From e6d35039c9bc14fe1ff58aa5a8c1197ffd7b9779 Mon Sep 17 00:00:00 2001 From: abb Date: Sun, 14 Feb 2021 17:59:12 +0100 Subject: [PATCH 01/85] fix:Handle constant MAIN_SHOW_SOCIETE2EXTERN in checkUserAccessToObject --- htdocs/core/lib/security.lib.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 2f1e3d5596b..13f93ec59d4 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -584,7 +584,8 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand } } elseif (!in_array($feature, $nocheck)) { // By default (case of $checkdefault), we check on object entity + link to third party on field $dbt_keyfield // If external user: Check permission for external users - if ($user->socid > 0) { + if ($user->socid > 0 && empty($conf->global->MAIN_SHOW_SOCIETE2EXTERN)) + { if (empty($dbt_keyfield)) dol_print_error('', 'Param dbt_keyfield is required but not defined'); $sql = "SELECT COUNT(dbt.".$dbt_keyfield.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; From dcb7958be9ee104be290711f16d0cf6fee133d60 Mon Sep 17 00:00:00 2001 From: Frans Bosman Date: Sat, 13 Mar 2021 08:44:16 +0100 Subject: [PATCH 02/85] Update list.php Changed the presentation of the stock to show decimals and thousands separator. changes price2num to price and use MAIN_MAX_DECIMALS_STOCK --- htdocs/product/list.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 5bc973e56b7..3d471ff314f 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -1643,7 +1643,9 @@ if ($resql) { if ($obj->seuil_stock_alerte != '' && $product_static->stock_reel < (float) $obj->seuil_stock_alerte) { print img_warning($langs->trans("StockLowerThanLimit", $obj->seuil_stock_alerte)).' '; } - print price2num($product_static->stock_reel, 'MS'); + $decimals = !isset($conf->global->MAIN_MAX_DECIMALS_STOCK) ? 5 : $conf->global->MAIN_MAX_DECIMALS_STOCK; + print price($product_static->stock_reel, 0, $langs->defaultlang,1,-1,$decimals); + //print price2num($product_static->stock_reel, 'MS'); } print ''; if (!$i) { @@ -1657,7 +1659,9 @@ if ($resql) { if ($obj->seuil_stock_alerte != '' && $product_static->stock_theorique < (float) $obj->seuil_stock_alerte) { print img_warning($langs->trans("StockLowerThanLimit", $obj->seuil_stock_alerte)).' '; } - print price2num($product_static->stock_theorique, 'MS'); + $decimals = !isset($conf->global->MAIN_MAX_DECIMALS_STOCK) ? 5 : $conf->global->MAIN_MAX_DECIMALS_STOCK; + print price($product_static->stock_theorique, 0, $langs->defaultlang,1,-1,$decimals); + //print price2num($product_static->stock_theorique, 'MS'); } print ''; if (!$i) { From f68bbdcf45d6754e1c381e69983dc9ccb9274163 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Sat, 13 Mar 2021 07:46:46 +0000 Subject: [PATCH 03/85] Fixing style errors. --- htdocs/product/list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 3d471ff314f..bae9fe991d3 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -1644,7 +1644,7 @@ if ($resql) { print img_warning($langs->trans("StockLowerThanLimit", $obj->seuil_stock_alerte)).' '; } $decimals = !isset($conf->global->MAIN_MAX_DECIMALS_STOCK) ? 5 : $conf->global->MAIN_MAX_DECIMALS_STOCK; - print price($product_static->stock_reel, 0, $langs->defaultlang,1,-1,$decimals); + print price($product_static->stock_reel, 0, $langs->defaultlang, 1, -1, $decimals); //print price2num($product_static->stock_reel, 'MS'); } print ''; @@ -1660,7 +1660,7 @@ if ($resql) { print img_warning($langs->trans("StockLowerThanLimit", $obj->seuil_stock_alerte)).' '; } $decimals = !isset($conf->global->MAIN_MAX_DECIMALS_STOCK) ? 5 : $conf->global->MAIN_MAX_DECIMALS_STOCK; - print price($product_static->stock_theorique, 0, $langs->defaultlang,1,-1,$decimals); + print price($product_static->stock_theorique, 0, $langs->defaultlang, 1, -1, $decimals); //print price2num($product_static->stock_theorique, 'MS'); } print ''; From ba4fd3d44f66b4f196e1f990d1c7b2702eb470b7 Mon Sep 17 00:00:00 2001 From: Frans Bosman Date: Mon, 15 Mar 2021 13:44:40 +0100 Subject: [PATCH 04/85] Update list.php --- htdocs/product/list.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index bae9fe991d3..36c2de9e3ba 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -1643,9 +1643,7 @@ if ($resql) { if ($obj->seuil_stock_alerte != '' && $product_static->stock_reel < (float) $obj->seuil_stock_alerte) { print img_warning($langs->trans("StockLowerThanLimit", $obj->seuil_stock_alerte)).' '; } - $decimals = !isset($conf->global->MAIN_MAX_DECIMALS_STOCK) ? 5 : $conf->global->MAIN_MAX_DECIMALS_STOCK; - print price($product_static->stock_reel, 0, $langs->defaultlang, 1, -1, $decimals); - //print price2num($product_static->stock_reel, 'MS'); + print price(price2num($product_static->stock_reel, 'MS')); } print ''; if (!$i) { @@ -1659,9 +1657,7 @@ if ($resql) { if ($obj->seuil_stock_alerte != '' && $product_static->stock_theorique < (float) $obj->seuil_stock_alerte) { print img_warning($langs->trans("StockLowerThanLimit", $obj->seuil_stock_alerte)).' '; } - $decimals = !isset($conf->global->MAIN_MAX_DECIMALS_STOCK) ? 5 : $conf->global->MAIN_MAX_DECIMALS_STOCK; - print price($product_static->stock_theorique, 0, $langs->defaultlang, 1, -1, $decimals); - //print price2num($product_static->stock_theorique, 'MS'); + print price(price2num($product_static->stock_theorique, 'MS')); } print ''; if (!$i) { From 9c51e62d0f3cffd632f069fa23156ec6f724b321 Mon Sep 17 00:00:00 2001 From: Bahfir Abbes Date: Tue, 16 Mar 2021 12:25:17 +0100 Subject: [PATCH 05/85] Update security.lib.php MAIN_EXTERNAL_USERS_CAN_SEE_SUBSIDIARY_COMPANIES --- htdocs/core/lib/security.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 13f93ec59d4..381745a5359 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -584,7 +584,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand } } elseif (!in_array($feature, $nocheck)) { // By default (case of $checkdefault), we check on object entity + link to third party on field $dbt_keyfield // If external user: Check permission for external users - if ($user->socid > 0 && empty($conf->global->MAIN_SHOW_SOCIETE2EXTERN)) + if ($user->socid > 0 && empty($conf->global->MAIN_EXTERNAL_USERS_CAN_SEE_SUBSIDIARY_COMPANIES)) { if (empty($dbt_keyfield)) dol_print_error('', 'Param dbt_keyfield is required but not defined'); $sql = "SELECT COUNT(dbt.".$dbt_keyfield.") as nb"; From f59c19b573d4c1658fc890dc4f3cc7de5b83bab7 Mon Sep 17 00:00:00 2001 From: Christophe Battarel Date: Tue, 16 Mar 2021 16:50:59 +0100 Subject: [PATCH 06/85] search on lots or serials --- htdocs/core/ajax/selectsearchbox.php | 4 ++++ htdocs/langs/en_US/main.lang | 3 ++- htdocs/langs/fr_FR/main.lang | 3 ++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/htdocs/core/ajax/selectsearchbox.php b/htdocs/core/ajax/selectsearchbox.php index 2e19d68109a..2794243b7f3 100644 --- a/htdocs/core/ajax/selectsearchbox.php +++ b/htdocs/core/ajax/selectsearchbox.php @@ -79,6 +79,10 @@ if (!empty($conf->societe->enabled) && empty($conf->global->MAIN_SEARCHFORM_CONT if (((!empty($conf->product->enabled) && $user->rights->produit->lire) || (!empty($conf->service->enabled) && $user->rights->service->lire)) && empty($conf->global->MAIN_SEARCHFORM_PRODUITSERVICE_DISABLED)) { $arrayresult['searchintoproduct'] = array('position'=>30, 'shortcut'=>'P', 'img'=>'object_product', 'label'=>$langs->trans("SearchIntoProductsOrServices", $search_boxvalue), 'text'=>img_picto('', 'object_product').' '.$langs->trans("SearchIntoProductsOrServices", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/product/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : '')); + // search on lot/serial numbers + if ( ! empty($conf->productbatch->enabled) ) { + $arrayresult['searchintobatch'] = array('position'=>32, 'shortcut'=>'B', 'img'=>'object_plot', 'label'=>$langs->trans("SearchIntoBatch", $search_boxvalue), 'text'=>img_picto('', 'object_lot').' '.$langs->trans("SearchIntoBatch", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/product/stock/productlot_list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : '')); + } } if (!empty($conf->mrp->enabled) && $user->rights->mrp->read && empty($conf->global->MAIN_SEARCHFORM_MRP_DISABLED)) { diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index 444ceb7f64e..e27ec6d9c43 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -389,7 +389,7 @@ AmountTotal=Total amount AmountAverage=Average amount PriceQtyMinHT=Price quantity min. (excl. tax) PriceQtyMinHTCurrency=Price quantity min. (excl. tax) (currency) -PercentOfOriginalObject=Percent of original object +PercentOfOriginalObject=Percent of original object AmountOrPercent=Amount or percent Percentage=Percentage Total=Total @@ -1017,6 +1017,7 @@ SearchIntoContacts=Contacts SearchIntoMembers=Members SearchIntoUsers=Users SearchIntoProductsOrServices=Products or services +SearchIntoBatch=Lots / Serials SearchIntoProjects=Projects SearchIntoMO=Manufacturing Orders SearchIntoTasks=Tasks diff --git a/htdocs/langs/fr_FR/main.lang b/htdocs/langs/fr_FR/main.lang index 70f50c7eea3..86ba2247682 100644 --- a/htdocs/langs/fr_FR/main.lang +++ b/htdocs/langs/fr_FR/main.lang @@ -548,7 +548,7 @@ None=Aucun NoneF=Aucune NoneOrSeveral=Aucun ou plusieurs Late=Retard -LateDesc=Le délai qui définit si un enregistrement est en retard ou non dépend de votre configuration. Demandez à votre administrateur pour changer ce délai depuis Accueil - Configuration - Alertes +LateDesc=Le délai qui définit si un enregistrement est en retard ou non dépend de votre configuration. Demandez à votre administrateur pour changer ce délai depuis Accueil - Configuration - Alertes NoItemLate=Aucun élément en retard Photo=Photo Photos=Photos @@ -1013,6 +1013,7 @@ SearchIntoContacts=Contacts SearchIntoMembers=Adhérents SearchIntoUsers=Utilisateurs SearchIntoProductsOrServices=Produits ou services +SearchIntoBatch=Lots / N° de série SearchIntoProjects=Projets SearchIntoMO=Ordres de fabrication SearchIntoTasks=Tâches From 18ef8031cd16644b914d6d28086c6ec596f3b77b Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Wed, 17 Mar 2021 17:57:07 +0100 Subject: [PATCH 07/85] Update ftpclient.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit $help_url = 'EN:Module_FTP_En|FR:Module_FTP|ES:Módulo_FTP'; llxHeader('', 'FTP', $help_url); --- htdocs/ftp/admin/ftpclient.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/ftp/admin/ftpclient.php b/htdocs/ftp/admin/ftpclient.php index 85039a3e6e1..ab673e45447 100644 --- a/htdocs/ftp/admin/ftpclient.php +++ b/htdocs/ftp/admin/ftpclient.php @@ -148,7 +148,10 @@ if (GETPOST('delete', 'alpha')) { $form = new Form($db); -llxHeader(); + +$help_url = 'EN:Module_FTP_En|FR:Module_FTP|ES:Módulo_FTP'; + +llxHeader('', 'FTP', $help_url); $linkback = ''.$langs->trans("BackToModuleList").''; print load_fiche_titre($langs->trans("FTPClientSetup"), $linkback, 'title_setup'); From 373e225dd0589c2eeb757d7ab55026ce59d561df Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Wed, 17 Mar 2021 18:17:03 +0100 Subject: [PATCH 08/85] Update card.php translations of comments (fr->en) ---------------------------------------------------- insert: $help_url = 'EN:Module_Holiday'; llxHeader('', $langs->trans('CPTitreMenu'), $help_url); -------------------------------------------------------------------- start creatrion of https://wiki.dolibarr.org/index.php/Module_Holiday --- htdocs/holiday/card.php | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index 76d0e607e47..bab0655b4c2 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -6,6 +6,7 @@ * Copyright (C) 2017 Alexandre Spangaro * Copyright (C) 2014-2017 Ferran Marcet * Copyright (C) 2018 Frédéric France + * Copyright (C) 2020-2021 Udo Tamm * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -408,7 +409,7 @@ if (empty($reshook)) { $verif = $object->validate($user); - // Si pas d'erreur SQL on redirige vers la fiche de la demande + // If no SQL error, we redirect to the request form if ($verif > 0) { // To $destinataire = new User($db); @@ -446,7 +447,7 @@ if (empty($reshook)) { $nextMonth = dol_time_plus_duree($now, $delayForRequest, 'd'); - // Si l'option pour avertir le valideur en cas de délai trop court + // option to warn the validator in case of too short delay if ($object->getConfCP('AlertValidatorDelay')) { if ($object->date_debut < $nextMonth) { $message .= "\n"; @@ -454,7 +455,7 @@ if (empty($reshook)) { } } - // Si l'option pour avertir le valideur en cas de solde inférieur à la demande + // option to notify the validator if the balance is less than the request if ($object->getConfCP('AlertValidatorSolde')) { $nbopenedday = num_open_day($object->date_debut_gmt, $object->date_fin_gmt, 0, 1, $object->halfday); if ($nbopenedday > $object->getCPforUser($object->fk_user, $object->fk_type)) { @@ -473,7 +474,7 @@ if (empty($reshook)) { $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid); - // Envoi du mail + // Sending the email $result = $mail->sendfile(); if (!$result) { @@ -533,21 +534,21 @@ if (empty($reshook)) { $error++; } - // Si pas d'erreur SQL on redirige vers la fiche de la demande + // If no SQL error, we redirect to the request form if (!$error) { // Calculcate number of days consummed $nbopenedday = num_open_day($object->date_debut_gmt, $object->date_fin_gmt, 0, 1, $object->halfday); $soldeActuel = $object->getCpforUser($object->fk_user, $object->fk_type); $newSolde = ($soldeActuel - $nbopenedday); - // On ajoute la modification dans le LOG + // The modification is added to the LOG $result = $object->addLogCP($user->id, $object->fk_user, $langs->transnoentitiesnoconv("Holidays"), $newSolde, $object->fk_type); if ($result < 0) { $error++; setEventMessages(null, $object->errors, 'errors'); } - //Update balance + // Update balance $result = $object->updateSoldeCP($object->fk_user, $newSolde, $object->fk_type); if ($result < 0) { $error++; @@ -593,7 +594,7 @@ if (empty($reshook)) { $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid); - // Envoi du mail + // Sending email $result = $mail->sendfile(); if (!$result) { @@ -619,7 +620,7 @@ if (empty($reshook)) { if (!empty($_POST['detail_refuse'])) { $object->fetch($id); - // Si statut en attente de validation et valideur = utilisateur + // If status pending validation and validator = user if ($object->statut == Holiday::STATUS_VALIDATED && $user->id == $object->fk_validator) { $object->date_refuse = dol_print_date('dayhour', dol_now()); $object->fk_user_refuse = $user->id; @@ -634,7 +635,7 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); } - // Si pas d'erreur SQL on redirige vers la fiche de la demande + // If no SQL error, we redirect to the request form if (!$error) { // To $destinataire = new User($db); @@ -674,7 +675,7 @@ if (empty($reshook)) { $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid); - // Envoi du mail + // sending email $result = $mail->sendfile(); if (!$result) { @@ -703,7 +704,7 @@ if (empty($reshook)) { } - // Si Validation de la demande + // If the request is validated if ($action == 'confirm_draft' && GETPOST('confirm') == 'yes') { $error = 0; @@ -728,13 +729,13 @@ if (empty($reshook)) { } } - // Si confirmation of cancellation + // If confirmation of cancellation if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes') { $error = 0; $object->fetch($id); - // Si statut en attente de validation et valideur = valideur ou utilisateur, ou droits de faire pour les autres + // If status pending validation and validator = validator or user, or rights to do for others if (($object->statut == Holiday::STATUS_VALIDATED || $object->statut == Holiday::STATUS_APPROVED) && ($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance)))) { $db->begin(); @@ -753,10 +754,10 @@ if (empty($reshook)) { $soldeActuel = $object->getCpforUser($object->fk_user, $object->fk_type); $newSolde = ($soldeActuel + $nbopenedday); - // On ajoute la modification dans le LOG + // The modification is added to the LOG $result1 = $object->addLogCP($user->id, $object->fk_user, $langs->transnoentitiesnoconv("HolidaysCancelation"), $newSolde, $object->fk_type); - // Mise à jour du solde + // Update of the balance $result2 = $object->updateSoldeCP($object->fk_user, $newSolde, $object->fk_type); if ($result1 < 0 || $result2 < 0) { @@ -771,7 +772,7 @@ if (empty($reshook)) { $db->rollback(); } - // Si pas d'erreur SQL on redirige vers la fiche de la demande + // If no SQL error, we redirect to the request form if (!$error && $result > 0) { // To $destinataire = new User($db); @@ -811,7 +812,7 @@ if (empty($reshook)) { $mail = new CMailFile($subject, $emailTo, $emailFrom, $message, array(), array(), array(), '', '', 0, 0, '', '', $trackid); - // Envoi du mail + // sending email $result = $mail->sendfile(); if (!$result) { @@ -853,7 +854,9 @@ $object = new Holiday($db); $listhalfday = array('morning'=>$langs->trans("Morning"), "afternoon"=>$langs->trans("Afternoon")); -llxHeader('', $langs->trans('CPTitreMenu')); +$help_url = 'EN:Module_Holiday'; + +llxHeader('', $langs->trans('CPTitreMenu'), $help_url); if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') { // If user has no permission to create a leave From 432131ddc7cbfb5834f3d35722e1905819ea0323 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 18:21:07 +0100 Subject: [PATCH 09/85] fix php8 warning --- htdocs/contrat/class/contrat.class.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 36a97be3b27..02929f281a8 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -9,7 +9,7 @@ * Copyright (C) 2013 Florian Henry * Copyright (C) 2014-2015 Marcos García * Copyright (C) 2018 Nicolas ZABOURI - * Copyright (C) 2018-2020 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2015-2018 Ferran Marcet * * This program is free software; you can redistribute it and/or modify @@ -2001,7 +2001,8 @@ class Contrat extends CommonObject $label .= ' '.$this->getLibStatut(5); }*/ $label .= '
'.$langs->trans('Ref').': '.($this->ref ? $this->ref : $this->id); - $label .= '
'.$langs->trans('RefCustomer').': '.($this->ref_customer ? $this->ref_customer : $this->ref_client); + $ref_customer = (!empty($this->ref_customer) ? $this->ref_customer : (empty($this->ref_client) ? '' : $this->ref_client)); + $label .= '
'.$langs->trans('RefCustomer').': '.$ref_customer; $label .= '
'.$langs->trans('RefSupplier').': '.$this->ref_supplier; if (!empty($this->total_ht)) { $label .= '
'.$langs->trans('AmountHT').': '.price($this->total_ht, 0, $langs, 0, -1, -1, $conf->currency); From 340f67fce890aae455fa53c037dd08b64bfed078 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 18:23:44 +0100 Subject: [PATCH 10/85] fix php8 warning --- htdocs/accountancy/journal/sellsjournal.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/accountancy/journal/sellsjournal.php b/htdocs/accountancy/journal/sellsjournal.php index 16209e1a241..03cd3a32c3f 100644 --- a/htdocs/accountancy/journal/sellsjournal.php +++ b/htdocs/accountancy/journal/sellsjournal.php @@ -8,7 +8,7 @@ * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2013-2016 Olivier Geffroy * Copyright (C) 2014 Raphaël Doursenaud - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -656,7 +656,7 @@ if (empty($action) || $action == 'view') { $periodlink = ''; $exportlink = ''; $builddate = dol_now(); - $description .= $langs->trans("DescJournalOnlyBindedVisible").'
'; + $description = $langs->trans("DescJournalOnlyBindedVisible").'
