diff --git a/SECURITY.md b/SECURITY.md index f63f9c3f277..7d65b7e98e4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -12,7 +12,7 @@ This file contains some policies about the security reports on Dolibarr ERP CRM ## Reporting a Vulnerability -To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (or alternatively send an email to security@dolibarr.org) +To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (if you have permissions) or alternatively send an email to security@dolibarr.org (for everybody) ## Hunting vulnerabilities on Dolibarr @@ -55,7 +55,7 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us * $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value) * $dolibarr_main_force_https must be set to something else than 0. * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be set to 1 soon by default) -* The module DebugBar and ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) +* The module DebugBar and ModuleBuilder must NOT be enabled (by default, these modules are not enabled. They are developer tools) * ONLY security reports on modules provided by default and with the "stable" status are valid (troubles into "experimental", "developement" or external modules are not valid vulnerabilities). * The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer). * The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly. @@ -65,12 +65,12 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us Scope is the web application (back office) and the APIs. -## Qualifying vulnerabilities for Bug bounty programs +## Qualifying vulnerabilities for reporting * Remote code execution (RCE) * Local files access and manipulation (LFI, RFI, XXE, SSRF, XSPA) * Code injections (HTML, JS, SQL, PHP, ...) -* Cross-Site Scripting (XSS) +* Cross-Site Scripting (XSS), except from setup page of module "External web site" (allowing any content here, editable by admin user only, is accepted on purpose or into module "Web site" when permission to edit website content is allowed). * Cross-Site Requests Forgery (CSRF) with real security impact (when using GET URLs, CSRF are qualified only for creating, updating or deleting data from pages restricted to admin users) * Open redirect * Broken authentication & session management @@ -82,7 +82,7 @@ Scope is the web application (back office) and the APIs. * Stack traces or path disclosure (for non admin users only) -## Non-qualifying vulnerabilities for Bug bounty programs, but qualified for reporting +## Non-qualifying vulnerabilities for reporting * "Self" XSS * SSL/TLS best practices diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index 8982376ded6..cf2bd2065a2 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -582,6 +582,10 @@ if ($resql) { $i++; } + if ($num == 0) { + print ''.$langs->trans("None").''; + } + print ""; print ""; print ''; diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index 8f7d869479d..0ebba6c18a4 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -180,10 +180,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { } } // Other checks - if ($tabname[$id] == MAIN_DB_PREFIX."c_actioncomm" && GETPOSTISSET("type") && in_array($_POST["type"], array('system', 'systemauto'))) { - $ok = 0; - setEventMessages($langs->transnoentities('ErrorReservedTypeSystemSystemAuto'), null, 'errors'); - } if (GETPOSTISSET("pcg_version")) { if (GETPOST("pcg_version") == '0') { $ok = 0; diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index 89c8a2b3b71..deae39aef54 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -185,7 +185,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { } } if (GETPOSTISSET("code")) { - if ($_POST["code"] == '0') { + if (GETPOST("code") == '0') { $ok = 0; setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors'); } diff --git a/htdocs/accountancy/admin/fiscalyear_card.php b/htdocs/accountancy/admin/fiscalyear_card.php index 410807144f5..16463ec027b 100644 --- a/htdocs/accountancy/admin/fiscalyear_card.php +++ b/htdocs/accountancy/admin/fiscalyear_card.php @@ -121,8 +121,8 @@ if ($action == 'confirm_delete' && $confirm == "yes") { if (!GETPOST('cancel', 'alpha')) { $result = $object->fetch($id); - $object->date_start = empty($_POST["fiscalyear"]) ? '' : $date_start; - $object->date_end = empty($_POST["fiscalyearend"]) ? '' : $date_end; + $object->date_start = GETPOST("fiscalyear") ? $date_start : ''; + $object->date_end = GETPOST("fiscalyearend") ? $date_end : ''; $object->label = GETPOST('label', 'alpha'); $object->statut = GETPOST('statut', 'int'); diff --git a/htdocs/adherents/canvas/actions_adherentcard_common.class.php b/htdocs/adherents/canvas/actions_adherentcard_common.class.php index 970609fce65..3c6e72cc783 100644 --- a/htdocs/adherents/canvas/actions_adherentcard_common.class.php +++ b/htdocs/adherents/canvas/actions_adherentcard_common.class.php @@ -253,23 +253,23 @@ abstract class ActionsAdherentCardCommon // phpcs:enable global $langs, $mysoc; - $this->object->old_name = $_POST["old_name"]; - $this->object->old_firstname = $_POST["old_firstname"]; + $this->object->old_name = GETPOST("old_name"); + $this->object->old_firstname = GETPOST("old_firstname"); - $this->object->fk_soc = $_POST["fk_soc"]; - $this->object->lastname = $_POST["lastname"]; - $this->object->firstname = $_POST["firstname"]; - $this->object->civility_id = $_POST["civility_id"]; - $this->object->address = $_POST["address"]; - $this->object->zip = $_POST["zipcode"]; - $this->object->town = $_POST["town"]; - $this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id; - $this->object->state_id = $_POST["state_id"]; - $this->object->phone_perso = $_POST["phone_perso"]; - $this->object->phone_mobile = $_POST["phone_mobile"]; - $this->object->email = $_POST["email"]; - $this->object->note = $_POST["note"]; - $this->object->canvas = $_POST["canvas"]; + $this->object->fk_soc = GETPOST("fk_soc"); + $this->object->lastname = GETPOST("lastname"); + $this->object->firstname = GETPOST("firstname"); + $this->object->civility_id = GETPOST("civility_id"); + $this->object->address = GETPOST("address"); + $this->object->zip = GETPOST("zipcode"); + $this->object->town = GETPOST("town"); + $this->object->country_id = GETPOST("country_id", 'int') ? GETPOST("country_id", 'int') : $mysoc->country_id; + $this->object->state_id = GETPOST("state_id", 'int'); + $this->object->phone_perso = GETPOST("phone_perso"); + $this->object->phone_mobile = GETPOST("phone_mobile"); + $this->object->email = GETPOST("email", 'alphawithlgt'); + $this->object->note = GETPOST("note", 'restricthtml'); + $this->object->canvas = GETPOST("canvas"); // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 8803ce032fa..cf6f9d54649 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1141,7 +1141,7 @@ class Adherent extends CommonObject $this->db->begin(); // If user is linked to this member, remove old link to this member - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".((int) $this->id); dol_syslog(get_class($this)."::setUserId", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1152,7 +1152,7 @@ class Adherent extends CommonObject // Set link to user if ($userid > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id); $sql .= " WHERE rowid = ".$userid; dol_syslog(get_class($this)."::setUserId", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 8e1b9093e77..ecc0e1cfe47 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -44,6 +44,7 @@ $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $rowid = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int'); $typeid = GETPOST('typeid', 'int'); +$cancel = GETPOST('cancel'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; @@ -148,19 +149,18 @@ if (empty($reshook) && $action == 'confirm_create_thirdparty' && $confirm == 'ye if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer)) { $error = 0; if (empty($user->rights->user->user->creer)) { // If can edit only itself user, we can link to itself only - if ($_POST["userid"] != $user->id && $_POST["userid"] != $object->user_id) { + if (GETPOST("userid", 'int') != $user->id && GETPOST("userid", 'int') != $object->user_id) { $error++; setEventMessages($langs->trans("ErrorUserPermissionAllowsToLinksToItselfOnly"), null, 'errors'); } } if (!$error) { - if ($_POST["userid"] != $object->user_id) { // If link differs from currently in database - $result = $object->setUserId($_POST["userid"]); + if (GETPOST("userid", 'int') != $object->user_id) { // If link differs from currently in database + $result = $object->setUserId(GETPOST("userid", 'int')); if ($result < 0) { dol_print_error('', $object->error); } - $_POST['action'] = ''; $action = ''; } } @@ -190,14 +190,13 @@ if (empty($reshook) && $action == 'setsocid') { if ($result < 0) { dol_print_error('', $object->error); } - $_POST['action'] = ''; $action = ''; } } } } -if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !$_POST["cancel"]) { +if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !$cancel) { $error = 0; $langs->load("banks"); @@ -209,25 +208,25 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! $datesubscription = 0; $datesubend = 0; $paymentdate = 0; - if ($_POST["reyear"] && $_POST["remonth"] && $_POST["reday"]) { - $datesubscription = dol_mktime(0, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); + if (GETPOST("reyear", "int") && GETPOST("remonth", "int") && GETPOST("reday", "int")) { + $datesubscription = dol_mktime(0, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int")); } - if ($_POST["endyear"] && $_POST["endmonth"] && $_POST["endday"]) { - $datesubend = dol_mktime(0, 0, 0, $_POST["endmonth"], $_POST["endday"], $_POST["endyear"]); + if (GETPOST("endyear", 'int') && GETPOST("endmonth", 'int') && GETPOST("endday", 'int')) { + $datesubend = dol_mktime(0, 0, 0, GETPOST("endmonth", 'int'), GETPOST("endday", 'int'), GETPOST("endyear", 'int')); } - if ($_POST["paymentyear"] && $_POST["paymentmonth"] && $_POST["paymentday"]) { - $paymentdate = dol_mktime(0, 0, 0, $_POST["paymentmonth"], $_POST["paymentday"], $_POST["paymentyear"]); + if (GETPOST("paymentyear", 'int') && GETPOST("paymentmonth", 'int') && GETPOST("paymentday", 'int')) { + $paymentdate = dol_mktime(0, 0, 0, GETPOST("paymentmonth", 'int'), GETPOST("paymentday", 'int'), GETPOST("paymentyear", 'int')); } $amount = price2num(GETPOST("subscription", 'alpha')); // Amount of subscription - $label = $_POST["label"]; + $label = GETPOST("label"); // Payment informations - $accountid = $_POST["accountid"]; - $operation = $_POST["operation"]; // Payment mode + $accountid = GETPOST("accountid", 'int'); + $operation = GETPOST("operation", "alphanohtml"); // Payment mode $num_chq = GETPOST("num_chq", "alphanohtml"); - $emetteur_nom = $_POST["chqemetteur"]; - $emetteur_banque = $_POST["chqbank"]; - $option = $_POST["paymentsave"]; + $emetteur_nom = GETPOST("chqemetteur"); + $emetteur_banque = GETPOST("chqbank"); + $option = GETPOST("paymentsave"); if (empty($option)) { $option = 'none'; } @@ -267,19 +266,19 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! $error++; $action = 'addsubscription'; } else { - if (!empty($conf->banque->enabled) && $_POST["paymentsave"] != 'none') { - if ($_POST["subscription"]) { - if (!$_POST["label"]) { + if (!empty($conf->banque->enabled) && GETPOST("paymentsave") != 'none') { + if (GETPOST("subscription")) { + if (!GETPOST("label")) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")); } - if ($_POST["paymentsave"] != 'invoiceonly' && !$_POST["operation"]) { + if (GETPOST("paymentsave") != 'invoiceonly' && !GETPOST("operation")) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")); } - if ($_POST["paymentsave"] != 'invoiceonly' && !($_POST["accountid"] > 0)) { + if (GETPOST("paymentsave") != 'invoiceonly' && !(GETPOST("accountid", 'int') > 0)) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("FinancialAccount")); } } else { - if ($_POST["accountid"]) { + if (GETPOST("accountid")) { $errmsg = $langs->trans("ErrorDoNotProvideAccountsIfNullAmount"); } } @@ -453,7 +452,8 @@ if ($optioncss != '') { if ($rowid > 0) { $res = $object->fetch($rowid); if ($res < 0) { - dol_print_error($db, $object->error); exit; + dol_print_error($db, $object->error); + exit; } $adht->fetch($object->typeid); @@ -847,7 +847,7 @@ if ($rowid > 0) { }); '; if (GETPOST('paymentsave')) { - print '$("#'.GETPOST('paymentsave').'").prop("checked",true);'; + print '$("#'.GETPOST('paymentsave', 'aZ09').'").prop("checked", true);'; } print '});'; print ''."\n"; @@ -1038,6 +1038,7 @@ if ($rowid > 0) { // Bank account print ''.$langs->trans("FinancialAccount").''; + print img_picto('', 'bank_account'); $form->select_comptes(GETPOST('accountid'), 'accountid', 0, '', 2); print "\n"; diff --git a/htdocs/adherents/subscription/list.php b/htdocs/adherents/subscription/list.php index 27c3dd247c7..bf18a851efb 100644 --- a/htdocs/adherents/subscription/list.php +++ b/htdocs/adherents/subscription/list.php @@ -547,8 +547,8 @@ while ($i < min($num, $limit)) { // Label if (!empty($arrayfields['t.libelle']['checked'])) { - print ''; - print dol_trunc($obj->note, 128); + print ''; + print $obj->note; print ''; if (!$i) { $totalarray['nbfield']++; @@ -586,7 +586,7 @@ while ($i < min($num, $limit)) { } // Price if (!empty($arrayfields['d.amount']['checked'])) { - print ''.price($obj->subscription).''; + print ''.price($obj->subscription).''; if (!$i) { $totalarray['nbfield']++; } diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index b28c81a25b1..5b89eefc4f7 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -49,8 +49,8 @@ $boxes = array(); */ if ($action == 'addconst') { - dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", $_POST["MAIN_BOXES_MAXLINES"], '', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", $_POST["MAIN_ACTIVATE_FILECACHE"], 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", GETPOST("MAIN_BOXES_MAXLINES", 'int'), '', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", GETPOST("MAIN_ACTIVATE_FILECACHE", 'alpha'), 'chaine', 0, '', $conf->entity); } if ($action == 'add') { diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index d78ba486224..f0bb3ea9067 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -211,7 +211,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha')) dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION", $uselocaltax1, 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION", $uselocaltax2, 'chaine', 0, '', $conf->entity); - if ($_POST["optionlocaltax1"] == "localtax1on") { + if (GETPOST("optionlocaltax1") == "localtax1on") { if (!GETPOSTISSET('lt1')) { dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", 0, 'chaine', 0, '', $conf->entity); } else { @@ -219,7 +219,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha')) } dolibarr_set_const($db, "MAIN_INFO_LOCALTAX_CALC1", GETPOST("clt1", 'aZ09'), 'chaine', 0, '', $conf->entity); } - if ($_POST["optionlocaltax2"] == "localtax2on") { + if (GETPOST("optionlocaltax2") == "localtax2on") { if (!GETPOSTISSET('lt2')) { dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", 0, 'chaine', 0, '', $conf->entity); } else { diff --git a/htdocs/admin/delais.php b/htdocs/admin/delais.php index 6c0cd230cc9..4fe21a8460b 100644 --- a/htdocs/admin/delais.php +++ b/htdocs/admin/delais.php @@ -181,7 +181,7 @@ if ($action == 'update') { } } - dolibarr_set_const($db, "MAIN_DISABLE_METEO", $_POST["MAIN_DISABLE_METEO"], 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_DISABLE_METEO", GETPOST("MAIN_DISABLE_METEO"), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_USE_METEO_WITH_PERCENTAGE", GETPOST("MAIN_USE_METEO_WITH_PERCENTAGE"), 'chaine', 0, '', $conf->entity); // For update value with percentage diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index be9cc16f59e..9d05ad00377 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -788,7 +788,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) { $msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'
'; }*/ } - if (GETPOSTISSET("country") && ($_POST["country"] == '0') && ($id != 2)) { + if (GETPOSTISSET("country") && (GETPOST("country") == '0') && ($id != 2)) { if (in_array($tablib[$id], array('DictionaryCompanyType', 'DictionaryHolidayTypes'))) { // Field country is no mandatory for such dictionaries $_POST["country"] = ''; } else { @@ -796,25 +796,25 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) { setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities("Country")), null, 'errors'); } } - if (($id == 3 || $id == 42) && !is_numeric($_POST["code"])) { + if (($id == 3 || $id == 42) && !is_numeric(GETPOST("code"))) { $ok = 0; setEventMessages($langs->transnoentities("ErrorFieldMustBeANumeric", $langs->transnoentities("Code")), null, 'errors'); } // Clean some parameters - if ((!empty($_POST["localtax1_type"]) || ($_POST['localtax1_type'] == '0')) && empty($_POST["localtax1"])) { + if ((GETPOST("localtax1_type") || (GETPOST('localtax1_type') == '0')) && !GETPOST("localtax1")) { $_POST["localtax1"] = '0'; // If empty, we force to 0 } - if ((!empty($_POST["localtax2_type"]) || ($_POST['localtax2_type'] == '0')) && empty($_POST["localtax2"])) { + if ((GETPOST("localtax2_type") || (GETPOST('localtax2_type') == '0')) && !GETPOST("localtax2")) { $_POST["localtax2"] = '0'; // If empty, we force to 0 } - if ($_POST["accountancy_code"] <= 0) { + if (GETPOST("accountancy_code") <= 0) { $_POST["accountancy_code"] = ''; // If empty, we force to null } - if ($_POST["accountancy_code_sell"] <= 0) { + if (GETPOST("accountancy_code_sell") <= 0) { $_POST["accountancy_code_sell"] = ''; // If empty, we force to null } - if ($_POST["accountancy_code_buy"] <= 0) { + if (GETPOST("accountancy_code_buy") <= 0) { $_POST["accountancy_code_buy"] = ''; // If empty, we force to null } if ($id == 10 && GETPOSTISSET("code")) { // Spaces are not allowed into code for tax dictionary diff --git a/htdocs/admin/dolistore/ajax/index.html b/htdocs/admin/dolistore/ajax/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/admin/dolistore/ajax/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/admin/external_rss.php b/htdocs/admin/external_rss.php index bbb0f212707..0ef302765e8 100644 --- a/htdocs/admin/external_rss.php +++ b/htdocs/admin/external_rss.php @@ -41,7 +41,6 @@ if (!$user->admin) { accessforbidden(); } -$def = array(); $lastexternalrss = 0; $action = GETPOST('action', 'aZ09'); @@ -56,6 +55,7 @@ $sql .= " WHERE ".$db->decrypt('name')." LIKE 'EXTERNAL_RSS_URLRSS_%'"; //print $sql; $result = $db->query($sql); // We can't use SELECT MAX() because EXTERNAL_RSS_URLRSS_10 is lower than EXTERNAL_RSS_URLRSS_9 if ($result) { + $reg = array(); while ($obj = $db->fetch_object($result)) { preg_match('/([0-9]+)$/i', $obj->name, $reg); if ($reg[1] && $reg[1] > $lastexternalrss) { @@ -70,17 +70,17 @@ if ($action == 'add' || GETPOST("modify")) { $external_rss_title = "external_rss_title_".GETPOST("norss", 'int'); $external_rss_urlrss = "external_rss_urlrss_".GETPOST("norss", 'int'); - if (!empty($_POST[$external_rss_urlrss])) { + if (GETPOST($external_rss_urlrss, 'alpha')) { $boxlabel = '(ExternalRSSInformations)'; - //$external_rss_url = "external_rss_url_" . $_POST["norss"]; + //$external_rss_url = "external_rss_url_" . GETPOST("norss"); $db->begin(); - if ($_POST["modify"]) { + if (GETPOST("modify")) { // Supprime boite box_external_rss de definition des boites /* $sql = "UPDATE ".MAIN_DB_PREFIX."boxes_def"; $sql.= " SET name = '".$db->escape($boxlabel)."'"; - $sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape($_POST["norss"])." %'"; + $sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape(GETPOST("norss"))." %'"; $resql=$db->query($sql); if (! $resql) @@ -95,13 +95,17 @@ if ($action == 'add' || GETPOST("modify")) { $sql .= " VALUES ('box_external_rss.php','".$db->escape(GETPOST("norss", 'int').' ('.GETPOST($external_rss_title, 'alpha')).")')"; if (!$db->query($sql)) { dol_print_error($db); - $err++; + $error++; } + //print $sql;exit; } $result1 = dolibarr_set_const($db, "EXTERNAL_RSS_TITLE_".GETPOST("norss", 'int'), GETPOST($external_rss_title, 'alpha'), 'chaine', 0, '', $conf->entity); if ($result1) { - $result2 = dolibarr_set_const($db, "EXTERNAL_RSS_URLRSS_".GETPOST("norss", 'int'), GETPOST($external_rss_urlrss, 'alpha'), 'chaine', 0, '', $conf->entity); + $consttosave = "EXTERNAL_RSS_URLRSS_".GETPOST("norss", 'int'); + $urltosave = GETPOST($external_rss_urlrss, 'alpha'); + $result2 = dolibarr_set_const($db, $consttosave, $urltosave, 'chaine', 0, '', $conf->entity); + //var_dump($result2);exit; } if ($result1 && $result2) { @@ -115,7 +119,7 @@ if ($action == 'add' || GETPOST("modify")) { } } -if ($_POST["delete"]) { +if (GETPOST("delete")) { if (GETPOST("norss", 'int')) { $db->begin(); @@ -258,14 +262,14 @@ if ($resql) { print ''; - print "".$langs->trans("Title").""; - print "global->$keyrsstitle)."\">"; + print ''.$langs->trans("Title").""; + print ''; print ''."\n"; print ''; print "".$langs->trans("URL").""; - print "global->$keyrssurl)."\">"; + print ''; print ''."\n"; @@ -307,7 +311,7 @@ if ($resql) { // Active $active = _isInBoxList($idrss, $boxlist) ? 'yes' : 'no'; print ''; - print ''.$langs->trans('WidgetEnabled').''; + print ''.$langs->trans('WidgetAvailable').''; print ''.yn($active).''; print ''."\n"; diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index 81263cba82e..8b799c9c7de 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -96,7 +96,7 @@ if ($action == 'removebackgroundlogin' && !empty($conf->global->MAIN_LOGIN_BACKG if ($action == 'update') { dolibarr_set_const($db, "MAIN_LANG_DEFAULT", GETPOST("MAIN_LANG_DEFAULT", 'aZ09'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", (int) $conf->global->MAIN_IHM_PARAMS_REV + 1, 'chaine', 0, '', $conf->entity); - //dolibarr_set_const($db, "MAIN_MULTILANGS", $_POST["MAIN_MULTILANGS"], 'chaine', 0, '', $conf->entity); + //dolibarr_set_const($db, "MAIN_MULTILANGS", GETPOST("MAIN_MULTILANGS"), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_THEME", GETPOST("main_theme", 'aZ09'), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/mailman.php b/htdocs/admin/mailman.php index b3644036cff..15dcccdb000 100644 --- a/htdocs/admin/mailman.php +++ b/htdocs/admin/mailman.php @@ -46,21 +46,27 @@ $action = GETPOST('action', 'aZ09'); $testsubscribeemail = GETPOST("testsubscribeemail"); $testunsubscribeemail = GETPOST("testunsubscribeemail"); +$error = 0; + + /* * Actions */ // Action updated or added a constant if ($action == 'update' || $action == 'add') { - foreach ($_POST['constname'] as $key => $val) { - $constname = $_POST["constname"][$key]; - $constvalue = $_POST["constvalue"][$key]; - $consttype = $_POST["consttype"][$key]; - $constnote = $_POST["constnote"][$key]; - $res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity); + $tmparray = GETPOST('constname', 'array'); + if (is_array($tmparray)) { + foreach ($tmparray as $key => $val) { + $constname = $tmparray[$key]; + $constvalue = $tmparray[$key]; + $consttype = $tmparray[$key]; + $constnote = $tmparray[$key]; + $res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity); - if (!($res > 0)) { - $error++; + if (!($res > 0)) { + $error++; + } } } diff --git a/htdocs/admin/mails_emailing.php b/htdocs/admin/mails_emailing.php index cb5df373645..511f5dde698 100644 --- a/htdocs/admin/mails_emailing.php +++ b/htdocs/admin/mails_emailing.php @@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors')); $action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel', 'alpha'); if (!$user->admin) { accessforbidden(); @@ -59,7 +60,7 @@ complete_substitutions_array($substitutionarrayfortest, $langs); * Actions */ -if ($action == 'update' && empty($_POST["cancel"])) { +if ($action == 'update' && !$cancel) { // Send mode parameters dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_EMAILING", GETPOST("MAIN_MAIL_SENDMODE_EMAILING"), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_EMAILING", GETPOST("MAIN_MAIL_SMTP_PORT_EMAILING"), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/mails_ticket.php b/htdocs/admin/mails_ticket.php index 14960db11d7..939273c1da2 100644 --- a/htdocs/admin/mails_ticket.php +++ b/htdocs/admin/mails_ticket.php @@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors')); $action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel', 'alpha'); $usersignature = $user->signature; // For action = test or send, we ensure that content is not html, even for signature, because this we want a test with NO html. @@ -59,7 +60,7 @@ if (!$user->admin) { * Actions */ -if ($action == 'update' && empty($_POST["cancel"])) { +if ($action == 'update' && !$cancel) { // Send mode parameters dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_TICKET", GETPOST("MAIN_MAIL_SENDMODE_TICKET"), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_TICKET", GETPOST("MAIN_MAIL_SMTP_PORT_TICKET"), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 8945daa23f8..2e84efbfb06 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -333,8 +333,8 @@ if ($action == 'create') { } else { print ''; } print ''.$langs->trans('DetailType').''; diff --git a/htdocs/admin/multicurrency.php b/htdocs/admin/multicurrency.php index be4de854099..3a479480812 100644 --- a/htdocs/admin/multicurrency.php +++ b/htdocs/admin/multicurrency.php @@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/multicurrency/class/multicurrency.class.php'; $langs->loadLangs(array('admin', 'multicurrency')); // Access control -if (!$user->admin) { +if (!$user->admin || empty($conf->multicurrency->enabled)) { accessforbidden(); } @@ -45,7 +45,7 @@ $action = GETPOST('action', 'aZ09'); * Actions */ - +$reg = array(); if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) { $code = $reg[1]; $value = GETPOST($code, 'alpha'); diff --git a/htdocs/admin/sms.php b/htdocs/admin/sms.php index d2cf26a0c9a..9ddbc3361c8 100644 --- a/htdocs/admin/sms.php +++ b/htdocs/admin/sms.php @@ -66,7 +66,7 @@ if ($action == 'send' && !$_POST['cancel']) { $error = 0; $smsfrom = ''; - if (!empty($_POST["fromsms"])) { + if (GETPOST("fromsms", 'alphanohtml')) { $smsfrom = GETPOST("fromsms", 'alphanohtml'); } if (empty($smsfrom)) { diff --git a/htdocs/api/admin/explorer.php b/htdocs/api/admin/explorer.php deleted file mode 100644 index 53b9233c130..00000000000 --- a/htdocs/api/admin/explorer.php +++ /dev/null @@ -1,216 +0,0 @@ - - * Copyright (C) 2016 Laurent Destailleur - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - * @deprecated Old explorer. Not using Swagger. See instead explorer in htdocs/api/index.php. - */ - -/** - * \defgroup api Module DolibarrApi - * \brief API loader - * Search files htdocs//class/api_.class.php - * \file htdocs/api/admin/explorer.php - */ - -use Luracast\Restler\Routes; - -require_once '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/api/class/api.class.php'; -require_once DOL_DOCUMENT_ROOT.'/api/class/api_access.class.php'; - -// Load translation files required by the page -$langs->load("admin"); - - -/* - * View - */ - -// Enable and test if module Api is enabled -if (empty($conf->global->MAIN_MODULE_API)) { - dol_syslog("Call Dolibarr API interfaces with module REST disabled"); - print $langs->trans("WarningModuleNotActive", 'Api').'.

