';
-print '
';
+print '
';
print $langs->trans("DescADHERENT_ETIQUETTE_TYPE").' ';
print '
';
// List of possible labels (defined into $_Avery_Labels variable set into core/lib/format_cards.lib.php)
@@ -302,7 +302,7 @@ print '
';
// Number of stickers to print
print '
';
-print '
';
+print '
';
print $langs->trans("NumberOfStickers").' ';
print '
';
print '
';
diff --git a/htdocs/bom/bom_agenda.php b/htdocs/bom/bom_agenda.php
index 2cf66d9c3f5..6a86f1c2258 100644
--- a/htdocs/bom/bom_agenda.php
+++ b/htdocs/bom/bom_agenda.php
@@ -51,11 +51,6 @@ if (GETPOST('actioncode', 'array')) {
}
$search_agenda_label = GETPOST('search_agenda_label');
-// Security check - Protection if external user
-//if ($user->socid > 0) accessforbidden();
-//if ($user->socid > 0) $socid = $user->socid;
-//$result = restrictedArea($user, 'bom', $id);
-
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
@@ -87,6 +82,11 @@ if ($id > 0 || !empty($ref)) {
$upload_dir = $conf->bom->multidir_output[$object->entity]."/".$object->id;
}
+// Security check - Protection if external user
+//if ($user->socid > 0) accessforbidden();
+//if ($user->socid > 0) $socid = $user->socid;
+$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
/*
diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php
index 5547c21faab..fa2ef014d17 100644
--- a/htdocs/bom/bom_card.php
+++ b/htdocs/bom/bom_card.php
@@ -75,8 +75,8 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
-//$isdraft = (($object->statut == $object::STATUS_DRAFT) ? 1 : 0);
-//$result = restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
+$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+$result = restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
$permissionnote = $user->rights->bom->write; // Used by the include of actions_setnotes.inc.php
$permissiondellink = $user->rights->bom->write; // Used by the include of actions_dellink.inc.php
@@ -656,11 +656,11 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
{
if ($object->status == 1)
{
- print '
'.$langs->trans("Disable").' '."\n";
+ print '
'.$langs->trans("Disable").' '."\n";
}
else
{
- print '
'.$langs->trans("Enable").' '."\n";
+ print '
'.$langs->trans("Enable").' '."\n";
}
}
*/
diff --git a/htdocs/bom/bom_document.php b/htdocs/bom/bom_document.php
index 92babe87003..520dd8bb9d7 100644
--- a/htdocs/bom/bom_document.php
+++ b/htdocs/bom/bom_document.php
@@ -79,6 +79,12 @@ if ($id > 0 || !empty($ref)) {
$upload_dir = $conf->bom->multidir_output[$object->entity ? $object->entity : 1]."/bom/".get_exdir(0, 0, 0, 1, $object);
}
+// Security check - Protection if external user
+//if ($user->socid > 0) accessforbidden();
+//if ($user->socid > 0) $socid = $user->socid;
+$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
+
/*
* Actions
diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php
index eb1852699c0..62fb6002760 100644
--- a/htdocs/bom/bom_list.php
+++ b/htdocs/bom/bom_list.php
@@ -76,18 +76,6 @@ if (!$sortorder) {
$sortorder = "ASC";
}
-// Security check
-if (empty($conf->bom->enabled)) {
- accessforbidden('Module not enabled');
-}
-$socid = 0;
-if ($user->socid > 0) {
- // Protection if external user
- //$socid = $user->socid;
- accessforbidden();
-}
-//$result = restrictedArea($user, 'bom', $id, '');
-
// Initialize array of search criterias
$search_all = GETPOST("search_all", 'alpha');
$search = array();
@@ -133,6 +121,13 @@ $permissiontoread = $user->rights->bom->read;
$permissiontoadd = $user->rights->bom->write;
$permissiontodelete = $user->rights->bom->delete;
+// Security check
+if ($user->socid > 0) {
+ // Protection if external user
+ accessforbidden();
+}
+$result = restrictedArea($user, 'bom');
+
/*
* Actions
diff --git a/htdocs/bom/bom_note.php b/htdocs/bom/bom_note.php
index cd288a3be3c..244bcfd7a49 100644
--- a/htdocs/bom/bom_note.php
+++ b/htdocs/bom/bom_note.php
@@ -57,9 +57,13 @@ if ($id > 0 || !empty($ref)) {
$upload_dir = $conf->bom->multidir_output[$object->entity]."/".$object->id;
}
-$permissionnote = 1;
-//$permissionnote=$user->rights->bom->creer; // Used by the include of actions_setnotes.inc.php
+$permissionnote = $user->rights->bom->write; // Used by the include of actions_setnotes.inc.php
+// Security check - Protection if external user
+//if ($user->socid > 0) accessforbidden();
+//if ($user->socid > 0) $socid = $user->socid;
+$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
/*
diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php
index e18891f3c60..3cb6de90a8d 100644
--- a/htdocs/comm/propal/stats/index.php
+++ b/htdocs/comm/propal/stats/index.php
@@ -81,7 +81,7 @@ $langs->loadLangs(array('propal', 'other', 'companies'));
if ($mode == 'customer') {
$picto = 'propal';
$title = $langs->trans("ProposalsStatistics");
- $dir = $conf->propale->dir_temp;
+ $dir = $conf->propal->dir_temp;
$cat_type = Categorie::TYPE_CUSTOMER;
$cat_label = $langs->trans("Category").' '.lcfirst($langs->trans("Customer"));
}
diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php
index 596abdf0e97..fed0e025f4c 100644
--- a/htdocs/compta/accounting-files.php
+++ b/htdocs/compta/accounting-files.php
@@ -34,6 +34,7 @@ if ((array_key_exists('action', $_GET) && $_GET['action'] == 'dl') || (array_key
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php';
require_once DOL_DOCUMENT_ROOT.'/salaries/class/paymentsalary.class.php';
@@ -56,13 +57,12 @@ $date_start = GETPOST('date_start', 'alpha');
$date_startDay = GETPOST('date_startday', 'int');
$date_startMonth = GETPOST('date_startmonth', 'int');
$date_startYear = GETPOST('date_startyear', 'int');
