From 0afd5cc7e3f0777aef99a86a6601a87e585a337d Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Wed, 11 Jun 2025 21:22:37 +0200 Subject: [PATCH 01/21] FIX: social contribution payment: correct error reporting (#34002) * FIX: social contribution payment: correct error reporting * FIX: social contribution payment: correclty handle return of adding payment to bank --- htdocs/compta/paiement_charge.php | 8 ++++---- .../sociales/class/paymentsocialcontribution.class.php | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index 4ae310fe421..178755fada1 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -51,7 +51,7 @@ $charge = new ChargeSociales($db); * Actions */ -if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) { +if ($action == 'add_payment') { $error = 0; if ($cancel) { @@ -89,7 +89,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y } } - if (count($amounts) <= 0) { + if (empty($amounts)) { $error++; setEventMessages($langs->trans("ErrorNoPaymentDefined"), null, 'errors'); $action = 'create'; @@ -119,9 +119,9 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y if (!$error) { $result = $paiement->addPaymentToBank($user, 'payment_sc', '(SocialContributionPayment)', GETPOST('accountid', 'int'), '', ''); - if (!($result > 0)) { + if ($result <= 0) { $error++; - setEventMessages($paiement->error, null, 'errors'); + setEventMessages($paiement->error, $paiement->errors, 'errors'); $action = 'create'; } } diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index a798eee92bb..b6c865f84de 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -579,7 +579,6 @@ class PaymentSocialContribution extends CommonObject $result = $this->update_fk_bank($bank_line_id); if ($result <= 0) { $error++; - dol_print_error($this->db); } // Add link 'payment', 'payment_supplier', 'payment_sc' in bank_url between payment and bank transaction @@ -591,7 +590,7 @@ class PaymentSocialContribution extends CommonObject $result = $acc->add_url_line($bank_line_id, $this->id, $url, '(paiement)', $mode); if ($result <= 0) { $error++; - dol_print_error($this->db); + $this->setErrorsFromObject($acc); } } @@ -603,7 +602,8 @@ class PaymentSocialContribution extends CommonObject $socialcontrib->fetch($key); $result = $acc->add_url_line($bank_line_id, $socialcontrib->id, DOL_URL_ROOT.'/compta/charges.php?id=', $socialcontrib->type_label.(($socialcontrib->lib && $socialcontrib->lib != $socialcontrib->type_label) ? ' ('.$socialcontrib->lib.')' : ''), 'sc'); if ($result <= 0) { - dol_print_error($this->db); + $this->setErrorsFromObject($acc); + $error++; } if ($socialcontrib->fk_user) { @@ -620,14 +620,14 @@ class PaymentSocialContribution extends CommonObject ); if ($result <= 0) { - $this->error = $acc->error; + $this->setErrorsFromObject($acc); $error++; } } } } } else { - $this->error = $acc->error; + $this->setErrorsFromObject($acc); $error++; } } From 878474f1d138b238d252f2d04c833032c4b4ad89 Mon Sep 17 00:00:00 2001 From: lvessiller-opendsi Date: Thu, 12 Jun 2025 12:23:55 +0200 Subject: [PATCH 02/21] FIX element must be visible to set focus on select input when using default values (#34406) --- htdocs/core/lib/functions.lib.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 1ea0b5744b5..4be573045c8 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -9935,7 +9935,9 @@ function printCommonFooter($zone = 'private') print 'jQuery("input[name=\''.$paramkey.'\']").prop(\'required\',true);'."\n"; print 'jQuery("textarea[name=\''.$paramkey.'\']").prop(\'required\',true);'."\n"; print '// required on a select works only if key is "", so we add the required attributes but also we reset the key -1 or 0 to an empty string'."\n"; - print 'jQuery("select[name=\''.$paramkey.'\']").prop(\'required\',true);'."\n"; + print 'if (jQuery("select[name=\''.$paramkey.'\']").is(\':visible\')===true) {'."\n"; + print 'jQuery("select[name=\''.