'; - print $langs->trans("ToActivateModule"); - exit; -} - - -$api = new DolibarrApi($db); - -$api->r->addAPIClass('Luracast\\Restler\\Resources'); //this creates resources.json at API Root -$api->r->setSupportedFormats('JsonFormat', 'XmlFormat'); -$api->r->addAuthenticationClass('DolibarrApiAccess', ''); - -$listofapis = array(); - -$modulesdir = dolGetModulesDirs(); -foreach ($modulesdir as $dir) { - /* - * Search available module - */ - //dol_syslog("Scan directory ".$dir." for API modules"); - - $handle = @opendir(dol_osencode($dir)); - if (is_resource($handle)) { - while (($file = readdir($handle)) !== false) { - if (is_readable($dir.$file) && preg_match("/^(mod.*)\.class\.php$/i", $file, $reg)) { - $modulename = $reg[1]; - - // Defined if module is enabled - $enabled = true; - $module = $part = $obj = strtolower(preg_replace('/^mod/i', '', $modulename)); - //if ($part == 'propale') $part='propal'; - if ($module == 'societe') { - $obj = 'thirdparty'; - } - if ($module == 'categorie') { - $part = 'categories'; - $obj = 'category'; - } - if ($module == 'facture') { - $part = 'compta/facture'; - $obj = 'facture'; - } - if ($module == 'ficheinter') { - $obj = 'fichinter'; - $part = 'fichinter'; - $module = 'fichinter'; - } - - if (empty($conf->$module->enabled)) { - $enabled = false; - } - - if ($enabled) { - /* - * If exists, load the API class for enable module - * - * Search files named api_.class.php into /htdocs//class directory - * - * @todo : take care of externals module! - * @todo : use getElementProperties() function ? - */ - $dir_part = DOL_DOCUMENT_ROOT.'/'.$part.'/class/'; - - $handle_part = @opendir(dol_osencode($dir_part)); - if (is_resource($handle_part)) { - while (($file_searched = readdir($handle_part)) !== false) { - if (is_readable($dir_part.$file_searched) && preg_match("/^api_(.*)\.class\.php$/i", $file_searched, $reg)) { - $classname = ucwords($reg[1]); - require_once $dir_part.$file_searched; - if (class_exists($classname)) { - dol_syslog("Found API classname=".$classname." into ".$dir); - $listofapis[] = $classname; - } - } - - /* - if (is_readable($dir_part.$file_searched) && preg_match("/^(api_.*)\.class\.php$/i",$file_searched,$reg)) - { - $classname=$reg[1]; - $classname = str_replace('Api_','',ucwords($reg[1])).'Api'; - //$classname = str_replace('Api_','',ucwords($reg[1])); - $classname = ucfirst($classname); - require_once $dir_part.$file_searched; - - // if (class_exists($classname)) - // { - // dol_syslog("Found API classname=".$classname); - // $api->r->addAPIClass($classname,''); - - // require_once DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/Routes.php'; - // $tmpclass = new ReflectionClass($classname); - // try { - // $classMetadata = CommentParser::parse($tmpclass->getDocComment()); - // } catch (Exception $e) { - // throw new RestException(500, "Error while parsing comments of `$classname` class. " . $e->getMessage()); - // } - - // //$listofapis[]=array('classname'=>$classname, 'fullpath'=>$file_searched); - // } - }*/ - } - } - } - } - } - } -} - -//var_dump($listofapis); -$listofapis = Routes::toArray(); // @todo api for "status" is lost here -//var_dump($listofapis); - - -llxHeader(); - -$linkback = ''.$langs->trans("BackToModuleList").''; -print load_fiche_titre($langs->trans("ApiSetup"), $linkback, 'title_setup'); - -// Define $urlwithroot -$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); -$urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file -//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current - -// Show message -print '
'; -$message = ''; -$url = ''.$urlwithroot.'/api/index.php/login?login='.urlencode($user->login).'&password=yourpassword[&reset=1]'; -$message .= $langs->trans("UrlToGetKeyToUseAPIs").':
'; -$message .= img_picto('', 'globe').' '.$url; -print $message; -print '
'; -print '
'; - -$oldclass = ''; - -print $langs->trans("ListOfAvailableAPIs").':
'; -foreach ($listofapis['v1'] as $key => $val) { - if ($key == 'login') { - continue; - } - if ($key == 'index') { - continue; - } - - if ($key) { - foreach ($val as $method => $val2) { - $newclass = $val2['className']; - - if (preg_match('/restler/i', $newclass)) { - continue; - } - - if ($oldclass != $newclass) { - print "\n
\n".$langs->trans("Class").': '.$newclass.'
'."\n"; - $oldclass = $newclass; - } - //print $key.' - '.$val['classname'].' - '.$val['fullpath']." - ".DOL_MAIN_URL_ROOT.'/api/index.php/'.strtolower(preg_replace('/Api$/','',$val['classname']))."/xxx
\n"; - $url = $urlwithroot.'/api/index.php/'.$key; - $url .= '?api_key=token'; - print img_picto('', 'globe').' '.$method.' '.$url."
\n"; - } - } -} - -print '
'; -print '
'; -print $langs->trans("OnlyActiveElementsAreExposed", DOL_URL_ROOT.'/admin/modules.php'); - - -llxFooter(); -$db->close(); diff --git a/htdocs/api/admin/explorer_withredoc.php b/htdocs/api/admin/explorer_withredoc.php new file mode 100644 index 00000000000..45dd31d57c9 --- /dev/null +++ b/htdocs/api/admin/explorer_withredoc.php @@ -0,0 +1,87 @@ + + * Copyright (C) 2016 Laurent Destailleur + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * @deprecated Old explorer. Not using Swagger. See instead explorer in htdocs/api/index.php. + */ + +/** + * \defgroup api Module DolibarrApi + * \brief API explorer using the swagger.json file + * \file htdocs/api/admin/explorer_withredoc.php + */ + +require_once '../../main.inc.php'; + +// Enable and test if module Api is enabled +if (empty($conf->global->MAIN_MODULE_API)) { + $langs->load("admin"); + dol_syslog("Call of Dolibarr API interfaces with module API REST are disabled"); + print $langs->trans("WarningModuleNotActive", 'Api').'.

'; + print $langs->trans("ToActivateModule"); + //session_destroy(); + exit(0); +} + +// Test if explorer is not disabled +if (!empty($conf->global->API_EXPLORER_DISABLED)) { + $langs->load("admin"); + dol_syslog("Call Dolibarr API interfaces with module REST disabled"); + print $langs->trans("WarningAPIExplorerDisabled").'.

'; + //session_destroy(); + exit(0); +} + +// Restrict API to some IPs +if (!empty($conf->global->API_RESTRICT_ON_IP)) { + $allowedip = explode(' ', $conf->global->API_RESTRICT_ON_IP); + $ipremote = getUserRemoteIP(); + if (!in_array($ipremote, $allowedip)) { + dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->API_RESTRICT_ON_IP); + print 'APIs are not allowed from the IP '.$ipremote; + header('HTTP/1.1 503 API not allowed from your IP '.$ipremote); + //session_destroy(); + exit(0); + } +} + +?> + + + + ReDoc + + + + + + + + + + '> + + + + + diff --git a/htdocs/api/admin/index.php b/htdocs/api/admin/index.php index 3743d61b639..05f372a3486 100644 --- a/htdocs/api/admin/index.php +++ b/htdocs/api/admin/index.php @@ -141,7 +141,7 @@ $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domai $message = ''; $url = $urlwithroot.'/api/index.php/login?login=auserlogin&password=thepassword[&reset=1]'; $message .= ''.$langs->trans("UrlToGetKeyToUseAPIs").':
'; -$message .= img_picto('', 'globe').' '.$url; +$message .= '
'.img_picto('', 'globe').' '.$url.'
'; print $message; print '
'; print '
'; @@ -150,7 +150,11 @@ print '
'; print ''.$langs->trans("ApiExporerIs").':
'; if (dol_is_dir(DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/explorer')) { $url = DOL_MAIN_URL_ROOT.'/api/index.php/explorer'; - print img_picto('', 'globe').' '.$url."
\n"; + print '
'.img_picto('', 'globe').' '.$url."

\n"; + print '

'.$langs->trans("SwaggerDescriptionFile").':
'; + $urlswagger = DOL_MAIN_URL_ROOT.'/api/index.php/explorer/swagger.json?DOLAPIKEY=youruserapikey'; + print '
'.img_picto('', 'globe').' '.$urlswagger."

\n"; + print '
'; } else { $langs->load("errors"); print info_admin($langs->trans("ErrorNotAvailableWithThisDistribution"), 0, 0, 'error'); diff --git a/htdocs/api/index.php b/htdocs/api/index.php index bb74144a40d..89b5a696462 100644 --- a/htdocs/api/index.php +++ b/htdocs/api/index.php @@ -2,6 +2,7 @@ /* Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2016 Laurent Destailleur * Copyright (C) 2017 Regis Houssin + * Copyright (C) 2021 Alexis LAURIER * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -54,6 +55,12 @@ if (!empty($_SERVER['HTTP_DOLAPIENTITY'])) { define("DOLENTITY", (int) $_SERVER['HTTP_DOLAPIENTITY']); } +// When we request url to get the json file, we accept Cross site so we can include the descriptor into an external tool. +if (preg_match('/\/explorer\/swagger\.json/', $_SERVER["PHP_SELF"])) { + header('Access-Control-Allow-Origin: *'); + header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE'); + header('Access-Control-Allow-Headers: Content-Type, Authorization, api_key, DOLAPIKEY'); +} $res = 0; if (!$res && file_exists("../main.inc.php")) { @@ -88,7 +95,7 @@ if (!empty($conf->global->MAIN_NGINX_FIX)) { // Enable and test if module Api is enabled if (empty($conf->global->MAIN_MODULE_API)) { $langs->load("admin"); - dol_syslog("Call Dolibarr API interfaces with module REST disabled"); + dol_syslog("Call of Dolibarr API interfaces with module API REST are disabled"); print $langs->trans("WarningModuleNotActive", 'Api').'.

