diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md index 9a84fdbbda0..1c46e8e2d50 100644 --- a/.github/CODE_OF_CONDUCT.md +++ b/.github/CODE_OF_CONDUCT.md @@ -77,8 +77,8 @@ contact@dolibarr.org ## 10. License and attribution -This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](http://creativecommons.org/licenses/by-sa/3.0/). +This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](https://creativecommons.org/licenses/by-sa/3.0/). -Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](http://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy). +Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](https://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy). -Retrieved on November 22, 2016 from [http://citizencodeofconduct.org/](http://citizencodeofconduct.org/) +Retrieved on November 22, 2016 from [https://citizencodeofconduct.org/](http://citizencodeofconduct.org/) diff --git a/COPYING b/COPYING index 2a000655e93..e60008693e0 100644 --- a/COPYING +++ b/COPYING @@ -1,7 +1,7 @@ GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 - Copyright (C) 2007 Free Software Foundation, Inc. + Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. diff --git a/ChangeLog b/ChangeLog index 646c1314b1f..c784c2f4bf3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,21 +48,21 @@ FIX: #16533 FIX: #16629 FIX: #16671 Can not generate zip file of documents in backup tool FIX: Add "Now" link on social charges creation card -FIX: avoid undefined url and missing token +FIX: avoid undefined URL and missing token FIX: Bad project filter in ticket list FIX: Buttons to disable bindings not working FIX: class not found when creating recuring invoice from invoice+discount -FIX: File attachment on lots +FIX: File attachment on lots/batches FIX: handling $heightforinfotot when he's superior to a page height on Supplier Invoice FIX: hourglass and hide button to pay -FIX: massaction validate invoice do not regenerate pdf +FIX: massaction validate invoice do not regenerate PDF FIX: missing mp4 video mime FIX: picto on shipment to reset qty to 0. Some quantities were not reset. FIX: Protection to avoid #16504 FIX: rounding amount on card updating -FIX: Rounding amount on social charges card updating +FIX: rounding amount on social charges card updating FIX: select list dependencies now work for ModuleBuilder sellist field -FIX: Status in popup of member in widget +FIX: status in popup of member in widget FIX: status on tooltip on widgets FIX: Timezone management for datetime on list of events FIX: Timezone management for datetime with modulebuilder and extrafields @@ -93,9 +93,9 @@ FIX: #16135 FIX: #16143 FIX: #16156 FIX: #16160 -FIX: #16165 Create customer discount without vat +FIX: #16165 Create customer discount without VAT FIX: #16185 -FIX: #16189, fix download/see check deposit PDF +FIX: #16189 fix download/see check deposit PDF FIX: #16215 FIX: Accountancy - label_operation is used instead of label_compte FIX: Add critical price patch @@ -105,7 +105,7 @@ FIX: cash fence for takepos with multientity FIX: CSRF errors on margin forms FIX: encoding status in graph of vendor proposals FIX: Fix detect dispached product and set to received completely when the supplier order have services (support STOCK_SUPPORTS_SERVICES) -FIX: Hide/Unhide external ICSS calendars +FIX: hide/unhide external ICS calendars FIX: link to create event when task is in a project with a thirdparty FIX: Localtax must be converted with price2num FIX: manage price min for PRODUIT_CUSTOMER_PRICES @@ -126,7 +126,7 @@ FIX: warning when adding a line if $remise_percent is an empty string FIX: status late on purchase orders FIX: ODT generation very slow FIX: amount in summary of report -FIX: vat value when code contains number +FIX: VAT value when code contains number FIX: payment term label on PDF FIX: date selector when using reduced year (like on smartphone) @@ -145,7 +145,7 @@ NEW: Accountancy - add options to disable binding on sales, purchases & expense NEW: Accountancy balance - add a menu entry to show subtotal by group NEW: Accountancy - change menu disposition NEW: Accountancy - on transfers, select the periodicity by default -NEW: Accountancy - Add export for Gestinum (v3 & v5) #15180 +NEW: Accountancy - add export for Gestinum (v3 & v5) #15180 NEW: new currency rate editor NEW: Solve blocking feature. Can increase stock of a Kit without changing subproduct stock. NEW: add a widget to show the customers with outstanding limits reached diff --git a/README.md b/README.md index ad4971f50db..0a3aeecb9f4 100644 --- a/README.md +++ b/README.md @@ -98,7 +98,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) ### Main application/modules (all optional) - Customers, Prospects (Leads) and/or Suppliers directory + Contacts -- Members management +- Members/Membership management - Products and/or Services catalog - Commercial proposals management - Customer & Supplier Orders management @@ -112,6 +112,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) - Shared calendar/agenda (with ical and vcal export for third party tools integration) - Opportunities or Leads management - Projects & Tasks management +- Ticket System - Contracts management - Interventions management - Employee's leave requests management @@ -160,7 +161,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) - Canadian double taxes (federal/province) and other countries using cumulative VAT - Tunisian tax stamp - Argentina invoice numbering using A,B,C... - - Compatible with [European directives](http://europa.eu/legislation_summaries/taxation/l31057_en.htm) (2006/112/CE ... 2010/45/UE) + - Compatible with [European directives] (https://europa.eu/legislation_summaries/taxation/l31057_en.htm) (2006/112/CE ... 2010/45/UE) - Compatible with European GDPR rules - ... - Flexible PDF & ODT generation for invoices, proposals, orders... diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index cf2bd2065a2..4b18fc03c5b 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -218,7 +218,7 @@ if ($db->type == 'pgsql') { } else { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = aa.account_parent AND a2.entity = ".$conf->entity; } -$sql .= " WHERE asy.rowid = ".$pcgver; +$sql .= " WHERE asy.rowid = ".((int) $pcgver); //print $sql; if (strlen(trim($search_account))) { $lengthpaddingaccount = 0; @@ -349,7 +349,7 @@ if ($resql) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON a.fk_country = c.rowid AND c.active = 1"; $sql .= " WHERE a.active = 1"; dol_syslog('accountancy/admin/account.php $sql='.$sql); - print $sql; + $resqlchart = $db->query($sql); if ($resqlchart) { $numbis = $db->num_rows($resqlchart); diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index deae39aef54..c61674921f1 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -149,7 +149,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { // Check that all fields are filled $ok = 1; foreach ($listfield as $f => $value) { - if ($value == 'formula' && empty($_POST['formula'])) { + if ($value == 'formula' && !GETPOST('formula')) { continue; } if ($value == 'range_account' && empty($_POST['range_account'])) { diff --git a/htdocs/accountancy/admin/index.php b/htdocs/accountancy/admin/index.php index b5443486648..4e56b5bfa2f 100644 --- a/htdocs/accountancy/admin/index.php +++ b/htdocs/accountancy/admin/index.php @@ -81,7 +81,7 @@ if ($action == 'update') { $constvalue = GETPOST($constname, 'alpha'); if ($constname == 'ACCOUNTING_DATE_START_BINDING') { - $constvalue = dol_mktime(12, 0, 0, GETPOST($constname.'month', 'int'), GETPOST($constname.'day', 'int'), GETPOST($constname.'year', 'int')); + $constvalue = dol_mktime(0, 0, 0, GETPOST($constname.'month', 'int'), GETPOST($constname.'day', 'int'), GETPOST($constname.'year', 'int')); } if (!dolibarr_set_const($db, $constname, $constvalue, 'chaine', 0, '', $conf->entity)) { diff --git a/htdocs/accountancy/admin/productaccount.php b/htdocs/accountancy/admin/productaccount.php index c1541bd2214..2013b0c7295 100644 --- a/htdocs/accountancy/admin/productaccount.php +++ b/htdocs/accountancy/admin/productaccount.php @@ -189,13 +189,13 @@ if ($action == 'update') { $db->begin(); if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_perentity (fk_product, entity, " . $accountancy_field_name . ")"; - $sql .= " VALUES (" . ((int) $productid) . ", " . ((int) $conf->entity) . ", " . $accounting->account_number . ")"; - $sql .= " ON DUPLICATE KEY UPDATE " . $accountancy_field_name . " = " . $accounting->account_number; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_perentity (fk_product, entity, '".$db->escape($accountancy_field_name)."')"; + $sql .= " VALUES (".((int) $productid).", ".((int) $conf->entity).", '".$db->escape($accounting->account_number)."')"; + $sql .= " ON DUPLICATE KEY UPDATE ".$accountancy_field_name." = '".$db->escape($accounting->account_number)."'"; } else { $sql = " UPDATE ".MAIN_DB_PREFIX."product"; - $sql .= " SET " . $accountancy_field_name . " = " . $accounting->account_number; - $sql .= " WHERE rowid = " . ((int) $productid); + $sql .= " SET ".$accountancy_field_name." = '".$db->escape($accounting->account_number)."'"; + $sql .= " WHERE rowid = ".((int) $productid); } dol_syslog("/accountancy/admin/productaccount.php sql=".$sql, LOG_DEBUG); @@ -280,14 +280,14 @@ $sql .= " p.tms, p.fk_product_type as product_type,"; $sql .= " aa.rowid as aaid"; $sql .= " FROM ".MAIN_DB_PREFIX."product as p"; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.account_number = pa." . $accountancy_field_name . " AND aa.fk_pcg_version = '" . $db->escape($pcgvercode) . "'"; } else { $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.account_number = p." . $accountancy_field_name . " AND aa.fk_pcg_version = '" . $db->escape($pcgvercode) . "'"; } $sql .= ' WHERE p.entity IN ('.getEntity('product').')'; if (strlen(trim($search_current_account))) { - $sql .= natural_search((!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa." : "p.") . $accountancy_field_name, $search_current_account); + $sql .= natural_search((empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p." : "pa.") . $accountancy_field_name, $search_current_account); } if ($search_current_account_valid == 'withoutvalidaccount') { $sql .= " AND aa.account_number IS NULL"; @@ -466,7 +466,7 @@ if ($result) { } else { print_liste_field_titre("OnBuy", $_SERVER["PHP_SELF"], "p.tobuy", "", $param, '', $sortfield, $sortorder, 'center '); } - print_liste_field_titre("CurrentDedicatedAccountingAccount", $_SERVER["PHP_SELF"], (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa." : "p.") . $accountancy_field_name, "", $param, '', $sortfield, $sortorder); + print_liste_field_titre("CurrentDedicatedAccountingAccount", $_SERVER["PHP_SELF"], (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p." : "pa.") . $accountancy_field_name, "", $param, '', $sortfield, $sortorder); print_liste_field_titre("AssignDedicatedAccountingAccount"); $clickpitco = $form->showCheckAddButtons('checkforselect', 1); print_liste_field_titre($clickpitco, '', '', '', '', '', '', '', 'center '); diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 40a8284adc4..498c513b761 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -45,14 +45,14 @@ $search_mvt_num = GETPOST('search_mvt_num', 'int'); $search_doc_type = GETPOST("search_doc_type", 'alpha'); $search_doc_ref = GETPOST("search_doc_ref", 'alpha'); $search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int')); -$search_date_end = dol_mktime(0, 0, 0, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int')); +$search_date_end = dol_mktime(23, 59, 59, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int')); $search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int')); $search_date_creation_start = dol_mktime(0, 0, 0, GETPOST('date_creation_startmonth', 'int'), GETPOST('date_creation_startday', 'int'), GETPOST('date_creation_startyear', 'int')); -$search_date_creation_end = dol_mktime(0, 0, 0, GETPOST('date_creation_endmonth', 'int'), GETPOST('date_creation_endday', 'int'), GETPOST('date_creation_endyear', 'int')); +$search_date_creation_end = dol_mktime(23, 59, 59, GETPOST('date_creation_endmonth', 'int'), GETPOST('date_creation_endday', 'int'), GETPOST('date_creation_endyear', 'int')); $search_date_modification_start = dol_mktime(0, 0, 0, GETPOST('date_modification_startmonth', 'int'), GETPOST('date_modification_startday', 'int'), GETPOST('date_modification_startyear', 'int')); -$search_date_modification_end = dol_mktime(0, 0, 0, GETPOST('date_modification_endmonth', 'int'), GETPOST('date_modification_endday', 'int'), GETPOST('date_modification_endyear', 'int')); +$search_date_modification_end = dol_mktime(23, 59, 59, GETPOST('date_modification_endmonth', 'int'), GETPOST('date_modification_endday', 'int'), GETPOST('date_modification_endyear', 'int')); $search_date_export_start = dol_mktime(0, 0, 0, GETPOST('date_export_startmonth', 'int'), GETPOST('date_export_startday', 'int'), GETPOST('date_export_startyear', 'int')); -$search_date_export_end = dol_mktime(0, 0, 0, GETPOST('date_export_endmonth', 'int'), GETPOST('date_export_endday', 'int'), GETPOST('date_export_endyear', 'int')); +$search_date_export_end = dol_mktime(23, 59, 59, GETPOST('date_export_endmonth', 'int'), GETPOST('date_export_endday', 'int'), GETPOST('date_export_endyear', 'int')); //var_dump($search_date_start);exit; if (GETPOST("button_delmvt_x") || GETPOST("button_delmvt.x") || GETPOST("button_delmvt")) { @@ -520,7 +520,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex $sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping"; $sql .= " SET date_export = '".$db->idate($now)."'"; $sql .= " , date_validated = '".$db->idate($now)."'"; - $sql .= " WHERE rowid = ".$movement->id; + $sql .= " WHERE rowid = ".((int) $movement->id); dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG); $result = $db->query($sql); @@ -727,7 +727,9 @@ if (!empty($arrayfields['t.piece_num']['checked'])) { } // Code journal if (!empty($arrayfields['t.code_journal']['checked'])) { - print ''; + print ''; + print $formaccounting->multi_select_journal($search_ledger_code, 'search_ledger_code', 0, 1, 1, 1); + print ''; } // Date document if (!empty($arrayfields['t.doc_date']['checked'])) { @@ -748,12 +750,10 @@ if (!empty($arrayfields['t.doc_ref']['checked'])) { if (!empty($arrayfields['t.numero_compte']['checked'])) { print ''; print '
'; - print $langs->trans('From').' '; - print $formaccounting->select_account($search_accountancy_code_start, 'search_accountancy_code_start', 1, array(), 1, 1, 'maxwidth200'); + print $formaccounting->select_account($search_accountancy_code_start, 'search_accountancy_code_start', $langs->trans('From'), array(), 1, 1, 'maxwidth200', 1); print '
'; print '
'; - print $langs->trans('to').' '; - print $formaccounting->select_account($search_accountancy_code_end, 'search_accountancy_code_end', 1, array(), 1, 1, 'maxwidth200'); + print $formaccounting->select_account($search_accountancy_code_end, 'search_accountancy_code_end', $langs->trans('to'), array(), 1, 1, 'maxwidth200', 1); print '
'; print ''; } diff --git a/htdocs/accountancy/bookkeeping/listbyaccount.php b/htdocs/accountancy/bookkeeping/listbyaccount.php index 24bcc4706c1..406664938cc 100644 --- a/htdocs/accountancy/bookkeeping/listbyaccount.php +++ b/htdocs/accountancy/bookkeeping/listbyaccount.php @@ -46,7 +46,7 @@ $search_date_endyear = GETPOST('search_date_endyear', 'int'); $search_date_endmonth = GETPOST('search_date_endmonth', 'int'); $search_date_endday = GETPOST('search_date_endday', 'int'); $search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); -$search_date_end = dol_mktime(0, 0, 0, $search_date_endmonth, $search_date_endday, $search_date_endyear); +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); $search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int')); $search_date_export_startyear = GETPOST('search_date_export_startyear', 'int'); $search_date_export_startmonth = GETPOST('search_date_export_startmonth', 'int'); diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 1bdc0f438bf..3e171110c8b 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -428,7 +428,7 @@ class AccountancyCategory // extends CommonObject global $conf; $sql = "SELECT t.rowid, t.account_number, t.label"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t"; - $sql .= " WHERE t.fk_accounting_category = ".$id; + $sql .= " WHERE t.fk_accounting_category = ".((int) $id); $sql .= " AND t.entity = ".$conf->entity; $this->lines_display = array(); @@ -863,7 +863,7 @@ class AccountancyCategory // extends CommonObject if (!empty($cat_id)) { $sql = "SELECT t.rowid, t.account_number, t.label as account_label"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t"; - $sql .= " WHERE t.fk_accounting_category = ".$cat_id; + $sql .= " WHERE t.fk_accounting_category = ".((int) $cat_id); $sql .= " AND t.entity = ".$conf->entity; $sql .= " ORDER BY t.account_number"; } else { diff --git a/htdocs/accountancy/class/accountancyexport.class.php b/htdocs/accountancy/class/accountancyexport.class.php index ac8c3db644b..ad3e863cc8c 100644 --- a/htdocs/accountancy/class/accountancyexport.class.php +++ b/htdocs/accountancy/class/accountancyexport.class.php @@ -1644,7 +1644,7 @@ class AccountancyExport // Get new customer invoice ref and company name $sql = 'SELECT f.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture as f'; $sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON f.fk_soc = s.rowid'; - $sql .= ' WHERE f.rowid = ' . $line->fk_doc; + $sql .= ' WHERE f.rowid = '.((int) $line->fk_doc); $resql = $this->db->query($sql); if ($resql) { if ($obj = $this->db->fetch_object($resql)) { @@ -1658,7 +1658,7 @@ class AccountancyExport // Get new supplier invoice ref and company name $sql = 'SELECT ff.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture_fourn as ff'; $sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON ff.fk_soc = s.rowid'; - $sql .= ' WHERE ff.rowid = ' . $line->fk_doc; + $sql .= ' WHERE ff.rowid = '.((int) $line->fk_doc); $resql = $this->db->query($sql); if ($resql) { if ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index 3ba552cdfa4..390c288b606 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -91,9 +91,9 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting- $sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping"; $sql .= " SET date_validated = '".$db->idate($now)."'"; - $sql .= " WHERE rowid = ".$movement->id; - $sql .= " AND doc_date >= '" . dol_print_date($date_start, 'dayrfc') . "'"; - $sql .= " AND doc_date <= '" . dol_print_date($date_end, 'dayrfc') . "'"; + $sql .= " WHERE rowid = ".((int) $movement->id); + $sql .= " AND doc_date >= '" . $db->idate($date_start) . "'"; + $sql .= " AND doc_date <= '" . $db->idate($date_end) . "'"; dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index 099cecc4a71..f0bcd9f7a49 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -61,7 +61,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { } $sql = " UPDATE ".MAIN_DB_PREFIX."facturedet"; - $sql .= " SET fk_code_ventilation = ".$codeventil; + $sql .= " SET fk_code_ventilation = ".((int) $codeventil); $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); @@ -110,7 +110,7 @@ if (!empty($id)) { $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as l"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product"; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON l.fk_code_ventilation = aa.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = l.fk_facture"; diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php index 88a32340daa..0b32e2802c4 100644 --- a/htdocs/accountancy/customer/index.php +++ b/htdocs/accountancy/customer/index.php @@ -147,12 +147,12 @@ if ($action == 'validatehistory') { if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } - $alias_company_accounting = !empty($conf->global->ACCOUNTANCY_COMPANY_SHARED) ? "sa" : "s"; - $alias_product_accounting = !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_accounting . ".accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_accounting . ".accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_accounting . ".accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_company_accounting . ".accountancy_code_sell = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity; + $alias_societe_perentity = empty($conf->global->ACCOUNTANCY_COMPANY_SHARED) ? "s" : "sa"; + $alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_perentity . ".accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_perentity . ".accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_perentity . ".accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_societe_perentity . ".accountancy_code_sell = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity; $sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0"; $sql .= " AND l.product_type <= 2"; @@ -207,8 +207,8 @@ if ($action == 'validatehistory') { if ($objp->aarowid_suggest > 0) { $sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facturedet"; - $sqlupdate .= " SET fk_code_ventilation = ".$objp->aarowid_suggest; - $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid; + $sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest); + $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid); $resqlupdate = $db->query($sqlupdate); if (!$resqlupdate) { diff --git a/htdocs/accountancy/customer/lines.php b/htdocs/accountancy/customer/lines.php index 42e4c268b86..6f522750398 100644 --- a/htdocs/accountancy/customer/lines.php +++ b/htdocs/accountancy/customer/lines.php @@ -183,7 +183,7 @@ $sql = "SELECT f.rowid as facid, f.ref as ref, f.type, f.datef, f.ref_client,"; $sql .= " fd.rowid, fd.description, fd.product_type as line_type, fd.total_ht, fd.total_tva, fd.tva_tx, fd.vat_src_code, fd.total_ttc,"; $sql .= " s.rowid as socid, s.nom as name, s.code_compta, s.code_client,"; $sql .= " p.rowid as product_id, p.fk_product_type as product_type, p.ref as product_ref, p.label as product_label,"; -if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { +if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { $sql .= " pa.accountancy_code_sell,"; } else { $sql .= " p.accountancy_code_sell,"; @@ -198,7 +198,7 @@ $sql .= $hookmanager->resPrint; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = fd.fk_product"; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } $sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON aa.rowid = fd.fk_code_ventilation"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = fd.fk_facture"; diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index 07596350ef6..a5506fc6ebb 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -218,7 +218,7 @@ if (empty($chartaccountcode)) { $sql = "SELECT f.rowid as facid, f.ref as ref, f.datef, f.type as ftype,"; $sql .= " l.rowid, l.fk_product, l.description, l.total_ht, l.fk_code_ventilation, l.product_type as type_l, l.tva_tx as tva_tx_line, l.vat_src_code,"; $sql .= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type, p.tva_tx as tva_tx_prod,"; -if (empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { +if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { $sql .= " pa.accountancy_code_sell as code_sell, pa.accountancy_code_sell_intra as code_sell_intra, pa.accountancy_code_sell_export as code_sell_export,"; $sql .= " pa.accountancy_code_buy as code_buy, pa.accountancy_code_buy_intra as code_buy_intra, pa.accountancy_code_buy_export as code_buy_export,"; } else { @@ -240,20 +240,20 @@ $sql .= $hookmanager->resPrint; $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc"; if (!empty($conf->global->ACCOUNTANCY_COMPANY_SHARED)) { - $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_accounting as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity); + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_perentity as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity); } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays "; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as l ON f.rowid = l.fk_facture"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product"; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } -$alias_company_accounting = empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED) ? "s" : "sa"; -$alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa"; -$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_accounting . ".accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity; -$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_accounting . ".accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity; -$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_accounting . ".accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity; -$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_company_accounting . ".accountancy_code_sell = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity; +$alias_societe_perentity = empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED) ? "s" : "sa"; +$alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa"; +$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_perentity . ".accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity; +$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_perentity . ".accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity; +$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_perentity . ".accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity; +$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_societe_perentity . ".accountancy_code_sell = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity; $sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0"; $sql .= " AND l.product_type <= 2"; diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index 200a493cfed..db270b9d2db 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -64,7 +64,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { } $sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det"; - $sql .= " SET fk_code_ventilation = ".$codeventil; + $sql .= " SET fk_code_ventilation = ".((int) $codeventil); $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 84cd64bb44f..98decf4d27a 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -153,8 +153,8 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $ko++; } else { $sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det"; - $sql .= " SET fk_code_ventilation = ".$monCompte; - $sql .= " WHERE rowid = ".$monId; + $sql .= " SET fk_code_ventilation = ".((int) $monCompte); + $sql .= " WHERE rowid = ".((int) $monId); $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index 9093721bff6..9878f67890c 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -421,7 +421,7 @@ if ($result) { //$tabtp[$obj->rowid][$account_pay_loan] += $obj->amount; $sqlmid = 'SELECT pl.amount_capital, pl.amount_insurance, pl.amount_interest, l.accountancy_account_capital, l.accountancy_account_insurance, l.accountancy_account_interest'; $sqlmid .= ' FROM '.MAIN_DB_PREFIX.'payment_loan as pl, '.MAIN_DB_PREFIX.'loan as l'; - $sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.$obj->rowid; + $sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.((int) $obj->rowid); dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=".$sqlmid, LOG_DEBUG); $resultmid = $db->query($sqlmid); diff --git a/htdocs/accountancy/journal/sellsjournal.php b/htdocs/accountancy/journal/sellsjournal.php index 8944fa958d9..e5f52cbc2ea 100644 --- a/htdocs/accountancy/journal/sellsjournal.php +++ b/htdocs/accountancy/journal/sellsjournal.php @@ -115,8 +115,9 @@ if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { $sql .= " p.accountancy_code_sell"; } $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; +$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = fd.fk_product"; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON aa.rowid = fd.fk_code_ventilation"; $sql .= " JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = fd.fk_facture"; diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index eee2059c660..cd17df33776 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -64,7 +64,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { } $sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; - $sql .= " SET fk_code_ventilation = ".$codeventil; + $sql .= " SET fk_code_ventilation = ".((int) $codeventil); $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index 7ef09acf91a..392551708de 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -193,8 +193,8 @@ if ($action == 'validatehistory') { if ($objp->aarowid_suggest > 0) { $sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; - $sqlupdate .= " SET fk_code_ventilation = ".$objp->aarowid_suggest; - $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid; + $sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest); + $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid); $resqlupdate = $db->query($sqlupdate); if (!$resqlupdate) { diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index 13ad707af96..24ee3afe218 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -177,8 +177,8 @@ if ($massaction == 'ventil') { $ko++; } else { $sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; - $sql .= " SET fk_code_ventilation = ".$monCompte; - $sql .= " WHERE rowid = ".$monId; + $sql .= " SET fk_code_ventilation = ".((int) $monCompte); + $sql .= " WHERE rowid = ".((int) $monId); $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); @@ -245,19 +245,19 @@ $sql .= $hookmanager->resPrint; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc"; if (!empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED)) { - $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_accounting as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity); + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_perentity as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity); } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays "; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture_fourn_det as l ON f.rowid = l.fk_facture_fourn"; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } -$alias_company_accounting = !empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED) ? "sa" : "s"; -$alias_product_accounting = !