$paramkey.'\']").prop(\'required\',true);'."\n"; // can set focus only if this element is visible + print '}'."\n"; print 'jQuery("select[name=\''.$paramkey.'\'] option[value=\'-1\']").prop(\'value\', \'\');'."\n"; print 'jQuery("select[name=\''.$paramkey.'\'] option[value=\'0\']").prop(\'value\', \'\');'."\n"; From 1497541129a5ba94d553ced13fc4a92aae405a04 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 13 Jun 2025 15:30:30 +0200 Subject: [PATCH 03/21] Fix travis --- .travis.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index a5e26790005..7bf1a512757 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,9 +2,9 @@ # from Dolibarr GitHub repository. # For syntax, see https://docs.travis-ci.com/user/languages/php/ -# We use dist: bionic = 18.04, focal = 20.04 +# We use dist: focal = 20.04, jammy = 22.04 os: linux -dist: focal +dist: jammy language: generic @@ -21,7 +21,7 @@ services: addons: - mariadb: '10.5' + mariadb: '10.6' env: @@ -123,7 +123,8 @@ install: sudo php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer sudo chmod -R a+rwx /usr/local/bin/composer composer -V - composer -n config -g vendor-dir htdocs/includes + sudo composer -n config -g vendor-dir htdocs/includes + sudo chmod -R a+rwx /home/travis/.config/composer echo - | @@ -193,8 +194,8 @@ before_script: phpcs -i | head - # Check PHP Vardump check version echo "PHP Vardump check version" - which var_dump_check - var_dump_check --version + which var-dump-check + var-dump-check --version # Check PHPUnit version echo "PHPUnit version" which phpunit From c9f743983aa7e3d7e7708600d0f9da8d0d735362 Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Fri, 13 Jun 2025 17:11:40 +0200 Subject: [PATCH 04/21] FIX: accountancy expensereport journal: php 8.1 warning (#34457) --- htdocs/accountancy/journal/expensereportsjournal.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/accountancy/journal/expensereportsjournal.php b/htdocs/accountancy/journal/expensereportsjournal.php index 9b69c837113..09e1182bad5 100644 --- a/htdocs/accountancy/journal/expensereportsjournal.php +++ b/htdocs/accountancy/journal/expensereportsjournal.php @@ -238,7 +238,7 @@ if ($action == 'writebookkeeping' && !$error) { $db->begin(); // Error if some lines are not binded/ready to be journalized - if ($errorforinvoice[$key] == 'somelinesarenotbound') { + if (!empty($errorforinvoice[$key]) && $errorforinvoice[$key] == 'somelinesarenotbound') { $error++; $errorforline++; setEventMessages($langs->trans('ErrorInvoiceContainsLinesNotYetBounded', $val['ref']), null, 'errors'); From 9c45f42e4f2b6455409ae72e275363a7586418a9 Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Fri, 13 Jun 2025 17:25:33 +0200 Subject: [PATCH 05/21] FIX: product translation: redirect after successful action (#34403) Co-authored-by: Laurent Destailleur --- htdocs/product/traduction.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/htdocs/product/traduction.php b/htdocs/product/traduction.php index 8fc7c415692..b8a4e597b64 100644 --- a/htdocs/product/traduction.php +++ b/htdocs/product/traduction.php @@ -88,7 +88,8 @@ if (empty($reshook)) { $object->fetch($id); $object->delMultiLangs(GETPOST('langtodelete', 'alpha'), $user); setEventMessages($langs->trans("RecordDeleted"), null, 'mesgs'); - $action = ''; + header('Location:'.$_SERVER['PHP_SELF'].'?id='.$id); + exit; } // Add translation @@ -119,7 +120,8 @@ if (empty($reshook)) { } if ($result > 0) { - $action = ''; + header('Location:'.$_SERVER['PHP_SELF'].'?id='.$id); + exit; } else { $action = 'add'; setEventMessages($object->error, $object->errors, 'errors'); @@ -148,7 +150,8 @@ if (empty($reshook)) { $result = $object->setMultiLangs($user); if ($result > 0) { - $action = ''; + header('Location:'.$_SERVER['PHP_SELF'].'?id='.