'; print $langs->trans("ToActivateModule"); //session_destroy(); @@ -307,12 +314,28 @@ if (!empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' && //var_dump($api->r->apiVersionMap); //exit; +// We do not want that restler output data if we use native compression (default behaviour) but we want to have it returned into a string. +Luracast\Restler\Defaults::$returnResponse = (empty($conf->global->API_DISABLE_COMPRESSION) && !empty($_SERVER['HTTP_ACCEPT_ENCODING'])); + // Call API (we suppose we found it). // The handle will use the file api/temp/routes.php to get data to run the API. If the file exists and the entry for API is not found, it will return 404. +$result = $api->r->handle(); -//Luracast\Restler\Defaults::$returnResponse = true; -//print $api->r->handle(); +if (Luracast\Restler\Defaults::$returnResponse) { + // We try to compress data + if (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'br') !== false && is_callable('brotli_compress')) { + header('Content-Encoding: br'); + $result = brotli_compress($result, 11, BROTLI_TEXT); + } elseif (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'bz') !== false && is_callable('bzcompress')) { + header('Content-Encoding: bz'); + $result = bzcompress($result, 9); + } elseif (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false && is_callable('gzencode')) { + header('Content-Encoding: gzip'); + $result = gzencode($result, 9); + } -$api->r->handle(); + // Restler did not output data yet, we return it now + echo $result; +} //session_destroy(); diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index ffd1673ac63..950cce19420 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -53,7 +53,7 @@ function printDropdownBookmarksList() if (is_array($_POST)) { foreach ($_POST as $key => $val) { if (preg_match('/^search_/', $key) && $val != '') { - $tmpurl .= ($tmpurl ? '&' : '').$key.'='.$val; + $tmpurl .= ($tmpurl ? '&' : '').http_build_query(array($key => $val)); } } } diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 880b0cc69df..94a1b89de8f 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -1520,7 +1520,6 @@ class Categorie extends CommonObject return $cats; } - /** * Returns categories whose id or name match * add wildcards in the name unless $exact = true @@ -1555,7 +1554,7 @@ class Categorie extends CommonObject $sql .= " AND entity IN (".getEntity('category').")"; if ($nom) { if (!$exact) { - $nom = '%'.str_replace('*', '%', $nom).'%'; + $nom = '%'.$this->db->escape(str_replace('*', '%', $nom)).'%'; } if (!$case) { $sql .= " AND label LIKE '".$this->db->escape($nom)."'"; @@ -1564,7 +1563,7 @@ class Categorie extends CommonObject } } if ($id) { - $sql .= " AND rowid = '".$id."'"; + $sql .= " AND rowid = ".((int) $id); } $res = $this->db->query($sql); diff --git a/htdocs/categories/edit.php b/htdocs/categories/edit.php index 176b39ca008..91d32736cbc 100644 --- a/htdocs/categories/edit.php +++ b/htdocs/categories/edit.php @@ -99,7 +99,6 @@ if ($action == 'update' && $user->rights->categorie->creer) { $object->visible = $visible; $object->fk_parent = $parent != -1 ? $parent : 0; - if (empty($object->label)) { $error++; $action = 'edit'; diff --git a/htdocs/categories/index.php b/htdocs/categories/index.php index 6ca392aef47..a23dee4fbb9 100644 --- a/htdocs/categories/index.php +++ b/htdocs/categories/index.php @@ -116,15 +116,15 @@ if (empty($nosearch)) { print ''.$langs->trans("FoundCats").''; foreach ($cats as $cat) { - $color = $categstatic->color ? ' style="background: #'.sprintf("%06s", $categstatic->color).';"' : ' style="background: #bbb"'; - - print "\t".''."\n"; - print "\t\t"; $categstatic->id = $cat->id; $categstatic->ref = $cat->label; $categstatic->label = $cat->label; $categstatic->type = $cat->type; $categstatic->color = $cat->color; + $color = $categstatic->color ? ' style="background: #'.sprintf("%06s", $categstatic->color).';"' : ' style="background: #bbb"'; + + print "\t".''."\n"; + print "\t\t"; print ''; print $categstatic->getNomUrl(1, ''); print ''; diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index e30067e8815..5fb1c85dd40 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -66,7 +66,7 @@ $upload_dir = $conf->categorie->multidir_output[$object->entity]; * Actions */ -if (isset($_FILES['userfile']) && $_FILES['userfile']['size'] > 0 && $_POST["sendit"] && !empty($conf->global->MAIN_UPLOAD_DOC)) { +if (isset($_FILES['userfile']) && $_FILES['userfile']['size'] > 0 && GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) { if ($object->id) { $file = $_FILES['userfile']; if (is_array($file['name']) && count($file['name']) > 0) { diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index c70bfb7fe91..8039241a899 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -162,7 +162,7 @@ if (empty($reshook)) { // set accountancy code if ($action == 'setcustomeraccountancycode') { $result = $object->fetch($id); - $object->code_compta = $_POST["customeraccountancycode"]; + $object->code_compta = GETPOST("customeraccountancycode"); $result = $object->update($object->id, $user, 1, 1, 0); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/comm/mailing/advtargetemailing.php b/htdocs/comm/mailing/advtargetemailing.php index 8d57a9ee6a0..4b60fdd3464 100644 --- a/htdocs/comm/mailing/advtargetemailing.php +++ b/htdocs/comm/mailing/advtargetemailing.php @@ -397,7 +397,7 @@ if ($action == 'delete') { } } -if ($_POST["button_removefilter"]) { +if (GETPOST("button_removefilter")) { $search_nom = ''; $search_prenom = ''; $search_email = ''; diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index e0a9138244d..3fc50d03eaf 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -46,6 +46,7 @@ if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AU $id = (GETPOST('mailid', 'int') ? GETPOST('mailid', 'int') : GETPOST('id', 'int')); $action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel'); $confirm = GETPOST('confirm', 'alpha'); $urlfrom = GETPOST('urlfrom'); @@ -393,12 +394,12 @@ if (empty($reshook)) { } // Action send test emailing - if ($action == 'send' && empty($_POST["cancel"])) { + if ($action == 'send' && ! $cancel) { $error = 0; $upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing'); - $object->sendto = $_POST["sendto"]; + $object->sendto = GETPOST("sendto", 'alphawithlgt'); if (!$object->sendto) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("MailTo")), null, 'errors'); $error++; @@ -537,7 +538,7 @@ if (empty($reshook)) { } // Action of file remove - if (!empty($_POST["removedfile"])) { + if (GETPOST("removedfile")) { $upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing'); require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; @@ -548,7 +549,7 @@ if (empty($reshook)) { } // Action of emailing update - if ($action == 'update' && empty($_POST["removedfile"]) && empty($_POST["cancel"])) { + if ($action == 'update' && !GETPOST("removedfile") && !$cancel) { require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $isupload = 0; @@ -643,7 +644,7 @@ if (empty($reshook)) { } } - if (!empty($_POST["cancel"])) { + if ($cancel) { $action = ''; } } diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php index 2f5e146843b..f1638e9dc37 100644 --- a/htdocs/comm/multiprix.php +++ b/htdocs/comm/multiprix.php @@ -30,6 +30,9 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; // Load translation files required by the page $langs->loadLangs(array('orders', 'companies')); +$action = GETPOST('action', 'alpha'); +$cancel = GETPOST('cancel', 'alpha'); + $id = GETPOST('id', 'int'); $_socid = GETPOST("id", 'int'); // Security check @@ -42,10 +45,10 @@ if ($user->socid > 0) { * Actions */ -if ($_POST["action"] == 'setpricelevel') { +if ($action == 'setpricelevel') { $soc = new Societe($db); $soc->fetch($id); - $soc->set_price_level($_POST["price_level"], $user); + $soc->set_price_level(GETPOST("price_level"), $user); header("Location: multiprix.php?id=".$id); exit; diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index c8c94e7e95a..cecb4fff28a 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -775,9 +775,9 @@ if (empty($reshook)) { $object->generateDocument($object->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref); } } elseif ($action == "setabsolutediscount" && $usercancreate) { - if ($_POST["remise_id"]) { + if (GETPOST("remise_id", "int")) { if ($object->id > 0) { - $result = $object->insert_discount($_POST["remise_id"]); + $result = $object->insert_discount(GETPOST("remise_id", "int")); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index f07b38045f2..22121fa7664 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -245,7 +245,7 @@ if ((GETPOST('confirm_savestatement', 'alpha') || GETPOST('confirm_reconcile', ' foreach ($rowids as $row) { if ($row > 0) { $result = $bankline->fetch($row); - $bankline->num_releve = $num_releve; //$_POST["num_releve"]; + $bankline->num_releve = $num_releve; // GETPOST("num_releve"); $result = $bankline->update_conciliation($user, GETPOST("cat"), GETPOST('confirm_reconcile', 'alpha') ? 1 : 0); // If we confirm_reconcile, we set flag 'rappro' to 1. if ($result < 0) { setEventMessages($bankline->error, $bankline->errors, 'errors'); diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index bf74035d553..33d4bc37aed 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -87,18 +87,18 @@ if ($action == 'add') { $object->ref = dol_string_nospecial(trim(GETPOST('ref', 'alpha'))); $object->label = trim(GETPOST("label", 'alphanohtml')); - $object->courant = $_POST["type"]; - $object->clos = $_POST["clos"]; + $object->courant = GETPOST("type"); + $object->clos = GETPOST("clos"); $object->rappro = (GETPOST("norappro", 'alpha') ? 0 : 1); $object->url = trim(GETPOST("url", 'alpha')); - $object->bank = trim($_POST["bank"]); - $object->code_banque = trim($_POST["code_banque"]); - $object->code_guichet = trim($_POST["code_guichet"]); - $object->number = trim($_POST["number"]); - $object->cle_rib = trim($_POST["cle_rib"]); - $object->bic = trim($_POST["bic"]); - $object->iban = trim($_POST["iban"]); + $object->bank = trim(GETPOST("bank")); + $object->code_banque = trim(GETPOST("code_banque")); + $object->code_guichet = trim(GETPOST("code_guichet")); + $object->number = trim(GETPOST("number")); + $object->cle_rib = trim(GETPOST("cle_rib")); + $object->bic = trim(GETPOST("bic")); + $object->iban = trim(GETPOST("iban")); $object->domiciliation = trim(GETPOST("domiciliation", "nohtml")); $object->proprio = trim(GETPOST("proprio", 'alphanohtml')); @@ -120,10 +120,10 @@ if ($action == 'add') { $object->fk_accountancy_journal = $fk_accountancy_journal; } - $object->solde = $_POST["solde"]; + $object->solde = price2num(GETPOST("solde")); $object->date_solde = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST('reday', 'int'), GETPOST("reyear", 'int')); - $object->currency_code = trim($_POST["account_currency_code"]); + $object->currency_code = trim(GETPOST("account_currency_code")); $object->state_id = GETPOST("account_state_id", 'int'); $object->country_id = GETPOST("account_country_id", 'int'); @@ -187,18 +187,18 @@ if ($action == 'update') { $object->ref = dol_string_nospecial(trim(GETPOST('ref', 'alpha'))); $object->label = trim(GETPOST("label", 'alphanohtml')); - $object->courant = $_POST["type"]; - $object->clos = $_POST["clos"]; + $object->courant = GETPOST("type"); + $object->clos = GETPOST("clos"); $object->rappro = (GETPOST("norappro", 'alpha') ? 0 : 1); $object->url = trim(GETPOST("url", 'alpha')); - $object->bank = trim($_POST["bank"]); - $object->code_banque = trim($_POST["code_banque"]); - $object->code_guichet = trim($_POST["code_guichet"]); - $object->number = trim($_POST["number"]); - $object->cle_rib = trim($_POST["cle_rib"]); - $object->bic = trim($_POST["bic"]); - $object->iban = trim($_POST["iban"]); + $object->bank = trim(GETPOST("bank")); + $object->code_banque = trim(GETPOST("code_banque")); + $object->code_guichet = trim(GETPOST("code_guichet")); + $object->number = trim(GETPOST("number")); + $object->cle_rib = trim(GETPOST("cle_rib")); + $object->bic = trim(GETPOST("bic")); + $object->iban = trim(GETPOST("iban")); $object->domiciliation = trim(GETPOST("domiciliation", "nohtml")); $object->proprio = trim(GETPOST("proprio", 'alphanohtml')); @@ -220,7 +220,7 @@ if ($action == 'update') { $object->fk_accountancy_journal = $fk_accountancy_journal; } - $object->currency_code = trim($_POST["account_currency_code"]); + $object->currency_code = trim(GETPOST("account_currency_code")); $object->state_id = GETPOST("account_state_id", 'int'); $object->country_id = GETPOST("account_country_id", 'int'); @@ -274,7 +274,7 @@ if ($action == 'update') { } } -if ($action == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->banque->configurer) { +if ($action == 'confirm_delete' && GETPOST("confirm") == "yes" && $user->rights->banque->configurer) { // Delete $object = new Account($db); $object->fetch(GETPOST("id", "int")); @@ -462,7 +462,8 @@ if ($action == 'create') { print ''; print '
'; - if ($_POST["type"] == Account::TYPE_SAVINGS || $_POST["type"] == Account::TYPE_CURRENT) { + $type = GETPOST('type'); + if ($type == Account::TYPE_SAVINGS || $type == Account::TYPE_CURRENT) { print ''; // If bank account @@ -988,7 +989,7 @@ if ($action == 'create') { print '
'; - if ($_POST["type"] == Account::TYPE_SAVINGS || $_POST["type"] == Account::TYPE_CURRENT) { + if (GETPOST("type") == Account::TYPE_SAVINGS || GETPOST("type") == Account::TYPE_CURRENT) { print '
'; //print '
'; diff --git a/htdocs/compta/bank/line.php b/htdocs/compta/bank/line.php index 410e3a82bea..292a61e8bc6 100644 --- a/htdocs/compta/bank/line.php +++ b/htdocs/compta/bank/line.php @@ -140,9 +140,9 @@ if ($user->rights->banque->modifier && $action == "update") { if (!$error) { $db->begin(); - $amount = price2num($_POST['amount']); - $dateop = dol_mktime(12, 0, 0, $_POST["dateomonth"], $_POST["dateoday"], $_POST["dateoyear"]); - $dateval = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]); + $amount = price2num(GETPOST('amount')); + $dateop = dol_mktime(12, 0, 0, GETPOST("dateomonth"), GETPOST("dateoday"), GETPOST("dateoyear")); + $dateval = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear")); $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; $sql .= " SET "; // Always opened @@ -212,8 +212,8 @@ if ($user->rights->banque->modifier && $action == "update") { // Reconcile if ($user->rights->banque->consolidate && ($action == 'num_releve' || $action == 'setreconcile')) { - $num_rel = trim($_POST["num_rel"]); - $rappro = $_POST['reconciled'] ? 1 : 0; + $num_rel = trim(GETPOST("num_rel")); + $rappro = GETPOST('reconciled') ? 1 : 0; // Check parameters if ($rappro && empty($num_rel)) { diff --git a/htdocs/compta/charges/index.php b/htdocs/compta/charges/index.php index 2661678d411..b238e47c50e 100644 --- a/htdocs/compta/charges/index.php +++ b/htdocs/compta/charges/index.php @@ -30,6 +30,7 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/tva.class.php'; +require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/paymentvat.class.php'; require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/chargesociales.class.php'; require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/paymentsocialcontribution.class.php'; require_once DOL_DOCUMENT_ROOT.'/salaries/class/salary.class.php'; @@ -83,6 +84,7 @@ if (!$sortorder) { */ $tva_static = new Tva($db); +$ptva_static = new PaymentVat($db); $socialcontrib = new ChargeSociales($db); $payment_sc_static = new PaymentSocialContribution($db); $sal_static = new Salary($db); @@ -132,7 +134,7 @@ print "
"; if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { // Social contributions only - print load_fiche_titre($langs->trans("SocialContributionsPayments").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', ''); + print load_fiche_titre($langs->trans("SocialContributions").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', ''); print ''; print ''; @@ -269,22 +271,23 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { $tva = new Tva($db); - print load_fiche_titre($langs->trans("VATPayments").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', ''); + print load_fiche_titre($langs->trans("VATDeclarations").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', ''); - $sql = "SELECT pv.rowid, pv.amount, pv.label, pv.datev as dm, pv.fk_bank,"; + $sql = "SELECT ptva.rowid, pv.rowid as id_tva, pv.amount as amount_tva, ptva.amount, pv.label, pv.datev as dm, ptva.datep as date_payment, ptva.fk_bank,"; $sql .= " pct.code as payment_code,"; $sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel"; $sql .= " FROM ".MAIN_DB_PREFIX."tva as pv"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON pv.fk_bank = b.rowid"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."payment_vat as ptva ON (ptva.fk_tva = pv.rowid)"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON (ptva.fk_bank = b.rowid)"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.rowid"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pct ON pv.fk_typepayment = pct.id"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pct ON ptva.fk_typepaiement = pct.id"; $sql .= " WHERE pv.entity IN (".getEntity("tax").")"; if ($year > 0) { // Si period renseignee on l'utilise comme critere de date, sinon on prend date echeance, // ceci afin d'etre compatible avec les cas ou la periode n'etait pas obligatoire $sql .= " AND pv.datev between '".$db->idate(dol_get_first_day($year, 1, false))."' AND '".$db->idate(dol_get_last_day($year, 12, false))."'"; } - if (preg_match('/^pv\./', $sortfield)) { + if (preg_match('/^pv\./', $sortfield) || preg_match('/^ptva\./', $sortfield)) { $sql .= $db->order($sortfield, $sortorder); } @@ -298,13 +301,13 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "pv.datev", "", $param, 'width="140px"', $sortfield, $sortorder); print_liste_field_titre("Label", $_SERVER["PHP_SELF"], "pv.label", "", $param, '', $sortfield, $sortorder); print_liste_field_titre("ExpectedToPay", $_SERVER["PHP_SELF"], "pv.amount", "", $param, 'class="right"', $sortfield, $sortorder); - print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "pv.rowid", "", $param, '', $sortfield, $sortorder); - print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "pv.datev", "", $param, 'align="center"', $sortfield, $sortorder); + print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "ptva.rowid", "", $param, '', $sortfield, $sortorder); + print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "ptva.datep", "", $param, 'align="center"', $sortfield, $sortorder); print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder); if (!empty($conf->banque->enabled)) { print_liste_field_titre("Account", $_SERVER["PHP_SELF"], "ba.label", "", $param, "", $sortfield, $sortorder); } - print_liste_field_titre("PayedByThisPayment", $_SERVER["PHP_SELF"], "pv.amount", "", $param, 'class="right"', $sortfield, $sortorder); + print_liste_field_titre("PayedByThisPayment", $_SERVER["PHP_SELF"], "ptva.amount", "", $param, 'class="right"', $sortfield, $sortorder); print "\n"; $var = 1; while ($i < $num) { @@ -316,17 +319,19 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { print ''; print ''."\n"; - print "\n"; + $tva_static->id = $obj->id_tva; + $tva_static->ref = $obj->label; + print "\n"; - print '"; + print '"; // Ref payment - $tva_static->id = $obj->rowid; - $tva_static->ref = $obj->rowid; - print '\n"; + $ptva_static->id = $obj->rowid; + $ptva_static->ref = $obj->rowid; + print '\n"; // Date - print '\n"; + print '\n"; // Type payment print ''; - print ''; + print ''; print ''; print ''; print ''; @@ -440,9 +445,9 @@ while ($j < $numlt) { print '"; // Ref payment - $tva_static->id = $obj->rowid; - $tva_static->ref = $obj->rowid; - print '\n"; + $ptva_static->id = $obj->rowid; + $ptva_static->ref = $obj->rowid; + print '\n"; print '\n"; print '"; diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 1afa9347f67..c3544ba214e 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -5367,9 +5367,11 @@ class FactureLigne extends CommonInvoiceLine return -1; } - // if buy price not defined, define buyprice as configured in margin admin + // if buy price not provided, define buyprice as configured in margin admin if ($this->pa_ht == 0 && $pa_ht_isemptystring) { - if (($result = $this->defineBuyPrice($this->subprice, $this->remise_percent, $this->fk_product)) < 0) { + // We call defineBuyPrice only if data was not provided (if input was '0', we will not go here and value will remaine '0') + $result = $this->defineBuyPrice($this->subprice, $this->remise_percent, $this->fk_product); + if ($result < 0) { return $result; } else { $this->pa_ht = $result; @@ -5410,7 +5412,7 @@ class FactureLigne extends CommonInvoiceLine $sql .= ", total_localtax2=".price2num($this->total_localtax2); } $sql .= ", fk_product_fournisseur_price=".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null"); - $sql .= ", buy_price_ht='".price2num($this->pa_ht)."'"; + $sql .= ", buy_price_ht=".(($this->pa_ht || $this->pa_ht === 0 || $this->pa_ht === '0') ? price2num($this->pa_ht) : "null"); // $this->pa_ht should always be defined (set to 0 or to sell price depending on option) $sql .= ", fk_parent_line=".($this->fk_parent_line > 0 ? $this->fk_parent_line : "null"); if (!empty($this->rang)) { $sql .= ", rang=".$this->rang; diff --git a/htdocs/compta/localtax/card.php b/htdocs/compta/localtax/card.php index d4091a6df90..451007932d7 100644 --- a/htdocs/compta/localtax/card.php +++ b/htdocs/compta/localtax/card.php @@ -33,6 +33,8 @@ $langs->loadLangs(array('compta', 'banks', 'bills')); $id = GETPOST("id", 'int'); $action = GETPOST("action", "alpha"); +$cancel = GETPOST('cancel'); + $refund = GETPOST("refund", "int"); if (empty($refund)) { $refund = 0; @@ -57,18 +59,18 @@ $hookmanager->initHooks(array('localtaxvatcard', 'globalcard')); * Actions */ -if ($_POST["cancel"] == $langs->trans("Cancel") && !$id) { +if ($cancel && !$id) { header("Location: list.php?localTaxType=".$lttype); exit; } -if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) { +if ($action == 'add' && $cancel) { $db->begin(); - $datev = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]); - $datep = dol_mktime(12, 0, 0, $_POST["datepmonth"], $_POST["datepday"], $_POST["datepyear"]); + $datev = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear")); + $datep = dol_mktime(12, 0, 0, GETPOST("datepmonth"), GETPOST("datepday"), GETPOST("datepyear")); - $object->accountid = GETPOST("accountid"); + $object->accountid = GETPOST("accountid", 'int'); $object->paymenttype = GETPOST("paiementtype"); $object->datev = $datev; $object->datep = $datep; @@ -165,14 +167,14 @@ if ($action == 'create') { print ''; // Label - print ''; + print ''; // Amount print ''; if (!empty($conf->banque->enabled)) { print ''; print ''; else print '';*/ print ''; print ''; print ''; if ($usertoprocess->id == $user->id) print ''; else print '';*/ -print ''; print ''; diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php index 028bb97726c..b6cd2c04f10 100644 --- a/htdocs/projet/activity/perweek.php +++ b/htdocs/projet/activity/perweek.php @@ -657,9 +657,11 @@ if (!empty($arrayfields['t.progress']['checked'])) { /*print ''; if ($usertoprocess->id == $user->id) print ''; else print '';*/ -print ''; print ''; diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 3999e448730..916f23eb056 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -52,7 +52,7 @@ $status = GETPOST('status', 'int'); $opp_status = GETPOST('opp_status', 'int'); $opp_percent = price2num(GETPOST('opp_percent', 'alpha')); -if ($id == '' && $ref == '' && ($action != "create" && $action != "add" && $action != "update" && !$_POST["cancel"])) { +if ($id == '' && $ref == '' && ($action != "create" && $action != "add" && $action != "update" && !GETPOST("cancel"))) { accessforbidden(); } @@ -224,12 +224,10 @@ if (empty($reshook)) { if (empty($ref)) { $error++; - //$_GET["id"]=$_POST["id"]; // We return on the project card setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Ref")), null, 'errors'); } - if (empty($_POST["title"])) { + if (!GETPOST("title")) { $error++; - //$_GET["id"]=$_POST["id"]; // We return on the project card setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("ProjectLabel")), null, 'errors'); } @@ -512,7 +510,7 @@ if ($action == 'create' && $user->rights->projet->creer) { } // Ref - $suggestedref = ($_POST["ref"] ? $_POST["ref"] : $defaultref); + $suggestedref = (GETPOST("ref") ? GETPOST("ref") : $defaultref); print ''; diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index cb2f92c34a4..df4a94b6dfd 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -297,7 +297,7 @@ if ($action == 'createtask' && $user->rights->projet->creer) { $taskid = $task->create($user); if ($taskid > 0) { - $result = $task->add_contact($_POST["userid"], 'TASKEXECUTIVE', 'internal'); + $result = $task->add_contact(GETPOST("userid", 'int'), 'TASKEXECUTIVE', 'internal'); } else { if ($db->lasterrno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') { $langs->load("projects"); diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 6ec9f7d3126..0f6b67a0482 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -73,14 +73,14 @@ if ($reshook < 0) { * Actions */ -if ($action == 'update' && !$_POST["cancel"] && $user->rights->projet->creer) { +if ($action == 'update' && !GETPOST("cancel") && $user->rights->projet->creer) { $error = 0; if (empty($taskref)) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Ref")), null, 'errors'); } - if (empty($_POST["label"])) { + if (!GETPOST("label")) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")), null, 'errors'); } diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 883fe737e56..2fb226b5eb2 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -158,7 +158,7 @@ if ($action == 'addtimespent' && $user->rights->projet->lire) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv("Duration")), null, 'errors'); $error++; } - if (empty($_POST["userid"])) { + if (!GETPOST("userid", 'int')) { $langs->load("errors"); setEventMessages($langs->trans('ErrorUserNotAssignedToTask'), null, 'errors'); $error++; @@ -185,19 +185,19 @@ if ($action == 'addtimespent' && $user->rights->projet->lire) { $action = 'createtime'; $error++; } else { - $object->timespent_note = $_POST["timespent_note"]; + $object->timespent_note = GETPOST("timespent_note"); if (GETPOST('progress', 'int') > 0) { $object->progress = GETPOST('progress', 'int'); // If progress is -1 (not defined), we do not change value } - $object->timespent_duration = $_POST["timespent_durationhour"] * 60 * 60; // We store duration in seconds - $object->timespent_duration += ($_POST["timespent_durationmin"] ? $_POST["timespent_durationmin"] : 0) * 60; // We store duration in seconds + $object->timespent_duration = GETPOST("timespent_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOST("timespent_durationmin") ? GETPOST("timespent_durationmin") : 0) * 60; // We store duration in seconds if (GETPOST("timehour") != '' && GETPOST("timehour") >= 0) { // If hour was entered $object->timespent_date = dol_mktime(GETPOST("timehour"), GETPOST("timemin"), 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear")); $object->timespent_withhour = 1; } else { $object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear")); } - $object->timespent_fk_user = $_POST["userid"]; + $object->timespent_fk_user = GETPOST("userid", 'int'); $result = $object->addTimeSpent($user); if ($result >= 0) { setEventMessages($langs->trans("RecordSaved"), null, 'mesgs'); @@ -233,17 +233,17 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us $result = $object->delTimeSpent($user); $object->fetch($id, $ref); - $object->timespent_note = $_POST["timespent_note_line"]; - $object->timespent_old_duration = $_POST["old_duration"]; - $object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds - $object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds + $object->timespent_note = GETPOST("timespent_note_line"); + $object->timespent_old_duration = GETPOST("old_duration"); + $object->timespent_duration = GETPOST("new_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOST("new_durationmin") ? GETPOST("new_durationmin") : 0) * 60; // We store duration in seconds if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) { // If hour was entered $object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); $object->timespent_withhour = 1; } else { $object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); } - $object->timespent_fk_user = $_POST["userid_line"]; + $object->timespent_fk_user = GETPOST("userid_line", 'int'); $result = $object->addTimeSpent($user); if ($result >= 0) { setEventMessages($langs->trans("RecordSaved"), null, 'mesgs'); @@ -255,18 +255,18 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us $object->fetch($id, $ref); // TODO Check that ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids)) - $object->timespent_id = $_POST["lineid"]; - $object->timespent_note = $_POST["timespent_note_line"]; - $object->timespent_old_duration = $_POST["old_duration"]; - $object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds - $object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds + $object->timespent_id = GETPOST("lineid", 'int'); + $object->timespent_note = GETPOST("timespent_note_line"); + $object->timespent_old_duration = GETPOST("old_duration"); + $object->timespent_duration = GETPOST("new_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOST("new_durationmin") ? GETPOST("new_durationmin") : 0) * 60; // We store duration in seconds if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) { // If hour was entered $object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); $object->timespent_withhour = 1; } else { $object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); } - $object->timespent_fk_user = $_POST["userid_line"]; + $object->timespent_fk_user = GETPOST("userid_line", 'int'); $result = $object->updateTimeSpent($user); if ($result >= 0) { @@ -1141,7 +1141,6 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0) { // Date print ''; diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index 90dab0379ff..5f5446ae3f1 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -203,7 +203,6 @@ if ($testmodifier) { //var_dump($_POST);exit; $nouveauchoix = ''; for ($i = 0; $i < $nbcolonnes; $i++) { - //var_dump($_POST["choix$i"]); if (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '1') { $nouveauchoix .= "1"; } elseif (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '2') { @@ -217,7 +216,7 @@ if ($testmodifier) { accessforbidden('', 0, 0, 1); } - $idtomodify = $_POST["idtomodify".$modifier]; + $idtomodify = GETPOST("idtomodify".$modifier); $sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_user_studs"; $sql .= " SET reponses = '".$db->escape($nouveauchoix)."'"; $sql .= " WHERE id_users = '".$db->escape($idtomodify)."'"; diff --git a/htdocs/public/project/new.php b/htdocs/public/project/new.php index f25843f69e4..048df9c41b3 100644 --- a/htdocs/public/project/new.php +++ b/htdocs/public/project/new.php @@ -223,11 +223,11 @@ if (empty($reshook) && $action == 'add') { $error++; $errmsg .= $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv('Nature'))."
\n"; } - if (empty($_POST["lastname"])) { + if (!GETPOST("lastname")) { $error++; $errmsg .= $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Lastname"))."
\n"; } - if (empty($_POST["firstname"])) { + if (!GETPOST("firstname")) { $error++; $errmsg .= $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Firstname"))."
\n"; } diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 83701e59e40..bbfccb3b945 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -317,11 +317,16 @@ if (empty($reshook)) { //var_dump($_POST);exit; for ($i = 1; $i <= $num; $i++) { $lineToTest = ''; + $lineId = GETPOST($idl, 'int'); foreach ($objectsrc->lines as $linesrc) { - if ($linesrc->id == GETPOST($idl, 'int')) { + if ($linesrc->id == $lineId) { $lineToTest = $linesrc; + break; } } + if (empty($lineToTest)) { + continue; + } $qty = "qtyl".$i; $comment = "comment".$i; $eatby = "dlc".$i; @@ -340,7 +345,7 @@ if (empty($reshook)) { if ($entrepot_id < 0) { $entrepot_id = ''; } - if (!($linesrc->fk_product > 0) && empty($conf->global->STOCK_SUPPORTS_SERVICES)) { + if (!($lineToTest->fk_product > 0) && empty($conf->global->STOCK_SUPPORTS_SERVICES)) { $entrepot_id = 0; } $eatby = GETPOST($eatby, 'alpha'); diff --git a/htdocs/salaries/admin/index.html b/htdocs/salaries/admin/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/salaries/admin/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index 775221caeb2..e1225f15258 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -282,7 +282,7 @@ if ($action == 'confirm_delete') { } -if ($action == 'update' && !$_POST["cancel"] && $user->rights->salaries->write) { +if ($action == 'update' && !GETPOST("cancel") && $user->rights->salaries->write) { $amount = price2num(GETPOST('amount'), 'MT', 2); if (empty($amount)) { diff --git a/htdocs/salaries/list.php b/htdocs/salaries/list.php index c007c160a86..b192fa14011 100644 --- a/htdocs/salaries/list.php +++ b/htdocs/salaries/list.php @@ -234,7 +234,7 @@ $help_url = ''; $title = $langs->trans('Salaries'); $sql = "SELECT u.rowid as uid, u.lastname, u.firstname, u.login, u.email, u.admin, u.salary as current_salary, u.fk_soc as fk_soc, u.statut as status,"; -$sql .= " s.rowid, s.fk_account, s.paye, s.fk_user, s.amount, s.salary, s.label, s.datesp, s.dateep, ps.fk_typepayment as paymenttype, "; +$sql .= " s.rowid, s.fk_account, s.paye, s.fk_user, s.amount, s.salary, s.label, s.datesp, s.dateep, s.fk_typepayment as paymenttype, "; $sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel,"; $sql .= " pst.code as payment_code,"; $sql .= " SUM(ps.amount) as alreadypayed"; @@ -279,7 +279,7 @@ if ($search_type_id) { $sql .= " AND s.fk_typepayment=".$search_type_id; } $sql .= " GROUP BY u.rowid, u.lastname, u.firstname, u.login, u.email, u.admin, u.salary, u.fk_soc, u.statut,"; -$sql .= " s.rowid, s.fk_account, s.paye, s.fk_user, s.amount, s.salary, s.label, s.datesp, s.dateep, ps.fk_typepayment, s.fk_bank,"; +$sql .= " s.rowid, s.fk_account, s.paye, s.fk_user, s.amount, s.salary, s.label, s.datesp, s.dateep, s.fk_typepayment, s.fk_bank,"; $sql .= " ba.rowid, ba.ref, ba.number, ba.account_number, ba.fk_accountancy_journal, ba.label,"; $sql .= " pst.code"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php index ac70d5c4a8c..eb9fe8bfd17 100644 --- a/htdocs/salaries/paiement_salary.php +++ b/htdocs/salaries/paiement_salary.php @@ -33,6 +33,7 @@ $langs->load("bills"); $chid = GETPOST("id", 'int'); $action = GETPOST('action', 'alpha'); +$cancel = GETPOST('cancel', 'alpha'); $amounts = array(); // Security check @@ -49,7 +50,7 @@ if ($user->socid > 0) { if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/salaries/card.php?id='.$chid; header("Location: ".$loc); exit; @@ -73,23 +74,23 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y $action = 'create'; } + // Read possible payments + foreach ($_POST as $key => $value) { + if (substr($key, 0, 7) == 'amount_') { + $other_chid = substr($key, 7); + $amounts[$other_chid] = price2num($_POST[$key]); + } + } + + if ($amounts[key($amounts)] <= 0) { + $error++; + setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Amount")), null, 'errors'); + $action = 'create'; + } + if (!$error) { $paymentid = 0; - // Read possible payments - foreach ($_POST as $key => $value) { - if (substr($key, 0, 7) == 'amount_') { - $other_chid = substr($key, 7); - $amounts[$other_chid] = price2num($_POST[$key]); - } - } - - if (count($amounts) <= 0) { - $error++; - setEventMessages($langs->trans("ErrorNoPaymentDefined"), null, 'errors'); - $action = 'create'; - } - if (!$error) { $db->begin(); @@ -174,7 +175,7 @@ if ($action == 'create') { print ''; print ''; - print dol_get_fiche_end(); + print dol_get_fiche_head(); print '
'.dol_print_date($db->jdate($obj->dm), 'day').'".$obj->label."".$tva_static->getNomUrl(1)."'.price($obj->amount)."'.price($obj->amount_tva)."'.$tva_static->getNomUrl(1)."'.$ptva_static->getNomUrl(1)."'.dol_print_date($db->jdate($obj->dm), 'day')."'.dol_print_date($db->jdate($obj->date_payment), 'day')."'; @@ -360,7 +365,7 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { $i++; } print '
'.$langs->trans("Total").''.price($total).'    '.price($obj->amount)."'.$tva_static->getNomUrl(1)."'.$ptva_static->getNomUrl(1)."'.dol_print_date($db->jdate($obj->dp), 'day')."'.price($obj->amount)."
'.$langs->trans("Label").'transcountry(($lttype == 2 ? "LT2Payment" : "LT1Payment"), $mysoc->country_code)).'">
'.$langs->trans("Label").'transcountry(($lttype == 2 ? "LT2Payment" : "LT1Payment"), $mysoc->country_code)).'">
'.$langs->trans("Amount").'
'.$langs->trans("Account").''; - $form->select_comptes($_POST["accountid"], "accountid", 0, "courant=1", 2); // Affiche liste des comptes courant + $form->select_comptes(GETPOST("accountid", "int"), "accountid", 0, "courant=1", 2); // Affiche liste des comptes courant print '