'; if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { $description .= $langs->trans("DepositsAreNotIncluded"); } else { From e33c035218ecfcacd62a4a7c46cb31022ddc5787 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Wed, 17 Mar 2021 18:27:20 +0100 Subject: [PATCH 11/85] Update llx_20_c_departements.sql --- .../mysql/data/llx_20_c_departements.sql | 27 ++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/htdocs/install/mysql/data/llx_20_c_departements.sql b/htdocs/install/mysql/data/llx_20_c_departements.sql index 1c38927d2bf..acd9f0532b5 100644 --- a/htdocs/install/mysql/data/llx_20_c_departements.sql +++ b/htdocs/install/mysql/data/llx_20_c_departements.sql @@ -30,13 +30,13 @@ -- Do not concatenate the values in a single query, for the same reason. -- --- Departements/Cantons/Provinces +-- Departements/Cantons/Provinces/States -- insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 0, '0', '0',0,'-','-'); --- Andorra Provinces (rowid country=34) +-- Andorra Parròquies (id country=34) INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (34000, 'AD-002', 'AD100', NULL, NULL, 'Canillo'); INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (34000, 'AD-003', 'AD200', NULL, NULL, 'Encamp'); INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (34000, 'AD-004', 'AD400', NULL, NULL, 'La Massana'); @@ -45,6 +45,19 @@ INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (34000, 'AD-007', 'AD500', NULL, NULL, 'Andorra la Vella'); INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (34000, 'AD-008', 'AD700', NULL, NULL, 'Escaldes-Engordany'); + +-- Austria States (Bundesländer) (id country=41) +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'B','BURGENLAND','Burgenland',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'K','KAERNTEN','Kärnten',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'N','NIEDEROESTERREICH','Niederösterreich',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'O','OBEROESTERREICH','Oberösterreich',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'S','SALZBURG','Salzburg',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'ST','STEIERMARK','Steiermark',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'T','TIROL','Tirol',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'V','VORARLBERG','Vorarlberg',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'W','WIEN','Wien',1); + + -- Departements France (id country=1) insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 1,'971','97105',3,'GUADELOUPE','Guadeloupe'); insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 2,'972','97209',3,'MARTINIQUE','Martinique'); @@ -149,16 +162,6 @@ insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,no insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (11,'94','94028',2,'VAL-DE-MARNE','Val-de-Marne'); insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (11,'95','95500',2,'VAL-D OISE','Val-d Oise'); --- Provinces Austria (id country=41) -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'B','BURGENLAND','Burgenland',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'K','KAERNTEN','Kärnten',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'N','NIEDEROESTERREICH','Niederösterreich',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'O','OBEROESTERREICH','Oberösterreich',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'S','SALZBURG','Salzburg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'ST','STEIERMARK','Steiermark',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'T','TIROL','Tirol',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'V','VORARLBERG','Vorarlberg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'W','WIEN','Wien',1); -- Provinces Belgium (id country=2) insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (201,'01','',1,'ANVERS','Anvers'); From efaa2be3b81a7504e271b6b4e8c74ba413ca3453 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 18:38:24 +0100 Subject: [PATCH 12/85] fix php8 warnings --- htdocs/core/photos_resize.php | 2 +- htdocs/projet/stats/index.php | 21 +++++++++++---------- htdocs/projet/tasks/stats/index.php | 12 ++++++------ 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/htdocs/core/photos_resize.php b/htdocs/core/photos_resize.php index 008e524f299..f03436c0043 100644 --- a/htdocs/core/photos_resize.php +++ b/htdocs/core/photos_resize.php @@ -142,7 +142,7 @@ if ($modulepart == 'produit' || $modulepart == 'product' || $modulepart == 'serv if ($result <= 0) { dol_print_error($db, 'Failed to load object'); } - $dir = $conf->project->multidir_output[$object->entity]; // By default + $dir = $conf->projet->multidir_output[$object->entity]; // By default } } elseif ($modulepart == 'propal') { require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; diff --git a/htdocs/projet/stats/index.php b/htdocs/projet/stats/index.php index f25e78bceda..afbc4f7c55b 100644 --- a/htdocs/projet/stats/index.php +++ b/htdocs/projet/stats/index.php @@ -99,7 +99,7 @@ if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) $data1 = array(array(0=>$langs->trans("None"), 1=>1)); } - $filenamenb = $conf->project->dir_output."/stats/projectbystatus.png"; + $filenamenb = $conf->projet->dir_output."/stats/projectbystatus.png"; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=projectstats&file=projectbystatus.png'; $px = new DolGraph(); $mesg = $px->isGraphKo(); @@ -150,7 +150,7 @@ if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) $data = $stats_project->getNbByMonthWithPrevYear($endyear, $startyear); //var_dump($data); -$filenamenb = $conf->project->dir_output."/stats/projectnbprevyear-".$year.".png"; +$filenamenb = $conf->projet->dir_output."/stats/projectnbprevyear-".$year.".png"; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=projectstats&file=projectnbprevyear-'.$year.'.png'; $px1 = new DolGraph(); @@ -182,7 +182,7 @@ if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) { //var_dump($data); // $data = array(array('Lib',val1,val2,val3),...) - $filenamenb = $conf->project->dir_output."/stats/projectamountprevyear-".$year.".png"; + $filenamenb = $conf->projet->dir_output."/stats/projectamountprevyear-".$year.".png"; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=projectstats&file=projectamountprevyear-'.$year.'.png'; $px2 = new DolGraph(); @@ -217,14 +217,15 @@ if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) { //var_dump($data); // $data = array(array('Lib',val1,val2,val3),...) - $filenamenb = $conf->project->dir_output."/stats/projecttransrateprevyear-".$year.".png"; + $filenamenb = $conf->projet->dir_output."/stats/projecttransrateprevyear-".$year.".png"; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=projectstats&file=projecttransrateprevyear-'.$year.'.png'; $px3 = new DolGraph(); $mesg = $px3->isGraphKo(); if (!$mesg) { $px3->SetData($data); - $i = $startyear; $legend = array(); + $i = $startyear; + $legend = array(); while ($i <= $endyear) { $legend[] = $i; $i++; @@ -268,7 +269,7 @@ $head[$h][1] = $langs->trans("ByMonthYear"); $head[$h][2] = 'byyear'; $h++; -complete_head_from_modules($conf, $langs, null, $head, $h, $type); +complete_head_from_modules($conf, $langs, null, $head, $h, 'projet_stats'); print dol_get_fiche_head($head, 'byyear', $langs->trans("Statistics"), -1, ''); @@ -337,9 +338,9 @@ foreach ($data_all_year as $val) { print ' 0 ? '&userid='.$userid : '').'">'.$year.''; print ''.$val['nb'].''; if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) { - print ''.($val['total'] ?price(price2num($val['total'], 'MT'), 1) : '0').''; - print ''.($val['avg'] ?price(price2num($val['avg'], 'MT'), 1) : '0').''; - print ''.($val['weighted'] ?price(price2num($val['weighted'], 'MT'), 1) : '0').''; + print ''.($val['total'] ? price(price2num($val['total'], 'MT'), 1) : '0').''; + print ''.($val['avg'] ? price(price2num($val['avg'], 'MT'), 1) : '0').''; + print ''.(isset($val['weighted']) ? price(price2num($val['weighted'], 'MT'), 1) : '0').''; } print ''; $oldyear = $year; @@ -350,7 +351,7 @@ print ''; print '
'; -$stringtoshow .= ''; } diff --git a/htdocs/recruitment/recruitmentjobposition_card.php b/htdocs/recruitment/recruitmentjobposition_card.php index 26d1578b24c..2b832b3b467 100644 --- a/htdocs/recruitment/recruitmentjobposition_card.php +++ b/htdocs/recruitment/recruitmentjobposition_card.php @@ -548,9 +548,9 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea /* if ($permissiontoadd) { if ($object->status == $object::STATUS_ENABLED) { - print ''.$langs->trans("Disable").''."\n"; + print ''.$langs->trans("Disable").''."\n"; } else { - print ''.$langs->trans("Enable").''."\n"; + print ''.$langs->trans("Enable").''."\n"; } }*/ if ($permissiontoadd) { diff --git a/htdocs/user/card.php b/htdocs/user/card.php index a72dde04fb1..d4373812f61 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1821,12 +1821,12 @@ if ($action == 'create' || $action == 'adduserldap') { // Enable user if ($user->id <> $id && $candisableuser && $object->statut == 0 && ((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) { - print '
'.$langs->trans("Reactivate").'
'; + print '
'.$langs->trans("Reactivate").'
'; } // Disable user if ($user->id <> $id && $candisableuser && $object->statut == 1 && ((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) { - print '
'.$langs->trans("DisableUser").'
'; + print '
'.$langs->trans("DisableUser").'
'; } else { if ($user->id == $id) { print '
'.$langs->trans("DisableUser").'
'; @@ -1836,7 +1836,7 @@ if ($action == 'create' || $action == 'adduserldap') { if ($user->id <> $id && $candisableuser && ((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) { if ($user->admin || !$object->admin) { // If user edited is admin, delete is possible on for an admin - print '
'.$langs->trans("DeleteUser").'
'; + print '
'.$langs->trans("DeleteUser").'
'; } else { print '
'.$langs->trans("DeleteUser").'
'; } diff --git a/htdocs/website/websiteaccount_card.php b/htdocs/website/websiteaccount_card.php index e63c3cb8fef..957173335c0 100644 --- a/htdocs/website/websiteaccount_card.php +++ b/htdocs/website/websiteaccount_card.php @@ -332,17 +332,17 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea { if ($object->status == 1) { - print '
'.$langs->trans("Disable").'
'."\n"; + print '
'.$langs->trans("Disable").'
'."\n"; } else { - print '
'.$langs->trans("Enable").'
'."\n"; + print '
'.$langs->trans("Enable").'
'."\n"; } } */ if ($user->rights->website->delete) { - print '
'.$langs->trans('Delete').'
'."\n"; + print '
'.$langs->trans('Delete').'
'."\n"; } } print ''."\n"; diff --git a/htdocs/workstation/workstation_card.php b/htdocs/workstation/workstation_card.php index c15053bad5e..61686423d4c 100755 --- a/htdocs/workstation/workstation_card.php +++ b/htdocs/workstation/workstation_card.php @@ -469,16 +469,16 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if ($permissiontoadd) { if ($object->status == $object::STATUS_ENABLED) { - print ''.$langs->trans("Disable").''."\n"; + print ''.$langs->trans("Disable").''."\n"; } else { - print ''.$langs->trans("Enable").''."\n"; + print ''.$langs->trans("Enable").''."\n"; } } // Delete (need delete permission, or if draft, just need create/modify permission) if ($permissiontodelete) { - print ''.$langs->trans('Delete').''."\n"; + print ''.$langs->trans('Delete').''."\n"; } else { print ''.$langs->trans('Delete').''."\n"; } diff --git a/htdocs/zapier/hook_card.php b/htdocs/zapier/hook_card.php index 455efc95cc9..f57f8873aba 100644 --- a/htdocs/zapier/hook_card.php +++ b/htdocs/zapier/hook_card.php @@ -351,11 +351,11 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea { if ($object->status == 1) { - print ''.$langs->trans("Disable").''."\n"; + print ''.$langs->trans("Disable").''."\n"; } else { - print ''.$langs->trans("Enable").''."\n"; + print ''.$langs->trans("Enable").''."\n"; } } */ From 14611f3f7aa2be01b77c84aa46e9cbc6d02ff7dd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 12:49:28 +0100 Subject: [PATCH 73/85] More complete protection for doprev donext, dvprev, dvnext action. --- htdocs/main.inc.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 108a25e1877..019e30dca25 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -436,6 +436,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl 'activate', 'add', 'addtimespent', 'update', 'install', 'confirm_create_user', 'confirm_create_thirdparty', 'confirm_reject_check', 'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'disable', + 'doprev', 'donext', 'dvprev', 'dvnext', 'enable' ); $sensitiveget = false; From 5a4ffc18b9e4616bea8176aa216ea07a232f85b2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 13:02:55 +0100 Subject: [PATCH 74/85] FIx #yogosha5667 --- htdocs/adherents/cartes/carte.php | 3 +++ htdocs/adherents/list.php | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/htdocs/adherents/cartes/carte.php b/htdocs/adherents/cartes/carte.php index 9d403d88320..be9c654941a 100644 --- a/htdocs/adherents/cartes/carte.php +++ b/htdocs/adherents/cartes/carte.php @@ -50,6 +50,9 @@ $extrafields = new ExtraFields($db); // Fetch optionals attributes and labels $extrafields->fetch_name_optionals_label($object->table_element); +// Security check +$result = restrictedArea($user, 'adherent'); + /* * Actions diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index c37e9e325cf..cebd634fa56 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -41,9 +41,6 @@ $confirm = GETPOST('confirm', 'alpha'); $toselect = GETPOST('toselect', 'array'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'memberslist'; // To manage different context of search -// Security check -$result = restrictedArea($user, 'adherent'); - $search = GETPOST("search", 'alpha'); $search_ref = GETPOST("search_ref", 'alpha'); $search_lastname = GETPOST("search_lastname", 'alpha'); @@ -162,6 +159,9 @@ $arrayfields = array( // Extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; +// Security check +$result = restrictedArea($user, 'adherent'); + /* * Actions From aef2f1713e7e96a2066ff4ab3519b24a06153af9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 13:25:58 +0100 Subject: [PATCH 75/85] FIX #yogosha5673 --- htdocs/admin/mails_senderprofile_list.php | 32 ++++++++++--------- htdocs/admin/mails_ticket.php | 8 ++--- .../core/class/emailsenderprofile.class.php | 2 +- 3 files changed, 22 insertions(+), 20 deletions(-) diff --git a/htdocs/admin/mails_senderprofile_list.php b/htdocs/admin/mails_senderprofile_list.php index 9f766d76266..a24033637d1 100644 --- a/htdocs/admin/mails_senderprofile_list.php +++ b/htdocs/admin/mails_senderprofile_list.php @@ -76,14 +76,6 @@ if (!$sortorder) { $sortorder = "ASC"; } -// Security check -$socid = 0; -if ($user->socid > 0) { // Protection if external user - //$socid = $user->socid; - accessforbidden(); -} -//$result = restrictedArea($user, 'mymodule', $id, ''); - // Initialize array of search criterias $search_all = GETPOST("search_all", 'alpha'); $search = array(); @@ -133,6 +125,19 @@ if ($id > 0) { $object->fetch($id); } +// Security check +$socid = 0; +if ($user->socid > 0) { // Protection if external user + //$socid = $user->socid; + accessforbidden(); +} +// A non admin user can see profiles but limited to its own user +if (!$user->admin) { + if ($object->private != $user->id) { + accessforbidden(); + } +} + /* * Actions @@ -261,6 +266,10 @@ foreach ($search as $key => $val) { if ($search_all) { $sql .= natural_search(array_keys($fieldstosearchall), $search_all); } +// If non admin, restrict list to itself +if (empty($user->admin)) { + $sql .= " AND private = ".((int) $user->id); +} //$sql.= dolSqlDateFilter("t.field", $search_xxxday, $search_xxxmonth, $search_xxxyear); // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; @@ -315,13 +324,6 @@ if (is_numeric($nbtotalofrecords) && ($limit > $nbtotalofrecords || empty($limit $num = $db->num_rows($resql); } -// Direct jump if only one record found -if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $search_all && !$page) { - $obj = $db->fetch_object($resql); - $id = $obj->rowid; - header("Location: ".DOL_URL_ROOT.'/monmodule/emailsenderprofile_card.php?id='.$id); - exit; -} // Output page // -------------------------------------------------------------------- diff --git a/htdocs/admin/mails_ticket.php b/htdocs/admin/mails_ticket.php index 1d3faf71f1b..14960db11d7 100644 --- a/htdocs/admin/mails_ticket.php +++ b/htdocs/admin/mails_ticket.php @@ -32,10 +32,6 @@ $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'err $action = GETPOST('action', 'aZ09'); -if (!$user->admin) { - accessforbidden(); -} - $usersignature = $user->signature; // For action = test or send, we ensure that content is not html, even for signature, because this we want a test with NO html. if ($action == 'test' || $action == 'send') { @@ -53,6 +49,10 @@ $substitutionarrayfortest = array( ); complete_substitutions_array($substitutionarrayfortest, $langs); +// Security check +if (!$user->admin) { + accessforbidden(); +} /* diff --git a/htdocs/core/class/emailsenderprofile.class.php b/htdocs/core/class/emailsenderprofile.class.php index d4b9f0bd93e..7b9ee37225e 100644 --- a/htdocs/core/class/emailsenderprofile.class.php +++ b/htdocs/core/class/emailsenderprofile.class.php @@ -54,7 +54,7 @@ class EmailSenderProfile extends CommonObject /** * @var string String with name of icon for emailsenderprofile */ - public $picto = 'emailsenderprofile@monmodule'; + public $picto = 'emailsenderprofile'; const STATUS_DISABLED = 0; From ff7f1feaae6c808283d938f9363df9dbad177011 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 13:28:04 +0100 Subject: [PATCH 76/85] Fix test on perm --- htdocs/admin/mails_senderprofile_list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/mails_senderprofile_list.php b/htdocs/admin/mails_senderprofile_list.php index a24033637d1..4eeeb21c8ae 100644 --- a/htdocs/admin/mails_senderprofile_list.php +++ b/htdocs/admin/mails_senderprofile_list.php @@ -133,7 +133,7 @@ if ($user->socid > 0) { // Protection if external user } // A non admin user can see profiles but limited to its own user if (!$user->admin) { - if ($object->private != $user->id) { + if ($object->id > 0 && $object->private != $user->id) { accessforbidden(); } } From 8462c4d3d349fc7d22fabf58b3dbce64ccd0855e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 13:37:43 +0100 Subject: [PATCH 77/85] Clean menu --- htdocs/admin/mails_senderprofile_list.php | 15 --------------- htdocs/core/lib/admin.lib.php | 3 ++- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/htdocs/admin/mails_senderprofile_list.php b/htdocs/admin/mails_senderprofile_list.php index 4eeeb21c8ae..8f781318995 100644 --- a/htdocs/admin/mails_senderprofile_list.php +++ b/htdocs/admin/mails_senderprofile_list.php @@ -328,21 +328,6 @@ if (is_numeric($nbtotalofrecords) && ($limit > $nbtotalofrecords || empty($limit // Output page // -------------------------------------------------------------------- -// Example : Adding jquery code -print ''; - $arrayofselected = is_array($toselect) ? $toselect : array(); $param = ''; diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 759b97aaedb..6715ded36fa 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -1886,7 +1886,8 @@ function email_admin_prepare_head() } } - if (!empty($user->admin) && (empty($_SESSION['leftmenu']) || $_SESSION['leftmenu'] != 'email_templates')) { + // admin and non admin can view this menu entry, but it is not shown yet when we on user menu "Email templates" + if (empty($_SESSION['leftmenu']) || $_SESSION['leftmenu'] != 'email_templates') { $head[$h][0] = DOL_URL_ROOT."/admin/mails_senderprofile_list.php"; $head[$h][1] = $langs->trans("EmailSenderProfiles"); $head[$h][2] = 'senderprofiles'; From ae7261c0a7b8f53f53e5e5294e27152b1a5cba0c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 14:12:08 +0100 Subject: [PATCH 78/85] FIX #yogosha5677 --- htdocs/compta/accounting-files.php | 56 +++++++++++++++++------------- 1 file changed, 32 insertions(+), 24 deletions(-) diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index 596abdf0e97..fed0e025f4c 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -34,6 +34,7 @@ if ((array_key_exists('action', $_GET) && $_GET['action'] == 'dl') || (array_key require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; require_once DOL_DOCUMENT_ROOT.'/salaries/class/paymentsalary.class.php'; @@ -56,13 +57,12 @@ $date_start = GETPOST('date_start', 'alpha'); $date_startDay = GETPOST('date_startday', 'int'); $date_startMonth = GETPOST('date_startmonth', 'int'); $date_startYear = GETPOST('date_startyear', 'int'); -$date_start = ($date_startDay) ?dol_mktime(0, 0, 0, $date_startMonth, $date_startDay, $date_startYear) : strtotime($date_start); +$date_start = ($date_startDay ? dol_mktime(0, 0, 0, $date_startMonth, $date_startDay, $date_startYear, 'tzuserrel') : dol_stringtotime($date_start)); $date_stop = GETPOST('date_stop', 'alpha'); $date_stopDay = GETPOST('date_stopday', 'int'); $date_stopMonth = GETPOST('date_stopmonth', 'int'); $date_stopYear = GETPOST('date_stopyear', 'int'); -//FIXME doldate -$date_stop = ($date_stopDay) ?dol_mktime(23, 59, 59, $date_stopMonth, $date_stopDay, $date_stopYear) : strtotime($date_stop); +$date_stop = ($date_stopDay ? dol_mktime(23, 59, 59, $date_stopMonth, $date_stopDay, $date_stopYear, 'tzuserrel') : dol_stringtotime($date_stop)); $action = GETPOST('action', 'aZ09'); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context @@ -126,6 +126,17 @@ if (empty($entity)) { $error = 0; +$listofchoices = array( + 'selectinvoices'=>array('label'=>'Invoices', 'lang'=>'bills', 'enabled' => !empty($conf->facture->enabled), 'perms' => !empty($user->rights->facture->lire)), + 'selectsupplierinvoices'=>array('label'=>'BillsSuppliers', 'lang'=>'bills', 'enabled' => !empty($conf->supplier_invoice->enabled), 'perms' => !empty($user->rights->fournisseur->facture->lire)), + 'selectexpensereports'=>array('label'=>'ExpenseReports', 'lang'=>'trips', 'enabled' => !empty($conf->expensereport->enabled), 'perms' => !empty($user->rights->expensereport->lire)), + 'selectdonations'=>array('label'=>'Donations', 'lang'=>'donation', 'enabled' => !empty($conf->don->enabled), 'perms' => !empty($user->rights->don->lire)), + 'selectsocialcontributions'=>array('label'=>'SocialContributions', 'enabled' => !empty($conf->tax->enabled), 'perms' => !empty($user->rights->tax->charges->lire)), + 'selectpaymentsofsalaries'=>array('label'=>'SalariesPayments', 'lang'=>'salaries', 'enabled' => !empty($conf->salaries->enabled), 'perms' => !empty($user->rights->salaries->read)), + 'selectvariouspayment'=>array('label'=>'VariousPayment', 'enabled' => !empty($conf->banque->enabled), 'perms' => !empty($user->rights->banque->lire)), + 'selectloanspayment'=>array('label'=>'PaymentLoan', 'enabled' => !empty($conf->loan->enabled), 'perms' => !empty($user->rights->loan->read)), +); + /* @@ -155,7 +166,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $wheretail = " '".$db->idate($date_start)."' AND '".$db->idate($date_stop)."'"; // Customer invoices - if (GETPOST('selectinvoices')) { + if (GETPOST('selectinvoices') && !empty($listofchoices['selectinvoices']['perms'])) { if (!empty($sql)) { $sql .= " UNION ALL"; } @@ -166,7 +177,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " AND t.fk_statut <> ".Facture::STATUS_DRAFT; } // Vendor invoices - if (GETPOST('selectsupplierinvoices')) { + if (GETPOST('selectsupplierinvoices') && !empty($listofchoices['selectsupplierinvoices']['perms'])) { if (!empty($sql)) { $sql .= " UNION ALL"; } @@ -177,7 +188,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " AND t.fk_statut <> ".FactureFournisseur::STATUS_DRAFT; } // Expense reports - if (GETPOST('selectexpensereports')) { + if (GETPOST('selectexpensereports') && !empty($listofchoices['selectexpensereports']['perms'])) { if (!empty($sql)) { $sql .= " UNION ALL"; } @@ -188,7 +199,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " AND t.fk_statut <> ".ExpenseReport::STATUS_DRAFT; } // Donations - if (GETPOST('selectdonations')) { + if (GETPOST('selectdonations') && !empty($listofchoices['selectdonations']['perms'])) { if (!empty($sql)) { $sql .= " UNION ALL"; } @@ -199,7 +210,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " AND t.fk_statut <> ".Don::STATUS_DRAFT; } // Payments of salaries - if (GETPOST('selectpaymentsofsalaries')) { + if (GETPOST('selectpaymentsofsalaries') && !empty($listofchoices['selectpaymentsofsalaries']['perms'])) { if (!empty($sql)) { $sql .= " UNION ALL"; } @@ -210,7 +221,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { //$sql.=" AND fk_statut <> ".PaymentSalary::STATUS_DRAFT; } // Social contributions - if (GETPOST('selectsocialcontributions')) { + if (GETPOST('selectsocialcontributions') && !empty($listofchoices['selectsocialcontributions']['perms'])) { if (!empty($sql)) { $sql .= " UNION ALL"; } @@ -221,7 +232,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { //$sql.=" AND fk_statut <> ".ChargeSociales::STATUS_DRAFT; } // Various payments - if (GETPOST('selectvariouspayment')) { + if (GETPOST('selectvariouspayment') && !empty($listofchoices['selectvariouspayment']['perms'])) { if (!empty($sql)) { $sql .= " UNION ALL"; } @@ -231,7 +242,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')'; } // Loan payments - if (GETPOST('selectloanspayment')) { + if (GETPOST('selectloanspayment') && !empty($listofchoices['selectloanspayment']['perms'])) { if (!empty($sql)) { $sql .= " UNION ALL"; } @@ -539,8 +550,11 @@ print ''; print ''.$langs->trans("ExportAccountingSourceDocHelp", $langs->transnoentitiesnoconv("Accounting"), $langs->transnoentitiesnoconv("Journals")).'
