diff --git a/ChangeLog b/ChangeLog
index 82805bb0b74..ef931857be0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -209,6 +209,32 @@ Following changes may create regressions for some external modules, but were nec
* Rename the substitution for project label instead of project title in substitution variables
+***** ChangeLog for 16.0.3 compared to 16.0.2 *****
+
+FIX: $sign is useless
+FIX: #18304 Member subscription confirmation email sent even if mandatory fields are missing
+FIX: #19828
+FIX: #19877
+FIX: #22509 default value on integer fields don't retrieve by setSaveQuery
+FIX: #22786
+FIX: #22813
+FIX: #22824 Accountancy - Journal - Search on subledger when list of subledger is disabled
+FIX: Backup using the low memory mode
+FIX: Bankaccounts API fetch with 'id' and 'socid'
+FIX: base64_decode should be forbiden in dol_eval
+FIX: Broken Permissions check, $object is null.
+FIX: compute next value when year is on one digit for reset counter
+FIX: copy same behaviour in other accountancy files
+FIX: Fix the position of the verification condition of the test field in case of multi entities
+FIX: for #22882
+FIX: for #22952
+FIX: merge errors on mailing card
+FIX: PaymentBankTransfer Type page management with Select and Input on create.php
+FIX: remove not initialized variable
+FIX: SQL request parenthesis
+FIX: Use the Hook addMoreActionsButtons resPrint
+FIX: Wrong Extrafields Element For Assets
+
***** ChangeLog for 16.0.2 compared to 16.0.1 *****
FIX: 16.0 - computed extrafields are not displayed if the object has no other extrafields
diff --git a/build/debian/source/options b/build/debian/source/options
index 4918d029b84..8d8fd181896 100644
--- a/build/debian/source/options
+++ b/build/debian/source/options
@@ -1,3 +1,3 @@
-# Use bzip2 instead of gzip
-compression = "bzip2"
-compression-level = 9
+# Force use of gzip compression by dpkg-buildpackage
+compression = "gzip"
+#compression-level = 9
diff --git a/build/makepack-dolibarr.pl b/build/makepack-dolibarr.pl
index b2381db6ba3..5d958787243 100755
--- a/build/makepack-dolibarr.pl
+++ b/build/makepack-dolibarr.pl
@@ -678,7 +678,7 @@ if ($nboftargetok) {
mkdir($DESTI.'/standard');
if (-d $DESTI.'/standard') { $NEWDESTI=$DESTI.'/standard'; }
}
-
+
print "Remove target $FILENAMETGZ.tgz...\n";
unlink("$NEWDESTI/$FILENAMETGZ.tgz");
@@ -1064,7 +1064,8 @@ if ($nboftargetok) {
$ret=`mv $BUILDROOT/*_all.deb "$NEWDESTI/"`;
$ret=`mv $BUILDROOT/*.dsc "$NEWDESTI/"`;
$ret=`mv $BUILDROOT/*.orig.tar.gz "$NEWDESTI/"`;
- $ret=`mv $BUILDROOT/*.debian.tar.xz "$NEWDESTI/"`;
+ #$ret=`mv $BUILDROOT/*.debian.tar.xz "$NEWDESTI/"`; # xz file is generated when build/debian/sources/option
+ $ret=`mv $BUILDROOT/*.debian.tar.gz "$NEWDESTI/"`;
$ret=`mv $BUILDROOT/*.changes "$NEWDESTI/"`;
next;
}
@@ -1146,7 +1147,8 @@ if ($nboftargetok) {
"$DESTI/package_debian-ubuntu/${FILENAMEDEB}_all.deb"=>'Dolibarr installer for Debian-Ubuntu (DoliDeb)',
"$DESTI/package_debian-ubuntu/${FILENAMEDEB}_amd64.changes"=>'none', # none means it won't be published on SF
"$DESTI/package_debian-ubuntu/${FILENAMEDEB}.dsc"=>'none', # none means it won't be published on SF
- "$DESTI/package_debian-ubuntu/${FILENAMEDEB}.debian.tar.xz"=>'none', # none means it won't be published on SF
+ #"$DESTI/package_debian-ubuntu/${FILENAMEDEB}.debian.tar.xz"=>'none', # none means it won't be published on SF
+ "$DESTI/package_debian-ubuntu/${FILENAMEDEB}.debian.tar.gz"=>'none', # none means it won't be published on SF
"$DESTI/package_debian-ubuntu/${FILENAMEDEBSHORT}.orig.tar.gz"=>'none', # none means it won't be published on SF
"$DESTI/package_windows/$FILENAMEEXEDOLIWAMP.exe"=>'Dolibarr installer for Windows (DoliWamp)',
"$DESTI/standard/$FILENAMETGZ.tgz"=>'Dolibarr ERP-CRM',
diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php
index 407dbc1aa53..5fb201ebfdc 100644
--- a/htdocs/accountancy/journal/bankjournal.php
+++ b/htdocs/accountancy/journal/bankjournal.php
@@ -1162,19 +1162,24 @@ if (empty($action) || $action == 'view') {
//var_dump($tabpay[$key]);
print '';
print '
';
}
diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php
index 9bd14d120fe..3f53c3c4e94 100644
--- a/htdocs/core/class/commoninvoice.class.php
+++ b/htdocs/core/class/commoninvoice.class.php
@@ -1761,6 +1761,7 @@ abstract class CommonInvoice extends CommonObject
}
// Header
+ $s = '';
$s .= "SPC\n";
$s .= "0200\n";
$s .= "1\n";
diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index 80011c8e885..d00a4cfc3bc 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -8066,8 +8066,10 @@ abstract class CommonObject
$out .= ' ';
$out .= "\n";
+ $nbofextrafieldsshown = 0;
$extrafields_collapse_num = '';
- $e = 0;
+ $e = 0; // var to manage the modulo (odd/even)
+
foreach ($extrafields->attributes[$this->table_element]['label'] as $key => $label) {
// Show only the key field in params
if (is_array($params) && array_key_exists('onlykey', $params) && $key != $params['onlykey']) {
@@ -8151,6 +8153,8 @@ abstract class CommonObject
break;
}
+ $nbofextrafieldsshown++;
+
// Output value of the current field
if ($extrafields->attributes[$this->table_element]['type'][$key] == 'separate') {
$extrafields_collapse_num = '';
@@ -8247,7 +8251,7 @@ abstract class CommonObject
$out .= '
';
- $out .= '
' : '
');
}
+
$e++;
}
}
@@ -8315,6 +8320,10 @@ abstract class CommonObject
}
$out .= ' '."\n";
+
+ if (empty($nbofextrafieldsshown)) {
+ $out = '';
+ }
}
}
@@ -9068,7 +9077,7 @@ abstract class CommonObject
/**
* Function to concat keys of fields
*
- * @param string $alias String of alias of table for fields. For example 't'.
+ * @param string $alias String of alias of table for fields. For example 't'. It is recommended to use '' and set alias into fields defintion.
* @return string list of alias fields
*/
public function getFieldList($alias = '')
diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php
index cb984736b66..95601354578 100644
--- a/htdocs/core/class/extrafields.class.php
+++ b/htdocs/core/class/extrafields.class.php
@@ -10,6 +10,7 @@
* Copyright (C) 2016 Raphaël Doursenaud
* Copyright (C) 2017 Nicolas ZABOURI
* Copyright (C) 2018-2022 Frédéric France
+ * Copyright (C) 2022 Antonin MARCHAL
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -1758,7 +1759,12 @@ class ExtraFields
dol_syslog(get_class($this).'::showOutputField error '.$this->db->lasterror(), LOG_WARNING);
}
} elseif ($type == 'radio') {
- $value = $langs->trans($param['options'][$value]);
+ if (!isset($param['options'][$value])) {
+ $langs->load('errors');
+ $value = $langs->trans('ErrorNoValueForRadioType');
+ } else {
+ $value = $langs->trans($param['options'][$value]);
+ }
} elseif ($type == 'checkbox') {
$value_arr = explode(',', $value);
$value = '';
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 3d929307e2f..9f0f55220e7 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -6279,8 +6279,10 @@ class Form
// Definition du taux a pre-selectionner (si defaulttx non force et donc vaut -1 ou '')
if ($defaulttx < 0 || dol_strlen($defaulttx) == 0) {
$tmpthirdparty = new Societe($this->db);
+
$defaulttx = get_default_tva($societe_vendeuse, (is_object($societe_acheteuse) ? $societe_acheteuse : $tmpthirdparty), $idprod);
$defaultnpr = get_default_npr($societe_vendeuse, (is_object($societe_acheteuse) ? $societe_acheteuse : $tmpthirdparty), $idprod);
+
if (preg_match('/\((.*)\)/', $defaulttx, $reg)) {
$defaultcode = $reg[1];
$defaulttx = preg_replace('/\s*\(.*\)/', '', $defaulttx);
@@ -6290,13 +6292,22 @@ class Form
}
}
- // Si taux par defaut n'a pu etre determine, on prend dernier de la liste.