'.$langs->trans("PaymentMode").''; diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 847dae1bc29..86153e4b38d 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -117,9 +117,9 @@ if ($action == 'setref' && $user->rights->banque->cheque) { } } -if ($action == 'create' && $_POST["accountid"] > 0 && $user->rights->banque->cheque) { +if ($action == 'create' && GETPOST("accountid", "int") > 0 && $user->rights->banque->cheque) { if (is_array($_POST['toRemise'])) { - $result = $object->create($user, $_POST["accountid"], 0, $_POST['toRemise']); + $result = $object->create($user, GETPOST("accountid", "int"), 0, GETPOST('toRemise')); if ($result > 0) { if ($object->statut == 1) { // If statut is validated, we build doc $object->fetch($object->id); // To force to reload all properties in correct property name @@ -134,7 +134,7 @@ if ($action == 'create' && $_POST["accountid"] > 0 && $user->rights->banque->che $outputlangs = new Translate("", $conf); $outputlangs->setDefaultLang($newlang); } - $result = $object->generatePdf($_POST["model"], $outputlangs); + $result = $object->generatePdf(GETPOST("model"), $outputlangs); } header("Location: ".$_SERVER["PHP_SELF"]."?id=".$object->id); @@ -227,7 +227,7 @@ if ($action == 'builddoc' && $user->rights->banque->cheque) { $outputlangs = new Translate("", $conf); $outputlangs->setDefaultLang($newlang); } - $result = $object->generatePdf($_POST["model"], $outputlangs); + $result = $object->generatePdf(GETPOST("model"), $outputlangs); if ($result <= 0) { dol_print_error($db, $object->error); exit; diff --git a/htdocs/compta/paiement/rapport.php b/htdocs/compta/paiement/rapport.php index 139188c7c1b..ba8c9b2a82f 100644 --- a/htdocs/compta/paiement/rapport.php +++ b/htdocs/compta/paiement/rapport.php @@ -70,14 +70,14 @@ if ($action == 'builddoc') { // We save charset_output to restore it because write_file can change it if needed for // output format that does not support UTF8. $sav_charset_output = $outputlangs->charset_output; - if ($rap->write_file($dir, $_POST["remonth"], $_POST["reyear"], $outputlangs) > 0) { + if ($rap->write_file($dir, GETPOST("remonth", "int"), GETPOST("reyear", "int"), $outputlangs) > 0) { $outputlangs->charset_output = $sav_charset_output; } else { $outputlangs->charset_output = $sav_charset_output; dol_print_error($db, $obj->error); } - $year = $_POST["reyear"]; + $year = GETPOST("reyear", "int"); } diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index bc79ff07d47..e796f039f80 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -32,6 +32,8 @@ $langs->load("bills"); $chid = GETPOST("id", 'int'); $action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel'); + $amounts = array(); // Security check @@ -50,15 +52,15 @@ $charge = new ChargeSociales($db); if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/compta/sociales/card.php?id='.$chid; header("Location: ".$loc); exit; } - $datepaye = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); + $datepaye = dol_mktime(12, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int")); - if (!$_POST["paiementtype"] > 0) { + if (!(GETPOST("paiementtype") > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors'); $error++; $action = 'create'; @@ -68,7 +70,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y $error++; $action = 'create'; } - if (!empty($conf->banque->enabled) && !($_POST["accountid"] > 0)) { + if (!empty($conf->banque->enabled) && !(GETPOST("accountid") > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("AccountToCredit")), null, 'errors'); $error++; $action = 'create'; diff --git a/htdocs/compta/paiement_vat.php b/htdocs/compta/paiement_vat.php index c05e11c554c..7fc81e5ac27 100644 --- a/htdocs/compta/paiement_vat.php +++ b/htdocs/compta/paiement_vat.php @@ -33,6 +33,8 @@ $langs->loadLangs(array("banks", "bills")); $chid = GETPOST("id", 'int'); $action = GETPOST('action', 'alpha'); +$cancel = GETPOST('cancel'); + $amounts = array(); // Security check @@ -49,7 +51,7 @@ if ($user->socid > 0) { if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/compta/tva/card.php?id='.$chid; header("Location: ".$loc); exit; @@ -73,23 +75,23 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y $action = 'create'; } + // Read possible payments + foreach ($_POST as $key => $value) { + if (substr($key, 0, 7) == 'amount_') { + $other_chid = substr($key, 7); + $amounts[$other_chid] = price2num(GETPOST($key)); + } + } + + if ($amounts[key($amounts)] <= 0) { + $error++; + setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Amount")), null, 'errors'); + $action = 'create'; + } + if (!$error) { $paymentid = 0; - // Read possible payments - foreach ($_POST as $key => $value) { - if (substr($key, 0, 7) == 'amount_') { - $other_chid = substr($key, 7); - $amounts[$other_chid] = price2num(GETPOST($key)); - } - } - - if (count($amounts) <= 0) { - $error++; - setEventMessages($langs->trans("ErrorNoPaymentDefined"), null, 'errors'); - $action = 'create'; - } - if (!$error) { $db->begin(); diff --git a/htdocs/compta/sociales/card.php b/htdocs/compta/sociales/card.php index 83a6a8f3b3a..c26c62fb7ed 100644 --- a/htdocs/compta/sociales/card.php +++ b/htdocs/compta/sociales/card.php @@ -180,7 +180,7 @@ if ($action == 'add' && $user->rights->tax->charges->creer) { } -if ($action == 'update' && !$_POST["cancel"] && $user->rights->tax->charges->creer) { +if ($action == 'update' && !GETPOST("cancel") && $user->rights->tax->charges->creer) { $amount = price2num(GETPOST('amount'), 'MT'); if (!$dateech) { diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index c4daeb801c6..fdb1e3336df 100755 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -41,6 +41,7 @@ $langs->loadLangs(array('compta', 'banks', 'bills')); $id = GETPOST("id", 'int'); $action = GETPOST("action", "alpha"); +$cancel = GETPOST('cancel'); $confirm = GETPOST('confirm'); $refund = GETPOST("refund", "int"); if (GETPOSTISSET('auto_create_paiement') || $action === 'add') { @@ -74,7 +75,7 @@ $hookmanager->initHooks(array('taxvatcard', 'globalcard')); * Actions */ -if ($_POST["cancel"] == $langs->trans("Cancel") && !$id) { +if ($cancel && !$id) { header("Location: list.php"); exit; } @@ -135,7 +136,7 @@ if ($action == 'reopen' && $user->rights->tax->charges->creer) { } } -if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) { +if ($action == 'add' && $cancel) { $error = 0; $object->fk_account = GETPOST("accountid", 'int'); @@ -260,7 +261,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') { } } -if ($action == 'update' && !$_POST["cancel"] && $user->rights->tax->charges->creer) { +if ($action == 'update' && !GETPOST("cancel") && $user->rights->tax->charges->creer) { $amount = price2num(GETPOST('amount')); if (empty($amount)) { diff --git a/htdocs/contact/canvas/actions_contactcard_common.class.php b/htdocs/contact/canvas/actions_contactcard_common.class.php index a32263cd65e..332b7dd36c6 100644 --- a/htdocs/contact/canvas/actions_contactcard_common.class.php +++ b/htdocs/contact/canvas/actions_contactcard_common.class.php @@ -283,28 +283,28 @@ abstract class ActionsContactCardCommon // phpcs:enable global $langs, $mysoc; - $this->object->old_name = $_POST["old_name"]; - $this->object->old_firstname = $_POST["old_firstname"]; + $this->object->old_name = GETPOST("old_name"); + $this->object->old_firstname = GETPOST("old_firstname"); - $this->object->socid = $_POST["socid"]; - $this->object->lastname = $_POST["name"]; - $this->object->firstname = $_POST["firstname"]; - $this->object->civility_id = $_POST["civility_id"]; - $this->object->poste = $_POST["poste"]; - $this->object->address = $_POST["address"]; - $this->object->zip = $_POST["zipcode"]; - $this->object->town = $_POST["town"]; - $this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id; - $this->object->state_id = $_POST["state_id"]; - $this->object->phone_pro = $_POST["phone_pro"]; - $this->object->phone_perso = $_POST["phone_perso"]; - $this->object->phone_mobile = $_POST["phone_mobile"]; - $this->object->fax = $_POST["fax"]; - $this->object->email = $_POST["email"]; - $this->object->jabberid = $_POST["jabberid"]; - $this->object->priv = $_POST["priv"]; - $this->object->note = $_POST["note"]; - $this->object->canvas = $_POST["canvas"]; + $this->object->socid = GETPOST("socid"); + $this->object->lastname = GETPOST("name"); + $this->object->firstname = GETPOST("firstname"); + $this->object->civility_id = GETPOST("civility_id"); + $this->object->poste = GETPOST("poste"); + $this->object->address = GETPOST("address"); + $this->object->zip = GETPOST("zipcode"); + $this->object->town = GETPOST("town"); + $this->object->country_id = GETPOST("country_id") ? GETPOST("country_id") : $mysoc->country_id; + $this->object->state_id = GETPOST("state_id"); + $this->object->phone_pro = GETPOST("phone_pro"); + $this->object->phone_perso = GETPOST("phone_perso"); + $this->object->phone_mobile = GETPOST("phone_mobile"); + $this->object->fax = GETPOST("fax"); + $this->object->email = GETPOST("email"); + $this->object->jabberid = GETPOST("jabberid"); + $this->object->priv = GETPOST("priv"); + $this->object->note = GETPOST("note", "restricthtml"); + $this->object->canvas = GETPOST("canvas"); // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 421b88ea6b8..b337f0980e6 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -561,7 +561,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $object->state_id = GETPOST("state_id"); // We set country_id, country_code and label for the selected country - $object->country_id = $_POST["country_id"] ?GETPOST("country_id") : (empty($objsoc->country_id) ? $mysoc->country_id : $objsoc->country_id); + $object->country_id = GETPOST("country_id") ? GETPOST("country_id", "int") : (empty($objsoc->country_id) ? $mysoc->country_id : $objsoc->country_id); if ($object->country_id) { $tmparray = getCountry($object->country_id, 'all'); $object->country_code = $tmparray['code']; diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index 8d2969a1370..628c73b0afc 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -45,12 +45,12 @@ $object = new Contact($db); * Action */ -if ($action == 'update' && !$_POST["cancel"] && $user->rights->societe->contact->creer) { +if ($action == 'update' && !GETPOST("cancel") && $user->rights->societe->contact->creer) { $ret = $object->fetch($id); // Note: Correct date should be completed with location to have exact GM time of birth. - $object->birthday = dol_mktime(0, 0, 0, $_POST["birthdaymonth"], $_POST["birthdayday"], $_POST["birthdayyear"]); - $object->birthday_alert = $_POST["birthday_alert"]; + $object->birthday = dol_mktime(0, 0, 0, GETPOST("birthdaymonth"), GETPOST("birthdayday"), GETPOST("birthdayyear")); + $object->birthday_alert = GETPOST("birthday_alert"); if (GETPOST('deletephoto')) { $object->photo = ''; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index e36e96f0833..8fa0ad9c8a5 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1072,9 +1072,9 @@ abstract class CommonObject // Insert into database $sql = "INSERT INTO ".MAIN_DB_PREFIX."element_contact"; $sql .= " (element_id, fk_socpeople, datecreate, statut, fk_c_type_contact) "; - $sql .= " VALUES (".$this->id.", ".$fk_socpeople." , "; + $sql .= " VALUES (".$this->id.", ".((int) $fk_socpeople)." , "; $sql .= "'".$this->db->idate($datecreate)."'"; - $sql .= ", 4, ".$id_type_contact; + $sql .= ", 4, ".((int) $id_type_contact); $sql .= ")"; $resql = $this->db->query($sql); @@ -7688,7 +7688,8 @@ abstract class CommonObject $buyPrice = 0; - if (($unitPrice > 0) && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull == 1)) { // In most cases, test here is false + if (($unitPrice > 0) && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull > 0)) { + // When ForceBuyingPriceIfNull is set $buyPrice = $unitPrice * (1 - $discountPercent / 100); } else { // Get cost price for margin calculation diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 061332c2e8b..4afcf295d40 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -144,13 +144,13 @@ class DiscountAbsolute $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fsup ON sr.fk_invoice_supplier_source = fsup.rowid"; $sql .= " WHERE sr.entity IN (".getEntity('invoice').")"; if ($rowid) { - $sql .= " AND sr.rowid=".$rowid; + $sql .= " AND sr.rowid=".((int) $rowid); } if ($fk_facture_source) { - $sql .= " AND sr.fk_facture_source=".$fk_facture_source; + $sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source); } if ($fk_invoice_supplier_source) { - $sql .= " AND sr.fk_invoice_supplier_source=".$fk_invoice_supplier_source; + $sql .= " AND sr.fk_invoice_supplier_source = ".((int) $fk_invoice_supplier_source); } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 0f8e724692f..36e7eca84b6 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -2002,7 +2002,9 @@ class Form if (!$obj->entity) { $moreinfo .= ($moreinfo ? ' - ' : ' (').$langs->trans("AllEntities"); } else { - $moreinfo .= ($moreinfo ? ' - ' : ' (').($obj->label ? $obj->label : $langs->trans("EntityNameNotDefined")); + if ($obj->entity != $conf->entity) { + $moreinfo .= ($moreinfo ? ' - ' : ' (').($obj->label ? $obj->label : $langs->trans("EntityNameNotDefined")); + } } } $moreinfo .= ($moreinfo ? ')' : ''); diff --git a/htdocs/core/class/html.formaccounting.class.php b/htdocs/core/class/html.formaccounting.class.php index 53852955094..e6ada4d67c7 100644 --- a/htdocs/core/class/html.formaccounting.class.php +++ b/htdocs/core/class/html.formaccounting.class.php @@ -364,7 +364,7 @@ class FormAccounting extends Form $sql = "SELECT DISTINCT aa.account_number, aa.label, aa.labelshort, aa.rowid, aa.fk_pcg_version"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version"; - $sql .= " AND asy.rowid = ".$conf->global->CHARTOFACCOUNTS; + $sql .= " AND asy.rowid = ".((int) $conf->global->CHARTOFACCOUNTS); $sql .= " AND aa.active = 1"; $sql .= " AND aa.entity=".$conf->entity; $sql .= " ORDER BY aa.account_number"; @@ -380,7 +380,7 @@ class FormAccounting extends Form $num_rows = $this->db->num_rows($resql); - if ($num_rows == 0) { + if ($num_rows == 0 && (empty($conf->global->CHARTOFACCOUNTS) || $conf->global->CHARTOFACCOUNTS < 0)) { $langs->load("errors"); $showempty = $langs->trans("ErrorYouMustFirstSetupYourChartOfAccount"); } else { diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 8f8f8e665f7..f56b9f6070e 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -912,8 +912,8 @@ class FormMail extends Form } } - if (GETPOSTISSET("message") && !$_POST['modelselected']) { - $defaultmessage = $_POST["message"]; + if (GETPOSTISSET("message") && !GETPOST('modelselected')) { + $defaultmessage = GETPOST("message", "restricthtml"); } else { $defaultmessage = make_substitutions($defaultmessage, $this->substit); // Clean first \n and br (to avoid empty line when CONTACTCIVNAME is empty) diff --git a/htdocs/core/class/html.formmargin.class.php b/htdocs/core/class/html.formmargin.class.php index c58b0a4036a..f951a3dc198 100644 --- a/htdocs/core/class/html.formmargin.class.php +++ b/htdocs/core/class/html.formmargin.class.php @@ -90,8 +90,10 @@ class FormMargin $line->pa_ht = $product->fourn_unitprice * (1 - $product->fourn_remise_percent / 100); } } - // si prix d'achat non renseigné et devrait l'être, alors prix achat = prix vente - if ((!isset($line->pa_ht) || $line->pa_ht == 0) && $line->subprice > 0 && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull == 1)) { + + // If buy price is not defined (null), we will use the sell price. If defined to 0 (it means it was forced to 0 during insert, for example for a free to get product), we must still use 0. + //if ((!isset($line->pa_ht) || $line->pa_ht == 0) && $line->subprice > 0 && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull > 0)) { + if ((!isset($line->pa_ht)) && $line->subprice > 0 && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull > 0)) { $line->pa_ht = $line->subprice * (1 - ($line->remise_percent / 100)); } diff --git a/htdocs/core/class/notify.class.php b/htdocs/core/class/notify.class.php index add5ccda7b3..345ec5b38e3 100644 --- a/htdocs/core/class/notify.class.php +++ b/htdocs/core/class/notify.class.php @@ -3,6 +3,7 @@ * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2014 Juanjo Menent * Copyright (C) 2018 Philippe Grand + * Copyright (C) 2021 Thibault FOUCART * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -25,7 +26,6 @@ */ require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; - /** * Class to manage notifications */ @@ -80,8 +80,8 @@ class Notify 'SHIPPING_VALIDATE', 'EXPENSE_REPORT_VALIDATE', 'EXPENSE_REPORT_APPROVE', - 'HOLIDAY_VALIDATE', - 'HOLIDAY_APPROVE', + 'HOLIDAY_VALIDATE', + 'HOLIDAY_APPROVE', 'ACTION_CREATE' ); @@ -442,49 +442,54 @@ class Notify switch ($notifcode) { case 'BILL_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->facture->dir_output; + $link = ''.$newref.''; + $dir_output = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice'); $object_type = 'facture'; + $labeltouse = $conf->global->BILL_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextInvoiceValidated", $link); break; case 'BILL_PAYED': - $link = ''.$newref.''; - $dir_output = $conf->facture->dir_output; + $link = ''.$newref.''; + $dir_output = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice'); $object_type = 'facture'; + $labeltouse = $conf->global->BILL_PAYED_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextInvoicePayed", $link); break; case 'ORDER_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->commande->dir_output; + $link = ''.$newref.''; + $dir_output = $conf->commande->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'commande'); $object_type = 'order'; + $labeltouse = $conf->global->ORDER_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextOrderValidated", $link); break; case 'PROPAL_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->propal->multidir_output[$object->entity]; + $link = ''.$newref.''; + $dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal'); $object_type = 'propal'; + $labeltouse = $conf->global->PROPAL_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextProposalValidated", $link); break; case 'PROPAL_CLOSE_SIGNED': - $link = ''.$newref.''; - $dir_output = $conf->propal->multidir_output[$object->entity]; + $link = ''.$newref.''; + $dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal'); $object_type = 'propal'; + $labeltouse = $conf->global->PROPAL_CLOSE_SIGNED_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextProposalClosedSigned", $link); break; case 'FICHINTER_ADD_CONTACT': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->ficheinter->dir_output; $object_type = 'ficheinter'; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextInterventionAddedContact", $link); break; case 'FICHINTER_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->ficheinter->dir_output; $object_type = 'ficheinter'; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextInterventionValidated", $link); break; case 'ORDER_SUPPLIER_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->commande->dir_output; $object_type = 'order_supplier'; $mesg = $outputlangs->transnoentitiesnoconv("Hello").",\n\n"; @@ -492,7 +497,7 @@ class Notify $mesg .= "\n\n".$outputlangs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'ORDER_SUPPLIER_APPROVE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->commande->dir_output; $object_type = 'order_supplier'; $mesg = $outputlangs->transnoentitiesnoconv("Hello").",\n\n"; @@ -500,7 +505,7 @@ class Notify $mesg .= "\n\n".$outputlangs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'ORDER_SUPPLIER_REFUSE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->commande->dir_output; $object_type = 'order_supplier'; $mesg = $outputlangs->transnoentitiesnoconv("Hello").",\n\n"; @@ -508,56 +513,78 @@ class Notify $mesg .= "\n\n".$outputlangs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'SHIPPING_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->expedition->dir_output.'/sending/'; + $link = ''.$newref.''; + $dir_output = $conf->expedition->dir_output."/sending/".get_exdir(0, 0, 0, 1, $object, 'shipment'); $object_type = 'expedition'; + $labeltouse = $conf->global->SHIPPING_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpeditionValidated", $link); break; case 'EXPENSE_REPORT_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->expensereport->dir_output; $object_type = 'expensereport'; + $labeltouse = $conf->global->EXPENSE_REPORT_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpenseReportValidated", $link); break; case 'EXPENSE_REPORT_APPROVE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->expensereport->dir_output; $object_type = 'expensereport'; + $labeltouse = $conf->global->EXPENSE_REPORT_APPROVE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpenseReportApproved", $link); break; case 'HOLIDAY_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->holiday->dir_output; $object_type = 'holiday'; + $labeltouse = $conf->global->HOLIDAY_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextHolidayValidated", $link); break; case 'HOLIDAY_APPROVE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->holiday->dir_output; $object_type = 'holiday'; + $labeltouse = $conf->global->HOLIDAY_APPROVE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextHolidayApproved", $link); - break; + break; case 'ACTION_CREATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->agenda->dir_output; $object_type = 'action'; + $labeltouse = $conf->global->ACTION_CREATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextActionAdded", $link); break; } + + include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; + $formmail = new FormMail($this->db); + $arraydefaultmessage = null; + + if (!empty($labeltouse)) $arraydefaultmessage = $formmail->getEMailTemplate($this->db, $object_type.'_send', $user, $outputlangs, 0, 1, $labeltouse); + if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) { + $substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object); + complete_substitutions_array($substitutionarray, $outputlangs, $object); + $subject = make_substitutions($arraydefaultmessage->topic, $substitutionarray, $outputlangs); + $message = make_substitutions($arraydefaultmessage->content, $substitutionarray, $outputlangs); + } else { + $message = $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification", $application, $mysoc->name)."\n"; + $message .= $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n"; + $message .= "\n"; + $message .= $mesg; + } + $ref = dol_sanitizeFileName($newref); - $pdf_path = $dir_output."/".$ref."/".$ref.".pdf"; + $pdf_path = $dir_output."/".$ref.".pdf"; if (!dol_is_file($pdf_path)) { // We can't add PDF as it is not generated yet. $filepdf = ''; } else { $filepdf = $pdf_path; + $filename_list[] = $filepdf; + $mimetype_list[] = mime_content_type($filepdf); + $mimefilename_list[] = $ref.".pdf"; } - $message = $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification", $application, $mysoc->name)."\n"; - $message .= $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n"; - $message .= "\n"; - $message .= $mesg; - $parameters = array('notifcode'=>$notifcode, 'sendto'=>$sendto, 'replyto'=>$replyto, 'file'=>$filename_list, 'mimefile'=>$mimetype_list, 'filename'=>$mimefilename_list); if (!isset($action)) { $action = ''; @@ -653,49 +680,49 @@ class Notify switch ($notifcode) { case 'BILL_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->facture->dir_output; + $link = ''.$newref.''; + $dir_output = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice'); $object_type = 'facture'; $mesg = $langs->transnoentitiesnoconv("EMailTextInvoiceValidated", $link); break; case 'BILL_PAYED': - $link = ''.$newref.''; - $dir_output = $conf->facture->dir_output; + $link = ''.$newref.''; + $dir_output = $$conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice'); $object_type = 'facture'; $mesg = $langs->transnoentitiesnoconv("EMailTextInvoicePayed", $link); break; case 'ORDER_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->commande->dir_output; + $link = ''.$newref.''; + $dir_output = $conf->commande->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'commande'); $object_type = 'order'; $mesg = $langs->transnoentitiesnoconv("EMailTextOrderValidated", $link); break; case 'PROPAL_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->propal->multidir_output[$object->entity]; + $link = ''.$newref.''; + $dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal'); $object_type = 'propal'; $mesg = $langs->transnoentitiesnoconv("EMailTextProposalValidated", $link); break; case 'PROPAL_CLOSE_SIGNED': - $link = ''.$newref.''; - $dir_output = $conf->propal->multidir_output[$object->entity]; + $link = ''.$newref.''; + $dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal'); $object_type = 'propal'; $mesg = $langs->transnoentitiesnoconv("EMailTextProposalClosedSigned", $link); break; case 'FICHINTER_ADD_CONTACT': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->ficheinter->dir_output; $object_type = 'ficheinter'; $mesg = $langs->transnoentitiesnoconv("EMailTextInterventionAddedContact", $link); break; case 'FICHINTER_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->facture->dir_output; $object_type = 'ficheinter'; $mesg = $langs->transnoentitiesnoconv("EMailTextInterventionValidated", $link); break; case 'ORDER_SUPPLIER_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->commande->dir_output; $object_type = 'order_supplier'; $mesg = $langs->transnoentitiesnoconv("Hello").",\n\n"; @@ -703,7 +730,7 @@ class Notify $mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'ORDER_SUPPLIER_APPROVE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->commande->dir_output; $object_type = 'order_supplier'; $mesg = $langs->transnoentitiesnoconv("Hello").",\n\n"; @@ -711,7 +738,7 @@ class Notify $mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'ORDER_SUPPLIER_APPROVE2': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->commande->dir_output; $object_type = 'order_supplier'; $mesg = $langs->transnoentitiesnoconv("Hello").",\n\n"; @@ -719,7 +746,7 @@ class Notify $mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'ORDER_SUPPLIER_REFUSE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->dir_output.'/commande/'; $object_type = 'order_supplier'; $mesg = $langs->transnoentitiesnoconv("Hello").",\n\n"; @@ -727,37 +754,37 @@ class Notify $mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'SHIPPING_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->expedition->dir_output.'/sending/'; + $link = ''.$newref.''; + $dir_output = $conf->expedition->dir_output."/sending/".get_exdir(0, 0, 0, 1, $object, 'shipment'); $object_type = 'order_supplier'; $mesg = $langs->transnoentitiesnoconv("EMailTextExpeditionValidated", $link); break; case 'EXPENSE_REPORT_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->expensereport->dir_output; $object_type = 'expensereport'; $mesg = $langs->transnoentitiesnoconv("EMailTextExpenseReportValidated", $link); break; case 'EXPENSE_REPORT_APPROVE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->expensereport->dir_output; $object_type = 'expensereport'; $mesg = $langs->transnoentitiesnoconv("EMailTextExpenseReportApproved", $link); break; case 'HOLIDAY_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->holiday->dir_output; $object_type = 'holiday'; $mesg = $langs->transnoentitiesnoconv("EMailTextHolidayValidated", $link); break; case 'HOLIDAY_APPROVE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->holiday->dir_output; $object_type = 'holiday'; $mesg = $langs->transnoentitiesnoconv("EMailTextHolidayApproved", $link); - break; + break; case 'ACTION_CREATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->agenda->dir_output; $object_type = 'action'; $mesg = $langs->transnoentitiesnoconv("EMailTextActionAdded", $link); @@ -770,6 +797,9 @@ class Notify $filepdf = ''; } else { $filepdf = $pdf_path; + $filename_list[] = $pdf_path; + $mimetype_list[] = mime_content_type($filepdf); + $mimefilename_list[] = $ref.".pdf"; } $message .= $langs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n"; diff --git a/htdocs/core/class/rssparser.class.php b/htdocs/core/class/rssparser.class.php index 0f09d232712..c11bdd5563d 100644 --- a/htdocs/core/class/rssparser.class.php +++ b/htdocs/core/class/rssparser.class.php @@ -181,7 +181,7 @@ class RssParser * @param string $urlRSS Url to parse * @param int $maxNb Max nb of records to get (0 for no limit) * @param int $cachedelay 0=No cache, nb of seconds we accept cache files (cachedir must also be defined) - * @param string $cachedir Directory where to save cache file + * @param string $cachedir Directory where to save cache file (For example $conf->externalrss->dir_temp) * @return int <0 if KO, >0 if OK */ public function parser($urlRSS, $maxNb = 0, $cachedelay = 60, $cachedir = '') @@ -189,6 +189,7 @@ class RssParser global $conf; include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + include_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; $rss = ''; $str = ''; // This will contain content of feed @@ -225,21 +226,10 @@ class RssParser $str = file_get_contents($newpathofdestfile); } else { try { - ini_set("user_agent", "Dolibarr ERP-CRM RSS reader"); - ini_set("max_execution_time", $conf->global->MAIN_USE_RESPONSE_TIMEOUT); - ini_set("default_socket_timeout", $conf->global->MAIN_USE_RESPONSE_TIMEOUT); - - $opts = array('http'=>array('method'=>"GET")); - if (!empty($conf->global->MAIN_USE_CONNECT_TIMEOUT)) { - $opts['http']['timeout'] = $conf->global->MAIN_USE_CONNECT_TIMEOUT; + $result = getURLContent($this->_urlRSS, 'GET', '', 1, array(), array('http', 'https'), 0); + if (!empty($result['content'])) { + $str = $result['content']; } - if (!empty($conf->global->MAIN_PROXY_USE)) { - $opts['http']['proxy'] = 'tcp://'.$conf->global->MAIN_PROXY_HOST.':'.$conf->global->MAIN_PROXY_PORT; - } - //var_dump($opts);exit; - $context = stream_context_create($opts); - - $str = file_get_contents($this->_urlRSS, false, $context); } catch (Exception $e) { print 'Error retrieving URL '.$this->_urlRSS.' - '.$e->getMessage(); } diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php index f391f2f6f50..f06bb32b62b 100644 --- a/htdocs/core/class/translate.class.php +++ b/htdocs/core/class/translate.class.php @@ -631,7 +631,7 @@ class Translate // We replace some HTML tags by __xx__ to avoid having them encoded by htmlentities because // we want to keep '"' '' '' '' '' '
' '< ' '' that are reliable HTML tags inside translation strings. $str = str_replace( - array('"', '', '', '', '', '', '', '
', '
', '', '', '', '
', '', '< ', '>'), // We accept '< ' but not '<'. We can accept however '>' + array('"', '', '', '', '', '', '
', '
', '', '', '', '
', '', '< ', '>'), // We accept '< ' but not '<'. We can accept however '>' array('__quot__', '__tagb__', '__tagbend__', '__tagu__', '__taguend__', '__tagi__', '__tagiend__', '__tagcenter__', '__tagcenterend__', '__tagb__', '__tagbend__', '__taga__', '__tagaend__', '__tagbr__', '__tagspan__', '__tagspanend__', '__ltspace__', '__gt__'), $str ); @@ -646,7 +646,7 @@ class Translate // Restore reliable HTML tags into original translation string $str = str_replace( array('__quot__', '__tagb__', '__tagbend__', '__tagu__', '__taguend__', '__tagi__', '__tagiend__', '__tagcenter__', '__tagcenterend__', '__taga__', '__tagaend__', '__tagbr__', '__tagspan__', '__tagspanend__', '__ltspace__', '__gt__'), - array('"', '', '', '', '', '', '', '
', '
', '', '
', '', '< ', '>'), + array('"', '', '', '', '', '', '
', '
', '', '
', '', '< ', '>'), $str ); diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 72de6036e8f..d2c75082318 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -303,14 +303,17 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle if ($offsetforchartofaccount > 0) { // Replace lines - // 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401, 'PCG99-ABREGE', 'CAPIT', '1234', 1400, '...', 1);' + // 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401, 'PCG99-ABREGE', 'CAPIT', '1234', 1400,...' // with - // 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401 + 200100000, 'PCG99-ABREGE','CAPIT', '1234', 1400 + 200100000, '...', 1);' - // Note: string with 1234 instead of '1234' is also supported + // 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401 + 200100000, 'PCG99-ABREGE','CAPIT', '1234', 1400 + 200100000,...' + // Note: string with 'PCG99-ABREGE','CAPIT', 1234 instead of 'PCG99-ABREGE','CAPIT', '1234' is also supported $newsql = preg_replace('/VALUES\s*\(__ENTITY__, \s*(\d+)\s*,(\s*\'[^\',]*\'\s*,\s*\'[^\',]*\'\s*,\s*\'?[^\',]*\'?\s*),\s*\'?([^\',]*)\'?/ims', 'VALUES (__ENTITY__, \1 + '.$offsetforchartofaccount.', \2, \3 + '.$offsetforchartofaccount, $newsql); $newsql = preg_replace('/([,\s])0 \+ '.$offsetforchartofaccount.'/ims', '\1 0', $newsql); //var_dump($newsql); $arraysql[$i] = $newsql; + + // FIXME Because we force the rowid during insert, we must also update the sequence with postgresql by running + // SELECT dol_util_rebuild_sequences(); } } @@ -568,7 +571,7 @@ function dolibarr_get_const($db, $name, $entity = 1) * @param DoliDB $db Database handler * @param string $name Name of constant * @param string $value Value of constant - * @param string $type Type of constante (chaine par defaut) + * @param string $type Type of constant ('chaine by default) * @param int $visible Is constant visible in Setup->Other page (0 by default) * @param string $note Note on parameter * @param int $entity Multi company id (0 means all entities) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 42f669368d3..d4e35f12d70 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -355,6 +355,7 @@ function GETPOSTISSET($paramname) * 'int'=check it's numeric (integer or float) * 'intcomma'=check it's integer+comma ('1,2,3,4...') * 'alpha'=Same than alphanohtml since v13 + * 'alphawithlgt'=alpha with lgt * 'alphanohtml'=check there is no html content and no " and no ../ * 'aZ'=check it's a-z only * 'aZ09'=check it's simple alpha string (recommended for keys) @@ -745,20 +746,29 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = case 'alpha': // No html and no ../ and " case 'alphanohtml': // Recommended for most scalar parameters and search parameters if (!is_array($out)) { + $out = dol_string_nohtmltag($out, 0); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '../' is dangerous because it allows dir transversals - $out = str_replace(array('"', '"'), '', trim($out)); - $out = str_replace(array('../'), '', $out); + $out = trim($out); + do { + $oldstringtoclean = $out; + // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + } while ($oldstringtoclean != $out); // keep lines feed - $out = dol_string_nohtmltag($out, 0); } break; case 'alphawithlgt': // No " and no ../ but we keep balanced < > tags with no special chars inside. Can be used for email string like "Name " if (!is_array($out)) { + $out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8'); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '../' is dangerous because it allows dir transversals - $out = str_replace(array('"', '"'), '', trim($out)); - $out = str_replace(array('../'), '', $out); + $out = trim($out); + do { + $oldstringtoclean = $out; + // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + } while ($oldstringtoclean != $out); } break; case 'restricthtml': // Recommended for most html textarea @@ -3521,14 +3531,15 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'delete', 'dolly', 'dollyrevert', 'donation', 'download', 'edit', 'ellipsis-h', 'email', 'eraser', 'external-link-alt', 'external-link-square-alt', 'filter', 'file-code', 'file-export', 'file-import', 'file-upload', 'folder', 'folder-open', 'globe', 'globe-americas', 'grip', 'grip_title', 'group', 'help', 'holiday', - 'info', 'intervention', 'inventory', 'label', 'language', 'link', 'list', 'listlight', 'loan', 'lot', 'long-arrow-alt-right', + 'info', 'intervention', 'inventory', 'intracommreport', + 'label', 'language', 'link', 'list', 'listlight', 'loan', 'lot', 'long-arrow-alt-right', 'margin', 'map-marker-alt', 'member', 'meeting', 'money-bill-alt', 'movement', 'mrp', 'note', 'next', 'object_accounting', 'object_account', 'object_accountline', 'object_action', 'object_asset', 'object_barcode', 'object_bill', 'object_billr', 'object_billa', 'object_billd', 'object_bom', 'object_category', 'conferenceorbooth', 'object_conversation', 'object_bookmark', 'object_bug', 'object_clock', 'object_dolly', 'object_dollyrevert', 'object_folder', 'object_folder-open','object_generic', 'object_list-alt', 'object_calendar', 'object_calendarweek', 'object_calendarmonth', 'object_calendarday', 'object_calendarperuser', 'object_cash-register', 'object_company', 'object_contact', 'object_contract', 'object_cron', 'object_donation', 'object_dynamicprice', - 'object_globe', 'object_holiday', 'object_hrm', 'object_invoice', 'object_intervention', 'object_inventory', 'object_label', + 'object_globe', 'object_holiday', 'object_hrm', 'object_invoice', 'object_intervention', 'object_inventory', 'object_intracommreport', 'object_label', 'object_margin', 'object_members', 'object_money-bill-alt', 'object_multicurrency', 'object_order', 'object_payment', 'object_lot', 'object_mrp', 'object_other', 'object_payment', 'object_pdf', 'object_product', 'object_propal', @@ -3576,7 +3587,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'email'=>'at', 'edit'=>'pencil-alt', 'grip_title'=>'arrows-alt', 'grip'=>'arrows-alt', 'help'=>'question-circle', 'generic'=>'file', 'holiday'=>'umbrella-beach', - 'info'=>'info-circle', 'inventory'=>'boxes', 'label'=>'layer-group', 'loan'=>'money-bill-alt', + 'info'=>'info-circle', 'inventory'=>'boxes', 'intracommreport'=>'globe-europe', 'label'=>'layer-group', 'loan'=>'money-bill-alt', 'member'=>'user-alt', 'meeting'=>'chalkboard-teacher', 'mrp'=>'cubes', 'next'=>'arrow-alt-circle-right', 'trip'=>'wallet', 'group'=>'users', 'movement'=>'people-carry', 'sign-out'=>'sign-out-alt', @@ -6267,16 +6278,20 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed = 1, $pagecodeto = * @param int $cleanalsosomestyles Remove absolute/fixed positioning from inline styles * @param int $removeclassattribute 1=Remove the class attribute from tags * @param int $cleanalsojavascript Remove also occurence of 'javascript:'. + * @param int $allowiframe Allow iframe tags. * @return string String cleaned * * @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_neverthesehtmltags() */ -function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $removeclassattribute = 1, $cleanalsojavascript = 0) +function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $removeclassattribute = 1, $cleanalsojavascript = 0, $allowiframe = 0) { $allowed_tags = array( "html", "head", "meta", "body", "article", "a", "abbr", "b", "blockquote", "br", "cite", "div", "dl", "dd", "dt", "em", "font", "img", "ins", "hr", "i", "li", "link", "ol", "p", "q", "s", "section", "span", "strike", "strong", "title", "table", "tr", "th", "td", "u", "ul", "sup", "sub", "blockquote", "pre", "h1", "h2", "h3", "h4", "h5", "h6" ); + if ($allowiframe) { + $allowed_tags[] = "iframe"; + } $allowed_tags_string = join("><", $allowed_tags); $allowed_tags_string = '<'.$allowed_tags_string.'>'; @@ -6322,9 +6337,11 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, * * @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_onlythesehtmltags() dol_string_neverthesehtmltags() */ -function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes = array("alt", "class", "contenteditable", "data-html", "href", "id", "name", "src", "style", "target", "title")) +function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes = array("allow", "allowfullscreen", "alt", "class", "contenteditable", "data-html", "frameborder", "height", "href", "id", "name", "src", "style", "target", "title", "width")) { if (class_exists('DOMDocument') && !empty($stringtoclean)) { + $stringtoclean = ''.$stringtoclean.''; + $dom = new DOMDocument(); $dom->loadHTML($stringtoclean, LIBXML_ERR_NONE|LIBXML_HTML_NOIMPLIED|LIBXML_HTML_NODEFDTD|LIBXML_NONET|LIBXML_NOWARNING|LIBXML_NOXMLDECL); if (is_object($dom)) { @@ -6338,7 +6355,12 @@ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes } } - return $dom->saveHTML(); + $return = $dom->saveHTML(); + + //$return = 'aaaa