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p"; -$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_accounting . ".accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity; -$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_accounting . ".accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity; -$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_accounting . ".accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity; -$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_company_accounting . ".accountancy_code_buy = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity; +$alias_societe_perentity = empty($conf->global->MAIN_COMPANY_PERENTITY_SHARED) ? "s" : "sa"; +$alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa"; +$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON " . $alias_product_perentity . ".accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity; +$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON " . $alias_product_perentity . ".accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity; +$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON " . $alias_product_perentity . ".accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity; +$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa4 ON " . $alias_societe_perentity . ".accountancy_code_buy = aa4.account_number AND aa4.active = 1 AND aa4.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa4.entity = ".$conf->entity; $sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0"; $sql .= " AND l.product_type <= 2"; // Define begin binding date diff --git a/htdocs/adherents/canvas/actions_adherentcard_common.class.php b/htdocs/adherents/canvas/actions_adherentcard_common.class.php index 3c6e72cc783..2c0e1d992cc 100644 --- a/htdocs/adherents/canvas/actions_adherentcard_common.class.php +++ b/htdocs/adherents/canvas/actions_adherentcard_common.class.php @@ -273,7 +273,7 @@ abstract class ActionsAdherentCardCommon // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { - $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id; + $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 9b4dbb0203d..9b28cc6473e 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -7,6 +7,7 @@ * Copyright (C) 2012-2020 Philippe Grand * Copyright (C) 2015-2018 Alexandre Spangaro * Copyright (C) 2018-2020 Frédéric France + * Copyright (C) 2021 Waël Almoman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -331,62 +332,66 @@ if (empty($reshook)) { } } - $result = $object->update($user, 0, $nosyncuser, $nosyncuserpass); + if (!$error) { + $result = $object->update($user, 0, $nosyncuser, $nosyncuserpass); - if ($result >= 0 && !count($object->errors)) { - $categories = GETPOST('memcats', 'array'); - $object->setCategories($categories); + if ($result >= 0 && !count($object->errors)) { + $categories = GETPOST('memcats', 'array'); + $object->setCategories($categories); - // Logo/Photo save - $dir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos'; - $file_OK = is_uploaded_file($_FILES['photo']['tmp_name']); - if ($file_OK) { - if (GETPOST('deletephoto')) { - require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - $fileimg = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/'.$object->photo; - $dirthumbs = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/thumbs'; - dol_delete_file($fileimg); - dol_delete_dir_recursive($dirthumbs); - } + // Logo/Photo save + $dir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos'; + $file_OK = is_uploaded_file($_FILES['photo']['tmp_name']); + if ($file_OK) { + if (GETPOST('deletephoto')) { + require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + $fileimg = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/'.$object->photo; + $dirthumbs = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/thumbs'; + dol_delete_file($fileimg); + dol_delete_dir_recursive($dirthumbs); + } - if (image_format_supported($_FILES['photo']['name']) > 0) { - dol_mkdir($dir); + if (image_format_supported($_FILES['photo']['name']) > 0) { + dol_mkdir($dir); - if (@is_dir($dir)) { - $newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']); - if (!dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']) > 0) { - setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors'); - } else { - // Create thumbs - $object->addThumbs($newfile); + if (@is_dir($dir)) { + $newfile = $dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']); + if (!dol_move_uploaded_file($_FILES['photo']['tmp_name'], $newfile, 1, 0, $_FILES['photo']['error']) > 0) { + setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors'); + } else { + // Create thumbs + $object->addThumbs($newfile); + } } + } else { + setEventMessages("ErrorBadImageFormat", null, 'errors'); } } else { - setEventMessages("ErrorBadImageFormat", null, 'errors'); + switch ($_FILES['photo']['error']) { + case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini + case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form + $errors[] = "ErrorFileSizeTooLarge"; + break; + case 3: //uploaded file was only partially uploaded + $errors[] = "ErrorFilePartiallyUploaded"; + break; + } + } + + $rowid = $object->id; + $id = $object->id; + $action = ''; + + if (!empty($backtopage)) { + header("Location: ".$backtopage); + exit; } } else { - switch ($_FILES['photo']['error']) { - case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini - case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form - $errors[] = "ErrorFileSizeTooLarge"; - break; - case 3: //uploaded file was only partially uploaded - $errors[] = "ErrorFilePartiallyUploaded"; - break; - } - } - - $rowid = $object->id; - $id = $object->id; - $action = ''; - - if (!empty($backtopage)) { - header("Location: ".$backtopage); - exit; + setEventMessages($object->error, $object->errors, 'errors'); + $action = ''; } } else { - setEventMessages($object->error, $object->errors, 'errors'); - $action = ''; + $action = 'edit'; } } else { $action = 'edit'; @@ -550,7 +555,6 @@ if (empty($reshook)) { $db->commit(); $rowid = $object->id; $id = $object->id; - $action = ''; } else { $db->rollback(); @@ -559,12 +563,41 @@ if (empty($reshook)) { } else { setEventMessages($object->error, $object->errors, 'errors'); } - - $action = 'create'; } - } else { - $action = 'create'; + // Auto-create thirdparty on member creation + if (!empty($conf->global->ADHERENT_DEFAULT_CREATE_THIRDPARTY)) { + if ($result > 0) { + // User creation + $company = new Societe($db); + + $companyalias = ''; + $fullname = $object->getFullName($langs); + + if ($object->morphy == 'mor') { + $companyname = $object->company; + if (!empty($fullname)) { + $companyalias = $fullname; + } + } else { + $companyname = $fullname; + if (!empty($object->company)) { + $companyalias = $object->company; + } + } + + $result = $company->create_from_member($object, $companyname, $companyalias); + + if ($result < 0) { + $langs->load("errors"); + setEventMessages($langs->trans($company->error), null, 'errors'); + setEventMessages($company->error, $company->errors, 'errors'); + } + } else { + setEventMessages($object->error, $object->errors, 'errors'); + } + } } + $action = ($result < 0 || !$error) ? '' : 'create'; } if ($user->rights->adherent->supprimer && $action == 'confirm_delete' && $confirm == 'yes') { diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index eca8668e308..79fef823883 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -692,7 +692,7 @@ class Adherent extends CommonObject $sql .= ", datevalid = '".$this->db->idate($this->datevalid)."'"; // Must be modified only when validating a member } $sql .= ", fk_user_mod = ".($user->id > 0 ? $user->id : 'null'); // Can be null because member can be create by a guest - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); // If we change the type of membership, we set also label of new type if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) { @@ -964,7 +964,7 @@ class Adherent extends CommonObject } // Remove category - $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -975,7 +975,7 @@ class Adherent extends CommonObject // Remove subscription if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1007,7 +1007,7 @@ class Adherent extends CommonObject // Remove adherent if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1154,7 +1154,7 @@ class Adherent extends CommonObject // Set link to user if ($userid > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id); - $sql .= " WHERE rowid = ".$userid; + $sql .= " WHERE rowid = ".((int) $userid); dol_syslog(get_class($this)."::setUserId", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index 460cefdeed3..b2f181e59be 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -425,7 +425,7 @@ class AdherentType extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/adherents/class/adherentstats.class.php b/htdocs/adherents/class/adherentstats.class.php index 62d0e03e27e..1f3dbd32cb6 100644 --- a/htdocs/adherents/class/adherentstats.class.php +++ b/htdocs/adherents/class/adherentstats.class.php @@ -72,7 +72,7 @@ class AdherentStats extends Stats $this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")"; //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; if ($this->memberid) { - $this->where .= " AND m.rowid = ".$this->memberid; + $this->where .= " AND m.rowid = ".((int) $this->memberid); } //if ($this->userid > 0) $this->where.=' AND fk_user_author = '.$this->userid; } diff --git a/htdocs/adherents/note.php b/htdocs/adherents/note.php index 91946094a9a..cc216d794d1 100644 --- a/htdocs/adherents/note.php +++ b/htdocs/adherents/note.php @@ -97,7 +97,7 @@ if ($id) { print dol_get_fiche_head($head, 'note', $langs->trans("Member"), -1, 'user'); - print "
"; + print ''; print ''; $linkback = ''.$langs->trans("BackToList").''; diff --git a/htdocs/adherents/type_translation.php b/htdocs/adherents/type_translation.php index a99f1f990ad..84fe883e41f 100644 --- a/htdocs/adherents/type_translation.php +++ b/htdocs/adherents/type_translation.php @@ -15,8 +15,8 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * or see http://www.gnu.org/ + * along with this program. If not, see . + * or see https://www.gnu.org/ */ /** diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 5b89eefc4f7..741a6157dcd 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -93,7 +93,7 @@ if ($action == 'add') { $arrayofexistingboxid = array(); $nbboxonleft = $nbboxonright = 0; $sql = "SELECT box_id, box_order FROM ".MAIN_DB_PREFIX."boxes"; - $sql .= " WHERE position = ".$pos." AND fk_user = ".$fk_user." AND entity = ".$conf->entity; + $sql .= " WHERE position = ".((int) $pos)." AND fk_user = ".((int) $fk_user)." AND entity = ".((int) $conf->entity); dol_syslog("boxes.php activate box", LOG_DEBUG); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index f0bb3ea9067..d8af6ac1b4f 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -288,8 +288,8 @@ if ($action == 'addthumb' || $action == 'addthumbsquarred') { // Regenerate thu } else { $error++; $langs->load("errors"); - setEventMessages($langs->trans("ErrorFileDoesNotExists", $_GET["file"]), null, 'errors'); - dol_syslog($langs->transnoentities("ErrorFileDoesNotExists", $_GET["file"]), LOG_WARNING); + setEventMessages($langs->trans("ErrorFileDoesNotExists", GETPOST("file")), null, 'errors'); + dol_syslog($langs->transnoentities("ErrorFileDoesNotExists", GETPOST("file")), LOG_WARNING); } } diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 9d05ad00377..0f2601f0349 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -1915,10 +1915,10 @@ if ($id) { $showfield = 0; } elseif ($fieldlist[$field] == 'unicode') { $valuetoshow = $langs->getCurrencySymbol($obj->code, 1); - } elseif ($fieldlist[$field] == 'label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') { + } elseif ($fieldlist[$field] == 'label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') { $langs->load("products"); $valuetoshow = $langs->trans($obj->{$fieldlist[$field]}); - } elseif ($fieldlist[$field] == 'short_label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') { + } elseif ($fieldlist[$field] == 'short_label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') { $langs->load("products"); $valuetoshow = $langs->trans($obj->{$fieldlist[$field]}); } elseif (($fieldlist[$field] == 'unit') && ($tabname[$id] == MAIN_DB_PREFIX.'c_paper_format')) { diff --git a/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php b/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php index bf63f4c42ab..adaf82d6964 100644 --- a/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php +++ b/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php @@ -7,7 +7,7 @@ * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: -* http://opensource.org/licenses/osl-3.0.php +* https://opensource.org/licenses/osl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to license@prestashop.com so we can send you a copy immediately. @@ -16,11 +16,11 @@ * * Do not edit or add to this file if you wish to upgrade PrestaShop to newer * versions in the future. If you wish to customize PrestaShop for your -* needs please refer to http://www.prestashop.com for more information. +* needs please refer to https://www.prestashop.com for more information. * * @author PrestaShop SA * @copyright 2007-2013 PrestaShop SA -* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) +* @license https://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * International Registered Trademark & Property of PrestaShop SA * PrestaShop Webservice Library * @package PrestaShopWebservice diff --git a/htdocs/admin/external_rss.php b/htdocs/admin/external_rss.php index 0ef302765e8..b8b412ad6f8 100644 --- a/htdocs/admin/external_rss.php +++ b/htdocs/admin/external_rss.php @@ -140,7 +140,7 @@ if (GETPOST("delete")) { $resql = $db->query($sql); $sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def"; - $sql .= " WHERE rowid = ".$obj->rowid; + $sql .= " WHERE rowid = ".((int) $obj->rowid); $resql = $db->query($sql); if (!$resql) { diff --git a/htdocs/admin/menus/index.php b/htdocs/admin/menus/index.php index 197db4c4721..4d9c85a69f9 100644 --- a/htdocs/admin/menus/index.php +++ b/htdocs/admin/menus/index.php @@ -111,13 +111,13 @@ if ($action == 'up') { } $sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; - $sql .= " SET m.position = ".$previous['order']; - $sql .= " WHERE m.rowid = ".$current['rowid']; // Up the selected entry + $sql .= " SET m.position = ".((int) $previous['order']); + $sql .= " WHERE m.rowid = ".((int) $current['rowid']); // Up the selected entry dol_syslog("admin/menus/index.php ".$sql); $db->query($sql); $sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; - $sql .= " SET m.position = ".($current['order'] != $previous['order'] ? $current['order'] : $current['order'] + 1); - $sql .= " WHERE m.rowid = ".$previous['rowid']; // Descend celui du dessus + $sql .= " SET m.position = ".((int) ($current['order'] != $previous['order'] ? $current['order'] : $current['order'] + 1)); + $sql .= " WHERE m.rowid = ".((int) $previous['rowid']); // Descend celui du dessus dol_syslog("admin/menus/index.php ".$sql); $db->query($sql); } elseif ($action == 'down') { @@ -162,13 +162,13 @@ if ($action == 'up') { } $sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; - $sql .= " SET m.position = ".($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1); // Down the selected entry - $sql .= " WHERE m.rowid = ".$current['rowid']; + $sql .= " SET m.position = ".((int) ($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1)); // Down the selected entry + $sql .= " WHERE m.rowid = ".((int) $current['rowid']); dol_syslog("admin/menus/index.php ".$sql); $db->query($sql); $sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; // Up the next entry - $sql .= " SET m.position = ".$current['order']; - $sql .= " WHERE m.rowid = ".$next['rowid']; + $sql .= " SET m.position = ".((int) $current['order']); + $sql .= " WHERE m.rowid = ".((int) $next['rowid']); dol_syslog("admin/menus/index.php ".$sql); $db->query($sql); } elseif ($action == 'confirm_delete' && $confirm == 'yes') { diff --git a/htdocs/admin/perms.php b/htdocs/admin/perms.php index 31304c85819..f08a1497181 100644 --- a/htdocs/admin/perms.php +++ b/htdocs/admin/perms.php @@ -159,8 +159,8 @@ if ($result) { // TODO Define familyposition $family = (!empty($modules[$obj->module]->family_position) ? $modules[$obj->module]->family_position : ''); $familyposition = 0; - $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".$modules[$obj->module]->module_position.","; - $sqlupdate .= " family_position = ".$familyposition; + $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".((int) $modules[$obj->module]->module_position).","; + $sqlupdate .= " family_position = ".((int) $familyposition); $sqlupdate .= " WHERE module_position = 0 AND module = '".$db->escape($obj->module)."'"; $db->query($sqlupdate); } diff --git a/htdocs/admin/sms.php b/htdocs/admin/sms.php index 9ddbc3361c8..f84425eda4d 100644 --- a/htdocs/admin/sms.php +++ b/htdocs/admin/sms.php @@ -156,7 +156,7 @@ asort($listofmethods); if (!count($listofmethods)) { $descnosms = $langs->trans("NoSmsEngine", '{Dolistore}'); - $descnosms = str_replace('{Dolistore}', 'DoliStore', $descnosms); + $descnosms = str_replace('{Dolistore}', 'DoliStore', $descnosms); print '
'.$descnosms.'
'; } diff --git a/htdocs/admin/stock.php b/htdocs/admin/stock.php index acab698f675..570ca0c2a5a 100644 --- a/htdocs/admin/stock.php +++ b/htdocs/admin/stock.php @@ -673,6 +673,17 @@ if (!empty($conf->global->MAIN_DEFAULT_WAREHOUSE_USER)) { print "\n"; print "\n"; } + +print ''; +print ''.$langs->trans("WarehouseAskWarehouseOnThirparty").''; +print ''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('SOCIETE_ASK_FOR_WAREHOUSE'); +} else { + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $form->selectarray("SOCIETE_ASK_FOR_WAREHOUSE", $arrval, $conf->global->SOCIETE_ASK_FOR_WAREHOUSE); +} + print ''; print ''.$langs->trans("WarehouseAskWarehouseDuringPropal").''; print ''; diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index d6b8b2f9f66..315673f1582 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -168,7 +168,7 @@ if ($action == 'add') { // Delete line from delete picto if ($action == 'delete') { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".$db->escape($id); + $sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".((int) $id); $result = $db->query($sql); if ($result >= 0) { setEventMessages($langs->trans("RecordDeleted"), null, 'mesgs'); diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php index 674cc53b69f..064fb6ad359 100644 --- a/htdocs/api/class/api_setup.class.php +++ b/htdocs/api/class/api_setup.class.php @@ -73,7 +73,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, libelle as label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_input_method as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -136,7 +136,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_input_reason as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -539,7 +539,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, label"; $sql .= " FROM ".MAIN_DB_PREFIX."c_availability as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -648,7 +648,7 @@ class Setup extends DolibarrApi $sql = "SELECT id, code, type, libelle as label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if ($type) { $sql .= " AND t.type LIKE '%".$this->db->escape($type)."%'"; } @@ -714,7 +714,7 @@ class Setup extends DolibarrApi $sql = "SELECT id, code, label, accountancy_code, active, module, position"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if ($module) { $sql .= " AND t.module LIKE '%".$this->db->escape($module)."%'"; } @@ -778,7 +778,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, element as type, libelle as label, source, module, position"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_contact as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if ($type) { $sql .= " AND type LIKE '%".$this->db->escape($type)."%'"; } @@ -843,7 +843,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_civility as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if ($module) { $sql .= " AND t.module LIKE '%".$this->db->escape($module)."%'"; } @@ -911,7 +911,7 @@ class Setup extends DolibarrApi $sql .= " JOIN ".MAIN_DB_PREFIX."multicurrency as m ON m.code=t.code_iso"; $sql .= " JOIN ".MAIN_DB_PREFIX."multicurrency_rate as cr ON (m.rowid = cr.fk_multicurrency)"; } - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if (!empty($multicurrency)) { $sql .= " AND m.entity IN (".getEntity('multicurrency').")"; if (!empty($multicurrency) && $multicurrency != 2) { @@ -1242,7 +1242,7 @@ class Setup extends DolibarrApi //TODO link with multicurrency module $sql = "SELECT t.rowid, t.code, t.label,t.short_label, t.active, t.scale, t.unit_type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_units as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -1365,7 +1365,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, pos, label, use_default, description"; $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_category as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -1423,7 +1423,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, pos, label, use_default, color, description"; $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_severity as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { diff --git a/htdocs/asset/class/asset_type.class.php b/htdocs/asset/class/asset_type.class.php index 17943f4dfd4..99205d2b3f3 100644 --- a/htdocs/asset/class/asset_type.class.php +++ b/htdocs/asset/class/asset_type.class.php @@ -238,7 +238,7 @@ class AssetType extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."asset_type"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/bom/bom_note.php b/htdocs/bom/bom_note.php index 99f6a708c05..5a3a2ec62b4 100644 --- a/htdocs/bom/bom_note.php +++ b/htdocs/bom/bom_note.php @@ -79,8 +79,8 @@ include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include, $form = new Form($db); -//$help_url='EN:Customers_Orders|FR:Commandes_Clients|ES:Pedidos de clientes'; -$help_url = ''; +$help_url = 'EN:Module_BOM'; + llxHeader('', $langs->trans('BillOfMaterials'), $help_url); if ($id > 0 || !empty($ref)) { diff --git a/htdocs/bom/tpl/index.html b/htdocs/bom/tpl/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/bom/tpl/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/cashdesk/affContenu.php b/htdocs/cashdesk/affContenu.php index 7d9af18913e..d8e31f3b9c9 100644 --- a/htdocs/cashdesk/affContenu.php +++ b/htdocs/cashdesk/affContenu.php @@ -26,7 +26,7 @@ require_once 'class/Facturation.class.php'; // Si nouvelle vente, reinitialisation des donnees (destruction de l'objet et vidage de la table contenant la liste des articles) -if ($_GET['id'] == 'NOUV') { +if (GETPOST('id', 'int') == 'NOUV') { unset($_SESSION['serObjFacturation']); unset($_SESSION['poscart']); } diff --git a/htdocs/cashdesk/facturation_verif.php b/htdocs/cashdesk/facturation_verif.php index eed48555e20..f51cda3e77b 100644 --- a/htdocs/cashdesk/facturation_verif.php +++ b/htdocs/cashdesk/facturation_verif.php @@ -1,7 +1,7 @@ * Copyright (C) 2008-2010 Laurent Destailleur - * Copyright (C) 2018 Juanjo Menent + * Copyright (C) 2018 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -45,14 +45,14 @@ if (empty($user->rights->cashdesk->run)) { switch ($action) { default: - if ($_POST['hdnSource'] != 'NULL') { + if (GETPOST('hdnSource') != 'NULL') { $sql = "SELECT p.rowid, p.ref, p.price, p.tva_tx, p.default_vat_code, p.recuperableonly"; if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) { $sql .= ", ps.reel"; } $sql .= " FROM ".MAIN_DB_PREFIX."product as p"; if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = ".$conf_fkentrepot; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = ".((int) $conf_fkentrepot); } $sql .= " WHERE p.entity IN (".getEntity('product').")"; @@ -164,18 +164,18 @@ switch ($action) { $obj_facturation->vatrate = $vatrate; // Save vat rate (full text vat with code) // Definition du filtre pour n'afficher que le produit concerne - if ($_POST['hdnSource'] == 'LISTE') { + if (GETPOST('hdnSource') == 'LISTE') { $filtre = $ret['ref']; - } elseif ($_POST['hdnSource'] == 'REF') { - $filtre = $_POST['txtRef']; + } elseif (GETPOST('hdnSource') == 'REF') { + $filtre = GETPOST('txtRef'); } - $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation&filtre='.$filtre; + $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation&filtre='.urlencode($filtre); } else { $obj_facturation->raz(); - if ($_POST['hdnSource'] == 'REF') { - $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation&filtre='.$_POST['txtRef']; + if (GETPOST('hdnSource') == 'REF') { + $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation&filtre='.urlencode(GETPOST('txtRef')); } else { $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation'; } @@ -200,10 +200,10 @@ switch ($action) { case 'ajout_article': if (!empty($obj_facturation->id)) { // A product was previously selected and stored in session, so we can add it - dol_syslog("facturation_verif save vat ".$_POST['selTva']); - $obj_facturation->qte($_POST['txtQte']); - $obj_facturation->tva($_POST['selTva']); // id of vat. Saved so we can use it for next product - $obj_facturation->remisePercent($_POST['txtRemise']); + dol_syslog("facturation_verif save vat ".GETPOST('selTva')); + $obj_facturation->qte(GETPOST('txtQte')); + $obj_facturation->tva(GETPOST('selTva')); // id of vat. Saved so we can use it for next product + $obj_facturation->remisePercent(GETPOST('txtRemise')); $obj_facturation->ajoutArticle(); // This add an entry into $_SESSION['poscart'] // We update prixTotalTtc } @@ -212,7 +212,7 @@ switch ($action) { break; case 'suppr_article': - $obj_facturation->supprArticle($_GET['suppr_id']); + $obj_facturation->supprArticle(GETPOST('suppr_id')); $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=facturation'; break; diff --git a/htdocs/cashdesk/validation_verif.php b/htdocs/cashdesk/validation_verif.php index 76cba5d3d95..0c9758d9a29 100644 --- a/htdocs/cashdesk/validation_verif.php +++ b/htdocs/cashdesk/validation_verif.php @@ -165,7 +165,7 @@ switch ($action) { if (empty($cond_reglement_id)) { $cond_reglement_id = 0; // If cond_reglement_id not found } - $note .= $_POST['txtaNotes']; + $note .= GETPOST('txtaNotes', 'alphanohtml'); dol_syslog("obj_facturation->getSetPaymentMode()=".$obj_facturation->getSetPaymentMode()." mode_reglement_id=".$mode_reglement_id." cond_reglement_id=".$cond_reglement_id); $error = 0; diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 94a1b89de8f..1f467b507d1 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -604,7 +604,7 @@ class Categorie extends CommonObject /* FIX #1317 : Check for child category and move up 1 level*/ if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."categorie"; - $sql .= " SET fk_parent = ".$this->fk_parent; + $sql .= " SET fk_parent = ".((int) $this->fk_parent); $sql .= " WHERE fk_parent = ".$this->id; if (!$this->db->query($sql)) { @@ -869,7 +869,7 @@ class Categorie extends CommonObject public function containsObject($type, $object_id) { $sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".$object_id; + $sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); dol_syslog(get_class($this)."::containsObject", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index db26bc4ad22..74ff6c6aa62 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -80,16 +80,12 @@ $id = GETPOST('id', 'int'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); -if ($user->socid && $socid) { - $result = restrictedArea($user, 'societe', $socid); -} $error = GETPOST("error"); $donotclearsession = GETPOST('donotclearsession') ?GETPOST('donotclearsession') : 0; -$cactioncomm = new CActionComm($db); $object = new ActionComm($db); +$cactioncomm = new CActionComm($db); $contact = new Contact($db); $extrafields = new ExtraFields($db); $formfile = new FormFile($db); @@ -132,6 +128,11 @@ if (!empty($conf->global->AGENDA_REMINDER_EMAIL)) { $TDurationTypes = array('y'=>$langs->trans('Years'), 'm'=>$langs->trans('Month'), 'w'=>$langs->trans('Weeks'), 'd'=>$langs->trans('Days'), 'h'=>$langs->trans('Hours'), 'i'=>$langs->trans('Minutes')); +$result = restrictedArea($user, 'agenda', $object->id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} + /* * Actions diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 03ca6ae0369..a1c0ee2badf 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -1367,7 +1367,7 @@ class ActionComm extends CommonObject $sql .= ' fk_user_author,'; $sql .= ' fk_user_mod'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a'; - $sql .= ' WHERE a.id = '.$id; + $sql .= ' WHERE a.id = '.((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index 493cfb1a109..2ff3b1ade8c 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -54,7 +54,6 @@ if ($user->socid > 0) { unset($_GET["action"]); $action = ''; } -$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); $object = new ActionComm($db); @@ -84,10 +83,16 @@ if (!$sortfield) { $upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref); $modulepart = 'actions'; +$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} + /* * Actions */ + include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; @@ -98,6 +103,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; $form = new Form($db); $help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:M&omodulodulo_Agenda'; + llxHeader('', $langs->trans("Agenda"), $help_url); diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index b8d443d8096..6e0bc4ab1e1 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -79,7 +79,6 @@ $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOS if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); if ($socid < 0) { $socid = ''; } @@ -155,6 +154,11 @@ $langs->loadLangs(array('agenda', 'other', 'commercial')); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('agenda')); +$result = restrictedArea($user, 'agenda', 0, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} + /* * Actions diff --git a/htdocs/comm/action/info.php b/htdocs/comm/action/info.php index 2360f2925d9..f5d1c65b267 100644 --- a/htdocs/comm/action/info.php +++ b/htdocs/comm/action/info.php @@ -45,6 +45,9 @@ if ($user->socid > 0) { } $result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} /* diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 888a13fb4b8..c5559e12fe9 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -128,7 +128,6 @@ $socid = GETPOST("search_socid", 'int') ?GETPOST("search_socid", 'int') : GETPOS if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); if ($socid < 0) { $socid = ''; } @@ -165,7 +164,11 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); -//var_dump($_POST);exit; +$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} + /* * Actions diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index 3b55399a58a..74032b7fb01 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -75,7 +75,6 @@ $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOS if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); if ($socid < 0) { $socid = ''; } @@ -170,6 +169,11 @@ $langs->loadLangs(array('users', 'agenda', 'other', 'commercial')); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('agenda')); +$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} + /* * Actions diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 8c440395083..dd6886fa196 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -71,12 +71,10 @@ if (!