'; print '
'; -print $langs->trans("ReportPeriod").': '.$form->selectDate($date_start, 'date_start', 0, 0, 0, "", 1, 1, 0); -print ' - '.$form->selectDate($date_stop, 'date_stop', 0, 0, 0, "", 1, 1, 0)."\n"; +print $langs->trans("ReportPeriod").': '; +print $form->selectDate($date_start, 'date_start', 0, 0, 0, "", 1, 1, 0, '', '', '', '', 1, '', '', 'tzuserrel'); +print ' - '; +print $form->selectDate($date_stop, 'date_stop', 0, 0, 0, "", 1, 1, 0, '', '', '', '', 1, '', '', 'tzuserrel'); +print "\n"; // Export is for current company only if (!empty($conf->multicompany->enabled) && is_object($mc)) { @@ -558,22 +572,16 @@ if (!empty($conf->multicompany->enabled) && is_object($mc)) { print '
'; -$listofchoices = array( - 'selectinvoices'=>array('label'=>'Invoices', 'lang'=>'bills', 'enabled' => !empty($conf->facture->enabled)), - 'selectsupplierinvoices'=>array('label'=>'BillsSuppliers', 'lang'=>'bills', 'enabled' => !empty($conf->supplier_invoice->enabled)), - 'selectexpensereports'=>array('label'=>'ExpenseReports', 'lang'=>'trips', 'enabled' => !empty($conf->expensereport->enabled)), - 'selectdonations'=>array('label'=>'Donations', 'lang'=>'donation', 'enabled' => !empty($conf->don->enabled)), - 'selectsocialcontributions'=>array('label'=>'SocialContributions', 'enabled' => !empty($conf->tax->enabled)), - 'selectpaymentsofsalaries'=>array('label'=>'SalariesPayments', 'lang'=>'salaries', 'enabled' => !empty($conf->salaries->enabled)), - 'selectvariouspayment'=>array('label'=>'VariousPayment', 'enabled' => !empty($conf->banque->enabled)), - 'selectloanspayment'=>array('label'=>'PaymentLoan', 'enabled' => !empty($conf->loan->enabled)), -); foreach ($listofchoices as $choice => $val) { if (empty($val['enabled'])) { continue; // list not qualified } + $disabled = ''; + if (empty($val['perms'])) { + $disabled = ' disabled'; + } $checked = (((!GETPOSTISSET('search') && $action != 'searchfiles') || GETPOST($choice)) ? ' checked="checked"' : ''); - print '
'; + print '
'; } print ''; From 1540f62df065c45dab4b977b6bde29e22cd12e64 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 14:25:59 +0100 Subject: [PATCH 79/85] FIX #yogosha5678 --- htdocs/bom/bom_list.php | 19 +++---- .../conferenceorbooth_agenda.php | 11 ++-- .../conferenceorbooth_card.php | 7 +-- .../conferenceorbooth_contact.php | 15 +++--- .../conferenceorbooth_document.php | 11 ++-- .../conferenceorbooth_list.php | 9 +--- .../conferenceorbooth_note.php | 6 +++ .../eventorganizationindex.php | 53 ++++--------------- htdocs/intracommreport/list.php | 11 +++- .../modulebuilder/template/myobject_list.php | 2 +- htdocs/mrp/mo_list.php | 19 +++---- htdocs/product/list.php | 17 +++--- 12 files changed, 75 insertions(+), 105 deletions(-) diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php index eb1852699c0..62fb6002760 100644 --- a/htdocs/bom/bom_list.php +++ b/htdocs/bom/bom_list.php @@ -76,18 +76,6 @@ if (!$sortorder) { $sortorder = "ASC"; } -// Security check -if (empty($conf->bom->enabled)) { - accessforbidden('Module not enabled'); -} -$socid = 0; -if ($user->socid > 0) { - // Protection if external user - //$socid = $user->socid; - accessforbidden(); -} -//$result = restrictedArea($user, 'bom', $id, ''); - // Initialize array of search criterias $search_all = GETPOST("search_all", 'alpha'); $search = array(); @@ -133,6 +121,13 @@ $permissiontoread = $user->rights->bom->read; $permissiontoadd = $user->rights->bom->write; $permissiontodelete = $user->rights->bom->delete; +// Security check +if ($user->socid > 0) { + // Protection if external user + accessforbidden(); +} +$result = restrictedArea($user, 'bom'); + /* * Actions diff --git a/htdocs/eventorganization/conferenceorbooth_agenda.php b/htdocs/eventorganization/conferenceorbooth_agenda.php index 54a3e5b9a4c..bd50df31a91 100644 --- a/htdocs/eventorganization/conferenceorbooth_agenda.php +++ b/htdocs/eventorganization/conferenceorbooth_agenda.php @@ -132,14 +132,17 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->eventorganization->multidir_output[$object->entity]."/".$object->id; } -// Security check - Protection if external user -//if ($user->socid > 0) accessforbidden(); -//if ($user->socid > 0) $socid = $user->socid; -//$result = restrictedArea($user, 'eventorganization', $object->id); +// Security check +if ($user->socid > 0) { + accessforbidden(); +} +$isdraft = (($object->status== $object::STATUS_DRAFT) ? 1 : 0); +$result = restrictedArea($user, 'eventorganization', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); $permissiontoadd = $user->rights->eventorganization->conferenceorbooth->write; // Used by the include of actions_addupdatedelete.inc.php + /* * Actions */ diff --git a/htdocs/eventorganization/conferenceorbooth_card.php b/htdocs/eventorganization/conferenceorbooth_card.php index e27e909d071..6f223821bd3 100644 --- a/htdocs/eventorganization/conferenceorbooth_card.php +++ b/htdocs/eventorganization/conferenceorbooth_card.php @@ -85,14 +85,11 @@ $permissionnote = $user->rights->eventorganization->write; // Used by the includ $permissiondellink = $user->rights->eventorganization->write; // Used by the include of actions_dellink.inc.php $upload_dir = $conf->eventorganization->multidir_output[isset($object->entity) ? $object->entity : 1]; -// Security check - Protection if external user +// Security check if ($user->socid > 0) { accessforbidden(); } -if ($user->socid > 0) { - $socid = $user->socid; -} -$isdraft = (($object->statut == $object::STATUS_DRAFT) ? 1 : 0); +$isdraft = (($object->status== $object::STATUS_DRAFT) ? 1 : 0); $result = restrictedArea($user, 'eventorganization', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); if (!$permissiontoread) { diff --git a/htdocs/eventorganization/conferenceorbooth_contact.php b/htdocs/eventorganization/conferenceorbooth_contact.php index e29252aef1e..d42cc78adcb 100644 --- a/htdocs/eventorganization/conferenceorbooth_contact.php +++ b/htdocs/eventorganization/conferenceorbooth_contact.php @@ -78,18 +78,21 @@ $extrafields->fetch_name_optionals_label($object->table_element); // Load object include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals -// Security check - Protection if external user -//if ($user->socid > 0) accessforbidden(); -//if ($user->socid > 0) $socid = $user->socid; -//$result = restrictedArea($user, 'eventorganization', $object->id); +// Security check +if ($user->socid > 0) { + accessforbidden(); +} +$isdraft = (($object->status== $object::STATUS_DRAFT) ? 1 : 0); +$result = restrictedArea($user, 'eventorganization', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); $permission = $user->rights->eventorganization->conferenceorbooth->write; + /* - * Add a new contact + * Actions */ -if ($action == 'addcontact' && $permission) { +if ($action == 'addcontact' && $permission) { // Add a new contact $contactid = (GETPOST('userid') ? GETPOST('userid', 'int') : GETPOST('contactid', 'int')); $typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type')); $result = $object->add_contact($contactid, $typeid, GETPOST("source", 'aZ09')); diff --git a/htdocs/eventorganization/conferenceorbooth_document.php b/htdocs/eventorganization/conferenceorbooth_document.php index 7b8094e3034..1f354453fd1 100644 --- a/htdocs/eventorganization/conferenceorbooth_document.php +++ b/htdocs/eventorganization/conferenceorbooth_document.php @@ -124,13 +124,14 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->eventorganization->multidir_output[$object->entity ? $object->entity : $conf->entity]."/conferenceorbooth/".get_exdir(0, 0, 0, 1, $object); } -// Security check - Protection if external user -//if ($user->socid > 0) accessforbidden(); -//if ($user->socid > 0) $socid = $user->socid; -//$result = restrictedArea($user, 'eventorganization', $object->id); - $permissiontoadd = $user->rights->eventorganization->conferenceorbooth->write; // Used by the include of actions_addupdatedelete.inc.php +// Security check +if ($user->socid > 0) { + accessforbidden(); +} +$isdraft = (($object->status== $object::STATUS_DRAFT) ? 1 : 0); +$result = restrictedArea($user, 'eventorganization', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); /* diff --git a/htdocs/eventorganization/conferenceorbooth_list.php b/htdocs/eventorganization/conferenceorbooth_list.php index 6632e8a1f29..f4cda255cdb 100644 --- a/htdocs/eventorganization/conferenceorbooth_list.php +++ b/htdocs/eventorganization/conferenceorbooth_list.php @@ -132,17 +132,12 @@ $permissiontoadd = $user->rights->eventorganization->write; $permissiontodelete = $user->rights->eventorganization->delete; // Security check -if (empty($conf->eventorganization->enabled)) { - accessforbidden('Module not enabled'); -} -$socid = 0; +//$socid = 0; if ($user->socid > 0) { // Protection if external user //$socid = $user->socid; accessforbidden(); } -//$result = restrictedArea($user, 'eventorganization', $id, ''); -//if (!$permissiontoread) accessforbidden(); - +$result = restrictedArea($user, 'eventorganization'); /* diff --git a/htdocs/eventorganization/conferenceorbooth_note.php b/htdocs/eventorganization/conferenceorbooth_note.php index 61c8ba957e6..634877d82fe 100644 --- a/htdocs/eventorganization/conferenceorbooth_note.php +++ b/htdocs/eventorganization/conferenceorbooth_note.php @@ -109,6 +109,12 @@ if ($id > 0 || !empty($ref)) { $permissionnote = $user->rights->eventorganization->conferenceorbooth->write; // Used by the include of actions_setnotes.inc.php $permissiontoadd = $user->rights->eventorganization->conferenceorbooth->write; // Used by the include of actions_addupdatedelete.inc.php +// Security check +if ($user->socid > 0) { + accessforbidden(); +} +$isdraft = (($object->status== $object::STATUS_DRAFT) ? 1 : 0); +$result = restrictedArea($user, 'eventorganization', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); /* diff --git a/htdocs/eventorganization/eventorganizationindex.php b/htdocs/eventorganization/eventorganizationindex.php index 999d85255d0..d5c158ab860 100644 --- a/htdocs/eventorganization/eventorganizationindex.php +++ b/htdocs/eventorganization/eventorganizationindex.php @@ -25,57 +25,26 @@ */ // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} - +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; // Load translation files required by the page -$langs->loadLangs(array("eventorganization@eventorganization")); +$langs->loadLangs(array("eventorganization")); $action = GETPOST('action', 'aZ09'); - -// Security check -// if (! $user->rights->eventorganization->myobject->read) { -// accessforbidden(); -// } -$socid = GETPOST('socid', 'int'); -if (isset($user->socid) && $user->socid > 0) { - $action = ''; - $socid = $user->socid; -} - $max = 5; $now = dol_now(); +// Security check +//$socid = 0; +if ($user->socid > 0) { // Protection if external user + //$socid = $user->socid; + accessforbidden(); +} +$result = restrictedArea($user, 'eventorganization'); + + /* * Actions diff --git a/htdocs/intracommreport/list.php b/htdocs/intracommreport/list.php index e43dc33e700..d3fd0ff2fb1 100644 --- a/htdocs/intracommreport/list.php +++ b/htdocs/intracommreport/list.php @@ -39,8 +39,6 @@ $toselect = GETPOST('toselect', 'array'); $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); $search_ref = GETPOST("search_ref", 'alpha'); $search_type = GETPOST("search_type", 'int'); -$fourn_id = GETPOST("fourn_id", 'int'); -$catid = GETPOST('catid', 'int'); $optioncss = GETPOST('optioncss', 'alpha'); $type = GETPOST("type", "int"); @@ -139,6 +137,14 @@ if (is_array($extrafields->attributes[$object->table_element]['label']) && count $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); +// Security check +if ($search_type == '0') { + $result = restrictedArea($user, 'produit', '', '', '', '', '', 0); +} elseif ($search_type == '1') { + $result = restrictedArea($user, 'service', '', '', '', '', '', 0); +} else { + $result = restrictedArea($user, 'produit|service', '', '', '', '', '', 0); +} /* @@ -192,6 +198,7 @@ if (empty($reshook)) { /* * View */ + $formother = new FormOther($db); $title = $langs->trans('IntracommReportList'.$type); diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index aa616709a7d..47afaa55b55 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -187,7 +187,7 @@ if ($user->socid > 0) { // Protection if external user //$socid = $user->socid; accessforbidden(); } -//$result = restrictedArea($user, 'mymodule', $id, ''); +//$result = restrictedArea($user, 'mymodule'); //if (!$permissiontoread) accessforbidden(); diff --git a/htdocs/mrp/mo_list.php b/htdocs/mrp/mo_list.php index 841dba3ea20..30fe3e8d9fa 100644 --- a/htdocs/mrp/mo_list.php +++ b/htdocs/mrp/mo_list.php @@ -82,18 +82,6 @@ if (!$sortorder) { $sortorder = "ASC"; } -// Security check -if (empty($conf->mrp->enabled)) { - accessforbidden('Module not enabled'); -} -$socid = 0; -if ($user->socid > 0) { // Protection if external user - //$socid = $user->socid; - accessforbidden(); -} -//$result = restrictedArea($user, 'mrp', $id, ''); - - // Initialize array of search criterias $search_all = GETPOST('search_all', 'alphanohtml') ? GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml'); $search = array(); @@ -139,6 +127,13 @@ $permissiontoread = $user->rights->mrp->read; $permissiontoadd = $user->rights->mrp->write; $permissiontodelete = $user->rights->mrp->delete; +// Security check +if ($user->socid > 0) { + // Protection if external user + accessforbidden(); +} +$result = restrictedArea($user, 'mrp'); + /* * Actions diff --git a/htdocs/product/list.php b/htdocs/product/list.php index bd38e41f4dd..4d8f07ab9a5 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -146,15 +146,6 @@ if (!empty($canvas)) { $objcanvas->getCanvas('product', 'list', $canvas); } -// Security check -if ($search_type == '0') { - $result = restrictedArea($user, 'produit', '', '', '', '', '', 0); -} elseif ($search_type == '1') { - $result = restrictedArea($user, 'service', '', '', '', '', '', 0); -} else { - $result = restrictedArea($user, 'produit|service', '', '', '', '', '', 0); -} - // Define virtualdiffersfromphysical $virtualdiffersfromphysical = 0; if (!empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT) @@ -267,6 +258,14 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); +// Security check +if ($search_type == '0') { + $result = restrictedArea($user, 'produit', '', '', '', '', '', 0); +} elseif ($search_type == '1') { + $result = restrictedArea($user, 'service', '', '', '', '', '', 0); +} else { + $result = restrictedArea($user, 'produit|service', '', '', '', '', '', 0); +} /* From 3a9a3b2b3e901abc58b19c35bbd71f66d202abb8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 14:41:57 +0100 Subject: [PATCH 80/85] FIX #yogosha5665 --- htdocs/product/stock/productlot_card.php | 22 ++++++++++++------- htdocs/product/stock/productlot_document.php | 22 +++++++++++++++++++ htdocs/product/stock/productlot_list.php | 23 +++++++++++++++++--- 3 files changed, 56 insertions(+), 11 deletions(-) diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php index 94ecdc8e13a..646f3d322d7 100644 --- a/htdocs/product/stock/productlot_card.php +++ b/htdocs/product/stock/productlot_card.php @@ -92,14 +92,6 @@ if ($id || $ref) { $object->ref = $object->batch; // For document management ( it use $object->ref) } -// Protection if external user -if ($user->socid > 0) { - //accessforbidden(); -} -//$result = restrictedArea($user, 'mymodule', $id); - - - // Initialize technical object to manage hooks of modules. Note that conf->hooks_modules contains array array $hookmanager->initHooks(array('productlotcard', 'globalcard')); @@ -114,7 +106,21 @@ $usercandelete = $user->rights->produit->supprimer; $upload_dir = $conf->productbatch->multidir_output[$conf->entity]; +$permissiontoread = $usercanread; $permissiontoadd = $usercancreate; +//$permissiontodelete = $usercandelete; + +// Security check +if (empty($conf->productbatch->enabled)) { + accessforbidden('Module not enabled'); +} +$socid = 0; +if ($user->socid > 0) { // Protection if external user + //$socid = $user->socid; + accessforbidden(); +} +//$result = restrictedArea($user, 'productbatch'); +if (!$permissiontoread) accessforbidden(); /* diff --git a/htdocs/product/stock/productlot_document.php b/htdocs/product/stock/productlot_document.php index 81f68487cf6..97eaace9ee4 100644 --- a/htdocs/product/stock/productlot_document.php +++ b/htdocs/product/stock/productlot_document.php @@ -90,6 +90,28 @@ if ($id || $ref) { } } +$usercanread = $user->rights->produit->lire; +$usercancreate = $user->rights->produit->creer; +$usercandelete = $user->rights->produit->supprimer; + +$upload_dir = $conf->productbatch->multidir_output[$conf->entity]; + +$permissiontoread = $usercanread; +$permissiontoadd = $usercancreate; +//$permissiontodelete = $usercandelete; + +// Security check +if (empty($conf->productbatch->enabled)) { + accessforbidden('Module not enabled'); +} +$socid = 0; +if ($user->socid > 0) { // Protection if external user + //$socid = $user->socid; + accessforbidden(); +} +//$result = restrictedArea($user, 'productbatch'); +if (!$permissiontoread) accessforbidden(); + /* * Actions diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index e04b3f2e59b..e467aa80d95 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -129,10 +129,27 @@ if (is_array($extrafields->attributes[$object->table_element]['label']) && count $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); -$permissiontoread = $user->rights->stock->lire; -$permissiontoadd = $user->rights->stock->mouvement->creer; -//$permissiontodelete = $user->rights->stock->supprimer; +$usercanread = $user->rights->produit->lire; +$usercancreate = $user->rights->produit->creer; +$usercandelete = $user->rights->produit->supprimer; +$upload_dir = $conf->productbatch->multidir_output[$conf->entity]; + +$permissiontoread = $usercanread; +$permissiontoadd = $usercancreate; +//$permissiontodelete = $usercandelete; + +// Security check +if (empty($conf->productbatch->enabled)) { + accessforbidden('Module not enabled'); +} +$socid = 0; +if ($user->socid > 0) { // Protection if external user + //$socid = $user->socid; + accessforbidden(); +} +//$result = restrictedArea($user, 'productbatch'); +if (!$permissiontoread) accessforbidden(); /* From a3be3dd0e2edaeb8b57d1a16606d446cf1ee68fd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 14:46:30 +0100 Subject: [PATCH 81/85] Responsive --- htdocs/barcode/printsheet.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/barcode/printsheet.php b/htdocs/barcode/printsheet.php index a8033cf1c7a..ff57587d1b4 100644 --- a/htdocs/barcode/printsheet.php +++ b/htdocs/barcode/printsheet.php @@ -286,7 +286,7 @@ print '
'; // Sheet format print '
'; -print '
'; +print '
'; print $langs->trans("DescADHERENT_ETIQUETTE_TYPE").'   '; print '
'; // List of possible labels (defined into $_Avery_Labels variable set into core/lib/format_cards.lib.php) @@ -302,7 +302,7 @@ print '
'; // Number of stickers to print print '
'; -print '
'; +print '
'; print $langs->trans("NumberOfStickers").'   '; print '
'; print ''; From be90f5f2deba04615fd6fef54048d36ce3f7734e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 15:00:22 +0100 Subject: [PATCH 82/85] Fix id of advanced perm --- htdocs/core/modules/modBarcode.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/modules/modBarcode.class.php b/htdocs/core/modules/modBarcode.class.php index 93c67f63b3c..a3e2796aed6 100644 --- a/htdocs/core/modules/modBarcode.class.php +++ b/htdocs/core/modules/modBarcode.class.php @@ -79,13 +79,13 @@ class modBarcode extends DolibarrModules $this->rights = array(); $this->rights_class = 'barcode'; - $this->rights[1][0] = 300; // id de la permission + $this->rights[1][0] = 301; // id de la permission $this->rights[1][1] = 'Read barcodes'; // libelle de la permission $this->rights[1][2] = 'r'; // type de la permission (deprecie a ce jour) $this->rights[1][3] = 1; // La permission est-elle une permission par defaut $this->rights[1][4] = 'lire_advance'; - $this->rights[2][0] = 301; // id de la permission + $this->rights[2][0] = 302; // id de la permission $this->rights[2][1] = 'Create/modify barcodes'; // libelle de la permission $this->rights[2][2] = 'w'; // type de la permission (deprecie a ce jour) $this->rights[2][3] = 0; // La permission est-elle une permission par defaut From 7056cf7614f8a3c621e0b2b11f8e84419f1d9c37 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 15:05:28 +0100 Subject: [PATCH 83/85] FIX #yogosha5675 --- htdocs/user/group/card.php | 15 +++++++-------- htdocs/user/group/list.php | 26 +++++++++++++++----------- htdocs/user/list.php | 8 ++++---- 3 files changed, 26 insertions(+), 23 deletions(-) diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 05945c02855..0d6d413ba0f 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -57,14 +57,6 @@ $backtopage = GETPOST('backtopage', 'alpha'); $userid = GETPOST('user', 'int'); -// Security check -$result = restrictedArea($user, 'user', $id, 'usergroup&usergroup', $feature2); - -// Users/Groups management only in master entity if transverse mode -if (!empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) { - accessforbidden(); -} - $object = new Usergroup($db); $extrafields = new ExtraFields($db); // fetch optionals attributes and labels @@ -77,6 +69,13 @@ $object->getrights(); // Initialize technical object to manage hooks. Note that conf->hooks_modules contains array $hookmanager->initHooks(array('groupcard', 'globalcard')); +// Security check +$result = restrictedArea($user, 'user', $id, 'usergroup&usergroup', $feature2); + +// Users/Groups management only in master entity if transverse mode +if (!empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) { + accessforbidden(); +} /** diff --git a/htdocs/user/group/list.php b/htdocs/user/group/list.php index 7281bc93639..edd34dfe9b8 100644 --- a/htdocs/user/group/list.php +++ b/htdocs/user/group/list.php @@ -28,17 +28,6 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php'; -if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { - if (!$user->rights->user->group_advance->read && !$user->admin) { - accessforbidden(); - } -} - -// Users/Groups management only in master entity if transverse mode -if (!empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) { - accessforbidden(); -} - // Load translation files required by page $langs->load("users"); @@ -78,6 +67,21 @@ $fieldstosearchall = array( 'g.note'=>"Note" ); +if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { + if (!$user->rights->user->group_advance->read && !$user->admin) { + accessforbidden(); + } +} + +// Users/Groups management only in master entity if transverse mode +if (!empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) { + accessforbidden(); +} + +if (!$user->rights->user->user->lire && !$user->admin) { + accessforbidden(); +} + /* * Actions diff --git a/htdocs/user/list.php b/htdocs/user/list.php index f9703116d62..aef0d3e31c9 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -31,10 +31,6 @@ if (!empty($conf->categorie->enabled)) { require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; } -if (!$user->rights->user->user->lire && !$user->admin) { - accessforbidden(); -} - // Load translation files required by page $langs->loadLangs(array('users', 'companies', 'hrm', 'salaries')); @@ -185,6 +181,10 @@ if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { $error = 0; +if (!$user->rights->user->user->lire && !$user->admin) { + accessforbidden(); +} + $childids = $user->getAllChildIds(1); From 3414511d7f9749d240fe4722d57205070e00acea Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 15:09:06 +0100 Subject: [PATCH 84/85] Code position --- htdocs/user/group/ldap.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/htdocs/user/group/ldap.php b/htdocs/user/group/ldap.php index dcefbf4a413..aee79688aee 100644 --- a/htdocs/user/group/ldap.php +++ b/htdocs/user/group/ldap.php @@ -33,16 +33,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/ldap.lib.php'; // Load translation files required by page $langs->loadLangs(array('companies', 'ldap', 'users', 'admin')); -// Users/Groups management only in master entity if transverse mode -if (!empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) { - accessforbidden(); -} - -$canreadperms = true; -if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { - $canreadperms = ($user->admin || $user->rights->user->group_advance->read); -} - $id = GETPOST('id', 'int'); $action = GETPOST('action', 'aZ09'); @@ -55,6 +45,16 @@ $object = new Usergroup($db); $object->fetch($id); $object->getrights(); +// Users/Groups management only in master entity if transverse mode +if (!empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) { + accessforbidden(); +} + +$canreadperms = true; +if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { + $canreadperms = ($user->admin || $user->rights->user->group_advance->read); +} + /* * Actions From 85b76cc4dfdf0a7bde00b5d21e04f047b13b9253 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 20 Mar 2021 01:22:09 +0100 Subject: [PATCH 85/85] Fix title --- build/doxygen/doxygen_header.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/doxygen/doxygen_header.html b/build/doxygen/doxygen_header.html index 235797bb6c9..f60f4829d76 100644 --- a/build/doxygen/doxygen_header.html +++ b/build/doxygen/doxygen_header.html @@ -2,7 +2,7 @@ -$title +Dolibarr source code documentation
'; +$stringtoshow = ''; - print ''; + print ''; print ''; print ''; } print ''; - print ''; + print ''; print ''; print ''; $oldyear = $year; @@ -208,7 +208,7 @@ print ''; print '
'; -$stringtoshow .= '
'; if ($mesg) { print $mesg; } else { diff --git a/htdocs/projet/tasks/stats/index.php b/htdocs/projet/tasks/stats/index.php index 81c05fde59d..be6ac3c7802 100644 --- a/htdocs/projet/tasks/stats/index.php +++ b/htdocs/projet/tasks/stats/index.php @@ -90,7 +90,7 @@ if (!empty($year)) { $data = $stats_tasks->getNbByMonthWithPrevYear($endyear, $startyear); //var_dump($data); -$filenamenb = $conf->project->dir_output."/stats/tasknbprevyear-".$year.".png"; +$filenamenb = $conf->projet->dir_output."/stats/tasknbprevyear-".$year.".png"; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=taskstats&file=tasknbprevyear-'.$year.'.png'; $px1 = new DolGraph(); @@ -134,12 +134,12 @@ if (!count($arrayyears)) { $h = 0; $head = array(); -$head[$h][0] = DOL_URL_ROOT.'/projet/tasks/stats/index.php?mode='.$mode; +$head[$h][0] = DOL_URL_ROOT.'/projet/tasks/stats/index.php?'; $head[$h][1] = $langs->trans("ByMonthYear"); $head[$h][2] = 'byyear'; $h++; -complete_head_from_modules($conf, $langs, null, $head, $h, $type); +complete_head_from_modules($conf, $langs, null, $head, $h, 'projet_tasks_stats'); print dol_get_fiche_head($head, 'byyear', $langs->trans("Statistics"), -1, ''); @@ -191,13 +191,13 @@ foreach ($data_all_year as $val) { $oldyear--; print '
0 ? '&userid='.$userid : '').'">'.$oldyear.' 0 ? '&userid='.$userid : '').'">'.$oldyear.'0
0 ? '&userid='.$userid : '').'">'.$year.' 0 ? '&userid='.$userid : '').'">'.$year.''.$val['nb'].'