bb

ssdd

'."\n

aaa

aa

bb

"; + $return = preg_replace('/^/', '', $return); + $return = preg_replace('/<\/body><\/html>$/', '', $return); + return $return; } else { return $stringtoclean; } diff --git a/htdocs/core/lib/product.lib.php b/htdocs/core/lib/product.lib.php index d5d52761140..e8ce515317f 100644 --- a/htdocs/core/lib/product.lib.php +++ b/htdocs/core/lib/product.lib.php @@ -328,6 +328,11 @@ function product_lot_admin_prepare_head() $h = 0; $head = array(); + $head[$h][0] = DOL_URL_ROOT."/product/admin/product_lot.php"; + $head[$h][1] = $langs->trans('Parameters'); + $head[$h][2] = 'settings'; + $h++; + // Show more tabs from modules // Entries must be declared in modules descriptor with line // $this->tabs = array('entity:+tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to add new tab diff --git a/htdocs/core/modules/expensereport/doc/index.html b/htdocs/core/modules/expensereport/doc/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/core/modules/expensereport/doc/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/core/modules/mailings/thirdparties.modules.php b/htdocs/core/modules/mailings/thirdparties.modules.php index 8b8a57f6628..b3b88224df6 100644 --- a/htdocs/core/modules/mailings/thirdparties.modules.php +++ b/htdocs/core/modules/mailings/thirdparties.modules.php @@ -83,13 +83,13 @@ class mailing_thirdparties extends MailingTargets if (GETPOSTISSET("filter_client") && GETPOST("filter_client") <> '-1') { $addFilter .= " AND s.client=".((int) GETPOST("filter_client", 'int')); $addDescription = $langs->trans('ProspectCustomer')."="; - if ($_POST["filter_client"] == 0) { + if (GETPOST("filter_client") == 0) { $addDescription .= $langs->trans('NorProspectNorCustomer'); - } elseif ($_POST["filter_client"] == 1) { + } elseif (GETPOST("filter_client") == 1) { $addDescription .= $langs->trans('Customer'); - } elseif ($_POST["filter_client"] == 2) { + } elseif (GETPOST("filter_client") == 2) { $addDescription .= $langs->trans('Prospect'); - } elseif ($_POST["filter_client"] == 3) { + } elseif (GETPOST("filter_client") == 3) { $addDescription .= $langs->trans('ProspectCustomer'); } else { $addDescription .= "Unknown status ".GETPOST("filter_client"); diff --git a/htdocs/core/modules/modExternalSite.class.php b/htdocs/core/modules/modExternalSite.class.php index a996a55ddaa..71c3387ff5e 100644 --- a/htdocs/core/modules/modExternalSite.class.php +++ b/htdocs/core/modules/modExternalSite.class.php @@ -67,7 +67,7 @@ class modExternalSite extends DolibarrModules $this->dirs = array(); // Config pages. Put here list of php page names stored in admmin directory used to setup module - $this->config_page_url = array("externalsite.php@externalsite"); + $this->config_page_url = array("index.php@externalsite"); // Dependencies $this->depends = array(); // List of modules id that must be enabled if this module is enabled diff --git a/htdocs/core/modules/modIntracommreport.class.php b/htdocs/core/modules/modIntracommreport.class.php index 077f51ab519..47ef889e2dd 100644 --- a/htdocs/core/modules/modIntracommreport.class.php +++ b/htdocs/core/modules/modIntracommreport.class.php @@ -44,13 +44,13 @@ class modIntracommreport extends DolibarrModules $this->numero = 68000; $this->family = "financial"; - $this->module_position = '100'; + $this->module_position = '60'; // Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module) $this->name = preg_replace('/^mod/i', '', get_class($this)); $this->description = "Intracomm report management (Support for French DEB/DES format)"; // Possible values for version are: 'development', 'experimental', 'dolibarr' or 'dolibarr_deprecated' or version - $this->version = 'development'; + $this->version = 'experimental'; $this->const_name = 'MAIN_MODULE_'.strtoupper($this->name); $this->picto = 'intracommreport'; diff --git a/htdocs/core/modules/modProductBatch.class.php b/htdocs/core/modules/modProductBatch.class.php index 166b8f6e637..79529898bb0 100644 --- a/htdocs/core/modules/modProductBatch.class.php +++ b/htdocs/core/modules/modProductBatch.class.php @@ -64,8 +64,8 @@ class modProductBatch extends DolibarrModules // Data directories to create when module is enabled. $this->dirs = array(); - // Config pages. Put here list of php page, stored into /product/admin/ directory, to setup the module. - $this->config_page_url = array("product_lot_extrafields.php@product"); + // Config pages. Put here list of php page, stored into productdluo/admin directory, to use to setup module. + $this->config_page_url = array("product_lot.php@product"); // Dependencies $this->hidden = false; // A condition to hide module @@ -76,8 +76,24 @@ class modProductBatch extends DolibarrModules $this->need_dolibarr_version = array(3, 0); // Minimum version of Dolibarr required by module $this->langfiles = array("productbatch"); + // Constants // Constants $this->const = array(); + $r = 0; + + $this->const[$r][0] = "PRODUCTBATCH_LOT_ADDON"; + $this->const[$r][1] = "chaine"; + $this->const[$r][2] = "mod_lot_free"; + $this->const[$r][3] = 'Module to control product codes'; + $this->const[$r][4] = 0; + $r++; + + $this->const[$r][0] = "PRODUCTBATCH_SN_ADDON"; + $this->const[$r][1] = "chaine"; + $this->const[$r][2] = "mod_sn_free"; + $this->const[$r][3] = 'Module to control product codes'; + $this->const[$r][4] = 0; + $r++; $this->tabs = array(); diff --git a/htdocs/core/modules/movement/doc/index.html b/htdocs/core/modules/movement/doc/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/core/modules/movement/doc/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/core/modules/product/doc/index.html b/htdocs/core/modules/product/doc/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/core/modules/product/doc/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/core/modules/product_batch/mod_lot_advanced.php b/htdocs/core/modules/product_batch/mod_lot_advanced.php new file mode 100644 index 00000000000..d8629b92dd6 --- /dev/null +++ b/htdocs/core/modules/product_batch/mod_lot_advanced.php @@ -0,0 +1,145 @@ + + * Copyright (C) 2004-2007 Laurent Destailleur + * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2008 Raphael Bertrand (Resultic) + * Copyright (C) 2019 Frédéric France + * Copyright (C) 2021 Christophe Battarel + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file htdocs/core/modules/product_batch/mod_lot_advanced.php + * \ingroup productbatch + * \brief File containing class for numbering model of Lot advanced + */ + +require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php'; + + +/** + * Class to manage Batch numbering rules advanced + */ +class mod_lot_advanced extends ModeleNumRefBatch +{ + /** + * Dolibarr version of the loaded document + * @var string + */ + public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' + + /** + * @var string Error message + */ + public $error = ''; + + /** + * @var string name + */ + public $name = 'lot_advanced'; + + + /** + * Returns the description of the numbering model + * + * @return string Texte descripif + */ + public function info() + { + global $conf, $langs, $db; + + $langs->load("bills"); + + $form = new Form($db); + + $texte = $langs->trans('GenericNumRefModelDesc')."
\n"; + $texte .= '
'; + $texte .= ''; + $texte .= ''; + $texte .= ''; + $texte .= ''; + + $tooltip = $langs->trans("GenericMaskCodes", $langs->transnoentities("Batch"), $langs->transnoentities("Batch")); + $tooltip .= $langs->trans("GenericMaskCodes2"); + $tooltip .= $langs->trans("GenericMaskCodes3"); + $tooltip .= $langs->trans("GenericMaskCodes4a", $langs->transnoentities("Batch"), $langs->transnoentities("Batch")); + $tooltip .= $langs->trans("GenericMaskCodes5"); + + // Parametrage du prefix + $texte .= ''; + $texte .= ''; + + $texte .= ''; + + $texte .= ''; + + $texte .= '
'.$langs->trans("Mask").':'.$form->textwithpicto('', $tooltip, 1, 1).' 
'; + $texte .= '
'; + + return $texte; + } + + /** + * Return an example of numbering + * + * @return string Example + */ + public function getExample() + { + global $conf, $langs, $mysoc; + + $old_code_client = $mysoc->code_client; + $old_code_type = $mysoc->typent_code; + $mysoc->code_client = 'CCCCCCCCCC'; + $mysoc->typent_code = 'TTTTTTTTTT'; + $numExample = $this->getNextValue($mysoc, ''); + $mysoc->code_client = $old_code_client; + $mysoc->typent_code = $old_code_type; + + if (!$numExample) { + $numExample = $langs->trans('NotConfigured'); + } + return $numExample; + } + + /** + * Return next free value + * + * @param Product $objprod Object product + * @param Object $object Object we need next value for + * @return string Value if KO, <0 if KO + */ + public function getNextValue($objprod, $object) + { + global $db, $conf; + + require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; + + // We get cursor rule + $mask = $conf->global->BATCH_ADVANCED_MASK; + + if (!$mask) { + $this->error = 'NotConfigured'; + return 0; + } + + $date = $object->date; + + $numFinal = get_next_value($db, $mask, 'product_lot', 'ref', '', null, $date); + + return $numFinal; + } +} diff --git a/htdocs/core/modules/product_batch/mod_lot_free.php b/htdocs/core/modules/product_batch/mod_lot_free.php new file mode 100644 index 00000000000..0f069143ab1 --- /dev/null +++ b/htdocs/core/modules/product_batch/mod_lot_free.php @@ -0,0 +1,105 @@ + + * Copyright (C) 2006-2009 Laurent Destailleur + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file htdocs/core/modules/product/mod_lot_free.php + * \ingroup productbatch + * \brief File containing class for numbering model of Lot free + */ + +require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php'; + +/** + * \class mod_codeproduct_leopard + * \brief Classe permettant la gestion leopard des codes produits + */ +class mod_lot_free extends ModeleNumRefBatch +{ + /* + * Attention ce module est utilise par defaut si aucun module n'a + * ete definit dans la configuration + * + * Le fonctionnement de celui-ci doit donc rester le plus ouvert possible + */ + + + /** + * @var string model name + */ + public $name = 'lot_free'; + + public $code_modifiable; // Code modifiable + + public $code_modifiable_invalide; // Code modifiable si il est invalide + + public $code_modifiable_null; // Code modifiables si il est null + + public $code_null; // Code facultatif + + /** + * Dolibarr version of the loaded document + * @var string + */ + public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' + + /** + * @var int Automatic numbering + */ + public $code_auto; + + + /** + * Constructor + */ + public function __construct() + { + $this->code_null = 1; + $this->code_modifiable = 1; + $this->code_modifiable_invalide = 1; + $this->code_modifiable_null = 1; + $this->code_auto = 0; + } + + + /** + * Return description of module + * + * @return string Description of module + */ + public function info() + { + global $langs; + $langs->load("companies"); + return $langs->trans("LeopardNumRefModelDesc"); + } + + + /** + * Return an example of result returned by getNextValue + * + * @param product $objproduct Object product + * @param int $type Type of third party (1:customer, 2:supplier, -1:autodetect) + * @return string Return next value + */ + public function getNextValue($objproduct = 0, $type = -1) + { + global $langs; + return ''; + } +} diff --git a/htdocs/core/modules/product_batch/mod_lot_standard.php b/htdocs/core/modules/product_batch/mod_lot_standard.php new file mode 100644 index 00000000000..0d2b5a55139 --- /dev/null +++ b/htdocs/core/modules/product_batch/mod_lot_standard.php @@ -0,0 +1,145 @@ + + * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2021 Christophe Battarel + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file htdocs/core/modules/product_batch/mod_lot_standard.php + * \ingroup productbatch + * \brief File of class to manage Lot numbering rules standard + */ +require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php'; + +/** + * Class to manage MO numbering rules standard + */ +class mod_lot_standard extends ModeleNumRefBatch +{ + /** + * Dolibarr version of the loaded document + * @var string + */ + public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' + + public $prefix = 'LOT'; + + /** + * @var string Error code (or message) + */ + public $error = ''; + + /** + * @var string name + */ + public $name = 'lot_standard'; + + + /** + * Return description of numbering module + * + * @return string Text with description + */ + public function info() + { + global $langs; + return $langs->trans("SimpleNumRefModelDesc", $this->prefix); + } + + + /** + * Return an example of numbering + * + * @return string Example + */ + public function getExample() + { + return $this->prefix."0501-0001"; + } + + + /** + * Checks if the numbers already in the database do not + * cause conflicts that would prevent this numbering working. + * + * @return boolean false if conflict, true if ok + */ + public function canBeActivated() + { + global $conf, $langs, $db; + + $coyymm = ''; $max = ''; + + $posindice = strlen($this->prefix) + 6; + $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; + $sql .= " FROM ".MAIN_DB_PREFIX."product_lot"; + $sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'"; + $sql .= " AND entity = ".$conf->entity; + + $resql = $db->query($sql); + if ($resql) { + $row = $db->fetch_row($resql); + if ($row) { $coyymm = substr($row[0], 0, 6); $max = $row[0]; } + } + if ($coyymm && !preg_match('/'.$this->prefix.'[0-9][0-9][0-9][0-9]/i', $coyymm)) { + $langs->load("errors"); + $this->error = $langs->trans('ErrorNumRefModel', $max); + return false; + } + + return true; + } + + /** + * Return next free value + * + * @param Product $objprod Object product + * @param Object $object Object we need next value for + * @return string Value if KO, <0 if KO + */ + public function getNextValue($objprod, $object) + { + global $db, $conf; + + // First, we get the max value + $posindice = strlen($this->prefix) + 6; + $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; + $sql .= " FROM ".MAIN_DB_PREFIX."product_lot"; + $sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'"; + $sql .= " AND entity = ".$conf->entity; + + $resql = $db->query($sql); + if ($resql) { + $obj = $db->fetch_object($resql); + if ($obj) $max = intval($obj->max); + else $max = 0; + } else { + dol_syslog("mod_lot_standard::getNextValue", LOG_DEBUG); + return -1; + } + + //$date=time(); + $date = $object->date_creation; + $yymm = strftime("%y%m", $date); + + if ($max >= (pow(10, 4) - 1)) $num = $max + 1; // If counter > 9999, we do not format on 4 chars, we take number as it is + else $num = sprintf("%04s", $max + 1); + + dol_syslog("mod_lot_standard::getNextValue return ".$this->prefix.$yymm."-".$num); + return $this->prefix.$yymm."-".$num; + } +} diff --git a/htdocs/core/modules/product_batch/mod_sn_advanced.php b/htdocs/core/modules/product_batch/mod_sn_advanced.php new file mode 100644 index 00000000000..89d70a8239d --- /dev/null +++ b/htdocs/core/modules/product_batch/mod_sn_advanced.php @@ -0,0 +1,145 @@ + + * Copyright (C) 2004-2007 Laurent Destailleur + * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2008 Raphael Bertrand (Resultic) + * Copyright (C) 2019 Frédéric France + * Copyright (C) 2021 Christophe Battarel + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file htdocs/core/modules/product_batch/mod_batch_advanced.php + * \ingroup productbatch + * \brief File containing class for numbering model of SN advanced + */ + +require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php'; + + +/** + * Class to manage Batch numbering rules advanced + */ +class mod_sn_advanced extends ModeleNumRefBatch +{ + /** + * Dolibarr version of the loaded document + * @var string + */ + public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' + + /** + * @var string Error message + */ + public $error = ''; + + /** + * @var string name + */ + public $name = 'sn_advanced'; + + + /** + * Returns the description of the numbering model + * + * @return string Texte descripif + */ + public function info() + { + global $conf, $langs, $db; + + $langs->load("bills"); + + $form = new Form($db); + + $texte = $langs->trans('GenericNumRefModelDesc')."
\n"; + $texte .= '
'; + $texte .= ''; + $texte .= ''; + $texte .= ''; + $texte .= ''; + + $tooltip = $langs->trans("GenericMaskCodes", $langs->transnoentities("Batch"), $langs->transnoentities("Batch")); + $tooltip .= $langs->trans("GenericMaskCodes2"); + $tooltip .= $langs->trans("GenericMaskCodes3"); + $tooltip .= $langs->trans("GenericMaskCodes4a", $langs->transnoentities("Batch"), $langs->transnoentities("Batch")); + $tooltip .= $langs->trans("GenericMaskCodes5"); + + // Parametrage du prefix + $texte .= ''; + $texte .= ''; + + $texte .= ''; + + $texte .= ''; + + $texte .= '
'.$langs->trans("Mask").':'.$form->textwithpicto('', $tooltip, 1, 1).' 
'; + $texte .= '
'; + + return $texte; + } + + /** + * Return an example of numbering + * + * @return string Example + */ + public function getExample() + { + global $conf, $langs, $mysoc; + + $old_code_client = $mysoc->code_client; + $old_code_type = $mysoc->typent_code; + $mysoc->code_client = 'CCCCCCCCCC'; + $mysoc->typent_code = 'TTTTTTTTTT'; + $numExample = $this->getNextValue($mysoc, ''); + $mysoc->code_client = $old_code_client; + $mysoc->typent_code = $old_code_type; + + if (!$numExample) { + $numExample = $langs->trans('NotConfigured'); + } + return $numExample; + } + + /** + * Return next free value + * + * @param Product $objprod Object product + * @param Object $object Object we need next value for + * @return string Value if KO, <0 if KO + */ + public function getNextValue($objprod, $object) + { + global $db, $conf; + + require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; + + // We get cursor rule + $mask = $conf->global->BATCH_ADVANCED_MASK; + + if (!$mask) { + $this->error = 'NotConfigured'; + return 0; + } + + $date = $object->date; + + $numFinal = get_next_value($db, $mask, 'product_sn', 'ref', '', null, $date); + + return $numFinal; + } +} diff --git a/htdocs/core/modules/product_batch/mod_sn_free.php b/htdocs/core/modules/product_batch/mod_sn_free.php new file mode 100644 index 00000000000..95e1bd20359 --- /dev/null +++ b/htdocs/core/modules/product_batch/mod_sn_free.php @@ -0,0 +1,104 @@ + + * Copyright (C) 2006-2009 Laurent Destailleur + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file htdocs/core/modules/product/mod_sn_free.php + * \ingroup productbatch + * \brief File containing class for numbering model of SN free + */ + +require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php'; + +/** + * \class mod_codeproduct_leopard + * \brief Classe permettant la gestion leopard des codes produits + */ +class mod_sn_free extends ModeleNumRefBatch +{ + /* + * Attention ce module est utilise par defaut si aucun module n'a + * ete definit dans la configuration + * + * Le fonctionnement de celui-ci doit donc rester le plus ouvert possible + */ + + /** + * @var string model name + */ + public $name = 'sn_free'; + + public $code_modifiable; // Code modifiable + + public $code_modifiable_invalide; // Code modifiable si il est invalide + + public $code_modifiable_null; // Code modifiables si il est null + + public $code_null; // Code facultatif + + /** + * Dolibarr version of the loaded document + * @var string + */ + public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' + + /** + * @var int Automatic numbering + */ + public $code_auto; + + + /** + * Constructor + */ + public function __construct() + { + $this->code_null = 1; + $this->code_modifiable = 1; + $this->code_modifiable_invalide = 1; + $this->code_modifiable_null = 1; + $this->code_auto = 0; + } + + + /** + * Return description of module + * + * @return string Description of module + */ + public function info() + { + global $langs; + $langs->load("companies"); + return $langs->trans("LeopardNumRefModelDesc"); + } + + + /** + * Return an example of result returned by getNextValue + * + * @param product $objproduct Object product + * @param int $type Type of third party (1:customer, 2:supplier, -1:autodetect) + * @return string Return next value + */ + public function getNextValue($objproduct = 0, $type = -1) + { + global $langs; + return ''; + } +} diff --git a/htdocs/core/modules/product_batch/mod_sn_standard.php b/htdocs/core/modules/product_batch/mod_sn_standard.php new file mode 100644 index 00000000000..bef5efcd9f8 --- /dev/null +++ b/htdocs/core/modules/product_batch/mod_sn_standard.php @@ -0,0 +1,145 @@ + + * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2021 Christophe Battarel + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file htdocs/core/modules/product_batch/mod_sn_standard.php + * \ingroup productbatch + * \brief File of class to manage SN numbering rules standard + */ +require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php'; + +/** + * Class to manage MO numbering rules standard + */ +class mod_sn_standard extends ModeleNumRefBatch +{ + /** + * Dolibarr version of the loaded document + * @var string + */ + public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' + + public $prefix = 'SN'; + + /** + * @var string Error code (or message) + */ + public $error = ''; + + /** + * @var string name + */ + public $name = 'sn_standard'; + + + /** + * Return description of numbering module + * + * @return string Text with description + */ + public function info() + { + global $langs; + return $langs->trans("SimpleNumRefModelDesc", $this->prefix); + } + + + /** + * Return an example of numbering + * + * @return string Example + */ + public function getExample() + { + return $this->prefix."0501-0001"; + } + + + /** + * Checks if the numbers already in the database do not + * cause conflicts that would prevent this numbering working. + * + * @return boolean false if conflict, true if ok + */ + public function canBeActivated() + { + global $conf, $langs, $db; + + $coyymm = ''; $max = ''; + + $posindice = strlen($this->prefix) + 6; + $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; + $sql .= " FROM ".MAIN_DB_PREFIX."product_lot"; + $sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'"; + $sql .= " AND entity = ".$conf->entity; + + $resql = $db->query($sql); + if ($resql) { + $row = $db->fetch_row($resql); + if ($row) { $coyymm = substr($row[0], 0, 6); $max = $row[0]; } + } + if ($coyymm && !preg_match('/'.$this->prefix.'[0-9][0-9][0-9][0-9]/i', $coyymm)) { + $langs->load("errors"); + $this->error = $langs->trans('ErrorNumRefModel', $max); + return false; + } + + return true; + } + + /** + * Return next free value + * + * @param Product $objprod Object product + * @param Object $object Object we need next value for + * @return string Value if KO, <0 if KO + */ + public function getNextValue($objprod, $object) + { + global $db, $conf; + + // First, we get the max value + $posindice = strlen($this->prefix) + 6; + $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; + $sql .= " FROM ".MAIN_DB_PREFIX."product_lot"; + $sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'"; + $sql .= " AND entity = ".$conf->entity; + + $resql = $db->query($sql); + if ($resql) { + $obj = $db->fetch_object($resql); + if ($obj) $max = intval($obj->max); + else $max = 0; + } else { + dol_syslog("mod_sn_standard::getNextValue", LOG_DEBUG); + return -1; + } + + //$date=time(); + $date = $object->date_creation; + $yymm = strftime("%y%m", $date); + + if ($max >= (pow(10, 4) - 1)) $num = $max + 1; // If counter > 9999, we do not format on 4 chars, we take number as it is + else $num = sprintf("%04s", $max + 1); + + dol_syslog("mod_sn_standard::getNextValue return ".$this->prefix.$yymm."-".$num); + return $this->prefix.$yymm."-".$num; + } +} diff --git a/htdocs/core/modules/product_batch/modules_product_batch.class.php b/htdocs/core/modules/product_batch/modules_product_batch.class.php index f5ef6ac3dda..42d4d052bfe 100644 --- a/htdocs/core/modules/product_batch/modules_product_batch.class.php +++ b/htdocs/core/modules/product_batch/modules_product_batch.class.php @@ -65,3 +65,89 @@ abstract class ModelePDFProductBatch extends CommonDocGenerator return $list; } } + +/** + * Parent class to manage numbering of batch products + */ +abstract class ModeleNumRefBatch +{ + /** + * @var string Error code (or message) + */ + public $error = ''; + + /** + * Return if a module can be used or not + * + * @return boolean true if module can be used + */ + public function isEnabled() + { + return true; + } + + /** + * Returns the default description of the numbering template + * + * @return string Texte descripif + */ + public function info() + { + global $langs; + $langs->load("productbatch"); + return $langs->trans("NoDescription"); + } + + /** + * Returns an example of numbering + * + * @return string Example + */ + public function getExample() + { + global $langs; + $langs->load("productbatch"); + return $langs->trans("NoExample"); + } + + /** + * Checks if the numbers already in the database do not + * cause conflicts that would prevent this numbering working. + * + * @return boolean false if conflict, true if ok + */ + public function canBeActivated() + { + return true; + } + + /** + * Returns next assigned value + * + * @param Societe $objsoc Object thirdparty + * @param Object $object Object we need next value for + * @return string Valeur + */ + public function getNextValue($objsoc, $object) + { + global $langs; + return $langs->trans("NotAvailable"); + } + + /** + * Returns version of numbering module + * + * @return string Valeur + */ + public function getVersion() + { + global $langs; + $langs->load("admin"); + + if ($this->version == 'development') return $langs->trans("VersionDevelopment"); + if ($this->version == 'experimental') return $langs->trans("VersionExperimental"); + if ($this->version == 'dolibarr') return DOL_VERSION; + if ($this->version) return $this->version; + return $langs->trans("NotAvailable"); + } +} diff --git a/htdocs/core/modules/stock/doc/index.html b/htdocs/core/modules/stock/doc/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/core/modules/stock/doc/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index 3940f0c38e5..9f77eaca415 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -81,7 +81,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element] if ($perms && isset($extrafields->attributes[$object->table_element]['perms'][$tmpkeyextra])) { $perms = dol_eval($extrafields->attributes[$object->table_element]['perms'][$tmpkeyextra], 1); } - //print $tmpkeyextra.'-'.$enabled.'-'.$perms.'-'.$tmplabelextra.$_POST["options_" . $tmpkeyextra].'
'."\n"; + //print $tmpkeyextra.'-'.$enabled.'-'.$perms.'
