diff --git a/htdocs/blockedlog/class/blockedlog.class.php b/htdocs/blockedlog/class/blockedlog.class.php
index 6a38bc3ab49..b580b947e6b 100644
--- a/htdocs/blockedlog/class/blockedlog.class.php
+++ b/htdocs/blockedlog/class/blockedlog.class.php
@@ -103,6 +103,7 @@ class BlockedLog
public $ref_object = '';
public $object_data = null;
+ public $user_fullname='';
/**
* Array of tracked event codes
diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php
index f69ccb502fd..235f15d9010 100644
--- a/htdocs/commande/class/commande.class.php
+++ b/htdocs/commande/class/commande.class.php
@@ -1400,7 +1400,6 @@ class Commande extends CommonOrder
$this->line->total_localtax1=$total_localtax1;
$this->line->total_localtax2=$total_localtax2;
$this->line->total_ttc=$total_ttc;
- $this->line->product_type=$type;
$this->line->special_code=$special_code;
$this->line->origin=$origin;
$this->line->origin_id=$origin_id;
diff --git a/htdocs/core/actions_addupdatedelete.inc.php b/htdocs/core/actions_addupdatedelete.inc.php
index 6318e4d5c54..b8ede4d7d14 100644
--- a/htdocs/core/actions_addupdatedelete.inc.php
+++ b/htdocs/core/actions_addupdatedelete.inc.php
@@ -93,8 +93,16 @@ if ($action == 'update' && ! empty($permissiontoadd))
if (in_array($key, array('rowid', 'entity', 'date_creation', 'tms', 'fk_user_creat', 'fk_user_modif', 'import_key'))) continue; // Ignore special fields
// Set value to update
- if (in_array($object->fields[$key]['type'], array('text', 'html'))) $value = GETPOST($key,'none');
- else $value = GETPOST($key,'alpha');
+ if (in_array($object->fields[$key]['type'], array('text', 'html'))) {
+ $value = GETPOST($key,'none');
+ }
+ elseif ($object->fields[$key]['type']=='date') {
+ $value = dol_mktime(12, 0, 0, GETPOST($key.'month'), GETPOST($key.'day'), GETPOST($key.'year'));
+ } elseif ($object->fields[$key]['type']=='datetime') {
+ $value = dol_mktime(GETPOST($key.'hour'), GETPOST($key.'min'), 0, GETPOST($key.'month'), GETPOST($key.'day'), GETPOST($key.'year'));
+ } else {
+ $value = GETPOST($key,'alpha');
+ }
if (preg_match('/^integer:/i', $object->fields[$key]['type']) && $value == '-1') $value=''; // This is an implicit foreign key field
if (! empty($object->fields[$key]['foreignkey']) && $value == '-1') $value=''; // This is an explicit foreign key field
diff --git a/htdocs/core/class/html.formprojet.class.php b/htdocs/core/class/html.formprojet.class.php
index 9f03213a16d..a572d546ca7 100644
--- a/htdocs/core/class/html.formprojet.class.php
+++ b/htdocs/core/class/html.formprojet.class.php
@@ -91,7 +91,7 @@ class FormProjets
}
else
{
- $out.=$this->select_projects_list($socid, $selected, $htmlname, $maxlength, $option_only, $show_empty, $discard_closed, $forcefocus, $disabled, 0, $filterkey, 1, $forceaddid, $htmlid);
+ $out.=$this->select_projects_list($socid, $selected, $htmlname, $maxlength, $option_only, $show_empty, $discard_closed, $forcefocus, $disabled, 0, $filterkey, 1, $forceaddid, $htmlid, $morecss);
}
if ($discard_closed)
{
@@ -177,7 +177,7 @@ class FormProjets
include_once DOL_DOCUMENT_ROOT . '/core/lib/ajax.lib.php';
$comboenhancement = ajax_combobox($htmlid, array(), 0, $forcefocus);
$out.=$comboenhancement;
- $morecss='minwidth100 maxwidth500';
+ $morecss.=' minwidth100';
}
if (empty($option_only)) {
diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index 000c228ef8e..75630841225 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -1260,9 +1260,18 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
if (! empty($conf->stock->enabled))
{
$langs->load("stocks");