-$date_start = ($date_startDay) ?dol_mktime(0, 0, 0, $date_startMonth, $date_startDay, $date_startYear) : strtotime($date_start);
+$date_start = ($date_startDay ? dol_mktime(0, 0, 0, $date_startMonth, $date_startDay, $date_startYear, 'tzuserrel') : dol_stringtotime($date_start));
$date_stop = GETPOST('date_stop', 'alpha');
$date_stopDay = GETPOST('date_stopday', 'int');
$date_stopMonth = GETPOST('date_stopmonth', 'int');
$date_stopYear = GETPOST('date_stopyear', 'int');
-//FIXME doldate
-$date_stop = ($date_stopDay) ?dol_mktime(23, 59, 59, $date_stopMonth, $date_stopDay, $date_stopYear) : strtotime($date_stop);
+$date_stop = ($date_stopDay ? dol_mktime(23, 59, 59, $date_stopMonth, $date_stopDay, $date_stopYear, 'tzuserrel') : dol_stringtotime($date_stop));
$action = GETPOST('action', 'aZ09');
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
@@ -126,6 +126,17 @@ if (empty($entity)) {
$error = 0;
+$listofchoices = array(
+ 'selectinvoices'=>array('label'=>'Invoices', 'lang'=>'bills', 'enabled' => !empty($conf->facture->enabled), 'perms' => !empty($user->rights->facture->lire)),
+ 'selectsupplierinvoices'=>array('label'=>'BillsSuppliers', 'lang'=>'bills', 'enabled' => !empty($conf->supplier_invoice->enabled), 'perms' => !empty($user->rights->fournisseur->facture->lire)),
+ 'selectexpensereports'=>array('label'=>'ExpenseReports', 'lang'=>'trips', 'enabled' => !empty($conf->expensereport->enabled), 'perms' => !empty($user->rights->expensereport->lire)),
+ 'selectdonations'=>array('label'=>'Donations', 'lang'=>'donation', 'enabled' => !empty($conf->don->enabled), 'perms' => !empty($user->rights->don->lire)),
+ 'selectsocialcontributions'=>array('label'=>'SocialContributions', 'enabled' => !empty($conf->tax->enabled), 'perms' => !empty($user->rights->tax->charges->lire)),
+ 'selectpaymentsofsalaries'=>array('label'=>'SalariesPayments', 'lang'=>'salaries', 'enabled' => !empty($conf->salaries->enabled), 'perms' => !empty($user->rights->salaries->read)),
+ 'selectvariouspayment'=>array('label'=>'VariousPayment', 'enabled' => !empty($conf->banque->enabled), 'perms' => !empty($user->rights->banque->lire)),
+ 'selectloanspayment'=>array('label'=>'PaymentLoan', 'enabled' => !empty($conf->loan->enabled), 'perms' => !empty($user->rights->loan->read)),
+);
+
/*
@@ -155,7 +166,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$wheretail = " '".$db->idate($date_start)."' AND '".$db->idate($date_stop)."'";
// Customer invoices
- if (GETPOST('selectinvoices')) {
+ if (GETPOST('selectinvoices') && !empty($listofchoices['selectinvoices']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@@ -166,7 +177,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " AND t.fk_statut <> ".Facture::STATUS_DRAFT;
}
// Vendor invoices
- if (GETPOST('selectsupplierinvoices')) {
+ if (GETPOST('selectsupplierinvoices') && !empty($listofchoices['selectsupplierinvoices']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@@ -177,7 +188,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " AND t.fk_statut <> ".FactureFournisseur::STATUS_DRAFT;
}
// Expense reports
- if (GETPOST('selectexpensereports')) {
+ if (GETPOST('selectexpensereports') && !empty($listofchoices['selectexpensereports']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@@ -188,7 +199,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " AND t.fk_statut <> ".ExpenseReport::STATUS_DRAFT;
}
// Donations
- if (GETPOST('selectdonations')) {
+ if (GETPOST('selectdonations') && !empty($listofchoices['selectdonations']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@@ -199,7 +210,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " AND t.fk_statut <> ".Don::STATUS_DRAFT;
}
// Payments of salaries
- if (GETPOST('selectpaymentsofsalaries')) {
+ if (GETPOST('selectpaymentsofsalaries') && !empty($listofchoices['selectpaymentsofsalaries']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@@ -210,7 +221,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
//$sql.=" AND fk_statut <> ".PaymentSalary::STATUS_DRAFT;
}
// Social contributions
- if (GETPOST('selectsocialcontributions')) {
+ if (GETPOST('selectsocialcontributions') && !empty($listofchoices['selectsocialcontributions']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@@ -221,7 +232,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
//$sql.=" AND fk_statut <> ".ChargeSociales::STATUS_DRAFT;
}
// Various payments
- if (GETPOST('selectvariouspayment')) {
+ if (GETPOST('selectvariouspayment') && !empty($listofchoices['selectvariouspayment']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@@ -231,7 +242,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
}
// Loan payments
- if (GETPOST('selectloanspayment')) {
+ if (GETPOST('selectloanspayment') && !empty($listofchoices['selectloanspayment']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@@ -539,8 +550,11 @@ print '
';
print '
'.$langs->trans("ExportAccountingSourceDocHelp", $langs->transnoentitiesnoconv("Accounting"), $langs->transnoentitiesnoconv("Journals")).' ';
print '
';
-print $langs->trans("ReportPeriod").': '.$form->selectDate($date_start, 'date_start', 0, 0, 0, "", 1, 1, 0);
-print ' - '.$form->selectDate($date_stop, 'date_stop', 0, 0, 0, "", 1, 1, 0)."\n";
+print $langs->trans("ReportPeriod").': ';
+print $form->selectDate($date_start, 'date_start', 0, 0, 0, "", 1, 1, 0, '', '', '', '', 1, '', '', 'tzuserrel');
+print ' - ';
+print $form->selectDate($date_stop, 'date_stop', 0, 0, 0, "", 1, 1, 0, '', '', '', '', 1, '', '', 'tzuserrel');
+print "\n";
// Export is for current company only
if (!empty($conf->multicompany->enabled) && is_object($mc)) {