- // Comme ils sont tries par ordre croissant, dernier = plus eleve = taux courant
+ // If we fails to find a default vat rate, we take the last one in list
+ // Because they are sorted in ascending order, the last one will be the higher one (we suppose the higher one is the current rate)
if ($defaulttx < 0 || dol_strlen($defaulttx) == 0) {
if (empty($conf->global->MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS)) {
+ // We take the last one found in list
$defaulttx = $this->cache_vatrates[$num - 1]['txtva'];
} else {
- $defaulttx = ($conf->global->MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS == 'none' ? '' : $conf->global->MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS);
+ // We will use the rate defined into MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS
+ $defaulttx = '';
+ if ($conf->global->MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS != 'none') {
+ $defaulttx = $conf->global->MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS;
+ }
+ if (preg_match('/\((.*)\)/', $defaulttx, $reg)) {
+ $defaultcode = $reg[1];
+ $defaulttx = preg_replace('/\s*\(.*\)/', '', $defaulttx);
+ }
}
}
@@ -6307,7 +6318,7 @@ class Form
// Override/enable VAT for expense report regardless of global setting - needed if expense report used for business expenses instead
// of using supplier invoices (this is a very bad idea !)
if (empty($conf->global->EXPENSEREPORT_OVERRIDE_VAT)) {
- $title = ' title="'.$langs->trans('VATIsNotUsed').'"';
+ $title = ' title="'.dol_escape_htmltag($langs->trans('VATIsNotUsed')).'"';
$disabled = true;
}
}
@@ -6346,12 +6357,16 @@ class Form
}
}
$return .= '>';
- //if (!empty($conf->global->MAIN_VAT_SHOW_POSITIVE_RATES))
+
+ // Show label of VAT
if ($mysoc->country_code == 'IN' || !empty($conf->global->MAIN_VAT_LABEL_IS_POSITIVE_RATES)) {
+ // Label with all localtax and code. For example: x.y / a.b / c.d (CODE)'
$return .= $rate['labelpositiverates'];
} else {
+ // Simple label
$return .= vatrate($rate['label']);
}
+
//$return.=($rate['code']?' '.$rate['code']:'');
$return .= (empty($rate['code']) && $rate['nprtva']) ? ' *' : ''; // We show the * (old behaviour only if new vat code is not used)
@@ -6360,7 +6375,7 @@ class Form
if (!$options_only) {
$return .= '';
- //$return .= ajax_combobox($htmlname); // This break for the moment dynamic autoselection of a value when selecting a product in object lines
+ //$return .= ajax_combobox($htmlname); // This break for the moment the dynamic autoselection of a value when selecting a product in object lines
}
} else {
$return .= $this->error;
@@ -8059,7 +8074,7 @@ class Form
if (empty($nohtmlescape)) {
$selectOptionValue = dol_escape_htmltag($maxlen ?dol_trunc($value, $maxlen) : $value);
} else {
- $selectOptionValue = $maxlen ?dol_trunc($value, $maxlen) : $value;
+ $selectOptionValue = $maxlen ? dol_trunc($value, $maxlen) : $value;
}
if ($value == '' || $value == '-') {
$selectOptionValue = ' ';
@@ -9059,7 +9074,7 @@ class Form
$resultyesno .= ''."\n";
if ($addjscombo) {
- $resultyesno .= ajax_combobox($htmlname);
+ $resultyesno .= ajax_combobox($htmlname, array(), 0, 0, 'resolve', ($useempty < 0 ? (string) $useempty : '-1'), $morecss);
}
return $resultyesno;
diff --git a/htdocs/core/class/html.formmargin.class.php b/htdocs/core/class/html.formmargin.class.php
index 513d964014a..bf5233c0c6e 100644
--- a/htdocs/core/class/html.formmargin.class.php
+++ b/htdocs/core/class/html.formmargin.class.php
@@ -218,25 +218,25 @@ class FormMargin
if ($reshook < 0) {
setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
} elseif (empty($reshook)) {
- if (!empty($conf->global->MARGIN_ADD_SHOWHIDE_BUTTON)) { // TODO Warning this feature rely on an external js file that may be removed. Using native js function document.cookie should be better
- print $langs->trans('ShowMarginInfos') . ' : ';
+ if (!empty($conf->global->MARGIN_ADD_SHOWHIDE_BUTTON)) {
+ print $langs->trans('ShowMarginInfos') . ' ';
$hidemargininfos = preg_replace('/[^a-zA-Z0-9_\-]/', '', $_COOKIE['DOLUSER_MARGININFO_HIDE_SHOW']); // Clean cookie
- print '' . img_picto($langs->trans("Disabled"), 'switch_off') . '';
- print '' . img_picto($langs->trans("Enabled"), 'switch_on') . '';
+ print '' . img_picto($langs->trans("Disabled"), 'switch_off') . '';
+ print '' . img_picto($langs->trans("Enabled"), 'switch_on') . '';
print '';
if (!empty($hidemargininfos)) {
- print '';
+ print '';
}
}
print '
';
print '' . "\n";
- print '
';
+ print '
';
print '
';
print '
' . $langs->trans('Margins') . '
';
print '
' . $langs->trans('SellingPrice') . '
';
diff --git a/htdocs/core/class/html.formpropal.class.php b/htdocs/core/class/html.formpropal.class.php
index 87919141727..e23e71a8124 100644
--- a/htdocs/core/class/html.formpropal.class.php
+++ b/htdocs/core/class/html.formpropal.class.php
@@ -134,6 +134,6 @@ class FormPropal
}
print '';
- print ajax_combobox($htmlname);
+ print ajax_combobox($htmlname, array(), 0, 0, 'resolve', ($showempty < 0 ? (string) $showempty : '-1'), $morecss);
}
}
diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php
index 16b2fd956fe..e2659e224a4 100644
--- a/htdocs/core/db/DoliDB.class.php
+++ b/htdocs/core/db/DoliDB.class.php
@@ -107,6 +107,25 @@ abstract class DoliDB implements Database
return '';
}
+
+ /**
+ * Format a SQL REGEXP
+ *
+ * @param string $subject string tested
+ * @param string $pattern SQL pattern to match
+ * @param string $sqlstring whether or not the string being tested is an SQL expression
+ * @return string SQL string
+ */
+ public function regexpsql($subject, $pattern, $sqlstring = false)
+ {
+ if ($sqlstring) {
+ return "(". $subject ." REGEXP '" . $pattern . "')";
+ }
+
+ return "('". $subject ."' REGEXP '" . $pattern . "')";
+ }
+
+
/**
* Convert (by PHP) a GM Timestamp date into a string date with PHP server TZ to insert into a date field.