'; print '"; print ''; @@ -130,9 +130,9 @@ print ''; print '"; diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php index 0671783615c..65029a9246a 100644 --- a/htdocs/admin/fckeditor.php +++ b/htdocs/admin/fckeditor.php @@ -89,7 +89,7 @@ $picto = array( */ foreach ($modules as $const => $desc) { - if ($action == 'activate_'.strtolower($const)) { + if ($action == 'enable_'.strtolower($const)) { dolibarr_set_const($db, "FCKEDITOR_ENABLE_".$const, "1", 'chaine', 0, '', $conf->entity); // If fckeditor is active in the product/service description, it is activated in the forms if ($const == 'PRODUCTDESC' && !empty($conf->global->PRODUIT_DESC_IN_FORM)) { @@ -166,9 +166,9 @@ if (empty($conf->use_javascript_ajax)) { $constante = 'FCKEDITOR_ENABLE_'.$const; $value = (isset($conf->global->$constante) ? $conf->global->$constante : 0); if ($value == 0) { - print ''.img_picto($langs->trans("Disabled"), 'switch_off').''; + print ''.img_picto($langs->trans("Disabled"), 'switch_off').''; } elseif ($value == 1) { - print ''.img_picto($langs->trans("Enabled"), 'switch_on').''; + print ''.img_picto($langs->trans("Enabled"), 'switch_on').''; } print ""; diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php index 011b28e7421..98b6c996181 100644 --- a/htdocs/admin/security.php +++ b/htdocs/admin/security.php @@ -406,7 +406,7 @@ if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) { if ($allow_disable_encryption) { //On n'autorise pas l'annulation de l'encryption car les mots de passe ne peuvent pas etre decodes //Do not allow "disable encryption" as passwords cannot be decrypted - print ''.$langs->trans("Disable").''; + print ''.$langs->trans("Disable").''; } else { print '-'; } @@ -432,10 +432,10 @@ if (empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass)) { print img_warning($langs->trans("WarningPassIsEmpty")); } else { if (empty($dolibarr_main_db_encrypted_pass)) { - print ''.$langs->trans("Activate").''; + print ''.$langs->trans("Activate").''; } if (!empty($dolibarr_main_db_encrypted_pass)) { - print ''.$langs->trans("Disable").''; + print ''.$langs->trans("Disable").''; } } print ""; @@ -455,12 +455,12 @@ if (!empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) { print ''; if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) { print '"; } if (!empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) { print '"; } print ""; diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index 6d2047d3f49..fa2ef014d17 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -656,11 +656,11 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea { if ($object->status == 1) { - print ''.$langs->trans("Disable").''."\n"; + print ''.$langs->trans("Disable").''."\n"; } else { - print ''.$langs->trans("Enable").''."\n"; + print ''.$langs->trans("Enable").''."\n"; } } */ diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php index 167e9e4a577..4f0148a05a1 100644 --- a/htdocs/compta/facture/card-rec.php +++ b/htdocs/compta/facture/card-rec.php @@ -1658,15 +1658,15 @@ if ($action == 'create') { if ($user->rights->facture->creer) { if (empty($object->suspended)) { - print '
'.$langs->trans("Disable").'
'; + print '
id.'&token='.newToken().'">'.$langs->trans("Disable").'
'; } else { - print '
'.$langs->trans("Enable").'
'; + print '
id.'&token='.newToken().'">'.$langs->trans("Enable").'
'; } } //if ($object->statut == Facture::STATUS_DRAFT && $user->rights->facture->supprimer) if ($user->rights->facture->supprimer) { - print '
'.$langs->trans('Delete').'
'; + print '
'.$langs->trans('Delete').'
'; } print ''; diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index bae45672257..421b88ea6b8 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -1470,11 +1470,11 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Activer if ($object->statut == 0 && $user->rights->societe->contact->creer) { - print ''.$langs->trans("Reactivate").''; + print ''.$langs->trans("Reactivate").''; } // Desactiver if ($object->statut == 1 && $user->rights->societe->contact->creer) { - print ''.$langs->trans("DisableUser").''; + print ''.$langs->trans("DisableUser").''; } // Delete diff --git a/htdocs/eventorganization/conferenceorbooth_card.php b/htdocs/eventorganization/conferenceorbooth_card.php index 817be70ab79..e27e909d071 100644 --- a/htdocs/eventorganization/conferenceorbooth_card.php +++ b/htdocs/eventorganization/conferenceorbooth_card.php @@ -476,16 +476,16 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea /* if ($permissiontoadd) { if ($object->status == $object::STATUS_ENABLED) { - print ''.$langs->trans("Disable").''."\n"; + print ''.$langs->trans("Disable").''."\n"; } else { - print ''.$langs->trans("Enable").''."\n"; + print ''.$langs->trans("Enable").''."\n"; } } if ($permissiontoadd) { if ($object->status == $object::STATUS_VALIDATED) { - print ''.$langs->trans("Cancel").''."\n"; + print ''.$langs->trans("Cancel").''."\n"; } else { - print ''.$langs->trans("Re-Open").''."\n"; + print ''.$langs->trans("Re-Open").''."\n"; } } */ diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index d77b1479102..108a25e1877 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -431,11 +431,26 @@ if (!defined('NOTOKENRENEWAL')) { // Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set into page if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) { - // Check all cases that need a token (all POST actions + all login, actions and mass actions on pages with CSRFCHECK_WITH_TOKEN set + all sensitive GET actions) + // Array of action code where CSRFCHECK with token will be forced (so token must be provided on url request) + $arrayofactiontoforcetokencheck = array( + 'activate', 'add', 'addtimespent', 'update', 'install', + 'confirm_create_user', 'confirm_create_thirdparty', 'confirm_reject_check', + 'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'disable', + 'enable' + ); + $sensitiveget = false; + if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) { + $sensitiveget = true; + } + if (preg_match('/^(disable_|enable_)/', GETPOST('action', 'aZ09'))) { + $sensitiveget = true; + } + + // Check all cases that need a mandatory token (all POST actions + all login, actions and mass actions on pages with CSRFCHECK_WITH_TOKEN set + all sensitive GET actions) if ( $_SERVER['REQUEST_METHOD'] == 'POST' || - ((GETPOSTISSET('actionlogin') || GETPOSTISSET('action') || GETPOSTISSET('massaction')) && defined('CSRFCHECK_WITH_TOKEN')) || - in_array(GETPOST('action', 'aZ09'), array('add', 'addtimespent', 'update', 'install', 'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'confirm_create_user', 'confirm_create_thirdparty', 'confirm_reject_check')) + $sensitiveget || + ((GETPOSTISSET('actionlogin') || GETPOSTISSET('action') || GETPOSTISSET('massaction')) && defined('CSRFCHECK_WITH_TOKEN')) ) { if (!GETPOST('token', 'alpha')) { // If token is not provided or empty if (GETPOST('uploadform', 'int')) { diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index e99acc0b913..8e40c1071e2 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -514,16 +514,16 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea /* if ($permissiontoadd) { if ($object->status == $object::STATUS_ENABLED) { - print ''.$langs->trans("Disable").''."\n"; + print ''.$langs->trans("Disable").''."\n"; } else { - print ''.$langs->trans("Enable").''."\n"; + print ''.$langs->trans("Enable").''."\n"; } } if ($permissiontoadd) { if ($object->status == $object::STATUS_VALIDATED) { - print ''.$langs->trans("Cancel").''."\n"; + print ''.$langs->trans("Cancel").''."\n"; } else { - print ''.$langs->trans("Re-Open").''."\n"; + print ''.$langs->trans("Re-Open").''."\n"; } } */ diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 015b061119b..ee86d43c09f 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -942,10 +942,10 @@ if (!empty($conf->global->PRODUIT_MULTIPRICES) || !empty($conf->global->PRODUIT_ } print '
'; +$stringtoshow = ''; print ''; } print "\n"; From 75cf5e3599ac3bcf57c6f16784bd5f5008ed59e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 23:55:46 +0100 Subject: [PATCH 25/85] fix php8 warning --- htdocs/adherents/admin/adherent.php | 3 ++- htdocs/compta/bank/transfer.php | 1 + htdocs/core/tpl/admin_extrafields_add.tpl.php | 4 ++-- htdocs/core/tpl/admin_extrafields_edit.tpl.php | 4 ++-- htdocs/core/tpl/admin_extrafields_view.tpl.php | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/htdocs/adherents/admin/adherent.php b/htdocs/adherents/admin/adherent.php index 092d9b0de38..7a9effb6e0d 100644 --- a/htdocs/adherents/admin/adherent.php +++ b/htdocs/adherents/admin/adherent.php @@ -254,7 +254,8 @@ if ($conf->facture->enabled) { if (!empty($conf->product->enabled) || !empty($conf->service->enabled)) { print ''; print ''; } print "\n"; diff --git a/htdocs/compta/bank/transfer.php b/htdocs/compta/bank/transfer.php index 0533a04c12f..c94f8810cd8 100644 --- a/htdocs/compta/bank/transfer.php +++ b/htdocs/compta/bank/transfer.php @@ -233,6 +233,7 @@ $account_from = ''; $account_to = ''; $label = ''; $amount = ''; +$amountto = ''; if ($error) { $account_from = GETPOST('account_from', 'int'); diff --git a/htdocs/core/tpl/admin_extrafields_add.tpl.php b/htdocs/core/tpl/admin_extrafields_add.tpl.php index c22d3d932de..b0ab3e5bb76 100644 --- a/htdocs/core/tpl/admin_extrafields_add.tpl.php +++ b/htdocs/core/tpl/admin_extrafields_add.tpl.php @@ -204,8 +204,8 @@ $listofexamplesforlink = 'Societe:societe/class/societe.class.php
Contact:con - -multicompany->enabled) { ?> + +multicompany->enabled)) { ?> diff --git a/htdocs/core/tpl/admin_extrafields_edit.tpl.php b/htdocs/core/tpl/admin_extrafields_edit.tpl.php index bba6fd1bb7c..73721d4c0c4 100644 --- a/htdocs/core/tpl/admin_extrafields_edit.tpl.php +++ b/htdocs/core/tpl/admin_extrafields_edit.tpl.php @@ -141,7 +141,7 @@ $listofexamplesforlink = 'Societe:societe/class/societe.class.php
Contact:con - + @@ -295,7 +295,7 @@ if (in_array($type, array_keys($typewecanchangeinto))) { -multicompany->enabled) { ?> +multicompany->enabled)) { ?> diff --git a/htdocs/core/tpl/admin_extrafields_view.tpl.php b/htdocs/core/tpl/admin_extrafields_view.tpl.php index ef7d22337ac..82b5db4f74b 100644 --- a/htdocs/core/tpl/admin_extrafields_view.tpl.php +++ b/htdocs/core/tpl/admin_extrafields_view.tpl.php @@ -65,7 +65,7 @@ print ''; print ''; print ''; print ''; -if ($conf->multicompany->enabled) { +if (empty($conf->multicompany->enabled)) { print ''; } print ''; From 7878f3cba0781269c0aa86cb68de3d883d25a16d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 08:08:37 +0100 Subject: [PATCH 26/85] fix php8 warning --- htdocs/admin/system/dolibarr.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index 92b60cce4e2..cfdc196d79d 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -442,7 +442,7 @@ foreach ($configfileparameters as $key => $value) { print img_warning($langs->trans('SwitchThisForABetterSecurity', 0)); } } else { - print ${$newkey}; + print (empty(${$newkey}) ? '' : ${$newkey}); } if ($newkey == 'dolibarr_main_url_root' && ${$newkey} != DOL_MAIN_URL_ROOT) { print ' (currently overwritten by autodetected value: '.DOL_MAIN_URL_ROOT.')'; From 0769c8ee22a0943a93ffeeaa66ac08f89a1e0022 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 08:16:28 +0100 Subject: [PATCH 27/85] fix php8 warnings --- htdocs/cron/list.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/htdocs/cron/list.php b/htdocs/cron/list.php index 35da0b83659..712b2ceb163 100644 --- a/htdocs/cron/list.php +++ b/htdocs/cron/list.php @@ -62,7 +62,7 @@ if (!$sortfield) { if (!$sortorder) { $sortorder = 'DESC,ASC'; } - +$optioncss = GETPOST('optioncss', 'alpha'); $mode = GETPOST('mode', 'aZ09'); //Search criteria $search_status = (GETPOSTISSET('search_status') ?GETPOST('search_status', 'int') : GETPOST('status', 'int')); @@ -71,7 +71,11 @@ $search_module_name = GETPOST("search_module_name", 'alpha'); $search_lastresult = GETPOST("search_lastresult", "alpha"); $securitykey = GETPOST('securitykey', 'alpha'); -$diroutputmassaction = $conf->cronjob->dir_output.'/temp/massgeneration/'.$user->id; +$outputdir = $conf->cron->dir_output; +if (empty($outputdir)) { + $outputdir = $conf->cronjob->dir_output; +} +$diroutputmassaction = $outputdir.'/temp/massgeneration/'.$user->id; $object = new Cronjob($db); @@ -360,7 +364,7 @@ $arrayofmassactions = array( 'enable'=>$langs->trans("CronStatusActiveBtn"), 'disable'=>$langs->trans("CronStatusInactiveBtn"), ); -if ($user->rights->mymodule->delete) { +if ($user->rights->cron->delete) { $arrayofmassactions['predelete'] = ''.$langs->trans("Delete"); } if (in_array($massaction, array('presend', 'predelete'))) { From c147d47ad98afd0ed975c9c0889e960222132dee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 08:23:06 +0100 Subject: [PATCH 28/85] fix php8 warning --- htdocs/adherents/card.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 1286e19b416..48b27ec49c2 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -1691,6 +1691,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { */ print '
'; + $isinspip = 0; $parameters = array(); $reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been if (empty($reshook)) { From 39acef8df769399fb2c8601f849e51e7e521454f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 08:26:47 +0100 Subject: [PATCH 29/85] Update card.php --- htdocs/adherents/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 48b27ec49c2..b34e39872ac 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -1828,7 +1828,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $genallowed = $user->rights->adherent->lire; $delallowed = $user->rights->adherent->creer; - print $formfile->showdocuments('member', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', $object->default_lang, '', $object); + print $formfile->showdocuments('member', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', (empty($object->default_lang) ? '' : $object->default_lang), '', $object); $somethingshown = $formfile->numoffiles; // Show links to link elements From c33347b46146a58af4881fd4b89a87ab6fecb755 Mon Sep 17 00:00:00 2001 From: Alexis LAURIER Date: Thu, 18 Mar 2021 10:43:26 +0100 Subject: [PATCH 30/85] add invoice getNomUrl hook --- htdocs/compta/facture/class/facture.class.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index ef0962a0169..b1eaaf8acf8 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1504,6 +1504,13 @@ class Facture extends CommonInvoice } } + global $action; + $hookmanager->initHooks(array('invoicedao')); + $parameters = array('id'=>$this->id, 'getnomurl'=>$result, 'notooltip' => $notooltip, 'addlinktonotes' => $addlinktonotes, 'save_lastsearch_value'=> $save_lastsearch_value, 'target' => $target); + $reshook = $hookmanager->executeHooks('getNomUrl', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks + if ($reshook > 0) $result = $hookmanager->resPrint; + else $result .= $hookmanager->resPrint; + return $result; } From b41622319455c55124d489d611f49be982c328ce Mon Sep 17 00:00:00 2001 From: Alexis LAURIER Date: Thu, 18 Mar 2021 11:16:49 +0100 Subject: [PATCH 31/85] fix --- htdocs/compta/facture/class/facture.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index b1eaaf8acf8..2c5a52280b8 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1504,7 +1504,7 @@ class Facture extends CommonInvoice } } - global $action; + global $action, $hookmanager; $hookmanager->initHooks(array('invoicedao')); $parameters = array('id'=>$this->id, 'getnomurl'=>$result, 'notooltip' => $notooltip, 'addlinktonotes' => $addlinktonotes, 'save_lastsearch_value'=> $save_lastsearch_value, 'target' => $target); $reshook = $hookmanager->executeHooks('getNomUrl', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks From 1b4b48a634e4886e9701ee540b39afa43f2c5629 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 13:18:50 +0100 Subject: [PATCH 32/85] fix php8 warning when upgrade reloads modules --- htdocs/core/modules/modBlockedLog.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/modBlockedLog.class.php b/htdocs/core/modules/modBlockedLog.class.php index edd6d8c12a9..3f9a6473a82 100644 --- a/htdocs/core/modules/modBlockedLog.class.php +++ b/htdocs/core/modules/modBlockedLog.class.php @@ -92,7 +92,7 @@ class modBlockedLog extends DolibarrModules $this->always_enabled = (!empty($conf->blockedlog->enabled) && !empty($conf->global->BLOCKEDLOG_DISABLE_NOT_ALLOWED_FOR_COUNTRY) - && in_array($mysoc->country_code, explode(',', $conf->global->BLOCKEDLOG_DISABLE_NOT_ALLOWED_FOR_COUNTRY)) + && in_array((empty($mysoc->country_code) ? '' : $mysoc->country_code), explode(',', $conf->global->BLOCKEDLOG_DISABLE_NOT_ALLOWED_FOR_COUNTRY)) && $this->alreadyUsed()); // Constants From 46972ec669533692f1b6bbc82713d7649534ae50 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Mar 2021 14:34:44 +0100 Subject: [PATCH 33/85] FIx #5660 --- htdocs/accountancy/bookkeeping/balance.php | 12 ++++++ htdocs/accountancy/bookkeeping/card.php | 18 +++++---- htdocs/accountancy/bookkeeping/list.php | 10 +++++ .../accountancy/bookkeeping/listbyaccount.php | 10 +++++ .../bookkeeping/listbysubaccount.php | 11 +++++ .../thirdparty_lettering_customer.php | 10 +++++ .../thirdparty_lettering_supplier.php | 11 +++++ htdocs/accountancy/closure/index.php | 26 ++++++------ htdocs/accountancy/customer/card.php | 7 ++++ htdocs/accountancy/customer/lines.php | 8 +++- htdocs/accountancy/customer/list.php | 7 +++- htdocs/accountancy/expensereport/card.php | 6 +++ htdocs/accountancy/expensereport/index.php | 23 +++++------ htdocs/accountancy/expensereport/lines.php | 8 +++- htdocs/accountancy/expensereport/list.php | 21 +++++----- htdocs/accountancy/index.php | 11 ++++- htdocs/accountancy/journal/bankjournal.php | 8 +++- .../journal/expensereportsjournal.php | 8 ++++ .../accountancy/journal/purchasesjournal.php | 12 +++++- htdocs/accountancy/journal/sellsjournal.php | 11 ++++- htdocs/accountancy/supplier/card.php | 6 +++ htdocs/accountancy/supplier/index.php | 13 +++++- htdocs/accountancy/supplier/lines.php | 9 +++-- htdocs/accountancy/supplier/list.php | 19 +++++---- htdocs/compta/resultat/clientfourn.php | 23 +++++------ htdocs/compta/resultat/index.php | 17 ++++---- htdocs/compta/resultat/result.php | 20 ++++++---- htdocs/compta/stats/byratecountry.php | 10 ++--- htdocs/compta/stats/cabyprodserv.php | 14 +++---- htdocs/compta/stats/cabyuser.php | 30 +++++++------- htdocs/compta/stats/casoc.php | 26 ++++++------ htdocs/compta/stats/index.php | 4 +- htdocs/compta/stats/supplier_turnover.php | 6 +-- .../stats/supplier_turnover_by_prodserv.php | 40 +++++++++---------- .../stats/supplier_turnover_by_thirdparty.php | 36 ++++++++--------- htdocs/langs/en_US/users.lang | 2 +- 36 files changed, 334 insertions(+), 179 deletions(-) diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index 35473c6329e..e03790a8995 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -135,6 +135,18 @@ if (!empty($search_accountancy_code_end)) { $param .= '&search_accountancy_code_end='.$search_accountancy_code_end; } +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + + + /* * Action */ diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php index 3ab9ed0a702..60645353976 100644 --- a/htdocs/accountancy/bookkeeping/card.php +++ b/htdocs/accountancy/bookkeeping/card.php @@ -44,13 +44,6 @@ $id = GETPOST('id', 'int'); // id of record $mode = GETPOST('mode', 'aZ09'); // '' or '_tmp' $piece_num = GETPOST("piece_num", 'int'); // id of transaction (several lines share the same transaction id) -// Security check -if ($user->socid > 0) { - accessforbidden(); -} - -$mesg = ''; - $accountingaccount = new AccountingAccount($db); $accountingjournal = new AccountingJournal($db); @@ -83,6 +76,17 @@ if (!empty($update)) { $object = new BookKeeping($db); +// Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Actions diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 39906b09bb3..40a8284adc4 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -171,6 +171,16 @@ if (empty($listofformat[$formatexportset])) { $error = 0; +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Actions diff --git a/htdocs/accountancy/bookkeeping/listbyaccount.php b/htdocs/accountancy/bookkeeping/listbyaccount.php index 99b644d1e0a..24bcc4706c1 100644 --- a/htdocs/accountancy/bookkeeping/listbyaccount.php +++ b/htdocs/accountancy/bookkeeping/listbyaccount.php @@ -163,6 +163,16 @@ if ($search_date_end && empty($search_date_endyear)) { $search_date_endday = $tmparray['mday']; } +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Action diff --git a/htdocs/accountancy/bookkeeping/listbysubaccount.php b/htdocs/accountancy/bookkeeping/listbysubaccount.php index 72b6574bea5..129e695de3c 100644 --- a/htdocs/accountancy/bookkeeping/listbysubaccount.php +++ b/htdocs/accountancy/bookkeeping/listbysubaccount.php @@ -163,10 +163,21 @@ if ($search_date_end && empty($search_date_endyear)) { $search_date_endday = $tmparray['mday']; } +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Action */ + if (GETPOST('cancel', 'alpha')) { $action = 'list'; $massaction = ''; } diff --git a/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php b/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php index fa5302919d5..0064e8c4715 100644 --- a/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php +++ b/htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php @@ -94,6 +94,16 @@ if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Action diff --git a/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php b/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php index e31479f10cd..a73f711e15a 100644 --- a/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php +++ b/htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php @@ -94,10 +94,21 @@ if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Action */ + if ($action == 'lettering') { $result = $lettering->updateLettering($toselect); diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index 94e59de1812..3ba552cdfa4 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -35,17 +35,6 @@ $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); -// Security check -if (empty($conf->accounting->enabled)) { - accessforbidden(); -} -if ($user->socid > 0) { - accessforbidden(); -} -if (!$user->rights->accounting->fiscalyear->write) { - accessforbidden(); -} - $object = new BookKeeping($db); $month_start = ($conf->global->SOCIETE_FISCAL_MONTH_START ? ($conf->global->SOCIETE_FISCAL_MONTH_START) : 1); @@ -67,10 +56,23 @@ $search_date_start = dol_mktime(0, 0, 0, $month_start, 1, $year_start); $search_date_end = dol_get_last_day($year_end, $month_end); $year_current = $year_start; +// Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (!$user->rights->accounting->fiscalyear->write) { + accessforbidden(); +} + + /* * Actions */ -if ($action == 'validate_movements_confirm' && $user->rights->accounting->fiscalyear->write) { + +if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting->fiscalyear->write)) { $result = $object->fetchAll(); if ($result < 0) { diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index 1209576ddba..98e9151877e 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -38,9 +38,16 @@ $codeventil = GETPOST('codeventil', 'int'); $id = GETPOST('id', 'int'); // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* diff --git a/htdocs/accountancy/customer/lines.php b/htdocs/accountancy/customer/lines.php index 983e7957583..3b14450fab1 100644 --- a/htdocs/accountancy/customer/lines.php +++ b/htdocs/accountancy/customer/lines.php @@ -80,13 +80,17 @@ if (!$sortorder) { } // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } -if (!$user->rights->accounting->bind->write) { +if (empty($user->rights->accounting->mouvements->lire)) { accessforbidden(); } + $formaccounting = new FormAccounting($db); @@ -112,7 +116,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_tvaintra = ''; } -if (is_array($changeaccount) && count($changeaccount) > 0) { +if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) { $error = 0; if (!(GETPOST('account_parent', 'int') >= 0)) { diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index 8d5c2788425..7014474ce4f 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -88,10 +88,13 @@ if (!$sortorder) { } // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } -if (!$user->rights->accounting->bind->write) { +if (empty($user->rights->accounting->mouvements->lire)) { accessforbidden(); } @@ -148,7 +151,7 @@ if (empty($reshook)) { } -if ($massaction == 'ventil') { +if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $msg = ''; //print '
' . $langs->trans("Processing") . '...
'; diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index f997f666e6e..200a493cfed 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -42,9 +42,15 @@ $codeventil = GETPOST('codeventil', 'int'); $id = GETPOST('id', 'int'); // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} /* diff --git a/htdocs/accountancy/expensereport/index.php b/htdocs/accountancy/expensereport/index.php index ffa0bfcc07d..38f7f596932 100644 --- a/htdocs/accountancy/expensereport/index.php +++ b/htdocs/accountancy/expensereport/index.php @@ -32,17 +32,6 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; // Load translation files required by the page $langs->loadLangs(array("compta", "bills", "other", "main", "accountancy")); -// Security check -if (empty($conf->accounting->enabled)) { - accessforbidden(); -} -if ($user->socid > 0) { - accessforbidden(); -} -if (!$user->rights->accounting->bind->write) { - accessforbidden(); -} - $month_start = ($conf->global->SOCIETE_FISCAL_MONTH_START ? ($conf->global->SOCIETE_FISCAL_MONTH_START) : 1); if (GETPOST("year", 'int')) { $year_start = GETPOST("year", 'int'); @@ -65,13 +54,23 @@ $year_current = $year_start; // Validate History $action = GETPOST('action', 'aZ09'); +// Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} /* * Actions */ -if ($action == 'clean' || $action == 'validatehistory') { +if (($action == 'clean' || $action == 'validatehistory') && $user->rights->accounting->bind->write) { // Clean database $db->begin(); $sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd"; diff --git a/htdocs/accountancy/expensereport/lines.php b/htdocs/accountancy/expensereport/lines.php index 3c4760b3730..d29e39d7f37 100644 --- a/htdocs/accountancy/expensereport/lines.php +++ b/htdocs/accountancy/expensereport/lines.php @@ -74,13 +74,17 @@ if (!$sortorder) { } // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } -if (!$user->rights->accounting->bind->write) { +if (empty($user->rights->accounting->mouvements->lire)) { accessforbidden(); } + $formaccounting = new FormAccounting($db); @@ -102,7 +106,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_year = ''; } -if (is_array($changeaccount) && count($changeaccount) > 0) { +if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) { $error = 0; if (!(GETPOST('account_parent', 'int') >= 0)) { diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 05476756531..84cd64bb44f 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -83,19 +83,22 @@ if (!$sortorder) { } } -// Security check -if ($user->socid > 0) { - accessforbidden(); -} -if (!$user->rights->accounting->bind->write) { - accessforbidden(); -} - $formaccounting = new FormAccounting($db); $accounting = new AccountingAccount($db); $chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version'); +// Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Action @@ -130,7 +133,7 @@ $permissiontodelete = $user->rights->expensereport->delete; $uploaddir = $conf->expensereport->dir_output; include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php'; -if ($massaction == 'ventil') { +if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $msg = ''; //print '
' . $langs->trans("Processing") . '...
'; if (!empty($mesCasesCochees)) { diff --git a/htdocs/accountancy/index.php b/htdocs/accountancy/index.php index 242fc71d80c..94dc6aa05c9 100644 --- a/htdocs/accountancy/index.php +++ b/htdocs/accountancy/index.php @@ -31,13 +31,20 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; // Load translation files required by the page $langs->loadLangs(array("compta", "bills", "other", "accountancy", "loans", "banks", "admin", "dict")); +// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks +$hookmanager->initHooks(array('accountancyindex')); + // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} -// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks -$hookmanager->initHooks(array('accountancyindex')); /* diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index b79b8433c03..da36a054b08 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -83,7 +83,13 @@ $now = dol_now(); $action = GETPOST('action', 'aZ09'); // Security check -if ($user->socid > 0 && empty($id_journal)) { +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { accessforbidden(); } diff --git a/htdocs/accountancy/journal/expensereportsjournal.php b/htdocs/accountancy/journal/expensereportsjournal.php index 9010261dbe0..2f7569ab152 100644 --- a/htdocs/accountancy/journal/expensereportsjournal.php +++ b/htdocs/accountancy/journal/expensereportsjournal.php @@ -58,13 +58,21 @@ if ($in_bookkeeping == '') { $now = dol_now(); // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Actions */ + $accountingaccount = new AccountingAccount($db); // Get informations of journal diff --git a/htdocs/accountancy/journal/purchasesjournal.php b/htdocs/accountancy/journal/purchasesjournal.php index 46363fb3a09..f6fa5c4b76a 100644 --- a/htdocs/accountancy/journal/purchasesjournal.php +++ b/htdocs/accountancy/journal/purchasesjournal.php @@ -57,17 +57,25 @@ if ($in_bookkeeping == '') { $now = dol_now(); +$hookmanager->initHooks(array('purchasesjournal')); +$parameters = array(); + // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} -$hookmanager->initHooks(array('purchasesjournal')); -$parameters = array(); /* * Actions */ + $reshook = $hookmanager->executeHooks('doActions', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks $accountingaccount = new AccountingAccount($db); diff --git a/htdocs/accountancy/journal/sellsjournal.php b/htdocs/accountancy/journal/sellsjournal.php index 16209e1a241..9a00adf3473 100644 --- a/htdocs/accountancy/journal/sellsjournal.php +++ b/htdocs/accountancy/journal/sellsjournal.php @@ -59,13 +59,20 @@ if ($in_bookkeeping == '') { $now = dol_now(); +$hookmanager->initHooks(array('sellsjournal')); +$parameters = array(); + // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} -$hookmanager->initHooks(array('sellsjournal')); -$parameters = array(); /* * Actions diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 0d86b928a26..eee2059c660 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -42,9 +42,15 @@ $codeventil = GETPOST('codeventil', 'int'); $id = GETPOST('id', 'int'); // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} /* diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index 937173fc1e6..7ef09acf91a 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -69,12 +69,23 @@ $action = GETPOST('action', 'aZ09'); $chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version'); +// Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Actions */ -if ($action == 'clean' || $action == 'validatehistory') { +if (($action == 'clean' || $action == 'validatehistory') && $user->rights->accounting->bind->write) { // Clean database $db->begin(); $sql1 = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det as fd"; diff --git a/htdocs/accountancy/supplier/lines.php b/htdocs/accountancy/supplier/lines.php index 6bdc714ec4c..f661ba42ce9 100644 --- a/htdocs/accountancy/supplier/lines.php +++ b/htdocs/accountancy/supplier/lines.php @@ -80,16 +80,19 @@ if (!$sortorder) { } } +$formaccounting = new FormAccounting($db); + // Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} if ($user->socid > 0) { accessforbidden(); } -if (!$user->rights->accounting->bind->write) { +if (empty($user->rights->accounting->mouvements->lire)) { accessforbidden(); } -$formaccounting = new FormAccounting($db); - /* * Actions diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index d49effd791d..ea61a686883 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -88,14 +88,6 @@ if (!$sortorder) { } } -// Security check -if ($user->socid > 0) { - accessforbidden(); -} -if (!$user->rights->accounting->bind->write) { - accessforbidden(); -} - // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('accountancysupplierlist')); @@ -107,6 +99,17 @@ $aarowid_p = $accounting->fetch('', $conf->global->ACCOUNTING_PRODUCT_BUY_ACCOUN $chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version'); +// Security check +if (empty($conf->accounting->enabled)) { + accessforbidden(); +} +if ($user->socid > 0) { + accessforbidden(); +} +if (empty($user->rights->accounting->mouvements->lire)) { + accessforbidden(); +} + /* * Actions diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index 9c700f509f9..a22c0c51b73 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -49,18 +49,6 @@ $date_endday = GETPOST('date_endday', 'int'); $date_endyear = GETPOST('date_endyear', 'int'); $showaccountdetail = GETPOST('showaccountdetail', 'aZ09') ?GETPOST('showaccountdetail', 'aZ09') : 'no'; -// Security check -$socid = GETPOST('socid', 'int'); -if ($user->socid > 0) { - $socid = $user->socid; -} -if (!empty($conf->comptabilite->enabled)) { - $result = restrictedArea($user, 'compta', '', '', 'resultat'); -} -if (!empty($conf->accounting->enabled)) { - $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); -} - $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); @@ -151,6 +139,17 @@ if (GETPOST("modecompta", 'alpha')) { $AccCat = new AccountancyCategory($db); +// Security check +$socid = GETPOST('socid', 'int'); +if ($user->socid > 0) { + $socid = $user->socid; +} +if (!empty($conf->comptabilite->enabled)) { + $result = restrictedArea($user, 'compta', '', '', 'resultat'); +} +if (!empty($conf->accounting->enabled)) { + $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); +} /* diff --git a/htdocs/compta/resultat/index.php b/htdocs/compta/resultat/index.php index 228269d135e..e5b86ba762e 100644 --- a/htdocs/compta/resultat/index.php +++ b/htdocs/compta/resultat/index.php @@ -108,6 +108,14 @@ $year_end = $tmpe['year']; $nbofyear = ($year_end - $year_start) + 1; //var_dump("year_start=".$year_start." year_end=".$year_end." nbofyear=".$nbofyear." date_start=".dol_print_date($date_start, 'dayhour')." date_end=".dol_print_date($date_end, 'dayhour')); +// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES' or 'BOOKKEEPING') +$modecompta = $conf->global->ACCOUNTING_MODE; +if (!empty($conf->accounting->enabled)) { + $modecompta = 'BOOKKEEPING'; +} +if (GETPOST("modecompta", 'alpha')) { + $modecompta = GETPOST("modecompta", 'alpha'); +} // Security check $socid = GETPOST('socid', 'int'); @@ -121,15 +129,6 @@ if (!empty($conf->accounting->enabled)) { $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); } -// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES' or 'BOOKKEEPING') -$modecompta = $conf->global->ACCOUNTING_MODE; -if (!empty($conf->accounting->enabled)) { - $modecompta = 'BOOKKEEPING'; -} -if (GETPOST("modecompta", 'alpha')) { - $modecompta = GETPOST("modecompta", 'alpha'); -} - /* * View diff --git a/htdocs/compta/resultat/result.php b/htdocs/compta/resultat/result.php index df3a82a4b7f..91932100565 100644 --- a/htdocs/compta/resultat/result.php +++ b/htdocs/compta/resultat/result.php @@ -144,16 +144,20 @@ if (GETPOST("modecompta")) { $modecompta = GETPOST("modecompta", 'alpha'); } -// Security check -if ($user->socid > 0) { - accessforbidden(); -} -if (!$user->rights->accounting->comptarapport->lire) { - accessforbidden(); -} - $AccCat = new AccountancyCategory($db); +// Security check +$socid = GETPOST('socid', 'int'); +if ($user->socid > 0) { + $socid = $user->socid; +} +if (!empty($conf->comptabilite->enabled)) { + $result = restrictedArea($user, 'compta', '', '', 'resultat'); +} +if (!empty($conf->accounting->enabled)) { + $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); +} + /* * View diff --git a/htdocs/compta/stats/byratecountry.php b/htdocs/compta/stats/byratecountry.php index 79379ee0b24..1644a4ee5e3 100644 --- a/htdocs/compta/stats/byratecountry.php +++ b/htdocs/compta/stats/byratecountry.php @@ -44,16 +44,16 @@ $modecompta = (GETPOST('modecompta', 'alpha') ? GETPOST('modecompta', 'alpha') : $year = GETPOST("year", 'int'); $month = GETPOST("month", 'int'); if (empty($year)) { - $year_current = strftime("%Y", dol_now()); - $month_current = strftime("%m", dol_now()); + $year_current = dol_print_date(dol_now(), '%Y'); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year_current; } else { $year_current = $year; - $month_current = strftime("%m", dol_now()); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int"); diff --git a/htdocs/compta/stats/cabyprodserv.php b/htdocs/compta/stats/cabyprodserv.php index c6c0e8e0816..25d9d4b9460 100644 --- a/htdocs/compta/stats/cabyprodserv.php +++ b/htdocs/compta/stats/cabyprodserv.php @@ -52,8 +52,8 @@ if (GETPOST("modecompta")) { $modecompta = GETPOST("modecompta"); } -$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"]; -$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"]; +$sortorder = GETPOST("sortorder", 'aZ09'); +$sortfield = GETPOST("sortfield", 'aZ09'); if (!$sortorder) { $sortorder = "asc"; } @@ -89,16 +89,16 @@ $date_endyear = GETPOST("date_endyear"); $date_endmonth = GETPOST("date_endmonth"); $date_endday = GETPOST("date_endday"); if (empty($year)) { - $year_current = strftime("%Y", dol_now()); - $month_current = strftime("%m", dol_now()); + $year_current = dol_print_date(dol_now(), '%Y'); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year_current; } else { $year_current = $year; - $month_current = strftime("%m", dol_now()); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int"); diff --git a/htdocs/compta/stats/cabyuser.php b/htdocs/compta/stats/cabyuser.php index 62e6fb3135d..feae1f83594 100644 --- a/htdocs/compta/stats/cabyuser.php +++ b/htdocs/compta/stats/cabyuser.php @@ -51,8 +51,8 @@ if (GETPOST("modecompta")) { $modecompta = GETPOST("modecompta"); } -$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"]; -$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"]; +$sortorder = GETPOST("sortorder", 'aZ09'); +$sortfield = GETPOST("sortfield", 'aZ09'); if (!$sortorder) { $sortorder = "asc"; } @@ -61,25 +61,25 @@ if (!$sortfield) { } // Date range -$year = GETPOST("year"); -$month = GETPOST("month"); -$date_startyear = GETPOST("date_startyear"); -$date_startmonth = GETPOST("date_startmonth"); -$date_startday = GETPOST("date_startday"); -$date_endyear = GETPOST("date_endyear"); -$date_endmonth = GETPOST("date_endmonth"); -$date_endday = GETPOST("date_endday"); +$year = GETPOST("year", 'int'); +$month = GETPOST("month", 'int'); +$date_startyear = GETPOST("date_startyear", 'int'); +$date_startmonth = GETPOST("date_startmonth", 'int'); +$date_startday = GETPOST("date_startday", 'int'); +$date_endyear = GETPOST("date_endyear", 'int'); +$date_endmonth = GETPOST("date_endmonth", 'int'); +$date_endday = GETPOST("date_endday", 'int'); if (empty($year)) { - $year_current = strftime("%Y", dol_now()); - $month_current = strftime("%m", dol_now()); + $year_current = dol_print_date(dol_now(), '%Y'); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year_current; } else { $year_current = $year; - $month_current = strftime("%m", dol_now()); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, $_REQUEST["date_startmonth"], $_REQUEST["date_startday"], $_REQUEST["date_startyear"]); -$date_end = dol_mktime(23, 59, 59, $_REQUEST["date_endmonth"], $_REQUEST["date_endday"], $_REQUEST["date_endyear"]); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q") ?GETPOST("q") : 0; diff --git a/htdocs/compta/stats/casoc.php b/htdocs/compta/stats/casoc.php index c8c13ca8b27..aedae20b8f0 100644 --- a/htdocs/compta/stats/casoc.php +++ b/htdocs/compta/stats/casoc.php @@ -44,8 +44,8 @@ if (GETPOST("modecompta")) { $modecompta = GETPOST("modecompta"); } -$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"]; -$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"]; +$sortorder = GETPOST("sortorder", 'aZ09'); +$sortfield = GETPOST("sortfield", 'aZ09'); if (!$sortorder) { $sortorder = "asc"; } @@ -83,23 +83,23 @@ $search_societe = GETPOST("search_societe", 'alpha'); $search_zip = GETPOST("search_zip", 'alpha'); $search_town = GETPOST("search_town", 'alpha'); $search_country = GETPOST("search_country", 'alpha'); -$date_startyear = GETPOST("date_startyear", 'alpha'); -$date_startmonth = GETPOST("date_startmonth", 'alpha'); -$date_startday = GETPOST("date_startday", 'alpha'); -$date_endyear = GETPOST("date_endyear", 'alpha'); -$date_endmonth = GETPOST("date_endmonth", 'alpha'); -$date_endday = GETPOST("date_endday", 'alpha'); +$date_startyear = GETPOST("date_startyear", 'int'); +$date_startmonth = GETPOST("date_startmonth", 'int'); +$date_startday = GETPOST("date_startday", 'int'); +$date_endyear = GETPOST("date_endyear", 'int'); +$date_endmonth = GETPOST("date_endmonth", 'int'); +$date_endday = GETPOST("date_endday", 'int'); if (empty($year)) { - $year_current = strftime("%Y", dol_now()); - $month_current = strftime("%m", dol_now()); + $year_current = dol_print_date(dol_now(), '%Y'); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year_current; } else { $year_current = $year; - $month_current = strftime("%m", dol_now()); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int") ?GETPOST("q", "int") : 0; diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php index 083230da668..74589d2e391 100644 --- a/htdocs/compta/stats/index.php +++ b/htdocs/compta/stats/index.php @@ -51,8 +51,8 @@ if (empty($year)) { $month_current = dol_print_date(dol_now(), "%m"); $year_start = $year - ($nbofyear - 1); } -$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear); -$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear); +$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzuserrel'); // We define date_start and date_end if (empty($date_start) || empty($date_end)) { // We define date_start and date_end diff --git a/htdocs/compta/stats/supplier_turnover.php b/htdocs/compta/stats/supplier_turnover.php index b199dcbeb9c..141db21b73e 100644 --- a/htdocs/compta/stats/supplier_turnover.php +++ b/htdocs/compta/stats/supplier_turnover.php @@ -47,8 +47,8 @@ if (empty($year)) { $month_current = strftime("%m", dol_now()); $year_start = $year - ($nbofyear - 1); } -$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear); -$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear); +$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzuserrel'); // We define date_start and date_end if (empty($date_start) || empty($date_end)) { // We define date_start and date_end @@ -120,8 +120,6 @@ if (!empty($conf->accounting->enabled)) { } - - /* * View */ diff --git a/htdocs/compta/stats/supplier_turnover_by_prodserv.php b/htdocs/compta/stats/supplier_turnover_by_prodserv.php index bdf4e5e0f85..26659c851f9 100644 --- a/htdocs/compta/stats/supplier_turnover_by_prodserv.php +++ b/htdocs/compta/stats/supplier_turnover_by_prodserv.php @@ -30,27 +30,14 @@ require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; // Load translation files required by the page $langs->loadLangs(array("products", "categories", "errors", 'accountancy')); -// Security pack (data & check) -$socid = GETPOST('socid', 'int'); - -if ($user->socid > 0) { - $socid = $user->socid; -} -if (!empty($conf->comptabilite->enabled)) { - $result = restrictedArea($user, 'compta', '', '', 'resultat'); -} -if (!empty($conf->accounting->enabled)) { - $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); -} - // Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES') $modecompta = $conf->global->ACCOUNTING_MODE; if (GETPOST("modecompta")) { $modecompta = GETPOST("modecompta"); } -$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"]; -$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"]; +$sortorder = GETPOST("sortorder", 'aZ09'); +$sortfield = GETPOST("sortfield", 'aZ09'); if (!$sortorder) { $sortorder = "asc"; } @@ -84,16 +71,16 @@ $date_endyear = GETPOST("date_endyear"); $date_endmonth = GETPOST("date_endmonth"); $date_endday = GETPOST("date_endday"); if (empty($year)) { - $year_current = strftime("%Y", dol_now()); - $month_current = strftime("%m", dol_now()); + $year_current = dol_print_date(dol_now(), '%Y'); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year_current; } else { $year_current = $year; - $month_current = strftime("%m", dol_now()); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int"); @@ -204,6 +191,19 @@ foreach ($allparams as $key => $value) { $paramslink .= '&'.$key.'='.$value; } +// Security pack (data & check) +$socid = GETPOST('socid', 'int'); + +if ($user->socid > 0) { + $socid = $user->socid; +} +if (!empty($conf->comptabilite->enabled)) { + $result = restrictedArea($user, 'compta', '', '', 'resultat'); +} +if (!empty($conf->accounting->enabled)) { + $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); +} + /* * View diff --git a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php index fbfb0994e4a..0530d58ee87 100644 --- a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php +++ b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php @@ -38,8 +38,8 @@ if (GETPOST("modecompta")) { $modecompta = GETPOST("modecompta"); } -$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"]; -$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"]; +$sortorder = GETPOST("sortorder", 'aZ09'); +$sortfield = GETPOST("sortfield", 'aZ09'); if (!$sortorder) { $sortorder = "asc"; } @@ -59,17 +59,6 @@ if (GETPOST('subcat', 'alpha') === 'yes') { // Hook $hookmanager->initHooks(array('supplierturnoverbythirdpartylist')); -// Security check -if ($user->socid > 0) { - $socid = $user->socid; -} -if (!empty($conf->comptabilite->enabled)) { - $result = restrictedArea($user, 'compta', '', '', 'resultat'); -} -if (!empty($conf->accounting->enabled)) { - $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); -} - // Date range $year = GETPOST("year", 'int'); $month = GETPOST("month", 'int'); @@ -84,16 +73,16 @@ $date_endyear = GETPOST("date_endyear", 'alpha'); $date_endmonth = GETPOST("date_endmonth", 'alpha'); $date_endday = GETPOST("date_endday", 'alpha'); if (empty($year)) { - $year_current = strftime("%Y", dol_now()); - $month_current = strftime("%m", dol_now()); + $year_current = dol_print_date(dol_now(), '%Y'); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year_current; } else { $year_current = $year; - $month_current = strftime("%m", dol_now()); + $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int") ?GETPOST("q", "int") : 0; @@ -175,6 +164,17 @@ foreach ($allparams as $key => $value) { $paramslink .= '&'.$key.'='.$value; } +// Security check +if ($user->socid > 0) { + $socid = $user->socid; +} +if (!empty($conf->comptabilite->enabled)) { + $result = restrictedArea($user, 'compta', '', '', 'resultat'); +} +if (!empty($conf->accounting->enabled)) { + $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); +} + /* * View diff --git a/htdocs/langs/en_US/users.lang b/htdocs/langs/en_US/users.lang index 996ba20ab7d..d4326fc08c9 100644 --- a/htdocs/langs/en_US/users.lang +++ b/htdocs/langs/en_US/users.lang @@ -72,7 +72,7 @@ ExportDataset_user_1=Users and their properties DomainUser=Domain user %s Reactivate=Reactivate CreateInternalUserDesc=This form allows you to create an internal user in your company/organization. To create an external user (customer, vendor etc. ..), use the button 'Create Dolibarr User' from that third-party's contact card. -InternalExternalDesc=An internal user is a user that is part of your company/organization.
An external user is a customer, vendor or other (Creating an external user for a third-party can be done from the contact record of the third-party).