'."\n"; if (empty($enabled)) { continue; // 0 = Never visible field diff --git a/htdocs/don/payment/payment.php b/htdocs/don/payment/payment.php index ca33d6ffc23..d571940cc9b 100644 --- a/htdocs/don/payment/payment.php +++ b/htdocs/don/payment/payment.php @@ -29,9 +29,10 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; $langs->load("bills"); -$chid = GETPOST("rowid"); +$chid = GETPOST("rowid", 'int'); $action = GETPOST('action', 'aZ09'); $amounts = array(); +$cancel = GETPOST('cancel'); // Security check $socid = 0; @@ -49,15 +50,15 @@ $object = new Don($db); if ($action == 'add_payment') { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/don/card.php?rowid='.$chid; header("Location: ".$loc); exit; } - $datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); + $datepaid = dol_mktime(12, 0, 0, GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear")); - if (!$_POST["paymenttype"] > 0) { + if (!(GETPOST("paymenttype") > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors'); $error++; } @@ -65,7 +66,7 @@ if ($action == 'add_payment') { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Date")), null, 'errors'); $error++; } - if (!empty($conf->banque->enabled) && !$_POST["accountid"] > 0) { + if (!empty($conf->banque->enabled) && !(GETPOST("accountid", 'int') > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("AccountToCredit")), null, 'errors'); $error++; } @@ -183,8 +184,8 @@ if ($action == 'create') { print ''; print '"; print ''; diff --git a/htdocs/eventorganization/conferenceorbooth_card.php b/htdocs/eventorganization/conferenceorbooth_card.php index 495d0334a10..29bbd0f19bd 100644 --- a/htdocs/eventorganization/conferenceorbooth_card.php +++ b/htdocs/eventorganization/conferenceorbooth_card.php @@ -202,9 +202,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
'.$langs->trans("Date").''; - $datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); - $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (empty($_POST["remonth"]) ?-1 : $datepaid) : 0; + $datepaid = dol_mktime(12, 0, 0, GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear")); + $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (GETPOST("remonth") ? $datepaid : -1) : 0; print $form->selectDate($datepayment, '', 0, 0, 0, "add_payment", 1, 1, 0, '', '', $object->date, '', 1, $langs->trans("DonationDate")); print "
'."\n"; // Common attributes diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index 7e10b5b5f1f..c543ef40880 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -281,8 +281,8 @@ if (empty($reshook)) { $totalqty += $subtotalqty; } else { - // No detail were provided for lots - if (!empty($_POST[$qty])) { + // No detail were provided for lots, so if a qty was provided, we can show an error. + if (GETPOST($qty)) { // We try to set an amount // Case we dont use the list of available qty for each warehouse/lot // GUI does not allow this yet diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index 020c34dc0c6..1c3e8594c41 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -2257,7 +2257,7 @@ if ($action == 'create') { // VAT print ''; // Unit price diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php index 926559769b4..d50f6336669 100644 --- a/htdocs/expensereport/payment/payment.php +++ b/htdocs/expensereport/payment/payment.php @@ -36,6 +36,7 @@ $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); $amounts = array(); $accountid = GETPOST('accountid', 'int'); +$cancel = GETPOST('cancel'); // Security check $socid = 0; @@ -51,7 +52,7 @@ if ($user->socid > 0) { if ($action == 'add_payment') { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/expensereport/card.php?id='.$id; header("Location: ".$loc); exit; @@ -64,9 +65,9 @@ if ($action == 'add_payment') { setEventMessages($expensereport->error, $expensereport->errors, 'errors'); } - $datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); + $datepaid = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST("reday", 'int'), GETPOST("reyear", 'int')); - if (!($_POST["fk_typepayment"] > 0)) { + if (!(GETPOST("fk_typepayment", 'int') > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors'); $error++; } diff --git a/htdocs/externalsite/admin/index.html b/htdocs/externalsite/admin/index.html deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/htdocs/externalsite/admin/externalsite.php b/htdocs/externalsite/admin/index.php similarity index 90% rename from htdocs/externalsite/admin/externalsite.php rename to htdocs/externalsite/admin/index.php index 47f0a3d57be..1710a570c45 100644 --- a/htdocs/externalsite/admin/externalsite.php +++ b/htdocs/externalsite/admin/index.php @@ -21,9 +21,9 @@ */ /** - * \file htdocs/externalsite/admin/externalsite.php + * \file htdocs/externalsite/admin/index.php * \ingroup externalsite - * \brief Page de configuration du module externalsite + * \brief Page to setup module external site */ if (!defined('NOSCANPOSTFORINJECTION')) { @@ -41,18 +41,24 @@ if (!$user->admin) { // Load translation files required by the page $langs->loadLangs(array('admin', 'other', 'externalsite')); -$def = array(); - $action = GETPOST('action', 'aZ09'); + +/* + * Actions + */ + // Sauvegardes parametres if ($action == 'update') { $i = 0; $db->begin(); - $label = GETPOST('EXTERNALSITE_LABEL', 'alpha'); - $exturl = GETPOST('EXTERNALSITE_URL', 'restricthtml'); + $label = GETPOST('EXTERNALSITE_LABEL', 'alphanohtml'); + + $exturl = GETPOST('EXTERNALSITE_URL', 'none'); + $exturl = dol_string_onlythesehtmltags($exturl, 1, 1, 0, 1); + $exturl = dol_string_onlythesehtmlattributes($exturl); $i += dolibarr_set_const($db, 'EXTERNALSITE_LABEL', trim($label), 'chaine', 0, '', $conf->entity); $i += dolibarr_set_const($db, 'EXTERNALSITE_URL', trim($exturl), 'chaine', 0, '', $conf->entity); @@ -77,7 +83,7 @@ $linkback = ''; -print $langs->trans("Module100Desc")."
\n"; +print ''.$langs->trans("Module100Desc")."
\n"; print '
'; print '
'; diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index ebc884eb033..88c5a1cefc0 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -875,9 +875,9 @@ if ($action == 'create') { print ''; print ''; $defaultpassive = GETPOST("FTP_PASSIVE_".($lastftpentry + 1)); - if (!isset($_POST["FTP_PASSIVE_".($lastftpentry + 1)])) { + if (!GETPOSTISSET("FTP_PASSIVE_".($lastftpentry + 1))) { $defaultpassive = empty($conf->global->FTP_SUGGEST_PASSIVE_BYDEFAULT) ? 0 : 1; } print ''; diff --git a/htdocs/hrm/establishment/card.php b/htdocs/hrm/establishment/card.php index a46ebfa28f3..96874db6504 100644 --- a/htdocs/hrm/establishment/card.php +++ b/htdocs/hrm/establishment/card.php @@ -80,9 +80,9 @@ if ($action == 'confirm_delete' && $confirm == "yes") { if (empty($error)) { $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); - $object->country_id = $_POST["country_id"]; + $object->zip = GETPOST('zipcode', 'alpha'); + $object->town = GETPOST('town', 'alpha'); + $object->country_id = GETPOST("country_id", 'int'); $object->status = GETPOST('status', 'int'); $object->fk_user_author = $user->id; $object->datec = dol_now(); diff --git a/htdocs/install/mysql/data/llx_c_forme_juridique.sql b/htdocs/install/mysql/data/llx_c_forme_juridique.sql index 7b02ee60ffa..b3182846723 100644 --- a/htdocs/install/mysql/data/llx_c_forme_juridique.sql +++ b/htdocs/install/mysql/data/llx_c_forme_juridique.sql @@ -8,8 +8,13 @@ -- Copyright (C) 2010-2016 Juanjo Menent -- Copyright (C) 2012 Sebastian Neuwert -- Copyright (C) 2012 Tommaso Basilici --- Copyright (C) 2012 Ricardo Schluter --- Copyright (C) 2013 Cedric GROSS +-- Copyright (C) 2012 Ricardo Schluter +-- Copyright (C) 2013 Cedric GROSS +-- Copyright (C) 2020-2021 Udo Tamm +-- + + +-- LICENSE --------------------------------------------------------------- -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by @@ -25,14 +30,24 @@ -- along with this program. If not, see . -- +-- WARNING ---------------------------------------------------------------- -- +-- EN: +-- Do not put a comment at the end of the line, this file is parsed during +-- install and all '--' symbols are removed. +-- +-- FR: -- Ne pas placer de commentaire en fin de ligne, ce fichier est parsé lors -- de l'install et tous les sigles '--' sont supprimés. -- +-- CONTENT ---------------------------------------------------------------- -- --- Formes juridiques +-- Legal Formes (en) / Formes juridiques (fr) -- +-- fk_pays = country_id +-- + delete from llx_c_forme_juridique; @@ -54,6 +69,7 @@ INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (23, ' INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (23, '2312', 'Sociedad Anónima con Participación Estatal Mayoritaria', 1); INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (23, '2313', 'Sociedad en Comandita por Acciones (arts. 315 a 324, LSC)', 1); + -- Austria INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '4100', 'GmbH - Gesellschaft mit beschränkter Haftung', 1); INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '4101', 'GesmbH - Gesellschaft mit beschränkter Haftung', 1); @@ -71,6 +87,31 @@ INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, ' INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '4113', 'GesnbR - Gesellschaft nach bürgerlichem Recht', 1); INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '4114', 'e.U. - eingetragener Einzelunternehmer', 1); + +-- Belgium +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '200', 'Indépendant'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '201', 'SRL - Société à responsabilité limitée'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '202', 'SA - Société Anonyme'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '203', 'SCRL - Société coopérative à responsabilité limitée'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '204', 'ASBL - Association sans but Lucratif'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '205', 'SCRI - Société coopérative à responsabilité illimitée'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '206', 'SCS - Société en commandite simple'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '207', 'SCA - Société en commandite par action'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '208', 'SNC - Société en nom collectif'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '209', 'GIE - Groupement d intérêt économique'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '210', 'GEIE - Groupement européen d intérêt économique'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '220', 'Eenmanszaak'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '221', 'BVBA - Besloten vennootschap met beperkte aansprakelijkheid'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '222', 'NV - Naamloze Vennootschap'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '223', 'CVBA - Coöperatieve vennootschap met beperkte aansprakelijkheid'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '224', 'VZW - Vereniging zonder winstoogmerk'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '225', 'CVOA - Coöperatieve vennootschap met onbeperkte aansprakelijkheid '); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '226', 'GCV - Gewone commanditaire vennootschap'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '227', 'Comm.VA - Commanditaire vennootschap op aandelen'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '228', 'VOF - Vennootschap onder firma'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '229', 'VS0 - Vennootschap met sociaal oogmerk'); + + -- France: Extrait de http://www.insee.fr/fr/nom_def_met/nomenclatures/cj/cjniveau2.htm insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'11','Artisan Commerçant (EI)'); insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'12','Commerçant (EI)'); @@ -127,28 +168,6 @@ insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'92','Assoc insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'93','Fondation'); insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'99','Personne morale de droit privé'); --- Belgium -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '200', 'Indépendant'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '201', 'SRL - Société à responsabilité limitée'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '202', 'SA - Société Anonyme'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '203', 'SCRL - Société coopérative à responsabilité limitée'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '204', 'ASBL - Association sans but Lucratif'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '205', 'SCRI - Société coopérative à responsabilité illimitée'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '206', 'SCS - Société en commandite simple'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '207', 'SCA - Société en commandite par action'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '208', 'SNC - Société en nom collectif'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '209', 'GIE - Groupement d intérêt économique'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '210', 'GEIE - Groupement européen d intérêt économique'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '220', 'Eenmanszaak'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '221', 'BVBA - Besloten vennootschap met beperkte aansprakelijkheid'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '222', 'NV - Naamloze Vennootschap'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '223', 'CVBA - Coöperatieve vennootschap met beperkte aansprakelijkheid'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '224', 'VZW - Vereniging zonder winstoogmerk'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '225', 'CVOA - Coöperatieve vennootschap met onbeperkte aansprakelijkheid '); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '226', 'GCV - Gewone commanditaire vennootschap'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '227', 'Comm.VA - Commanditaire vennootschap op aandelen'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '228', 'VOF - Vennootschap onder firma'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '229', 'VS0 - Vennootschap met sociaal oogmerk'); -- Germany insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '500', 'GmbH - Gesellschaft mit beschränkter Haftung'); @@ -160,6 +179,8 @@ insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '505', 'Gb insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '506', 'KG - Kommanditgesellschaft'); insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '507', 'Ltd. - Limited Company'); insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '508', 'OHG - Offene Handelsgesellschaft'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '509', 'eG - eingetragene Genossenschaft'); + -- Denmark INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle) VALUES (80, '8001', 'Aktieselvskab A/S'); diff --git a/htdocs/install/pgsql/functions/functions.sql b/htdocs/install/pgsql/functions/functions.sql index cd98cdfef2e..17339c1f605 100644 --- a/htdocs/install/pgsql/functions/functions.sql +++ b/htdocs/install/pgsql/functions/functions.sql @@ -52,6 +52,7 @@ CREATE OR REPLACE FUNCTION DAY(TIMESTAMP WITH TIME ZONE) RETURNS INTEGER AS $$ S CREATE OR REPLACE FUNCTION DAY(DATE) RETURNS INTEGER AS $$ SELECT EXTRACT(DAY FROM $1)::INTEGER; $$ LANGUAGE SQL IMMUTABLE; CREATE OR REPLACE FUNCTION dol_util_rebuild_sequences() RETURNS integer as $body$ DECLARE sequencedefs RECORD; c integer ; BEGIN FOR sequencedefs IN SELECT DISTINCT constraint_column_usage.table_name as tablename, constraint_column_usage.table_name as tablename, constraint_column_usage.column_name as columnname, replace(replace(columns.column_default,'''::regclass)',''),'nextval(''','') as sequencename from information_schema.constraint_column_usage, information_schema.columns, information_schema.sequences where constraint_column_usage.table_schema ='public' AND columns.table_schema = 'public' AND columns.table_name=constraint_column_usage.table_name AND constraint_column_usage.column_name IN ('rowid','id') AND constraint_column_usage.column_name = columns.column_name AND columns.column_default is not null AND replace(replace(columns.column_default,'''::regclass)',''),'nextval(''','')=sequence_name LOOP EXECUTE 'select max('||sequencedefs.columnname||') from ' || sequencedefs.tablename INTO c; IF c is null THEN c = 0; END IF; IF c is not null THEN c = c+ 1; END IF; EXECUTE 'alter sequence ' || sequencedefs.sequencename ||' restart with ' || c; END LOOP; RETURN 1; END; $body$ LANGUAGE plpgsql; +-- You can call the function with SELECT dol_util_rebuild_sequences(); CREATE OR REPLACE FUNCTION dol_util_triggerall(DoEnable boolean) RETURNS integer AS $BODY$ DECLARE mytables RECORD; BEGIN FOR mytables IN SELECT relname FROM pg_class WHERE relhastriggers IS TRUE AND relkind = 'r' AND NOT relname LIKE 'pg_%' LOOP IF DoEnable THEN EXECUTE 'ALTER TABLE ' || mytables.relname || ' ENABLE TRIGGER ALL'; ELSE EXECUTE 'ALTER TABLE ' || mytables.relname || ' DISABLE TRIGGER ALL'; END IF; END LOOP; RETURN 1; END; $BODY$ LANGUAGE plpgsql; diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index ccb787680b3..1d695f40249 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -94,6 +94,8 @@ print 'Option repair_link_dispatch_lines_supplier_order_lines, (\'test\' or \'co print 'Option set_empty_time_spent_amount (\'test\' or \'confirmed\') is '.(GETPOST('set_empty_time_spent_amount', 'alpha') ?GETPOST('set_empty_time_spent_amount', 'alpha') : 'undefined').'
'."\n"; // Structure print 'Option force_utf8_on_tables, for mysql/mariadb only (\'test\' or \'confirmed\') is '.(GETPOST('force_utf8_on_tables', 'alpha') ?GETPOST('force_utf8_on_tables', 'alpha') : 'undefined').'
'."\n"; +// Rebuild sequence +print 'Option rebuild_sequences, for postgresql only (\'test\' or \'confirmed\') is '.(GETPOST('rebuild_sequences', 'alpha') ?GETPOST('rebuild_sequences', 'alpha') : 'undefined').'
'."\n"; print '
'; print '
'; - print $form->load_tva('vatrate', (isset($_POST["vatrate"]) ? $_POST["vatrate"] : $line->vatrate), $mysoc, '', 0, 0, '', false, 1); + print $form->load_tva('vatrate', (GETPOSTISSET("vatrate") ? GETPOST("vatrate") : $line->vatrate), $mysoc, '', 0, 0, '', false, 1); print '
'.$langs->trans("Project").''; /* Fix: If a project must be linked to any companies (suppliers or not), project must be not be set as limited to customer but must be not linked to any particular thirdparty if ($societe->fournisseur==1) - $numprojet=select_projects(-1,$_POST["projectid"],'projectid'); + $numprojet=select_projects(-1, GETPOST("projectid", 'int'), 'projectid'); else - $numprojet=select_projects($societe->id,$_POST["projectid"],'projectid'); + $numprojet=select_projects($societe->id, GETPOST("projectid", 'int'), 'projectid'); */ $numprojet = $formproject->select_projects($soc->id, $projectid, 'projectid'); if ($numprojet == 0) { diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index fe854c72d48..6def24cf64b 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1883,7 +1883,7 @@ if ($action == 'create') { // Confirmation de l'envoi de la commande if ($action == 'commande') { $date_com = dol_mktime(GETPOST('rehour'), GETPOST('remin'), GETPOST('resec'), GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear")); - $formconfirm = $form->formconfirm($_SERVER['PHP_SELF']."?id=".$object->id."&datecommande=".$date_com."&methode=".$_POST["methodecommande"]."&comment=".urlencode($_POST["comment"]), $langs->trans("MakeOrder"), $langs->trans("ConfirmMakeOrder", dol_print_date($date_com, 'day')), "confirm_commande", '', 0, 2); + $formconfirm = $form->formconfirm($_SERVER['PHP_SELF']."?id=".$object->id."&datecommande=".$date_com."&methode=".GETPOST("methodecommande")."&comment=".urlencode(GETPOST("comment")), $langs->trans("MakeOrder"), $langs->trans("ConfirmMakeOrder", dol_print_date($date_com, 'day')), "confirm_commande", '', 0, 2); } // Confirmation to delete line diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php index 0d48c7d30dd..0402fa7a99b 100644 --- a/htdocs/fourn/commande/dispatch.php +++ b/htdocs/fourn/commande/dispatch.php @@ -1046,7 +1046,7 @@ if ($id > 0 || !empty($ref)) { if (empty($conf->reception->enabled)) { print $langs->trans("Comment").' : '; print 'trans("DispatchSupplierOrder", $object->ref); + print GETPOSTISSET("comment") ? GETPOST("comment") : $langs->trans("DispatchSupplierOrder", $object->ref); // print ' / '.$object->ref_supplier; // Not yet available print '" class="flat">
'; diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index d22006a52d0..0312c851de3 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -417,13 +417,11 @@ if (empty($reshook)) { dol_print_error($db, $object->error); } } elseif ($action == "setabsolutediscount" && $usercancreate) { - // POST[remise_id] or POST[remise_id_for_payment] - // We use the credit to reduce amount of invoice - if (!empty($_POST["remise_id"])) { + if (GETPOST("remise_id", "int")) { $ret = $object->fetch($id); if ($ret > 0) { - $result = $object->insert_discount($_POST["remise_id"]); + $result = $object->insert_discount(GETPOST("remise_id", "int")); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } @@ -432,10 +430,10 @@ if (empty($reshook)) { } } // We use the credit to reduce remain to pay - if (!empty($_POST["remise_id_for_payment"])) { + if (GETPOST("remise_id_for_payment", "int")) { require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php'; $discount = new DiscountAbsolute($db); - $discount->fetch($_POST["remise_id_for_payment"]); + $discount->fetch(GETPOST("remise_id_for_payment", "int")); //var_dump($object->getRemainToPay(0)); //var_dump($discount->amount_ttc);exit; @@ -1082,14 +1080,14 @@ if (empty($reshook)) { $prod = new Product($db); $prod->fetch(GETPOST('productid')); $label = $prod->description; - if (trim($_POST['product_desc']) != trim($label)) { - $label = $_POST['product_desc']; + if (trim(GETPOST('product_desc', 'restricthtml')) != trim($label)) { + $label = GETPOST('product_desc', 'restricthtml'); } $type = $prod->type; } else { - $label = $_POST['product_desc']; - $type = $_POST["type"] ? $_POST["type"] : 0; + $label = GETPOST('product_desc', 'restricthtml'); + $type = GETPOST("type") ? GETPOST("type") : 0; } $date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear')); diff --git a/htdocs/ftp/admin/ftpclient.php b/htdocs/ftp/admin/ftpclient.php index ab673e45447..5094f178cea 100644 --- a/htdocs/ftp/admin/ftpclient.php +++ b/htdocs/ftp/admin/ftpclient.php @@ -58,8 +58,8 @@ if ($result) { } if ($action == 'add' || GETPOST('modify', 'alpha')) { - $ftp_name = "FTP_NAME_".$entry; // $_POST["numero_entry"]; - $ftp_server = "FTP_SERVER_".$entry; //$_POST["numero_entry"]; + $ftp_name = "FTP_NAME_".$entry; + $ftp_server = "FTP_SERVER_".$entry; $error = 0; @@ -203,7 +203,7 @@ if (!function_exists('ftp_connect')) { print '
'.$langs->trans("FTPPassiveMode").''.$form->selectyesno('FTP_PASSIVE_'.($lastftpentry + 1), $defaultpassive, 2).'
'; @@ -172,7 +174,8 @@ $oneoptionset = 0; $oneoptionset = (GETPOST('standard', 'alpha') || GETPOST('restore_thirdparties_logos', 'alpha') || GETPOST('clean_linked_elements', 'alpha') || GETPOST('clean_menus', 'alpha') || GETPOST('clean_orphelin_dir', 'alpha') || GETPOST('clean_product_stock_batch', 'alpha') || GETPOST('set_empty_time_spent_amount', 'alpha') || GETPOST('rebuild_product_thumbs', 'alpha') || GETPOST('clean_perm_table', 'alpha') - || GETPOST('force_disable_of_modules_not_found', 'alpha') || GETPOST('force_utf8_on_tables', 'alpha')); + || GETPOST('force_disable_of_modules_not_found', 'alpha') || GETPOST('force_utf8_on_tables', 'alpha') + || GETPOST('rebuild_sequences', 'alpha')); if ($ok && $oneoptionset) { // Show wait message @@ -1253,6 +1256,25 @@ if ($ok && GETPOST('force_utf8_on_tables', 'alpha')) { } } + +// rebuild sequences for pgsql +if ($ok && GETPOST('rebuild_sequences', 'alpha')) { + print ''; + + if ($db->type == "pgsql") { + $rebuild_sequence = GETPOST('rebuild_sequences', 'alpha'); + + if ($rebuild_sequence == 'confirmed') { + $sql = "SELECT dol_util_rebuild_sequences();"; + print ''; + $resql = $db->query($sql); + } + } else { + print ''; + } +} + + // if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) { /* diff --git a/htdocs/install/step1.php b/htdocs/install/step1.php index e841a352b40..86e970f8194 100644 --- a/htdocs/install/step1.php +++ b/htdocs/install/step1.php @@ -231,7 +231,6 @@ if (!$error) { $databasefortest = 'master'; } } - //print $_POST["db_type"].",".$_POST["db_host"].",$userroot,$passroot,$databasefortest,".$_POST["db_port"]; $db = getDoliDBInstance($db_type, $db_host, $userroot, $passroot, $databasefortest, $db_port); diff --git a/htdocs/langs/en_US/banks.lang b/htdocs/langs/en_US/banks.lang index f0f5dfd0a8e..8e2d828c12a 100644 --- a/htdocs/langs/en_US/banks.lang +++ b/htdocs/langs/en_US/banks.lang @@ -174,7 +174,7 @@ YourSEPAMandate=Your SEPA mandate FindYourSEPAMandate=This is your SEPA mandate to authorize our company to make direct debit order to your bank. Return it signed (scan of the signed document) or send it by mail to AutoReportLastAccountStatement=Automatically fill the field 'number of bank statement' with last statement number when making reconciliation CashControl=POS cash desk control -NewCashFence=New cash desk closing +NewCashFence=New cash desk opening or closing BankColorizeMovement=Colorize movements BankColorizeMovementDesc=If this function is enable, you can choose specific background color for debit or credit movements BankColorizeMovementName1=Background color for debit movement diff --git a/htdocs/langs/en_US/margins.lang b/htdocs/langs/en_US/margins.lang index 76ea8ad5c4d..ad5406409b4 100644 --- a/htdocs/langs/en_US/margins.lang +++ b/htdocs/langs/en_US/margins.lang @@ -22,7 +22,7 @@ ProductService=Product or Service AllProducts=All products and services ChooseProduct/Service=Choose product or service ForceBuyingPriceIfNull=Force buying/cost price to selling price if not defined -ForceBuyingPriceIfNullDetails=If buying/cost price not defined, and this option "ON", margin will be zero on line (buying/cost price = selling price), otherwise ("OFF"), marge will be equal to suggested default. +ForceBuyingPriceIfNullDetails=If buying/cost price not provided when we add a new line, and this option is "ON", the margin will be 0 on the new line (buying/cost price = selling price). If this option is "OFF" (recommended), margin will be equal to the value suggested by default (and may be 100% if no default value can be found). MARGIN_METHODE_FOR_DISCOUNT=Margin method for global discounts UseDiscountAsProduct=As a product UseDiscountAsService=As a service diff --git a/htdocs/langs/en_US/productbatch.lang b/htdocs/langs/en_US/productbatch.lang index 36adfd571fb..9e299baf8f3 100644 --- a/htdocs/langs/en_US/productbatch.lang +++ b/htdocs/langs/en_US/productbatch.lang @@ -26,3 +26,5 @@ ShowLogOfMovementIfLot=Show log of movements for couple product/lot StockDetailPerBatch=Stock detail per lot SerialNumberAlreadyInUse=Serial number %s is already used for product %s TooManyQtyForSerialNumber=You can only have one product %s for serial number %S +BatchLotNumberingModules=Options for automatic generation of batch products managed by lots +BatchSerialNumberingModules=Options for automatic generation of batch products managed by serial numbers \ No newline at end of file diff --git a/htdocs/langs/en_US/users.lang b/htdocs/langs/en_US/users.lang index d4326fc08c9..727773a9606 100644 --- a/htdocs/langs/en_US/users.lang +++ b/htdocs/langs/en_US/users.lang @@ -72,7 +72,7 @@ ExportDataset_user_1=Users and their properties DomainUser=Domain user %s Reactivate=Reactivate CreateInternalUserDesc=This form allows you to create an internal user in your company/organization. To create an external user (customer, vendor etc. ..), use the button 'Create Dolibarr User' from that third-party's contact card. -InternalExternalDesc=An internal user is a user that is part of your company/organization.
An external user is a customer, vendor or other that must view only data related to himself (Creating an external user for a third-party can be done from the contact record of the third-party).