- $newmenu->add("/product/inventory/list.php?leftmenu=stock", $langs->trans("Inventory"), 0, $user->rights->stock->lire, '', $mainmenu, 'stock');
- $newmenu->add("/product/inventory/card.php?action=create", $langs->trans("NewInventory"), 1, $user->rights->stock->creer);
- $newmenu->add("/product/inventory/list.php", $langs->trans("List"), 1, $user->rights->stock->lire);
+ if (empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+ {
+ $newmenu->add("/product/inventory/list.php?leftmenu=stock", $langs->trans("Inventory"), 0, $user->rights->stock->lire, '', $mainmenu, 'stock');
+ $newmenu->add("/product/inventory/card.php?action=create", $langs->trans("NewInventory"), 1, $user->rights->stock->creer);
+ $newmenu->add("/product/inventory/list.php", $langs->trans("List"), 1, $user->rights->stock->lire);
+ }
+ else
+ {
+ $newmenu->add("/product/inventory/list.php?leftmenu=stock", $langs->trans("Inventory"), 0, $user->rights->stock->advance_inventory->read, '', $mainmenu, 'stock');
+ $newmenu->add("/product/inventory/card.php?action=create", $langs->trans("NewInventory"), 1, $user->rights->stock->advance_inventory->write);
+ $newmenu->add("/product/inventory/list.php", $langs->trans("List"), 1, $user->rights->stock->advance_inventory->read);
+ }
}
}
diff --git a/htdocs/core/modules/modFournisseur.class.php b/htdocs/core/modules/modFournisseur.class.php
index 92a0ac069ec..69e749a4c92 100644
--- a/htdocs/core/modules/modFournisseur.class.php
+++ b/htdocs/core/modules/modFournisseur.class.php
@@ -530,7 +530,11 @@ class modFournisseur extends DolibarrModules
case 'sellist':
$tmp='';
$tmpparam=unserialize($obj->param); // $tmp ay be array 'options' => array 'c_currencies:code_iso:code_iso' => null
- if ($tmpparam['options'] && is_array($tmpparam['options'])) $tmp=array_shift(array_keys($tmpparam['options']));
+
+ if ($tmpparam['options'] && is_array($tmpparam['options'])) {
+ $tmpparam_param_key=array_keys($tmpparam['options']);
+ $tmp=array_shift($tmpparam_param_key);
+ }
if (preg_match('/[a-z0-9_]+:[a-z0-9_]+:[a-z0-9_]+/', $tmp)) $typeFilter="List:".$tmp;
break;
}
diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php
index d4bc45e925a..68ee395793f 100644
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -52,22 +52,15 @@ $action=GETPOST('action','aZ09');
$cancel=GETPOST('cancel','alpha');
$confirm = GETPOST('confirm', 'alpha');
-$date_start = dol_mktime(0, 0, 0, GETPOST('date_debutmonth'), GETPOST('date_debutday'), GETPOST('date_debutyear'));
-$date_end = dol_mktime(0, 0, 0, GETPOST('date_finmonth'), GETPOST('date_finday'), GETPOST('date_finyear'));
-$date = dol_mktime(0, 0, 0, GETPOST('datemonth'), GETPOST('dateday'), GETPOST('dateyear'));
-$fk_projet=GETPOST('fk_projet');
-$vatrate=GETPOST('vatrate');
+$date_start = dol_mktime(0, 0, 0, GETPOST('date_debutmonth','int'), GETPOST('date_debutday','int'), GETPOST('date_debutyear','int'));
+$date_end = dol_mktime(0, 0, 0, GETPOST('date_finmonth','int'), GETPOST('date_finday','int'), GETPOST('date_finyear','int'));
+$date = dol_mktime(0, 0, 0, GETPOST('datemonth','int'), GETPOST('dateday','int'), GETPOST('dateyear','int'));
+$fk_projet=GETPOST('fk_projet','int');
+$vatrate=GETPOST('vatrate','alpha');
$ref=GETPOST("ref",'alpha');
-$comments=GETPOST('comments');
+$comments=GETPOST('comments','none');
$fk_c_type_fees=GETPOST('fk_c_type_fees','int');
-
-// If socid provided by ajax company selector
-if (! empty($_REQUEST['socid_id']))
-{
- $_GET['socid'] = $_GET['socid_id'];
- $_POST['socid'] = $_POST['socid_id'];
- $_REQUEST['socid'] = $_REQUEST['socid_id'];
-}
+$socid = GETPOST('socid','int')?GETPOST('socid','int'):GETPOST('socid_id','int');