@@ -558,22 +572,16 @@ if (!empty($conf->multicompany->enabled) && is_object($mc)) {
print '
';
-$listofchoices = array(
- 'selectinvoices'=>array('label'=>'Invoices', 'lang'=>'bills', 'enabled' => !empty($conf->facture->enabled)),
- 'selectsupplierinvoices'=>array('label'=>'BillsSuppliers', 'lang'=>'bills', 'enabled' => !empty($conf->supplier_invoice->enabled)),
- 'selectexpensereports'=>array('label'=>'ExpenseReports', 'lang'=>'trips', 'enabled' => !empty($conf->expensereport->enabled)),
- 'selectdonations'=>array('label'=>'Donations', 'lang'=>'donation', 'enabled' => !empty($conf->don->enabled)),
- 'selectsocialcontributions'=>array('label'=>'SocialContributions', 'enabled' => !empty($conf->tax->enabled)),
- 'selectpaymentsofsalaries'=>array('label'=>'SalariesPayments', 'lang'=>'salaries', 'enabled' => !empty($conf->salaries->enabled)),
- 'selectvariouspayment'=>array('label'=>'VariousPayment', 'enabled' => !empty($conf->banque->enabled)),
- 'selectloanspayment'=>array('label'=>'PaymentLoan', 'enabled' => !empty($conf->loan->enabled)),
-);
foreach ($listofchoices as $choice => $val) {
if (empty($val['enabled'])) {
continue; // list not qualified
}
+ $disabled = '';
+ if (empty($val['perms'])) {
+ $disabled = ' disabled';
+ }
$checked = (((!GETPOSTISSET('search') && $action != 'searchfiles') || GETPOST($choice)) ? ' checked="checked"' : '');
- print '
'.$langs->trans($val['label']).'
';
+ print '
'.$langs->trans($val['label']).'
';
}
print '
';
diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php
index b621ad9752f..37ef8a5da76 100644
--- a/htdocs/compta/bank/bankentries_list.php
+++ b/htdocs/compta/bank/bankentries_list.php
@@ -898,18 +898,21 @@ if ($resql) {
print '
';
}
- /// ajax to adjust value date with plus and less picto
+ // Code to adjust value date with plus and less picto using an Ajax call instead of a full reload of page
+ $urlajax = DOL_URL_ROOT.'/core/ajax/bankconciliate.php?token='.currentToken();
print '
+ ';
+ */
print '
';
print dol_get_fiche_end();
diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php
index 53d43583a9c..be91d475d4d 100644
--- a/htdocs/compta/bank/releve.php
+++ b/htdocs/compta/bank/releve.php
@@ -454,11 +454,14 @@ if (empty($numref)) {
// Date de valeur
print '
';
- print dol_print_date($db->jdate($objp->dv), "day").' ';
- print '';
+ print ''.dol_print_date($db->jdate($objp->dv), "day").' ';
+ print ' ';
+ print '';
+ print '';
print img_edit_remove()." ";
- print '';
+ print ' ';
print img_edit_add()." ";
+ print ' ';
print " \n";
// Type and num
@@ -656,6 +659,29 @@ if (empty($numref)) {
print "\n";
print "";
+ // Code to adjust value date with plus and less picto using an Ajax call instead of a full reload of page
+ $urlajax = DOL_URL_ROOT.'/core/ajax/bankconciliate.php?token='.currentToken();
+ print '
+
+ ';
+
print "
";
print "\n";
diff --git a/htdocs/compta/bank/transfer.php b/htdocs/compta/bank/transfer.php
index 0533a04c12f..c94f8810cd8 100644
--- a/htdocs/compta/bank/transfer.php
+++ b/htdocs/compta/bank/transfer.php
@@ -233,6 +233,7 @@ $account_from = '';
$account_to = '';
$label = '';
$amount = '';
+$amountto = '';
if ($error) {
$account_from = GETPOST('account_from', 'int');
diff --git a/htdocs/compta/bank/treso.php b/htdocs/compta/bank/treso.php
index b1dac2858b0..6ccd953a68b 100644
--- a/htdocs/compta/bank/treso.php
+++ b/htdocs/compta/bank/treso.php
@@ -37,22 +37,23 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
$langs->loadLangs(array('banks', 'categories', 'bills', 'companies'));
// Security check
-if (isset($_GET["account"]) || isset($_GET["ref"])) {
- $id = isset($_GET["account"]) ? $_GET["account"] : (isset($_GET["ref"]) ? $_GET["ref"] : '');
+if (GETPOSTISSET("account") || GETPOSTISSET("ref")) {
+ $id = GETPOSTISSET("account") ? GETPOST("account") : (GETPOSTISSET("ref") ? GETPOST("ref") : '');
}
-$fieldid = isset($_GET["ref"]) ? 'ref' : 'rowid';
+$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid';
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid);
-$vline = isset($_GET["vline"]) ? $_GET["vline"] : $_POST["vline"];
-$page = isset($_GET["page"]) ? $_GET["page"] : 0;
+$vline = GETPOST('vline');
+$page = GETPOSTISSET("page") ? GETPOST("page") : 0;
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('banktreso', 'globalcard'));
+
/*
* View
*/
@@ -68,7 +69,7 @@ $socialcontribstatic = new ChargeSociales($db);
$form = new Form($db);
-if ($_REQUEST["account"] || $_REQUEST["ref"]) {
+if (GETPOST("account") || GETPOST("ref")) {
if ($vline) {
$viewline = $vline;
} else {
@@ -76,11 +77,11 @@ if ($_REQUEST["account"] || $_REQUEST["ref"]) {
}
$object = new Account($db);
- if ($_GET["account"]) {
- $result = $object->fetch($_GET["account"]);
+ if (GETPOST("account", 'int')) {
+ $result = $object->fetch(GETPOST("account", 'int'));
}
- if ($_GET["ref"]) {
- $result = $object->fetch(0, $_GET["ref"]);
+ if (GETPOST("ref")) {
+ $result = $object->fetch(0, GETPOST("ref"));
$_GET["account"] = $object->id;
}
@@ -91,6 +92,8 @@ if ($_REQUEST["account"] || $_REQUEST["ref"]) {
$linkback = '
'.$langs->trans("BackToList").' ';
+ $morehtmlref = '';
+
dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref, '', 0, '', '', 1);
print dol_get_fiche_end();
diff --git a/htdocs/compta/cashcontrol/cashcontrol_card.php b/htdocs/compta/cashcontrol/cashcontrol_card.php
index da018dd1f06..ccaa0158af2 100644
--- a/htdocs/compta/cashcontrol/cashcontrol_card.php
+++ b/htdocs/compta/cashcontrol/cashcontrol_card.php
@@ -67,11 +67,6 @@ if ($contextpage == 'takepos') {
$_GET['optioncss'] = 'print';
}
-// Security check
-if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) {