* Function to use to build INSERT, UPDATE or WHERE predica
diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php
index 0515a043fd1..28ac15a43ff 100644
--- a/htdocs/core/db/pgsql.class.php
+++ b/htdocs/core/db/pgsql.class.php
@@ -757,6 +757,24 @@ class DoliDBPgsql extends DoliDB
return '(CASE WHEN '.$test.' THEN '.$resok.' ELSE '.$resko.' END)';
}
+ /**
+ * Format a SQL REGEXP
+ *
+ * @param string $subject string tested
+ * @param string $pattern SQL pattern to match
+ * @param string $sqlstring whether or not the string being tested is an SQL expression
+ * @return string SQL string
+ */
+ public function regexpsql($subject, $pattern, $sqlstring = false)
+ {
+ if ($sqlstring) {
+ return "(". $subject ." ~ '" . $pattern . "')";
+ }
+
+ return "('". $subject ."' ~ '" . $pattern . "')";
+ }
+
+
/**
* Renvoie le code erreur generique de l'operation precedente.
*
@@ -1220,7 +1238,7 @@ class DoliDBPgsql extends DoliDB
// phpcs:enable
$sql = "ALTER TABLE ".$table;
$sql .= " MODIFY COLUMN ".$field_name." ".$field_desc['type'];
- if (in_array($field_desc['type'], array('double', 'tinyint', 'int', 'varchar')) && $field_desc['value']) {
+ if (in_array($field_desc['type'], array('double', 'varchar')) && $field_desc['value']) {
$sql .= "(".$field_desc['value'].")";
}
diff --git a/htdocs/core/lib/ajax.lib.php b/htdocs/core/lib/ajax.lib.php
index 194dd7c7925..cc871de9709 100644
--- a/htdocs/core/lib/ajax.lib.php
+++ b/htdocs/core/lib/ajax.lib.php
@@ -165,7 +165,9 @@ function ajax_autocompleter($selected, $htmlname, $url, $urloption = '', $minLen
price_unit_ht_locale: item.price_unit_ht_locale,
description : item.description,
ref_customer: item.ref_customer,
- tva_tx: item.tva_tx }
+ tva_tx: item.tva_tx,
+ default_vat_code: item.default_vat_code
+ }
}));
} else {
console.error("Error: Ajax url '.$url.($urloption ? '?'.$urloption : '').' has returned an empty page. Should be an empty json array.");
@@ -178,7 +180,8 @@ function ajax_autocompleter($selected, $htmlname, $url, $urloption = '', $minLen
console.log("We will trigger change on input '.$htmlname.' because of the select definition of autocomplete code for input#search_'.$htmlname.'");
console.log("Selected id = "+ui.item.id+" - If this value is null, it means you select a record with key that is null so selection is not effective");
- console.log("Propagate before some properties retrieved by ajax into data-xxx properties");
+ console.log("Propagate before some properties retrieved by ajax into data-xxx properties of #'.$htmlnamejquery.' component");
+ //console.log(ui.item);
// For supplier price and customer when price by quantity is off
$("#'.$htmlnamejquery.'").attr("data-up", ui.item.price_ht);
@@ -189,6 +192,7 @@ function ajax_autocompleter($selected, $htmlname, $url, $urloption = '', $minLen
$("#'.$htmlnamejquery.'").attr("data-description", ui.item.description);
$("#'.$htmlnamejquery.'").attr("data-ref-customer", ui.item.ref_customer);
$("#'.$htmlnamejquery.'").attr("data-tvatx", ui.item.tva_tx);
+ $("#'.$htmlnamejquery.'").attr("data-default-vat-code", ui.item.default_vat_code);
';
if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY)) {
$script .= '
diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php
index c720e05797a..a8062d624f0 100644
--- a/htdocs/core/lib/company.lib.php
+++ b/htdocs/core/lib/company.lib.php
@@ -1183,7 +1183,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '', $showuserl
if (!empty($arrayfields['t.'.$key]['checked']) || !empty($arrayfields['sc.'.$key]['checked'])) {
print '
';
if (in_array($key, array('statut'))) {
- print $form->selectarray('search_status', array('-1'=>'', '0'=>$contactstatic->LibStatut(0, 1), '1'=>$contactstatic->LibStatut(1, 1)), $search_status);
+ print $form->selectarray('search_status', array('-1'=>'', '0'=>$contactstatic->LibStatut(0, 1), '1'=>$contactstatic->LibStatut(1, 1)), $search_status, 0, 0, 0, '', 0, 0, 0, '', 'onrightofpage');
} elseif (in_array($key, array('role'))) {
print $formcompany->showRoles("search_roles", $contactstatic, 'edit', $search_roles, 'minwidth200 maxwidth300');
} else {
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 7c28fd4dc19..11ac2edba61 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -4070,7 +4070,8 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
'shapes', 'square', 'stop-circle', 'supplier', 'supplier_proposal', 'supplier_order', 'supplier_invoice',
'timespent', 'title_setup', 'title_accountancy', 'title_bank', 'title_hrm', 'title_agenda',
'uncheck', 'url', 'user-cog', 'user-injured', 'user-md', 'vat', 'website', 'workstation', 'webhook', 'world', 'private',
- 'conferenceorbooth', 'eventorganization'
+ 'conferenceorbooth', 'eventorganization',
+ 'stamp', 'signature'
))) {
$fakey = $pictowithouttext;
$facolor = '';
@@ -6264,10 +6265,10 @@ function getLocalTaxesFromRate($vatrate, $local, $buyer, $seller, $firstparamisi
* Return vat rate of a product in a particular country, or default country vat if product is unknown.
* Function called by get_default_tva().
*
- * @param int $idprod Id of product or 0 if not a predefined product
- * @param Societe $thirdpartytouse Thirdparty with a ->country_code defined (FR, US, IT, ...)
- * @param int $idprodfournprice Id product_fournisseur_price (for "supplier" proposal/order/invoice)
- * @return float|string Vat rate to use with format 5.0 or '5.0 (XXX)'
+ * @param int $idprod Id of product or 0 if not a predefined product
+ * @param Societe $thirdpartytouse Thirdparty with a ->country_code defined (FR, US, IT, ...)
+ * @param int $idprodfournprice Id product_fournisseur_price (for "supplier" proposal/order/invoice)
+ * @return float|string Vat rate to use with format 5.0 or '5.0 (XXX)'
* @see get_product_localtax_for_country()
*/
function get_product_vat_for_country($idprod, $thirdpartytouse, $idprodfournprice = 0)
@@ -6282,7 +6283,7 @@ function get_product_vat_for_country($idprod, $thirdpartytouse, $idprodfournpric
if ($idprod > 0) {
// Load product
$product = new Product($db);
- $result = $product->fetch($idprod);
+ $product->fetch($idprod);
if ($mysoc->country_code == $thirdpartytouse->country_code) { // If country to consider is ours
if ($idprodfournprice > 0) { // We want vat for product for a "supplier" object
@@ -6306,11 +6307,11 @@ function get_product_vat_for_country($idprod, $thirdpartytouse, $idprodfournpric
if (!$found) {
if (empty($conf->global->MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS)) {
- // If vat of product for the country not found or not defined, we return the first higher vat of country.
+ // If vat of product for the country not found or not defined, we return the first rate found (sorting on use_default, then on higher vat of country).
$sql = "SELECT t.taux as vat_rate, t.code as default_vat_code";
$sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c";
- $sql .= " WHERE t.active=1 AND t.fk_pays = c.rowid AND c.code='".$db->escape($thirdpartytouse->country_code)."'";
- $sql .= " ORDER BY t.taux DESC, t.code ASC, t.recuperableonly ASC";
+ $sql .= " WHERE t.active=1 AND t.fk_pays = c.rowid AND c.code = '".$db->escape($thirdpartytouse->country_code)."'";
+ $sql .= " ORDER BY t.use_default DESC, t.taux DESC, t.code ASC, t.recuperableonly ASC";
$sql .= $db->plimit(1);
$resql = $db->query($sql);
@@ -6327,7 +6328,17 @@ function get_product_vat_for_country($idprod, $thirdpartytouse, $idprodfournpric
dol_print_error($db);
}
} else {
- $ret = $conf->global->MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS; // Forced value if autodetect fails
+ // Forced value if autodetect fails. MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS can be '1.23' or '1.23 (CODE)'
+ $defaulttx = '';
+ if ($conf->global->MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS != 'none') {
+ $defaulttx = $conf->global->MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS;
+ }
+ /*if (preg_match('/\((.*)\)/', $defaulttx, $reg)) {
+ $defaultcode = $reg[1];
+ $defaulttx = preg_replace('/\s*\(.*\)/', '', $defaulttx);
+ }*/
+
+ $ret = $defaulttx;
}
}
@@ -6898,7 +6909,6 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1,
$stringtoclean = preg_replace('/:/i', ':', $stringtoclean);
$stringtoclean = preg_replace('/:|�+58|:/i', '', $stringtoclean); // refused string ':' encoded (no reason to have a : encoded like this) to disable 'javascript:...'