// Security check
$id=GETPOST("id",'int');
@@ -154,7 +147,7 @@ if (empty($reshook))
// Action clone object
if ($action == 'confirm_clone' && $confirm == 'yes' && $user->rights->expensereport->creer)
{
- if (1==0 && ! GETPOST('clone_content') && ! GETPOST('clone_receivers'))
+ if (1==0 && ! GETPOST('clone_content','alpha') && ! GETPOST('clone_receivers','alpha'))
{
setEventMessages($langs->trans("NoCloneOptionsSpecified"), null, 'errors');
}
@@ -181,7 +174,7 @@ if (empty($reshook))
}
}
- if ($action == 'confirm_delete' && GETPOST("confirm") == "yes" && $id > 0 && $user->rights->expensereport->supprimer)
+ if ($action == 'confirm_delete' && GETPOST("confirm",'alpha') == "yes" && $id > 0 && $user->rights->expensereport->supprimer)
{
$object = new ExpenseReport($db);
$result = $object->fetch($id);
@@ -315,7 +308,7 @@ if (empty($reshook))
$action = 'edit_extras';
}
- if ($action == "confirm_validate" && GETPOST("confirm") == "yes" && $id > 0 && $user->rights->expensereport->creer)
+ if ($action == "confirm_validate" && GETPOST("confirm", 'alpha') == "yes" && $id > 0 && $user->rights->expensereport->creer)
{
$error = 0;
@@ -441,7 +434,7 @@ if (empty($reshook))
}
}
- if ($action == "confirm_save_from_refuse" && GETPOST("confirm") == "yes" && $id > 0 && $user->rights->expensereport->creer)
+ if ($action == "confirm_save_from_refuse" && GETPOST("confirm", 'alpha') == "yes" && $id > 0 && $user->rights->expensereport->creer)
{
$object = new ExpenseReport($db);
$object->fetch($id);
@@ -558,7 +551,7 @@ if (empty($reshook))
}
// Approve
- if ($action == "confirm_approve" && GETPOST("confirm") == "yes" && $id > 0 && $user->rights->expensereport->approve)
+ if ($action == "confirm_approve" && GETPOST("confirm", 'alpha') == "yes" && $id > 0 && $user->rights->expensereport->approve)
{
$object = new ExpenseReport($db);
$object->fetch($id);
@@ -681,12 +674,12 @@ if (empty($reshook))
setEventMessages($object->error, $object->errors, 'errors');
}
- if ($action == "confirm_refuse" && GETPOST('confirm')=="yes" && $id > 0 && $user->rights->expensereport->approve)
+ if ($action == "confirm_refuse" && GETPOST('confirm', 'alpha')=="yes" && $id > 0 && $user->rights->expensereport->approve)
{
$object = new ExpenseReport($db);
$object->fetch($id);
- $result = $object->setDeny($user,GETPOST('detail_refuse'));
+ $result = $object->setDeny($user, GETPOST('detail_refuse', 'alpha'));
if ($result > 0)
{
@@ -802,14 +795,14 @@ if (empty($reshook))
}
//var_dump($user->id == $object->fk_user_validator);exit;
- if ($action == "confirm_cancel" && GETPOST('confirm')=="yes" && GETPOST('detail_cancel') && $id > 0 && $user->rights->expensereport->creer)
+ if ($action == "confirm_cancel" && GETPOST('confirm', 'alpha')=="yes" && GETPOST('detail_cancel', 'alpha') && $id > 0 && $user->rights->expensereport->creer)
{
$object = new ExpenseReport($db);
$object->fetch($id);
if ($user->id == $object->fk_user_valid || $user->id == $object->fk_user_author)
{
- $result = $object->set_cancel($user,GETPOST('detail_cancel'));
+ $result = $object->set_cancel($user, GETPOST('detail_cancel', 'alpha'));
if ($result > 0)
{
@@ -925,7 +918,7 @@ if (empty($reshook))
}
}
- if ($action == "confirm_brouillonner" && GETPOST('confirm')=="yes" && $id > 0 && $user->rights->expensereport->creer)
+ if ($action == "confirm_brouillonner" && GETPOST('confirm', 'alpha')=="yes" && $id > 0 && $user->rights->expensereport->creer)
{
$object = new ExpenseReport($db);
$object->fetch($id);
@@ -1093,10 +1086,10 @@ if (empty($reshook))
if (empty($vatrate)) $vatrate = "0.000";
$vatrate = price2num($vatrate);
