diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index 22703534d89..1c1bab1c252 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -94,12 +94,12 @@ $search_zip = GETPOST('search_zip', 'alpha'); $search_state = GETPOST('search_state', 'alpha'); $search_country = GETPOSTINT('search_country'); $search_type_thirdparty = GETPOSTINT('search_type_thirdparty'); -$search_user = GETPOSTINT('search_user'); -$search_sale = GETPOSTINT('search_sale'); +$search_user = GETPOST('search_user', 'intcomma'); +$search_sale = GETPOST('search_sale', 'intcomma'); $search_total_ht = GETPOST('search_total_ht', 'alpha'); $search_total_vat = GETPOST('search_total_vat', 'alpha'); $search_total_ttc = GETPOST('search_total_ttc', 'alpha'); -$search_warehouse = GETPOSTINT('search_warehouse'); +$search_warehouse = GETPOST('search_warehouse', 'intcomma'); $search_multicurrency_code = GETPOST('search_multicurrency_code', 'alpha'); $search_multicurrency_tx = GETPOST('search_multicurrency_tx', 'alpha'); diff --git a/htdocs/commande/list_det.php b/htdocs/commande/list_det.php index d9435aea40f..1ae80e341ec 100644 --- a/htdocs/commande/list_det.php +++ b/htdocs/commande/list_det.php @@ -106,12 +106,12 @@ $search_country = GETPOSTINT("search_country"); $search_type_thirdparty = GETPOSTINT("search_type_thirdparty"); $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ? GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); $socid = GETPOSTINT('socid'); -$search_user = GETPOSTINT('search_user'); -$search_sale = GETPOSTINT('search_sale'); +$search_user = GETPOST('search_user', 'intcomma'); +$search_sale = GETPOST('search_sale', 'intcomma'); $search_total_ht = GETPOST('search_total_ht', 'alpha'); $search_total_vat = GETPOST('search_total_vat', 'alpha'); $search_total_ttc = GETPOST('search_total_ttc', 'alpha'); -$search_warehouse = GETPOSTINT('search_warehouse'); +$search_warehouse = GETPOST('search_warehouse', 'intcomma'); $search_multicurrency_code = GETPOST('search_multicurrency_code', 'alpha'); $search_multicurrency_tx = GETPOST('search_multicurrency_tx', 'alpha'); $search_multicurrency_montant_ht = GETPOST('search_multicurrency_montant_ht', 'alpha'); diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index 34c61ad8b31..d780eff0d41 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -528,11 +528,12 @@ if (empty($numref)) { print ''; print ''; $reg = array(); - preg_match('/\((.+)\)/i', $objp->label, $reg); // Si texte entoure de parentheses on tente recherche de traduction - if ($reg[1] && $langs->trans($reg[1]) != $reg[1]) { + + preg_match('/\((.+)\)/i', $objp->label, $reg); // If text rounded by parenthesis, we try to search translation + if (!empty($reg[1]) && $langs->trans($reg[1]) != $reg[1]) { print $langs->trans($reg[1]); } else { - print $objp->label; + print dol_escape_htmltag($objp->label); } print ''; diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 63cee7e8709..c326bb1218b 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -115,8 +115,8 @@ $search_state = GETPOST("search_state"); $search_country = GETPOST("search_country", 'alpha'); $search_customer_code = GETPOST("search_customer_code", 'alphanohtml'); $search_type_thirdparty = GETPOSTINT("search_type_thirdparty"); -$search_user = GETPOSTINT('search_user'); -$search_sale = GETPOSTINT('search_sale'); +$search_user = GETPOST('search_user', 'intcomma'); +$search_sale = GETPOST('search_sale', 'intcomma'); $search_date_startday = GETPOSTINT('search_date_startday'); $search_date_startmonth = GETPOSTINT('search_date_startmonth'); $search_date_startyear = GETPOSTINT('search_date_startyear'); diff --git a/htdocs/core/class/html.formsetup.class.php b/htdocs/core/class/html.formsetup.class.php index f74ee4d124d..3bfb4909cd1 100644 --- a/htdocs/core/class/html.formsetup.class.php +++ b/htdocs/core/class/html.formsetup.class.php @@ -27,6 +27,9 @@ class FormSetup */ public $db; + /** @var int */ + public $entity; + /** @var FormSetupItem[] */ public $items = array(); @@ -92,7 +95,8 @@ class FormSetup */ public function __construct($db, $outputLangs = null) { - global $langs; + global $conf, $langs; + $this->db = $db; $this->form = new Form($this->db); @@ -101,6 +105,8 @@ class FormSetup $this->formHiddenInputs['token'] = newToken(); $this->formHiddenInputs['action'] = 'update'; + $this->entity = (is_null($this->entity) ? $conf->entity : $this->entity); + if ($outputLangs) { $this->langs = $outputLangs; } else { @@ -461,6 +467,8 @@ class FormSetup { $item = new FormSetupItem($confKey); + $item->entity = $this->entity; + // set item rank if not defined as last item if (empty($item->rank)) { $item->rank = $this->getCurentItemMaxRank() + 1; @@ -657,7 +665,7 @@ class FormSetupItem /** * Constructor * - * @param string $confKey the conf key used in database + * @param string $confKey the conf key used in database */ public function __construct($confKey) { @@ -671,7 +679,7 @@ class FormSetupItem } $this->langs = $langs; - $this->entity = $conf->entity; + $this->entity = (is_null($this->entity) ? $conf->entity : ((int) $this->entity)); $this->confKey = $confKey; $this->loadValueFromConf(); @@ -1184,7 +1192,7 @@ class FormSetupItem $out .= $this->generateOutputFieldColor(); } elseif ($this->type == 'yesno') { if (!empty($conf->use_javascript_ajax)) { - $out .= ajax_constantonoff($this->confKey); + $out .= ajax_constantonoff($this->confKey, array(), $this->entity); // TODO possibility to add $input parameter } else { if ($this->fieldValue == 1) { $out .= $langs->trans('yes'); diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index 0e0fedc9c5d..982362df71f 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -69,8 +69,8 @@ $search_datedelivery_end = dol_mktime(23, 59, 59, GETPOSTINT('search_datedeliver $search_datereceipt_start = dol_mktime(0, 0, 0, GETPOSTINT('search_datereceipt_startmonth'), GETPOSTINT('search_datereceipt_startday'), GETPOSTINT('search_datereceipt_startyear')); $search_datereceipt_end = dol_mktime(23, 59, 59, GETPOSTINT('search_datereceipt_endmonth'), GETPOSTINT('search_datereceipt_endday'), GETPOSTINT('search_datereceipt_endyear')); $search_all = trim((GETPOST('search_all', 'alphanohtml') != '') ? GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); -$search_user = GETPOSTINT('search_user'); -$search_sale = GETPOSTINT('search_sale'); +$search_user = GETPOST('search_user', 'intcomma'); +$search_sale = GETPOST('search_sale', 'intcomma'); $search_categ_cus = GETPOSTINT("search_categ_cus"); $search_product_category = GETPOSTINT('search_product_category'); diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index e42b0e326eb..aa05993b1fa 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -108,11 +108,11 @@ $search_zip = GETPOST('search_zip', 'alpha'); $search_state = GETPOST("search_state", 'alpha'); $search_country = GETPOSTINT("search_country"); $search_type_thirdparty = GETPOSTINT("search_type_thirdparty"); -$search_user = GETPOSTINT('search_user'); +$search_user = GETPOST('search_user', 'intcomma'); $search_request_author = GETPOST('search_request_author', 'alpha'); $optioncss = GETPOST('optioncss', 'alpha'); $socid = GETPOSTINT('socid'); -$search_sale = GETPOSTINT('search_sale'); +$search_sale = GETPOST('search_sale', 'intcomma'); $search_total_ht = GETPOST('search_total_ht', 'alpha'); $search_total_tva = GETPOST('search_total_tva', 'alpha'); $search_total_ttc = GETPOST('search_total_ttc', 'alpha'); diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 6cf9a81433d..c1b8404d22b 