$sortfield) { $sortfield = "a.datec"; } -// Security check $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOST("socid", "int"); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); if ($socid < 0) { $socid = ''; } @@ -177,6 +175,11 @@ $langs->loadLangs(array('users', 'agenda', 'other', 'commercial')); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('agenda')); +$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} + /* * Actions diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php index 908819e1d1a..a90bc1cf5a3 100644 --- a/htdocs/comm/action/rapport/index.php +++ b/htdocs/comm/action/rapport/index.php @@ -59,7 +59,10 @@ $socid = GETPOST('socid', 'int'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'agenda', $socid, '', 'myactions'); +$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} /* diff --git a/htdocs/comm/admin/propaldet_extrafields.php b/htdocs/comm/admin/propaldet_extrafields.php index 834722f2afd..19b7674449f 100644 --- a/htdocs/comm/admin/propaldet_extrafields.php +++ b/htdocs/comm/admin/propaldet_extrafields.php @@ -31,11 +31,6 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; - -if (!$user->admin) { - accessforbidden(); -} - // Load translation files required by the page $langs->loadlangs(array('admin', 'other', 'propal')); diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index 8039241a899..3dc24f4c8b5 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -88,15 +88,10 @@ if (!empty($conf->notification->enabled)) { $langs->load("mails"); } -// Security check -$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int')); -if ($user->socid > 0) { - $id = $user->socid; -} -$result = restrictedArea($user, 'societe', $id, '&societe'); - $action = GETPOST('action', 'aZ09'); +$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int')); + $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); @@ -124,15 +119,6 @@ $extrafields->fetch_name_optionals_label($object->table_element); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('thirdpartycomm', 'globalcard')); -// Security check -$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); - -if ($object->id > 0) { - if (!($object->client > 0) || empty($user->rights->societe->lire)) { - accessforbidden(); - } -} - $now = dol_now(); if ($id > 0 && empty($object->id)) { @@ -142,6 +128,17 @@ if ($id > 0 && empty($object->id)) { dol_print_error($db, $object->error, $object->errors); } } +if ($object->id > 0) { + if (!($object->client > 0) || empty($user->rights->societe->lire)) { + accessforbidden(); + } +} + +// Security check +if ($user->socid > 0) { + $id = $user->socid; +} +$result = restrictedArea($user, 'societe', $object->id, '&societe', '', 'fk_soc', 'rowid', 0); /* diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 8a921e1c358..9945ca0e186 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -54,6 +54,7 @@ $begin = GETPOST('begin', 'alpha'); // Security check $socid = GETPOST('socid', 'int'); if ($user->socid) { + $action = ''; $socid = $user->socid; } $result = restrictedArea($user, 'societe', $socid, ''); diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index b727a18b76f..97fa9eb0cfc 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -29,10 +29,6 @@ require '../main.inc.php'; -if (!$user->rights->societe->lire) { - accessforbidden(); -} - require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; @@ -63,10 +59,21 @@ if (isset($user->socid) && $user->socid > 0) { $max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT; $now = dol_now(); +// Security check +$socid = GETPOST("socid", 'int'); +if ($user->socid > 0) { + $action = ''; + $id = $user->socid; +} +restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); + + /* * Actions */ +// None + /* * View diff --git a/htdocs/comm/mailing/advtargetemailing.php b/htdocs/comm/mailing/advtargetemailing.php index 4b60fdd3464..2487e772373 100644 --- a/htdocs/comm/mailing/advtargetemailing.php +++ b/htdocs/comm/mailing/advtargetemailing.php @@ -42,11 +42,6 @@ if (!empty($conf->categorie->enabled)) { $langs->load("categories"); } -// Security check -if (!$user->rights->mailing->lire || $user->socid > 0) { - accessforbidden(); -} - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -99,6 +94,12 @@ if ($result < 0) { } } +// Security check +if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) { + accessforbidden(); +} +//$result = restrictedArea($user, 'mailing'); + /* * Actions diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index 3fc50d03eaf..00c5c946326 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -40,10 +40,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; // Load translation files required by the page $langs->load("mails"); -if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) { - accessforbidden(); -} - $id = (GETPOST('mailid', 'int') ? GETPOST('mailid', 'int') : GETPOST('id', 'int')); $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel'); @@ -80,6 +76,10 @@ $listofmethods = array(); $listofmethods['mail'] = 'PHP mail function'; $listofmethods['smtps'] = 'SMTP/SMTPS socket library'; +// Security check +if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) { + accessforbidden(); +} /* @@ -149,7 +149,7 @@ if (empty($reshook)) { // or sent in error (statut=-1) $sql = "SELECT mc.rowid, mc.fk_mailing, mc.lastname, mc.firstname, mc.email, mc.other, mc.source_url, mc.source_id, mc.source_type, mc.tag"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc"; - $sql .= " WHERE mc.statut < 1 AND mc.fk_mailing = ".$object->id; + $sql .= " WHERE mc.statut < 1 AND mc.fk_mailing = ".((int) $object->id); $sql .= " ORDER BY mc.statut DESC"; // first status 0, then status -1 dol_syslog("card.php: select targets", LOG_DEBUG); diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index a9095609ab7..336b6431281 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -35,12 +35,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // Load translation files required by the page $langs->load("mails"); -// Security check -if (!$user->rights->mailing->lire || $user->socid > 0) { - accessforbidden(); -} - - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -75,6 +69,13 @@ $object = new Mailing($db); $result = $object->fetch($id); +// Security check +if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) { + accessforbidden(); +} +//$result = restrictedArea($user, 'mailing'); + + /* * Actions */ diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index 063fb6c7f00..90132557f38 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -284,9 +284,9 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; if (!empty($id)) { - $sql .= " WHERE t.fk_element = ".$id." AND type_element='mailing'"; + $sql .= " WHERE t.fk_element = ".((int) $id)." AND type_element = 'mailing'"; } else { - $sql .= " WHERE t.fk_element = ".$this->fk_element." AND type_element='mailing'"; + $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = 'mailing'"; } dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); @@ -347,9 +347,9 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; if (!empty($id)) { - $sql .= " WHERE t.fk_element = ".$id." AND type_element='$type_element'"; + $sql .= " WHERE t.fk_element = ".((int) $id)." AND type_element = '".$this->db->escape($type_element)."'"; } else { - $sql .= " WHERE t.fk_element = ".$this->fk_element." AND type_element='$type_element'"; + $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = '".$this->db->escape($type_element)."'"; } dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); diff --git a/htdocs/comm/mailing/class/mailing.class.php b/htdocs/comm/mailing/class/mailing.class.php index 251550bdded..aed8bd1431f 100644 --- a/htdocs/comm/mailing/class/mailing.class.php +++ b/htdocs/comm/mailing/class/mailing.class.php @@ -427,7 +427,7 @@ class Mailing extends CommonObject $sql .= " source_id ,"; $sql .= " source_type"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$fromid; + $sql .= " WHERE fk_mailing = ".((int) $fromid); $result = $this->db->query($sql); if ($result) { @@ -499,7 +499,7 @@ class Mailing extends CommonObject public function delete($rowid) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog("Mailing::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/comm/mailing/info.php b/htdocs/comm/mailing/info.php index f6aa8c2e509..74d6943a044 100644 --- a/htdocs/comm/mailing/info.php +++ b/htdocs/comm/mailing/info.php @@ -33,9 +33,10 @@ $id = GETPOST('id', 'int'); $langs->load("mails"); // Security check -if (!$user->rights->mailing->lire || $user->socid > 0) { +if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) { accessforbidden(); } +//$result = restrictedArea($user, 'mailing'); diff --git a/htdocs/comm/mailing/list.php b/htdocs/comm/mailing/list.php index 4f851eeee28..94db62d7b19 100644 --- a/htdocs/comm/mailing/list.php +++ b/htdocs/comm/mailing/list.php @@ -28,9 +28,6 @@ require_once DOL_DOCUMENT_ROOT.'/comm/mailing/class/mailing.class.php'; // Load translation files required by the page $langs->load("mails"); -// Security check -$result = restrictedArea($user, 'mailing'); - $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; @@ -69,6 +66,11 @@ $fieldstosearchall = array( 'm.titre'=>'Ref', ); +// Security check +if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) { + accessforbidden(); +} +//$result = restrictedArea($user, 'mailing'); diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php index f1638e9dc37..a409a150778 100644 --- a/htdocs/comm/multiprix.php +++ b/htdocs/comm/multiprix.php @@ -40,6 +40,14 @@ if ($user->socid > 0) { $_socid = $user->socid; } +// Security check +$socid = GETPOST("socid", 'int'); +if ($user->socid > 0) { + $action = ''; + $id = $user->socid; +} +$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); + /* * Actions diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index bc384cfb882..4c4881472c8 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -89,12 +89,6 @@ $hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref', 'int') : (!empty($con // Nombre de ligne pour choix de produit/service predefinis $NBLINES = 4; -// Security check -if (!empty($user->socid)) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'propal', $id); - $object = new Propal($db); $extrafields = new ExtraFields($db); @@ -134,6 +128,14 @@ $permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc $permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php $permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php +// Security check +if (!empty($user->socid)) { + $socid = $user->socid; + $object->id = $user->socid; +} +restrictedArea($user, 'propal', $object->id); + + /* * Actions */ @@ -642,7 +644,7 @@ if (empty($reshook)) { if ($object->statut == $object::STATUS_VALIDATED) { $db->begin(); - $result = $object->cloture($user, GETPOST('statut', 'int'), GETPOST('note_private', 'restricthtml')); + $result = $object->signature($user, GETPOST('statut', 'int'), GETPOST('note_private', 'restricthtml')); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); $error++; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 0460caf21f5..5ffe0f362c7 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -140,6 +140,16 @@ class Propal extends CommonObject */ public $date_validation; + /** + * @var integer|string $date_signature; + */ + public $date_signature; + + /** + * @var User $user_signature + */ + public $user_signature; + /** * @var integer|string date of the quote; */ @@ -1232,7 +1242,7 @@ class Propal extends CommonObject /*if (! $error && $this->fk_delivery_address) { $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; - $sql.= " SET fk_delivery_address = ".$this->fk_delivery_address; + $sql.= " SET fk_delivery_address = ".((int) $this->fk_delivery_address); $sql.= " WHERE ref = '".$this->db->escape($this->ref)."'"; $sql.= " AND entity = ".setEntity($this); @@ -2203,7 +2213,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; - $sql .= " SET fk_input_reason = ".$id; + $sql .= " SET fk_input_reason = ".((int) $id); $sql .= " WHERE rowid = ".$this->id; dol_syslog(__METHOD__, LOG_DEBUG); @@ -2322,13 +2332,13 @@ class Propal extends CommonObject $remise = trim($remise) ?trim($remise) : 0; if (!empty($user->rights->propal->creer)) { - $remise = price2num($remise); + $remise = price2num($remise, 2); $error = 0; $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".$remise; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise); $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); @@ -2380,17 +2390,18 @@ class Propal extends CommonObject public function set_remise_absolue($user, $remise, $notrigger = 0) { // phpcs:enable - $remise = trim($remise) ?trim($remise) : 0; + if (empty($remise)) { + $remise = 0; + } + $remise = price2num($remise); if (!empty($user->rights->propal->creer)) { - $remise = price2num($remise); - $error = 0; $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; - $sql .= " SET remise_absolue = ".$remise; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; + $sql .= " SET remise_absolue = ".((float) $remise); $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); @@ -2435,19 +2446,17 @@ class Propal extends CommonObject * Reopen the commercial proposal * * @param User $user Object user that close - * @param int $statut Statut + * @param int $status Status * @param string $note Comment * @param int $notrigger 1=Does not execute triggers, 0= execute triggers * @return int <0 if KO, >0 if OK */ - public function reopen($user, $statut, $note = '', $notrigger = 0) + public function reopen($user, $status, $note = '', $notrigger = 0) { - - $this->statut = $statut; $error = 0; $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; - $sql .= " SET fk_statut = ".$this->statut.","; + $sql .= " SET fk_statut = ".$status.","; if (!empty($note)) { $sql .= " note_private = '".$this->db->escape($note)."',"; } @@ -2484,11 +2493,105 @@ class Propal extends CommonObject $this->db->rollback(); return -1 * $error; } else { + $this->statut = $status; + $this->status = $status; + $this->db->commit(); return 1; } } + /** + * Sign the commercial proposal + * + * @param User $user Object user that close + * @param int $statut Status + * @param string $note Complete private note with this note + * @param int $notrigger 1=Does not execute triggers, 0=Execute triggers + * @return int <0 if KO, >0 if OK + */ + public function signature($user, $statut, $note = '', $notrigger = 0) + { + global $langs,$conf; + + $error = 0; + $now = dol_now(); + + $this->db->begin(); + + $newprivatenote = dol_concatdesc($this->note_private, $note); + + $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; + $sql .= " SET fk_statut = ".$statut.", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id; + $sql .= " WHERE rowid = ".$this->id; + + $resql = $this->db->query($sql); + if ($resql) { + $modelpdf = $conf->global->PROPALE_ADDON_PDF_ODT_CLOSED ? $conf->global->PROPALE_ADDON_PDF_ODT_CLOSED : $this->model_pdf; + $trigger_name = 'PROPAL_CLOSE_REFUSED'; + + if ($statut == self::STATUS_SIGNED) { + $trigger_name = 'PROPAL_CLOSE_SIGNED'; + $modelpdf = $conf->global->PROPALE_ADDON_PDF_ODT_TOBILL ? $conf->global->PROPALE_ADDON_PDF_ODT_TOBILL:$this->model_pdf; + + // The connected company is classified as a client + $soc=new Societe($this->db); + $soc->id = $this->socid; + $result = $soc->set_as_client(); + + if ($result < 0) { + $this->error=$this->db->lasterror(); + $this->db->rollback(); + return -2; + } + } + + if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) { + // Define output language + $outputlangs = $langs; + if (!empty($conf->global->MAIN_MULTILANGS)) { + $outputlangs = new Translate("", $conf); + $newlang = (GETPOST('lang_id', 'aZ09') ? GETPOST('lang_id', 'aZ09') : $this->thirdparty->default_lang); + $outputlangs->setDefaultLang($newlang); + } + + //$ret=$object->fetch($id); // Reload to get new records + $this->generateDocument($modelpdf, $outputlangs); + } + + if (!$error) { + $this->oldcopy= clone $this; + $this->statut = $statut; + $this->date_signature = $now; + $this->note_private = $newprivatenote; + } + + if (!$notrigger && empty($error)) { + // Call trigger + $result=$this->call_trigger($trigger_name, $user); + if ($result < 0) { + $error++; + } + // End call triggers + } + + if (!$error ) { + $this->db->commit(); + return 1; + } else { + $this->statut = $this->oldcopy->statut; + $this->date_signature = $this->oldcopy->date_signature; + $this->note_private = $this->oldcopy->note_private; + + $this->db->rollback(); + return -1; + } + } else { + $this->error=$this->db->lasterror(); + $this->db->rollback(); + return -1; + } + } /** * Close the commercial proposal @@ -2511,7 +2614,7 @@ class Propal extends CommonObject $newprivatenote = dol_concatdesc($this->note_private, $note); $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; - $sql .= " SET fk_statut = ".$status.", note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; + $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; $sql .= " WHERE rowid = ".$this->id; $resql = $this->db->query($sql); @@ -2884,7 +2987,7 @@ class Propal extends CommonObject // Delete extrafields of lines and lines if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; - $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")"; + $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; @@ -2995,7 +3098,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; - $sql .= ' SET fk_availability = '.$availability_id; + $sql .= ' SET fk_availability = '.((int) $availability_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' availability('.$availability_id.')', LOG_DEBUG); @@ -3059,7 +3162,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; - $sql .= ' SET fk_input_reason = '.$demand_reason_id; + $sql .= ' SET fk_input_reason = '.((int) $demand_reason_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' demand_reason('.$demand_reason_id.')', LOG_DEBUG); @@ -3113,8 +3216,8 @@ class Propal extends CommonObject public function info($id) { $sql = "SELECT c.rowid, "; - $sql .= " c.datec, c.date_valid as datev, c.date_cloture as dateo,"; - $sql .= " c.fk_user_author, c.fk_user_valid, c.fk_user_cloture"; + $sql .= " c.datec, c.date_valid as datev, c.date_signature, c.date_cloture as dateo,"; + $sql .= " c.fk_user_author, c.fk_user_valid, c.fk_user_signature, c.fk_user_cloture"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as c"; $sql .= " WHERE c.rowid = ".((int) $id); @@ -3128,6 +3231,7 @@ class Propal extends CommonObject $this->date_creation = $this->db->jdate($obj->datec); $this->date_validation = $this->db->jdate($obj->datev); + $this->date_signature = $this->db->jdate($obj->date_signature); $this->date_cloture = $this->db->jdate($obj->dateo); $cuser = new User($this->db); @@ -3140,6 +3244,12 @@ class Propal extends CommonObject $this->user_validation = $vuser; } + if ($obj->fk_user_signature) { + $user_signature = new User($this->db); + $user_signature->fetch($obj->fk_user_signature); + $this->user_signature = $user_signature; + } + if ($obj->fk_user_cloture) { $cluser = new User($this->db); $cluser->fetch($obj->fk_user_cloture); diff --git a/htdocs/comm/propal/class/propalestats.class.php b/htdocs/comm/propal/class/propalestats.class.php index f64bc31c6ac..a06945a09a6 100644 --- a/htdocs/comm/propal/class/propalestats.class.php +++ b/htdocs/comm/propal/class/propalestats.class.php @@ -100,18 +100,18 @@ class PropaleStats extends Stats $this->where .= " AND p.fk_soc = ".$this->socid; } if ($this->userid > 0) { - $this->where .= ' AND fk_user_author = '.$this->userid; + $this->where .= ' AND fk_user_author = '.((int) $this->userid); } if ($typentid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = p.fk_soc'; - $this->where .= ' AND s.fk_typent = '.$typentid; + $this->where .= ' AND s.fk_typent = '.((int) $typentid); } if ($categid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = p.fk_soc'; $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie'; - $this->where .= ' AND c.rowid = '.$categid; + $this->where .= ' AND c.rowid = '.((int) $categid); } } diff --git a/htdocs/comm/propal/contact.php b/htdocs/comm/propal/contact.php index 3bbe232be6e..09aa9fddb6c 100644 --- a/htdocs/comm/propal/contact.php +++ b/htdocs/comm/propal/contact.php @@ -40,12 +40,6 @@ $ref = GETPOST('ref', 'alpha'); $lineid = GETPOST('lineid', 'int'); $action = GETPOST('action', 'aZ09'); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'propal', $id); - $object = new Propal($db); // Load object @@ -67,6 +61,13 @@ if (!$error) { exit; } +// Security check +if (!empty($user->socid)) { + $socid = $user->socid; + $object->id = $user->socid; +} +restrictedArea($user, 'propal', $object->id); + /* * Add a new contact diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index 4c408adcb28..a3ddf4ae039 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -80,6 +80,13 @@ if (!$sortfield) { $object = new Propal($db); $object->fetch($id, $ref); +// Security check +if (!empty($user->socid)) { + $socid = $user->socid; + $object->id = $user->socid; +} +restrictedArea($user, 'propal', $object->id); + /* * Actions diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 2005e51571b..7b47915f0ea 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -26,15 +26,6 @@ */ require '../../main.inc.php'; - -// Security check -$socid = GETPOST('socid', 'int'); -if (isset($user->socid) && $user->socid > 0) { - $action = ''; - $socid = $user->socid; -} -restrictedArea($user, 'propal'); - require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; @@ -48,9 +39,19 @@ $langs->loadLangs(array('propal', 'companies')); $now = dol_now(); $max = 5; +// Security check +$socid = GETPOST('socid', 'int'); +if (isset($user->socid) && $user->socid > 0) { + $action = ''; + $socid = $user->socid; +} +restrictedArea($user, 'propal'); + + /* * View */ + $propalstatic = new Propal($db); $companystatic = new Societe($db); $form = new Form($db); diff --git a/htdocs/comm/propal/info.php b/htdocs/comm/propal/info.php index 847b42edbc5..72e4f887496 100644 --- a/htdocs/comm/propal/info.php +++ b/htdocs/comm/propal/info.php @@ -39,18 +39,18 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -// Security check -if (!empty($user->socid)) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'propal', $id); - $object = new Propal($db); if (!$object->fetch($id, $ref) > 0) { dol_print_error($db); exit; } +// Security check +if (!empty($user->socid)) { + $socid = $user->socid; + $object->id = $user->socid; +} +restrictedArea($user, 'propal', $object->id); /* diff --git a/htdocs/comm/propal/note.php b/htdocs/comm/propal/note.php index 8c1e16dc6e8..0d880219bef 100644 --- a/htdocs/comm/propal/note.php +++ b/htdocs/comm/propal/note.php @@ -40,13 +40,19 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'propale', $id, 'propal'); +$now = dol_now(); $object = new Propal($db); +if ($id > 0 || !empty($ref)) { + $object->fetch($id, $ref); +} + +// Security check +if ($user->socid > 0) { + $socid = $user->socid; + $object->id = $user->socid; +} +restrictedArea($user, 'propal', $object->id, 'propal'); /* @@ -63,86 +69,78 @@ include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include, * View */ +$form = new Form($db); + $help_url = 'EN:Commercial_Proposals|FR:Proposition_commerciale|ES:Presupuestos'; llxHeader('', $langs->trans('Proposal'), $help_url); -$form = new Form($db); +if ($object->id > 0) { + if ($object->fetch_thirdparty() > 0) { + $head = propal_prepare_head($object); + print dol_get_fiche_head($head, 'note', $langs->trans('Proposal'), -1, 'propal'); -if ($id > 0 || !empty($ref)) { - if ($mesg) { - print $mesg; - } - - $now = dol_now(); - - if ($object->fetch($id, $ref) > 0) { - if ($object->fetch_thirdparty() > 0) { - $head = propal_prepare_head($object); - print dol_get_fiche_head($head, 'note', $langs->trans('Proposal'), -1, 'propal'); - - $cssclass = 'titlefield'; - //if ($action == 'editnote_public') $cssclass='titlefieldcreate'; - //if ($action == 'editnote_private') $cssclass='titlefieldcreate'; + $cssclass = 'titlefield'; + //if ($action == 'editnote_public') $cssclass='titlefieldcreate'; + //if ($action == 'editnote_private') $cssclass='titlefieldcreate'; - // Proposal card + // Proposal card - $linkback = ''.$langs->trans("BackToList").''; + $linkback = ''.$langs->trans("BackToList").''; - $morehtmlref = '
'; - // Ref customer - $morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); - $morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1); - // Thirdparty - $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); - // Project - if (!empty($conf->projet->enabled)) { - $langs->load("projects"); - $morehtmlref .= '
'.$langs->trans('Project').' '; - if ($user->rights->propal->creer) { - if ($action != 'classify') { - //$morehtmlref.='' . img_edit($langs->transnoentitiesnoconv('SetProject')) . ''; - $morehtmlref .= ' : '; - } - if ($action == 'classify') { - //$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1); - $morehtmlref .= ''; - $morehtmlref .= ''; - $morehtmlref .= ''; - $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; - $morehtmlref .= ''; - } else { - $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); - } + $morehtmlref = '
'; + // Ref customer + $morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); + $morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1); + // Thirdparty + $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); + // Project + if (!empty($conf->projet->enabled)) { + $langs->load("projects"); + $morehtmlref .= '
'.$langs->trans('Project').' '; + if ($user->rights->propal->creer) { + if ($action != 'classify') { + //$morehtmlref.='' . img_edit($langs->transnoentitiesnoconv('SetProject')) . ''; + $morehtmlref .= ' : '; + } + if ($action == 'classify') { + //$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1); + $morehtmlref .= '
'; + $morehtmlref .= ''; + $morehtmlref .= ''; + $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); + $morehtmlref .= ''; + $morehtmlref .= '
'; } else { - if (!empty($object->fk_project)) { - $proj = new Project($db); - $proj->fetch($object->fk_project); - $morehtmlref .= ''; - $morehtmlref .= $proj->ref; - $morehtmlref .= ''; - } else { - $morehtmlref .= ''; - } + $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); + } + } else { + if (!empty($object->fk_project)) { + $proj = new Project($db); + $proj->fetch($object->fk_project); + $morehtmlref .= ''; + $morehtmlref .= $proj->ref; + $morehtmlref .= ''; + } else { + $morehtmlref .= ''; } } - $morehtmlref .= '
'; - - dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); - - print '
'; - print '
'; - - $cssclass = "titlefield"; - include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'; - - print '
'; - - print dol_get_fiche_end(); } + $morehtmlref .= '
'; + + dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); + + print '
'; + print '
'; + + $cssclass = "titlefield"; + include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'; + + print '
'; + + print dol_get_fiche_end(); } } diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php index 4ae18df12f8..c0d92908aab 100644 --- a/htdocs/comm/propal/stats/index.php +++ b/htdocs/comm/propal/stats/index.php @@ -38,12 +38,6 @@ $WIDTH = DolGraph::getDefaultGraphSizeForStats('width'); $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height'); $mode = GETPOSTISSET("mode") ? GETPOST("mode", 'aZ09') : 'customer'; -if ($mode == 'customer' && !$user->rights->propale->lire) { - accessforbidden(); -} -if ($mode == 'supplier' && !$user->rights->supplier_proposal->lire) { - accessforbidden(); -} $object_status = GETPOST('object_status', 'intcomma'); $typent_id = GETPOST('typent_id', 'int'); @@ -66,6 +60,13 @@ $endyear = $year; // Load translation files required by the page $langs->loadLangs(array('orders', 'companies', 'other', 'suppliers', 'supplier_proposal')); +if ($mode == 'customer' && !$user->rights->propale->lire) { + accessforbidden(); +} +if ($mode == 'supplier' && !$user->rights->supplier_proposal->lire) { + accessforbidden(); +} + /* * View diff --git a/htdocs/comm/prospect/index.php b/htdocs/comm/prospect/index.php index ea44682b4a3..3aacd070ae4 100644 --- a/htdocs/comm/prospect/index.php +++ b/htdocs/comm/prospect/index.php @@ -30,11 +30,19 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; // Load translation files required by the page $langs->load("propal"); - if ($user->socid > 0) { $socid = $user->socid; } +// Security check +$socid = GETPOST('socid', 'int'); +if ($user->socid) { + $action = ''; + $socid = $user->socid; +} +$result = restrictedArea($user, 'propal', $socid, ''); + + /* * View diff --git a/htdocs/comm/prospect/recap-prospect.php b/htdocs/comm/prospect/recap-prospect.php deleted file mode 100644 index 4656574fb47..00000000000 --- a/htdocs/comm/prospect/recap-prospect.php +++ /dev/null @@ -1,90 +0,0 @@ - - * Copyright (C) 2004-2010 Laurent Destailleur - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/comm/prospect/recap-prospect.php - * \ingroup societe - * \brief Page with prospect summary - */ - -require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; - -// Load translation files required by the page -$langs->loadLangs(array('companies', 'other')); -if (!empty($conf->facture->enabled)) { - $langs->load("bills"); -} - -// Security check -$socid = GETPOST("socid", 'int'); -if ($user->socid > 0) { - $action = ''; - $socid = $user->socid; -} - - -/* - * View - */ - -llxHeader(); - -if ($socid > 0) { - $societe = new Societe($db); - $societe->fetch($socid); - - /* - * Affichage onglets - */ - $head = societe_prepare_head($societe); - - print dol_get_fiche_head($head, 'prospect', $langs->trans("ThirdParty"), 0, 'company'); - - - print "\n"; - print '
'; - - print ''; - - // Name - print ''; - - // Prefix - if (!empty($conf->global->SOCIETE_USEPREFIX)) { // Old not used prefix field - print ''; - } - - print "
'.$langs->trans("Thirdpary").''.$societe->getNomUrl(1).'