- $value_unit=price2num(GETPOST('value_unit'),'MU');
- $fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat');
+ $value_unit=price2num(GETPOST('value_unit', 'alpha'),'MU');
+ $fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int');
- $qty = GETPOST('qty','int');
+ $qty = GETPOST('qty','int');
if (empty($qty)) $qty=1;
if (! $fk_c_type_fees > 0)
@@ -1130,7 +1123,7 @@ if (empty($reshook))
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Date")), null, 'errors');
}
// Si aucun prix n'est rentré
- if($value_unit==0)
+ if ($value_unit==0)
{
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("PriceUTTC")), null, 'errors');
@@ -1177,17 +1170,17 @@ if (empty($reshook))
$action='';
}
- if ($action == 'confirm_delete_line' && GETPOST("confirm") == "yes" && $user->rights->expensereport->creer)
+ if ($action == 'confirm_delete_line' && GETPOST("confirm", 'alpha') == "yes" && $user->rights->expensereport->creer)
{
$object = new ExpenseReport($db);
$object->fetch($id);
$object_ligne = new ExpenseReportLine($db);
- $object_ligne->fetch(GETPOST("rowid"));
+ $object_ligne->fetch(GETPOST("rowid", 'int'));
$total_ht = $object_ligne->total_ht;
$total_tva = $object_ligne->total_tva;
- $result=$object->deleteline(GETPOST("rowid"), $user);
+ $result=$object->deleteline(GETPOST("rowid", 'int'), $user);
if ($result >= 0)
{
if ($result > 0)
@@ -1226,19 +1219,19 @@ if (empty($reshook))
$object->fetch($id);
$rowid = $_POST['rowid'];
- $type_fees_id = GETPOST('fk_c_type_fees');
- $fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat');
+ $type_fees_id = GETPOST('fk_c_type_fees', 'int');
+ $fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int');
$projet_id = $fk_projet;
- $comments = GETPOST('comments');
- $qty = GETPOST('qty');
- $value_unit = GETPOST('value_unit');
- $vatrate = GETPOST('vatrate');
+ $comments = GETPOST('comments', 'none');
+ $qty = GETPOST('qty', 'int');
+ $value_unit = price2num(GETPOST('value_unit', 'alpha'), 'MU');
+ $vatrate = GETPOST('vatrate', 'alpha');
// if VAT is not used in Dolibarr, set VAT rate to 0 because VAT rate is necessary.
if (empty($vatrate)) $vatrate = "0.000";
$vatrate = price2num($vatrate);
- if (! GETPOST('fk_c_type_fees') > 0)
+ if (! GETPOST('fk_c_type_fees', 'int') > 0)
{
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type")), null, 'errors');
@@ -1354,7 +1347,7 @@ if ($action == 'create')
print '| '.$langs->trans("User").' | ';
print '';
$defaultselectuser=$user->id;
- if (GETPOST('fk_user_author') > 0) $defaultselectuser=GETPOST('fk_user_author');
+ if (GETPOST('fk_user_author', 'int') > 0) $defaultselectuser=GETPOST('fk_user_author', 'int');
$include_users = 'hierarchyme';
if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS) && ! empty($user->rights->expensereport->writeall_advance)) $include_users=array();
$s=$form->select_dolusers($defaultselectuser, "fk_user_author", 0, "", 0, $include_users);
@@ -1372,7 +1365,7 @@ if ($action == 'create')
{
$defaultselectuser=$user->fk_user; // Will work only if supervisor has permission to approve so is inside include_users
if (! empty($conf->global->EXPENSEREPORT_DEFAULT_VALIDATOR)) $defaultselectuser=$conf->global->EXPENSEREPORT_DEFAULT_VALIDATOR; // Can force default approver
- if (GETPOST('fk_user_validator') > 0) $defaultselectuser=GETPOST('fk_user_validator');
+ if (GETPOST('fk_user_validator', 'int') > 0) $defaultselectuser=GETPOST('fk_user_validator', 'int');
$s=$form->select_dolusers($defaultselectuser, "fk_user_validator", 1, "", 0, $include_users);
print $form->textwithpicto($s, $langs->trans("AnyOtherInThisListCanValidate"));