$id); + exit; } else { $action = 'edit'; setEventMessages($object->error, $object->errors, 'errors'); @@ -163,7 +166,8 @@ if (empty($reshook)) { $result = $object->delMultiLangs($langtodelete, $user); if ($result > 0) { - $action = ''; + header('Location:'.$_SERVER['PHP_SELF'].'?id='.$id); + exit; } else { $action = 'edit'; setEventMessages($object->error, $object->errors, 'errors'); From 4bd11f64d72043c765543486b930420764b5ecde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20Fali=C3=A8re?= <121813548+BenjaminFlr@users.noreply.github.com> Date: Fri, 13 Jun 2025 23:45:18 +0200 Subject: [PATCH 06/21] FIX (#34448) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Benjamin Falière Co-authored-by: Laurent Destailleur --- htdocs/projet/card.php | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 70760678b9e..e9766217995 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -1,7 +1,8 @@ - * Copyright (C) 2004-2016 Laurent Destailleur - * Copyright (C) 2005-2012 Regis Houssin +/* Copyright (C) 2001-2005 Rodolphe Quiedeville + * Copyright (C) 2004-2016 Laurent Destailleur + * Copyright (C) 2005-2012 Regis Houssin + * Copyright (C) 2025 Benjamin Falière * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -1570,13 +1571,17 @@ if ($action == 'create' && $user->rights->projet->creer) { // Buttons Create if (empty($conf->global->PROJECT_HIDE_CREATE_OBJECT_BUTTON)) { + // We check the type of thirdparty + $is_customer_or_prospect = (!empty($object->thirdparty->prospect) || !empty($object->thirdparty->client)); + $is_supplier_only= (!empty($object->thirdparty->fournisseur) && $is_customer_or_prospect == false); + $arrayforbutaction = array( - 10 => array('lang'=>'propal', 'enabled'=>isModEnabled("propal"), 'perm'=>$user->hasRight('propal', 'creer'), 'label' => 'AddProp', 'url'=>'/comm/propal/card.php?action=create&projectid='.$object->id.'&socid='.$object->socid), - 20 => array('lang'=>'orders', 'enabled'=>isModEnabled("commande"), 'perm'=>$user->hasRight('commande', 'creer'), 'label' => 'CreateOrder', 'url'=>'/commande/card.php?action=create&projectid='.$object->id.'&socid='.$object->socid), - 30 => array('lang'=>'bills', 'enabled'=>isModEnabled("facture"), 'perm'=>$user->hasRight('facture', 'creer'), 'label' => 'CreateBill', 'url'=>'/compta/facture/card.php?action=create&projectid='.$object->id.'&socid='.$object->socid), - 40 => array('lang'=>'supplier_proposal', 'enabled'=>isModEnabled("supplier_proposal"), 'perm'=>$user->hasRight('supplier_proposal', 'creer'), 'label' => 'AddSupplierProposal', 'url'=>'/supplier_proposal/card.php?action=create&projectid='.$object->id.'&socid='.$object->socid), - 50 => array('lang'=>'suppliers', 'enabled'=>isModEnabled("supplier_order"), 'perm'=>$user->hasRight('fournisseur', 'commande', 'creer'), 'label' => 'AddSupplierOrder', 'url'=>'/fourn/commande/card.php?action=create&projectid='.$object->id.'&socid='.$object->socid), - 60 => array('lang'=>'suppliers', 'enabled'=>isModEnabled("supplier_invoice"), 'perm'=>$user->hasRight('fournisseur', 'facture', 'creer'), 'label' => 'AddSupplierInvoice', 'url'=>'/fourn/facture/card.php?action=create&projectid='.$object->id.'&socid='.$object->socid), + 10 => array('lang'=>'propal', 'enabled'=>(isModEnabled("propal") && $is_customer_or_prospect == true), 'perm'=>$user->hasRight('propal', 'creer'), 'label' => 'AddProp', 'url'=>'/comm/propal/card.php?action=create&projectid='.$object->id.'&socid='.$object->socid), + 20 => array('lang'=>'orders', 'enabled'=>(isModEnabled("commande") && $is_customer_or_prospect == true), 'perm'=>$user->hasRight('commande', 'creer'), 'label' => 'CreateOrder', 'url'=>'/commande/card.php?action=create&projectid='.$object->id.'&socid='.$object->socid), + 30 => array('lang'=>'bills', 'enabled'=>(isModEnabled("facture") && $is_customer_or_prospect == true), 'perm'=>$user->hasRight('facture', 'creer'), 'label' => 'CreateBill', 'url'=>'/compta/facture/card.php?action=create&projectid='.