- accessforbidden();
-}
-
$arrayofpaymentmode = array('cash'=>'Cash', 'cheque'=>'Cheque', 'card'=>'CreditCard');
$arrayofposavailable = array();
@@ -95,6 +90,15 @@ $hookmanager->initHooks(array('cashcontrolcard', 'globalcard'));
// Load object
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
+// Security check
+if ($user->socid > 0) { // Protection if external user
+ //$socid = $user->socid;
+ accessforbidden();
+}
+if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) {
+ accessforbidden();
+}
+
/*
* Actions
diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php
index 6c4141e4b6a..3b97b967208 100644
--- a/htdocs/compta/cashcontrol/cashcontrol_list.php
+++ b/htdocs/compta/cashcontrol/cashcontrol_list.php
@@ -94,14 +94,6 @@ if (!$sortorder) {
$sortorder = "ASC";
}
-// Security check
-$socid = 0;
-if ($user->socid > 0) { // Protection if external user
- //$socid = $user->socid;
- accessforbidden();
-}
-//$result = restrictedArea($user, 'monmodule', $id, '');
-
// Initialize array of search criterias
$search_all = GETPOST("search_all", 'alpha');
$search = array();
@@ -133,6 +125,14 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php';
$object->fields = dol_sort_array($object->fields, 'position');
$arrayfields = dol_sort_array($arrayfields, 'position');
+// Security check
+if ($user->socid > 0) { // Protection if external user
+ //$socid = $user->socid;
+ accessforbidden();
+}
+if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) {
+ accessforbidden();
+}
/*
diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php
index f6c58aa858c..95c18dbf261 100644
--- a/htdocs/compta/cashcontrol/report.php
+++ b/htdocs/compta/cashcontrol/report.php
@@ -72,6 +72,15 @@ $sday = $cashcontrol->day_close;
$posmodule = $cashcontrol->posmodule;
$terminalid = $cashcontrol->posnumber;
+// Security check
+if ($user->socid > 0) { // Protection if external user
+ //$socid = $user->socid;
+ accessforbidden();
+}
+if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) {
+ accessforbidden();
+}
+
/*
* View
diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php
index c1c0f83cecb..4f0148a05a1 100644
--- a/htdocs/compta/facture/card-rec.php
+++ b/htdocs/compta/facture/card-rec.php
@@ -65,7 +65,6 @@ $objecttype = 'facture_rec';
if ($action == "create" || $action == "add") {
$objecttype = '';
}
-$result = restrictedArea($user, 'facture', $id, $objecttype);
$projectid = GETPOST('projectid', 'int');
$year_date_when = GETPOST('year_date_when');
@@ -127,6 +126,8 @@ $now = dol_now();
$error = 0;
+$result = restrictedArea($user, 'facture', $object->id, $objecttype);
+
/*
* Actions
@@ -1657,15 +1658,15 @@ if ($action == 'create') {
if ($user->rights->facture->creer) {
if (empty($object->suspended)) {
- print '
';
+ print '
';
} else {
- print '
';
+ print '
';
}
}
//if ($object->statut == Facture::STATUS_DRAFT && $user->rights->facture->supprimer)
if ($user->rights->facture->supprimer) {
- print '
';
+ print '
';
}
print '
';
diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php
index 0433d9eb746..cd1905f528f 100644
--- a/htdocs/compta/facture/card.php
+++ b/htdocs/compta/facture/card.php
@@ -138,19 +138,19 @@ $permissiondellink = $usercancreate; // Used by the include of actions_dellink.i
$permissiontoedit = $usercancreate; // Used by the include of actions_lineupdonw.inc.php
$permissiontoadd = $usercancreate; // Used by the include of actions_addupdatedelete.inc.php
+// retained warranty invoice available type
+$retainedWarrantyInvoiceAvailableType = array();
+if (!empty($conf->global->INVOICE_USE_RETAINED_WARRANTY)) {
+ $retainedWarrantyInvoiceAvailableType = explode('+', $conf->global->INVOICE_USE_RETAINED_WARRANTY);
+}
+
// Security check
$fieldid = (!empty($ref) ? 'ref' : 'rowid');
if ($user->socid) {
$socid = $user->socid;
}
$isdraft = (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0);
-$result = restrictedArea($user, 'facture', $id, '', '', 'fk_soc', $fieldid, $isdraft);
-
-// retained warranty invoice available type
-$retainedWarrantyInvoiceAvailableType = array();
-if (!empty($conf->global->INVOICE_USE_RETAINED_WARRANTY)) {
- $retainedWarrantyInvoiceAvailableType = explode('+', $conf->global->INVOICE_USE_RETAINED_WARRANTY);
-}
+$result = restrictedArea($user, 'facture', $object->id, '', '', 'fk_soc', $fieldid, $isdraft);
/*
diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php
index 69356287288..b0690675b53 100644
--- a/htdocs/compta/facture/class/facture.class.php
+++ b/htdocs/compta/facture/class/facture.class.php
@@ -1543,6 +1543,13 @@ class Facture extends CommonInvoice
}
}
+ global $action, $hookmanager;
+ $hookmanager->initHooks(array('invoicedao'));
+ $parameters = array('id'=>$this->id, 'getnomurl'=>$result, 'notooltip' => $notooltip, 'addlinktonotes' => $addlinktonotes, 'save_lastsearch_value'=> $save_lastsearch_value, 'target' => $target);
+ $reshook = $hookmanager->executeHooks('getNomUrl', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks
+ if ($reshook > 0) $result = $hookmanager->resPrint;
+ else $result .= $hookmanager->resPrint;
+
return $result;
}
@@ -1553,7 +1560,7 @@ class Facture extends CommonInvoice
* @param string $ref Reference of invoice
* @param string $ref_ext External reference of invoice
* @param int $notused Not used
- * @param bool $fetch_situation Fetch the previous and next situation in $tab_previous_situation_invoice and $tab_next_situation_invoice
+ * @param bool $fetch_situation Load also the previous and next situation invoice into $tab_previous_situation_invoice and $tab_next_situation_invoice