'.$langs->trans("Prefix").''; - print ($societe->prefix_comm ? $societe->prefix_comm : ' '); - print '
"; - - print "
\n"; - - print ''; - - - print $langs->trans("FeatureNotYetAvailable"); -} else { - dol_print_error($db); -} - -// End of page -llxFooter(); -$db->close(); diff --git a/htdocs/comm/recap-client.php b/htdocs/comm/recap-client.php index 6e82cc16c19..ee32c0dd016 100644 --- a/htdocs/comm/recap-client.php +++ b/htdocs/comm/recap-client.php @@ -33,12 +33,12 @@ if (!empty($conf->facture->enabled)) { } // Security check -$socid = $_GET["socid"]; +$socid = GETPOST("socid", 'int'); if ($user->socid > 0) { $action = ''; - $socid = $user->socid; + $id = $user->socid; } - +$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); /* diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index 541983775a7..f9cec9d11c1 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -66,7 +66,7 @@ if (GETPOST('action', 'aZ09') == 'setremise') { header("Location: ".$backtopage); exit; } else { - header("Location: remise.php?id=".$_GET["id"]); + header("Location: remise.php?id=".GETPOST("id", 'int')); exit; } } else { @@ -74,6 +74,12 @@ if (GETPOST('action', 'aZ09') == 'setremise') { } } +// Security check +if ($user->socid > 0) { + $id = $user->socid; +} +$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); + /* * View @@ -83,7 +89,6 @@ $form = new Form($db); llxHeader(); - /********************************************************************************* * * Mode fiche diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 66d45f6a278..9abf348095e 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -46,6 +46,12 @@ if ($user->socid > 0) { $socid = $user->socid; } +// Security check +if ($user->socid > 0) { + $id = $user->socid; +} +$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); + /* * Actions diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 8e0dc91756c..a1cebf0db4b 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -423,7 +423,7 @@ if (empty($reshook)) { $originidforcontact=$srcobject->origin_id; } $sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'"; + $sqlcontact.= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'"; $resqlcontact = $db->query($sqlcontact); if ($resqlcontact) @@ -501,7 +501,7 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); } } elseif ($action == 'setremise' && $usercancreate) { - $result = $object->setDiscount($user, GETPOST('remise')); + $result = $object->setDiscount($user, price2num(GETPOST('remise'), 2)); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } @@ -515,7 +515,7 @@ if (empty($reshook)) { } } elseif ($action == 'setdate' && $usercancreate) { // print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; - $date = dol_mktime(0, 0, 0, GETPOST('order_month'), GETPOST('order_day'), GETPOST('order_year')); + $date = dol_mktime(0, 0, 0, GETPOST('order_month', 'int'), GETPOST('order_day', 'int'), GETPOST('order_year', 'int')); $result = $object->set_date($user, $date); if ($result < 0) { diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index ea97dcbf233..635e561eaef 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -1113,7 +1113,7 @@ class Commande extends CommonOrder } $sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; + $sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; $resqlcontact = $this->db->query($sqlcontact); if ($resqlcontact) { @@ -2331,7 +2331,7 @@ class Commande extends CommonOrder $sql = "SELECT fk_product, qty"; $sql .= " FROM ".MAIN_DB_PREFIX."commandedet"; - $sql .= " WHERE rowid = ".$lineid; + $sql .= " WHERE rowid = ".((int) $lineid); $result = $this->db->query($sql); if ($result) { @@ -2413,11 +2413,11 @@ class Commande extends CommonOrder $this->db->begin(); - $remise = price2num($remise); + $remise = price2num($remise, 2); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET remise_percent = '.$remise; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;'; + $sql .= ' SET remise_percent = '.((float) $remise); + $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2468,18 +2468,20 @@ class Commande extends CommonOrder public function set_remise_absolue($user, $remise, $notrigger = 0) { // phpcs:enable - $remise = trim($remise) ?trim($remise) : 0; + if (empty($remise)) { + $remise = 0; + } + + $remise = price2num($remise); if ($user->rights->commande->creer) { $error = 0; $this->db->begin(); - $remise = price2num($remise); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET remise_absolue = '.$remise; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;'; + $sql .= ' SET remise_absolue = '.((float) $remise); + $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2741,7 +2743,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET fk_availability = '.$availability_id; + $sql .= ' SET fk_availability = '.((int) $availability_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); @@ -2805,7 +2807,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET fk_input_reason = '.$demand_reason_id; + $sql .= ' SET fk_input_reason = '.((int) $demand_reason_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); @@ -2867,7 +2869,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET'; - $sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : '\''.$this->db->escape($ref_client).'\''); + $sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'"); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG); diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php index a266dc0c4cf..85036543e18 100644 --- a/htdocs/commande/class/commandestats.class.php +++ b/htdocs/commande/class/commandestats.class.php @@ -100,13 +100,13 @@ class CommandeStats extends Stats if ($typentid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = c.fk_soc'; - $this->where .= ' AND s.fk_typent = '.$typentid; + $this->where .= ' AND s.fk_typent = '.((int) $typentid); } if ($categid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cats ON cats.fk_soc = c.fk_soc'; $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as cat ON cat.rowid = cats.fk_categorie'; - $this->where .= ' AND cat.rowid = '.$categid; + $this->where .= ' AND cat.rowid = '.((int) $categid); } } diff --git a/htdocs/compta/bank/annuel.php b/htdocs/compta/bank/annuel.php index 686b14362cc..d771b307234 100644 --- a/htdocs/compta/bank/annuel.php +++ b/htdocs/compta/bank/annuel.php @@ -138,10 +138,11 @@ $head = bank_prepare_head($object); print dol_get_fiche_head($head, 'annual', $langs->trans("FinancialAccount"), 0, 'account'); $title = $langs->trans("FinancialAccount")." : ".$object->label; -$link = ($year_start ? "".img_previous('', 'class="valignbottom"')." ".$langs->trans("Year")." ".img_next('', 'class="valignbottom"')."" : ""); +$link = ($year_start ? ''.img_previous('', 'class="valignbottom"')." ".$langs->trans("Year").' '.img_next('', 'class="valignbottom"').'' : ''); $linkback = ''.$langs->trans("BackToList").''; +$morehtmlref = ''; if (!empty($id)) { if (!preg_match('/,/', $id)) { diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index 33d4bc37aed..72be65b0a4f 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -306,7 +306,7 @@ $countrynotdefined = $langs->trans("ErrorSetACountryFirst").' ('.$langs->trans(" $title = $langs->trans("FinancialAccount")." - ".$langs->trans("Card"); -$help_url = "EN:Module_Banks_and_Cash|FR:Module_Banques_et_Caisses"; +$help_url = 'EN:Module_Banks_and_Cash|FR:Module_Banques_et_Caisses|ES:Módulo_Bancos_y_Cajas|DE:Modul_Banken_und_Barbestände'; llxHeader("", $title, $help_url); @@ -570,13 +570,13 @@ if ($action == 'create') { /* */ /* ************************************************************************** */ - if (($_GET["id"] || $_GET["ref"]) && $action != 'edit') { + if ((GETPOST("id", 'int') || GETPOST("ref")) && $action != 'edit') { $object = new Account($db); - if ($_GET["id"]) { - $object->fetch($_GET["id"]); + if (GETPOST("id", 'int')) { + $object->fetch(GETPOST("id", 'int')); } - if ($_GET["ref"]) { - $object->fetch(0, $_GET["ref"]); + if (GETPOST("ref")) { + $object->fetch(0, GETPOST("ref")); $_GET["id"] = $object->id; } diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 451f855a5fe..943fef0c32a 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -451,9 +451,9 @@ class Account extends CommonObject $sql = "SELECT fk_bank, url_id, url, label, type"; $sql .= " FROM ".MAIN_DB_PREFIX."bank_url"; if ($fk_bank > 0) { - $sql .= " WHERE fk_bank = ".$fk_bank; + $sql .= " WHERE fk_bank = ".((int) $fk_bank); } else { - $sql .= " WHERE url_id = ".$url_id." AND type = '".$this->db->escape($type)."'"; + $sql .= " WHERE url_id = ".((int) $url_id)." AND type = '".$this->db->escape($type)."'"; } $sql .= " ORDER BY type, label"; @@ -2435,7 +2435,7 @@ class AccountLine extends CommonObject $type = 'bank'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/bank/class/api_bankaccounts.class.php b/htdocs/compta/bank/class/api_bankaccounts.class.php index be37ec23403..23c739064f8 100644 --- a/htdocs/compta/bank/class/api_bankaccounts.class.php +++ b/htdocs/compta/bank/class/api_bankaccounts.class.php @@ -425,7 +425,7 @@ class BankAccounts extends DolibarrApi } $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."bank "; - $sql .= " WHERE fk_account = ".$id; + $sql .= " WHERE fk_account = ".((int) $id); // Add sql filters if ($sqlfilters) { diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index dccdcd5cd24..d9d50d74421 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -572,7 +572,7 @@ class PaymentVarious extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) { @@ -783,7 +783,7 @@ class PaymentVarious extends CommonObject $type = 'bank'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$banklineid; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $banklineid); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/bank/line.php b/htdocs/compta/bank/line.php index 292a61e8bc6..bfea7c74b60 100644 --- a/htdocs/compta/bank/line.php +++ b/htdocs/compta/bank/line.php @@ -107,7 +107,7 @@ if ($user->rights->banque->consolidate && $action == 'donext') { if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->banque->modifier) { $cat1 = GETPOST("cat1", 'int'); if (!empty($rowid) && !empty($cat1)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".$cat1; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".((int) $rowid)." AND fk_categ = ".((int) $cat1); if (!$db->query($sql)) { dol_print_error($db); } @@ -174,7 +174,7 @@ if ($user->rights->banque->modifier && $action == "update") { } } $sql .= " fk_account = ".$actarget->id; - $sql .= " WHERE rowid = ".$acline->id; + $sql .= " WHERE rowid = ".((int) $acline->id); $result = $db->query($sql); if (!$result) { @@ -183,14 +183,14 @@ if ($user->rights->banque->modifier && $action == "update") { if (!$error) { $arrayofcategs = GETPOST('custcats', 'array'); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".((int) $rowid); if (!$db->query($sql)) { $error++; dol_print_error($db); } if (count($arrayofcategs)) { foreach ($arrayofcategs as $val) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".$val.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".((int) $rowid).", ".((int) $val).")"; if (!$db->query($sql)) { $error++; dol_print_error($db); @@ -229,9 +229,9 @@ if ($user->rights->banque->consolidate && ($action == 'num_releve' || $action == if (empty($num_rel)) { $sql .= ", rappro = 0"; } else { - $sql .= ", rappro = ".$rappro; + $sql .= ", rappro = ".((int) $rappro); } - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog("line.php", LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index dc71a1d2d27..c607f0f922c 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -179,7 +179,8 @@ $sqlrequestforbankline = $sql; if ($action == 'confirm_editbankreceipt' && !empty($oldbankreceipt) && !empty($newbankreceipt)) { // TODO Add a test to check newbankreceipt does not exists yet - $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.$id; + $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank'; + $sqlupdate .= ' SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.((int) $id); $result = $db->query($sqlupdate); if ($result < 0) { dol_print_error($db); @@ -231,7 +232,7 @@ if (empty($numref)) { // List of all standing receipts $sql = "SELECT DISTINCT(b.num_releve) as numr"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; - $sql .= " WHERE b.fk_account = ".$object->id; + $sql .= " WHERE b.fk_account = ".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); // Count total nb of records diff --git a/htdocs/compta/cashcontrol/cashcontrol_card.php b/htdocs/compta/cashcontrol/cashcontrol_card.php index ccaa0158af2..26949590334 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_card.php +++ b/htdocs/compta/cashcontrol/cashcontrol_card.php @@ -304,7 +304,7 @@ if ($action == "create" || $action == "start" || $action == 'close') { if ($bankid > 0) { $sql = "SELECT SUM(amount) as total FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_account = ".$bankid; + $sql .= " WHERE fk_account = ".((int) $bankid); if ($syear && !$smonth) { $sql .= " AND dateo < '".$db->idate(dol_get_first_day($syear, 1))."'"; } elseif ($syear && $smonth && !$sday) { diff --git a/htdocs/compta/cashcontrol/class/cashcontrol.class.php b/htdocs/compta/cashcontrol/class/cashcontrol.class.php index 1563309a3c4..cfd201e3ec4 100644 --- a/htdocs/compta/cashcontrol/class/cashcontrol.class.php +++ b/htdocs/compta/cashcontrol/class/cashcontrol.class.php @@ -213,7 +213,7 @@ class CashControl extends CommonObject if (!$error) { $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."pos_cash_fence"); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.((int) $this->id); $this->db->query($sql); } diff --git a/htdocs/compta/charges/index.php b/htdocs/compta/charges/index.php index d3604b0d7cc..f171546f6c1 100644 --- a/htdocs/compta/charges/index.php +++ b/htdocs/compta/charges/index.php @@ -405,7 +405,7 @@ while ($j < $numlt) { $sql = "SELECT pv.rowid, pv.amount, pv.label, pv.datev as dm, pv.datep as dp"; $sql .= " FROM ".MAIN_DB_PREFIX."localtax as pv"; - $sql .= " WHERE pv.entity = ".$conf->entity." AND localtaxtype = ".$j; + $sql .= " WHERE pv.entity = ".$conf->entity." AND localtaxtype = ".((int) $j); if ($year > 0) { // Si period renseignee on l'utilise comme critere de date, sinon on prend date echeance, // ceci afin d'etre compatible avec les cas ou la periode n'etait pas obligatoire diff --git a/htdocs/compta/deplacement/class/deplacement.class.php b/htdocs/compta/deplacement/class/deplacement.class.php index c34d89bfa2f..1972e3f686e 100644 --- a/htdocs/compta/deplacement/class/deplacement.class.php +++ b/htdocs/compta/deplacement/class/deplacement.class.php @@ -239,12 +239,12 @@ class Deplacement extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."deplacement "; - $sql .= " SET km = ".$this->km; // This is a distance or amount + $sql .= " SET km = ".((float) $this->km); // This is a distance or amount $sql .= " , dated = '".$this->db->idate($this->date)."'"; $sql .= " , type = '".$this->db->escape($this->type)."'"; $sql .= " , fk_statut = '".$this->db->escape($this->statut)."'"; - $sql .= " , fk_user = ".$this->fk_user; - $sql .= " , fk_user_modif = ".$user->id; + $sql .= " , fk_user = ".((int) $this->fk_user); + $sql .= " , fk_user_modif = ".((int) $user->id); $sql .= " , fk_soc = ".($this->socid > 0 ? $this->socid : 'null'); $sql .= " , note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null"); $sql .= " , note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null"); @@ -441,7 +441,7 @@ class Deplacement extends CommonObject $sql = "SELECT id, code, label"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees"; - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); dol_syslog(get_class($this)."::listOfTypes", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/deplacement/class/deplacementstats.class.php b/htdocs/compta/deplacement/class/deplacementstats.class.php index 64cee98c33b..cf712f49333 100644 --- a/htdocs/compta/deplacement/class/deplacementstats.class.php +++ b/htdocs/compta/deplacement/class/deplacementstats.class.php @@ -102,7 +102,7 @@ class DeplacementStats extends Stats { $sql = "SELECT MONTH(dated) as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(dated) = ".$year; + $sql .= " WHERE YEAR(dated) = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index b891ae6eec7..69f5baa8600 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -1743,7 +1743,7 @@ if (empty($reshook)) { $originidforcontact=$srcobject->origin_id; } $sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'"; + $sqlcontact.= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'"; $resqlcontact = $db->query($sqlcontact); if ($resqlcontact) @@ -3091,7 +3091,7 @@ if ($action == 'create') { $sql = 'SELECT r.rowid, r.titre as title, r.total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_rec as r'; - $sql .= ' WHERE r.fk_soc = '.$invoice_predefined->socid; + $sql .= ' WHERE r.fk_soc = '.((int) $invoice_predefined->socid); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index 9c224b057ab..87bcbe12b3e 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -1142,7 +1142,7 @@ class Invoices extends DolibarrApi $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_facture_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_facture = ".$this->invoice->id; + $sql .= " WHERE fk_facture = ".((int) $this->invoice->id); $resql = $this->db->query($sql); if (!empty($resql)) { while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 674b5917b17..eea700527ec 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -762,12 +762,12 @@ class FactureRec extends CommonInvoice $main = MAIN_DB_PREFIX.'facturedet_rec'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_facture = $rowid)"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid); dol_syslog($sqlef); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet_rec WHERE fk_facture = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet_rec WHERE fk_facture = ".((int) $rowid); dol_syslog($sql); if ($this->db->query($sqlef) && $this->db->query($sql)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."facture_rec WHERE rowid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."facture_rec WHERE rowid = ".((int) $rowid); dol_syslog($sql); if ($this->db->query($sql)) { // Delete linked object @@ -1151,7 +1151,7 @@ class FactureRec extends CommonInvoice $sql .= ', multicurrency_total_ht = '.$multicurrency_total_ht; $sql .= ', multicurrency_total_tva = '.$multicurrency_total_tva; $sql .= ', multicurrency_total_ttc = '.$multicurrency_total_ttc; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::updateline", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1808,7 +1808,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET nb_gen_max = '.$nb; + $sql .= ' SET nb_gen_max = '.((int) $nb); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); @@ -1835,7 +1835,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET auto_validate = '.$validate; + $sql .= ' SET auto_validate = '.((int) $validate); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); @@ -1862,7 +1862,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET generate_pdf = '.$validate; + $sql .= ' SET generate_pdf = '.((int) $validate); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setGeneratePdf", LOG_DEBUG); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index a74d78df84e..3a524a9765f 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -292,7 +292,7 @@ class Facture extends CommonInvoice 'type' =>array('type'=>'smallint(6)', 'label'=>'Type', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>15), //'increment' =>array('type'=>'varchar(10)', 'label'=>'Increment', 'enabled'=>1, 'visible'=>-1, 'position'=>45), 'fk_soc' =>array('type'=>'integer:Societe:societe/class/societe.class.php', 'label'=>'ThirdParty', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>50), - 'datef' =>array('type'=>'date', 'label'=>'DateInvoice', 'enabled'=>1, 'visible'=>-1, 'position'=>20), + 'datef' =>array('type'=>'date', 'label'=>'DateInvoice', 'enabled'=>1, 'visible'=>1, 'position'=>20), 'date_valid' =>array('type'=>'date', 'label'=>'DateValidation', 'enabled'=>1, 'visible'=>-1, 'position'=>22), 'date_lim_reglement' =>array('type'=>'date', 'label'=>'DateDue', 'enabled'=>1, 'visible'=>-1, 'position'=>25), 'date_closing' =>array('type'=>'datetime', 'label'=>'Date closing', 'enabled'=>1, 'visible'=>-1, 'position'=>30), @@ -751,7 +751,7 @@ class Facture extends CommonInvoice } $sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; + $sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; $resqlcontact = $this->db->query($sqlcontact); if ($resqlcontact) { @@ -2233,7 +2233,7 @@ class Facture extends CommonInvoice if (!$error) { // If invoice was converted into a discount not yet consumed, we remove discount $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'societe_remise_except'; - $sql .= ' WHERE fk_facture_source = '.$rowid; + $sql .= ' WHERE fk_facture_source = '.((int) $rowid); $sql .= ' AND fk_facture_line IS NULL'; $resql = $this->db->query($sql); @@ -2282,9 +2282,9 @@ class Facture extends CommonInvoice // Invoice line extrafileds $main = MAIN_DB_PREFIX.'facturedet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_facture = $rowid)"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid).")"; // Delete invoice line - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.$rowid; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); @@ -3585,8 +3585,7 @@ class Facture extends CommonInvoice { $sql = 'SELECT fd.situation_percent FROM '.MAIN_DB_PREFIX.'facturedet fd INNER JOIN '.MAIN_DB_PREFIX.'facture f ON (fd.fk_facture = f.rowid) - WHERE fd.fk_prev_id = '.$idline.' - AND f.fk_statut <> 0'; + WHERE fd.fk_prev_id = '.((int) $idline).' AND f.fk_statut <> 0'; $result = $this->db->query($sql); if (!$result) { @@ -3663,7 +3662,7 @@ class Facture extends CommonInvoice // Libere remise liee a ligne de facture $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_facture_line = NULL'; - $sql .= ' WHERE fk_facture_line = '.$rowid; + $sql .= ' WHERE fk_facture_line = '.((int) $rowid); dol_syslog(get_class($this)."::deleteline", LOG_DEBUG); $result = $this->db->query($sql); @@ -3735,14 +3734,14 @@ class Facture extends CommonInvoice } if ($user->rights->facture->creer) { - $remise = price2num($remise); + $remise = price2num($remise, 2); $error = 0; $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; - $sql .= ' SET remise_percent = '.$remise; + $sql .= ' SET remise_percent = '.((float) $remise); $sql .= ' WHERE rowid = '.$this->id; $sql .= ' AND fk_statut = '.self::STATUS_DRAFT; @@ -3804,7 +3803,7 @@ class Facture extends CommonInvoice $remise = price2num($remise); $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; - $sql .= ' SET remise_absolue = '.$remise; + $sql .= ' SET remise_absolue = '.((float) $remise); $sql .= ' WHERE rowid = '.$this->id; $sql .= ' AND fk_statut = '.self::STATUS_DRAFT; @@ -4576,7 +4575,7 @@ class Facture extends CommonInvoice global $conf; $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'facture'; - $sql .= ' WHERE situation_cycle_ref = '.$this->situation_cycle_ref; + $sql .= ' WHERE situation_cycle_ref = '.((int) $this->situation_cycle_ref); $sql .= ' AND situation_counter < '.$this->situation_counter; $sql .= ' AND entity = '.($this->entity > 0 ? $this->entity : $conf->entity); $resql = $this->db->query($sql); @@ -4610,7 +4609,7 @@ class Facture extends CommonInvoice $this->db->begin(); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -4655,7 +4654,7 @@ class Facture extends CommonInvoice if (!empty($this->situation_cycle_ref)) { // No point in testing anything if we're not inside a cycle $sql = 'SELECT max(situation_counter) FROM '.MAIN_DB_PREFIX.'facture'; - $sql .= ' WHERE situation_cycle_ref = '.$this->situation_cycle_ref; + $sql .= ' WHERE situation_cycle_ref = '.((int) $this->situation_cycle_ref); $sql .= ' AND entity = '.($this->entity > 0 ? $this->entity : $conf->entity); $resql = $this->db->query($sql); diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index 47644e4b13e..31c4704bb77 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -105,13 +105,13 @@ class FactureStats extends Stats if ($typentid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = f.fk_soc'; - $this->where .= ' AND s.fk_typent = '.$typentid; + $this->where .= ' AND s.fk_typent = '.((int) $typentid); } if ($categid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = f.fk_soc'; $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie'; - $this->where .= ' AND c.rowid = '.$categid; + $this->where .= ' AND c.rowid = '.((int) $categid); } } diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index a3c5fb08133..c2a663d796f 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -110,16 +110,30 @@ $search_country = GETPOST("search_country", 'int'); $search_type_thirdparty = GETPOST("search_type_thirdparty", 'int'); $search_user = GETPOST('search_user', 'int'); $search_sale = GETPOST('search_sale', 'int'); -$search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int')); -$search_date_end = dol_mktime(23, 59, 59, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int')); -$search_date_valid_start = dol_mktime(0, 0, 0, GETPOST('search_date_valid_startmonth', 'int'), GETPOST('search_date_valid_startday', 'int'), GETPOST('search_date_valid_startyear', 'int')); -$search_date_valid_end = dol_mktime(23, 59, 59, GETPOST('search_date_valid_endmonth', 'int'), GETPOST('search_date_valid_endday', 'int'), GETPOST('search_date_valid_endyear', 'int')); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); +$search_date_valid_startday = GETPOST('search_date_valid_startday', 'int'); +$search_date_valid_startmonth = GETPOST('search_date_valid_startmonth', 'int'); +$search_date_valid_startyear = GETPOST('search_date_valid_startyear', 'int'); +$search_date_valid_endday = GETPOST('search_date_valid_endday', 'int'); +$search_date_valid_endmonth = GETPOST('search_date_valid_endmonth', 'int'); +$search_date_valid_endyear = GETPOST('search_date_valid_endyear', 'int'); +$search_date_valid_start = dol_mktime(0, 0, 0, $search_date_valid_startmonth, $search_date_valid_startday, $search_date_valid_startyear); // Use tzserver +$search_date_valid_end = dol_mktime(23, 59, 59, $search_date_valid_endmonth, $search_date_valid_endday, $search_date_valid_endyear); $search_datelimit_start = dol_mktime(0, 0, 0, GETPOST('search_datelimit_startmonth', 'int'), GETPOST('search_datelimit_startday', 'int'), GETPOST('search_datelimit_startyear', 'int')); $search_datelimit_end = dol_mktime(23, 59, 59, GETPOST('search_datelimit_endmonth', 'int'), GETPOST('search_datelimit_endday', 'int'), GETPOST('search_datelimit_endyear', 'int')); $search_categ_cus = GETPOST("search_categ_cus", 'int'); $search_btn = GETPOST('button_search', 'alpha'); $search_remove_btn = GETPOST('button_removefilter', 'alpha'); + + $option = GETPOST('search_option'); if ($option == 'late') { $search_status = '1'; @@ -314,8 +328,20 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_type = ''; $search_country = ''; $search_type_thirdparty = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; $search_date_start = ''; $search_date_end = ''; + $search_date_valid_startday = ''; + $search_date_valid_startmonth = ''; + $search_date_valid_startyear = ''; + $search_date_valid_endday = ''; + $search_date_valid_endmonth = ''; + $search_date_valid_endyear = ''; $search_date_valid_start = ''; $search_date_valid_end = ''; $search_datelimit_start = ''; @@ -382,7 +408,7 @@ if ($massaction == 'makepayment') { $rsql .= " , u.rowid as user_id, u.lastname, u.firstname, u.login"; $rsql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; $rsql .= " , ".MAIN_DB_PREFIX."user as u"; - $rsql .= " WHERE fk_facture = ".$objecttmp->id; + $rsql .= " WHERE fk_facture = ".((int) $objecttmp->id); $rsql .= " AND pfd.fk_user_demande = u.rowid"; $rsql .= " AND pfd.traite = 0"; $rsql .= " ORDER BY pfd.date_demande DESC"; @@ -761,7 +787,7 @@ if ($resql) { } } - $param = '&socid='.$socid; + $param = '&socid='.urlencode($socid); if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) { $param .= '&contextpage='.urlencode($contextpage); } @@ -771,17 +797,41 @@ if ($resql) { if ($sall) { $param .= '&sall='.urlencode($sall); } - if ($search_date_start) { - $param .= '&search_date_start='.urlencode($search_date_start); + if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); } - if ($search_date_end) { - $param .= '&search_date_end='.urlencode($search_date_end); + if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); } - if ($search_date_valid_start) { - $param .= '&search_date_valid_start='.urlencode($search_date_valid_start); + if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); } - if ($search_date_valid_end) { - $param .= '&search_date_valid_end='.urlencode($search_date_valid_end); + if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); + } + if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); + } + if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); + } + if ($search_date_valid_startday) { + $param .= '&search_date_valid_startday='.urlencode($search_date_valid_startday); + } + if ($search_date_valid_startmonth) { + $param .= '&search_date_valid_startmonth='.urlencode($search_date_valid_startmonth); + } + if ($search_date_valid_startyear) { + $param .= '&search_date_valid_startyear='.urlencode($search_date_valid_startyear); + } + if ($search_date_valid_endday) { + $param .= '&search_date_valid_endday='.urlencode($search_date_valid_endday); + } + if ($search_date_valid_endmonth) { + $param .= '&search_date_valid_endmonth='.urlencode($search_date_valid_endmonth); + } + if ($search_date_valid_endyear) { + $param .= '&search_date_valid_endyear='.urlencode($search_date_valid_endyear); } if ($search_datelimit_start) { $param .= '&search_datelimit_start='.urlencode($search_datelimit_start); @@ -1310,7 +1360,7 @@ if ($resql) { print_liste_field_titre($arrayfields['f.type']['label'], $_SERVER["PHP_SELF"], 'f.type', '', $param, '', $sortfield, $sortorder); } if (!empty($arrayfields['f.datef']['checked'])) { - print_liste_field_titre($arrayfields['f.date']['label'], $_SERVER['PHP_SELF'], 'f.datef', '', $param, 'align="center"', $sortfield, $sortorder); + print_liste_field_titre($arrayfields['f.datef']['label'], $_SERVER['PHP_SELF'], 'f.datef', '', $param, 'align="center"', $sortfield, $sortorder); } if (!empty($arrayfields['f.date_valid']['checked'])) { print_liste_field_titre($arrayfields['f.date_valid']['label'], $_SERVER['PHP_SELF'], 'f.date_valid', '', $param, 'align="center"', $sortfield, $sortorder); diff --git a/htdocs/compta/journal/sellsjournal.php b/htdocs/compta/journal/sellsjournal.php index e8b5a7e44b2..9fa4168ea0a 100644 --- a/htdocs/compta/journal/sellsjournal.php +++ b/htdocs/compta/journal/sellsjournal.php @@ -121,7 +121,7 @@ $sql .= " ct.accountancy_code_sell as account_tva, ct.recuperableonly"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = fd.fk_product"; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } $sql .= " JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = fd.fk_facture"; $sql .= " JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc"; diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php index 46b2b2b7805..2adfe41330b 100644 --- a/htdocs/compta/localtax/class/localtax.class.php +++ b/htdocs/compta/localtax/class/localtax.class.php @@ -559,8 +559,8 @@ class Localtax extends CommonObject public function update_fk_bank($id) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.$id; - $sql .= ' WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.((int) $id); + $sql .= ' WHERE rowid = '.((int) $this->id); $result = $this->db->query($sql); if ($result) { return 1; diff --git a/htdocs/compta/localtax/list.php b/htdocs/compta/localtax/list.php index dd77938366a..6590e250832 100644 --- a/htdocs/compta/localtax/list.php +++ b/htdocs/compta/localtax/list.php @@ -54,7 +54,7 @@ print load_fiche_titre($langs->transcountry($ltt == 2 ? "LT2Payments" : "LT1Paym $sql = "SELECT rowid, amount, label, f.datev, f.datep"; $sql .= " FROM ".MAIN_DB_PREFIX."localtax as f "; -$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".$db->escape($ltt); +$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".((int) $ltt); $sql .= " ORDER BY datev DESC"; $result = $db->query($sql); diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 8af9d5a6543..489d4c7cec0 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -236,8 +236,8 @@ class RemiseCheque extends CommonObject if ($checkremise) { $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; - $sql .= " SET fk_bordereau = ".$this->id; - $sql .= " WHERE rowid = ".$lineid; + $sql .= " SET fk_bordereau = ".((int) $this->id); + $sql .= " WHERE rowid = ".((int) $lineid); $resql = $this->db->query($sql); if (!$resql) { @@ -746,7 +746,7 @@ class RemiseCheque extends CommonObject // Get invoices list to reopen them $sql = 'SELECT pf.fk_facture, pf.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf'; - $sql .= ' WHERE pf.fk_paiement = '.$payment->id; + $sql .= ' WHERE pf.fk_paiement = '.((int) $payment->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/compta/paiement/class/cpaiement.class.php b/htdocs/compta/paiement/class/cpaiement.class.php index d1cd1f0015b..e9623f55c11 100644 --- a/htdocs/compta/paiement/class/cpaiement.class.php +++ b/htdocs/compta/paiement/class/cpaiement.class.php @@ -187,7 +187,7 @@ class Cpaiement $sql .= ' WHERE t.entity IN ('.getEntity('c_paiement').')'; $sql .= " AND t.code = '".$this->db->escape($ref)."'"; } else { - $sql .= ' WHERE t.id = '.$id; + $sql .= ' WHERE t.id = '.((int) $id); } $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 9dcc57a47f2..5647295d171 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -736,7 +736,7 @@ class Paiement extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this).'::update_fk_bank', LOG_DEBUG); @@ -855,7 +855,7 @@ class Paiement extends CommonObject */ public function validate(User $user = null) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this).'::valide', LOG_DEBUG); $result = $this->db->query($sql); @@ -876,7 +876,7 @@ class Paiement extends CommonObject */ public function reject(User $user = null) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this).'::reject', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index 6b47dacdd9d..9ac22d30e1f 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -193,7 +193,7 @@ if ($action == 'create') { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."paiementcharge as p"; - $sql .= " WHERE p.fk_charge = ".$chid; + $sql .= " WHERE p.fk_charge = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/compta/paiement_vat.php b/htdocs/compta/paiement_vat.php index 64952def30d..323221f6f2b 100644 --- a/htdocs/compta/paiement_vat.php +++ b/htdocs/compta/paiement_vat.php @@ -189,7 +189,7 @@ if ($action == 'create') { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_vat as p"; - $sql .= " WHERE p.fk_tva = ".$chid; + $sql .= " WHERE p.fk_tva = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/compta/payment_sc/card.php b/htdocs/compta/payment_sc/card.php index c3640c1a760..c75974077c3 100644 --- a/htdocs/compta/payment_sc/card.php +++ b/htdocs/compta/payment_sc/card.php @@ -242,7 +242,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION)) { if ($user->rights->facture->paiement) { - print ''.$langs->trans('Valid').''; + print ''.$langs->trans('Valid').''; } } } diff --git a/htdocs/compta/payment_vat/card.php b/htdocs/compta/payment_vat/card.php index b671492c346..1b615bcbb8d 100644 --- a/htdocs/compta/payment_vat/card.php +++ b/htdocs/compta/payment_vat/card.php @@ -298,7 +298,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION)) { if ($user->rights->facture->paiement) { - print ''.$langs->trans('Valid').''; + print ''.$langs->trans('Valid').''; } } } @@ -307,7 +307,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION)) if ($action == '') { if ($user->rights->tax->charges->supprimer) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 3d04cf1f6a5..92f9c320acd 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -579,7 +579,7 @@ class BonPrelevement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons "; $sql .= " SET fk_user_trans = ".$user->id; $sql .= " , date_trans = '".$this->db->idate($date)."'"; - $sql .= " , method_trans = ".$method; + $sql .= " , method_trans = ".((int) $method); $sql .= " , statut = ".self::STATUS_TRANSFERED; $sql .= " WHERE rowid = ".$this->id; $sql .= " AND entity = ".$conf->entity; @@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject $sql .= " SET traite = 1"; $sql .= ", date_traite = '".$this->db->idate($now)."'"; $sql .= ", fk_prelevement_bons = ".$this->id; - $sql .= " WHERE rowid = ".$fac[1]; + $sql .= " WHERE rowid = ".((int) $fac[1]); $resql = $this->db->query($sql); if (!$resql) { @@ -1139,7 +1139,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET amount = ".price2num($this->total); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -2107,7 +2107,7 @@ class BonPrelevement extends CommonObject $sql = "SELECT rowid, ref"; $sql .= " FROM"; $sql .= " ".MAIN_DB_PREFIX."prelevement_bons as pb"; - $sql .= " WHERE pb.rowid = ".$this->id; + $sql .= " WHERE pb.rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/compta/prelevement/fiche-stat.php b/htdocs/compta/prelevement/fiche-stat.php index 91ecccef242..3f51b5b554d 100644 --- a/htdocs/compta/prelevement/fiche-stat.php +++ b/htdocs/compta/prelevement/fiche-stat.php @@ -162,7 +162,7 @@ if ($prev_id > 0 || $ref) { $sql = "SELECT sum(pl.amount), pl.statut"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$object->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $object->id); $sql .= " GROUP BY pl.statut"; $resql = $db->query($sql); diff --git a/htdocs/compta/recap-compta.php b/htdocs/compta/recap-compta.php index 9f9ee72cc6d..3abdf04ae1b 100644 --- a/htdocs/compta/recap-compta.php +++ b/htdocs/compta/recap-compta.php @@ -139,7 +139,7 @@ if ($id > 0) { $sql .= " f.paye as paye, f.fk_statut as statut, f.rowid as facid,"; $sql .= " u.login, u.rowid as userid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f,".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_user_valid = u.rowid"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/compta/sociales/card.php b/htdocs/compta/sociales/card.php index b8562829066..e4ac225a624 100644 --- a/htdocs/compta/sociales/card.php +++ b/htdocs/compta/sociales/card.php @@ -366,13 +366,13 @@ if ($action == 'create') { } // Payment Mode - print ''.$langs->trans('PaymentMode').''; + print ''.$langs->trans('DefaultPaymentMode').''; $form->select_types_paiements(GETPOST('mode_reglement_id', 'int'), 'mode_reglement_id'); print ''; // Bank Account if (!empty($conf->banque->enabled)) { - print ''.$langs->trans('BankAccount').''; + print ''.$langs->trans('DefaultBankAccount').''; print img_picto('', 'bank_account', 'class="pictofixedwidth"').$form->select_comptes(GETPOST('fk_account', 'int'), 'fk_account', 0, '', 2, '', 0, '', 1); print ''; } @@ -557,7 +557,7 @@ if ($id > 0) { // Mode of payment print ''; print ''; if ($action != 'editmode') { print ''; @@ -575,7 +575,7 @@ if ($id > 0) { if (!empty($conf->banque->enabled)) { print '
'; - print $langs->trans('PaymentMode'); + print $langs->trans('DefaultPaymentMode'); print 'id.'">'.img_edit($langs->trans('SetMode'), 1).'