In both cases, permissions defines rights on Dolibarr, also external user can have a different menu manager than internal user (See Home - Setup - Display) +InternalExternalDesc=An internal user is a user that is part of your company/organization, or is a partner user outside of your organization that may need to see more data than data related to his company (the permission system will define what he can or can't see or do).
An external user is a customer, vendor or other that must view ONLY data related to himself (Creating an external user for a third-party can be done from the contact record of the third-party).

In both cases, you must grant permissions on the features that the user need. PermissionInheritedFromAGroup=Permission granted because inherited from one of a user's group. Inherited=Inherited UserWillBe=Created user will be diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang index 639428eac1d..ef48fc0a82d 100644 --- a/htdocs/langs/fr_FR/admin.lang +++ b/htdocs/langs/fr_FR/admin.lang @@ -1786,6 +1786,7 @@ ApiSetup=Configuration du module API REST ApiDesc=En activant ce module, Dolibarr devient aussi serveur de services API de type REST ApiProductionMode=Activer le mode « production » (ceci activera l'utilisation du cache pour la gestion des services) ApiExporerIs=Vous pouvez explorer et tester les API par l'URL +SwaggerDescriptionFile=Swagger JSON description file of APIs OnlyActiveElementsAreExposed=Seuls les éléments en rapport avec un module actif sont présentés. ApiKey=Clé pour l'API WarningAPIExplorerDisabled=L'explorateur d'API est désactivé. L'explorateur d'API n'est pas nécessaire pour le fonctionnement des API. il s'agit d'un outil pour les développeurs pour en tester les services. Si cet outil vous est nécessaire, activez le module API REST dans la liste des modules. diff --git a/htdocs/langs/fr_FR/productbatch.lang b/htdocs/langs/fr_FR/productbatch.lang index 94ceb434bfd..eed5a063318 100644 --- a/htdocs/langs/fr_FR/productbatch.lang +++ b/htdocs/langs/fr_FR/productbatch.lang @@ -26,3 +26,5 @@ ShowLogOfMovementIfLot=Afficher l'historique des mouvements de couple produit / StockDetailPerBatch=Stock détaillé par lot SerialNumberAlreadyInUse=Le numéro de série %s est déjà utilisé pour le produit %s TooManyQtyForSerialNumber=Vous ne pouvez avoir qu'un produit %s avec le numéro de série %s +BatchLotNumberingModules=Modèle de génération et contrôle des numéros de lot +BatchSerialNumberingModules=Modèle de génération et contrôle des numéros de série \ No newline at end of file diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 86f8cd0b63a..07551aaf9ea 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -2088,8 +2088,7 @@ function top_menu_user($hideloginname = 0, $urllogout = '') $btnUser = '

*** Force to rebuild sequences (for postgresql only)
Not available with database type '.$db->type.'
'; +print ''; +print ''; +print ''; +print ''; +print ''; +print ''; +print ''."\n"; + +clearstatcache(); + +foreach ($dirmodels as $reldir) { + $dir = dol_buildpath($reldir."core/modules/product_batch/"); + + if (is_dir($dir)) { + $handle = opendir($dir); + if (is_resource($handle)) { + while (($file = readdir($handle)) !== false) { + if (substr($file, 0, 8) == 'mod_lot_' && substr($file, dol_strlen($file) - 3, 3) == 'php') { + $file = substr($file, 0, dol_strlen($file) - 4); + + require_once $dir.$file.'.php'; + + $module = new $file($db); + + // Show modules according to features level + if ($module->version == 'development' && $conf->global->MAIN_FEATURES_LEVEL < 2) continue; + if ($module->version == 'experimental' && $conf->global->MAIN_FEATURES_LEVEL < 1) continue; + + if ($module->isEnabled()) { + print ''; + + // Show example of numbering model + print ''."\n"; + + print ''; + + $batch = new Productlot($db); + $batch->initAsSpecimen(); + + // Info + $htmltooltip = ''; + $htmltooltip .= ''.$langs->trans("Version").': '.$module->getVersion().'
'; + $nextval = $module->getNextValue($mysoc, $batch); + if ("$nextval" != $langs->trans("NotAvailable")) { // Keep " on nextval + $htmltooltip .= ''.$langs->trans("NextValue").': '; + if ($nextval) { + if (preg_match('/^Error/', $nextval) || $nextval == 'NotConfigured') + $nextval = $langs->trans($nextval); + $htmltooltip .= $nextval.'
'; + } else { + $htmltooltip .= $langs->trans($module->error).'
'; + } + } + + print ''; + + print "\n"; + } + } + } + closedir($handle); + } + } +} + +print "
'.$langs->trans("Name").''.$langs->trans("Description").''.$langs->trans("Example").''.$langs->trans("Status").''.$langs->trans("ShortInfo").'
'.$module->name."\n"; + print $module->info(); + print ''; + $tmp = $module->getExample(); + if (preg_match('/^Error/', $tmp)) print '
'.$langs->trans($tmp).'
'; + elseif ($tmp == 'NotConfigured') print $langs->trans($tmp); + else print $tmp; + print '		'; + if ($conf->global->PRODUCTBATCH_LOT_ADDON == $file) { + print img_picto($langs->trans("Activated"), 'switch_on'); + } else { + print ''; + print img_picto($langs->trans("Disabled"), 'switch_off'); + print ''; + } + print ''; + print $form->textwithpicto('', $htmltooltip, 1, 0); + print '

\n"; + + +/* + * Serials Numbering models + */ + +print load_fiche_titre($langs->trans("BatchSerialNumberingModules"), '', ''); + +print ''; +print ''; +print ''; +print ''; +print ''; +print ''; +print ''; +print ''."\n"; + +clearstatcache(); + +foreach ($dirmodels as $reldir) { + $dir = dol_buildpath($reldir."core/modules/product_batch/"); + + if (is_dir($dir)) { + $handle = opendir($dir); + if (is_resource($handle)) { + while (($file = readdir($handle)) !== false) { + if (substr($file, 0, 7) == 'mod_sn_' && substr($file, dol_strlen($file) - 3, 3) == 'php') { + $file = substr($file, 0, dol_strlen($file) - 4); + + require_once $dir.$file.'.php'; + + $module = new $file($db); + + // Show modules according to features level + if ($module->version == 'development' && $conf->global->MAIN_FEATURES_LEVEL < 2) continue; + if ($module->version == 'experimental' && $conf->global->MAIN_FEATURES_LEVEL < 1) continue; + + if ($module->isEnabled()) { + print ''; + + // Show example of numbering model + print ''."\n"; + + print ''; + + $batch = new Productlot($db); + $batch->initAsSpecimen(); + + // Info + $htmltooltip = ''; + $htmltooltip .= ''.$langs->trans("Version").': '.$module->getVersion().'
'; + $nextval = $module->getNextValue($mysoc, $batch); + if ("$nextval" != $langs->trans("NotAvailable")) { // Keep " on nextval + $htmltooltip .= ''.$langs->trans("NextValue").': '; + if ($nextval) { + if (preg_match('/^Error/', $nextval) || $nextval == 'NotConfigured') + $nextval = $langs->trans($nextval); + $htmltooltip .= $nextval.'
'; + } else { + $htmltooltip .= $langs->trans($module->error).'
'; + } + } + + print ''; + + print "\n"; + } + } + } + closedir($handle); + } + } +} + +print "
'.$langs->trans("Name").''.$langs->trans("Description").''.$langs->trans("Example").''.$langs->trans("Status").''.$langs->trans("ShortInfo").'
'.$module->name."\n"; + print $module->info(); + print ''; + $tmp = $module->getExample(); + if (preg_match('/^Error/', $tmp)) print '
'.$langs->trans($tmp).'
'; + elseif ($tmp == 'NotConfigured') print $langs->trans($tmp); + else print $tmp; + print '		'; + if ($conf->global->PRODUCTBATCH_SN_ADDON == $file) { + print img_picto($langs->trans("Activated"), 'switch_on'); + } else { + print ''; + print img_picto($langs->trans("Disabled"), 'switch_off'); + print ''; + } + print ''; + print $form->textwithpicto('', $htmltooltip, 1, 0); + print '