* @return int >0 if OK, <0 if KO, 0 if not found
*/
public function fetch($rowid, $ref = '', $ref_ext = '', $notused = '', $fetch_situation = false)
diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php
index dc1fe1e7c45..19e76b15c5c 100644
--- a/htdocs/compta/facture/contact.php
+++ b/htdocs/compta/facture/contact.php
@@ -48,9 +48,14 @@ $action = GETPOST('action', 'aZ09');
if ($user->socid) {
$socid = $user->socid;
}
-$result = restrictedArea($user, 'facture', $id);
$object = new Facture($db);
+// Load object
+if ($id > 0 || !empty($ref)) {
+ $ret = $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION);
+}
+
+$result = restrictedArea($user, 'facture', $object->id);
/*
@@ -58,8 +63,6 @@ $object = new Facture($db);
*/
if ($action == 'addcontact' && $user->rights->facture->creer) {
- $result = $object->fetch($id);
-
if ($result > 0 && $id > 0) {
$contactid = (GETPOST('userid') ? GETPOST('userid', 'int') : GETPOST('contactid', 'int'));
$typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type'));
@@ -79,14 +82,9 @@ if ($action == 'addcontact' && $user->rights->facture->creer) {
}
} elseif ($action == 'swapstatut' && $user->rights->facture->creer) {
// Toggle the status of a contact
- if ($object->fetch($id)) {
- $result = $object->swapContactStatus(GETPOST('ligne'));
- } else {
- dol_print_error($db);
- }
+ $result = $object->swapContactStatus(GETPOST('ligne'));
} elseif ($action == 'deletecontact' && $user->rights->facture->creer) {
// Deletes a contact
- $object->fetch($id);
$result = $object->delete_contact($lineid);
if ($result >= 0) {
diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php
index c44aeae67ca..4c0544e3810 100644
--- a/htdocs/compta/facture/document.php
+++ b/htdocs/compta/facture/document.php
@@ -48,12 +48,6 @@ $socid = GETPOST('socid', 'int');
$action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha');
-// Security check
-if ($user->socid) {
- $socid = $user->socid;
-}
-$result = restrictedArea($user, 'facture', $id, '');
-
// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@@ -73,11 +67,17 @@ if (!$sortfield) {
}
$object = new Facture($db);
-if ($object->fetch($id)) {
+if ($object->fetch($id, $ref)) {
$object->fetch_thirdparty();
$upload_dir = $conf->facture->dir_output."/".dol_sanitizeFileName($object->ref);
}
+// Security check
+if ($user->socid) {
+ $socid = $user->socid;
+}
+$result = restrictedArea($user, 'facture', $object->id, '');
+
/*
* Actions
diff --git a/htdocs/compta/facture/info.php b/htdocs/compta/facture/info.php
index 97646d56103..5b9b7fc4316 100644
--- a/htdocs/compta/facture/info.php
+++ b/htdocs/compta/facture/info.php
@@ -38,6 +38,25 @@ $langs->loadLangs(array('companies', 'bills'));
$id = GETPOST("facid", "int");
$ref = GETPOST("ref", 'alpha');
+$object = new Facture($db);
+$extrafields = new ExtraFields($db);
+
+// Fetch optionals attributes and labels
+$extrafields->fetch_name_optionals_label($object->table_element);
+
+// Load object
+if ($id > 0 || !empty($ref)) {
+ $ret = $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION);
+}
+
+// Security check
+$fieldid = (!empty($ref) ? 'ref' : 'rowid');
+if ($user->socid) {
+ $socid = $user->socid;
+}
+$isdraft = (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0);
+$result = restrictedArea($user, 'facture', $object->id, '', '', 'fk_soc', $fieldid, $isdraft);
+
/*
* View
@@ -46,11 +65,10 @@ $ref = GETPOST("ref", 'alpha');
$form = new Form($db);
$title = $langs->trans('InvoiceCustomer')." - ".$langs->trans('Info');
-$helpurl = "EN:Customers_Invoices|FR:Factures_Clients|ES:Facturas_a_clientes";
-llxHeader('', $title, $helpurl);
+$help_url = "EN:Customers_Invoices|FR:Factures_Clients|ES:Facturas_a_clientes";
+
+llxHeader('', $title, $help_url);
-$object = new Facture($db);
-$object->fetch($id, $ref);
$object->fetch_thirdparty();
$object->info($object->id);
diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php
index e419ed9260b..5d511aa6cd6 100644
--- a/htdocs/compta/facture/invoicetemplate_list.php
+++ b/htdocs/compta/facture/invoicetemplate_list.php
@@ -165,6 +165,11 @@ if ($socid > 0) {
}
}
+$objecttype = 'facture_rec';
+
+$result = restrictedArea($user, 'facture', $object->id, $objecttype);
+
+
/*
* Actions
*/
diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php
index 9b3dce589fb..31365b33b58 100644
--- a/htdocs/compta/facture/list.php
+++ b/htdocs/compta/facture/list.php
@@ -493,6 +493,10 @@ if ($search_user > 0) {
$sql .= ", ".MAIN_DB_PREFIX."element_contact as ec";
$sql .= ", ".MAIN_DB_PREFIX."c_type_contact as tc";
}
+// Add table from hooks
+$parameters = array();
+$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook
+$sql .= $hookmanager->resPrint;
$sql .= ' WHERE f.fk_soc = s.rowid';
$sql .= ' AND f.entity IN ('.getEntity('invoice').')';
@@ -689,10 +693,19 @@ if (!$sall) {
$sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key : '');
}
}
+ // Add GroupBy from hooks
+ $parameters = array('all' => $all, 'fieldstosearchall' => $fieldstosearchall);
+ $reshook = $hookmanager->executeHooks('printFieldListGroupBy', $parameters, $object); // Note that $action and $object may have been modified by hook
+ $sql .= $hookmanager->resPrint;
} else {
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
}
+// Add HAVING from hooks
+$parameters = array();
+$reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook
+$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 ' . $hookmanager->resPrint) : '';
+
$sql .= ' ORDER BY ';
$listfield = explode(',', $sortfield);
$listorder = explode(',', $sortorder);
@@ -865,6 +878,10 @@ if ($resql) {