}
@@ -1630,7 +1623,7 @@ else
if ($action == 'delete_line')
{
- $formconfirm=$form->form_confirm($_SERVER["PHP_SELF"]."?id=".$id."&rowid=".GETPOST('rowid'),$langs->trans("DeleteLine"),$langs->trans("ConfirmDeleteLine"),"confirm_delete_line",'','yes',1);
+ $formconfirm=$form->form_confirm($_SERVER["PHP_SELF"]."?id=".$id."&rowid=".GETPOST('rowid','int'),$langs->trans("DeleteLine"),$langs->trans("ConfirmDeleteLine"),"confirm_delete_line",'','yes',1);
}
// Print form confirm
@@ -2006,7 +1999,7 @@ else
{
$numline = $i + 1;
- if ($action != 'editline' || $line->rowid != GETPOST('rowid'))
+ if ($action != 'editline' || $line->rowid != GETPOST('rowid', 'int'))
{
print ' | ';
@@ -2037,15 +2030,14 @@ else
print dol_getIdFromCode($db, $line->fk_c_exp_tax_cat, 'c_exp_tax_cat', 'rowid', 'label');
print '';
}
- // print '| '.$langs->trans("TF_".strtoupper(empty($objp->type_fees_libelle)?'OTHER':$objp->type_fees_libelle)).' | ';
- print '';
+ print ' | ';
$labeltype = ($langs->trans(($line->type_fees_code)) == $line->type_fees_code ? $line->type_fees_libelle : $langs->trans($line->type_fees_code));
print $labeltype;
print ' | ';
- print ''.$line->comments.' | ';
+ print ''.dol_escape_htmltag($line->comments).' | ';
print ''.vatrate($line->vatrate,true).' | ';
print ''.price($line->value_unit).' | ';
- print ''.$line->qty.' | ';
+ print ''.dol_escape_htmltag($line->qty).' | ';
if ($action != 'editline')
{
@@ -2071,7 +2063,7 @@ else
print '
';
}
- if ($action == 'editline' && $line->rowid == GETPOST('rowid'))
+ if ($action == 'editline' && $line->rowid == GETPOST('rowid', 'int'))
{
print '';
@@ -2105,7 +2097,7 @@ else
// Add comments
print '| ';
- print '';
+ print '';
print ' | ';
// VAT
@@ -2115,12 +2107,12 @@ else
// Unit price
print '';
- print '';
+ print '';
print ' | ';
// Quantity
print '';
- print '';
+ print '';
print ' | ';
if ($action != 'editline')
@@ -2156,7 +2148,7 @@ else
print ' | ';
print '
';
- print '';
+ print '
';
print ' | ';
@@ -2169,7 +2161,7 @@ else
if (! empty($conf->projet->enabled))
{
print '';
- $formproject->select_projects(-1, $fk_projet, 'fk_projet', 0, 0, 1, 1);
+ $formproject->select_projects(-1, $fk_projet, 'fk_projet', 0, 0, 1, 1, 0, 0, 0, '', 0, 0, 'maxwidth300');
print ' | ';
}
@@ -2188,7 +2180,7 @@ else
// Add comments
print '';
- print '';
+ print '';
print ' | ';
// Select VAT
@@ -2200,12 +2192,12 @@ else
// Unit price
print '';
- print '';
+ print '';
print ' | ';
// Quantity
print '';
- print ''; // We must be able to enter decimal qty
+ print ''; // We must be able to enter decimal qty
print ' | ';
if ($action != 'editline')
@@ -2411,7 +2403,7 @@ print '';
// Select mail models is same action as presend
-if (GETPOST('modelselected')) {
+if (GETPOST('modelselected', 'alpha')) {
$action = 'presend';
}
diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php
index 28870cc78de..6c197b16e01 100644
--- a/htdocs/expensereport/class/expensereport.class.php
+++ b/htdocs/expensereport/class/expensereport.class.php
@@ -2477,24 +2477,22 @@ class ExpenseReportLine
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'expensereport_det';
$sql.= ' (fk_expensereport, fk_c_type_fees, fk_projet,';
$sql.= ' tva_tx, vat_src_code, comments, qty, value_unit, total_ht, total_tva, total_ttc, date, rule_warning_message, fk_c_exp_tax_cat)';
- $sql.= " VALUES (".$this->fk_expensereport.",";
- $sql.= " ".$this->fk_c_type_fees.",";
- $sql.= " ".($this->fk_projet>0?$this->fk_projet:'null').",";
- $sql.= " ".$this->vatrate.",";
+ $sql.= " VALUES (".$this->db->escape($this->fk_expensereport).",";