$object->id.'&socid='.$object->socid), + 40 => array('lang'=>'supplier_proposal', 'enabled'=>isModEnabled("supplier_proposal"), 'perm'=>$user->hasRight('supplier_proposal', 'creer'), 'label' => 'AddSupplierProposal', 'url'=>'/supplier_proposal/card.php?action=create&projectid='.$object->id.($is_supplier_only == true ? '&socid='.$object->socid : '')), + 50 => array('lang'=>'suppliers', 'enabled'=>isModEnabled("supplier_order"), 'perm'=>$user->hasRight('fournisseur', 'commande', 'creer'), 'label' => 'AddSupplierOrder', 'url'=>'/fourn/commande/card.php?action=create&projectid='.$object->id.($is_supplier_only == true ? '&socid='.$object->socid : '')), + 60 => array('lang'=>'suppliers', 'enabled'=>isModEnabled("supplier_invoice"), 'perm'=>$user->hasRight('fournisseur', 'facture', 'creer'), 'label' => 'AddSupplierInvoice', 'url'=>'/fourn/facture/card.php?action=create&projectid='.$object->id.($is_supplier_only == true ? '&socid='.$object->socid : '')), 70 => array('lang'=>'interventions', 'enabled'=>isModEnabled("ficheinter"), 'perm'=>$user->hasRight('fichinter', 'creer'), 'label' => 'AddIntervention', 'url'=>'/fichinter/card.php?action=create&projectid='.$object->id.'&socid='.$object->socid), 80 => array('lang'=>'contracts', 'enabled'=>isModEnabled("contrat"), 'perm'=>$user->hasRight('contrat', 'creer'), 'label' => 'AddContract', 'url'=>'/contrat/card.php?action=create&projectid='.$object->id.'&socid='.$object->socid), 90 => array('lang'=>'trips', 'enabled'=>isModEnabled("expensereport"), 'perm'=>$user->hasRight('expensereport', 'creer'), 'label' => 'AddTrip', 'url'=>'/expensereport/card.php?action=create&projectid='.$object->id.'&socid='.$object->socid), From cada04442ba5a2cc3a7c6c9f6e964dd08818a8ab Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Fri, 13 Jun 2025 23:49:11 +0200 Subject: [PATCH 07/21] FIX: manufacturing orders: php 8.1 warnings on agenda tab (#34475) --- htdocs/mrp/mo_agenda.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/htdocs/mrp/mo_agenda.php b/htdocs/mrp/mo_agenda.php index 3e31bf3f6fa..8ee4c7fce08 100644 --- a/htdocs/mrp/mo_agenda.php +++ b/htdocs/mrp/mo_agenda.php @@ -44,6 +44,12 @@ $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); +// Protection +$socid = 0; +if ($user->socid > 0) { + $socid = $user->socid; +} + if (GETPOST('actioncode', 'array')) { $actioncode = GETPOST('actioncode', 'array', 3); if (!count($actioncode)) { @@ -84,7 +90,7 @@ $extrafields->fetch_name_optionals_label($object->table_element); // Load object include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals if ($id > 0 || !empty($ref)) { - $upload_dir = $conf->mrp->multidir_output[$object->entity]."/".$object->id; + $upload_dir = (empty($conf->mrp->multidir_output[$object->entity]) ? $conf->mrp->dir_output : $conf->mrp->multidir_output[$object->entity])."/".$object->id; } // Security check - Protection if external user @@ -229,7 +235,10 @@ if ($object->id > 0) { print ''; if (isModEnabled('agenda') && ($user->hasRight('agenda', 'myactions', 'read') || $user->hasRight('agenda', 'allactions', 'read'))) { - $param = '&id='.$object->id.'&socid='.$socid; + $param = '&id='.$object->id; + if (!empty($socid)) { + $param .= '&socid='.$socid; + } if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) { $param .= '&contextpage='.urlencode($contextpage); } From c77c4efcb8415e11a95a27a8344a06bff1eb9da8 Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Fri, 13 Jun 2025 23:57:37 +0200 Subject: [PATCH 08/21] FIX: accountancy lettering: php8.1 warning (#34469) --- htdocs/accountancy/class/lettering.