// Add $param from extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
+ // Add $param from hooks
+ $parameters = array();
+ $reshook = $hookmanager->executeHooks('printFieldListSearchParam', $parameters, $object); // Note that $action and $object may have been modified by hook
+ $param .= $hookmanager->resPrint;
$arrayofmassactions = array(
'validate'=>$langs->trans("Validate"),
diff --git a/htdocs/compta/facture/note.php b/htdocs/compta/facture/note.php
index 23d4afb0417..f019d822529 100644
--- a/htdocs/compta/facture/note.php
+++ b/htdocs/compta/facture/note.php
@@ -41,6 +41,14 @@ $ref = GETPOST('ref', 'alpha');
$socid = GETPOST('socid', 'int');
$action = GETPOST('action', 'aZ09');
+$object = new Facture($db);
+// Load object
+if ($id > 0 || !empty($ref)) {
+ $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION);
+}
+
+$permissionnote = $user->rights->facture->creer; // Used by the include of actions_setnotes.inc.php
+
// Security check
$socid = 0;
if ($user->socid) {
@@ -48,11 +56,6 @@ if ($user->socid) {
}
$result = restrictedArea($user, 'facture', $id, '');
-$object = new Facture($db);
-$object->fetch($id);
-
-$permissionnote = $user->rights->facture->creer; // Used by the include of actions_setnotes.inc.php
-
/*
* Actions
diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php
index 9c700f509f9..a22c0c51b73 100644
--- a/htdocs/compta/resultat/clientfourn.php
+++ b/htdocs/compta/resultat/clientfourn.php
@@ -49,18 +49,6 @@ $date_endday = GETPOST('date_endday', 'int');
$date_endyear = GETPOST('date_endyear', 'int');
$showaccountdetail = GETPOST('showaccountdetail', 'aZ09') ?GETPOST('showaccountdetail', 'aZ09') : 'no';
-// Security check
-$socid = GETPOST('socid', 'int');
-if ($user->socid > 0) {
- $socid = $user->socid;
-}
-if (!empty($conf->comptabilite->enabled)) {
- $result = restrictedArea($user, 'compta', '', '', 'resultat');
-}
-if (!empty($conf->accounting->enabled)) {
- $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
-}
-
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
@@ -151,6 +139,17 @@ if (GETPOST("modecompta", 'alpha')) {
$AccCat = new AccountancyCategory($db);
+// Security check
+$socid = GETPOST('socid', 'int');
+if ($user->socid > 0) {
+ $socid = $user->socid;
+}
+if (!empty($conf->comptabilite->enabled)) {
+ $result = restrictedArea($user, 'compta', '', '', 'resultat');
+}
+if (!empty($conf->accounting->enabled)) {
+ $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
+}
/*
diff --git a/htdocs/compta/resultat/index.php b/htdocs/compta/resultat/index.php
index 228269d135e..e5b86ba762e 100644
--- a/htdocs/compta/resultat/index.php
+++ b/htdocs/compta/resultat/index.php
@@ -108,6 +108,14 @@ $year_end = $tmpe['year'];
$nbofyear = ($year_end - $year_start) + 1;
//var_dump("year_start=".$year_start." year_end=".$year_end." nbofyear=".$nbofyear." date_start=".dol_print_date($date_start, 'dayhour')." date_end=".dol_print_date($date_end, 'dayhour'));
+// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES' or 'BOOKKEEPING')
+$modecompta = $conf->global->ACCOUNTING_MODE;
+if (!empty($conf->accounting->enabled)) {
+ $modecompta = 'BOOKKEEPING';
+}
+if (GETPOST("modecompta", 'alpha')) {
+ $modecompta = GETPOST("modecompta", 'alpha');
+}
// Security check
$socid = GETPOST('socid', 'int');
@@ -121,15 +129,6 @@ if (!empty($conf->accounting->enabled)) {
$result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
}
-// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES' or 'BOOKKEEPING')
-$modecompta = $conf->global->ACCOUNTING_MODE;
-if (!empty($conf->accounting->enabled)) {
- $modecompta = 'BOOKKEEPING';
-}
-if (GETPOST("modecompta", 'alpha')) {
- $modecompta = GETPOST("modecompta", 'alpha');
-}
-
/*
* View
diff --git a/htdocs/compta/resultat/result.php b/htdocs/compta/resultat/result.php
index df3a82a4b7f..91932100565 100644
--- a/htdocs/compta/resultat/result.php
+++ b/htdocs/compta/resultat/result.php
@@ -144,16 +144,20 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta", 'alpha');
}
-// Security check
-if ($user->socid > 0) {
- accessforbidden();
-}
-if (!$user->rights->accounting->comptarapport->lire) {
- accessforbidden();
-}
-
$AccCat = new AccountancyCategory($db);
+// Security check
+$socid = GETPOST('socid', 'int');
+if ($user->socid > 0) {
+ $socid = $user->socid;
+}
+if (!empty($conf->comptabilite->enabled)) {
+ $result = restrictedArea($user, 'compta', '', '', 'resultat');
+}
+if (!empty($conf->accounting->enabled)) {
+ $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
+}
+
/*
* View
diff --git a/htdocs/compta/stats/byratecountry.php b/htdocs/compta/stats/byratecountry.php
index 79379ee0b24..1644a4ee5e3 100644
--- a/htdocs/compta/stats/byratecountry.php
+++ b/htdocs/compta/stats/byratecountry.php
@@ -44,16 +44,16 @@ $modecompta = (GETPOST('modecompta', 'alpha') ? GETPOST('modecompta', 'alpha') :
$year = GETPOST("year", 'int');
$month = GETPOST("month", 'int');
if (empty($year)) {
- $year_current = strftime("%Y", dol_now());
- $month_current = strftime("%m", dol_now());
+ $year_current = dol_print_date(dol_now(), '%Y');
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
- $month_current = strftime("%m", dol_now());
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
-$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
-$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
+$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int");
diff --git a/htdocs/compta/stats/cabyprodserv.php b/htdocs/compta/stats/cabyprodserv.php
index c6c0e8e0816..25d9d4b9460 100644
--- a/htdocs/compta/stats/cabyprodserv.php
+++ b/htdocs/compta/stats/cabyprodserv.php