+ $sql.= " ".$this->db->escape($this->fk_c_type_fees).",";
+ $sql.= " ".$this->db->escape($this->fk_projet>0?$this->fk_projet:'null').",";
+ $sql.= " ".$this->db->escape($this->vatrate).",";
$sql.= " '".$this->db->escape($this->vat_src_code)."',";
$sql.= " '".$this->db->escape($this->comments)."',";
- $sql.= " ".$this->qty.",";
- $sql.= " ".$this->value_unit.",";
- $sql.= " ".$this->total_ht.",";
- $sql.= " ".$this->total_tva.",";
- $sql.= " ".$this->total_ttc.",";
+ $sql.= " ".$this->db->escape($this->qty).",";
+ $sql.= " ".$this->db->escape($this->value_unit).",";
+ $sql.= " ".$this->db->escape($this->total_ht).",";
+ $sql.= " ".$this->db->escape($this->total_tva).",";
+ $sql.= " ".$this->db->escape($this->total_ttc).",";
$sql.= "'".$this->db->idate($this->date)."',";
$sql.= " '".$this->db->escape($this->rule_warning_message)."',";
- $sql.= " ".$this->fk_c_exp_tax_cat;
+ $sql.= " ".$this->db->escape($this->fk_c_exp_tax_cat);
$sql.= ")";
- dol_syslog("ExpenseReportLine::insert sql=".$sql);
-
$resql=$this->db->query($sql);
if ($resql)
{
@@ -2598,21 +2596,21 @@ class ExpenseReportLine
// Update line in database
$sql = "UPDATE ".MAIN_DB_PREFIX."expensereport_det SET";
$sql.= " comments='".$this->db->escape($this->comments)."'";
- $sql.= ",value_unit=".$this->value_unit;
- $sql.= ",qty=".$this->qty;
+ $sql.= ",value_unit=".$this->db->escape($this->value_unit);
+ $sql.= ",qty=".$this->db->escape($this->qty);
$sql.= ",date='".$this->db->idate($this->date)."'";
- $sql.= ",total_ht=".$this->total_ht."";
- $sql.= ",total_tva=".$this->total_tva."";
- $sql.= ",total_ttc=".$this->total_ttc."";
- $sql.= ",tva_tx=".$this->vatrate;
+ $sql.= ",total_ht=".$this->db->escape($this->total_ht)."";
+ $sql.= ",total_tva=".$this->db->escape($this->total_tva)."";
+ $sql.= ",total_ttc=".$this->db->escape($this->total_ttc)."";
+ $sql.= ",tva_tx=".$this->db->escape($this->vatrate);
$sql.= ",vat_src_code='".$this->db->escape($this->vat_src_code)."'";
$sql.= ",rule_warning_message='".$this->db->escape($this->rule_warning_message)."'";
- $sql.= ",fk_c_exp_tax_cat=".$this->fk_c_exp_tax_cat;
- if ($this->fk_c_type_fees) $sql.= ",fk_c_type_fees=".$this->fk_c_type_fees;
+ $sql.= ",fk_c_exp_tax_cat=".$this->db->escape($this->fk_c_exp_tax_cat);
+ if ($this->fk_c_type_fees) $sql.= ",fk_c_type_fees=".$this->db->escape($this->fk_c_type_fees);
else $sql.= ",fk_c_type_fees=null";
- if ($this->fk_projet) $sql.= ",fk_projet=".$this->fk_projet;
+ if ($this->fk_projet) $sql.= ",fk_projet=".$this->db->escape($this->fk_projet);
else $sql.= ",fk_projet=null";
- $sql.= " WHERE rowid = ".$this->rowid;
+ $sql.= " WHERE rowid = ".$this->db->escape($this->rowid);
dol_syslog("ExpenseReportLine::update sql=".$sql);
diff --git a/htdocs/expensereport/note.php b/htdocs/expensereport/note.php
index 8376733d634..a715d85f6a6 100644
--- a/htdocs/expensereport/note.php
+++ b/htdocs/expensereport/note.php
@@ -19,9 +19,9 @@
*/
/**
- * \file htdocs/commande/note.php
- * \ingroup commande
- * \brief Fiche de notes sur une commande
+ * \file htdocs/expensereport/note.php
+ * \ingroup expensereport
+ * \brief Tab for notes on expense reports
*/
require '../main.inc.php';
@@ -90,7 +90,7 @@ if ($id > 0 || ! empty($ref))
print '';
print '
';
-
+var_dump($value_public);
$cssclass="titlefield";
include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php';
diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php
index b06b6188183..3e7f275741d 100644
--- a/htdocs/fourn/class/fournisseur.commande.class.php
+++ b/htdocs/fourn/class/fournisseur.commande.class.php
@@ -318,8 +318,6 @@ class CommandeFournisseur extends CommonOrder