'; print ''; @@ -613,7 +613,7 @@ if ($id > 0) { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepaiement = c.id"; $sql .= ", ".MAIN_DB_PREFIX."chargesociales as cs"; - $sql .= " WHERE p.fk_charge = ".$id; + $sql .= " WHERE p.fk_charge = ".((int) $id); $sql .= " AND p.fk_charge = cs.rowid"; $sql .= " AND cs.entity IN (".getEntity('tax').")"; $sql .= " ORDER BY dp DESC"; @@ -731,7 +731,7 @@ if ($id > 0) { * Actions buttons */ if ($action != 'edit') { - print "
\n"; + print '
'."\n"; // Reopen if ($object->paye && $user->rights->tax->charges->creer) { diff --git a/htdocs/compta/sociales/class/cchargesociales.class.php b/htdocs/compta/sociales/class/cchargesociales.class.php index 4ae06f378b8..8cfadd84f4f 100644 --- a/htdocs/compta/sociales/class/cchargesociales.class.php +++ b/htdocs/compta/sociales/class/cchargesociales.class.php @@ -190,7 +190,7 @@ class Cchargesociales if (null !== $ref) { $sql .= " WHERE t.code = '".$this->db->escape($ref)."'"; } else { - $sql .= ' WHERE t.id = '.$id; + $sql .= ' WHERE t.id = '.((int) $id); } $resql = $this->db->query($sql); diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index 8f7f13e6043..434078959b9 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -636,7 +636,7 @@ class PaymentSocialContribution extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php index 0614532605f..0ecdaee87a5 100644 --- a/htdocs/compta/sociales/list.php +++ b/htdocs/compta/sociales/list.php @@ -110,13 +110,13 @@ $arrayfields = array( 'cs.periode' =>array('label'=>"PeriodEndDate", 'checked'=>1, 'position'=>50), 'p.ref' =>array('label'=>"ProjectRef", 'checked'=>1, 'position'=>60, 'enable'=>(!empty($conf->projet->enabled))), 'cs.fk_user' =>array('label'=>"Employee", 'checked'=>1, 'position'=>70), - 'cs.fk_mode_reglement' =>array('checked'=>1, 'position'=>80, 'label'=>"DefaultPaymentMode"), + 'cs.fk_mode_reglement' =>array('checked'=>-1, 'position'=>80, 'label'=>"DefaultPaymentMode"), 'cs.amount' =>array('label'=>"Amount", 'checked'=>1, 'position'=>100), 'cs.paye' =>array('label'=>"Status", 'checked'=>1, 'position'=>110), ); if (!empty($conf->banque->enabled)) { - $arrayfields['cs.fk_account'] = array('checked'=>1, 'position'=>90, 'label'=>"DefaultBankAccount"); + $arrayfields['cs.fk_account'] = array('checked'=>-1, 'position'=>90, 'label'=>"DefaultBankAccount"); } $arrayfields = dol_sort_array($arrayfields, 'position'); @@ -233,7 +233,7 @@ if ($year > 0) { if ($search_typeid) { $sql .= " AND cs.fk_type=".$db->escape($search_typeid); } -$sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle, cs.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos"; +$sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle, cs.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos, pay.code, u.lastname"; if (!empty($conf->projet->enabled)) { $sql .= ", p.rowid, p.ref, p.title"; } @@ -354,7 +354,7 @@ if (!empty($conf->global->MAIN_VIEW_LINE_NUMBER_IN_LIST)) { // Filter: Ref if (!empty($arrayfields['cs.rowid']['checked'])) { - print '
'; } @@ -368,8 +368,8 @@ if (!empty($arrayfields['cs.rowid']['checked'])) { // Filter: Type if (!empty($arrayfields['cs.fk_type']['checked'])) { - print ''; } @@ -399,21 +399,21 @@ if (!empty($arrayfields['p.ref']['checked'])) { if (!empty($arrayfields['cs.fk_user']['checked'])) { // Employee - print ''; } // Filter: Bank Account if (!empty($arrayfields['cs.fk_account']['checked'])) { - print ''; } @@ -452,16 +452,16 @@ if (!empty($arrayfields['cs.rowid']['checked'])) { print_liste_field_titre($arrayfields['cs.rowid']['label'], $_SERVER["PHP_SELF"], "cs.rowid", '', $param, '', $sortfield, $sortorder); } if (!empty($arrayfields['cs.libelle']['checked'])) { - print_liste_field_titre($arrayfields['cs.libelle']['label'], $_SERVER["PHP_SELF"], "cs.libelle", '', $param, 'class="left"', $sortfield, $sortorder); + print_liste_field_titre($arrayfields['cs.libelle']['label'], $_SERVER["PHP_SELF"], "cs.libelle", '', $param, '', $sortfield, $sortorder); } if (!empty($arrayfields['cs.fk_type']['checked'])) { - print_liste_field_titre($arrayfields['cs.fk_type']['label'], $_SERVER["PHP_SELF"], "cs.fk_type", '', $param, 'class="left"', $sortfield, $sortorder); + print_liste_field_titre($arrayfields['cs.fk_type']['label'], $_SERVER["PHP_SELF"], "cs.fk_type", '', $param, '', $sortfield, $sortorder); } if (!empty($arrayfields['cs.date_ech']['checked'])) { - print_liste_field_titre($arrayfields['cs.date_ech']['label'], $_SERVER["PHP_SELF"], "cs.date_ech", '', $param, 'align="center"', $sortfield, $sortorder); + print_liste_field_titre($arrayfields['cs.date_ech']['label'], $_SERVER["PHP_SELF"], "cs.date_ech", '', $param, '', $sortfield, $sortorder, 'center '); } if (!empty($arrayfields['cs.periode']['checked'])) { - print_liste_field_titre($arrayfields['cs.periode']['label'], $_SERVER["PHP_SELF"], "cs.periode", '', $param, 'align="center"', $sortfield, $sortorder); + print_liste_field_titre($arrayfields['cs.periode']['label'], $_SERVER["PHP_SELF"], "cs.periode", '', $param, '', $sortfield, $sortorder, 'center '); } if (!empty($arrayfields['p.ref']['checked'])) { print_liste_field_titre($arrayfields['p.ref']['label'], $_SERVER["PHP_SELF"], "p.ref", '', $param, '', $sortfield, $sortorder); @@ -470,10 +470,10 @@ if (!empty($arrayfields['cs.fk_user']['checked'])) { print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.lastname", "", $param, 'class="left"', $sortfield, $sortorder); } if (!empty($arrayfields['cs.fk_mode_reglement']['checked'])) { - print_liste_field_titre($arrayfields['cs.fk_mode_reglement']['label'], $_SERVER["PHP_SELF"], "cs.fk_mode_reglement", '', $param, 'class="right"', $sortfield, $sortorder); + print_liste_field_titre($arrayfields['cs.fk_mode_reglement']['label'], $_SERVER["PHP_SELF"], "cs.fk_mode_reglement", '', $param, '', $sortfield, $sortorder); } if (!empty($arrayfields['cs.fk_account']['checked'])) { - print_liste_field_titre($arrayfields['cs.fk_account']['label'], $_SERVER["PHP_SELF"], "cs.fk_account", '', $param, 'class="right"', $sortfield, $sortorder); + print_liste_field_titre($arrayfields['cs.fk_account']['label'], $_SERVER["PHP_SELF"], "cs.fk_account", '', $param, '', $sortfield, $sortorder); } if (!empty($arrayfields['cs.amount']['checked'])) { print_liste_field_titre($arrayfields['cs.amount']['label'], $_SERVER["PHP_SELF"], "cs.amount", '', $param, 'class="right"', $sortfield, $sortorder); @@ -525,7 +525,7 @@ while ($i < min($num, $limit)) { // Label if (!empty($arrayfields['cs.libelle']['checked'])) { - print ''; + print ''; if (!$i) { $totalarray['nbfield']++; } @@ -533,7 +533,7 @@ while ($i < min($num, $limit)) { // Type if (!empty($arrayfields['cs.fk_type']['checked'])) { - print ''; + print ''; if (!$i) { $totalarray['nbfield']++; } @@ -551,7 +551,7 @@ while ($i < min($num, $limit)) { if (!empty($arrayfields['cs.periode']['checked'])) { print ''; + print ''; if (!$i) { $totalarray['nbfield']++; } diff --git a/htdocs/compta/sociales/payments.php b/htdocs/compta/sociales/payments.php index c11f13c14fa..e8e4102b5cc 100644 --- a/htdocs/compta/sociales/payments.php +++ b/htdocs/compta/sociales/payments.php @@ -169,7 +169,8 @@ if (preg_match('/^cs\./', $sortfield) || preg_match('/^c\./', $sortfield) || preg_match('/^pc\./', $sortfield) || preg_match('/^pct\./', $sortfield) - || preg_match('/^u\./', $sortfield)) { + || preg_match('/^u\./', $sortfield) + || preg_match('/^ba\./', $sortfield)) { $sql .= $db->order($sortfield, $sortorder); } @@ -233,8 +234,8 @@ print "\n"; print ''; print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "pc.rowid", "", $param, '', $sortfield, $sortorder); print_liste_field_titre("SocialContribution", $_SERVER["PHP_SELF"], "c.libelle", "", $param, '', $sortfield, $sortorder); -print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "cs.fk_type", "", $param, '', $sortfield, $sortorder); -print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "cs.date_ech", "", $param, 'width="140px"', $sortfield, $sortorder); +print_liste_field_titre("TypeContrib", $_SERVER["PHP_SELF"], "cs.fk_type", "", $param, '', $sortfield, $sortorder); +print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "cs.periode", "", $param, 'width="140px"', $sortfield, $sortorder); print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "pc.datep", "", $param, 'align="center"', $sortfield, $sortorder); print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.rowid", "", $param, "", $sortfield, $sortorder); print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder); @@ -316,7 +317,7 @@ while ($i < min($num, $limit)) { print ''; print ''; + // Sales invoices $sql = "SELECT fd.tva_tx AS vatrate,"; $sql .= " fd.product_type AS product_type,"; $sql .= " cc.code, cc.label AS country,"; @@ -320,7 +325,6 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " GROUP BY fd.tva_tx,fd.product_type, cc.label, cc.code "; $sql .= " ORDER BY country, product_type, vatrate"; - dol_syslog("htdocs/compta/tva/index.php sql=".$sql, LOG_DEBUG); $resql = $db->query($sql); if ($resql) { @@ -370,7 +374,6 @@ if ($modecompta == 'CREANCES-DETTES') { print $db->lasterror(); // Show last sql error } - print ''; print ''; print ''; @@ -385,6 +388,7 @@ if ($modecompta == 'CREANCES-DETTES') { } print ''; + // Purchase invoices $sql2 = "SELECT ffd.tva_tx AS vatrate,"; $sql2 .= " ffd.product_type AS product_type,"; $sql2 .= " cc.code, cc.label AS country,"; diff --git a/htdocs/compta/stats/cabyprodserv.php b/htdocs/compta/stats/cabyprodserv.php index 6ca284a5f2b..d48a931ca2c 100644 --- a/htdocs/compta/stats/cabyprodserv.php +++ b/htdocs/compta/stats/cabyprodserv.php @@ -97,8 +97,8 @@ if (empty($year)) { $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzserver'); // We use timezone of server so report is same from everywhere +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzserver'); // We use timezone of server so report is same from everywhere // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int"); @@ -254,7 +254,9 @@ if ($modecompta == "CREANCES-DETTES") { } elseif ($modecompta == "BOOKKEEPINGCOLLECTED") { } -$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); +$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); +$period .= ' - '; +$period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); if ($date_end == dol_time_plus_duree($date_start, 1, 'y') - 1) { $periodlink = ''.img_previous().''.img_next().''; } else { @@ -313,7 +315,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " AND f.datef >= '".$db->idate($date_start)."' AND f.datef <= '".$db->idate($date_end)."'"; } if ($selected_type >= 0) { - $sql .= " AND l.product_type = ".$selected_type; + $sql .= " AND l.product_type = ".((int) $selected_type); } if ($selected_cat === -2) { // Without any category $sql .= " AND cp.fk_product is null"; @@ -340,7 +342,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= "))"; } if ($selected_soc > 0) { - $sql .= " AND soc.rowid=".$selected_soc; + $sql .= " AND soc.rowid=".((int) $selected_soc); } $sql .= " AND f.entity IN (".getEntity('invoice').")"; diff --git a/htdocs/compta/stats/cabyuser.php b/htdocs/compta/stats/cabyuser.php index feae1f83594..ce2cb2ad333 100644 --- a/htdocs/compta/stats/cabyuser.php +++ b/htdocs/compta/stats/cabyuser.php @@ -78,8 +78,8 @@ if (empty($year)) { $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzserver'); // We use timezone of server so report is same from everywhere +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzserver'); // We use timezone of server so report is same from everywhere // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q") ?GETPOST("q") : 0; @@ -198,7 +198,9 @@ if ($modecompta == "CREANCES-DETTES") { } elseif ($modecompta == "BOOKKEEPINGCOLLECTED") { // TODO } -$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); +$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); +$period .= ' - '; +$period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); if ($date_end == dol_time_plus_duree($date_start, 1, 'y') - 1) { $periodlink = ''.img_previous().''.img_next().''; } else { @@ -241,7 +243,7 @@ if ($modecompta == 'CREANCES-DETTES') { if ($date_start && $date_end) { $sql .= " AND f.datef >= '".$db->idate($date_start)."' AND f.datef <= '".$db->idate($date_end)."'"; } -} else { +} elseif ($modecompta == "RECETTES-DEPENSES") { /* * Liste des paiements (les anciens paiements ne sont pas vus par cette requete car, sur les * vieilles versions, ils n'etaient pas lies via paiement_facture. On les ajoute plus loin) @@ -255,6 +257,8 @@ if ($modecompta == 'CREANCES-DETTES') { if ($date_start && $date_end) { $sql .= " AND p.datep >= '".$db->idate($date_start)."' AND p.datep <= '".$db->idate($date_end)."'"; } +} elseif ($modecompta == "BOOKKEEPING") { +} elseif ($modecompta == "BOOKKEEPINGCOLLECTED") { } $sql .= " AND f.entity IN (".getEntity('invoice').")"; if ($socid) { @@ -284,7 +288,7 @@ if ($result) { } // Adding old-version payments, non-bound by "paiement_facture" then without User -if ($modecompta != 'CREANCES-DETTES') { +if ($modecompta == 'RECETTES-DEPENSES') { $sql = "SELECT -1 as rowidx, '' as name, '' as firstname, sum(DISTINCT p.amount) as amount_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= ", ".MAIN_DB_PREFIX."bank_account as ba"; diff --git a/htdocs/compta/stats/casoc.php b/htdocs/compta/stats/casoc.php index aedae20b8f0..52e41c20672 100644 --- a/htdocs/compta/stats/casoc.php +++ b/htdocs/compta/stats/casoc.php @@ -98,8 +98,8 @@ if (empty($year)) { $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzserver'); // We use timezone of server so report is same from everywhere +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzserver'); // We use timezone of server so report is same from everywhere // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int") ?GETPOST("q", "int") : 0; @@ -142,6 +142,7 @@ if (empty($date_start) || empty($date_end)) { // We define date_start and date_e } else { // TODO We define q } +//print dol_print_date($date_start, 'dayhour', 'gmt'); // $date_start and $date_end are defined. We force $year_start and $nbofyear $tmps = dol_getdate($date_start); @@ -224,7 +225,9 @@ if ($modecompta == "CREANCES-DETTES") { } elseif ($modecompta == "BOOKKEEPING") { } elseif ($modecompta == "BOOKKEEPINGCOLLECTED") { } -$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); +$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); +$period .= ' - '; +$period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); if ($date_end == dol_time_plus_duree($date_start, 1, 'y') - 1) { $periodlink = ''.img_previous().''.img_next().''; } else { @@ -264,14 +267,14 @@ if ($modecompta == 'CREANCES-DETTES') { if ($selected_cat === -2) { // Without any category $sql .= " AND cs.fk_soc is null"; } elseif ($selected_cat) { // Into a specific category - $sql .= " AND (c.rowid = ".$db->escape($selected_cat); + $sql .= " AND (c.rowid = ".((int) $selected_cat); if ($subcat) { - $sql .= " OR c.fk_parent = ".$db->escape($selected_cat); + $sql .= " OR c.fk_parent = ".((int) $selected_cat); } $sql .= ")"; $sql .= " AND cs.fk_categorie = c.rowid AND cs.fk_soc = s.rowid"; } -} else { +} elseif ($modecompta == "RECETTES-DEPENSES") { /* * Liste des paiements (les anciens paiements ne sont pas vus par cette requete car, sur les * vieilles versions, ils n'etaient pas lies via paiement_facture. On les ajoute plus loin) @@ -295,13 +298,15 @@ if ($modecompta == 'CREANCES-DETTES') { if ($selected_cat === -2) { // Without any category $sql .= " AND cs.fk_soc is null"; } elseif ($selected_cat) { // Into a specific category - $sql .= " AND (c.rowid = ".$selected_cat; + $sql .= " AND (c.rowid = ".((int) $selected_cat); if ($subcat) { - $sql .= " OR c.fk_parent = ".$selected_cat; + $sql .= " OR c.fk_parent = ".((int) $selected_cat); } $sql .= ")"; $sql .= " AND cs.fk_categorie = c.rowid AND cs.fk_soc = s.rowid"; } +} elseif ($modecompta == "BOOKKEEPING") { +} elseif ($modecompta == "BOOKKEEPINGCOLLECTED") { } if (!empty($search_societe)) { $sql .= natural_search('s.nom', $search_societe); @@ -313,11 +318,11 @@ if (!empty($search_town)) { $sql .= natural_search('s.town', $search_town); } if ($search_country > 0) { - $sql .= ' AND s.fk_pays = '.$search_country.''; + $sql .= ' AND s.fk_pays = '.((int) $search_country); } $sql .= " AND f.entity IN (".getEntity('invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY s.rowid, s.nom, s.zip, s.town, s.fk_pays"; $sql .= " ORDER BY s.rowid"; @@ -347,7 +352,7 @@ if ($result) { } // On ajoute les paiements anciennes version, non lies par paiement_facture -if ($modecompta != 'CREANCES-DETTES') { +if ($modecompta == "RECETTES-DEPENSES") { $sql = "SELECT '0' as socid, 'Autres' as name, sum(p.amount) as amount_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= ", ".MAIN_DB_PREFIX."bank_account as ba"; diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php index 74589d2e391..58d4458ca6a 100644 --- a/htdocs/compta/stats/index.php +++ b/htdocs/compta/stats/index.php @@ -51,8 +51,8 @@ if (empty($year)) { $month_current = dol_print_date(dol_now(), "%m"); $year_start = $year - ($nbofyear - 1); } -$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzuserrel'); -$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzuserrel'); +$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzserver'); +$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzserver'); // We define date_start and date_end if (empty($date_start) || empty($date_end)) { // We define date_start and date_end @@ -152,7 +152,6 @@ if ($modecompta == "CREANCES-DETTES") { $calcmode .= '
('.$langs->trans("SeeReportInBookkeepingMode", '{link1}', '{link2}').')'; $calcmode = str_replace('{link1}', '', $calcmode); $calcmode = str_replace('{link2}', '', $calcmode); - $period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); $periodlink = ($year_start ? "".img_previous()."".img_next()."" : ""); $description = $langs->trans("RulesCADue"); if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { @@ -167,7 +166,6 @@ if ($modecompta == "CREANCES-DETTES") { $calcmode = $langs->trans("CalcModeEngagement"); //$calcmode.='
('.$langs->trans("SeeReportInDueDebtMode",'','').')'; //$calcmode.='
('.$langs->trans("SeeReportInBookkeepingMode",'','').')'; - $period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); $periodlink = ($year_start ? "".img_previous()."".img_next()."" : ""); $description = $langs->trans("RulesCAIn"); $description .= $langs->trans("DepositsAreIncluded"); @@ -180,12 +178,14 @@ if ($modecompta == "CREANCES-DETTES") { $calcmode = str_replace('{link1}', '', $calcmode); $calcmode = str_replace('{link2}', '', $calcmode); //$calcmode.='
('.$langs->trans("SeeReportInInputOutputMode",'','').')'; - $period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); $periodlink = ($year_start ? "".img_previous()."".img_next()."" : ""); - $description = $langs->trans("RulesCATotalSaleJournal"); + $description = $langs->trans("RulesSalesTurnoverOfIncomeAccounts"); $builddate = dol_now(); //$exportlink=$langs->trans("NotYetAvailable"); } +$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); +$period .= ' - '; +$period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); $moreparam = array(); if (!empty($modecompta)) { @@ -199,7 +199,7 @@ if (!empty($conf->accounting->enabled) && $modecompta != 'BOOKKEEPING') { if ($modecompta == 'CREANCES-DETTES') { - $sql = "SELECT date_format(f.datef,'%Y-%m') as dm, sum(f.total) as amount, sum(f.total_ttc) as amount_ttc"; + $sql = "SELECT date_format(f.datef, '%Y-%m') as dm, sum(f.total) as amount, sum(f.total_ttc) as amount_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; $sql .= " WHERE f.fk_statut in (1,2)"; if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { @@ -209,14 +209,14 @@ if ($modecompta == 'CREANCES-DETTES') { } $sql .= " AND f.entity IN (".getEntity('invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } } elseif ($modecompta == "RECETTES-DEPENSES") { /* * Liste des paiements (les anciens paiements ne sont pas vus par cette requete car, sur les * vieilles versions, ils n'etaient pas lies via paiement_facture. On les ajoute plus loin) */ - $sql = "SELECT date_format(p.datep,'%Y-%m') as dm, sum(pf.amount) as amount_ttc"; + $sql = "SELECT date_format(p.datep, '%Y-%m') as dm, sum(pf.amount) as amount_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; $sql .= ", ".MAIN_DB_PREFIX."paiement_facture as pf"; $sql .= ", ".MAIN_DB_PREFIX."paiement as p"; @@ -224,20 +224,28 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " AND pf.fk_facture = f.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } } elseif ($modecompta == "BOOKKEEPING") { - $sql = "SELECT date_format(b.doc_date,'%Y-%m') as dm, sum(b.credit) as amount_ttc"; - $sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b, ".MAIN_DB_PREFIX."accounting_journal as aj"; - $sql .= " WHERE b.entity = ".$conf->entity; // In module double party accounting, we never share entities - $sql .= " AND aj.entity = ".$conf->entity; - $sql .= " AND b.code_journal = aj.code AND aj.nature = 2"; // @todo currently count amount in sale journal, but we need to define a category group for turnover -} + $pcgverid = $conf->global->CHARTOFACCOUNTS; + $pcgvercode = dol_getIdFromCode($db, $pcgverid, 'accounting_system', 'rowid', 'pcg_version'); + if (empty($pcgvercode)) { + $pcgvercode = $pcgverid; + } + $sql = "SELECT date_format(b.doc_date, '%Y-%m') as dm, sum(b.debit) as amount_ttc"; + $sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b,"; + $sql .= " ".MAIN_DB_PREFIX."accounting_account as aa"; + $sql .= " WHERE b.entity = ".$conf->entity; // In module double party accounting, we never share entities + $sql .= " AND b.numero_compte = aa.account_number"; + $sql .= " AND b.doc_type = 'customer_invoice'"; + $sql .= " AND aa.entity = ".$conf->entity; + $sql .= " AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'"; + $sql .= " AND aa.pcg_type = 'INCOME'"; // TODO Be able to use a custom group +} $sql .= " GROUP BY dm"; $sql .= " ORDER BY dm"; // TODO Add a filter on $date_start and $date_end to reduce quantity on data -//print $sql; $minyearmonth = $maxyearmonth = 0; diff --git a/htdocs/compta/stats/supplier_turnover.php b/htdocs/compta/stats/supplier_turnover.php index bf91d8b4d6a..dc8417e58a1 100644 --- a/htdocs/compta/stats/supplier_turnover.php +++ b/htdocs/compta/stats/supplier_turnover.php @@ -47,8 +47,8 @@ if (empty($year)) { $month_current = strftime("%m", dol_now()); $year_start = $year - ($nbofyear - 1); } -$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzuserrel'); -$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzuserrel'); +$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzserver'); // We use timezone of server so report is same from everywhere +$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzserver'); // We use timezone of server so report is same from everywhere // We define date_start and date_end if (empty($date_start) || empty($date_end)) { // We define date_start and date_end @@ -135,7 +135,6 @@ if ($modecompta == "CREANCES-DETTES") { $calcmode .= '
('.$langs->trans("SeeReportInBookkeepingMode", '{link1}', '{link2}').')'; $calcmode = str_replace('{link1}', '', $calcmode); $calcmode = str_replace('{link2}', '', $calcmode); - $period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); $periodlink = ($year_start ? "".img_previous()."".img_next()."" : ""); $description = $langs->trans("RulesPurchaseTurnoverDue"); $builddate = dol_now(); @@ -143,7 +142,6 @@ if ($modecompta == "CREANCES-DETTES") { } elseif ($modecompta == "RECETTES-DEPENSES") { $name = $langs->trans("PurchaseTurnoverCollected"); $calcmode = $langs->trans("CalcModeEngagement"); - $period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); $periodlink = ($year_start ? "".img_previous()."".img_next()."" : ""); $description = $langs->trans("RulesPurchaseTurnoverIn"); $builddate = dol_now(); @@ -154,12 +152,14 @@ if ($modecompta == "CREANCES-DETTES") { $calcmode .= '