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -92,8 +92,8 @@ $search_zip = GETPOST('search_zip', 'alpha'); $search_state = GETPOST("search_state"); $search_country = GETPOST("search_country", 'alpha'); $search_type_thirdparty = GETPOSTINT("search_type_thirdparty"); -$search_user = GETPOSTINT('search_user'); -$search_sale = GETPOSTINT('search_sale'); +$search_user = GETPOST('search_user', 'intcomma'); +$search_sale = GETPOST('search_sale', 'intcomma'); $search_date_start = GETPOSTDATE('search_date_start', '', 'tzserver'); $search_date_end = GETPOSTDATE('search_date_end', '23:59:59', 'tzserver'); $search_datelimit_startday = GETPOSTINT('search_datelimit_startday'); diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index f12a06e2560..d36587339a1 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -81,8 +81,8 @@ $search_duration = GETPOSTINT('search_duration'); $search_value = GETPOSTINT('search_value'); $search_task_ref = GETPOST('search_task_ref', 'alpha'); $search_task_label = GETPOST('search_task_label', 'alpha'); -$search_user = GETPOSTINT('search_user'); -$search_valuebilled = GETPOSTINT('search_valuebilled'); +$search_user = GETPOST('search_user', 'intcomma'); +$search_valuebilled = GETPOST('search_valuebilled', 'intcomma'); $search_product_ref = GETPOST('search_product_ref', 'alpha'); $search_company = GETPOST('$search_company', 'alpha'); $search_company_alias = GETPOST('$search_company_alias', 'alpha'); diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index f6c08d20e4b..47722583d9c 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -60,8 +60,8 @@ $toselect = GETPOST('toselect', 'array'); $contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'supplierproposallist'; $mode = GETPOST('mode', 'alpha'); -$search_user = GETPOSTINT('search_user'); -$search_sale = GETPOSTINT('search_sale'); +$search_user = GETPOST('search_user', 'intcomma'); +$search_sale = GETPOST('search_sale', 'intcomma'); $search_ref = GETPOST('sf_ref') ? GETPOST('sf_ref', 'alpha') : GETPOST('search_ref', 'alpha'); $search_societe = GETPOST('search_societe', 'alpha'); $search_societe_alias = GETPOST('search_societe_alias', 'alpha'); diff --git a/htdocs/takepos/freezone.php b/htdocs/takepos/freezone.php index bfc26f3677c..793dd261d0b 100644 --- a/htdocs/takepos/freezone.php +++ b/htdocs/takepos/freezone.php @@ -51,6 +51,8 @@ $langs->loadLangs(array("bills", "cashdesk")); $place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : '0'); // $place is id of table for Bar or Restaurant +$invoiceid = GETPOST('invoiceid', 'int'); + $idline = GETPOSTINT('idline'); $action = GETPOST('action', 'aZ09'); @@ -60,12 +62,13 @@ if (!$user->hasRight('takepos', 'run')) { // get invoice $invoice = new Facture($db); -if ($place > 0) { - $invoice->fetch($place); +if ($invoiceid > 0) { + $invoice->fetch($invoiceid); } else { $invoice->fetch('', '(PROV-POS'.$_SESSION['takeposterminal'].'-'.$place.')'); } + // get default vat rate $constforcompanyid = 'CASHDESK_ID_THIRDPARTY'.$_SESSION['takeposterminal']; $soc = new Societe($db); @@ -108,8 +111,8 @@ top_htmlhead('', '', 0, 0, $arrayofjs, $arrayofcss); * Save (validate) */ function Save() { - console.log("We click so we call page invoice.php with place= tva_tx="+vatRate); - parent.$("#poslines").load("invoice.php?action=freezone&token=&place=&number="+$('#number').val()+"&tva_tx="+vatRate, {desc:$('#desc').val()}); + console.log("We click so we call page invoice.php with invoiceid=, place=, amount="+$("#number").val()+", tva_tx="+vatRate); + parent.$("#poslines").load("invoice.php?action=freezone&token=&invoiceid=&place=&number="+$("#number").val()+"&tva_tx="+vatRate, {desc:$("#desc").val()}); parent.