if ($this->statut == 0) $this->brouillon = 1;
- $this->fetchObjectLinked();
-
//$result=$this->fetch_lines();
$this->lines=array();
diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php
index 13027312f44..a9b207a9ee9 100644
--- a/htdocs/fourn/commande/card.php
+++ b/htdocs/fourn/commande/card.php
@@ -2498,7 +2498,7 @@ elseif (! empty($object->id))
print $form->select_date('','',1,1,'',"commande",1,1,1);
print "
\n";
- print "| ".$langs->trans("Delivery")." | \n";
+ print " |
| ".$langs->trans("Delivery")." | \n";
$liv = array();
$liv[''] = ' ';
$liv['tot'] = $langs->trans("CompleteOrNoMoreReceptionExpected");
diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php
index 049f158a0be..04c039cfbb1 100644
--- a/htdocs/fourn/commande/dispatch.php
+++ b/htdocs/fourn/commande/dispatch.php
@@ -457,7 +457,7 @@ if ($id > 0 || ! empty($ref)) {
print '';
print '';
- print '';
+ print ' ';
print ' ';
// Set $products_dispatched with qty dispatched for each product id
diff --git a/htdocs/holiday/define_holiday.php b/htdocs/holiday/define_holiday.php
index e4421505b00..4bc17e026df 100644
--- a/htdocs/holiday/define_holiday.php
+++ b/htdocs/holiday/define_holiday.php
@@ -216,8 +216,9 @@ if (empty($user->rights->holiday->read_all))
$userchilds=$user->getAllChildIds(1);
$filters.=' AND u.rowid IN ('.join(', ',$userchilds).')';
}
-
-$filters.=natural_search(array('u.firstname','u.lastname'), $search_name);
+if (!empty($search_name)) {
+ $filters.=natural_search(array('u.firstname','u.lastname'), $search_name);
+}
if ($search_supervisor > 0) $filters.=natural_search(array('u.fk_user'), $search_supervisor, 2);
$listUsers = $holiday->fetchUsers(false, true, $filters);
diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index 9779b51f200..8b6cc95368e 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -1661,7 +1661,7 @@ class Product extends CommonObject
* @param string $newdefaultvatcode Default vat code
* @return int <0 if KO, >0 if OK
*/
- function updatePrice($newprice, $newpricebase, $user, $newvat='',$newminprice='', $level=0, $newnpr=0, $newpbq=0, $ignore_autogen=0, $localtaxes_array=array(), $newdefaultvatcode='')
+ function updatePrice($newprice, $newpricebase, $user, $newvat='',$newminprice=0, $level=0, $newnpr=0, $newpbq=0, $ignore_autogen=0, $localtaxes_array=array(), $newdefaultvatcode='')
{
global $conf,$langs;
@@ -1689,7 +1689,7 @@ class Product extends CommonObject
return -1;
}
- if ($newprice!='' || $newprice==0)
+ if ($newprice !== '' || $newprice === 0)
{
if ($newpricebase == 'TTC')
{
@@ -1697,7 +1697,7 @@ class Product extends CommonObject
$price = price2num($newprice) / (1 + ($newvat / 100));
$price = price2num($price,'MU');
- if ($newminprice!='' || $newminprice==0)
+ if ($newminprice != '' || $newminprice == 0)
{
$price_min_ttc = price2num($newminprice,'MU');
$price_min = price2num($newminprice) / (1 + ($newvat / 100));
@@ -1715,8 +1715,8 @@ class Product extends CommonObject
$price_ttc = ( $newnpr != 1 ) ? price2num($newprice) * (1 + ($newvat / 100)) : $price;
$price_ttc = price2num($price_ttc,'MU');
- if ($newminprice!='' || $newminprice==0)
- {
+ if ( $newminprice !== '' || $newminprice === 0)
+ {
$price_min = price2num($newminprice,'MU');
$price_min_ttc = price2num($newminprice) * (1 + ($newvat / 100));
$price_min_ttc = price2num($price_min_ttc,'MU');
@@ -2279,6 +2279,35 @@ class Product extends CommonObject
}
}
}
+
+ // If stock decrease is on invoice validation, the theorical stock continue to
+ // count the orders to ship in theorical stock when some are already removed b invoice validation.