@@ -52,8 +52,8 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
-$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
-$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
+$sortorder = GETPOST("sortorder", 'aZ09');
+$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@@ -89,16 +89,16 @@ $date_endyear = GETPOST("date_endyear");
$date_endmonth = GETPOST("date_endmonth");
$date_endday = GETPOST("date_endday");
if (empty($year)) {
- $year_current = strftime("%Y", dol_now());
- $month_current = strftime("%m", dol_now());
+ $year_current = dol_print_date(dol_now(), '%Y');
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
- $month_current = strftime("%m", dol_now());
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
-$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
-$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
+$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int");
diff --git a/htdocs/compta/stats/cabyuser.php b/htdocs/compta/stats/cabyuser.php
index 62e6fb3135d..feae1f83594 100644
--- a/htdocs/compta/stats/cabyuser.php
+++ b/htdocs/compta/stats/cabyuser.php
@@ -51,8 +51,8 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
-$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
-$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
+$sortorder = GETPOST("sortorder", 'aZ09');
+$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@@ -61,25 +61,25 @@ if (!$sortfield) {
}
// Date range
-$year = GETPOST("year");
-$month = GETPOST("month");
-$date_startyear = GETPOST("date_startyear");
-$date_startmonth = GETPOST("date_startmonth");
-$date_startday = GETPOST("date_startday");
-$date_endyear = GETPOST("date_endyear");
-$date_endmonth = GETPOST("date_endmonth");
-$date_endday = GETPOST("date_endday");
+$year = GETPOST("year", 'int');
+$month = GETPOST("month", 'int');
+$date_startyear = GETPOST("date_startyear", 'int');
+$date_startmonth = GETPOST("date_startmonth", 'int');
+$date_startday = GETPOST("date_startday", 'int');
+$date_endyear = GETPOST("date_endyear", 'int');
+$date_endmonth = GETPOST("date_endmonth", 'int');
+$date_endday = GETPOST("date_endday", 'int');
if (empty($year)) {
- $year_current = strftime("%Y", dol_now());
- $month_current = strftime("%m", dol_now());
+ $year_current = dol_print_date(dol_now(), '%Y');
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
- $month_current = strftime("%m", dol_now());
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
-$date_start = dol_mktime(0, 0, 0, $_REQUEST["date_startmonth"], $_REQUEST["date_startday"], $_REQUEST["date_startyear"]);
-$date_end = dol_mktime(23, 59, 59, $_REQUEST["date_endmonth"], $_REQUEST["date_endday"], $_REQUEST["date_endyear"]);
+$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q") ?GETPOST("q") : 0;
diff --git a/htdocs/compta/stats/casoc.php b/htdocs/compta/stats/casoc.php
index c8c13ca8b27..aedae20b8f0 100644
--- a/htdocs/compta/stats/casoc.php
+++ b/htdocs/compta/stats/casoc.php
@@ -44,8 +44,8 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
-$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
-$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
+$sortorder = GETPOST("sortorder", 'aZ09');
+$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@@ -83,23 +83,23 @@ $search_societe = GETPOST("search_societe", 'alpha');
$search_zip = GETPOST("search_zip", 'alpha');
$search_town = GETPOST("search_town", 'alpha');
$search_country = GETPOST("search_country", 'alpha');
-$date_startyear = GETPOST("date_startyear", 'alpha');
-$date_startmonth = GETPOST("date_startmonth", 'alpha');
-$date_startday = GETPOST("date_startday", 'alpha');
-$date_endyear = GETPOST("date_endyear", 'alpha');
-$date_endmonth = GETPOST("date_endmonth", 'alpha');
-$date_endday = GETPOST("date_endday", 'alpha');
+$date_startyear = GETPOST("date_startyear", 'int');
+$date_startmonth = GETPOST("date_startmonth", 'int');
+$date_startday = GETPOST("date_startday", 'int');
+$date_endyear = GETPOST("date_endyear", 'int');
+$date_endmonth = GETPOST("date_endmonth", 'int');
+$date_endday = GETPOST("date_endday", 'int');
if (empty($year)) {
- $year_current = strftime("%Y", dol_now());
- $month_current = strftime("%m", dol_now());
+ $year_current = dol_print_date(dol_now(), '%Y');
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
- $month_current = strftime("%m", dol_now());
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
-$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
-$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
+$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int") ?GETPOST("q", "int") : 0;
diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php
index 083230da668..74589d2e391 100644
--- a/htdocs/compta/stats/index.php
+++ b/htdocs/compta/stats/index.php
@@ -51,8 +51,8 @@ if (empty($year)) {
$month_current = dol_print_date(dol_now(), "%m");
$year_start = $year - ($nbofyear - 1);
}
-$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear);
-$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear);
+$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzuserrel');
// We define date_start and date_end
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
diff --git a/htdocs/compta/stats/supplier_turnover.php b/htdocs/compta/stats/supplier_turnover.php
index b199dcbeb9c..141db21b73e 100644
--- a/htdocs/compta/stats/supplier_turnover.php
+++ b/htdocs/compta/stats/supplier_turnover.php
@@ -47,8 +47,8 @@ if (empty($year)) {
$month_current = strftime("%m", dol_now());
$year_start = $year - ($nbofyear - 1);
}
-$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear);