In both cases, permissions defines rights on Dolibarr, also external user can have a different menu manager than internal user (See Home - Setup - Display) +InternalExternalDesc=An internal user is a user that is part of your company/organization.
An external user is a customer, vendor or other that must view only data related to himself (Creating an external user for a third-party can be done from the contact record of the third-party).

In both cases, permissions defines rights on Dolibarr, also external user can have a different menu manager than internal user (See Home - Setup - Display) PermissionInheritedFromAGroup=Permission granted because inherited from one of a user's group. Inherited=Inherited UserWillBe=Created user will be From 640f5f6051818f98d0c123171e5a5c49630ff41c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Mar 2021 14:41:48 +0100 Subject: [PATCH 34/85] FIx #yogosha5661 --- htdocs/compta/cashcontrol/cashcontrol_card.php | 14 +++++++++----- htdocs/compta/cashcontrol/cashcontrol_list.php | 16 ++++++++-------- htdocs/compta/cashcontrol/report.php | 9 +++++++++ 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/htdocs/compta/cashcontrol/cashcontrol_card.php b/htdocs/compta/cashcontrol/cashcontrol_card.php index da018dd1f06..ccaa0158af2 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_card.php +++ b/htdocs/compta/cashcontrol/cashcontrol_card.php @@ -67,11 +67,6 @@ if ($contextpage == 'takepos') { $_GET['optioncss'] = 'print'; } -// Security check -if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) { - accessforbidden(); -} - $arrayofpaymentmode = array('cash'=>'Cash', 'cheque'=>'Cheque', 'card'=>'CreditCard'); $arrayofposavailable = array(); @@ -95,6 +90,15 @@ $hookmanager->initHooks(array('cashcontrolcard', 'globalcard')); // Load object include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. +// Security check +if ($user->socid > 0) { // Protection if external user + //$socid = $user->socid; + accessforbidden(); +} +if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) { + accessforbidden(); +} + /* * Actions diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php index 6c4141e4b6a..3b97b967208 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_list.php +++ b/htdocs/compta/cashcontrol/cashcontrol_list.php @@ -94,14 +94,6 @@ if (!$sortorder) { $sortorder = "ASC"; } -// Security check -$socid = 0; -if ($user->socid > 0) { // Protection if external user - //$socid = $user->socid; - accessforbidden(); -} -//$result = restrictedArea($user, 'monmodule', $id, ''); - // Initialize array of search criterias $search_all = GETPOST("search_all", 'alpha'); $search = array(); @@ -133,6 +125,14 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); +// Security check +if ($user->socid > 0) { // Protection if external user + //$socid = $user->socid; + accessforbidden(); +} +if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) { + accessforbidden(); +} /* diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index f6c58aa858c..95c18dbf261 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -72,6 +72,15 @@ $sday = $cashcontrol->day_close; $posmodule = $cashcontrol->posmodule; $terminalid = $cashcontrol->posnumber; +// Security check +if ($user->socid > 0) { // Protection if external user + //$socid = $user->socid; + accessforbidden(); +} +if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) { + accessforbidden(); +} + /* * View From c3f8e0e3978921bb1e1448b526e19ed92bff266f Mon Sep 17 00:00:00 2001 From: Alexis LAURIER Date: Thu, 18 Mar 2021 16:21:54 +0100 Subject: [PATCH 35/85] invoice list - add new standard hook --- htdocs/compta/facture/list.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 9b3dce589fb..3722cb3a98a 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -493,6 +493,10 @@ if ($search_user > 0) { $sql .= ", ".MAIN_DB_PREFIX."element_contact as ec"; $sql .= ", ".MAIN_DB_PREFIX."c_type_contact as tc"; } +// Add table from hooks +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; @@ -865,6 +869,10 @@ if ($resql) { // Add $param from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php'; + // Add $param from hooks + $parameters = array(); + $reshook = $hookmanager->executeHooks('printFieldListSearchParam', $parameters, $object); // Note that $action and $object may have been modified by hook + $param .= $hookmanager->resPrint; $arrayofmassactions = array( 'validate'=>$langs->trans("Validate"), From 06bc9996148450ef8c4daef0809cfa05be626fff Mon Sep 17 00:00:00 2001 From: Alexis LAURIER Date: Thu, 18 Mar 2021 16:51:02 +0100 Subject: [PATCH 36/85] Add group by and having hooks on invoice list --- htdocs/compta/facture/list.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 3722cb3a98a..81225b289bf 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -697,6 +697,16 @@ if (!$sall) { $sql .= natural_search(array_keys($fieldstosearchall), $sall); } +// Add GroupBy from hooks +$parameters = array('all' => $all, 'fieldstosearchall' => $fieldstosearchall); +$reshook = $hookmanager->executeHooks('printFieldListGroupBy', $parameters, $object); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; + +// Add HAVING from hooks +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; + $sql .= ' ORDER BY '; $listfield = explode(',', $sortfield); $listorder = explode(',', $sortorder); From ada5d728b5d3bcdd18f8aa70bf2427003cfe46eb Mon Sep 17 00:00:00 2001 From: Alexis LAURIER Date: Thu, 18 Mar 2021 17:00:57 +0100 Subject: [PATCH 37/85] invoice list - ajust hooks --- htdocs/compta/facture/list.php | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 81225b289bf..63e3fa1e2c2 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -693,19 +693,18 @@ if (!$sall) { $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key : ''); } } + // Add GroupBy from hooks + $parameters = array('all' => $all, 'fieldstosearchall' => $fieldstosearchall); + $reshook = $hookmanager->executeHooks('printFieldListGroupBy', $parameters, $object); // Note that $action and $object may have been modified by hook + $sql .= $hookmanager->resPrint; } else { $sql .= natural_search(array_keys($fieldstosearchall), $sall); } -// Add GroupBy from hooks -$parameters = array('all' => $all, 'fieldstosearchall' => $fieldstosearchall); -$reshook = $hookmanager->executeHooks('printFieldListGroupBy', $parameters, $object); // Note that $action and $object may have been modified by hook -$sql .= $hookmanager->resPrint; - // Add HAVING from hooks $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook -$sql .= $hookmanager->resPrint; +$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 AND ' . $hookmanager->resPrint) : ''; $sql .= ' ORDER BY '; $listfield = explode(',', $sortfield); From 5b72193f0d381aaa33ff8bfcb2661b734de39d36 Mon Sep 17 00:00:00 2001 From: Alexis LAURIER Date: Thu, 18 Mar 2021 17:06:49 +0100 Subject: [PATCH 38/85] invoice list - ajust hooks --- htdocs/compta/facture/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 63e3fa1e2c2..31365b33b58 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -704,7 +704,7 @@ if (!$sall) { // Add HAVING from hooks $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook -$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 AND ' . $hookmanager->resPrint) : ''; +$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 ' . $hookmanager->resPrint) : ''; $sql .= ' ORDER BY '; $listfield = explode(',', $sortfield); From f810fffc01a7b5a4581ec3cd84f3a5574a717c89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 18:50:38 +0100 Subject: [PATCH 39/85] fix php8 wzrning --- htdocs/core/ajax/ajaxdirtree.php | 2 ++ htdocs/ecm/class/ecmdirectory.class.php | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/core/ajax/ajaxdirtree.php b/htdocs/core/ajax/ajaxdirtree.php index 432a0e628db..dab5206fc7d 100644 --- a/htdocs/core/ajax/ajaxdirtree.php +++ b/htdocs/core/ajax/ajaxdirtree.php @@ -288,6 +288,7 @@ if (empty($conf->use_javascript_ajax) || !empty($conf->global->MAIN_ECM_DISABLE_ print '
'."\n"; // -------------------------------------------------------------------- $i = 0; $totalarray = array(); +$totalarray['nbfield'] = 0; while ($i < min($num, $limit)) { $obj = $db->fetch_object($resql); if (empty($obj)) { From 8423bd676c48d298fc7dad37c0fae56818247fee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 22:26:14 +0100 Subject: [PATCH 60/85] fix php8 warning --- htdocs/societe/card.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index f6ab780779a..6f9ee362a82 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -12,7 +12,7 @@ * Copyright (C) 2015 Raphaël Doursenaud * Copyright (C) 2018 Nicolas ZABOURI * Copyright (C) 2018 Ferran Marcet - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -2081,7 +2081,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (!empty($value['icon'])) { print ''; } - print ''; + print ''; print ''; print ''; } elseif (!empty($object->socialnetworks[$key])) { @@ -2091,7 +2091,9 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { } // Prof ids - $i = 1; $j = 0; $NBCOLS = ($conf->browser->layout == 'phone' ? 1 : 2); + $i = 1; + $j = 0; + $NBCOLS = ($conf->browser->layout == 'phone' ? 1 : 2); while ($i <= 6) { $idprof = $langs->transcountry('ProfId'.$i, $object->country_code); if ($idprof != '-') { From ba33bc8eacddb1ce91091b4e8946e9373ad3b023 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 22:29:08 +0100 Subject: [PATCH 61/85] fix php8 warning --- htdocs/contact/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 0ee4cb10637..eac12a23071 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -8,7 +8,7 @@ * Copyright (C) 2013-2016 Alexandre Spangaro * Copyright (C) 2014 Juanjo Menent * Copyright (C) 2015 Jean-François Ferry - * Copyright (C) 2018-2020 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2019 Josep Lluís Amador * Copyright (C) 2020 Open-Dsi * @@ -1075,7 +1075,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (!empty($value['icon'])) { print ''; } - print ''; + print ''; print ''; print ''; } elseif (!empty($object->socialnetworks[$key])) { From 181436f279d7bd446d4a0fafa52dcaafef8dce65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 22:31:41 +0100 Subject: [PATCH 62/85] fix php8 warning --- htdocs/contact/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 0ee4cb10637..109a50fb180 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -1035,7 +1035,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Unsubscribe if (!empty($conf->mailing->enabled)) { - if ($conf->use_javascript_ajax && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS==-1) { + if ($conf->use_javascript_ajax && isset($conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS) && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS == -1) { print "\n".' + '; + */ print ''; print dol_get_fiche_end(); diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index 53d43583a9c..be91d475d4d 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -454,11 +454,14 @@ if (empty($numref)) { // Date de valeur print '\n"; // Type and num @@ -656,6 +659,29 @@ if (empty($numref)) { print "\n"; print "
'; if ($mesg) { print $mesg; } else { From a420d0acbd98b9c70da5f2b7c932343a5de5c391 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 18:40:11 +0100 Subject: [PATCH 13/85] fix php8 warnings --- htdocs/projet/tasks/stats/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/projet/tasks/stats/index.php b/htdocs/projet/tasks/stats/index.php index be6ac3c7802..d2c53943506 100644 --- a/htdocs/projet/tasks/stats/index.php +++ b/htdocs/projet/tasks/stats/index.php @@ -134,7 +134,7 @@ if (!count($arrayyears)) { $h = 0; $head = array(); -$head[$h][0] = DOL_URL_ROOT.'/projet/tasks/stats/index.php?'; +$head[$h][0] = DOL_URL_ROOT.'/projet/tasks/stats/index.php'; $head[$h][1] = $langs->trans("ByMonthYear"); $head[$h][2] = 'byyear'; $h++; From fced63e93b0cc794b043d2f0c9221efe5ab3128a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 20:11:22 +0100 Subject: [PATCH 14/85] fix php8 warning --- htdocs/core/class/commonobject.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 04cbf0eb5a9..4f5ad18768e 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -860,7 +860,7 @@ abstract class CommonObject if (!empty($conf->socialnetworks->enabled)) { $outsocialnetwork = ''; - if (is_array($this->socialnetworks) && count($this->socialnetworks) > 0) { + if (!empty($this->socialnetworks) && is_countable($this->socialnetworks) && count($this->socialnetworks) > 0) { $socialnetworksdict = getArrayOfSocialNetworks(); foreach ($this->socialnetworks as $key => $value) { if ($value) { From 9609c3095a1909f2fa7d1895c6a77a3c216ca71d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 20:13:20 +0100 Subject: [PATCH 15/85] fix php8 warnings --- htdocs/core/lib/functions.lib.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 1ff47bd2de3..a5c4a1db7da 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1868,7 +1868,7 @@ function dol_banner_tab($object, $paramid, $morehtml = '', $shownav = 1, $fieldi } } - if (!$phototoshow) { // Show No photo link (picto of object) + if (empty($phototoshow)) { // Show No photo link (picto of object) $morehtmlleft .= '
'; if ($object->element == 'action') { $width = 80; @@ -2061,33 +2061,33 @@ function dol_format_address($object, $withcountry = 0, $sep = "\n", $outputlangs // See format of addresses on https://en.wikipedia.org/wiki/Address // Address if (empty($mode)) { - $ret .= ($extralangcode ? $object->array_languages['address'][$extralangcode] : $object->address); + $ret .= ($extralangcode ? $object->array_languages['address'][$extralangcode] : (empty($object->address) ? '' : $object->address)); } // Zip/Town/State if (isset($object->country_code) && in_array($object->country_code, array('AU', 'CA', 'US')) || !empty($conf->global->MAIN_FORCE_STATE_INTO_ADDRESS)) { // US: title firstname name \n address lines \n town, state, zip \n country - $town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : $object->town); + $town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : (empty($object->town) ? '' : $object->town)); $ret .= ($ret ? $sep : '').$town; if (!empty($object->state)) { $ret .= ($ret ? ", " : '').$object->state; } - if ($object->zip) { + if (!empty($object->zip)) { $ret .= ($ret ? ", " : '').$object->zip; } } elseif (isset($object->country_code) && in_array($object->country_code, array('GB', 'UK'))) { // UK: title firstname name \n address lines \n town state \n zip \n country - $town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : $object->town); + $town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : (empty($object->town) ? '' : $object->town)); $ret .= ($ret ? $sep : '').$town; if (!empty($object->state)) { $ret .= ($ret ? ", " : '').$object->state; } - if ($object->zip) { + if (!empty($object->zip)) { $ret .= ($ret ? $sep : '').$object->zip; } } elseif (isset($object->country_code) && in_array($object->country_code, array('ES', 'TR'))) { // ES: title firstname name \n address lines \n zip town \n state \n country $ret .= ($ret ? $sep : '').$object->zip; - $town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : $object->town); + $town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : (empty($object->town) ? '' : $object->town)); $ret .= ($town ? (($object->zip ? ' ' : '').$town) : ''); if (!empty($object->state)) { $ret .= "\n".$object->state; @@ -2095,12 +2095,12 @@ function dol_format_address($object, $withcountry = 0, $sep = "\n", $outputlangs } elseif (isset($object->country_code) && in_array($object->country_code, array('IT'))) { // IT: tile firstname name\n address lines \n zip (Code Departement) \n country $ret .= ($ret ? $sep : '').$object->zip; - $town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : $object->town); + $town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : (empty($object->town) ? '' : $object->town)); $ret .= ($town ? (($object->zip ? ' ' : '').$town) : ''); $ret .= (empty($object->state_code) ? '' : (' '.$object->state_code)); } else { // Other: title firstname name \n address lines \n zip town \n country - $town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : $object->town); - $ret .= $object->zip ? (($ret ? $sep : '').$object->zip) : ''; + $town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : (empty($object->town) ? '' : $object->town)); + $ret .= !empty($object->zip) ? (($ret ? $sep : '').$object->zip) : ''; $ret .= ($town ? (($object->zip ? ' ' : ($ret ? $sep : '')).$town) : ''); if (!empty($object->state) && in_array($object->country_code, $countriesusingstate)) { $ret .= ($ret ? ", " : '').$object->state; From afafe81d8a16fc694fa172d3dc083fc01de8230b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 21:36:47 +0100 Subject: [PATCH 16/85] fix php8 warning --- htdocs/product/list.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 5bc973e56b7..b10e3aadcc8 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -1197,6 +1197,7 @@ if ($resql) { $i = 0; $totalarray = array(); + $totalarray['nbfield'] = 0; while ($i < min($num, $limit)) { $obj = $db->fetch_object($resql); From da3fcf3ca50670746ec072bd8c525e1dbde7226f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 22:16:54 +0100 Subject: [PATCH 17/85] fix php8 warning --- htdocs/core/lib/company.lib.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 09f7fbed871..05b3a717a49 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1190,7 +1190,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '') $obj = $db->fetch_object($result); $contactstatic->id = $obj->rowid; - $contactstatic->ref = $obj->ref; + $contactstatic->ref = $obj->rowid; $contactstatic->statut = $obj->statut; $contactstatic->lastname = $obj->lastname; $contactstatic->firstname = $obj->firstname; @@ -1204,7 +1204,6 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '') $contactstatic->phone_mobile = $obj->phone_mobile; $contactstatic->phone_perso = $obj->phone_perso; $contactstatic->email = $obj->email; - $contactstatic->web = $obj->web; $contactstatic->socialnetworks = $obj->socialnetworks; $contactstatic->photo = $obj->photo; From 00cd4cd95300410f8b72a4adb6de2bef4032f123 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 22:19:40 +0100 Subject: [PATCH 18/85] fix php8 warning --- htdocs/core/lib/contact.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/contact.lib.php b/htdocs/core/lib/contact.lib.php index efb29e5148a..60612043c25 100644 --- a/htdocs/core/lib/contact.lib.php +++ b/htdocs/core/lib/contact.lib.php @@ -1,7 +1,7 @@ * Copyright (C) 2010-2017 Regis Houssin - * Copyright (C) 2015 Frederic France + * Copyright (C) 2015-2021 Frederic France * Copyright (C) 2015 Raphaël Doursenaud * * This program is free software; you can redistribute it and/or modify @@ -98,7 +98,7 @@ function contact_prepare_head(Contact $object) // Agenda / Events $head[$tab][0] = DOL_URL_ROOT.'/contact/agenda.php?id='.$object->id; - $head[$tab][1] .= $langs->trans("Events"); + $head[$tab][1] = $langs->trans("Events"); if (!empty($conf->agenda->enabled) && (!empty($user->rights->agenda->myactions->read) || !empty($user->rights->agenda->allactions->read))) { $head[$tab][1] .= '/'; $head[$tab][1] .= $langs->trans("Agenda"); From 8ab80435577c3a8e76ee1f85cbae19dd75e59535 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 22:27:39 +0100 Subject: [PATCH 19/85] fix php8 warning --- htdocs/comm/propal/stats/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php index e18891f3c60..3cb6de90a8d 100644 --- a/htdocs/comm/propal/stats/index.php +++ b/htdocs/comm/propal/stats/index.php @@ -81,7 +81,7 @@ $langs->loadLangs(array('propal', 'other', 'companies')); if ($mode == 'customer') { $picto = 'propal'; $title = $langs->trans("ProposalsStatistics"); - $dir = $conf->propale->dir_temp; + $dir = $conf->propal->dir_temp; $cat_type = Categorie::TYPE_CUSTOMER; $cat_label = $langs->trans("Category").' '.lcfirst($langs->trans("Customer")); } From 22ac6c79b3527820030b715449b578d606573e06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 22:29:33 +0100 Subject: [PATCH 20/85] fix php8 warning --- htdocs/core/class/html.formother.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index ed986cadbb3..78212ca3580 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -362,7 +362,7 @@ class FormOther if (!is_numeric($showempty)) { $textforempty = $showempty; } - $moreforfilter .= ''."\n"; + $moreforfilter .= ''."\n"; //$moreforfilter .= ''; // Should use -1 to say nothing } From f9e1624a78825eedc93c32b22df91cf40833ea6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 22:41:18 +0100 Subject: [PATCH 21/85] fix php8 warning --- htdocs/accountancy/journal/bankjournal.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index b79b8433c03..32ff8e4c35d 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -7,7 +7,7 @@ * Copyright (C) 2013-2019 Alexandre Spangaro * Copyright (C) 2013-2014 Florian Henry * Copyright (C) 2013-2014 Olivier Geffroy - * Copyright (C) 2017-2020 Frédéric France + * Copyright (C) 2017-2021 Frédéric France * Copyright (C) 2018 Ferran Marcet * Copyright (C) 2018 Eric Seigne * Copyright (C) 2021 Gauthier VERDOL @@ -954,13 +954,18 @@ if (empty($action) || $action == 'view') { $nom = $langs->trans("FinanceJournal").' | '.$accountingjournalstatic->getNomUrl(0, 1, 1, '', 1); $builddate = dol_now(); //$description = $langs->trans("DescFinanceJournal") . '
'; - $description .= $langs->trans("DescJournalOnlyBindedVisible").'
'; + $description = $langs->trans("DescJournalOnlyBindedVisible").'
'; - $listofchoices = array('notyet'=>$langs->trans("NotYetInGeneralLedger"), 'already'=>$langs->trans("AlreadyInGeneralLedger")); + $listofchoices = array( + 'notyet'=>$langs->trans("NotYetInGeneralLedger"), + 'already'=>$langs->trans("AlreadyInGeneralLedger") + ); $period = $form->selectDate($date_start ? $date_start : -1, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end ? $date_end : -1, 'date_end', 0, 0, 0, '', 1, 0); $period .= ' - '.$langs->trans("JournalizationInLedgerStatus").' '.$form->selectarray('in_bookkeeping', $listofchoices, $in_bookkeeping, 1); $varlink = 'id_journal='.$id_journal; + $periodlink = ''; + $exportlink = ''; journalHead($nom, '', $period, $periodlink, $description, $builddate, $exportlink, array('action' => ''), '', $varlink); From ca8884b5ec37c8efaa7f18c4f75c95b2d6d47d74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 22:53:01 +0100 Subject: [PATCH 22/85] fix php8 warning --- htdocs/resource/class/dolresource.class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index b3d7fab8082..5ab07cdd536 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -493,6 +493,7 @@ class Dolresource extends CommonObject $sql .= " t.entity,"; $sql .= " t.ref,"; $sql .= " t.description,"; + $sql .= " t.fk_country,"; $sql .= " t.fk_code_type_resource,"; $sql .= " t.tms,"; // Add fields from extrafields From 02ca37b82a56000cbae9a865613e17809c225c26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 23:07:25 +0100 Subject: [PATCH 23/85] fix php8 warning --- htdocs/compta/bank/transfer.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/compta/bank/transfer.php b/htdocs/compta/bank/transfer.php index 0533a04c12f..c94f8810cd8 100644 --- a/htdocs/compta/bank/transfer.php +++ b/htdocs/compta/bank/transfer.php @@ -233,6 +233,7 @@ $account_from = ''; $account_to = ''; $label = ''; $amount = ''; +$amountto = ''; if ($error) { $account_from = GETPOST('account_from', 'int'); From efe75b5d0d84018c0dc3f73c2c4f9b8ced357577 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 17 Mar 2021 23:45:48 +0100 Subject: [PATCH 24/85] fix php8 warning --- htdocs/adherents/admin/adherent.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/admin/adherent.php b/htdocs/adherents/admin/adherent.php index 092d9b0de38..3d40f8d758b 100644 --- a/htdocs/adherents/admin/adherent.php +++ b/htdocs/adherents/admin/adherent.php @@ -8,7 +8,7 @@ * Copyright (C) 2011-2012 Juanjo Menent * Copyright (C) 2012 J. Fernando Lagrange * Copyright (C) 2015 Jean-François Ferry - * Copyright (C) 2020 Frédéric France + * Copyright (C) 2020-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -254,7 +254,8 @@ if ($conf->facture->enabled) { if (!empty($conf->product->enabled) || !empty($conf->service->enabled)) { print '
'.$langs->trans("ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS").''; - $form->select_produits($conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS, 'ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS', '', 0); + $selected = (empty($conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS) ? '' : $conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS); + $form->select_produits($selected, 'ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS', '', 0); print '
'.$langs->trans("ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS").''; - $form->select_produits($conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS, 'ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS', '', 0); + $selected = (empty($conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS) ? '' : $conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS); + $form->select_produits($selected, 'ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS', '', 0); print '
trans("Totalizable"); ?>>
textwithpicto($langs->trans("HelpOnTooltip"), $langs->trans("HelpOnTooltipDesc")); ?>
textwithpicto($langs->trans("HelpOnTooltip"), $langs->trans("HelpOnTooltipDesc")); ?>
trans("AllEntities"); ?>>
textwithpicto($langs->trans("HelpOnTooltip"), $langs->trans("HelpOnTooltipDesc")); ?>
trans("AllEntities"); ?>>
'.$langs->trans("AlwaysEditable").''.$form->textwithpicto($langs->trans("Visible"), $langs->trans("VisibleDesc")).''.$form->textwithpicto($langs->trans("DisplayOnPdf"), $langs->trans("DisplayOnPdfDesc")).''.$form->textwithpicto($langs->trans("Totalizable"), $langs->trans("TotalizableDesc")).''.$langs->trans("Entities").' '; $userstatic->id = $val['fk_user_c']; $userstatic->lastname = $val['login_c']; + $userstatic->lastname = $val['statut_c']; $htmltooltip = ''.$langs->trans("ECMSection").': '.$val['label'].'