- $stringtoclean = preg_replace('/javascript\s*:/i', '', $stringtoclean);
$temp = strip_tags($stringtoclean, $allowed_tags_string); // Warning: This remove also undesired changing string obfuscated with that pass injection detection into harmfull string
@@ -6912,7 +6922,7 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1,
// Remove 'javascript:' that we should not find into a text with
// Warning: This is not reliable to fight against obfuscated javascript, there is a lot of other solution to include js into a common html tag (only filtered by a GETPOST(.., powerfullfilter)).
if ($cleanalsojavascript) {
- $temp = preg_replace('/javascript\s*:/i', '', $temp);
+ $temp = preg_replace('/j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*:/i', '', $temp);
}
$temp = str_replace('__!DOCTYPE_HTML__', '', $temp); // Restore the DOCTYPE
@@ -7138,6 +7148,9 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = '
}
}
+ // Clean some html entities that are useless so text is cleaner
+ $out = preg_replace('/&(tab|newline);/i', ' ', $out);
+
// Ckeditor use the numeric entitic for apostrophe so we force it to text entity (all other special chars are
// encoded using text entities) so we can then exclude all numeric entities.
$out = preg_replace('/'/i', ''', $out);
@@ -7145,24 +7158,24 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = '
// We replace chars from a/A to z/Z encoded with numeric HTML entities with the real char so we won't loose the chars at the next step (preg_replace).
// No need to use a loop here, this step is not to sanitize (this is done at next step, this is to try to save chars, even if they are
// using a non coventionnel way to be encoded, to not have them sanitized just after)
- //$out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $out);
- $out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) {
- return realCharForNumericEntities($m); }, $out);
+ $out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) {
+ return realCharForNumericEntities($m); }, $out);
- // Now we remove all remaining HTML entities starting with a number. We don't want such entities.
- $out = preg_replace('/&#x?[0-9]+/i', '', $out); // For example if we have javascript with an entities without the ; to hide the 'a' of 'javascript'.
+ // Now we remove all remaining HTML entities starting with a number. We don't want such entities.
+ $out = preg_replace('/&#x?[0-9]+/i', '', $out); // For example if we have javascript with an entities without the ; to hide the 'a' of 'javascript'.
- $out = dol_string_onlythesehtmltags($out, 0, 1, 1);
+ // Keep only some html tags and remove also some 'javascript:' strings
+ $out = dol_string_onlythesehtmltags($out, 0, 1, 1);
- // We should also exclude non expected HTML attributes and clean content of some attributes.
+ // We should also exclude non expected HTML attributes and clean content of some attributes (keep only alt=, title=...).
if (!empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)) {
// Warning, the function may add a LF so we are forced to trim to compare with old $out without having always a difference and an infinit loop.
$out = dol_string_onlythesehtmlattributes($out);
}
- // Restore entity ' into ' (restricthtml is for html content so we can use html entity)
- $out = preg_replace('/'/i', "'", $out);
+ // Restore entity ' into ' (restricthtml is for html content so we can use html entity)
+ $out = preg_replace('/'/i', "'", $out);
} while ($oldstringtoclean != $out);
// Check the limit of external links in a Rich text content. We count 'trans('Day'.$tmp['wday']);
$substitutionarray = array_merge($substitutionarray, array(
+ '__NOW_TMS__' => (int) $now,
+ '__NOW_TMS_YMD__' => dol_print_date($now, 'day', 0, $outputlangs),
'__DAY__' => (string) $tmp['mday'],
'__DAY_TEXT__' => $daytext, // Monday
'__DAY_TEXT_SHORT__' => dol_trunc($daytext, 3, 'right', 'UTF-8', 1), // Mon
diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php
index 9295c749732..bd5a4b16691 100644
--- a/htdocs/core/lib/functions2.lib.php
+++ b/htdocs/core/lib/functions2.lib.php
@@ -1282,6 +1282,12 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $
$sql .= " FROM ".MAIN_DB_PREFIX.$table;
$sql .= " WHERE ".$field." LIKE '".$db->escape($maskLike)."'";
$sql .= " AND ".$field." NOT LIKE '(PROV%)'";
+
+ // To ensure that all variables within the MAX() brackets are integers
+ if (getDolGlobalInt('MAIN_NUMBERING_FILTER_ON_INT_ONLY')) {
+ $sql .= " AND ". $db->regexpsql($sqlstring, '^[0-9]+$', true);
+ }
+
if ($bentityon) { // only if entity enable
$sql .= " AND entity IN (".getEntity($sharetable).")";
} elseif (!empty($forceentity)) {
diff --git a/htdocs/core/lib/project.lib.php b/htdocs/core/lib/project.lib.php
index a5c84e17ed7..b944e8b47a5 100644
--- a/htdocs/core/lib/project.lib.php
+++ b/htdocs/core/lib/project.lib.php
@@ -209,6 +209,19 @@ function project_prepare_head(Project $project, $moreparam = '')
$h++;
}
+ if (isModEnabled('ticket') && $user->hasRight('ticket', 'read')) {
+ require_once DOL_DOCUMENT_ROOT.'/ticket/class/ticket.class.php';
+ $Tickettatic = new Ticket($db);
+ $nbTicket = count($Tickettatic->getAllItemsLinkedByObjectID($project->id, '*', 'fk_project', 'ticket'));
+ $head[$h][0] = DOL_URL_ROOT.'/ticket/list.php?projectid='.((int) $project->id);
+ $head[$h][1] = $langs->trans("Ticket");
+ if ($nbTicket > 0) {
+ $head[$h][1] .= ''.($nbTicket).'';
+ }
+ $head[$h][2] = 'ticket';
+ $h++;
+ }
+
if (isModEnabled('eventorganization') && !empty($project->usage_organize_event)) {
$langs->load('eventorganization');
$head[$h][0] = DOL_URL_ROOT . '/eventorganization/conferenceorbooth_list.php?projectid=' . $project->id;
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 8e1ed6cebd1..3ec94953284 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -318,27 +318,32 @@ function dolGetLdapPasswordHash($password, $type = 'md5')
* If GETPOST('action','aZ09') defined, we also check write and delete permission.
* This method check permission on module then call checkUserAccessToObject() for permission on object (according to entity and socid of user).
*
- * @param User $user User to check
- * @param string $features Features to check (it must be module $object->element. Can be a 'or' check with 'levela|levelb'.
- * Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
- * This is used to check permission $user->rights->features->...
- * @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
- * @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany module. Param not used if objectid is null (optional).
- * @param string $feature2 Feature to check, second level of permission (optional). Can be a 'or' check with 'sublevela|sublevelb'.
- * This is used to check permission $user->rights->features->feature2...
- * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
- * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
- * @param int $isdraft 1=The object with id=$objectid is a draft
- * @param int $mode Mode (0=default, 1=return without dieing)
- * @return int If mode = 0 (default): Always 1, die process if not allowed. If mode = 1: Return 0 if access not allowed.
+ * @param User $user User to check
+ * @param string $features Features to check (it must be module $object->element. Can be a 'or' check with 'levela|levelb'.
+ * Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
+ * This is used to check permission $user->rights->features->...
+ * @param int|string|object $object Object or Object ID or list of Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
+ * @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany module. Param not used if objectid is null (optional).
+ * @param string $feature2 Feature to check, second level of permission (optional). Can be a 'or' check with 'sublevela|sublevelb'.
+ * This is used to check permission $user->rights->features->feature2...
+ * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional). Can use '' if NA.