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/accountancy/class/lettering.class.php b/htdocs/accountancy/class/lettering.class.php index 0c22e2041a0..f6cc9613f84 100644 --- a/htdocs/accountancy/class/lettering.class.php +++ b/htdocs/accountancy/class/lettering.class.php @@ -574,7 +574,7 @@ class Lettering extends BookKeeping $grouped_lines = array(); foreach (self::$doc_type_infos as $doc_type => $doc_type_info) { - if (!is_array($bookkeeping_lines_by_type[$doc_type])) { + if (empty($bookkeeping_lines_by_type[$doc_type]) || !is_array($bookkeeping_lines_by_type[$doc_type])) { continue; } From bc18656fd5ddd132e4d3ecf58b8f2ee10b0f0e86 Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Sat, 14 Jun 2025 00:27:36 +0200 Subject: [PATCH 09/21] FIX: files lib: multiple php 8.1 warnings (#34462) --- htdocs/core/lib/files.lib.php | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index ba7a1e82968..ec42b934925 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2639,7 +2639,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $original_file = $dolibarr_main_data_root.'/doctemplates/'.$original_file; } elseif ($modulepart == 'doctemplateswebsite' && !empty($dolibarr_main_data_root)) { // Wrapping for doctemplates of websites - $accessallowed = ($fuser->rights->website->write && preg_match('/\.jpg$/i', basename($original_file))); + $accessallowed = ($fuser->hasRight('website', 'write') && preg_match('/\.jpg$/i', basename($original_file))); $original_file = $dolibarr_main_data_root.'/doctemplates/websites/'.$original_file; } elseif ($modulepart == 'packages' && !empty($dolibarr_main_data_root)) { // Wrapping for *.zip package files, like when used with url http://.../document.php?modulepart=packages&file=module_myfile.zip @@ -2744,10 +2744,10 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, } $original_file = $conf->fournisseur->facture->dir_output.'/'.$original_file; } elseif (($modulepart == 'holiday') && !empty($conf->holiday->dir_output)) { - if ($fuser->hasRight('holiday', $read) || !empty($fuser->rights->holiday->readall) || preg_match('/^specimen/i', $original_file)) { + if ($fuser->hasRight('holiday', $read) || $fuser->hasRight('holiday', 'readall') || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; // If we known $id of holiday, call checkUserAccessToObject to check permission on properties and hierarchy of leave request - if ($refname && empty($fuser->rights->holiday->readall) && !preg_match('/^specimen/i', $original_file)) { + if ($refname && !$fuser->hasRight('holiday', 'readall') && !preg_match('/^specimen/i', $original_file)) { include_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php'; $tmpholiday = new Holiday($db); $tmpholiday->fetch('', $refname); @@ -2756,10 +2756,10 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, } $original_file = $conf->holiday->dir_output.'/'.$original_file; } elseif (($modulepart == 'expensereport') && !empty($conf->expensereport->dir_output)) { - if ($fuser->hasRight('expensereport', $lire) || !empty($fuser->rights->expensereport->readall) || preg_match('/^specimen/i', $original_file)) { + if ($fuser->hasRight('expensereport', $lire) || $fuser->hasRight('expensereport', 'readall') || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; // If we known $id of expensereport, call checkUserAccessToObject to check permission on properties and hierarchy of expense report - if ($refname && empty($fuser->rights->expensereport->readall) && !preg_match('/^specimen/i', $original_file)) { + if ($refname && !$fuser->hasRights('expensereport', 'readall') && !preg_match('/^specimen/i', $original_file)) { include_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; $tmpexpensereport = new ExpenseReport($db); $tmpexpensereport->fetch('', $refname); @@ -2859,7 +2859,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $original_file = $conf->categorie->multidir_output[$entity].'/'.$original_file; } elseif ($modulepart == 'prelevement' && !empty($conf->prelevement->dir_output)) { // Wrapping pour les prelevements - if ($fuser->rights->prelevement->bons->{$lire} || preg_match('/^specimen/i', $original_file)) { + if ($fuser->hasRight('prelevement', 'bons', $lire) || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; } $original_file = $conf->prelevement->dir_output.'