('.$langs->trans("SeeReportInDueDebtMode", '{link1}', '{link2}').')'; $calcmode = str_replace('{link1}', '', $calcmode); $calcmode = str_replace('{link2}', '', $calcmode); - $period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); $periodlink = ($year_start ? "".img_previous()."".img_next()."" : ""); - $description = $langs->trans("RulesPurchaseTurnoverTotalPurchaseJournal"); + $description = $langs->trans("RulesPurchaseTurnoverOfExpenseAccounts"); $builddate = dol_now(); //$exportlink=$langs->trans("NotYetAvailable"); } +$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); +$period .= ' - '; +$period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); $moreparam = array(); if (!empty($modecompta)) { @@ -193,11 +193,21 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " AND f.fk_soc = ".$socid; } } elseif ($modecompta == "BOOKKEEPING") { - $sql = "SELECT date_format(b.doc_date,'%Y-%m') as dm, sum(b.debit) as amount_ttc"; - $sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b, ".MAIN_DB_PREFIX."accounting_journal as aj"; + $pcgverid = $conf->global->CHARTOFACCOUNTS; + $pcgvercode = dol_getIdFromCode($db, $pcgverid, 'accounting_system', 'rowid', 'pcg_version'); + if (empty($pcgvercode)) { + $pcgvercode = $pcgverid; + } + + $sql = "SELECT date_format(b.doc_date, '%Y-%m') as dm, sum(b.debit) as amount_ttc"; + $sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b,"; + $sql .= " ".MAIN_DB_PREFIX."accounting_account as aa"; $sql .= " WHERE b.entity = ".$conf->entity; // In module double party accounting, we never share entities - $sql .= " AND aj.entity = ".$conf->entity; - $sql .= " AND b.code_journal = aj.code AND aj.nature = 3"; // @todo currently count amount in sale journal, but we need to define a category group for turnover + $sql .= " AND b.doc_type = 'supplier_invoice'"; + $sql .= " AND b.numero_compte = aa.account_number"; + $sql .= " AND aa.entity = ".$conf->entity; + $sql .= " AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'"; + $sql .= " AND aa.pcg_type = 'EXPENSE'"; // TODO Be able to use a custom group } $sql .= " GROUP BY dm"; diff --git a/htdocs/compta/stats/supplier_turnover_by_prodserv.php b/htdocs/compta/stats/supplier_turnover_by_prodserv.php index 26659c851f9..1af51249433 100644 --- a/htdocs/compta/stats/supplier_turnover_by_prodserv.php +++ b/htdocs/compta/stats/supplier_turnover_by_prodserv.php @@ -79,8 +79,8 @@ if (empty($year)) { $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzserver'); // We use timezone of server so report is same from everywhere +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzserver'); // We use timezone of server so report is same from everywhere // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int"); @@ -241,7 +241,9 @@ if ($modecompta == "CREANCES-DETTES") { } elseif ($modecompta == "BOOKKEEPINGCOLLECTED") { } -$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); +$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); +$period .= ' - '; +$period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); if ($date_end == dol_time_plus_duree($date_start, 1, 'y') - 1) { $periodlink = ''.img_previous().''.img_next().''; } else { @@ -286,20 +288,20 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " AND f.datef >= '".$db->idate($date_start)."' AND f.datef <= '".$db->idate($date_end)."'"; } if ($selected_type >= 0) { - $sql .= " AND l.product_type = ".$selected_type; + $sql .= " AND l.product_type = ".((int) $selected_type); } if ($selected_cat === -2) { // Without any category $sql .= " AND cp.fk_product is null"; } elseif ($selected_cat) { // Into a specific category - $sql .= " AND (c.rowid = ".$selected_cat; + $sql .= " AND (c.rowid = ".((int) $selected_cat); if ($subcat) { - $sql .= " OR c.fk_parent = ".$selected_cat; + $sql .= " OR c.fk_parent = ".((int) $selected_cat); } $sql .= ")"; $sql .= " AND cp.fk_categorie = c.rowid AND cp.fk_product = p.rowid"; } if ($selected_soc > 0) { - $sql .= " AND soc.rowid=".$selected_soc; + $sql .= " AND soc.rowid=".((int) $selected_soc); } $sql .= " AND f.entity IN (".getEntity('supplier_invoice').")"; $sql .= " GROUP BY p.rowid, p.ref, p.label, p.fk_product_type"; diff --git a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php index 4b64b2e5942..556c4437df7 100644 --- a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php +++ b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php @@ -81,8 +81,8 @@ if (empty($year)) { $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzserver'); // We use timezone of server so report is same from everywhere +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzserver'); // We use timezone of server so report is same from everywhere // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int") ?GETPOST("q", "int") : 0; @@ -212,7 +212,9 @@ if ($modecompta == "CREANCES-DETTES") { } elseif ($modecompta == "BOOKKEEPING") { } elseif ($modecompta == "BOOKKEEPINGCOLLECTED") { } -$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); +$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); +$period .= ' - '; +$period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); if ($date_end == dol_time_plus_duree($date_start, 1, 'y') - 1) { $periodlink = ''.img_previous().''.img_next().''; } else { @@ -249,14 +251,14 @@ if ($modecompta == 'CREANCES-DETTES') { if ($selected_cat === -2) { // Without any category $sql .= " AND cs.fk_soc is null"; } elseif ($selected_cat) { // Into a specific category - $sql .= " AND (c.rowid = ".$db->escape($selected_cat); + $sql .= " AND (c.rowid = ".((int) $selected_cat); if ($subcat) { - $sql .= " OR c.fk_parent = ".$db->escape($selected_cat); + $sql .= " OR c.fk_parent = ".((int) $selected_cat); } $sql .= ")"; $sql .= " AND cs.fk_categorie = c.rowid AND cs.fk_soc = s.rowid"; } -} else { +} elseif ($modecompta == "RECETTES-DEPENSES") { $sql = "SELECT s.rowid as socid, s.nom as name, s.zip, s.town, s.fk_pays, sum(pf.amount) as amount_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f"; $sql .= ", ".MAIN_DB_PREFIX."paiementfourn_facturefourn as pf"; @@ -276,9 +278,9 @@ if ($modecompta == 'CREANCES-DETTES') { if ($selected_cat === -2) { // Without any category $sql .= " AND cs.fk_soc is null"; } elseif ($selected_cat) { // Into a specific category - $sql .= " AND (c.rowid = ".$selected_cat; + $sql .= " AND (c.rowid = ".((int) $selected_cat); if ($subcat) { - $sql .= " OR c.fk_parent = ".$selected_cat; + $sql .= " OR c.fk_parent = ".((int) $selected_cat); } $sql .= ")"; $sql .= " AND cs.fk_categorie = c.rowid AND cs.fk_soc = s.rowid"; diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index 2a116c6376b..bbf4bc9ac2b 100755 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -136,7 +136,7 @@ if ($action == 'reopen' && $user->rights->tax->charges->creer) { } } -if ($action == 'add' && $cancel) { +if ($action == 'add' && !$cancel) { $error = 0; $object->fk_account = GETPOST("accountid", 'int'); @@ -454,7 +454,7 @@ if ($action == 'create') { // Comments print ''; print ''; - print ''; + print ''; print ''; // Other attributes @@ -618,7 +618,7 @@ if ($id) { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepaiement = c.id"; $sql .= ", ".MAIN_DB_PREFIX."tva as tva"; - $sql .= " WHERE p.fk_tva = ".$id; + $sql .= " WHERE p.fk_tva = ".((int) $id); $sql .= " AND p.fk_tva = tva.rowid"; $sql .= " AND tva.entity IN (".getEntity('tax').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/compta/tva/class/paymentvat.class.php b/htdocs/compta/tva/class/paymentvat.class.php index 9ba1bd2ed1d..f8a397bdb9a 100644 --- a/htdocs/compta/tva/class/paymentvat.class.php +++ b/htdocs/compta/tva/class/paymentvat.class.php @@ -620,7 +620,7 @@ class PaymentVAT extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".$this->id; dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/tva/list.php b/htdocs/compta/tva/list.php index 16e780e4b0d..ac9e7b55ecd 100644 --- a/htdocs/compta/tva/list.php +++ b/htdocs/compta/tva/list.php @@ -57,7 +57,6 @@ $search_dateend_end = dol_mktime(23, 59, 59, GETPOST('search_dateend_endmonth', $search_datepayment_start = dol_mktime(0, 0, 0, GETPOST('search_datepayment_startmonth', 'int'), GETPOST('search_datepayment_startday', 'int'), GETPOST('search_datepayment_startyear', 'int')); $search_datepayment_end = dol_mktime(23, 59, 59, GETPOST('search_datepayment_endmonth', 'int'), GETPOST('search_datepayment_endday', 'int'), GETPOST('search_datepayment_endyear', 'int')); $search_type = GETPOST('search_type', 'int'); -$search_cheque = GETPOST('search_cheque', 'alpha'); $search_account = GETPOST('search_account', 'int'); $search_amount = GETPOST('search_amount', 'alpha'); $search_status = GETPOST('search_status', 'int'); @@ -123,7 +122,6 @@ if (empty($reshook)) { $search_datepayment_start = ''; $search_datepayment_end = ''; $search_type = ''; - $search_cheque = ''; $search_account = ''; $search_amount = ''; $search_status = ''; @@ -268,9 +266,6 @@ if (!empty($search_datepayment_end)) { if (!empty($search_type) && $search_type > 0) { $param .= '&search_type='.$search_type; } -if (!empty($search_cheque)) { - $param .= '&search_cheque="'.$search_cheque.'"'; -} if (!empty($search_account) && $search_account > 0) { $param .= '&search_account='.$search_account; } diff --git a/htdocs/compta/tva/payments.php b/htdocs/compta/tva/payments.php index 83399d5a5c8..134f840d196 100644 --- a/htdocs/compta/tva/payments.php +++ b/htdocs/compta/tva/payments.php @@ -120,11 +120,12 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { print '
'; - print $langs->trans('BankAccount'); + print $langs->trans('DefaultBankAccount'); print ''; if ($action != 'editbankaccount' && $user->rights->tax->charges->creer) { print 'id.'">'.img_edit($langs->trans('SetBankAccount'), 1).''; + print ''; print ''; print ''; - $formsocialcontrib->select_type_socialcontrib($search_typeid, 'search_typeid', 1, 0, 0, 'maxwidth100onsmartphone', 1); + print ''; + $formsocialcontrib->select_type_socialcontrib($search_typeid, 'search_typeid', 1, 0, 0, 'maxwidth150', 1); print ''; + print ''; print $form->select_dolusers($search_users, 'search_users', 1, null, 0, '', '', '0', '0', 0, '', 0, '', '', 0, 0, true); } // Filter: Type if (!empty($arrayfields['cs.fk_mode_reglement']['checked'])) { - print ''; - $form->select_types_paiements($search_type, 'search_type', '', 0, 1, 1, 16); + print ''; + $form->select_types_paiements($search_type, 'search_type', '', 0, 1, 1, 0, 1, 'maxwidth150'); print ''; - $form->select_comptes($search_account, 'search_account', 0, '', 1); + print ''; + $form->select_comptes($search_account, 'search_account', 0, '', 1, '', 0, 'maxwidth150'); print ''.dol_trunc($obj->label, 42).''.dol_escape_htmltag($obj->label).''.$obj->type_label.''.dol_escape_htmltag($obj->type_label).''; if ($obj->periode) { - print 'jdate($obj->periode)).'">'; + print ''; print dol_print_date($db->jdate($obj->periode), 'day'); print ''; } @@ -627,7 +627,7 @@ while ($i < min($num, $limit)) { // Amount if (!empty($arrayfields['cs.amount']['checked'])) { - print ''.price($obj->amount).''.price($obj->amount).'
'; - if ($obj->fk_bank > 0) { + if ($obj->bid > 0) { $accountstatic->id = $obj->bid; $accountstatic->ref = $obj->bref; $accountstatic->number = $obj->bnumber; diff --git a/htdocs/compta/stats/byratecountry.php b/htdocs/compta/stats/byratecountry.php index 1644a4ee5e3..d65bed019fc 100644 --- a/htdocs/compta/stats/byratecountry.php +++ b/htdocs/compta/stats/byratecountry.php @@ -52,8 +52,8 @@ if (empty($year)) { $month_current = dol_print_date(dol_now(), '%m'); $year_start = $year; } -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel'); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel'); +$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzserver'); // We use timezone of server so report is same from everywhere +$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzserver'); // We use timezone of server so report is same from everywhere // Quarter if (empty($date_start) || empty($date_end)) { // We define date_start and date_end $q = GETPOST("q", "int"); @@ -179,7 +179,9 @@ if ($modetax == 2) { } $calcmode .= '
('.$langs->trans("TaxModuleSetupToModifyRules", DOL_URL_ROOT.'/admin/taxes.php').')'; // Set period -$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); +$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); +$period .= ' - '; +$period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); $prevyear = $year_start; $prevquarter = $q; if ($prevquarter > 1) { @@ -265,7 +267,9 @@ if ($modecompta == "CREANCES-DETTES") { } elseif ($modecompta == "BOOKKEEPING") { } elseif ($modecompta == "BOOKKEEPINGCOLLECTED") { } -$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); +$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0); +$period .= ' - '; +$period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0); if ($date_end == dol_time_plus_duree($date_start, 1, 'y') - 1) { $periodlink = ''.img_previous().' '.img_next().''; } else { @@ -297,6 +301,7 @@ if ($modecompta == 'CREANCES-DETTES') { } print '		'.$langs->trans("TotalHT").'
'.$langs->trans("PurchasebyVatrate").''.$langs->trans("ProductOrService").''.$langs->trans("Country").''.$langs->trans("TotalHT").'
'.$langs->trans("Comments").'
'; print ''; print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "ptva.rowid", "", $param, '', $sortfield, $sortorder); - print_liste_field_titre("VATDeclaration", $_SERVER["PHP_SELF"], "tva.label", "", $param, '', $sortfield, $sortorder); + print_liste_field_titre("VATDeclaration", $_SERVER["PHP_SELF"], "tva.rowid", "", $param, '', $sortfield, $sortorder); + print_liste_field_titre("Label", $_SERVER["PHP_SELF"], "tva.label", "", $param, '', $sortfield, $sortorder); print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "tva.datev", "", $param, 'width="140px"', $sortfield, $sortorder); print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "ptva.datep", "", $param, 'align="center"', $sortfield, $sortorder); print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder); - print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "pc.num_paiement", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber'); + print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "ptva.num_paiement", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber'); if (!empty($conf->banque->enabled)) { print_liste_field_titre("BankTransactionLine", $_SERVER["PHP_SELF"], "ptva.fk_bank", "", $param, '', $sortfield, $sortorder); print_liste_field_titre("BankAccount", $_SERVER["PHP_SELF"], "bank.ref", "", $param, '', $sortfield, $sortorder); @@ -184,7 +185,7 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { // Ref payment print '\n"; - // Label + // VAT print ''; + // Label + print ''; + // Date $date = $obj->datev; print ''; @@ -243,7 +247,7 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { } print ''; print ''; // A total here has no sense - //print ''; + print ''; print ''; if (!empty($conf->banque->enabled)) { print ''; diff --git a/htdocs/contact/canvas/actions_contactcard_common.class.php b/htdocs/contact/canvas/actions_contactcard_common.class.php index 332b7dd36c6..0e80df07676 100644 --- a/htdocs/contact/canvas/actions_contactcard_common.class.php +++ b/htdocs/contact/canvas/actions_contactcard_common.class.php @@ -308,7 +308,7 @@ abstract class ActionsContactCardCommon // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { - $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id; + $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 5e0c65e1b70..5befcba4537 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1651,8 +1651,8 @@ class Contact extends CommonObject // Desactive utilisateur $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople"; - $sql .= " SET statut = ".$this->statut; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET statut = ".((int) $this->statut); + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); dol_syslog(get_class($this)."::setstatus", LOG_DEBUG); @@ -1882,7 +1882,7 @@ class Contact extends CommonObject $sql = "SELECT id, code, libelle as label, picto FROM ".MAIN_DB_PREFIX."c_stcommcontact"; if ($active >= 0) { - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); } $resql = $this->db->query($sql); $num = $this->db->num_rows($resql); diff --git a/htdocs/contact/consumption.php b/htdocs/contact/consumption.php index 1e0f5b06094..b87a73e8cc2 100644 --- a/htdocs/contact/consumption.php +++ b/htdocs/contact/consumption.php @@ -258,7 +258,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices // $documentstatic=new SupplierProposal($db); // $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, '; // $tables_from = MAIN_DB_PREFIX."supplier_proposal as c,".MAIN_DB_PREFIX."supplier_proposaldet as d"; - // $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + // $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); // $where.= " AND d.fk_supplier_proposal = c.rowid"; // $where.= " AND c.entity = ".$conf->entity; // $dateprint = 'c.date_valid'; diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 64d2b5e2c0a..33dd0e8e2f7 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -1057,7 +1057,7 @@ class Contrat extends CommonObject } $sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; + $sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; $resqlcontact = $this->db->query($sqlcontact); if ($resqlcontact) { @@ -1759,7 +1759,7 @@ class Contrat extends CommonObject $sql .= ",date_cloture=null"; } $sql .= ", fk_unit=".($fk_unit ? "'".$this->db->escape($fk_unit)."'" : "null"); - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::updateline", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index 057443d09b4..13cb7126769 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -1321,7 +1321,7 @@ if (!$error && ($massaction == 'delete' || ($action == 'delete' && $confirm == ' } if ($objectclass == "Task" && $objecttmp->hasChildren() > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET fk_task_parent = 0 WHERE fk_task_parent = ".$objecttmp->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET fk_task_parent = 0 WHERE fk_task_parent = ".((int) $objecttmp->id); $res = $db->query($sql); if (!$res) { diff --git a/htdocs/core/ajax/selectobject.php b/htdocs/core/ajax/selectobject.php index c491ad63749..c8c3e13ea3d 100644 --- a/htdocs/core/ajax/selectobject.php +++ b/htdocs/core/ajax/selectobject.php @@ -43,9 +43,7 @@ require '../../main.inc.php'; $objectdesc = GETPOST('objectdesc', 'alpha'); $htmlname = GETPOST('htmlname', 'aZ09'); -$sqlfilter = GETPOST('sqlfilter', 'alpha'); $outjson = (GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0); -$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); @@ -54,11 +52,8 @@ $id = GETPOST('id', 'int'); */ //print ''."\n"; - -dol_syslog(join(',', $_GET)); //print_r($_GET); - require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; $form = new Form($db); diff --git a/htdocs/core/ajax/ziptown.php b/htdocs/core/ajax/ziptown.php index 44c7bc0760b..aa9474ce142 100644 --- a/htdocs/core/ajax/ziptown.php +++ b/htdocs/core/ajax/ziptown.php @@ -59,17 +59,17 @@ top_httphead(); //print ''."\n"; -dol_syslog("GET is ".join(',', $_GET).', MAIN_USE_ZIPTOWN_DICTIONNARY='.(empty($conf->global->MAIN_USE_ZIPTOWN_DICTIONNARY) ? '' : $conf->global->MAIN_USE_ZIPTOWN_DICTIONNARY)); +dol_syslog('ziptown call with MAIN_USE_ZIPTOWN_DICTIONNARY='.(empty($conf->global->MAIN_USE_ZIPTOWN_DICTIONNARY) ? '' : $conf->global->MAIN_USE_ZIPTOWN_DICTIONNARY)); //var_dump($_GET); // Generation of list of zip-town -if (!empty($_GET['zipcode']) || !empty($_GET['town'])) { +if (GETPOST('zipcode') || GETPOST('town')) { $return_arr = array(); $formcompany = new FormCompany($db); // Define filter on text typed - $zipcode = $_GET['zipcode'] ? $_GET['zipcode'] : ''; - $town = $_GET['town'] ? $_GET['town'] : ''; + $zipcode = GETPOST('zipcode'); + $town = GETPOST('town'); if (!empty($conf->global->MAIN_USE_ZIPTOWN_DICTIONNARY)) { // Use zip-town table $sql = "SELECT z.rowid, z.zip, z.town, z.fk_county, z.fk_pays as fk_country"; @@ -141,7 +141,6 @@ if (!empty($_GET['zipcode']) || !empty($_GET['town'])) { } echo json_encode($return_arr); -} else { } $db->close(); diff --git a/htdocs/core/boxes/box_accountancy_suspense_account.php b/htdocs/core/boxes/box_accountancy_suspense_account.php index 31eaa65bf72..aa648270b97 100644 --- a/htdocs/core/boxes/box_accountancy_suspense_account.php +++ b/htdocs/core/boxes/box_accountancy_suspense_account.php @@ -15,7 +15,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . + * along with this program. If not, see . */ /** @@ -83,7 +83,7 @@ class box_accountancy_suspense_account extends ModeleBoxes if (!empty($suspenseAccount) && $suspenseAccount > 0) { $sql = "SELECT COUNT(*) as nb_suspense_account"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b"; - $sql .= " WHERE b.numero_compte = ".$suspenseAccount; + $sql .= " WHERE b.numero_compte = '".$this->db->escape($suspenseAccount)."'"; $sql .= " AND b.entity = ".$conf->entity; $result = $this->db->query($sql); diff --git a/htdocs/core/boxes/box_bookmarks.php b/htdocs/core/boxes/box_bookmarks.php index 9d6df6c7535..1a3a1183032 100644 --- a/htdocs/core/boxes/box_bookmarks.php +++ b/htdocs/core/boxes/box_bookmarks.php @@ -87,7 +87,7 @@ class box_bookmarks extends ModeleBoxes if ($user->rights->bookmark->lire) { $sql = "SELECT b.title, b.url, b.target, b.favicon"; $sql .= " FROM ".MAIN_DB_PREFIX."bookmark as b"; - $sql .= " WHERE fk_user = ".$user->id; + $sql .= " WHERE fk_user = ".((int) $user->id); $sql .= " AND b.entity = ".$conf->entity; $sql .= $this->db->order("position", "ASC"); $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php index 7325b9bed5f..1a8cec07155 100644 --- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php +++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php @@ -15,7 +15,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . + * along with this program. If not, see . */ /** diff --git a/htdocs/core/class/canvas.class.php b/htdocs/core/class/canvas.class.php index 7541c58a889..a4414fa6edb 100644 --- a/htdocs/core/class/canvas.class.php +++ b/htdocs/core/class/canvas.class.php @@ -107,6 +107,7 @@ class Canvas $this->card = $card; $this->dirmodule = $module; // Correct values if canvas is into an external module + $regs = array(); if (preg_match('/^([^@]+)@([^@]+)$/i', $canvas, $regs)) { $this->canvas = $regs[1]; $this->dirmodule = $regs[2]; @@ -194,7 +195,7 @@ class Canvas // This functions should not be used anymore because canvas should contains only templates. - // http://wiki.dolibarr.org/index.php/Canvas_development + // https://wiki.dolibarr.org/index.php/Canvas_development /** * Return if a canvas contains an action controller @@ -215,7 +216,7 @@ class Canvas * @param string $action Action string * @param int $id Object id * @return mixed Return return code of doActions of canvas - * @see http://wiki.dolibarr.org/index.php/Canvas_development + * @see https://wiki.dolibarr.org/index.php/Canvas_development */ public function doActions(&$action = 'view', $id = 0) { diff --git a/htdocs/core/class/comment.class.php b/htdocs/core/class/comment.class.php index 78f168fd8f7..7184d7846b0 100644 --- a/htdocs/core/class/comment.class.php +++ b/htdocs/core/class/comment.class.php @@ -365,7 +365,7 @@ class Comment extends CommonObject $sql = "SELECT"; $sql .= " c.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as c"; - $sql .= " WHERE c.fk_element = ".$fk_element; + $sql .= " WHERE c.fk_element = ".((int) $fk_element); $sql .= " AND c.element_type = '".$this->db->escape($element_type)."'"; $sql .= " AND c.entity = ".$conf->entity; $sql .= " ORDER BY c.tms DESC"; diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index 6366cf52756..50d94da8531 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -801,7 +801,7 @@ abstract class CommonInvoice extends CommonObject { // phpcs:enable $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'prelevement_facture_demande'; - $sql .= ' WHERE rowid = '.$did; + $sql .= ' WHERE rowid = '.((int) $did); $sql .= ' AND traite = 0'; if ($this->db->query($sql)) { return 0; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index f4ad69cfc59..e113cf2654a 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -358,7 +358,7 @@ abstract class CommonObject /** * @var string * @deprecated - * @see model_pdf + * @see $model_pdf */ public $modelpdf; @@ -1148,7 +1148,7 @@ abstract class CommonObject if ($fk_socpeople) { $sql .= ", fk_socpeople = ".((int) $fk_socpeople); } - $sql .= " where rowid = ".$rowid; + $sql .= " where rowid = ".((int) $rowid); $resql = $this->db->query($sql); if ($resql) { return 0; @@ -1175,7 +1175,7 @@ abstract class CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."element_contact"; - $sql .= " WHERE rowid =".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::delete_contact", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1548,7 +1548,7 @@ abstract class CommonObject $sql .= " ".MAIN_DB_PREFIX."socpeople as c,"; } $sql .= " ".MAIN_DB_PREFIX."c_type_contact as tc"; - $sql .= " WHERE ec.element_id = ".$id; + $sql .= " WHERE ec.element_id = ".((int) $id); $sql .= " AND ec.fk_socpeople = c.rowid"; if ($source == 'internal') { $sql .= " AND c.entity IN (".getEntity('user').")"; @@ -1564,7 +1564,7 @@ abstract class CommonObject } $sql .= " AND tc.active = 1"; if ($status) { - $sql .= " AND ec.statut = ".$status; + $sql .= " AND ec.statut = ".((int) $status); } dol_syslog(get_class($this)."::getIdContact", LOG_DEBUG); @@ -1706,7 +1706,7 @@ abstract class CommonObject if (empty($this->barcode_type) || empty($this->barcode_type_code) || empty($this->barcode_type_label) || empty($this->barcode_type_coder)) { // If data not already loaded $sql = "SELECT rowid, code, libelle as label, coder"; $sql .= " FROM ".MAIN_DB_PREFIX."c_barcode_type"; - $sql .= " WHERE rowid = ".$idtype; + $sql .= " WHERE rowid = ".((int) $idtype); dol_syslog(get_class($this).'::fetch_barcode', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1939,7 +1939,7 @@ abstract class CommonObject } } - $sql .= " WHERE ".$id_field." = ".$id; + $sql .= " WHERE ".$id_field." = ".((int) $id); dol_syslog(__METHOD__."", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2201,22 +2201,22 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; if (!empty($this->fields['fk_project'])) { // Common case if ($projectid) { - $sql .= ' SET fk_project = '.$projectid; + $sql .= ' SET fk_project = '.((int) $projectid); } else { $sql .= ' SET fk_project = NULL'; } - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' WHERE rowid = '.((int) $this->id); } elseif ($this->table_element == 'actioncomm') { // Special case for actioncomm if ($projectid) { - $sql .= ' SET fk_project = '.$projectid; + $sql .= ' SET fk_project = '.((int) $projectid); } else { $sql .= ' SET fk_project = NULL'; } - $sql .= ' WHERE id = '.$this->id; + $sql .= ' WHERE id = '.((int) $this->id); } else // Special case for old architecture objects { if ($projectid) { - $sql .= ' SET fk_projet = '.$projectid; + $sql .= ' SET fk_projet = '.((int) $projectid); } else { $sql .= ' SET fk_projet = NULL'; } @@ -2225,7 +2225,7 @@ abstract class CommonObject dol_syslog(get_class($this)."::setProject", LOG_DEBUG); if ($this->db->query($sql)) { - $this->fk_project = $projectid; + $this->fk_project = ((int) $projectid); return 1; } else { dol_print_error($this->db); @@ -2332,7 +2332,7 @@ abstract class CommonObject $fieldname = 'multicurrency_tx'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.$rate; + $sql .= ' SET '.$fieldname.' = '.((float) $rate); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2617,7 +2617,7 @@ abstract class CommonObject $fieldname = 'retained_warranty_fk_cond_reglement'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.$id; + $sql .= ' SET '.$fieldname.' = '.((int) $id); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2649,7 +2649,7 @@ abstract class CommonObject $fieldname = 'fk_address'; } - $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ".$fieldname." = ".$id; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ".$fieldname." = ".((int) $id); $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; if ($this->db->query($sql)) { @@ -2695,7 +2695,7 @@ abstract class CommonObject dol_syslog(get_class($this).'::setShippingMethod('.$shipping_method_id.')'); $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET fk_shipping_method = ".$shipping_method_id; + $sql .= " SET fk_shipping_method = ".((int) $shipping_method_id); $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -2742,7 +2742,7 @@ abstract class CommonObject dol_syslog(get_class($this).'::setWarehouse('.$warehouse_id.')'); $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET fk_warehouse = ".$warehouse_id; + $sql .= " SET fk_warehouse = ".((int) $warehouse_id); $sql .= " WHERE rowid=".((int) $this->id); if ($this->db->query($sql)) { @@ -2819,7 +2819,7 @@ abstract class CommonObject dol_syslog(get_class($this).'::setBankAccount('.$fk_account.')'); $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET fk_account = ".$fk_account; + $sql .= " SET fk_account = ".((int) $fk_account); $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); @@ -3062,11 +3062,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; $sql .= ' AND rang = '.($rang - 1); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang - 1); + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -3093,11 +3093,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND rang = '.($rang + 1); + $sql .= ' AND rang = '.((int) ($rang + 1)); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang + 1); + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -4047,7 +4047,7 @@ abstract class CommonObject global $db; - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.$fk_object_where; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where); $resql = $db->query($sql); if (empty($resql)) { @@ -4221,7 +4221,7 @@ abstract class CommonObject public function getSpecialCode($lineid) { $sql = 'SELECT special_code FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE rowid = '.$lineid; + $sql .= ' WHERE rowid = '.((int) $lineid); $resql = $this->db->query($sql); if ($resql) { $row = $this->db->fetch_row($resql); @@ -4263,7 +4263,7 @@ abstract class CommonObject //print $id.'-'.$table.'-'.$elementname.'