+ * @param string $dbt_select Field name for select if not "rowid". Not used if objectid is null (optional)
+ * @param int $isdraft 1=The object with id=$objectid is a draft
+ * @param int $mode Mode (0=default, 1=return without dieing)
+ * @return int If mode = 0 (default): Always 1, die process if not allowed. If mode = 1: Return 0 if access not allowed.
* @see dol_check_secure_access_document(), checkUserAccessToObject()
*/
-function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0)
+function restrictedArea(User $user, $features, $object = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0)
{
global $db, $conf;
global $hookmanager;
- $objectid = ((int) $objectid); // For the case value is coming from a non sanitized user input
+ if (is_object($object)) {
+ $objectid = $object->id;
+ } else {
+ $objectid = $object; // $objectid can be X or 'X,Y,Z'
+ }
+ $objectid = preg_replace('/[^0-9\.\,]/', '', $objectid); // For the case value is coming from a non sanitized user input
//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
//print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
@@ -391,11 +396,6 @@ function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '
return 1;
}
- // To avoid access forbidden with numeric ref
- if ($dbt_select != 'rowid' && $dbt_select != 'id') {
- $objectid = "'".$objectid."'";
- }
-
// Features/modules to check
$featuresarray = array($features);
if (preg_match('/&/', $features)) {
@@ -426,7 +426,7 @@ function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '
}
if ($feature == 'societe') {
- if (!$user->hasRight('societe', 'lire') && empty($user->rights->fournisseur->lire)) {
+ if (!$user->hasRight('societe', 'lire') && !$user->hasRight('fournisseur', 'lire')) {
$readok = 0;
$nbko++;
}
@@ -436,12 +436,12 @@ function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '
$nbko++;
}
} elseif ($feature == 'produit|service') {
- if (!$user->rights->produit->lire && !$user->rights->service->lire) {
+ if (empty($user->rights->produit->lire) && empty($user->rights->service->lire)) {
$readok = 0;
$nbko++;
}
} elseif ($feature == 'prelevement') {
- if (!$user->rights->prelevement->bons->lire) {
+ if (empty($user->rights->prelevement->bons->lire)) {
$readok = 0;
$nbko++;
}
@@ -451,12 +451,12 @@ function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '
$nbko++;
}
} elseif ($feature == 'projet') {
- if (!$user->rights->projet->lire && empty($user->rights->projet->all->lire)) {
+ if (empty($user->rights->projet->lire) && empty($user->rights->projet->all->lire)) {
$readok = 0;
$nbko++;
}
} elseif ($feature == 'payment') {
- if (!$user->rights->facture->lire) {
+ if (empty($user->rights->facture->lire)) {
$readok = 0;
$nbko++;
}
@@ -716,7 +716,7 @@ function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '
// If we have a particular object to check permissions on, we check if $user has permission
// for this given object (link to company, is contact for project, ...)
if (!empty($objectid) && $objectid > 0) {
- $ok = checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
+ $ok = checkUserAccessToObject($user, $featuresarray, $object, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
$params = array('objectid' => $objectid, 'features' => join(',', $featuresarray), 'features2' => $feature2);
//print 'checkUserAccessToObject ok='.$ok;
if ($mode) {
@@ -737,9 +737,9 @@ function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '
* @param array $featuresarray Features/modules to check. Example: ('user','service','member','project','task',...)
* @param int|string|Object $object Full object or object ID or list of object id. For example if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany modume. Param not used if objectid is null (optional).
- * @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
- * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
- * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
+ * @param array|string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
+ * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional). Can use '' if NA.
+ * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional).
* @param string $parenttableforentity Parent table for entity. Example 'fk_website@website'
* @return bool True if user has access, False otherwise
* @see restrictedArea()
@@ -753,9 +753,10 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
} else {
$objectid = $object; // $objectid can be X or 'X,Y,Z'
}
+ $objectid = preg_replace('/[^0-9\.\,]/', '', $objectid); // For the case value is coming from a non sanitized user input
//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
- //print "user_id=".$user->id.", features=".join(',', $featuresarray).", feature2=".$feature2.", objectid=".$objectid;
+ //print "user_id=".$user->id.", features=".join(',', $featuresarray).", objectid=".$objectid;
//print ", tableandshare=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select." ";
// More parameters
@@ -783,12 +784,13 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
// Array to define rules of checks to do
$check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website', 'recruitment'); // Test on entity only (Objects with no link to company)
- $checksoc = array('societe'); // Test for societe object
+ $checksoc = array('societe'); // Test for object Societe
$checkother = array('contact', 'agenda'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet', 'project'); // Test for project object
$checktask = array('projet_task'); // Test for task object
- $checkhierarchy = array('expensereport', 'holiday');
+ $checkhierarchy = array('expensereport', 'holiday'); // check permission among the hierarchy of user
$nocheck = array('barcode', 'stock'); // No test
+
//$checkdefault = 'all other not already defined'; // Test on entity + link to third party on field $dbt_keyfield. Not allowed if link is empty (Ex: invoice, orders...).
// If dbtablename not defined, we use same name for table than module name
@@ -797,6 +799,11 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
$sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename); // We change dbtablename, so we set sharedelement too.
}
+ // To avoid an access forbidden with a numeric ref
+ if ($dbt_select != 'rowid' && $dbt_select != 'id') {
+ $objectid = "'".$objectid."'"; // Note: $objectid was already cast into int at begin of this method.
+ }
+
// Check permission for objectid on entity only
if (in_array($feature, $check) && $objectid > 0) { // For $objectid = 0, no check
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php
index 8f19a273586..b33ad1333ef 100644
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@@ -193,22 +193,24 @@ if (!function_exists('dol_loginfunction')) {
$sessiontimeout = 'DOLSESSTIMEOUT_'.$prefix;
if (!empty($conf->global->MAIN_SESSION_TIMEOUT)) {
- if (PHP_VERSION_ID < 70300) {
- session_set_cookie_params(0, '/', null, ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true), true); // Add tag secure and httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.
- } else {
- // Only available for php >= 7.3
- $sessioncookieparams = array(
- 'lifetime' => 0,
- 'path' => '/',
- //'domain' => '.mywebsite.com', // the dot at the beginning allows compatibility with subdomains
- 'secure' => ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true),
- 'httponly' => true,
- 'samesite' => 'Lax' // None || Lax || Strict
- );
- session_set_cookie_params($sessioncookieparams);
- }
+ if (session_status() != PHP_SESSION_ACTIVE) {
+ if (PHP_VERSION_ID < 70300) {
+ session_set_cookie_params(0, '/', null, ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true), true); // Add tag secure and httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.
+ } else {
+ // Only available for php >= 7.3
+ $sessioncookieparams = array(
+ 'lifetime' => 0,
+ 'path' => '/',
+ //'domain' => '.mywebsite.com', // the dot at the beginning allows compatibility with subdomains
+ 'secure' => ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true),
+ 'httponly' => true,
+ 'samesite' => 'Lax' // None || Lax || Strict
+ );
+ session_set_cookie_params($sessioncookieparams);
+ }
- setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, (empty($dolibarr_main_force_https) ? false : true), true);
+ setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, (empty($dolibarr_main_force_https) ? false : true), true);
+ }
}
if (GETPOST('urlfrom', 'alpha')) {
diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index a09f85e1f4e..398aa6421a7 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -1726,10 +1726,10 @@ function get_left_menu_accountancy($mainmenu, &$newmenu, $usemenuhider = 1, $lef
if ($nature) {
$langs->load('accountancy');
- $journallabel = $langs->transnoentities($objp->label); // Labels in this table are set by loading llx_accounting_abc.sql. Label can be 'ACCOUNTING_SELL_JOURNAL', 'InventoryJournal', ...