+ // If option DECREASE_ONLY_UNINVOICEDPRODUCTS is on, we make a compensation.
+ if (! empty($conf->global->STOCK_CALCULATE_ON_BILL))
+ {
+ if (! empty($conf->global->DECREASE_ONLY_UNINVOICEDPRODUCTS))
+ {
+ $adeduire = 0;
+ $sql = "SELECT sum(fd.qty) as count FROM ".MAIN_DB_PREFIX."facturedet fd ";
+ $sql .= " JOIN ".MAIN_DB_PREFIX."facture f ON fd.fk_facture = f.rowid ";
+ $sql .= " JOIN ".MAIN_DB_PREFIX."element_element el ON el.fk_target = f.rowid and el.targettype = 'facture' and sourcetype = 'commande'";
+ $sql .= " JOIN ".MAIN_DB_PREFIX."commande c ON el.fk_source = c.rowid ";
+ $sql .= " WHERE c.fk_statut IN (".$filtrestatut.") AND c.facture = 0 AND fd.fk_product = ".$this->id;
+ dol_syslog(__METHOD__.":: sql $sql", LOG_NOTICE);
+
+ $resql = $this->db->query($sql);
+ if ( $resql )
+ {
+ if ($this->db->num_rows($resql) > 0)
+ {
+ $obj = $this->db->fetch_object($resql);
+ $adeduire += $obj->count;
+ }
+ }
+
+ $this->stats_commande['qty'] -= $adeduire;
+ }
+ }
return 1;
}
diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php
index 84db46c879f..9c08fee974c 100644
--- a/htdocs/product/inventory/card.php
+++ b/htdocs/product/inventory/card.php
@@ -36,6 +36,15 @@ $action = GETPOST('action', 'alpha');
$cancel = GETPOST('cancel', 'aZ09');
$backtopage = GETPOST('backtopage', 'alpha');
+if (empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+{
+ $result = restrictedArea($user, 'stock', $id);
+}
+else
+{
+ $result = restrictedArea($user, 'stock', $id, '', 'advance_inventory');
+}
+
// Initialize technical objects
$object=new Inventory($db);
$extrafields = new ExtraFields($db);
@@ -66,6 +75,16 @@ $extralabels = $extrafields->fetch_name_optionals_label($object->table_element);
// Load object
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
+if (empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+{
+ $permissiontoadd = $user->rights->stock->write;
+ $permissiontodelete = $user->rights->stock->write;
+}
+else
+{
+ $permissiontoadd = $user->rights->stock->advance_inventory->create;
+ $permissiontodelete = $user->rights->stock->advance_inventory->write;
+}
/*
@@ -80,8 +99,6 @@ if (empty($reshook))
{
$error=0;
- $permissiontoadd = $user->rights->stock->creer;
- $permissiontodelete = $user->rights->stock->supprimer;
$backurlforlist = DOL_URL_ROOT.'/product/inventory/list.php';
// Actions cancel, add, update or delete
@@ -327,7 +344,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
// Send
print '' . $langs->trans('SendMail') . ''."\n";
- if ($user->rights->inventory->write)
+ if ($permissiontoadd)
{
print ''.$langs->trans("Modify").''."\n";
}
@@ -336,7 +353,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
print ''.$langs->trans('Modify').''."\n";
}
- if ($user->rights->inventory->delete)
+ if ($permissiontodelete)
{
print ''.$langs->trans('Delete').''."\n";
}
diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php
index f9fef88edce..8175d89d4ab 100644
--- a/htdocs/product/inventory/list.php
+++ b/htdocs/product/inventory/list.php
@@ -72,6 +72,14 @@ if ($user->societe_id > 0)
//$socid = $user->societe_id;
accessforbidden();
}
+if (empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+{
+ $result = restrictedArea($user, 'stock', $objectid);
+}
+else
+{
+ $result = restrictedArea($user, 'stock', $objectid, '', 'advance_inventory');
+}
// Initialize array of search criterias
$search_all=trim(GETPOST("search_all",'alpha'));
diff --git a/htdocs/variants/combinations.php b/htdocs/variants/combinations.php
index 3101d44ecf5..84f3b7fa91c 100644
--- a/htdocs/variants/combinations.php
+++ b/htdocs/variants/combinations.php
@@ -346,12 +346,12 @@ if (! empty($id) || ! empty($ref))
foreach ($prodattr_all as $each) {
$prodattr_alljson[$each->id] = $each;
}
-
+
?>
|