/'.$original_file; @@ -2895,7 +2895,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $original_file = $conf->fckeditor->dir_output.'/'.$original_file; } elseif ($modulepart == 'user' && !empty($conf->user->dir_output)) { // Wrapping for users - $canreaduser = (!empty($fuser->admin) || $fuser->rights->user->user->{$lire}); + $canreaduser = (!empty($fuser->admin) || $fuser->hasRight('user', 'user', $lire)); if ($fuser->id == (int) $refname) { $canreaduser = 1; } // A user can always read its own card @@ -2908,7 +2908,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, if (empty($entity) || empty($conf->societe->multidir_output[$entity])) { return array('accessallowed'=>0, 'error'=>'Value entity must be provided'); } - if ($fuser->rights->societe->{$lire} || preg_match('/^specimen/i', $original_file)) { + if ($fuser->hasRight('societe', $lire) || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; } $original_file = $conf->societe->multidir_output[$entity].'/'.$original_file; @@ -3003,7 +3003,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."propal WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('propal').")"; } elseif (($modulepart == 'commande' || $modulepart == 'order') && !empty($conf->commande->multidir_output[$entity])) { // Wrapping pour les commandes - if ($fuser->rights->commande->{$lire} || preg_match('/^specimen/i', $original_file)) { + if ($fuser->hasRights('commande', $lire) || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; } $original_file = $conf->commande->multidir_output[$entity].'/'.$original_file; @@ -3037,21 +3037,21 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")"; } elseif (($modulepart == 'commande_fournisseur' || $modulepart == 'order_supplier') && !empty($conf->fournisseur->commande->dir_output)) { // Wrapping pour les commandes fournisseurs - if ($fuser->rights->fournisseur->commande->{$lire} || preg_match('/^specimen/i', $original_file)) { + if ($fuser->hasRight('fournisseur', 'commande', $lire) || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; } $original_file = $conf->fournisseur->commande->dir_output.'/'.$original_file; $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; } elseif (($modulepart == 'facture_fournisseur' || $modulepart == 'invoice_supplier') && !empty($conf->fournisseur->facture->dir_output)) { // Wrapping pour les factures fournisseurs - if ($fuser->rights->fournisseur->facture->{$lire} || preg_match('/^specimen/i', $original_file)) { + if ($fuser->hasRight('fournisseur', 'facture', $lire) || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; } $original_file = $conf->fournisseur->facture->dir_output.'/'.$original_file; $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture_fourn WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; } elseif ($modulepart == 'supplier_payment') { // Wrapping pour les rapport de paiements - if ($fuser->rights->fournisseur->facture->{$lire} || preg_match('/^specimen/i', $original_file)) { + if ($fuser->hasRight('fournisseur', 'facture', $lire) || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; } $original_file = $conf->fournisseur->payment->dir_output.'/'.$original_file; @@ -3068,7 +3068,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, } } elseif ($modulepart == 'export_compta' && !empty($conf->accounting->dir_output)) { // Wrapping for accounting exports - if ($fuser->rights->accounting->bind->write || preg_match('/^specimen/i', $original_file)) { + if ($fuser->hasRight('accounting', 'bind', 'write') || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; } $original_file = $conf->accounting->dir_output.'/'.