'; // Check if third party can be deleted $sql = "SELECT COUNT(*) as nb from ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE ".$this->fk_element." = ".$id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -7656,7 +7656,7 @@ abstract class CommonObject public static function commonReplaceThirdparty(DoliDB $db, $origin_id, $dest_id, array $tables, $ignoreerrors = 0) { foreach ($tables as $table) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.$dest_id.' WHERE fk_soc = '.$origin_id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.((int) $dest_id).' WHERE fk_soc = '.((int) $origin_id); if (!$db->query($sql)) { if ($ignoreerrors) { @@ -8411,7 +8411,7 @@ abstract class CommonObject // If we have a field ref with a default value of (PROV) if (!$error) { if (key_exists('ref', $this->fields) && $this->fields['ref']['notnull'] > 0 && !is_null($this->fields['ref']['default']) && $this->fields['ref']['default'] == '(PROV)') { - $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ref = '(PROV".$this->id.")' WHERE (ref = '(PROV)' OR ref = '') AND rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ref = '(PROV".$this->id.")' WHERE (ref = '(PROV)' OR ref = '') AND rowid = ".((int) $this->id); $resqlupdate = $this->db->query($sql); if ($resqlupdate === false) { @@ -9267,7 +9267,7 @@ abstract class CommonObject } $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files"; - $sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id; + $sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); diff --git a/htdocs/core/class/ctypent.class.php b/htdocs/core/class/ctypent.class.php index 01a6eb5e697..c8421c54b1f 100644 --- a/htdocs/core/class/ctypent.class.php +++ b/htdocs/core/class/ctypent.class.php @@ -163,7 +163,6 @@ class Ctypent // extends CommonObject */ public function fetch($id, $code = '', $label = '') { - global $langs; $sql = "SELECT"; $sql .= " t.id,"; $sql .= " t.code,"; @@ -173,7 +172,7 @@ class Ctypent // extends CommonObject $sql .= " t.module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_typent as t"; if ($id) { - $sql .= " WHERE t.id = ".$id; + $sql .= " WHERE t.id = ".((int) $id); } elseif ($code) { $sql .= " WHERE t.code = '".$this->db->escape($code)."'"; } elseif ($label) { diff --git a/htdocs/core/class/ctyperesource.class.php b/htdocs/core/class/ctyperesource.class.php index 6ba04c044e9..b0a604e9e28 100644 --- a/htdocs/core/class/ctyperesource.class.php +++ b/htdocs/core/class/ctyperesource.class.php @@ -165,15 +165,12 @@ class Ctyperesource $sql = 'SELECT'; $sql .= ' t.rowid,'; - $sql .= " t.code,"; $sql .= " t.label,"; $sql .= " t.active"; - - $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if ($id) { - $sql .= " WHERE t.id = ".$id; + $sql .= " WHERE t.id = ".((int) $id); } elseif ($code) { $sql .= " WHERE t.code = '".$this->db->escape($code)."'"; } elseif ($label) { diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 4afcf295d40..63ef3dc1153 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -337,11 +337,11 @@ class DiscountAbsolute // Delete but only if not used $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_remise_except "; if ($this->fk_facture_source) { - $sql .= " WHERE fk_facture_source = ".$this->fk_facture_source; // Delete all lines of same serie + $sql .= " WHERE fk_facture_source = ".((int) $this->fk_facture_source); // Delete all lines of same serie } elseif ($this->fk_invoice_supplier_source) { - $sql .= " WHERE fk_invoice_supplier_source = ".$this->fk_invoice_supplier_source; // Delete all lines of same serie + $sql .= " WHERE fk_invoice_supplier_source = ".((int) $this->fk_invoice_supplier_source); // Delete all lines of same serie } else { - $sql .= " WHERE rowid = ".$this->id; // Delete only line + $sql .= " WHERE rowid = ".((int) $this->id); // Delete only line } $sql .= " AND (fk_facture_line IS NULL"; // Not used as absolute simple discount $sql .= " AND fk_facture IS NULL)"; // Not used as credit note and not used as deposit @@ -421,17 +421,17 @@ class DiscountAbsolute $sql = "UPDATE ".MAIN_DB_PREFIX."societe_remise_except"; if (!empty($this->discount_type)) { if ($rowidline) { - $sql .= " SET fk_invoice_supplier_line = ".$rowidline; + $sql .= " SET fk_invoice_supplier_line = ".((int) $rowidline); } if ($rowidinvoice) { - $sql .= " SET fk_invoice_supplier = ".$rowidinvoice; + $sql .= " SET fk_invoice_supplier = ".((int) $rowidinvoice); } } else { if ($rowidline) { - $sql .= " SET fk_facture_line = ".$rowidline; + $sql .= " SET fk_facture_line = ".((int) $rowidline); } if ($rowidinvoice) { - $sql .= " SET fk_facture = ".$rowidinvoice; + $sql .= " SET fk_facture = ".((int) $rowidinvoice); } } $sql .= " WHERE rowid = ".$this->id; diff --git a/htdocs/core/class/dolreceiptprinter.class.php b/htdocs/core/class/dolreceiptprinter.class.php index 49eda053b8d..6ac331167d3 100644 --- a/htdocs/core/class/dolreceiptprinter.class.php +++ b/htdocs/core/class/dolreceiptprinter.class.php @@ -784,7 +784,7 @@ class dolReceiptPrinter extends Printer $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id; + $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id); $sql .= " ORDER BY p.datep"; $resql = $this->db->query($sql); if ($resql) { @@ -879,7 +879,7 @@ class dolReceiptPrinter extends Printer $error = 0; $sql = 'SELECT rowid, name, fk_type, fk_profile, parameter'; $sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt'; - $sql .= ' WHERE rowid = '.$printerid; + $sql .= ' WHERE rowid = '.((int) $printerid); $sql .= ' AND entity = '.$conf->entity; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/class/fiscalyear.class.php b/htdocs/core/class/fiscalyear.class.php index 566407cffc4..7356e53dc0a 100644 --- a/htdocs/core/class/fiscalyear.class.php +++ b/htdocs/core/class/fiscalyear.class.php @@ -196,8 +196,8 @@ class Fiscalyear extends CommonObject $sql .= ", date_start = '".$this->db->idate($this->date_start)."'"; $sql .= ", date_end = ".($this->date_end ? "'".$this->db->idate($this->date_end)."'" : "null"); $sql .= ", statut = '".$this->db->escape($this->statut ? $this->statut : 0)."'"; - $sql .= ", fk_user_modif = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ", fk_user_modif = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index df9c8488553..60234fa0d70 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -16,7 +16,7 @@ * Copyright (C) 2012 Cedric Salvador * Copyright (C) 2012-2015 Raphaël Doursenaud * Copyright (C) 2014-2020 Alexandre Spangaro - * Copyright (C) 2018 Ferran Marcet + * Copyright (C) 2018-2021 Ferran Marcet * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2018 Nicolas ZABOURI * Copyright (C) 2018 Christophe Battarel @@ -3536,7 +3536,7 @@ class Form // looking for users $sql = "SELECT a.rowid, a.label"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_address as a"; - $sql .= " WHERE a.fk_soc = ".$socid; + $sql .= " WHERE a.fk_soc = ".((int) $socid); $sql .= " ORDER BY a.label ASC"; dol_syslog(get_class($this)."::select_address", LOG_DEBUG); @@ -7745,7 +7745,7 @@ class Form print ''; print ''; print ''; - print ''; + print ''; print ''; + } else { + print '
'; + } + } + + // Date signature + if (!empty($object->date_signature)) { + if ($usetable) { + print ''; + } else { + print '
'; + } + } + // User close if (!empty($object->user_cloture) || !empty($object->user_closing)) { if (isset($object->user_cloture) && !empty($object->user_cloture)) { diff --git a/htdocs/core/lib/invoice2.lib.php b/htdocs/core/lib/invoice2.lib.php index e6680293b64..c5e2aeb0a16 100644 --- a/htdocs/core/lib/invoice2.lib.php +++ b/htdocs/core/lib/invoice2.lib.php @@ -96,7 +96,7 @@ function rebuild_merge_pdf($db, $langs, $conf, $diroutputpdf, $newlangid, $filte } if (in_array('bank', $filter)) { $sqlwhere .= " AND p.fk_bank = b.rowid"; - $sqlwhere .= " AND b.fk_account = ".$paymentbankid; + $sqlwhere .= " AND b.fk_account = ".((int) $paymentbankid); } $sqlorder = " ORDER BY p.datep ASC"; } diff --git a/htdocs/core/lib/price.lib.php b/htdocs/core/lib/price.lib.php index 3a73f47a6a0..9be293a81ab 100644 --- a/htdocs/core/lib/price.lib.php +++ b/htdocs/core/lib/price.lib.php @@ -151,8 +151,8 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt $sql = "SELECT taux, localtax1, localtax2, localtax1_type, localtax2_type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as cv"; - $sql .= " WHERE cv.taux = ".$txtva; - $sql .= " AND cv.fk_pays = ".$countryid; + $sql .= " WHERE cv.taux = ".((float) $txtva); + $sql .= " AND cv.fk_pays = ".((int) $countryid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php index 170202717c8..bf3b9f3dd07 100644 --- a/htdocs/core/lib/website.lib.php +++ b/htdocs/core/lib/website.lib.php @@ -846,9 +846,9 @@ function getPagesFromSearchCriterias($type, $algo, $searchstring, $max = 25, $so if (is_array($otherfilters) && !empty($otherfilters['category'])) { $sql .= ', '.MAIN_DB_PREFIX.'categorie_website_page as cwp'; } - $sql .= " WHERE wp.fk_website = ".$website->id; + $sql .= " WHERE wp.fk_website = ".((int) $website->id); if ($status >= 0) { - $sql .= " AND wp.status = ".$status; + $sql .= " AND wp.status = ".((int) $status); } if ($langcode) { $sql .= " AND wp.lang ='".$db->escape($langcode)."'"; diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 99fcea707e2..be02fb46408 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -322,7 +322,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'bank', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "bank") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => img_picto('', 'bank', 'class="fa-fw paddingright"'), + 'prefix' => img_picto('', 'bank_account', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "bank") ? 0 : 1), 'loadLangs' => array("compta", "banks"), 'submenus' => array(), @@ -347,7 +347,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'accountancy', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "accountancy") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => img_picto('', 'account', 'class="fa-fw paddingright"'), + 'prefix' => img_picto('', 'accountancy', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "accountancy") ? 0 : 1), 'loadLangs' => array("compta", "accountancy", "assets", "intracommreport"), 'submenus' => array(), diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 3d3009fd667..b92937cdada 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -1696,7 +1696,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it // Search if perm already present $sql = "SELECT count(*) as nb FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE id = ".$r_id." AND entity = ".$entity; + $sql .= " WHERE id = ".((int) $r_id)." AND entity = ".((int) $entity); $resqlselect = $this->db->query($sql); if ($resqlselect) { diff --git a/htdocs/core/modules/expensereport/mod_expensereport_jade.php b/htdocs/core/modules/expensereport/mod_expensereport_jade.php index bbe2245a97d..b25ac15345b 100644 --- a/htdocs/core/modules/expensereport/mod_expensereport_jade.php +++ b/htdocs/core/modules/expensereport/mod_expensereport_jade.php @@ -163,7 +163,7 @@ class mod_expensereport_jade extends ModeleNumRefExpenseReport } $newref = str_replace(' ', '_', $user_author_infos).$expld_car.$prefix.$newref.$expld_car.dol_print_date($object->date_debut, '%y%m%d'); - $sqlbis = 'UPDATE '.MAIN_DB_PREFIX.'expensereport SET ref_number_int = '.$ref_number_int.' WHERE rowid = '.$object->id; + $sqlbis = 'UPDATE '.MAIN_DB_PREFIX.'expensereport SET ref_number_int = '.((int) $ref_number_int).' WHERE rowid = '.((int) $object->id); $resqlbis = $db->query($sqlbis); if (!$resqlbis) { dol_print_error($resqlbis); diff --git a/htdocs/core/modules/facture/mod_facture_mars.php b/htdocs/core/modules/facture/mod_facture_mars.php index cd36b4d322a..c7a69a82caa 100644 --- a/htdocs/core/modules/facture/mod_facture_mars.php +++ b/htdocs/core/modules/facture/mod_facture_mars.php @@ -55,6 +55,7 @@ class mod_facture_mars extends ModeleNumRefFactures */ public function __construct() { + global $conf; if (!empty($conf->global->INVOICE_NUMBERING_MARS_FORCE_PREFIX)) { $this->prefixinvoice = $conf->global->INVOICE_NUMBERING_MARS_FORCE_PREFIX; } diff --git a/htdocs/core/modules/facture/mod_facture_terre.php b/htdocs/core/modules/facture/mod_facture_terre.php index 2f142a1adc7..f3e38cf7db7 100644 --- a/htdocs/core/modules/facture/mod_facture_terre.php +++ b/htdocs/core/modules/facture/mod_facture_terre.php @@ -65,6 +65,7 @@ class mod_facture_terre extends ModeleNumRefFactures */ public function __construct() { + global $conf; if (!empty($conf->global->INVOICE_NUMBERING_TERRE_FORCE_PREFIX)) { $this->prefixinvoice = $conf->global->INVOICE_NUMBERING_TERRE_FORCE_PREFIX; } diff --git a/htdocs/core/modules/import/import_csv.modules.php b/htdocs/core/modules/import/import_csv.modules.php index 63a28fbe3d2..1768029b97e 100644 --- a/htdocs/core/modules/import/import_csv.modules.php +++ b/htdocs/core/modules/import/import_csv.modules.php @@ -790,7 +790,7 @@ class ImportCsv extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlSelect .= ' WHERE '.$keyfield.' = '.$lastinsertid; + $sqlSelect .= ' WHERE '.$keyfield.' = '.((int) $lastinsertid); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -824,7 +824,7 @@ class ImportCsv extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlend = ' WHERE '.$keyfield.' = '.$lastinsertid; + $sqlend = ' WHERE '.$keyfield.' = '.((int) $lastinsertid); $sql = $sqlstart.$sqlend; diff --git a/htdocs/core/modules/import/import_xlsx.modules.php b/htdocs/core/modules/import/import_xlsx.modules.php index 257e8f5253e..bc146c5ece7 100644 --- a/htdocs/core/modules/import/import_xlsx.modules.php +++ b/htdocs/core/modules/import/import_xlsx.modules.php @@ -830,7 +830,7 @@ class ImportXlsx extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlSelect .= ' WHERE ' . $keyfield . ' = ' . $lastinsertid; + $sqlSelect .= ' WHERE ' . $keyfield . ' = ' .((int) $lastinsertid); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -864,7 +864,7 @@ class ImportXlsx extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlend = ' WHERE ' . $keyfield . ' = ' . $lastinsertid; + $sqlend = ' WHERE ' . $keyfield . ' = '.((int) $lastinsertid); $sql = $sqlstart . $sqlend; diff --git a/htdocs/core/modules/mailings/modules_mailings.php b/htdocs/core/modules/mailings/modules_mailings.php index cb7eb93b074..7c0aa2b19b5 100644 --- a/htdocs/core/modules/mailings/modules_mailings.php +++ b/htdocs/core/modules/mailings/modules_mailings.php @@ -132,14 +132,14 @@ class MailingTargets // This can't be abstract as it is used for some method // phpcs:enable // Mise a jour nombre de destinataire dans table des mailings $sql = "SELECT COUNT(*) nb FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$mailing_id; + $sql .= " WHERE fk_mailing = ".((int) $mailing_id); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); $nb = $obj->nb; $sql = "UPDATE ".MAIN_DB_PREFIX."mailing"; - $sql .= " SET nbemail = ".$nb." WHERE rowid = ".$mailing_id; + $sql .= " SET nbemail = ".$nb." WHERE rowid = ".((int) $mailing_id); if (!$this->db->query($sql)) { dol_syslog($this->db->error()); $this->error = $this->db->error(); @@ -250,7 +250,7 @@ class MailingTargets // This can't be abstract as it is used for some method { // phpcs:enable $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$mailing_id; + $sql .= " WHERE fk_mailing = ".((int) $mailing_id); if (!$this->db->query($sql)) { dol_syslog($this->db->error()); diff --git a/htdocs/core/modules/modAccounting.class.php b/htdocs/core/modules/modAccounting.class.php index 15710d71dfa..ce984d8b374 100644 --- a/htdocs/core/modules/modAccounting.class.php +++ b/htdocs/core/modules/modAccounting.class.php @@ -285,15 +285,15 @@ class modAccounting extends DolibarrModules //'b.doc_type'=>'Doctype', 'b.doc_ref'=>'Piece', 'b.code_journal'=>'Codejournal', - //'b.journal_label'=>'JournalLabel', + 'b.journal_label'=>'JournalLabel', 'b.numero_compte'=>'AccountAccounting', - //'b.label_compte'=>'LabelAccount', + 'b.label_compte'=>'LabelAccount', 'b.subledger_account'=>'SubledgerAccount', 'b.subledger_label'=>'SubledgerAccountLabel', 'b.label_operation'=>'LabelOperation', 'b.debit'=>"Debit", 'b.credit'=>"Credit", - 'b.sens'=>'Direction' // This field is still used by accounting export. We can remove it once it has been replace into accountancyexport.class.php by a detection using ->debit and ->credit + 'b.sens'=>'Direction' // This field is still used by accounting export. We can remove it once it has been replaced into accountancyexport.class.php by a detection using ->debit and ->credit ); $this->import_fieldshidden_array[$r] = array('b.doc_type'=>'const-import_from_external', 'b.fk_doc'=>'const-0', 'b.fk_docdet'=>'const-0', 'b.fk_user_author'=>'user->id', 'b.date_creation'=>'const-'.dol_print_date(dol_now(), 'standard')); // aliastable.field => ('user->id' or 'lastrowid-'.tableparent) $this->import_regex_array[$r] = array('b.doc_date'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$'); @@ -303,9 +303,9 @@ class modAccounting extends DolibarrModules //'b.doc_type'=>'import', 'b.doc_ref'=>'My document ABC', 'b.code_journal'=>"VTE", - //'b.journal_label'=>"Sale journal", + 'b.journal_label'=>"Sale journal", 'b.numero_compte'=>"707", - //'b.label_compte'=>'Product account 707', + 'b.label_compte'=>'Product account 707', 'b.subledger_account'=>'', 'b.subledger_label'=>'', 'b.label_operation'=>"Sale of ABC", diff --git a/htdocs/core/modules/modApi.class.php b/htdocs/core/modules/modApi.class.php index 0c6ebeb6f37..0f77a67c33b 100644 --- a/htdocs/core/modules/modApi.class.php +++ b/htdocs/core/modules/modApi.class.php @@ -245,8 +245,8 @@ class modApi extends DolibarrModules { // Remove old constants with entity fields different of 0 $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = ".$this->db->encrypt('MAIN_MODULE_API', 1), - "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = ".$this->db->encrypt('API_PRODUCTION_MODE', 1) + "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$this->db->escape($this->db->encrypt('MAIN_MODULE_API'))."'", + "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$this->db->escape($this->db->encrypt('API_PRODUCTION_MODE'))."'" ); return $this->_remove($sql, $options); diff --git a/htdocs/core/modules/modCashDesk.class.php b/htdocs/core/modules/modCashDesk.class.php index 8e9ca1131b9..ba6c7ddce6c 100644 --- a/htdocs/core/modules/modCashDesk.class.php +++ b/htdocs/core/modules/modCashDesk.class.php @@ -98,6 +98,8 @@ class modCashDesk extends DolibarrModules 'type'=>'top', // This is a Top menu entry 'titre'=>'PointOfSaleShort', 'mainmenu'=>'cashdesk', + 'leftmenu'=>'', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth"'), 'url'=>'/cashdesk/index.php?user=__USER_LOGIN__', 'langs'=>'cashdesk', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position'=>900, diff --git a/htdocs/core/modules/modFacture.class.php b/htdocs/core/modules/modFacture.class.php index 25653fb216a..a88a18df131 100644 --- a/htdocs/core/modules/modFacture.class.php +++ b/htdocs/core/modules/modFacture.class.php @@ -207,7 +207,7 @@ class modFacture extends DolibarrModules //-------- $r = 1; - $alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p"; + $alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa"; $this->export_code[$r] = $this->rights_class.'_'.$r; $this->export_label[$r] = 'CustomersInvoicesAndInvoiceLines'; // Translation key (used only if key ExportDataset_xxx_z not found) $this->export_icon[$r] = 'invoice'; @@ -228,7 +228,7 @@ class modFacture extends DolibarrModules 'fd.subprice'=>"LineUnitPrice", 'fd.tva_tx'=>"LineVATRate", 'fd.qty'=>"LineQty", 'fd.total_ht'=>"LineTotalHT", 'fd.total_tva'=>"LineTotalVAT", 'fd.total_ttc'=>"LineTotalTTC", 'fd.date_start'=>"DateStart", 'fd.date_end'=>"DateEnd", 'fd.special_code'=>'SpecialCode', 'fd.product_type'=>"TypeOfLineServiceOrProduct", 'fd.fk_product'=>'ProductId', 'p.ref'=>'ProductRef', 'p.label'=>'ProductLabel', - $alias_product_accounting . '.accountancy_code_sell'=>'ProductAccountancySellCode' + $alias_product_perentity . '.accountancy_code_sell'=>'ProductAccountancySellCode' ); if (!empty($conf->multicurrency->enabled)) { $this->export_fields_array[$r]['f.multicurrency_code'] = 'Currency'; @@ -251,7 +251,7 @@ class modFacture extends DolibarrModules 'pj.ref'=>'Text', 'pj.title'=>'Text', 'fd.rowid'=>'Numeric', 'fd.label'=>'Text', 'fd.description'=>"Text", 'fd.subprice'=>"Numeric", 'fd.tva_tx'=>"Numeric", 'fd.qty'=>"Numeric", 'fd.total_ht'=>"Numeric", 'fd.total_tva'=>"Numeric", 'fd.total_ttc'=>"Numeric", 'fd.date_start'=>"Date", 'fd.date_end'=>"Date", 'fd.special_code'=>'Numeric', 'fd.product_type'=>"Numeric", 'fd.fk_product'=>'List:product:label', 'p.ref'=>'Text', 'p.label'=>'Text', - $alias_product_accounting . '.accountancy_code_sell'=>'Text' + $alias_product_perentity . '.accountancy_code_sell'=>'Text' ); if (!empty($conf->cashdesk->enabled) || !empty($conf->takepos->enabled) || !empty($conf->global->INVOICE_SHOW_POS)) { $this->export_TypeFields_array[$r]['f.module_source'] = 'Text'; @@ -263,7 +263,7 @@ class modFacture extends DolibarrModules 's.tva_intra'=>'company', 'pj.ref'=>'project', 'pj.title'=>'project', 'fd.rowid'=>'invoice_line', 'fd.label'=>"invoice_line", 'fd.description'=>"invoice_line", 'fd.subprice'=>"invoice_line", 'fd.total_ht'=>"invoice_line", 'fd.total_tva'=>"invoice_line", 'fd.total_ttc'=>"invoice_line", 'fd.tva_tx'=>"invoice_line", 'fd.qty'=>"invoice_line", 'fd.date_start'=>"invoice_line", 'fd.date_end'=>"invoice_line", 'fd.special_code'=>'invoice_line', - 'fd.product_type'=>'invoice_line', 'fd.fk_product'=>'product', 'p.ref'=>'product', 'p.label'=>'product', $alias_product_accounting . '.accountancy_code_sell'=>'product', + 'fd.product_type'=>'invoice_line', 'fd.fk_product'=>'product', 'p.ref'=>'product', 'p.label'=>'product', $alias_product_perentity . '.accountancy_code_sell'=>'product', 'f.fk_user_author'=>'user', 'uc.login'=>'user', 'f.fk_user_valid'=>'user', 'uv.login'=>'user' ); $this->export_special_array[$r] = array('none.rest'=>'getRemainToPay'); @@ -296,7 +296,7 @@ class modFacture extends DolibarrModules $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'facturedet_extrafields as extra2 on fd.rowid = extra2.fk_object'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p on (fd.fk_product = p.rowid)'; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra3 on p.rowid = extra3.fk_object'; $this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid AND f.rowid = fd.fk_facture'; diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index 85cf49ebf73..fd1c7cceca0 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -176,7 +176,8 @@ class modProduct extends DolibarrModules //-------- $r = 0; - $alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p"; + $alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa"; + $r++; $this->export_code[$r] = $this->rights_class.'_'.$r; $this->export_label[$r] = "Products"; // Translation key (used only if key ExportDataset_xxx_z not found) @@ -186,9 +187,9 @@ class modProduct extends DolibarrModules 'p.fk_product_type'=>'Type', 'p.tosell'=>"OnSell", 'p.tobuy'=>"OnBuy", 'p.description'=>"Description", 'p.url'=>"PublicUrl", 'p.customcode'=>'CustomCode', 'p.fk_country'=>'IDCountry', - $alias_product_accounting . '.accountancy_code_sell'=>"ProductAccountancySellCode", $alias_product_accounting . '.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode", - $alias_product_accounting . '.