+ $journallabel = $langs->transnoentities($objp->label); // Label of bank account in llx_accounting_journal
$key = $langs->trans("AccountingJournalType".strtoupper($objp->nature));
- $transferlabel = ($objp->nature && $key != "AccountingJournalType".strtoupper($langs->trans($objp->nature)) ? $key : $objp->label);
+ $transferlabel = ($objp->nature && $key != "AccountingJournalType".strtoupper($langs->trans($objp->nature)) ? $key.($journallabel != $key ? ' '.$journallabel : ''): $journallabel);
$newmenu->add('/accountancy/journal/'.$nature.'journal.php?mainmenu=accountancy&leftmenu=accountancy_journal&id_journal='.$objp->rowid, $transferlabel, 2, $user->hasRight('accounting', 'comptarapport', 'lire'));
}
diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
index 654f804b0d8..ee4cc9b5d0d 100644
--- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
+++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
@@ -752,10 +752,18 @@ class pdf_crabe extends ModelePDFFactures
// retrieve global local tax
if ($localtax1_type && $localtax1ligne != 0) {
- $this->localtax1[$localtax1_type][$localtax1_rate] += $localtax1ligne;
+ if (empty($this->localtax1[$localtax1_type][$localtax1_rate])) {
+ $this->localtax1[$localtax1_type][$localtax1_rate] = $localtax1ligne;
+ } else {
+ $this->localtax1[$localtax1_type][$localtax1_rate] += $localtax1ligne;
+ }
}
if ($localtax2_type && $localtax2ligne != 0) {
- $this->localtax2[$localtax2_type][$localtax2_rate] += $localtax2ligne;
+ if (empty($this->localtax2[$localtax2_type][$localtax2_rate])) {
+ $this->localtax2[$localtax2_type][$localtax2_rate] = $localtax2ligne;
+ } else {
+ $this->localtax2[$localtax2_type][$localtax2_rate] += $localtax2ligne;
+ }
}
if (($object->lines[$i]->info_bits & 0x01) == 0x01) {
diff --git a/htdocs/core/modules/modProjet.class.php b/htdocs/core/modules/modProjet.class.php
index 89e57be51bb..8bc8e03adb2 100644
--- a/htdocs/core/modules/modProjet.class.php
+++ b/htdocs/core/modules/modProjet.class.php
@@ -214,7 +214,7 @@ class modProjet extends DolibarrModules
$this->menu = 1; // This module add menu entries. They are coded into menu manager.
- //Exports
+ // Exports
//--------
$r = 1;
@@ -291,6 +291,40 @@ class modProjet extends DolibarrModules
}
$this->export_sql_end[$r] .= " WHERE p.entity IN (".getEntity('project').")";
+ // Import project/opportunities
+ $r++;
+ $this->import_code[$r] = 'projects';
+ $this->import_label[$r] = 'ImportDatasetProjects';
+ $this->import_icon[$r] = 'project';
+ $this->import_entities_array[$r] = array(); // We define here only fields that use another icon that the one defined into import_icon
+ $this->import_tables_array[$r] = array('t'=>MAIN_DB_PREFIX.'projet', 'extra'=>MAIN_DB_PREFIX.'projet_extrafields'); // List of tables to insert into (insert done in same order)
+ $this->import_fields_array[$r] = array('t.ref'=>'ProjectRef*', 't.title'=>'Label*', 't.description'=>"Description", 't.fk_soc' => 'ThirdPartyName', 't.public'=>"Public", 't.fk_statut'=>"Status");
+ $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('t.fk_opp_status'=>"OpportunityStatus", 't.opp_percent'=>"OpportunityProbability", 't.opp_amount'=>"OpportunityAmount", 't.note_public'=>"NotePublic", 't.note_private'=>"NotePrivate", 't.budget_amount'=>"Budget", 't.dateo'=>"DateStart", 't.datee'=>"DateEnd"));
+ // Add extra fields
+ $sql = "SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE type <> 'separate' AND elementtype = 'projet' AND entity IN (0,".$conf->entity.")";
+ $resql = $this->db->query($sql);
+ if ($resql) { // This can fail when class is used on old database (during migration for example)
+ while ($obj = $this->db->fetch_object($resql)) {
+ $fieldname = 'extra.'.$obj->name;
+ $fieldlabel = ucfirst($obj->label);
+ $this->import_fields_array[$r][$fieldname] = $fieldlabel.($obj->fieldrequired ? '*' : '');
+ }
+ }
+ // End add extra fields
+ $this->import_fieldshidden_array[$r] = array('t.fk_user_creat'=>'user->id', 'extra.fk_object'=>'lastrowid-'.MAIN_DB_PREFIX.'projet'); // aliastable.field => ('user->id' or 'lastrowid-'.tableparent)
+ $this->import_convertvalue_array[$r] = array(
+ 't.ref'=>array('rule'=>'getrefifauto', 'class'=>(empty($conf->global->PROJECT_ADDON) ? 'mod_project_simple' : $conf->global->PROJECT_ADDON), 'path'=>"/core/modules/project/".(empty($conf->global->PROJECT_ADDON) ? 'mod_project_simple' : $conf->global->PROJECT_ADDON).'.php'),
+ 't.fk_soc' => array(
+ 'rule' => 'fetchidfromref',
+ 'file' => '/societe/class/societe.class.php',
+ 'class' => 'Societe',
+ 'method' => 'fetch',
+ 'element' => 'ThirdParty'
+ ),
+ );
+ //$this->import_convertvalue_array[$r]=array('s.fk_soc'=>array('rule'=>'lastrowid',table='t');
+ $this->import_regex_array[$r] = array('t.dateo'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', 't.datee'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', 't.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]( [0-9][0-9]:[0-9][0-9]:[0-9][0-9])?$');
+ $this->import_examplevalues_array[$r] = array('t.fk_soc'=>'ThirdParty', 't.ref'=>"auto or PJ2010-1234", 't.title'=>"My project", 't.fk_statut'=>'0,1 or 2', 't.datec'=>'1972-10-10', 't.note_private'=>"My private note", 't.note_public'=>"My public note");
// Import list of tasks
if (empty($conf->global->PROJECT_HIDE_TASKS)) {
diff --git a/htdocs/core/modules/modTicket.class.php b/htdocs/core/modules/modTicket.class.php
index f34398abc4b..c8d2d8d5a4f 100644
--- a/htdocs/core/modules/modTicket.class.php
+++ b/htdocs/core/modules/modTicket.class.php
@@ -124,7 +124,6 @@ class modTicket extends DolibarrModules
$this->tabs = array(
'thirdparty:+ticket:Tickets:ticket:$user->rights->ticket->read:/ticket/list.php?socid=__ID__',
- 'project:+ticket:Tickets:ticket:$user->rights->ticket->read:/ticket/list.php?projectid=__ID__',
);
// Dictionaries
diff --git a/htdocs/core/tpl/objectline_create.tpl.php b/htdocs/core/tpl/objectline_create.tpl.php
index 05b98f2907b..c0979a2b480 100644
--- a/htdocs/core/tpl/objectline_create.tpl.php
+++ b/htdocs/core/tpl/objectline_create.tpl.php
@@ -971,7 +971,15 @@ if (!empty($usemargins) && $user->rights->margins->creer) {
var tva_tx = parseFloat($('option:selected', this).attr('data-tvatx')); // When select is done from HTML select
if (isNaN(tva_tx)) { tva_tx = parseFloat(jQuery('#idprodfournprice').attr('data-tvatx'));} // When select is done from HTML input with ajax autocomplete
- console.log("objectline_create.tpl We find supplier price : up = "+up+", up_locale = "+up_locale+", qty = "+qty+", tva_tx = "+tva_tx+", discount = "+discount+" for product "+jQuery('#idprodfournprice').val());
+ var default_vat_code = $('option:selected', this).attr('data-default-vat-code'); // When select is done from HTML select
+ if (typeof default_vat_code === 'undefined') { default_vat_code = jQuery('#idprodfournprice').attr('data-default-vat-code');} // When select is done from HTML input with ajax autocomplete
+
+ var stringforvatrateselection = tva_tx;
+ if (typeof default_vat_code != 'undefined') {
+ stringforvatrateselection = stringforvatrateselection+' ('+default_vat_code+')';
+ }
+
+ console.log("objectline_create.tpl We find supplier price : up = "+up+", up_locale = "+up_locale+", qty = "+qty+", tva_tx = "+tva_tx+", default_vat_code = "+default_vat_code+", stringforvatrateselection="+stringforvatrateselection+", discount = "+discount+" for product supplier ref id = "+jQuery('#idprodfournprice').val());