\n"; + +// End of page +llxFooter(); +$db->close(); diff --git a/htdocs/product/admin/product_lot_extrafields.php b/htdocs/product/admin/product_lot_extrafields.php index fc14b4c142c..38af3a41f8d 100644 --- a/htdocs/product/admin/product_lot_extrafields.php +++ b/htdocs/product/admin/product_lot_extrafields.php @@ -77,7 +77,7 @@ print load_fiche_titre($title, $linkback, 'title_setup'); $head = product_lot_admin_prepare_head(); -print dol_get_fiche_head($head, 'attributes', $textobject, -1, 'stock'); +print dol_get_fiche_head($head, 'attributes', $textobject, -1, 'lot'); require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_view.tpl.php'; diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 58a177dddc4..2c0531acaea 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -405,8 +405,8 @@ if (empty($reshook)) { if (!empty($conf->global->PRODUIT_MULTIPRICES)) { for ($i = 2; $i <= $conf->global->PRODUIT_MULTIPRICES_LIMIT; $i++) { if (GETPOSTISSET("price_".$i)) { - $object->multiprices["$i"] = price2num($_POST["price_".$i], 'MU'); - $object->multiprices_base_type["$i"] = $_POST["multiprices_base_type_".$i]; + $object->multiprices["$i"] = price2num(GETPOST("price_".$i), 'MU'); + $object->multiprices_base_type["$i"] = GETPOST("multiprices_base_type_".$i); } else { $object->multiprices["$i"] = ""; } diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php index 9a1fa1adf69..6dd6a0ac89d 100644 --- a/htdocs/product/composition/card.php +++ b/htdocs/product/composition/card.php @@ -167,18 +167,18 @@ if ($action == 'search') { } $title = $langs->trans('ProductServiceCard'); -$helpurl = ''; +$help_url = ''; $shortlabel = dol_trunc($object->label, 16); if (GETPOST("type") == '0' || ($object->type == Product::TYPE_PRODUCT)) { $title = $langs->trans('Product')." ".$shortlabel." - ".$langs->trans('AssociatedProducts'); - $helpurl = 'EN:Module_Products|FR:Module_Produits|ES:Módulo_Productos'; + $help_url = 'EN:Module_Products|FR:Module_Produits|ES:Módulo_Productos'; } if (GETPOST("type") == '1' || ($object->type == Product::TYPE_SERVICE)) { $title = $langs->trans('Service')." ".$shortlabel." - ".$langs->trans('AssociatedProducts'); - $helpurl = 'EN:Module_Services_En|FR:Module_Services|ES:Módulo_Servicios'; + $help_url = 'EN:Module_Services_En|FR:Module_Services|ES:Módulo_Servicios'; } -llxHeader('', $title, $helpurl); +llxHeader('', $title, $help_url); $head = product_prepare_head($object); $titre = $langs->trans("CardProduct".$object->type); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 371713f0250..77659142744 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -217,7 +217,7 @@ if (empty($reshook)) { $langs->load("errors"); setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Supplier")), null, 'errors'); } - if (price2num($_POST["price"]) < 0 || $_POST["price"] == '') { + if (price2num(GETPOST("price")) < 0 || GETPOST("price") == '') { if ($price_expression === '') { // Return error of missing price only if price_expression not set $error++; $langs->load("errors"); diff --git a/htdocs/product/stock/movement_card.php b/htdocs/product/stock/movement_card.php index 31c71d9e2bd..3221c23aa8d 100644 --- a/htdocs/product/stock/movement_card.php +++ b/htdocs/product/stock/movement_card.php @@ -179,7 +179,7 @@ if ($action == "correct_stock") { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Product")), null, 'errors'); $action = 'correction'; } - if (!is_numeric($_POST["nbpiece"])) { + if (!is_numeric(GETPOST("nbpiece"))) { $error++; setEventMessages($langs->trans("ErrorFieldMustBeANumeric", $langs->transnoentitiesnoconv("NumberOfUnit")), null, 'errors'); $action = 'correction'; diff --git a/htdocs/product/stock/movement_list.php b/htdocs/product/stock/movement_list.php index aed4278bb0e..50982e0e084 100644 --- a/htdocs/product/stock/movement_list.php +++ b/htdocs/product/stock/movement_list.php @@ -247,7 +247,7 @@ if ($action == "correct_stock") { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Product")), null, 'errors'); $action = 'correction'; } - if (!is_numeric($_POST["nbpiece"])) { + if (!is_numeric(GETPOST("nbpiece"))) { $error++; setEventMessages($langs->trans("ErrorFieldMustBeANumeric", $langs->transnoentitiesnoconv("NumberOfUnit")), null, 'errors'); $action = 'correction'; diff --git a/htdocs/projet/activity/perday.php b/htdocs/projet/activity/perday.php index 1309ae4455e..5b30d77ca21 100644 --- a/htdocs/projet/activity/perday.php +++ b/htdocs/projet/activity/perday.php @@ -601,8 +601,10 @@ if (!empty($arrayfields['t.progress']['checked'])) { if ($usertoprocess->id == $user->id) print '		'.$langs->trans("TimeSpentByYou").''.$langs->trans("TimeSpentByUser").''.$langs->trans("TimeSpent").'
'; +print ''; print 'Photo'; print ''.$langs->trans("Everybody").''; +print ''; print '		'.$langs->trans("TimeSpent").($usertoprocess->firstname ? '
'.$usertoprocess->getNomUrl(-2).''.dol_trunc($usertoprocess->firstname, 10).'' : '').'		'.$langs->trans("HourStart").''; diff --git a/htdocs/projet/activity/permonth.php b/htdocs/projet/activity/permonth.php index d023dcc69d3..7f40ab1c9a1 100644 --- a/htdocs/projet/activity/permonth.php +++ b/htdocs/projet/activity/permonth.php @@ -491,9 +491,11 @@ print ''.$langs->trans("ProgressDeclared"). /*print ''.$langs->trans("TimeSpent").''.$langs->trans("TimeSpentByYou").''.$langs->trans("TimeSpentByUser").''.$langs->trans("TimeSpent").'
'; +print '		'.$langs->trans("TimeSpent").'
'; +print ''; print 'Photo'; print ''.$langs->trans("Everybody").''; +print ''; print '		'.$langs->trans("TimeSpent").($usertoprocess->firstname ? '
'.$usertoprocess->getNomUrl(-2).''.dol_trunc($usertoprocess->firstname, 10).'' : '').'		'.$langs->trans("TimeSpent").''.$langs->trans("TimeSpentByYou").''.$langs->trans("TimeSpentByUser").''.$langs->trans("TimeSpent").'
'; +print '		'.$langs->trans("TimeSpent").'
'; +print ''; print 'Photo'; print ''.$langs->trans("Everybody").''; +print ''; print '		'.$langs->trans("TimeSpent").($usertoprocess->firstname ? '
'.$usertoprocess->getNomUrl(-2).''.dol_trunc($usertoprocess->firstname, 10).'' : '').'
'.$langs->trans("Ref").''; print ' '.$form->textwithpicto('', $langs->trans("YouCanCompleteRef", $suggestedref)); print '
'; - //$newdate=dol_mktime(12,0,0,$_POST["timemonth"],$_POST["timeday"],$_POST["timeyear"]); $newdate = ''; print $form->selectDate($newdate, 'time', ($conf->browser->layout == 'phone' ? 2 : 1), 1, 2, "timespent_date", 1, 0); print '
'; @@ -198,21 +199,21 @@ if ($action == 'create') { print '';*/ print '"; print ''; print '\n"; print ''; print ''; print ''; print ''; // Number @@ -270,12 +271,13 @@ if ($action == 'create') { if ($sumpaid < $objp->amount) { $namef = "amount_".$objp->id; $nameRemain = "remain_".$objp->id; + /* Disabled, we autofil the amount with remain to pay by default if (!empty($conf->use_javascript_ajax)) { print img_picto("Auto fill", 'rightarrow', "class='AutoFillAmount' data-rowid='".$namef."' data-value='".($objp->amount - $sumpaid)."'"); - } + } */ $remaintopay = $objp->amount - $sumpaid; print ''; - print ''; + print ''; } else { print '-'; } diff --git a/htdocs/salaries/payment_salary/index.html b/htdocs/salaries/payment_salary/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/salaries/payment_salary/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/societe/canvas/actions_card_common.class.php b/htdocs/societe/canvas/actions_card_common.class.php index da7e68d4849..53748c1465a 100644 --- a/htdocs/societe/canvas/actions_card_common.class.php +++ b/htdocs/societe/canvas/actions_card_common.class.php @@ -387,40 +387,40 @@ abstract class ActionsCardCommon // phpcs:enable global $langs, $mysoc; - $this->object->id = $_POST["socid"]; - $this->object->name = $_POST["nom"]; - $this->object->prefix_comm = $_POST["prefix_comm"]; - $this->object->client = $_POST["client"]; - $this->object->code_client = $_POST["code_client"]; - $this->object->fournisseur = $_POST["fournisseur"]; - $this->object->code_fournisseur = $_POST["code_fournisseur"]; - $this->object->address = $_POST["adresse"]; - $this->object->zip = $_POST["zipcode"]; - $this->object->town = $_POST["town"]; - $this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id; - $this->object->state_id = $_POST["state_id"]; - $this->object->phone = $_POST["tel"]; - $this->object->fax = $_POST["fax"]; - $this->object->email = $_POST["email"]; - $this->object->url = $_POST["url"]; - $this->object->capital = $_POST["capital"]; - $this->object->idprof1 = $_POST["idprof1"]; - $this->object->idprof2 = $_POST["idprof2"]; - $this->object->idprof3 = $_POST["idprof3"]; - $this->object->idprof4 = $_POST["idprof4"]; - $this->object->typent_id = $_POST["typent_id"]; - $this->object->effectif_id = $_POST["effectif_id"]; - $this->object->barcode = $_POST["barcode"]; - $this->object->forme_juridique_code = $_POST["forme_juridique_code"]; - $this->object->default_lang = $_POST["default_lang"]; - $this->object->commercial_id = $_POST["commercial_id"]; + $this->object->id = GETPOST("socid"); + $this->object->name = GETPOST("nom"); + $this->object->prefix_comm = GETPOST("prefix_comm"); + $this->object->client = GETPOST("client"); + $this->object->code_client = GETPOST("code_client"); + $this->object->fournisseur = GETPOST("fournisseur"); + $this->object->code_fournisseur = GETPOST("code_fournisseur"); + $this->object->address = GETPOST("adresse"); + $this->object->zip = GETPOST("zipcode"); + $this->object->town = GETPOST("town"); + $this->object->country_id = GETPOST("country_id") ? GETPOST("country_id") : $mysoc->country_id; + $this->object->state_id = GETPOST("state_id"); + $this->object->phone = GETPOST("tel"); + $this->object->fax = GETPOST("fax"); + $this->object->email = GETPOST("email", 'alphawithlgt'); + $this->object->url = GETPOST("url"); + $this->object->capital = GETPOST("capital"); + $this->object->idprof1 = GETPOST("idprof1"); + $this->object->idprof2 = GETPOST("idprof2"); + $this->object->idprof3 = GETPOST("idprof3"); + $this->object->idprof4 = GETPOST("idprof4"); + $this->object->typent_id = GETPOST("typent_id"); + $this->object->effectif_id = GETPOST("effectif_id"); + $this->object->barcode = GETPOST("barcode"); + $this->object->forme_juridique_code = GETPOST("forme_juridique_code"); + $this->object->default_lang = GETPOST("default_lang"); + $this->object->commercial_id = GETPOST("commercial_id"); - $this->object->tva_assuj = $_POST["assujtva_value"] ? $_POST["assujtva_value"] : 1; - $this->object->tva_intra = $_POST["tva_intra"]; + $this->object->tva_assuj = GETPOST("assujtva_value") ? GETPOST("assujtva_value") : 1; + $this->object->tva_intra = GETPOST("tva_intra"); //Local Taxes - $this->object->localtax1_assuj = $_POST["localtax1assuj_value"]; - $this->object->localtax2_assuj = $_POST["localtax2assuj_value"]; + $this->object->localtax1_assuj = GETPOST("localtax1assuj_value"); + $this->object->localtax2_assuj = GETPOST("localtax2assuj_value"); // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index d42ed635e82..fd4fde95243 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -2067,8 +2067,8 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; // EMail / Web - print ''; - print ''; + print ''; + print ''; print ''; print ''; diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 8ff860a33bc..47ef99490cb 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -1525,13 +1525,13 @@ while ($i < min($num, $limit)) { } } if (!empty($arrayfields['s.phone']['checked'])) { - print "\n"; + print '\n"; if (!$i) { $totalarray['nbfield']++; } } if (!empty($arrayfields['s.fax']['checked'])) { - print "\n"; + print '\n"; if (!$i) { $totalarray['nbfield']++; } diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 21bb18dda93..92b43902405 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -505,9 +505,9 @@ if (empty($reshook)) { $object->generateDocument($object->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref); } } elseif ($action == "setabsolutediscount" && $usercancreate) { - if ($_POST["remise_id"]) { + if (GETPOST("remise_id", 'int')) { if ($object->id > 0) { - $result = $object->insert_discount($_POST["remise_id"]); + $result = $object->insert_discount(GETPOST("remise_id", 'int')); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } diff --git a/htdocs/supplier_proposal/contact.php b/htdocs/supplier_proposal/contact.php index 527ba87cb3e..d106ce0506f 100644 --- a/htdocs/supplier_proposal/contact.php +++ b/htdocs/supplier_proposal/contact.php @@ -58,7 +58,7 @@ if ($action == 'addcontact' && $permissiontoedit) { if ($result > 0 && $id > 0) { $contactid = (GETPOST('userid') ? GETPOST('userid') : GETPOST('contactid')); - $result = $object->add_contact($contactid, $_POST["type"], $_POST["source"]); + $result = $object->add_contact($contactid, GETPOST("type"), GETPOST("source")); } if ($result >= 0) { diff --git a/htdocs/takepos/admin/other.php b/htdocs/takepos/admin/other.php index 7d0ce8897e3..f933472a443 100644 --- a/htdocs/takepos/admin/other.php +++ b/htdocs/takepos/admin/other.php @@ -63,9 +63,6 @@ if ($resql) { if (GETPOST('action', 'alpha') == 'set') { $db->begin(); - if (GETPOST('socid', 'int') < 0) { - $_POST["socid"] = ''; - } $res = dolibarr_set_const($db, "CASHDESK_SERVICES", GETPOST('CASHDESK_SERVICES', 'alpha'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_ROOT_CATEGORY_ID", GETPOST('TAKEPOS_ROOT_CATEGORY_ID', 'alpha'), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/takepos/admin/setup.php b/htdocs/takepos/admin/setup.php index 67bc8edcdf3..0364ff4e64f 100644 --- a/htdocs/takepos/admin/setup.php +++ b/htdocs/takepos/admin/setup.php @@ -70,9 +70,6 @@ $error = 0; if ($action == 'set') { $db->begin(); - if (GETPOST('socid', 'int') < 0) { - $_POST["socid"] = ''; - } $res = dolibarr_set_const($db, "TAKEPOS_ROOT_CATEGORY_ID", GETPOST('TAKEPOS_ROOT_CATEGORY_ID', 'alpha'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_SUPPLEMENTS_CATEGORY", GETPOST('TAKEPOS_SUPPLEMENTS_CATEGORY', 'alpha'), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/takepos/admin/terminal.php b/htdocs/takepos/admin/terminal.php index 3e5bb4ccc46..52f451ae163 100644 --- a/htdocs/takepos/admin/terminal.php +++ b/htdocs/takepos/admin/terminal.php @@ -67,9 +67,6 @@ $terminaltouse = $terminal; if (GETPOST('action', 'alpha') == 'set') { $db->begin(); - if (GETPOST('socid', 'int') < 0) { - $_POST["socid"] = ''; - } $res = dolibarr_set_const($db, "CASHDESK_ID_THIRDPARTY".$terminaltouse, (GETPOST('socid', 'int') > 0 ? GETPOST('socid', 'int') : ''), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index fee496c4fab..62d040f2aff 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -364,6 +364,9 @@ td.rightborder { border-right: 1px solid #ccc; } +td.amount { + color: #006666; +} td.actionbuttons a { padding-left: 6px; } @@ -764,6 +767,19 @@ textarea.centpercent { max-width: 100%; overflow-y: auto; } +div.urllink { + padding: 10px; + margin-top: 5px; + margin-bottom: 5px; + //border: 1px solid #ccc; + border-radius: 5px; + width: fit-content; + background-color: #eee; + opacity: 0.8; +} +div.urllink, div.urllink a { + color: #339 !important; +} i.fa-mars::before, i.fa-venus::before, i.fa-genderless::before { color: #888 !important; @@ -1088,6 +1104,18 @@ select.flat.selectlimit { text-overflow: ellipsis; white-space: nowrap; } +.tdoverflowmax400 { /* For tdoverflow, the max-midth become a minimum ! */ + max-width: 400px; + overflow: hidden; + text-overflow: ellipsis; + white-space: nowrap; +} +.tdoverflowmax500 { /* For tdoverflow, the max-midth become a minimum ! */ + max-width: 500px; + overflow: hidden; + text-overflow: ellipsis; + white-space: nowrap; +} .tdoverflowauto { max-width: 0; overflow: auto; diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index ab4f29eb945..40e2dd38df0 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -555,6 +555,9 @@ td.rightborder { border-right: 1px solid #ccc; } +td.amount { + color: #006666; +} td.actionbuttons a { padding-left: 6px; } @@ -1159,6 +1162,18 @@ select.flat.selectlimit { text-overflow: ellipsis; white-space: nowrap; } +.tdoverflowmax400 { /* For tdoverflow, the max-midth become a minimum ! */ + max-width: 400px; + overflow: hidden; + text-overflow: ellipsis; + white-space: nowrap; +} +.tdoverflowmax500 { /* For tdoverflow, the max-midth become a minimum ! */ + max-width: 500px; + overflow: hidden; + text-overflow: ellipsis; + white-space: nowrap; +} .tdoverflowauto { max-width: 0; overflow: auto; @@ -2437,6 +2452,7 @@ div.mainmenu.website { // End of part to add more div class css } // End test if $dol_hide_topmenu ?> + .tmenuimage { padding:0 0 0 0 !important; margin:0 0px 0 0 !important; @@ -2449,6 +2465,9 @@ div.mainmenu.website { display: none; } +a.tmenuimage:hover { + text-decoration: none; +} a.tmenuimage { display: block; } diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index 8741fdc6b66..98bcccd4ca1 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -692,7 +692,7 @@ if ($action == 'create' || $action == 'presend') { $formticket->param = array('origin' => GETPOST('origin'), 'originid' => GETPOST('originid')); $formticket->showForm(1, 'create', 0); -} elseif ($action == 'edit' && $user->rights->ticket->write && $object->fk_statut < Ticket::STATUS_CLOSED) { + /*} elseif ($action == 'edit' && $user->rights->ticket->write && $object->fk_statut < Ticket::STATUS_CLOSED) { $formticket = new FormTicket($db); $head = ticket_prepare_head($object); @@ -709,22 +709,22 @@ if ($action == 'create' || $action == 'presend') { // Type print ''; // Severity print ''; // Group print ''; // Subject print ''; // Other attributes @@ -746,7 +746,7 @@ if ($action == 'create' || $action == 'presend') { print ''; print ''; - print ''; + print ''; */ } elseif (empty($action) || $action == 'view' || $action == 'addlink' || $action == 'dellink' || $action == 'presend' || $action == 'presend_addmessage' || $action == 'close' || $action == 'delete' || $action == 'editcustomer' || $action == 'progression' || $action == 'reopen' || $action == 'editsubject' || $action == 'edit_extras' || $action == 'update_extras' || $action == 'edit_extrafields' || $action == 'set_extrafields' || $action == 'classify' || $action == 'sel_contract' || $action == 'edit_message_init' || $action == 'set_status' || $action == 'dellink') { if ($res > 0) { @@ -1282,9 +1282,11 @@ if ($action == 'create' || $action == 'presend') { print '
'.$langs->trans('TicketAddIntervention').'
'; } + /* This is useless. We can already modify each field individually if ($user->rights->ticket->write && $object->fk_statut < Ticket::STATUS_CLOSED) { print '
'.$langs->trans('Modify').'
'; } + */ // Close ticket if statut is read if ($object->fk_statut > 0 && $object->fk_statut < Ticket::STATUS_CLOSED && $user->rights->ticket->write) { diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 4137680b0f7..0c726db3f62 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -608,30 +608,50 @@ if ($optioncss != '') { } // Add $param from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php'; -if ($socid) { +if ($socid > 0) { $param .= '&socid='.urlencode($socid); } -if ($projectid) { +if ($search_societe) { + $param .= '&search_societe='.urlencode($search_societe); +} +if ($projectid > 0) { $param .= '&projectid='.urlencode($projectid); } - if ($search_date_start) { - $param .= '&search_date_start='.urlencode($search_date_start); + $tmparray = dol_getdate($search_date_start); + $param .= '&search_date_startday='.urlencode($tmparray['mday']); + $param .= '&search_date_startmonth='.urlencode($tmparray['mon']); + $param .= '&search_date_startyear='.urlencode($tmparray['year']); } if ($search_date_end) { - $param .= '&search_date_end='.urlencode($search_date_end); + $tmparray = dol_getdate($search_date_end); + $param .= '&search_date_endday='.urlencode($tmparray['mday']); + $param .= '&search_date_endmonth='.urlencode($tmparray['mon']); + $param .= '&search_date_endyear='.urlencode($tmparray['year']); } if ($search_dateread_start) { - $param .= '&search_dateread_start='.urlencode($search_dateread_start); + $tmparray = dol_getdate($search_dateread_start); + $param .= '&search_dateread_startday='.urlencode($tmparray['mday']); + $param .= '&search_dateread_startmonth='.urlencode($tmparray['mon']); + $param .= '&search_dateread_startyear='.urlencode($tmparray['year']); } if ($search_dateread_end) { - $param .= '&search_dateread_end='.urlencode($search_dateread_end); + $tmparray = dol_getdate($search_dateread_end); + $param .= '&search_dateread_endday='.urlencode($tmparray['mday']); + $param .= '&search_dateread_endmonth='.urlencode($tmparray['mon']); + $param .= '&search_dateread_endyear='.urlencode($tmparray['year']); } if ($search_dateclose_start) { - $param .= '&search_dateclose_start='.urlencode($search_dateclose_start); + $tmparray = dol_getdate($search_dateclose_start); + $param .= '&search_dateclose_startday='.urlencode($tmparray['mday']); + $param .= '&search_dateclose_startmonth='.urlencode($tmparray['mon']); + $param .= '&search_dateclose_startyear='.urlencode($tmparray['year']); } if ($search_dateclose_end) { - $param .= '&search_dateclose_end='.urlencode($search_dateclose_end); + $tmparray = dol_getdate($search_dateclose_end); + $param .= '&search_date_endday='.urlencode($tmparray['mday']); + $param .= '&search_date_endmonth='.urlencode($tmparray['mon']); + $param .= '&search_date_endyear='.urlencode($tmparray['year']); } // List of mass actions available diff --git a/htdocs/user/card.php b/htdocs/user/card.php index cfc63a01411..f530fbc24dc 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -199,12 +199,12 @@ if (empty($reshook)) { if ($action == 'add' && $canadduser) { $error = 0; - if (!$_POST["lastname"]) { + if (!GETPOST("lastname")) { $error++; setEventMessages($langs->trans("NameNotDefined"), null, 'errors'); $action = "create"; // Go back to create page } - if (!$_POST["login"]) { + if (!GETPOST("login")) { $error++; setEventMessages($langs->trans("LoginNotDefined"), null, 'errors'); $action = "create"; // Go back to create page @@ -441,7 +441,7 @@ if (empty($reshook)) { $object->lang = GETPOST('default_lang', 'aZ09'); if (!empty($conf->multicompany->enabled)) { - if (!empty($_POST["superadmin"])) { + if (GETPOST("superadmin")) { $object->entity = 0; } elseif (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $object->entity = 1; // all users in master entity @@ -1963,7 +1963,7 @@ if ($action == 'create' || $action == 'adduserldap') { // Ref/ID if (!empty($conf->global->MAIN_SHOW_TECHNICAL_ID)) { - print ''; + print ''; print ''; @@ -1971,13 +1971,13 @@ if ($action == 'create' || $action == 'adduserldap') { } // Civility - print ''; // Lastname print ""; - print ''; + print ''; print '
'.$langs->trans("RemainderToPay").''.price($total-$sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).'
'.$langs->trans("Date").''; - $datepaye = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); - $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (empty($_POST["remonth"]) ?-1 : $datepaye) : ''; + $datepaye = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST("reday", 'int'), GETPOST("reyear", 'int')); + $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (GETPOST("remonth") ? $datepaye : -1) : ''; print $form->selectDate($datepayment, '', '', '', '', "add_payment", 1, 1); print "
'.$langs->trans("PaymentMode").''; - $form->select_types_paiements(isset($_POST["paiementtype"]) ? $_POST["paiementtype"] : $salary->type_payment, "paiementtype"); + $form->select_types_paiements(GETPOSTISSET("paiementtype") ? GETPOST("paiementtype") : $salary->type_payment, "paiementtype"); print "
'.$langs->trans('AccountToDebit').''; - $form->select_comptes(isset($_POST["accountid"]) ? $_POST["accountid"] : $salary->accountid, "accountid", 0, '', 1); // Show opend bank account list + $form->select_comptes(GETPOSTISSET("accountid") ? GETPOST("accountid", 'int') : $salary->accountid, "accountid", 0, '', 1); // Show opend bank account list print '
'.img_picto('', 'object_phoning_fax').'
'.$form->editfieldkey('EMail', 'email', GETPOST('email', 'alpha'), $object, 0, 'string', '', (!empty($conf->global->SOCIETE_EMAIL_MANDATORY))).''.img_picto('', 'object_email').'
'.$form->editfieldkey('EMail', 'email', GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL), $object, 0, 'string', '', (!empty($conf->global->SOCIETE_EMAIL_MANDATORY))).''.img_picto('', 'object_email').'
'.$form->editfieldkey('Web', 'url', GETPOST('url', 'alpha'), $object, 0).''.img_picto('', 'globe').'
".dol_print_phone($obj->phone, $obj->country_code, 0, $obj->rowid, 'AC_TEL', ' ', 'phone')."'.dol_print_phone($obj->phone, $obj->country_code, 0, $obj->rowid, 'AC_TEL', ' ', 'phone')."".dol_print_phone($obj->fax, $obj->country_code, 0, $obj->rowid, 'AC_TEL', ' ', 'fax')."'.dol_print_phone($obj->fax, $obj->country_code, 0, $obj->rowid, 'AC_TEL', ' ', 'fax')."
'; - $formticket->selectTypesTickets((GETPOST('type_code') ? GETPOST('type_code') : $object->type_code), 'type_code', '', '2'); + $formticket->selectTypesTickets((GETPOSTISSET('type_code') ? GETPOST('type_code') : $object->type_code), 'type_code', '', '2'); print '
'; - $formticket->selectSeveritiesTickets((GETPOST('severity_code') ? GETPOST('severity_code') : $object->severity_code), 'severity_code', '', '2'); + $formticket->selectSeveritiesTickets((GETPOSTISSET('severity_code') ? GETPOST('severity_code') : $object->severity_code), 'severity_code', '', '2'); print '
'; - $formticket->selectGroupTickets((GETPOST('category_code') ? GETPOST('category_code') : $object->category_code), 'category_code', '', '2'); + $formticket->selectGroupTickets((GETPOSTISSET('category_code') ? GETPOST('category_code') : $object->category_code), 'category_code', '', '2'); print '
'; - print ''; + print ''; print '
'.$langs->trans("Ref").'
'.$langs->trans("Ref").''; print $object->id; print '
'; + print '
'; print $formcompany->select_civility(GETPOSTISSET("civility_code") ? GETPOST("civility_code", 'aZ09') : $object->civility_code, 'civility_code'); print '
'.$langs->trans("Lastname").''.$langs->trans("Lastname").''; if ($caneditfield && !$object->ldap_sid) { print ''; diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 0d6d413ba0f..33921544b45 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -138,7 +138,7 @@ if (empty($reshook)) { if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $object->entity = 0; } else { - $object->entity = $_POST["entity"]; + $object->entity = GETPOST("entity"); } $db->begin(); @@ -214,7 +214,7 @@ if (empty($reshook)) { if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $object->entity = 0; } else { - $object->entity = $_POST["entity"]; + $object->entity = GETPOST("entity"); } $ret = $object->update(); diff --git a/htdocs/user/note.php b/htdocs/user/note.php index e0c23842347..1a375343e05 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -67,7 +67,7 @@ if ($reshook < 0) { } if (empty($reshook)) { - if ($action == 'update' && $user->rights->user->user->creer && !$_POST["cancel"]) { + if ($action == 'update' && $user->rights->user->user->creer && !GETPOST("cancel")) { $db->begin(); $res = $object->update_note(dol_html_entity_decode(GETPOST('note_private', 'restricthtml'), ENT_QUOTES | ENT_HTML5)); diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 228bbd7882e..0c9785d7463 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -40,12 +40,6 @@ $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); $actionid = GETPOST('actionid'); -// Security check -if ($user->socid) { - $id = $user->socid; -} -$result = restrictedArea($user, 'societe', '', ''); - $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); @@ -74,6 +68,12 @@ if ($id > 0 || !empty($ref)) { $permissiontoadd = (($object->id == $user->id) || (!empty($user->rights->user->user->lire))); +// Security check +if ($user->socid) { + $id = $user->socid; +} +$result = restrictedArea($user, 'user', '', ''); + /* * Actions diff --git a/htdocs/user/param_ihm.php b/htdocs/user/param_ihm.php index 228066b7051..2856f787b52 100644 --- a/htdocs/user/param_ihm.php +++ b/htdocs/user/param_ihm.php @@ -90,7 +90,7 @@ if ($reshook < 0) { if (empty($reshook)) { if ($action == 'update' && ($caneditfield || !empty($user->admin))) { - if (!$_POST["cancel"]) { + if (!GETPOST("cancel")) { $tabparam = array(); if (GETPOST("check_MAIN_LANDING_PAGE") == "on") { diff --git a/htdocs/workstation/workstation_card.php b/htdocs/workstation/workstation_card.php index 61686423d4c..b64f15e1f76 100755 --- a/htdocs/workstation/workstation_card.php +++ b/htdocs/workstation/workstation_card.php @@ -208,9 +208,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print ''."\n"; // Common attributes diff --git a/htdocs/zapier/admin/index.html b/htdocs/zapier/admin/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/zapier/admin/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/zapier/class/index.html b/htdocs/zapier/class/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/zapier/class/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/zapier/index.html b/htdocs/zapier/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/zapier/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/zapier/lib/index.html b/htdocs/zapier/lib/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/zapier/lib/index.html @@ -0,0 +1 @@ +