'; $htmltooltip = ''.$langs->trans("Type").': '.$langs->trans("ECMSectionManual").'
'; $htmltooltip .= ''.$langs->trans("ECMCreationUser").': '.$userstatic->getNomUrl(1, '', false, 1).'
'; @@ -454,6 +455,7 @@ function treeOutputForAbsoluteDir($sqltree, $selecteddir, $fullpathselecteddir, print '		'; $userstatic->id = isset($val['fk_user_c']) ? $val['fk_user_c'] : 0; $userstatic->lastname = isset($val['login_c']) ? $val['login_c'] : 0; + $userstatic->statut = isset($val['statut_c']) ? $val['statut_c'] : 0; $htmltooltip = ''.$langs->trans("ECMSection").': '.$val['label'].'
'; $htmltooltip = ''.$langs->trans("Type").': '.$langs->trans("ECMSectionManual").'
'; $htmltooltip .= ''.$langs->trans("ECMCreationUser").': '.$userstatic->getNomUrl(1, '', false, 1).'
'; diff --git a/htdocs/ecm/class/ecmdirectory.class.php b/htdocs/ecm/class/ecmdirectory.class.php index 5222fc0d21a..52897e84b1a 100644 --- a/htdocs/ecm/class/ecmdirectory.class.php +++ b/htdocs/ecm/class/ecmdirectory.class.php @@ -646,6 +646,7 @@ class EcmDirectory extends CommonObject $sql .= " c.fk_user_c,"; $sql .= " c.date_c,"; $sql .= " u.login as login_c,"; + $sql .= " u.statut as statut_c,"; $sql .= " ca.rowid as rowid_fille"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."ecm_directories as c"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."ecm_directories as ca"; @@ -667,7 +668,8 @@ class EcmDirectory extends CommonObject $this->cats[$obj->rowid]['description'] = $obj->description; $this->cats[$obj->rowid]['cachenbofdoc'] = $obj->cachenbofdoc; $this->cats[$obj->rowid]['date_c'] = $this->db->jdate($obj->date_c); - $this->cats[$obj->rowid]['fk_user_c'] = $obj->fk_user_c; + $this->cats[$obj->rowid]['fk_user_c'] = (int) $obj->fk_user_c; + $this->cats[$obj->rowid]['statut_c'] = (int) $obj->statut_c; $this->cats[$obj->rowid]['login_c'] = $obj->login_c; if (!empty($obj->rowid_fille)) { From 3380f740e541da9dbaa618401753d4569bce924c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 18:56:28 +0100 Subject: [PATCH 40/85] need to clean glasses --- htdocs/core/ajax/ajaxdirtree.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/ajax/ajaxdirtree.php b/htdocs/core/ajax/ajaxdirtree.php index dab5206fc7d..1977cfac6e4 100644 --- a/htdocs/core/ajax/ajaxdirtree.php +++ b/htdocs/core/ajax/ajaxdirtree.php @@ -288,7 +288,7 @@ if (empty($conf->use_javascript_ajax) || !empty($conf->global->MAIN_ECM_DISABLE_ print '		'; $userstatic->id = $val['fk_user_c']; $userstatic->lastname = $val['login_c']; - $userstatic->lastname = $val['statut_c']; + $userstatic->statut = $val['statut_c']; $htmltooltip = ''.$langs->trans("ECMSection").': '.$val['label'].'
'; $htmltooltip = ''.$langs->trans("Type").': '.$langs->trans("ECMSectionManual").'
'; $htmltooltip .= ''.$langs->trans("ECMCreationUser").': '.$userstatic->getNomUrl(1, '', false, 1).'
'; From 461d748f97517945ec3638d06695c97d7d4d6775 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Mar 2021 20:27:36 +0100 Subject: [PATCH 41/85] Fix #yogosha235 --- htdocs/compta/facture/card-rec.php | 3 ++- htdocs/compta/facture/card.php | 14 +++++----- htdocs/compta/facture/class/facture.class.php | 2 +- htdocs/compta/facture/contact.php | 16 +++++------- htdocs/compta/facture/document.php | 14 +++++----- htdocs/compta/facture/info.php | 26 ++++++++++++++++--- .../compta/facture/invoicetemplate_list.php | 5 ++++ htdocs/compta/facture/note.php | 13 ++++++---- 8 files changed, 59 insertions(+), 34 deletions(-) diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php index c1c0f83cecb..167e9e4a577 100644 --- a/htdocs/compta/facture/card-rec.php +++ b/htdocs/compta/facture/card-rec.php @@ -65,7 +65,6 @@ $objecttype = 'facture_rec'; if ($action == "create" || $action == "add") { $objecttype = ''; } -$result = restrictedArea($user, 'facture', $id, $objecttype); $projectid = GETPOST('projectid', 'int'); $year_date_when = GETPOST('year_date_when'); @@ -127,6 +126,8 @@ $now = dol_now(); $error = 0; +$result = restrictedArea($user, 'facture', $object->id, $objecttype); + /* * Actions diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 0433d9eb746..cd1905f528f 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -138,19 +138,19 @@ $permissiondellink = $usercancreate; // Used by the include of actions_dellink.i $permissiontoedit = $usercancreate; // Used by the include of actions_lineupdonw.inc.php $permissiontoadd = $usercancreate; // Used by the include of actions_addupdatedelete.inc.php +// retained warranty invoice available type +$retainedWarrantyInvoiceAvailableType = array(); +if (!empty($conf->global->INVOICE_USE_RETAINED_WARRANTY)) { + $retainedWarrantyInvoiceAvailableType = explode('+', $conf->global->INVOICE_USE_RETAINED_WARRANTY); +} + // Security check $fieldid = (!empty($ref) ? 'ref' : 'rowid'); if ($user->socid) { $socid = $user->socid; } $isdraft = (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0); -$result = restrictedArea($user, 'facture', $id, '', '', 'fk_soc', $fieldid, $isdraft); - -// retained warranty invoice available type -$retainedWarrantyInvoiceAvailableType = array(); -if (!empty($conf->global->INVOICE_USE_RETAINED_WARRANTY)) { - $retainedWarrantyInvoiceAvailableType = explode('+', $conf->global->INVOICE_USE_RETAINED_WARRANTY); -} +$result = restrictedArea($user, 'facture', $object->id, '', '', 'fk_soc', $fieldid, $isdraft); /* diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 69356287288..a51ad8f65fa 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1553,7 +1553,7 @@ class Facture extends CommonInvoice * @param string $ref Reference of invoice * @param string $ref_ext External reference of invoice * @param int $notused Not used - * @param bool $fetch_situation Fetch the previous and next situation in $tab_previous_situation_invoice and $tab_next_situation_invoice + * @param bool $fetch_situation Load also the previous and next situation invoice into $tab_previous_situation_invoice and $tab_next_situation_invoice * @return int >0 if OK, <0 if KO, 0 if not found */ public function fetch($rowid, $ref = '', $ref_ext = '', $notused = '', $fetch_situation = false) diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php index dc1fe1e7c45..19e76b15c5c 100644 --- a/htdocs/compta/facture/contact.php +++ b/htdocs/compta/facture/contact.php @@ -48,9 +48,14 @@ $action = GETPOST('action', 'aZ09'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'facture', $id); $object = new Facture($db); +// Load object +if ($id > 0 || !empty($ref)) { + $ret = $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION); +} + +$result = restrictedArea($user, 'facture', $object->id); /* @@ -58,8 +63,6 @@ $object = new Facture($db); */ if ($action == 'addcontact' && $user->rights->facture->creer) { - $result = $object->fetch($id); - if ($result > 0 && $id > 0) { $contactid = (GETPOST('userid') ? GETPOST('userid', 'int') : GETPOST('contactid', 'int')); $typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type')); @@ -79,14 +82,9 @@ if ($action == 'addcontact' && $user->rights->facture->creer) { } } elseif ($action == 'swapstatut' && $user->rights->facture->creer) { // Toggle the status of a contact - if ($object->fetch($id)) { - $result = $object->swapContactStatus(GETPOST('ligne')); - } else { - dol_print_error($db); - } + $result = $object->swapContactStatus(GETPOST('ligne')); } elseif ($action == 'deletecontact' && $user->rights->facture->creer) { // Deletes a contact - $object->fetch($id); $result = $object->delete_contact($lineid); if ($result >= 0) { diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index c44aeae67ca..4c0544e3810 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -48,12 +48,6 @@ $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'facture', $id, ''); - // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -73,11 +67,17 @@ if (!$sortfield) { } $object = new Facture($db); -if ($object->fetch($id)) { +if ($object->fetch($id, $ref)) { $object->fetch_thirdparty(); $upload_dir = $conf->facture->dir_output."/".dol_sanitizeFileName($object->ref); } +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'facture', $object->id, ''); + /* * Actions diff --git a/htdocs/compta/facture/info.php b/htdocs/compta/facture/info.php index 97646d56103..5b9b7fc4316 100644 --- a/htdocs/compta/facture/info.php +++ b/htdocs/compta/facture/info.php @@ -38,6 +38,25 @@ $langs->loadLangs(array('companies', 'bills')); $id = GETPOST("facid", "int"); $ref = GETPOST("ref", 'alpha'); +$object = new Facture($db); +$extrafields = new ExtraFields($db); + +// Fetch optionals attributes and labels +$extrafields->fetch_name_optionals_label($object->table_element); + +// Load object +if ($id > 0 || !empty($ref)) { + $ret = $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION); +} + +// Security check +$fieldid = (!empty($ref) ? 'ref' : 'rowid'); +if ($user->socid) { + $socid = $user->socid; +} +$isdraft = (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0); +$result = restrictedArea($user, 'facture', $object->id, '', '', 'fk_soc', $fieldid, $isdraft); + /* * View @@ -46,11 +65,10 @@ $ref = GETPOST("ref", 'alpha'); $form = new Form($db); $title = $langs->trans('InvoiceCustomer')." - ".$langs->trans('Info'); -$helpurl = "EN:Customers_Invoices|FR:Factures_Clients|ES:Facturas_a_clientes"; -llxHeader('', $title, $helpurl); +$help_url = "EN:Customers_Invoices|FR:Factures_Clients|ES:Facturas_a_clientes"; + +llxHeader('', $title, $help_url); -$object = new Facture($db); -$object->fetch($id, $ref); $object->fetch_thirdparty(); $object->info($object->id); diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php index e419ed9260b..5d511aa6cd6 100644 --- a/htdocs/compta/facture/invoicetemplate_list.php +++ b/htdocs/compta/facture/invoicetemplate_list.php @@ -165,6 +165,11 @@ if ($socid > 0) { } } +$objecttype = 'facture_rec'; + +$result = restrictedArea($user, 'facture', $object->id, $objecttype); + + /* * Actions */ diff --git a/htdocs/compta/facture/note.php b/htdocs/compta/facture/note.php index 23d4afb0417..f019d822529 100644 --- a/htdocs/compta/facture/note.php +++ b/htdocs/compta/facture/note.php @@ -41,6 +41,14 @@ $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); +$object = new Facture($db); +// Load object +if ($id > 0 || !empty($ref)) { + $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION); +} + +$permissionnote = $user->rights->facture->creer; // Used by the include of actions_setnotes.inc.php + // Security check $socid = 0; if ($user->socid) { @@ -48,11 +56,6 @@ if ($user->socid) { } $result = restrictedArea($user, 'facture', $id, ''); -$object = new Facture($db); -$object->fetch($id); - -$permissionnote = $user->rights->facture->creer; // Used by the include of actions_setnotes.inc.php - /* * Actions From 3aed47c1db9788a81d3bd7408de4839d11c86680 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 18 Mar 2021 20:32:11 +0100 Subject: [PATCH 42/85] Update productlot_list.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit $help_url = 'EN:Module_Lot_/_Serial|FR:Module_Lot_/_Série'; --- htdocs/product/stock/productlot_list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index 45dae12ce10..e04b3f2e59b 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -186,8 +186,8 @@ $form = new Form($db); $now = dol_now(); -//$help_url="EN:Module_MyObject|FR:Module_MyObject_FR|ES:Módulo_MyObject"; -$help_url = ''; +$help_url = 'EN:Module_Lot_/_Serial|FR:Module_Lot_/_Série'; + $title = $langs->trans('LotSerialList'); From 82f16086be640e5570cec54c29f614cd8db65988 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 18 Mar 2021 20:34:38 +0100 Subject: [PATCH 43/85] Update card.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit $help_url = 'EN:Module_Stocks_En|FR:Module_Stock|ES:Módulo_Stocks|DE:Modul_Bestände'; --- htdocs/product/inventory/card.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index e0a03cb322d..92ad4c2176b 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -163,7 +163,9 @@ $formfile = new FormFile($db); $formproject = new FormProjets($db); $title = $langs->trans("Inventory"); -$help_url = ''; + +$help_url = 'EN:Module_Stocks_En|FR:Module_Stock|ES:Módulo_Stocks|DE:Modul_Bestände'; + llxHeader('', $title, $help_url); // Example : Adding jquery code From daa8c1e00f0acf991b5c44b3fcfe81781ffee995 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 18 Mar 2021 20:38:08 +0100 Subject: [PATCH 44/85] Update massstockmove.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit $help_url = 'EN:Module_Stocks_En|FR:Module_Stock|ES:Módulo_Stocks|DE:Modul_Bestände'; llxHeader('', $title, $help_url); --- htdocs/product/stock/massstockmove.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index a9a69dd4522..830e8aa56e9 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -302,9 +302,11 @@ $productstatic = new Product($db); $warehousestatics = new Entrepot($db); $warehousestatict = new Entrepot($db); +$help_url = 'EN:Module_Stocks_En|FR:Module_Stock|ES:Módulo_Stocks|DE:Modul_Bestände'; + $title = $langs->trans('MassMovement'); -llxHeader('', $title); +llxHeader('', $title, $help_url); print load_fiche_titre($langs->trans("MassStockTransferShort"), '', 'stock'); From e318a84940f04246d78d3fe8c95c0882a9ec3aba Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Mar 2021 20:38:19 +0100 Subject: [PATCH 45/85] Fix #yogosha5664 --- htdocs/bom/bom_card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index 5547c21faab..6d2047d3f49 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -75,8 +75,8 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ // Security check - Protection if external user //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; -//$isdraft = (($object->statut == $object::STATUS_DRAFT) ? 1 : 0); -//$result = restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); +$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); +$result = restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); $permissionnote = $user->rights->bom->write; // Used by the include of actions_setnotes.inc.php $permissiondellink = $user->rights->bom->write; // Used by the include of actions_dellink.inc.php From d881c73e58e5bb94862225c15a8320546156a7b6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Mar 2021 20:44:53 +0100 Subject: [PATCH 46/85] Fix #yogosha5664 --- htdocs/bom/bom_agenda.php | 10 +++++----- htdocs/bom/bom_document.php | 6 ++++++ htdocs/bom/bom_note.php | 8 ++++++-- htdocs/mrp/mo_note.php | 3 +-- 4 files changed, 18 insertions(+), 9 deletions(-) diff --git a/htdocs/bom/bom_agenda.php b/htdocs/bom/bom_agenda.php index 2cf66d9c3f5..6a86f1c2258 100644 --- a/htdocs/bom/bom_agenda.php +++ b/htdocs/bom/bom_agenda.php @@ -51,11 +51,6 @@ if (GETPOST('actioncode', 'array')) { } $search_agenda_label = GETPOST('search_agenda_label'); -// Security check - Protection if external user -//if ($user->socid > 0) accessforbidden(); -//if ($user->socid > 0) $socid = $user->socid; -//$result = restrictedArea($user, 'bom', $id); - $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); @@ -87,6 +82,11 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->bom->multidir_output[$object->entity]."/".$object->id; } +// Security check - Protection if external user +//if ($user->socid > 0) accessforbidden(); +//if ($user->socid > 0) $socid = $user->socid; +$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); +restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); /* diff --git a/htdocs/bom/bom_document.php b/htdocs/bom/bom_document.php index 92babe87003..520dd8bb9d7 100644 --- a/htdocs/bom/bom_document.php +++ b/htdocs/bom/bom_document.php @@ -79,6 +79,12 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->bom->multidir_output[$object->entity ? $object->entity : 1]."/bom/".get_exdir(0, 0, 0, 1, $object); } +// Security check - Protection if external user +//if ($user->socid > 0) accessforbidden(); +//if ($user->socid > 0) $socid = $user->socid; +$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); +restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); + /* * Actions diff --git a/htdocs/bom/bom_note.php b/htdocs/bom/bom_note.php index cd288a3be3c..244bcfd7a49 100644 --- a/htdocs/bom/bom_note.php +++ b/htdocs/bom/bom_note.php @@ -57,9 +57,13 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->bom->multidir_output[$object->entity]."/".$object->id; } -$permissionnote = 1; -//$permissionnote=$user->rights->bom->creer; // Used by the include of actions_setnotes.inc.php +$permissionnote = $user->rights->bom->write; // Used by the include of actions_setnotes.inc.php +// Security check - Protection if external user +//if ($user->socid > 0) accessforbidden(); +//if ($user->socid > 0) $socid = $user->socid; +$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); +restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); /* diff --git a/htdocs/mrp/mo_note.php b/htdocs/mrp/mo_note.php index 56699e4903f..6bbfc503453 100644 --- a/htdocs/mrp/mo_note.php +++ b/htdocs/mrp/mo_note.php @@ -60,8 +60,7 @@ if ($id > 0 || !empty($ref)) { $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); $result = restrictedArea($user, 'mrp', $object->id, 'mrp_mo', '', 'fk_soc', 'rowid', $isdraft); -$permissionnote = 1; -//$permissionnote=$user->rights->mrp->creer; // Used by the include of actions_setnotes.inc.php +$permissionnote = $user->rights->mrp->write; // Used by the include of actions_setnotes.inc.php From c43d3dff92ea10ccd22c79a99467f467a5c4cbbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 20:51:40 +0100 Subject: [PATCH 47/85] fix project replace projet --- htdocs/core/class/conf.class.php | 2 +- htdocs/core/photos_resize.php | 2 +- htdocs/projet/stats/index.php | 8 ++++---- htdocs/projet/tasks/stats/index.php | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index 6b50c73da8e..decab886f49 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -842,7 +842,7 @@ class Conf if (isset($this->categorie)) { $this->category = $this->categorie; } - if (isset($this->project)) { + if (isset($this->projet) && !isset($this->project)) { $this->project = $this->projet; } diff --git a/htdocs/core/photos_resize.php b/htdocs/core/photos_resize.php index f03436c0043..008e524f299 100644 --- a/htdocs/core/photos_resize.php +++ b/htdocs/core/photos_resize.php @@ -142,7 +142,7 @@ if ($modulepart == 'produit' || $modulepart == 'product' || $modulepart == 'serv if ($result <= 0) { dol_print_error($db, 'Failed to load object'); } - $dir = $conf->projet->multidir_output[$object->entity]; // By default + $dir = $conf->project->multidir_output[$object->entity]; // By default } } elseif ($modulepart == 'propal') { require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; diff --git a/htdocs/projet/stats/index.php b/htdocs/projet/stats/index.php index afbc4f7c55b..f17e326276a 100644 --- a/htdocs/projet/stats/index.php +++ b/htdocs/projet/stats/index.php @@ -99,7 +99,7 @@ if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) $data1 = array(array(0=>$langs->trans("None"), 1=>1)); } - $filenamenb = $conf->projet->dir_output."/stats/projectbystatus.png"; + $filenamenb = $conf->project->dir_output."/stats/projectbystatus.png"; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=projectstats&file=projectbystatus.png'; $px = new DolGraph(); $mesg = $px->isGraphKo(); @@ -150,7 +150,7 @@ if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) $data = $stats_project->getNbByMonthWithPrevYear($endyear, $startyear); //var_dump($data); -$filenamenb = $conf->projet->dir_output."/stats/projectnbprevyear-".$year.".png"; +$filenamenb = $conf->project->dir_output."/stats/projectnbprevyear-".$year.".png"; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=projectstats&file=projectnbprevyear-'.$year.'.png'; $px1 = new DolGraph(); @@ -182,7 +182,7 @@ if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) { //var_dump($data); // $data = array(array('Lib',val1,val2,val3),...) - $filenamenb = $conf->projet->dir_output."/stats/projectamountprevyear-".$year.".png"; + $filenamenb = $conf->project->dir_output."/stats/projectamountprevyear-".$year.".png"; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=projectstats&file=projectamountprevyear-'.$year.'.png'; $px2 = new DolGraph(); @@ -217,7 +217,7 @@ if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) { //var_dump($data); // $data = array(array('Lib',val1,val2,val3),...) - $filenamenb = $conf->projet->dir_output."/stats/projecttransrateprevyear-".$year.".png"; + $filenamenb = $conf->project->dir_output."/stats/projecttransrateprevyear-".$year.".png"; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=projectstats&file=projecttransrateprevyear-'.$year.'.png'; $px3 = new DolGraph(); diff --git a/htdocs/projet/tasks/stats/index.php b/htdocs/projet/tasks/stats/index.php index d2c53943506..5d1bec36f17 100644 --- a/htdocs/projet/tasks/stats/index.php +++ b/htdocs/projet/tasks/stats/index.php @@ -65,7 +65,7 @@ $includeuserlist = array(); llxHeader('', $langs->trans('Tasks')); $title = $langs->trans("TasksStatistics"); -$dir = $conf->projet->dir_output.'/temp'; +$dir = $conf->project->dir_output.'/temp'; print load_fiche_titre($title, '', 'projecttask'); @@ -90,7 +90,7 @@ if (!empty($year)) { $data = $stats_tasks->getNbByMonthWithPrevYear($endyear, $startyear); //var_dump($data); -$filenamenb = $conf->projet->dir_output."/stats/tasknbprevyear-".$year.".png"; +$filenamenb = $conf->project->dir_output."/stats/tasknbprevyear-".$year.".png"; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=taskstats&file=tasknbprevyear-'.$year.'.png'; $px1 = new DolGraph(); From 3ca9bee5de71fcb4d92ce2b6946f4e804e5e7f97 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 18 Mar 2021 20:52:24 +0100 Subject: [PATCH 48/85] Update card.php $help_url = 'EN:Module_Products#Variants'; llxHeader('', $title, $help_url); --- htdocs/variants/card.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/variants/card.php b/htdocs/variants/card.php index ecaa4e77948..7a15a4ede97 100644 --- a/htdocs/variants/card.php +++ b/htdocs/variants/card.php @@ -122,9 +122,11 @@ if ($confirm == 'yes') { $langs->load('products'); +$help_url = 'EN:Module_Products#Variants'; + $title = $langs->trans('ProductAttributeName', dol_htmlentities($object->label)); -llxHeader('', $title); +llxHeader('', $title, $help_url); //print load_fiche_titre($title); From b7aed07284a2946886cd53df8f729d3082cd3bbc Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 18 Mar 2021 20:55:41 +0100 Subject: [PATCH 49/85] Update create.php $help_url = 'EN:Module_Products#Variants'; llxHeader('', $title, $help_url); --- htdocs/variants/create.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/variants/create.php b/htdocs/variants/create.php index ee178f2728d..8f3a1d28d9f 100644 --- a/htdocs/variants/create.php +++ b/htdocs/variants/create.php @@ -59,9 +59,12 @@ $langs->load('products'); * View */ +$help_url = 'EN:Module_Products#Variants'; + $title = $langs->trans('NewProductAttribute'); -llxHeader('', $title); +llxHeader('', $title, $help_url); + print load_fiche_titre($title); From e7ad9f129020ba1a18220295abc1f73799aba9d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 20:55:47 +0100 Subject: [PATCH 50/85] fix project replace projet --- htdocs/projet/stats/index.php | 4 ++-- htdocs/projet/tasks/stats/index.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/projet/stats/index.php b/htdocs/projet/stats/index.php index f17e326276a..6b1b0eac4c1 100644 --- a/htdocs/projet/stats/index.php +++ b/htdocs/projet/stats/index.php @@ -65,7 +65,7 @@ $includeuserlist = array(); llxHeader('', $langs->trans('Projects')); $title = $langs->trans("ProjectsStatistics"); -$dir = $conf->projet->dir_output.'