if (typeof up_locale === 'undefined') {
jQuery("#price_ht").val(up);
@@ -979,8 +987,13 @@ if (!empty($usemargins) && $user->rights->margins->creer) {
jQuery("#price_ht").val(up_locale);
}
- /* $('#tva_tx option').removeAttr('selected').filter('[value='+tva_tx+']').prop('selected', true); */
- $('#tva_tx option').val(tva_tx);
+ // Set vat rate if field is an input box
+ $('#tva_tx').val(tva_tx);
+ // Set vat rate by selecting the combo
+ //$('#tva_tx option').val(tva_tx); // This is bugged, it replaces the vat key of all options
+ $('#tva_tx option').removeAttr('selected');
+ console.log("stringforvatrateselection="+stringforvatrateselection+" -> value of option for this selection="+$('#tva_tx option[value="'+stringforvatrateselection+'"]').val());
+ $('#tva_tx option[value="'+stringforvatrateselection+'"]').prop('selected', true);
if (jQuery("#qty").val() < qty) {
jQuery("#qty").val(qty);
diff --git a/htdocs/core/tpl/objectline_view.tpl.php b/htdocs/core/tpl/objectline_view.tpl.php
index c0a542479c6..98726638bec 100644
--- a/htdocs/core/tpl/objectline_view.tpl.php
+++ b/htdocs/core/tpl/objectline_view.tpl.php
@@ -353,19 +353,27 @@ if ($line->special_code == 3) { ?>
if (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) {
$tooltiponprice = $langs->transcountry("TotalHT", $mysoc->country_code).'='.price($line->total_ht);
$tooltiponprice .= ' '.$langs->transcountry("TotalVAT", ($senderissupplier ? $object->thirdparty->country_code : $mysoc->country_code)).'='.price($line->total_tva);
- if (!$senderissupplier && is_object($object->thirdparty)) {
+ if (is_object($object->thirdparty)) {
+ if ($senderissupplier) {
+ $seller = $object->thirdparty;
+ $buyer = $mysoc;
+ } else {
+ $seller = $mysoc;
+ $buyer = $object->thirdparty;
+ }
+
if ($mysoc->useLocalTax(1)) {
- if (($mysoc->country_code == $object->thirdparty->country_code) || $object->thirdparty->useLocalTax(1)) {
- $tooltiponprice .= ' '.$langs->transcountry("TotalLT1", ($senderissupplier ? $object->thirdparty->country_code : $mysoc->country_code)).'='.price($line->total_localtax1);
+ if (($seller->country_code == $buyer->country_code) || $line->total_localtax1 || $seller->useLocalTax(1)) {
+ $tooltiponprice .= ' '.$langs->transcountry("TotalLT1", $seller->country_code).'='.price($line->total_localtax1);
} else {
- $tooltiponprice .= ' '.$langs->transcountry("TotalLT1", ($senderissupplier ? $object->thirdparty->country_code : $mysoc->country_code)).'='.$langs->trans("NotUsedForThisCustomer").'';
+ $tooltiponprice .= ' '.$langs->transcountry("TotalLT1", $seller->country_code).'='.$langs->trans($senderissupplier ? "NotUsedForThisSupplier" : "NotUsedForThisCustomer").'';
}
}
if ($mysoc->useLocalTax(2)) {
- if (($mysoc->country_code == $object->thirdparty->country_code) || $object->thirdparty->useLocalTax(2)) {
- $tooltiponprice .= ' '.$langs->transcountry("TotalLT2", ($senderissupplier ? $object->thirdparty->country_code : $mysoc->country_code)).'='.price($line->total_localtax2);
+ if (($seller->country_code == $buyer->thirdparty->country_code) || $line->total_localtax2 || $seller->useLocalTax(2)) {
+ $tooltiponprice .= ' '.$langs->transcountry("TotalLT2", $seller->country_code).'='.price($line->total_localtax2);
} else {
- $tooltiponprice .= ' '.$langs->transcountry("TotalLT2", ($senderissupplier ? $object->thirdparty->country_code : $mysoc->country_code)).'='.$langs->trans("NotUsedForThisCustomer").'';
+ $tooltiponprice .= ' '.$langs->transcountry("TotalLT2", $seller->country_code).'='.$langs->trans($senderissupplier ? "NotUsedForThisSupplier" : "NotUsedForThisCustomer").'';
}
}
}
diff --git a/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php b/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php
index f31a4c2c93e..e3f798dec62 100644
--- a/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php
+++ b/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php
@@ -742,7 +742,7 @@ class InterfaceActionsAuto extends DolibarrTriggers
if (!is_object($member)) { // This should not happen
include_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
$member = new Adherent($this->db);
- $member->fetch($this->fk_adherent);
+ $member->fetch($object->fk_adherent);
}
if (empty($object->actionmsg2)) {
diff --git a/htdocs/cron/list.php b/htdocs/cron/list.php
index ae53242d836..30f195b550b 100644
--- a/htdocs/cron/list.php
+++ b/htdocs/cron/list.php
@@ -448,7 +448,7 @@ print '
';
}
// Status billed
diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php
index 33ec1fede7b..f6aa14865ec 100644
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -2297,7 +2297,7 @@ if ($action == 'create') {
}
}
- $tredited = 'tredited';
+ $tredited = 'tredited'; // Case the addfile and linkto file is used for edit (used by following tpl)
include DOL_DOCUMENT_ROOT.'/expensereport/tpl/expensereport_addfile.tpl.php';
include DOL_DOCUMENT_ROOT.'/expensereport/tpl/expensereport_linktofile.tpl.php';
@@ -2455,6 +2455,7 @@ if ($action == 'create') {
print ''."\n";
print '
';
+ $tredited = ''; // Case the addfile and linkto file is used for edit (used by following tpl)
include DOL_DOCUMENT_ROOT.'/expensereport/tpl/expensereport_linktofile.tpl.php';
include DOL_DOCUMENT_ROOT.'/expensereport/tpl/expensereport_addfile.tpl.php';
@@ -2517,6 +2518,7 @@ if ($action == 'create') {
print '
';
$defaultvat = -1;
if (!empty($conf->global->EXPENSEREPORT_NO_DEFAULT_VAT)) {
+ // If option to have no default VAT on expense report is on, we force MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS
$conf->global->MAIN_VAT_DEFAULT_IF_AUTODETECT_FAILS = 'none';
}
print $form->load_tva('vatrate', (!empty($vatrate) ? $vatrate : $defaultvat), $mysoc, '', 0, 0, '', false, 1);
diff --git a/htdocs/expensereport/tpl/expensereport_linktofile.tpl.php b/htdocs/expensereport/tpl/expensereport_linktofile.tpl.php
index 3835740dd40..fd25a1fff4b 100644
--- a/htdocs/expensereport/tpl/expensereport_linktofile.tpl.php
+++ b/htdocs/expensereport/tpl/expensereport_linktofile.tpl.php
@@ -136,8 +136,18 @@ if (empty($conf->global->EXPENSEREPORT_DISABLE_ATTACHMENT_ON_LINES)) {
print '
';
}
// Action column
diff --git a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
index ba633ec671a..3a9d02c8583 100644
--- a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
+++ b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
@@ -388,3 +388,6 @@ ALTER TABLE llx_user ADD COLUMN birth_place varchar(64);
ALTER TABLE llx_opensurvey_user_studs ADD COLUMN date_creation datetime NULL;
ALTER TABLE llx_opensurvey_comments ADD COLUMN date_creation datetime NULL;
+
+ALTER TABLE llx_c_tva ADD COLUMN use_default tinyint DEFAULT 0;
+
diff --git a/htdocs/install/mysql/tables/llx_c_tva.sql b/htdocs/install/mysql/tables/llx_c_tva.sql
index b9a6cc4e12c..9bc77bb69ea 100644
--- a/htdocs/install/mysql/tables/llx_c_tva.sql
+++ b/htdocs/install/mysql/tables/llx_c_tva.sql
@@ -28,6 +28,7 @@ create table llx_c_tva
localtax1_type varchar(10) NOT NULL DEFAULT '0',
localtax2 varchar(20) NOT NULL DEFAULT '0',
localtax2_type varchar(10) NOT NULL DEFAULT '0',
+ use_default tinyint DEFAULT 0, -- set to 1 to be the default vat when no vat defined on product
recuperableonly integer NOT NULL DEFAULT 0,
note varchar(128),
active tinyint DEFAULT 1 NOT NULL,
diff --git a/htdocs/knowledgemanagement/knowledgerecord_agenda.php b/htdocs/knowledgemanagement/knowledgerecord_agenda.php
index 026e2fad51d..b293a2dbdd7 100644