$original_file; @@ -3134,7 +3134,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, } } elseif ($modulepart == 'contract' && !empty($conf->contrat->multidir_output[$entity])) { // Wrapping pour les contrats - if ($fuser->rights->contrat->{$lire} || preg_match('/^specimen/i', $original_file)) { + if ($fuser->hasRight('contrat', $lire) || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; } $original_file = $conf->contrat->multidir_output[$entity].'/'.$original_file; @@ -3167,11 +3167,11 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, } elseif ($modulepart == 'export' && !empty($conf->export->dir_temp)) { // Wrapping for export module // Note that a test may not be required because we force the dir of download on the directory of the user that export - $accessallowed = $user->rights->export->lire; + $accessallowed = $user->hasRight('export', 'lire'); $original_file = $conf->export->dir_temp.'/'.$fuser->id.'/'.$original_file; } elseif ($modulepart == 'import' && !empty($conf->import->dir_temp)) { // Wrapping for import module - $accessallowed = $user->rights->import->run; + $accessallowed = $user->hasRight('import', 'run'); $original_file = $conf->import->dir_temp.'/'.$original_file; } elseif ($modulepart == 'recruitment' && !empty($conf->recruitment->dir_output)) { // Wrapping for recruitment module @@ -3281,7 +3281,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, exit; } - // Check fuser->rights->modulepart->myobject->read and fuser->rights->modulepart->read + // Check fuser->hasRight('modulepart', 'myobject', 'read') and fuser->hasRight('modulepart', 'read') $partsofdirinoriginalfile = explode('/', $original_file); if (!empty($partsofdirinoriginalfile[1])) { // If original_file is xxx/filename (xxx is a part we will use) $partofdirinoriginalfile = $partsofdirinoriginalfile[0]; From 1c52426b906176eafc335736dd82d8c818ccaf02 Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Sat, 14 Jun 2025 02:09:01 +0200 Subject: [PATCH 10/21] FIX: expensereport: php warning when generating pdf with multilangs (#34492) --- htdocs/expensereport/card.php | 40 ++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index c02a83497c0..2776b1e6aa6 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -392,7 +392,9 @@ if (empty($reshook)) { $newlang = GETPOST('lang_id', 'aZ09'); } if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang)) { - $newlang = $object->thirdparty->default_lang; + $user = new User($db); + $user->fetch($object->fk_user_author); + $newlang = $user->lang; } if (!empty($newlang)) { $outputlangs = new Translate("", $conf); @@ -507,7 +509,9 @@ if (empty($reshook)) { $newlang = GETPOST('lang_id', 'aZ09'); } if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang)) { - $newlang = $object->thirdparty->default_lang; + $user = new User($db); + $user->fetch($object->fk_user_author); + $newlang = $user->lang; } if (!empty($newlang)) { $outputlangs = new Translate("", $conf); @@ -616,7 +620,9 @@ if (empty($reshook)) { $newlang = GETPOST('lang_id', 'aZ09'); } if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang)) { - $newlang = $object->thirdparty->default_lang; + $user = new User($db); + $user->fetch($object->fk_user_author); + $newlang = $user->lang; } if (!empty($newlang)) { $outputlangs = new Translate("", $conf); @@ -730,7 +736,9 @@ if (empty($reshook)) { $newlang = GETPOST('lang_id', 'aZ09'); } if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang)) { - $newlang = $object->thirdparty->default_lang; + $user = new User($db); + $user->fetch($object->fk_user_author); + $newlang = $user->lang; } if (!empty($newlang)) { $outputlangs = new Translate("", $conf); @@ -844,7 +852,9 @@ if (empty($reshook)) { $newlang = GETPOST('lang_id', 'aZ09'); } if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang)) { - $newlang = $object->thirdparty->default_lang; + $user = new User($db); + $user->fetch($object->fk_user_author); + $newlang = $user->lang; } if (!empty($newlang)) { $outputlangs = new Translate("", $conf); @@ -956,7 +966,9 @@ if (empty($reshook)) { $newlang = GETPOST('lang_id', 'aZ09'); } if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang)) { - $newlang = $object->thirdparty->default_lang; + $user = new User($db); + $user->fetch($object->fk_user_author); + $newlang = $user->lang; } if (!empty($newlang)) { $outputlangs = new Translate("", $conf); @@ -995,7 +1007,9 @@ if (empty($reshook)) { $newlang = GETPOST('lang_id', 'aZ09'); } if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang)) { - $newlang = $object->thirdparty->default_lang; + $user = new User($db); + $user->fetch($object->fk_user_author); + $newlang = $user->lang; } if (!empty($newlang)) { $outputlangs = new Translate("", $conf); @@ -1024,7 +1038,9 @@ if (empty($reshook)) { $newlang = GETPOST('lang_id', 'aZ09'); } if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang)) { - $newlang = $object->thirdparty->default_lang; + $user = new User($db); + $user->fetch($object->fk_user_author); + $newlang = $user->lang; } if (!empty($newlang)) { $outputlangs = new Translate("", $conf); @@ -1250,7 +1266,9 @@ if (empty($reshook)) { $newlang = GETPOST('lang_id', 'aZ09'); } if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang)) { - $newlang = $object->thirdparty->default_lang; + $user = new User($db); + $user->fetch($object->fk_user_author); + $newlang = $user->lang; } if (!empty($newlang)) { $outputlangs = new Translate("", $conf); @@ -1342,7 +1360,9 @@ if (empty($reshook)) { $newlang = GETPOST('lang_id', 'aZ09'); } if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang)) { - $newlang = $object->thirdparty->default_lang; + $user = new User($db); + $user->fetch($object->fk_user_author); + $newlang = $user->lang; } if (!empty($newlang)) { $outputlangs = new Translate("", $conf); From 1bd6757e62e5bfb670a403c91c3a47b217aff9df Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 14 Jun 2025 02:15:10 +0200 Subject: [PATCH 11/21] Fix CI --- htdocs/core/lib/files.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index ec42b934925..ce7f57954d5 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2759,7 +2759,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, if ($fuser->hasRight('expensereport', $lire) || $fuser->hasRight('expensereport', 'readall') || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; // If we known $id of expensereport, call checkUserAccessToObject to check permission on properties and hierarchy of expense report - if ($refname && !$fuser->hasRights('expensereport', 'readall') && !preg_match('/^specimen/i', $original_file)) { + if ($refname && !$fuser->hasRight('expensereport', 'readall') && !preg_match('/^specimen/i', $original_file)) { include_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; $tmpexpensereport = new ExpenseReport($db); $tmpexpensereport->fetch('', $refname); @@ -3003,7 +3003,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."propal WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('propal').")"; } elseif (($modulepart == 'commande' || $modulepart == 'order') && !empty($conf->commande->multidir_output[$entity])) { // Wrapping pour les commandes - if ($fuser->hasRights('commande', $lire) || preg_match('/^specimen/i', $original_file)) { + if ($fuser->hasRight('commande', $lire) || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; } $original_file = $conf->commande->multidir_output[$entity].'/'.$original_file; From 467c7725049338386a5656faa714d3b81e4dab2f Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Sat, 14 Jun 2025 11:58:25 +0200 Subject: [PATCH 12/21] FIX: common fields: php warning with select input field (#34495) --- htdocs/core/class/commonobject.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 085b77dd532..dac65f7e558 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7044,7 +7044,7 @@ abstract class CommonObject } $out .= '