_list.php @@ -65,16 +65,8 @@ $langs->loadLangs(array("main", "members", "companies", "other")); */ function llxHeaderVierge($title, $head = "") { - global $user, $conf, $langs; + top_htmlhead($head, $title); - header("Content-type: text/html; charset=".$conf->file->character_set_client); - print "\n"; - print "\n"; - print "".$title."\n"; - if ($head) { - print $head."\n"; - } - print "\n"; print ''."\n"; } @@ -151,13 +143,13 @@ if ($result) { print ''; print ''; - print ''; - print ''."\n"; + print ''; + print ''."\n"; //print_liste_field_titre("DateOfBirth", $_SERVER["PHP_SELF"],"birth",'',$param,$sortfield,$sortorder); // est-ce nécessaire ?? - print_liste_field_titre("EMail", $_SERVER["PHP_SELF"], "email", '', $param, '', $sortfield, $sortorder, 'public_'); - print_liste_field_titre("Zip", $_SERVER["PHP_SELF"], "zip", "", $param, '', $sortfield, $sortorder, 'public_'); - print_liste_field_titre("Town", $_SERVER["PHP_SELF"], "town", "", $param, '', $sortfield, $sortorder, 'public_'); - print_liste_field_titre("Photo", $_SERVER["PHP_SELF"], "", "", $param, '', $sortfield, $sortorder, 'public_'); + print_liste_field_titre("EMail", $_SERVER["PHP_SELF"], "email", '', $param, '', $sortfield, $sortorder, 'left public_'); + print_liste_field_titre("Zip", $_SERVER["PHP_SELF"], "zip", "", $param, '', $sortfield, $sortorder, 'left public_'); + print_liste_field_titre("Town", $_SERVER["PHP_SELF"], "town", "", $param, '', $sortfield, $sortorder, 'left public_'); + print_liste_field_titre("Photo", $_SERVER["PHP_SELF"], "", "", $param, '', $sortfield, $sortorder, 'center public_'); print "\n"; while ($i < $num && $i < $conf->liste_limit) { @@ -170,7 +162,7 @@ if ($result) { print ''."\n"; print ''."\n"; if (isset($objp->photo) && $objp->photo != '') { - print ''."\n"; } else { diff --git a/htdocs/public/test/test_arrays.php b/htdocs/public/test/test_arrays.php index 01910f71aaf..609ced5f684 100644 --- a/htdocs/public/test/test_arrays.php +++ b/htdocs/public/test/test_arrays.php @@ -44,6 +44,10 @@ $usedolheader = 1; // 1 = Test inside a dolibarr page, 0 = Use hard coded header if (empty($usedolheader)) { header("Content-type: text/html; charset=UTF8"); + + // Security options + header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on) + header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) ?> diff --git a/htdocs/public/test/test_badges.php b/htdocs/public/test/test_badges.php index 64ccf82345b..d3ed6476f95 100644 --- a/htdocs/public/test/test_badges.php +++ b/htdocs/public/test/test_badges.php @@ -12,6 +12,16 @@ if ($dolibarr_main_prod) { accessforbidden('Access forbidden when $dolibarr_main_prod is set to 1'); } +/* + * View + */ + +header("Content-type: text/html; charset=UTF8"); + +// Security options +header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on) +header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) + ?> diff --git a/htdocs/public/test/buttons.php b/htdocs/public/test/test_buttons.php similarity index 100% rename from htdocs/public/test/buttons.php rename to htdocs/public/test/test_buttons.php diff --git a/htdocs/public/test/test_csrf.php b/htdocs/public/test/test_csrf.php index 3127a765985..43372d22f15 100644 --- a/htdocs/public/test/test_csrf.php +++ b/htdocs/public/test/test_csrf.php @@ -34,6 +34,11 @@ if ($dolibarr_main_prod) { * View */ +header("Content-type: text/html; charset=UTF8"); + +// Security options +header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on) +header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) ?> This is a form to test if a CSRF exists into a Dolibarr page.
diff --git a/htdocs/public/test/test_exec.php b/htdocs/public/test/test_exec.php index 026a8d12b7b..ef6f41df132 100644 --- a/htdocs/public/test/test_exec.php +++ b/htdocs/public/test/test_exec.php @@ -41,17 +41,6 @@ if (!defined("NOSESSION")) { define("NOSESSION", '1'); } -print "*** SHOW SESSION STATUS
\n"; -print "Legend:
\n"; -print 'PHP_SESSION_DISABLED='.PHP_SESSION_DISABLED."
\n"; -print 'PHP_SESSION_NONE='.PHP_SESSION_NONE."
\n"; -print 'PHP_SESSION_ACTIVE='.PHP_SESSION_ACTIVE."
\n"; -print '
'; - -print 'session_status='.session_status().' (before main.inc.php)
'; - -print '

'."\n"; - require '../../main.inc.php'; // Security @@ -64,6 +53,12 @@ if ($dolibarr_main_prod) { * View */ +header("Content-type: text/html; charset=UTF8"); + +// Security options +header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on) +header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) + print "*** TEST READ OF /tmp/test.txt FILE
\n"; $out=''; diff --git a/htdocs/public/test/test_sessionlock.php b/htdocs/public/test/test_sessionlock.php index 8464ba2eb4f..1aea6204b3e 100644 --- a/htdocs/public/test/test_sessionlock.php +++ b/htdocs/public/test/test_sessionlock.php @@ -41,6 +41,17 @@ if (!defined("NOSESSION")) { define("NOSESSION", '1'); } + +// Special +// We add header and output some content before the include of main.inc.php !! +// Because we need to So we can make +header("Content-type: text/html; charset=UTF8"); + +// Security options +header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on) +header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) + + print "Legend:
\n"; print 'PHP_SESSION_DISABLED='.PHP_SESSION_DISABLED."
\n"; print 'PHP_SESSION_NONE='.PHP_SESSION_NONE."
\n"; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 2e225e1658f..eff502190cb 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -5099,6 +5099,7 @@ tr.visible { .websiteformtoolbar { position: sticky; top: ; + z-index: 1000; } .exampleapachesetup { diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index ceb5caa9d44..8a6c864fb17 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -4953,6 +4953,7 @@ tr.visible { .websiteformtoolbar { position: sticky; top: ; + z-index: 1000; } .exampleapachesetup {
'.dolGetFirstLastname($langs->trans("Firstname"), $langs->trans("Lastname")).''.$langs->trans("Company").''.dolGetFirstLastname($langs->trans("Firstname"), $langs->trans("Lastname")).''.$langs->trans("Company").'
'.$objp->zip.''.$objp->town.''; + print ''; print $form->showphoto('memberphoto', $objp, 64); print '