--- a/htdocs/knowledgemanagement/knowledgerecord_agenda.php
+++ b/htdocs/knowledgemanagement/knowledgerecord_agenda.php
@@ -87,7 +87,8 @@ if ($id > 0 || !empty($ref)) {
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
-//$result = restrictedArea($user, 'knowledgemanagement', $object->id);
+$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, '', 'rowid', $isdraft);
$permissiontoadd = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_addupdatedelete.inc.php
diff --git a/htdocs/knowledgemanagement/knowledgerecord_card.php b/htdocs/knowledgemanagement/knowledgerecord_card.php
index c28bc9e1c9c..908e13852f2 100644
--- a/htdocs/knowledgemanagement/knowledgerecord_card.php
+++ b/htdocs/knowledgemanagement/knowledgerecord_card.php
@@ -85,8 +85,8 @@ $upload_dir = $conf->knowledgemanagement->multidir_output[isset($object->entity)
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
-//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
-//restrictedArea($user, $object->element, $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
+$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, '', 'rowid', $isdraft);
//if (empty($conf->knowledgemanagement->enabled)) accessforbidden();
//if (empty($permissiontoread)) accessforbidden();
diff --git a/htdocs/knowledgemanagement/knowledgerecord_contact.php b/htdocs/knowledgemanagement/knowledgerecord_contact.php
index e1c77ab0d7b..4e557a3e1ae 100644
--- a/htdocs/knowledgemanagement/knowledgerecord_contact.php
+++ b/htdocs/knowledgemanagement/knowledgerecord_contact.php
@@ -53,12 +53,14 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
-//$result = restrictedArea($user, 'knowledgemanagement', $object->id);
+$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, '', 'rowid', $isdraft);
$permission = $user->rights->knowledgemanagement->knowledgerecord->write;
+
/*
- * Add a new contact
+ * Actions
*/
if ($action == 'addcontact' && $permission) {
@@ -108,16 +110,10 @@ $contactstatic = new Contact($db);
$userstatic = new User($db);
-/* *************************************************************************** */
-/* */
-/* View and edit mode */
-/* */
-/* *************************************************************************** */
+// View and edit mode
if ($object->id) {
- /*
- * Show tabs
- */
+ // Show tabs
$head = knowledgerecordPrepareHead($object);
print dol_get_fiche_head($head, 'contact', $langs->trans("KnowledgeRecord"), -1, $object->picto);
diff --git a/htdocs/knowledgemanagement/knowledgerecord_document.php b/htdocs/knowledgemanagement/knowledgerecord_document.php
index fff7ad68601..7430de8a495 100644
--- a/htdocs/knowledgemanagement/knowledgerecord_document.php
+++ b/htdocs/knowledgemanagement/knowledgerecord_document.php
@@ -78,7 +78,8 @@ if ($id > 0 || !empty($ref)) {
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
-//$result = restrictedArea($user, 'knowledgemanagement', $object->id);
+$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, '', 'rowid', $isdraft);
$permissiontoadd = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php
diff --git a/htdocs/knowledgemanagement/knowledgerecord_list.php b/htdocs/knowledgemanagement/knowledgerecord_list.php
index c8df2018ae7..dffd3d63d7b 100644
--- a/htdocs/knowledgemanagement/knowledgerecord_list.php
+++ b/htdocs/knowledgemanagement/knowledgerecord_list.php
@@ -153,7 +153,7 @@ if ($user->socid > 0) { // Protection if external user
//$socid = $user->socid;
accessforbidden();
}
-//$result = restrictedArea($user, 'knowledgemanagement');
+$result = restrictedArea($user, 'knowledgemanagement', 0, '', 'knowledgerecord');
//if (!$permissiontoread) accessforbidden();
diff --git a/htdocs/knowledgemanagement/knowledgerecord_note.php b/htdocs/knowledgemanagement/knowledgerecord_note.php
index 3abc9e71866..28a2bcaa9d0 100644
--- a/htdocs/knowledgemanagement/knowledgerecord_note.php
+++ b/htdocs/knowledgemanagement/knowledgerecord_note.php
@@ -46,11 +46,6 @@ $hookmanager->initHooks(array('knowledgerecordnote', 'globalcard')); // Note tha
// Fetch optionals attributes and labels
$extrafields->fetch_name_optionals_label($object->table_element);
-// Security check - Protection if external user
-//if ($user->socid > 0) accessforbidden();
-//if ($user->socid > 0) $socid = $user->socid;
-//$result = restrictedArea($user, 'knowledgemanagement', $id);
-
// Load object
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
if ($id > 0 || !empty($ref)) {
@@ -60,6 +55,11 @@ if ($id > 0 || !empty($ref)) {
$permissionnote = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_setnotes.inc.php
$permissiontoadd = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_addupdatedelete.inc.php
+// Security check - Protection if external user
+//if ($user->socid > 0) accessforbidden();
+//if ($user->socid > 0) $socid = $user->socid;
+$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, '', 'rowid', $isdraft);
/*
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index b6c780a6be0..538309a6342 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -1250,6 +1250,7 @@ AreaForAdminOnly=Setup parameters can be set by administrator users only.
SystemInfoDesc=System information is miscellaneous technical information you get in read only mode and visible for administrators only.
SystemAreaForAdminOnly=This area is available to administrator users only. Dolibarr user permissions cannot change this restriction.
CompanyFundationDesc=Edit the information of your company/organization. Click on "%s" button at the bottom of the page when done.
+MoreNetworksAvailableWithModule=More social networks may be available by enabling the module "Social networks".
AccountantDesc=If you have an external accountant/bookkeeper, you can edit here its information.
AccountantFileNumber=Accountant code
DisplayDesc=Parameters affecting the look and presentation of the application can be modified here.
diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang
index 2289e0602da..87b4f8f3036 100644
--- a/htdocs/langs/en_US/main.lang
+++ b/htdocs/langs/en_US/main.lang
@@ -206,6 +206,7 @@ Valid=Valid
Approve=Approve
Disapprove=Disapprove
ReOpen=Re-Open
+OpenVerb=Open
Upload=Upload
ToLink=Link
Select=Select
diff --git a/htdocs/langs/en_US/projects.lang b/htdocs/langs/en_US/projects.lang
index 67dfb75a242..2407d4b2d86 100644
--- a/htdocs/langs/en_US/projects.lang
+++ b/htdocs/langs/en_US/projects.lang
@@ -23,6 +23,7 @@ TasksPublicDesc=This view presents all projects and tasks you are allowed to rea
TasksDesc=This view presents all projects and tasks (your user permissions grant you permission to view everything).
AllTaskVisibleButEditIfYouAreAssigned=All tasks for qualified projects are visible, but you can enter time only for task assigned to selected user. Assign task if you need to enter time on it.
OnlyYourTaskAreVisible=Only tasks assigned to you are visible. If you need to enter time on a task and if the task is not visible here, then you need to assign the task to yourself.
+ImportDatasetProjects=Projects or opportunities
ImportDatasetTasks=Tasks of projects
ProjectCategories=Project tags/categories
NewProject=New project
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 62be7c7191e..eed0450e49f 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -89,18 +89,22 @@ function testSqlAndScriptInject($val, $type)
// Decode string first because a lot of things are obfuscated by encoding or multiple encoding.
// So