/temp'; +$dir = $conf->project->dir_output.'/temp'; print load_fiche_titre($title, '', 'project'); @@ -269,7 +269,7 @@ $head[$h][1] = $langs->trans("ByMonthYear"); $head[$h][2] = 'byyear'; $h++; -complete_head_from_modules($conf, $langs, null, $head, $h, 'projet_stats'); +complete_head_from_modules($conf, $langs, null, $head, $h, 'project_stats'); print dol_get_fiche_head($head, 'byyear', $langs->trans("Statistics"), -1, ''); diff --git a/htdocs/projet/tasks/stats/index.php b/htdocs/projet/tasks/stats/index.php index 5d1bec36f17..531b9eb7b3a 100644 --- a/htdocs/projet/tasks/stats/index.php +++ b/htdocs/projet/tasks/stats/index.php @@ -139,7 +139,7 @@ $head[$h][1] = $langs->trans("ByMonthYear"); $head[$h][2] = 'byyear'; $h++; -complete_head_from_modules($conf, $langs, null, $head, $h, 'projet_tasks_stats'); +complete_head_from_modules($conf, $langs, null, $head, $h, 'project_tasks_stats'); print dol_get_fiche_head($head, 'byyear', $langs->trans("Statistics"), -1, ''); From 8844f4fda96c7e2514a878df480e24b0e844175c Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 18 Mar 2021 20:57:09 +0100 Subject: [PATCH 51/85] Update create_val.php $help_url = 'EN:Module_Products#Variants'; llxHeader('', $title, $help_url); --- htdocs/variants/create_val.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/variants/create_val.php b/htdocs/variants/create_val.php index ce03f314265..22dc2a1a110 100644 --- a/htdocs/variants/create_val.php +++ b/htdocs/variants/create_val.php @@ -75,9 +75,11 @@ if ($action == 'add') { $langs->load('products'); +$help_url = 'EN:Module_Products#Variants'; + $title = $langs->trans('ProductAttributeName', dol_htmlentities($object->label)); -llxHeader('', $title); +llxHeader('', $title, $help_url); $h = 0; $head[$h][0] = DOL_URL_ROOT.'/variants/card.php?id='.$object->id; From 9ba568eb25452d3e8802719638b4a84c375db6f2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Mar 2021 20:57:50 +0100 Subject: [PATCH 52/85] Fix security check --- htdocs/compta/bank/card.php | 12 ++++++------ htdocs/compta/bank/document.php | 1 + htdocs/compta/bank/info.php | 12 ++++++++++++ htdocs/compta/bank/treso.php | 23 +++++++++++++---------- 4 files changed, 32 insertions(+), 16 deletions(-) diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index 1524c1d1727..ccc834835a4 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -54,12 +54,6 @@ $langs->loadLangs(array("banks", "bills", "categories", "companies", "compta")); $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); -// Security check -$id = GETPOST("id", 'int') ? GETPOST("id", 'int') : GETPOST('ref', 'alpha'); -$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid'; - -$result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid); - $object = new Account($db); $extrafields = new ExtraFields($db); @@ -69,6 +63,12 @@ $extrafields->fetch_name_optionals_label($object->table_element); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('bankcard', 'globalcard')); +// Security check +$id = GETPOST("id", 'int') ? GETPOST("id", 'int') : GETPOST('ref', 'alpha'); +$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid'; +$result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid); + + /* * Actions */ diff --git a/htdocs/compta/bank/document.php b/htdocs/compta/bank/document.php index 0add6bf77fd..35102281ae9 100644 --- a/htdocs/compta/bank/document.php +++ b/htdocs/compta/bank/document.php @@ -71,6 +71,7 @@ if ($id > 0 || !empty($ref)) { $object->fetch($id, $ref); } + $result = restrictedArea($user, 'banque', $object->id, 'bank_account', '', ''); diff --git a/htdocs/compta/bank/info.php b/htdocs/compta/bank/info.php index a2a3260775a..c61f6e50bff 100644 --- a/htdocs/compta/bank/info.php +++ b/htdocs/compta/bank/info.php @@ -30,6 +30,18 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; $langs->loadLangs(array('banks', 'categories', 'companies')); $id = GETPOST("rowid", 'int'); +$ref = GETPOST('ref', 'alpha'); + +// Security check +$fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : '')); +$fieldtype = (!empty($ref) ? 'ref' : 'rowid'); +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'banque', $fieldvalue, 'bank_account', '', '', $fieldtype); +if (!$user->rights->banque->lire && !$user->rights->banque->consolidate) { + accessforbidden(); +} /* diff --git a/htdocs/compta/bank/treso.php b/htdocs/compta/bank/treso.php index b1dac2858b0..6ccd953a68b 100644 --- a/htdocs/compta/bank/treso.php +++ b/htdocs/compta/bank/treso.php @@ -37,22 +37,23 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; $langs->loadLangs(array('banks', 'categories', 'bills', 'companies')); // Security check -if (isset($_GET["account"]) || isset($_GET["ref"])) { - $id = isset($_GET["account"]) ? $_GET["account"] : (isset($_GET["ref"]) ? $_GET["ref"] : ''); +if (GETPOSTISSET("account") || GETPOSTISSET("ref")) { + $id = GETPOSTISSET("account") ? GETPOST("account") : (GETPOSTISSET("ref") ? GETPOST("ref") : ''); } -$fieldid = isset($_GET["ref"]) ? 'ref' : 'rowid'; +$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid'; if ($user->socid) { $socid = $user->socid; } $result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid); -$vline = isset($_GET["vline"]) ? $_GET["vline"] : $_POST["vline"]; -$page = isset($_GET["page"]) ? $_GET["page"] : 0; +$vline = GETPOST('vline'); +$page = GETPOSTISSET("page") ? GETPOST("page") : 0; // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('banktreso', 'globalcard')); + /* * View */ @@ -68,7 +69,7 @@ $socialcontribstatic = new ChargeSociales($db); $form = new Form($db); -if ($_REQUEST["account"] || $_REQUEST["ref"]) { +if (GETPOST("account") || GETPOST("ref")) { if ($vline) { $viewline = $vline; } else { @@ -76,11 +77,11 @@ if ($_REQUEST["account"] || $_REQUEST["ref"]) { } $object = new Account($db); - if ($_GET["account"]) { - $result = $object->fetch($_GET["account"]); + if (GETPOST("account", 'int')) { + $result = $object->fetch(GETPOST("account", 'int')); } - if ($_GET["ref"]) { - $result = $object->fetch(0, $_GET["ref"]); + if (GETPOST("ref")) { + $result = $object->fetch(0, GETPOST("ref")); $_GET["account"] = $object->id; } @@ -91,6 +92,8 @@ if ($_REQUEST["account"] || $_REQUEST["ref"]) { $linkback = ''.$langs->trans("BackToList").''; + $morehtmlref = ''; + dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref, '', 0, '', '', 1); print dol_get_fiche_end(); From 88ec31c0423c7ced7009450787fe190cf98b2204 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 18 Mar 2021 21:09:18 +0100 Subject: [PATCH 53/85] Update workstation_card.php $help_url = 'EN:Module_Workstation'; --- htdocs/workstation/workstation_card.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/workstation/workstation_card.php b/htdocs/workstation/workstation_card.php index 2378741c140..c15053bad5e 100755 --- a/htdocs/workstation/workstation_card.php +++ b/htdocs/workstation/workstation_card.php @@ -160,7 +160,9 @@ $formfile = new FormFile($db); $formresource = new FormResource($db); $title = $langs->trans("Workstation"); -$help_url = ''; + +$help_url = 'EN:Module_Workstation'; + llxHeader('', $title, $help_url); // Example : Adding jquery code From b584adf2995bc5fdb59009e1e8671c37e3317019 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 21:10:55 +0100 Subject: [PATCH 54/85] fix project replace projet --- htdocs/core/class/conf.class.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index decab886f49..0eab527bc6b 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -826,22 +826,28 @@ class Conf unset($this->global->MAIN_NO_CONCAT_DESCRIPTION); } - // For backward compatibility + // product is new use if (isset($this->product)) { + // For backward compatibility $this->produit = $this->product; } + // invoice is new use, facture is old use still initialised if (isset($this->facture)) { $this->invoice = $this->facture; } + // order is new use, commande is old use still initialised if (isset($this->commande)) { $this->order = $this->commande; } + // contract is new use, contrat is old use still initialised if (isset($this->contrat)) { $this->contract = $this->contrat; } + // category is new use, categorie is old use still initialised if (isset($this->categorie)) { $this->category = $this->categorie; } + // project is new use, projet is old use still initialised if (isset($this->projet) && !isset($this->project)) { $this->project = $this->projet; } From 972d162c5e811ba468a1bf159445e04a9fe4c5dd Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 18 Mar 2021 21:16:44 +0100 Subject: [PATCH 55/85] Update type.php $help_url = 'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros|DE:Modul_Mitglieder'; --- htdocs/adherents/type.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index d2b46e96610..a867a884775 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -213,7 +213,8 @@ if ($action == 'confirm_delete' && $user->rights->adherent->configurer) { $form = new Form($db); $formproduct = new FormProduct($db); -$help_url = 'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros'; +$help_url = 'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros|DE:Modul_Mitglieder'; + llxHeader('', $langs->trans("MembersTypeSetup"), $help_url); // List of members type From 4e3e2a23bccf219ee9ebefab66d655d597846bb4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Mar 2021 21:22:50 +0100 Subject: [PATCH 56/85] More complete fix for #yogosha5644 --- htdocs/main.inc.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 199601f1385..f6376a650b7 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -428,17 +428,16 @@ if (!defined('NOTOKENRENEWAL')) { } //dol_syslog("aaaa - ".defined('NOCSRFCHECK')." - ".$dolibarr_nocsrfcheck." - ".$conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN." - ".$_SERVER['REQUEST_METHOD']." - ".GETPOST('token', 'alpha').' '.$_SESSION['token']); -//$dolibarr_nocsrfcheck=1; -// Check token -if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) - || defined('CSRFCHECK_WITH_TOKEN')) { // Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set into page + +// Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set into page +if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) { // Check all cases that need a token (all POST actions + all login, actions and mass actions on pages with CSRFCHECK_WITH_TOKEN set + all sensitive GET actions) if ( $_SERVER['REQUEST_METHOD'] == 'POST' || ((GETPOSTISSET('actionlogin') || GETPOSTISSET('action') || GETPOSTISSET('massaction')) && defined('CSRFCHECK_WITH_TOKEN')) || in_array(GETPOST('action', 'aZ09'), array('add', 'addtimespent', 'update', 'install', 'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'confirm_create_user', 'confirm_create_thirdparty', 'confirm_reject_check')) ) { - if (!GETPOSTISSET('token')) { + if (!GETPOST('token', 'alpha')) { // If token is not provided or empty if (GETPOST('uploadform', 'int')) { dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused. File size too large."); $langs->loadLangs(array("errors", "install")); From 569d33392d5b238dc845c38e9ece6363bc49f290 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 18 Mar 2021 21:49:29 +0100 Subject: [PATCH 57/85] Update card.php change $helpurl -> $help_url $help_url = 'EN:Category:Accounting'; --- htdocs/accountancy/admin/card.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php index 253c320bde0..caf98c7d91c 100644 --- a/htdocs/accountancy/admin/card.php +++ b/htdocs/accountancy/admin/card.php @@ -212,8 +212,10 @@ $accountsystem = new AccountancySystem($db); $accountsystem->fetch($conf->global->CHARTOFACCOUNTS); $title = $langs->trans('AccountAccounting')." - ".$langs->trans('Card'); -$helpurl = ''; -llxheader('', $title, $helpurl); + +$help_url = 'EN:Category:Accounting'; + +llxheader('', $title, $help_url); // Create mode From 37fcaf2a57d13e002cddcb3e61fc1204c6f13e64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 22:07:35 +0100 Subject: [PATCH 58/85] fix php8 warning --- htdocs/core/tpl/extrafields_view.tpl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index e43548afc3f..3940f0c38e5 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -159,7 +159,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element] $keyforperm = 'ficheinter'; } if (isset($user->rights->$keyforperm)) { - $permok = $user->rights->$keyforperm->creer || $user->rights->$keyforperm->create || $user->rights->$keyforperm->write; + $permok = !empty($user->rights->$keyforperm->creer) || !empty($user->rights->$keyforperm->create) || !empty($user->rights->$keyforperm->write); } if ($object->element == 'order_supplier') { $permok = $user->rights->fournisseur->commande->creer; From d2ce3b2d6005aec9e388bb3047879e9ce0d1a43e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Mar 2021 22:19:58 +0100 Subject: [PATCH 59/85] fix php8 warning --- htdocs/opensurvey/list.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/opensurvey/list.php b/htdocs/opensurvey/list.php index 3f0b6011455..56036b51aec 100644 --- a/htdocs/opensurvey/list.php +++ b/htdocs/opensurvey/list.php @@ -376,6 +376,7 @@ print '
'; - print dol_print_date($db->jdate($objp->dv), "day").' '; - print ''; + print ''.dol_print_date($db->jdate($objp->dv), "day").''; + print ' '; + print ''; + print ''; print img_edit_remove()." "; - print ''; + print ''; print img_edit_add().""; + print ''; print "
"; + // Code to adjust value date with plus and less picto using an Ajax call instead of a full reload of page + $urlajax = DOL_URL_ROOT.'/core/ajax/bankconciliate.php?token='.currentToken(); + print ' + + '; + print ""; print "\n"; diff --git a/htdocs/core/ajax/bankconciliate.php b/htdocs/core/ajax/bankconciliate.php index adcd1290fed..351903ea1f7 100644 --- a/htdocs/core/ajax/bankconciliate.php +++ b/htdocs/core/ajax/bankconciliate.php @@ -48,10 +48,6 @@ $action = GETPOST('action', 'aZ09'); * View */ -// Ajout directives pour resoudre bug IE -//header('Cache-Control: Public, must-revalidate'); -//header('Pragma: public'); - //top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header. top_httphead(); @@ -63,7 +59,7 @@ if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $ $al->datev_next(GETPOST('rowid', 'int')); $al->fetch(GETPOST('rowid', 'int')); - print ''.dol_print_date($db->jdate($al->datev), "day").''; + print ''.dol_print_date($db->jdate($al->datev), "day").''; exit; } @@ -74,7 +70,7 @@ if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $ $al->datev_previous(GETPOST('rowid', 'int')); $al->fetch(GETPOST('rowid', 'int')); - print ''.dol_print_date($db->jdate($al->datev), "day").''; + print ''.dol_print_date($db->jdate($al->datev), "day").''; exit; } @@ -85,7 +81,7 @@ if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $ $al->dateo_next(GETPOST('rowid', 'int')); $al->fetch(GETPOST('rowid', 'int')); - print ''.dol_print_date($db->jdate($al->dateo), "day").''; + print ''.dol_print_date($db->jdate($al->dateo), "day").''; exit; } @@ -96,7 +92,7 @@ if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $ $al->dateo_previous(GETPOST('rowid', 'int')); $al->fetch(GETPOST('rowid', 'int')); - print ''.dol_print_date($db->jdate($al->dateo), "day").''; + print ''.dol_print_date($db->jdate($al->dateo), "day").''; exit; } diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index f6376a650b7..d77b1479102 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -427,7 +427,7 @@ if (!defined('NOTOKENRENEWAL')) { dol_syslog("NEW TOKEN reclaimed by : " . $_SERVER['PHP_SELF'], LOG_DEBUG); } -//dol_syslog("aaaa - ".defined('NOCSRFCHECK')." - ".$dolibarr_nocsrfcheck." - ".$conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN." - ".$_SERVER['REQUEST_METHOD']." - ".GETPOST('token', 'alpha').' '.$_SESSION['token']); +//dol_syslog("aaaa - ".defined('NOCSRFCHECK')." - ".$dolibarr_nocsrfcheck." - ".$conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN." - ".$_SERVER['REQUEST_METHOD']." - ".GETPOST('token', 'alpha')); // Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set into page if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) { @@ -457,7 +457,9 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl } } - if (GETPOSTISSET('token') && GETPOST('token', 'alpha') != $_SESSION['token']) { + $sessiontokenforthisurl = $_SESSION['token']; + // TODO Get the sessiontokenforthisurl into the array of session token + if (GETPOSTISSET('token') && GETPOST('token', 'alpha') != $sessiontokenforthisurl) { dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused due to invalid token, so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha').", _SESSION['token']=".$_SESSION['token'], LOG_WARNING); //print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers. setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings'); @@ -1094,7 +1096,7 @@ if (!defined('NOLOGIN')) { dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"])?'':$_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09').' NOTOKENRENEWAL='.(defined('NOTOKENRENEWAL') ?constant('NOTOKENRENEWAL') : '')); //Another call for easy debugg -//dol_syslog("Access to ".$_SERVER["PHP_SELF"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST)); +//dol_syslog("Access to ".$_SERVER["PHP_SELF"].' '.$_SERVER["HTTP_REFERER"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST)); // Load main languages files if (!defined('NOREQUIRETRAN')) { @@ -1237,7 +1239,7 @@ if (!function_exists("llxHeader")) { /** - * Show HTTP header + * Show HTTP header. Called by top_htmlhead(). * * @param string $contenttype Content type. For example, 'text/html' * @param int $forcenocache Force disabling of cache for the page @@ -1303,7 +1305,7 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0) } /** - * Ouput html header of a page. + * Ouput html header of a page. It calls also top_httphead() * This code is also duplicated into security2.lib.php::dol_loginfunction * * @param string $head Optionnal head lines From 3df866518d59da547d46cb5e0a1273a4d29721fd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 12:15:46 +0100 Subject: [PATCH 71/85] FIx #yogosha5676 --- htdocs/printing/admin/printing.php | 8 ++++---- htdocs/printing/index.php | 4 ++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/htdocs/printing/admin/printing.php b/htdocs/printing/admin/printing.php index 5c79be62197..2b86efa507c 100644 --- a/htdocs/printing/admin/printing.php +++ b/htdocs/printing/admin/printing.php @@ -33,10 +33,6 @@ use OAuth\Common\Storage\DoliStorage; // Load translation files required by the page $langs->loadLangs(array('admin', 'printing', 'oauth')); -if (!$user->admin) { - accessforbidden(); -} - $action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha'); $value = GETPOST('value', 'alpha', 0, null, null, 1); // The value may be __google__docs so we force disable of replace @@ -53,6 +49,10 @@ if (!$mode) { $OAUTH_SERVICENAME_GOOGLE = 'Google'; +if (!$user->admin) { + accessforbidden(); +} + /* * Action diff --git a/htdocs/printing/index.php b/htdocs/printing/index.php index e0dcaf86e44..84132c784f4 100644 --- a/htdocs/printing/index.php +++ b/htdocs/printing/index.php @@ -28,6 +28,10 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/printing/modules_printing.php'; // Load translation files required by the page $langs->load("printing"); +if (!$user->admin) { + accessforbidden(); +} + /* * Actions From d83d0052846104321ac598f80049a8080f88380f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Mar 2021 12:44:59 +0100 Subject: [PATCH 72/85] FIX #yogosha5674 --- htdocs/accountancy/admin/account.php | 8 +++---- htdocs/accountancy/admin/subaccount.php | 4 ++-- htdocs/accountancy/bookkeeping/card.php | 4 ++-- htdocs/admin/confexped.php | 8 +++---- htdocs/admin/fckeditor.php | 6 +++--- htdocs/admin/security.php | 10 ++++----- htdocs/bom/bom_card.php | 4 ++-- htdocs/compta/facture/card-rec.php | 6 +++--- htdocs/contact/card.php | 4 ++-- .../conferenceorbooth_card.php | 8 +++---- htdocs/main.inc.php | 21 ++++++++++++++++--- .../modulebuilder/template/myobject_card.php | 8 +++---- htdocs/product/price.php | 4 ++-- .../recruitmentjobposition_card.php | 4 ++-- htdocs/user/card.php | 6 +++--- htdocs/website/websiteaccount_card.php | 6 +++--- htdocs/workstation/workstation_card.php | 6 +++--- htdocs/zapier/hook_card.php | 4 ++-- 18 files changed, 68 insertions(+), 53 deletions(-) diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index faf55427786..8982376ded6 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -529,11 +529,11 @@ if ($resql) { if (!empty($arrayfields['aa.reconcilable']['checked'])) { print '		'; if (empty($obj->reconcilable)) { - print ''; + print ''; print img_picto($langs->trans("Disabled"), 'switch_off'); print ''; } else { - print ''; + print ''; print img_picto($langs->trans("Activated"), 'switch_on'); print ''; } @@ -548,11 +548,11 @@ if ($resql) { if (!empty($arrayfields['aa.active']['checked'])) { print ''; if (empty($obj->active)) { - print ''; + print ''; print img_picto($langs->trans("Disabled"), 'switch_off'); print ''; } else { - print ''; + print ''; print img_picto($langs->trans("Activated"), 'switch_on'); print ''; } diff --git a/htdocs/accountancy/admin/subaccount.php b/htdocs/accountancy/admin/subaccount.php index 341fddf113c..ad1804048c3 100644 --- a/htdocs/accountancy/admin/subaccount.php +++ b/htdocs/accountancy/admin/subaccount.php @@ -419,11 +419,11 @@ if ($resql) { if (!empty($arrayfields['reconcilable']['checked'])) { print ''; if (empty($obj->reconcilable)) { - print ''; + print ''; print img_picto($langs->trans("Disabled"), 'switch_off'); print ''; } else { - print ''; + print ''; print img_picto($langs->trans("Activated"), 'switch_on'); print ''; } diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php index 60645353976..e3cac139c08 100644 --- a/htdocs/accountancy/bookkeeping/card.php +++ b/htdocs/accountancy/bookkeeping/card.php @@ -543,11 +543,11 @@ if ($action == 'create') { print '' . $langs->trans("Status") . ''; if (empty($object->validated)) { - print ''; + print ''; print img_picto($langs->trans("Disabled"), 'switch_off'); print ''; } else { - print ''; + print ''; print img_picto($langs->trans("Activated"), 'switch_on'); print ''; } diff --git a/htdocs/admin/confexped.php b/htdocs/admin/confexped.php index fbf347a45a9..b218a245c99 100644 --- a/htdocs/admin/confexped.php +++ b/htdocs/admin/confexped.php @@ -110,11 +110,11 @@ print ''; print $langs->trans("Required"); /*if (empty($conf->global->MAIN_SUBMODULE_EXPEDITION)) { - print ''.img_picto($langs->trans("Disabled"),'switch_off').''; + print ''.img_picto($langs->trans("Disabled"),'switch_off').''; } else { - print ''.img_picto($langs->trans("Enabled"),'switch_on').''; + print ''.img_picto($langs->trans("Enabled"),'switch_on').''; }*/ print "
'; if (empty($conf->global->MAIN_SUBMODULE_DELIVERY)) { - print ''.img_picto($langs->trans("Disabled"), 'switch_off').''; + print ''.img_picto($langs->trans("Disabled"), 'switch_off').''; } else { - print ''.img_picto($langs->trans("Enabled"), 'switch_on').''; + print ''.img_picto($langs->trans("Enabled"), 'switch_on').''; } print "'; - print ''.$langs->trans("Activate").''; + print ''.$langs->trans("Activate").''; print "'; - print ''.$langs->trans("Disable").''; + print ''.$langs->trans("Disable").''; print "
'; - print '('.$langs->trans("DisablePriceByQty").')'; + print '('.$langs->trans("DisablePriceByQty").')'; } else { print $langs->trans("No"); - print '  ('.$langs->trans("Activate").')'; + print '  ('.$langs->trans("Activate").')'; } print '