$.colorbox.close(); } diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index 952b2d8a7ad..935b8b02e7d 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -535,11 +535,12 @@ function ClickProduct(position, qty = 1) { } else{ console.log($('#prodiv4').data('rowid')); + invoiceid = $("#invoiceid").val(); idproduct=$('#prodiv'+position).data('rowid'); - console.log("Click on product at position "+position+" for idproduct "+idproduct+", qty="+qty); + console.log("Click on product at position "+position+" for idproduct "+idproduct+", qty="+qty+" invoicdeid="+invoiceid); if (idproduct=="") return; // Call page invoice.php to generate the section with product lines - $("#poslines").load("invoice.php?action=addline&token=&place="+place+"&idproduct="+idproduct+"&qty="+qty, function() { + $("#poslines").load("invoice.php?action=addline&token=&place="+place+"&idproduct="+idproduct+"&qty="+qty+"&invoiceid="+invoiceid, function() { @@ -559,8 +560,9 @@ function ChangeThirdparty(idcustomer) { } function deleteline() { - console.log("Delete line"); - $("#poslines").load("invoice.php?action=deleteline&token=&place="+place+"&idline="+selectedline, function() { + invoiceid = $("#invoiceid").val(); + console.log("Delete line invoiceid="+invoiceid); + $("#poslines").load("invoice.php?action=deleteline&token=&place="+place+"&idline="+selectedline+"&invoiceid="+invoiceid, function() { //$('#poslines').scrollTop($('#poslines')[0].scrollHeight); }); ClearSearch(false); @@ -633,8 +635,9 @@ function Floors() { } function FreeZone() { - console.log("Open box to enter a free product"); - $.colorbox({href:"freezone.php?action=freezone&token=&place="+place, width:"80%", height:"40%", transition:"none", iframe:"true", title:"trans("FreeZone"); ?>"}); + invoiceid = $("#invoiceid").val(); + console.log("Open box to enter a free product on invoiceid="+invoiceid); + $.colorbox({href:"freezone.php?action=freezone&token=&place="+place+"&invoiceid="+invoiceid, width:"80%", height:"40%", transition:"none", iframe:"true", title:"trans("FreeZone"); ?>"}); } function TakeposOrderNotes() { diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 2592d778715..5217d61f217 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -520,6 +520,7 @@ if (empty($reshook)) { } } + // If we add a line by click on product (invoice exists here because it was created juste before if it didn't exists) if ($action == "addline" && ($user->hasRight('takepos', 'run') || defined('INCLUDE_PHONEPAGE_FROM_PUBLIC_PAGE'))) { $prod = new Product($db); $prod->fetch($idproduct); @@ -711,6 +712,7 @@ if (empty($reshook)) { $invoice->fetch($placeid); } + // If we add a line by submitting freezone form (invoice exists here because it was created juste before if it didn't exists) if ($action == "freezone" && $user->hasRight('takepos', 'run')) { $customer = new Societe($db); $customer->fetch($invoice->socid); @@ -728,7 +730,10 @@ if (empty($reshook)) { $localtax1_tx = get_localtax($tva_tx, 1, $customer, $mysoc, $tva_npr); $localtax2_tx = get_localtax($tva_tx, 2, $customer, $mysoc, $tva_npr); - $invoice->addline($desc, $number, 1, $tva_tx, $localtax1_tx, $localtax2_tx, 0, 0, '', 0, 0, 0, '', getDolGlobalInt('TAKEPOS_DISCOUNT_TTC') ? ($number >= 0 ? 'HT' : 'TTC') : (getDolGlobalInt('TAKEPOS_CHANGE_PRICE_HT') ? 'HT' : 'TTC'), $number, 0, -1, 0, '', 0, 0, null, '', '', 0, 100, '', null, 0); + $res = $invoice->addline($desc, $number, 1, $tva_tx, $localtax1_tx, $localtax2_tx, 0, 0, '', 0, 0, 0, '', getDolGlobalInt('TAKEPOS_DISCOUNT_TTC') ? ($number >= 0 ? 'HT' : 'TTC') : (getDolGlobalInt('TAKEPOS_CHANGE_PRICE_HT') ? 'HT' : 'TTC'), $number, 0, -1, 0, '', 0, 0, null, '', '', 0, 100, '', null, 0); + if ($res < 0) { + dol_htmloutput_errors($invoice->error, $invoice->errors, 1); + } $invoice->fetch($placeid); }