-$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear);
+$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzuserrel');
// We define date_start and date_end
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
@@ -120,8 +120,6 @@ if (!empty($conf->accounting->enabled)) {
}
-
-
/*
* View
*/
diff --git a/htdocs/compta/stats/supplier_turnover_by_prodserv.php b/htdocs/compta/stats/supplier_turnover_by_prodserv.php
index bdf4e5e0f85..26659c851f9 100644
--- a/htdocs/compta/stats/supplier_turnover_by_prodserv.php
+++ b/htdocs/compta/stats/supplier_turnover_by_prodserv.php
@@ -30,27 +30,14 @@ require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
// Load translation files required by the page
$langs->loadLangs(array("products", "categories", "errors", 'accountancy'));
-// Security pack (data & check)
-$socid = GETPOST('socid', 'int');
-
-if ($user->socid > 0) {
- $socid = $user->socid;
-}
-if (!empty($conf->comptabilite->enabled)) {
- $result = restrictedArea($user, 'compta', '', '', 'resultat');
-}
-if (!empty($conf->accounting->enabled)) {
- $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
-}
-
// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES')
$modecompta = $conf->global->ACCOUNTING_MODE;
if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
-$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
-$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
+$sortorder = GETPOST("sortorder", 'aZ09');
+$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@@ -84,16 +71,16 @@ $date_endyear = GETPOST("date_endyear");
$date_endmonth = GETPOST("date_endmonth");
$date_endday = GETPOST("date_endday");
if (empty($year)) {
- $year_current = strftime("%Y", dol_now());
- $month_current = strftime("%m", dol_now());
+ $year_current = dol_print_date(dol_now(), '%Y');
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
- $month_current = strftime("%m", dol_now());
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
-$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
-$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
+$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int");
@@ -204,6 +191,19 @@ foreach ($allparams as $key => $value) {
$paramslink .= '&'.$key.'='.$value;
}
+// Security pack (data & check)
+$socid = GETPOST('socid', 'int');
+
+if ($user->socid > 0) {
+ $socid = $user->socid;
+}
+if (!empty($conf->comptabilite->enabled)) {
+ $result = restrictedArea($user, 'compta', '', '', 'resultat');
+}
+if (!empty($conf->accounting->enabled)) {
+ $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
+}
+
/*
* View
diff --git a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php
index fbfb0994e4a..0530d58ee87 100644
--- a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php
+++ b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php
@@ -38,8 +38,8 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
-$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
-$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
+$sortorder = GETPOST("sortorder", 'aZ09');
+$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@@ -59,17 +59,6 @@ if (GETPOST('subcat', 'alpha') === 'yes') {
// Hook
$hookmanager->initHooks(array('supplierturnoverbythirdpartylist'));
-// Security check
-if ($user->socid > 0) {
- $socid = $user->socid;
-}
-if (!empty($conf->comptabilite->enabled)) {
- $result = restrictedArea($user, 'compta', '', '', 'resultat');
-}
-if (!empty($conf->accounting->enabled)) {
- $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
-}
-
// Date range
$year = GETPOST("year", 'int');
$month = GETPOST("month", 'int');
@@ -84,16 +73,16 @@ $date_endyear = GETPOST("date_endyear", 'alpha');
$date_endmonth = GETPOST("date_endmonth", 'alpha');
$date_endday = GETPOST("date_endday", 'alpha');
if (empty($year)) {
- $year_current = strftime("%Y", dol_now());
- $month_current = strftime("%m", dol_now());
+ $year_current = dol_print_date(dol_now(), '%Y');
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
- $month_current = strftime("%m", dol_now());
+ $month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
-$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
-$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
+$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
+$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int") ?GETPOST("q", "int") : 0;
@@ -175,6 +164,17 @@ foreach ($allparams as $key => $value) {
$paramslink .= '&'.$key.'='.$value;
}
+// Security check
+if ($user->socid > 0) {
+ $socid = $user->socid;
+}
+if (!empty($conf->comptabilite->enabled)) {
+ $result = restrictedArea($user, 'compta', '', '', 'resultat');
+}
+if (!empty($conf->accounting->enabled)) {
+ $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
+}
+
/*
* View
diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php
index 0ee4cb10637..421b88ea6b8 100644
--- a/htdocs/contact/card.php
+++ b/htdocs/contact/card.php
@@ -8,7 +8,7 @@
* Copyright (C) 2013-2016 Alexandre Spangaro
* Copyright (C) 2014 Juanjo Menent
* Copyright (C) 2015 Jean-François Ferry
- * Copyright (C) 2018-2020 Frédéric France
+ * Copyright (C) 2018-2021 Frédéric France
* Copyright (C) 2019 Josep Lluís Amador
* Copyright (C) 2020 Open-Dsi
*
@@ -1035,7 +1035,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Unsubscribe
if (!empty($conf->mailing->enabled)) {
- if ($conf->use_javascript_ajax && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS==-1) {
+ if ($conf->use_javascript_ajax && isset($conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS) && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS == -1) {
print "\n".'