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", $alias_product_accounting . '.accountancy_code_buy'=>"ProductAccountancyBuyCode", - $alias_product_accounting . '.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", $alias_product_accounting . '.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode", + $alias_product_perentity . '.accountancy_code_sell'=>"ProductAccountancySellCode", $alias_product_perentity . '.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode", + $alias_product_perentity . '.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", $alias_product_perentity . '.accountancy_code_buy'=>"ProductAccountancyBuyCode", + $alias_product_perentity . '.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", $alias_product_perentity . '.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode", 'p.note'=>"NotePrivate", 'p.note_public'=>'NotePublic', 'p.weight'=>"Weight", 'p.weight_units'=>"WeightUnits", 'p.length'=>"Length", 'p.length_units'=>"LengthUnits", 'p.width'=>"Width", 'p.width_units'=>"WidthUnits", 'p.height'=>"Height", 'p.height_units'=>"HeightUnits", 'p.surface'=>"Surface", 'p.surface_units'=>"SurfaceUnits", 'p.volume'=>"Volume", 'p.volume_units'=>"VolumeUnits", @@ -231,8 +232,8 @@ class modProduct extends DolibarrModules 'p.ref'=>"Text", 'p.label'=>"Text", 'p.fk_product_type'=>'Numeric', 'p.tosell'=>"Boolean", 'p.tobuy'=>"Boolean", 'p.description'=>"Text", 'p.url'=>"Text", - $alias_product_accounting . '.accountancy_code_sell'=>"Text", $alias_product_accounting . '.accountancy_code_sell_intra'=>"Text", $alias_product_accounting . '.accountancy_code_sell_export'=>"Text", - $alias_product_accounting . '.accountancy_code_buy'=>"Text", $alias_product_accounting . '.accountancy_code_buy_intra'=>"Text", $alias_product_accounting . '.accountancy_code_buy_export'=>"Text", + $alias_product_perentity . '.accountancy_code_sell'=>"Text", $alias_product_perentity . '.accountancy_code_sell_intra'=>"Text", $alias_product_perentity . '.accountancy_code_sell_export'=>"Text", + $alias_product_perentity . '.accountancy_code_buy'=>"Text", $alias_product_perentity . '.accountancy_code_buy_intra'=>"Text", $alias_product_perentity . '.accountancy_code_buy_export'=>"Text", 'p.note'=>"Text", 'p.note_public'=>"Text", 'p.weight'=>"Numeric", 'p.length'=>"Numeric", 'p.width'=>"Numeric", 'p.height'=>"Numeric", 'p.surface'=>"Numeric", 'p.volume'=>"Numeric", 'p.customcode'=>'Text', @@ -295,7 +296,7 @@ class modProduct extends DolibarrModules $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'product as p'; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } if (!empty($conf->global->EXPORTTOOL_CATEGORIES)) { $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_product as cp ON cp.fk_product = p.rowid LEFT JOIN '.MAIN_DB_PREFIX.'categorie as cat ON cp.fk_categorie = cat.rowid'; @@ -390,9 +391,9 @@ class modProduct extends DolibarrModules $this->export_permission[$r] = array(array("produit", "export")); $this->export_fields_array[$r] = array( 'p.rowid'=>"Id", 'p.ref'=>"Ref", 'p.label'=>"Label", 'p.description'=>"Description", 'p.url'=>"PublicUrl", - $alias_product_accounting . '.accountancy_code_sell'=>"ProductAccountancySellCode", $alias_product_accounting . '.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode", - $alias_product_accounting . '.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", $alias_product_accounting . '.accountancy_code_buy'=>"ProductAccountancyBuyCode", - $alias_product_accounting . '.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", $alias_product_accounting . '.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode", + $alias_product_perentity . '.accountancy_code_sell'=>"ProductAccountancySellCode", $alias_product_perentity . '.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode", + $alias_product_perentity . '.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", $alias_product_perentity . '.accountancy_code_buy'=>"ProductAccountancyBuyCode", + $alias_product_perentity . '.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", $alias_product_perentity . '.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode", 'p.note'=>"NotePrivate", 'p.note_public'=>'NotePublic', 'p.weight'=>"Weight", 'p.length'=>"Length", 'p.surface'=>"Surface", 'p.volume'=>"Volume", 'p.customcode'=>'CustomCode', 'p.price_base_type'=>"PriceBase", 'p.price'=>"UnitPriceHT", 'p.price_ttc'=>"UnitPriceTTC", 'p.tva_tx'=>'VATRate', 'p.tosell'=>"OnSell", @@ -407,8 +408,8 @@ class modProduct extends DolibarrModules $this->export_fields_array[$r] = array_merge($this->export_fields_array[$r], array('pa.qty'=>'Qty', 'pa.incdec'=>'ComposedProductIncDecStock')); $this->export_TypeFields_array[$r] = array( 'p.ref'=>"Text", 'p.label'=>"Text", 'p.description'=>"Text", 'p.url'=>"Text", - $alias_product_accounting . '.accountancy_code_sell'=>"Text", $alias_product_accounting . '.accountancy_code_sell_intra'=>"Text", $alias_product_accounting . '.accountancy_code_sell_export'=>"Text", - $alias_product_accounting . '.accountancy_code_buy'=>"Text", $alias_product_accounting . '.accountancy_code_buy_intra'=>"Text", $alias_product_accounting . '.accountancy_code_buy_export'=>"Text", + $alias_product_perentity . '.accountancy_code_sell'=>"Text", $alias_product_perentity . '.accountancy_code_sell_intra'=>"Text", $alias_product_perentity . '.accountancy_code_sell_export'=>"Text", + $alias_product_perentity . '.accountancy_code_buy'=>"Text", $alias_product_perentity . '.accountancy_code_buy_intra'=>"Text", $alias_product_perentity . '.accountancy_code_buy_export'=>"Text", 'p.note'=>"Text", 'p.note_public'=>"Text", 'p.weight'=>"Numeric", 'p.length'=>"Numeric", 'p.surface'=>"Numeric", 'p.volume'=>"Numeric", 'p.customcode'=>'Text', 'p.price_base_type'=>"Text", 'p.price'=>"Numeric", 'p.price_ttc'=>"Numeric", 'p.tva_tx'=>'Numeric', 'p.tosell'=>"Boolean", 'p.tobuy'=>"Boolean", @@ -423,8 +424,8 @@ class modProduct extends DolibarrModules $this->export_TypeFields_array[$r] = array_merge($this->export_TypeFields_array[$r], array('pa.qty'=>'Numeric')); $this->export_entities_array[$r] = array( 'p.rowid'=>"virtualproduct", 'p.ref'=>"virtualproduct", 'p.label'=>"virtualproduct", 'p.description'=>"virtualproduct", 'p.url'=>"virtualproduct", - $alias_product_accounting . '.accountancy_code_sell'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_sell_intra'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_sell_export'=>'virtualproduct', - $alias_product_accounting . '.accountancy_code_buy'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_buy_intra'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_buy_export'=>'virtualproduct', + $alias_product_perentity . '.accountancy_code_sell'=>'virtualproduct', $alias_product_perentity . '.accountancy_code_sell_intra'=>'virtualproduct', $alias_product_perentity . '.accountancy_code_sell_export'=>'virtualproduct', + $alias_product_perentity . '.accountancy_code_buy'=>'virtualproduct', $alias_product_perentity . '.accountancy_code_buy_intra'=>'virtualproduct', $alias_product_perentity . '.accountancy_code_buy_export'=>'virtualproduct', 'p.note'=>"virtualproduct", 'p.length'=>"virtualproduct", 'p.surface'=>"virtualproduct", 'p.volume'=>"virtualproduct", 'p.weight'=>"virtualproduct", 'p.customcode'=>'virtualproduct', 'p.price_base_type'=>"virtualproduct", 'p.price'=>"virtualproduct", 'p.price_ttc'=>"virtualproduct", 'p.tva_tx'=>"virtualproduct", @@ -446,7 +447,7 @@ class modProduct extends DolibarrModules $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'product as p'; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } $this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra ON p.rowid = extra.fk_object,'; $this->export_sql_end[$r] .= ' '.MAIN_DB_PREFIX.'product_association as pa, '.MAIN_DB_PREFIX.'product as p2'; @@ -641,7 +642,16 @@ class modProduct extends DolibarrModules } // End add extra fields $this->import_fieldshidden_array[$r] = array('extra.fk_object'=>'lastrowid-'.MAIN_DB_PREFIX.'product'); // aliastable.field => ('user->id' or 'lastrowid-'.tableparent) - + $this->import_regex_array[$r] = array( + 'p.ref'=>'[^ ]', + 'p.price_base_type' => 'HT|TTC', + 'p.tosell'=>'^[0|1]$', + 'p.tobuy'=>'^[0|1]$', + 'p.fk_product_type'=>'^[0|1]$', + 'p.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', + 'p.recuperableonly' => '^[0|1]$', + 'p.finished' => '^[0|1]$' + ); // field order as per structure of table llx_product $import_sample = array( 'p.ref' => "ref:PREF123456", @@ -893,7 +903,7 @@ class modProduct extends DolibarrModules $this->import_convertvalue_array[$r] = array( 'l.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); - $this->import_examplevalues_array[$r] = array('l.fk_product'=>'PRODUCT_REF or id:123456', 'l.lang'=>'en_US', 'l.label'=>'Label in en_US', 'l.description'=>'Desc in en_US'); + $this->import_examplevalues_array[$r] = array('l.fk_product'=>'ref:PRODUCT_REF or id:123456', 'l.lang'=>'en_US', 'l.label'=>'Label in en_US', 'l.description'=>'Desc in en_US'); $this->import_updatekeys_array[$r] = array('l.fk_product'=>'ProductOrService', 'l.lang'=>'Language'); } } diff --git a/htdocs/core/modules/modRecruitment.class.php b/htdocs/core/modules/modRecruitment.class.php index f7cd37c16be..3d4e88872ef 100644 --- a/htdocs/core/modules/modRecruitment.class.php +++ b/htdocs/core/modules/modRecruitment.class.php @@ -62,7 +62,7 @@ class modRecruitment extends DolibarrModules // Used only if file README.md and README-LL.md not found. $this->descriptionlong = "Manage and follow recruitment campaign for new job positions"; // Possible values for version are: 'development', 'experimental', 'dolibarr', 'dolibarr_deprecated' or a version string like 'x.y.z' - $this->version = 'experimental'; + $this->version = 'dolibarr'; // Url to the file with your last numberversion of this module //$this->url_last_version = 'http://www.example.com/versionmodule.txt'; diff --git a/htdocs/core/modules/modService.class.php b/htdocs/core/modules/modService.class.php index dda0447371a..3b21cf046c8 100644 --- a/htdocs/core/modules/modService.class.php +++ b/htdocs/core/modules/modService.class.php @@ -143,7 +143,8 @@ class modService extends DolibarrModules //-------- $r = 0; - $alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p"; + $alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa"; + $r++; $this->export_code[$r] = $this->rights_class.'_'.$r; $this->export_label[$r] = "Services"; // Translation key (used only if key ExportDataset_xxx_z not found) @@ -153,9 +154,9 @@ class modService extends DolibarrModules 'p.fk_product_type'=>'Type', 'p.tosell'=>"OnSell", 'p.tobuy'=>"OnBuy", 'p.description'=>"Description", 'p.url'=>"PublicUrl", 'p.customcode'=>'CustomCode', 'p.fk_country'=>'IDCountry', - $alias_product_accounting . '.accountancy_code_sell'=>"ProductAccountancySellCode", $alias_product_accounting . '.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode", - $alias_product_accounting . '.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", $alias_product_accounting . '.accountancy_code_buy'=>"ProductAccountancyBuyCode", - $alias_product_accounting . '.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", $alias_product_accounting . '.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode", + $alias_product_perentity . '.accountancy_code_sell'=>"ProductAccountancySellCode", $alias_product_perentity . '.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode", + $alias_product_perentity . '.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", $alias_product_perentity . '.accountancy_code_buy'=>"ProductAccountancyBuyCode", + $alias_product_perentity . '.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", $alias_product_perentity . '.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode", 'p.note'=>"NotePrivate", 'p.note_public'=>'NotePublic', 'p.weight'=>"Weight", 'p.length'=>"Length", 'p.width'=>"Width", 'p.height'=>"Height", 'p.surface'=>"Surface", 'p.volume'=>"Volume", 'p.duration'=>"Duration", @@ -196,8 +197,8 @@ class modService extends DolibarrModules 'p.ref'=>"Text", 'p.label'=>"Text", 'p.fk_product_type'=>'Numeric', 'p.tosell'=>"Boolean", 'p.tobuy'=>"Boolean", 'p.description'=>"Text", 'p.url'=>"Text", - $alias_product_accounting . '.accountancy_code_sell'=>"Text", $alias_product_accounting . '.accountancy_code_sell_intra'=>"Text", $alias_product_accounting . '.accountancy_code_sell_export'=>"Text", - $alias_product_accounting . '.accountancy_code_buy'=>"Text", $alias_product_accounting . '.accountancy_code_buy_intra'=>"Text", $alias_product_accounting . '.accountancy_code_buy_export'=>"Text", + $alias_product_perentity . '.accountancy_code_sell'=>"Text", $alias_product_perentity . '.accountancy_code_sell_intra'=>"Text", $alias_product_perentity . '.accountancy_code_sell_export'=>"Text", + $alias_product_perentity . '.accountancy_code_buy'=>"Text", $alias_product_perentity . '.accountancy_code_buy_intra'=>"Text", $alias_product_perentity . '.accountancy_code_buy_export'=>"Text", 'p.note'=>"Text", 'p.note_public'=>"Text", 'p.weight'=>"Numeric", 'p.length'=>"Numeric", 'p.width'=>"Numeric", 'p.height'=>"Numeric", 'p.surface'=>"Numeric", 'p.volume'=>"Numeric", 'p.customcode'=>'Text', @@ -258,7 +259,7 @@ class modService extends DolibarrModules $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'product as p'; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } if (!empty($conf->global->EXPORTTOOL_CATEGORIES)) { $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_product as cp ON cp.fk_product = p.rowid LEFT JOIN '.MAIN_DB_PREFIX.'categorie as cat ON cp.fk_categorie = cat.rowid'; @@ -351,9 +352,9 @@ class modService extends DolibarrModules $this->export_permission[$r] = array(array("service", "export")); $this->export_fields_array[$r] = array( 'p.rowid'=>"Id", 'p.ref'=>"Ref", 'p.label'=>"Label", 'p.description'=>"Description", 'p.url'=>"PublicUrl", - $alias_product_accounting . '.accountancy_code_sell'=>"ProductAccountancySellCode", $alias_product_accounting . '.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode", - $alias_product_accounting . '.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", $alias_product_accounting . '.accountancy_code_buy'=>"ProductAccountancyBuyCode", - $alias_product_accounting . '.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", $alias_product_accounting . '.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode", + $alias_product_perentity . '.accountancy_code_sell'=>"ProductAccountancySellCode", $alias_product_perentity . '.accountancy_code_sell_intra'=>"ProductAccountancySellIntraCode", + $alias_product_perentity . '.accountancy_code_sell_export'=>"ProductAccountancySellExportCode", $alias_product_perentity . '.accountancy_code_buy'=>"ProductAccountancyBuyCode", + $alias_product_perentity . '.accountancy_code_buy_intra'=>"ProductAccountancyBuyIntraCode", $alias_product_perentity . '.accountancy_code_buy_export'=>"ProductAccountancyBuyExportCode", 'p.note'=>"NotePrivate", 'p.note_public'=>'NotePublic', 'p.weight'=>"Weight", 'p.length'=>"Length", 'p.surface'=>"Surface", 'p.volume'=>"Volume", 'p.customcode'=>'CustomCode', 'p.price_base_type'=>"PriceBase", 'p.price'=>"UnitPriceHT", 'p.price_ttc'=>"UnitPriceTTC", 'p.tva_tx'=>'VATRate', 'p.tosell'=>"OnSell", @@ -368,8 +369,8 @@ class modService extends DolibarrModules $this->export_fields_array[$r] = array_merge($this->export_fields_array[$r], array('pa.qty'=>'Qty', 'pa.incdec'=>'ComposedProductIncDecStock')); $this->export_TypeFields_array[$r] = array( 'p.ref'=>"Text", 'p.label'=>"Text", 'p.description'=>"Text", 'p.url'=>"Text", - $alias_product_accounting . 'p.accountancy_code_sell'=>"Text", $alias_product_accounting . '.accountancy_code_sell_intra'=>"Text", $alias_product_accounting . '.accountancy_code_sell_export'=>"Text", - $alias_product_accounting . 'p.accountancy_code_buy'=>"Text", $alias_product_accounting . '.accountancy_code_buy_intra'=>"Text", $alias_product_accounting . '.accountancy_code_buy_export'=>"Text", + $alias_product_perentity . 'p.accountancy_code_sell'=>"Text", $alias_product_perentity . '.accountancy_code_sell_intra'=>"Text", $alias_product_perentity . '.accountancy_code_sell_export'=>"Text", + $alias_product_perentity . 'p.accountancy_code_buy'=>"Text", $alias_product_perentity . '.accountancy_code_buy_intra'=>"Text", $alias_product_perentity . '.accountancy_code_buy_export'=>"Text", 'p.note'=>"Text", 'p.note_public'=>"Text", 'p.weight'=>"Numeric", 'p.length'=>"Numeric", 'p.surface'=>"Numeric", 'p.volume'=>"Numeric", 'p.customcode'=>'Text', 'p.price_base_type'=>"Text", 'p.price'=>"Numeric", 'p.price_ttc'=>"Numeric", 'p.tva_tx'=>'Numeric', 'p.tosell'=>"Boolean", 'p.tobuy'=>"Boolean", @@ -384,8 +385,8 @@ class modService extends DolibarrModules $this->export_TypeFields_array[$r] = array_merge($this->export_TypeFields_array[$r], array('pa.qty'=>'Numeric')); $this->export_entities_array[$r] = array( 'p.rowid'=>"virtualproduct", 'p.ref'=>"virtualproduct", 'p.label'=>"virtualproduct", 'p.description'=>"virtualproduct", 'p.url'=>"virtualproduct", - $alias_product_accounting . '.accountancy_code_sell'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_sell_intra'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_sell_export'=>'virtualproduct', - $alias_product_accounting . '.accountancy_code_buy'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_buy_intra'=>'virtualproduct', $alias_product_accounting . '.accountancy_code_buy_export'=>'virtualproduct', + $alias_product_perentity . '.accountancy_code_sell'=>'virtualproduct', $alias_product_perentity . '.accountancy_code_sell_intra'=>'virtualproduct', $alias_product_perentity . '.accountancy_code_sell_export'=>'virtualproduct', + $alias_product_perentity . '.accountancy_code_buy'=>'virtualproduct', $alias_product_perentity . '.accountancy_code_buy_intra'=>'virtualproduct', $alias_product_perentity . '.accountancy_code_buy_export'=>'virtualproduct', 'p.note'=>"virtualproduct", 'p.length'=>"virtualproduct", 'p.surface'=>"virtualproduct", 'p.volume'=>"virtualproduct", 'p.weight'=>"virtualproduct", 'p.customcode'=>'virtualproduct', 'p.price_base_type'=>"virtualproduct", 'p.price'=>"virtualproduct", 'p.price_ttc'=>"virtualproduct", 'p.tva_tx'=>"virtualproduct", @@ -406,8 +407,8 @@ class modService extends DolibarrModules $this->export_entities_array[$r] = array_merge($this->export_entities_array[$r], array('p2.rowid'=>"subproduct", 'p2.ref'=>"subproduct", 'p2.label'=>"subproduct", 'p2.description'=>"subproduct")); $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'product as p'; - if (!empty($conf->global->ACCOUNTANCY_COMPANY_SHARED)) { - $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_accounting as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity); + if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { + $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pac ON pac.fk_product = p.rowid AND pac.entity = " . ((int) $conf->entity); } $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra ON p.rowid = extra.fk_object,'; $this->export_sql_end[$r] .= ' '.MAIN_DB_PREFIX.'product_association as pa, '.MAIN_DB_PREFIX.'product as p2'; @@ -450,13 +451,13 @@ class modService extends DolibarrModules 'p.weight' => "Weight", 'p.weight_units' => "WeightUnits", 'p.length' => "Length", - 'p.length_units' => "LengthUnit", + 'p.length_units' => "LengthUnits", 'p.width' => "Width", 'p.width_units' => "WidthUnits", 'p.height' => "Height", - 'p.height_units' => "HeightUnit", + 'p.height_units' => "HeightUnits", 'p.surface' => "Surface", - 'p.surface_units' => "SurfaceUnit", + 'p.surface_units' => "SurfaceUnits", 'p.volume' => "Volume", 'p.volume_units' => "VolumeUnits", 'p.duration' => "Duration", //duration of service @@ -470,13 +471,6 @@ class modService extends DolibarrModules 'p.datec' => 'DateCreation', 'p.cost_price' => "CostPrice", ); - if (!empty($conf->stock->enabled)) {//if Stock module enabled - $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array( - 'p.seuil_stock_alerte' => 'StockLimit', //lower limit for warning - 'p.pmp' => 'PMPValue', //weighted average price - 'p.desiredstock' => 'DesiredStock'//desired stock for replenishment feature - )); - } $this->import_convertvalue_array[$r] = array( 'p.weight_units' => array( @@ -535,6 +529,41 @@ class modService extends DolibarrModules 'dict' => 'DictionaryCountry' ) ); + + $this->import_regex_array[$r] = array( + 'p.ref' => '[^ ]', + 'p.price_base_type' => '\AHT\z|\ATTC\z', + 'p.tosell' => '^[0|1]$', + 'p.tobuy' => '^[0|1]$', + 'p.fk_product_type' => '^[0|1]$', + 'p.datec' => '^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', + 'p.recuperableonly' => '^[0|1]$', + ); + + if (!empty($conf->stock->enabled)) {//if Stock module enabled + $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array( + 'p.fk_default_warehouse'=>'DefaultWarehouse', + 'p.tobatch'=>'ManageLotSerial', + 'p.seuil_stock_alerte' => 'StockLimit', //lower limit for warning + 'p.pmp' => 'PMPValue', //weighted average price + 'p.desiredstock' => 'DesiredStock'//desired stock for replenishment feature + )); + + $this->import_regex_array[$r] = array_merge($this->import_regex_array[$r], array( + 'p.tobatch' => '^[0|1|2]$' + )); + + $this->import_convertvalue_array[$r] = array_merge($this->import_convertvalue_array[$r], array( + 'p.fk_default_warehouse' => array( + 'rule' => 'fetchidfromref', + 'classfile' => '/product/stock/class/entrepot.class.php', + 'class' => 'Entrepot', + 'method' => 'fetch', + 'element'=> 'Warehouse' + ) + )); + } + if (!empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) { $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.cost_price'=>'CostPrice')); } @@ -569,7 +598,7 @@ class modService extends DolibarrModules $this->import_fieldshidden_array[$r] = array('extra.fk_object'=>'lastrowid-'.MAIN_DB_PREFIX.'product'); // aliastable.field => ('user->id' or 'lastrowid-'.tableparent) $this->import_regex_array[$r] = array( 'p.ref'=>'[^ ]', - 'p.price_base_type' => '\AHT\z|\ATTC\z', + 'p.price_base_type' => 'HT|TTC', 'p.tosell'=>'^[0|1]$', 'p.tobuy'=>'^[0|1]$', 'p.fk_product_type'=>'^[0|1]$', @@ -579,7 +608,7 @@ class modService extends DolibarrModules ); // field order as per structure of table llx_product $import_sample = array( - 'p.ref' => "PREF123456", + 'p.ref' => "ref:PREF123456", 'p.datec' => dol_print_date(dol_now(), '%Y-%m-%d'), 'p.label' => "Product name in default language", 'p.description' => "Product description in default language", @@ -616,7 +645,7 @@ class modService extends DolibarrModules 'p.surface_units' => 'm2', // Use a unit of measure from the dictionary. m2/cm2/mm2 etc....matches field "Short label" for unit type "surface" in table "' . MAIN_DB_PREFIX . 'c_units', 'p.volume' => "", 'p.volume_units' => 'm3', //Use a unit of measure from the dictionary. m3/cm3/mm3 etc....matches field "Short label" for unit type "volume" in table "' . MAIN_DB_PREFIX . 'c_units', - 'p.finished' => '0 (raw material) / 1 (finished goods)' + 'p.finished' => '0 (raw material) / 1 (finished goods), matches field "code" in dictionary table "'.MAIN_DB_PREFIX.'c_product_nature"' ); //clauses copied from import_fields_array if (!empty($conf->stock->enabled)) { @@ -718,7 +747,7 @@ class modService extends DolibarrModules 'sp.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); $this->import_examplevalues_array[$r] = array( - 'sp.fk_product' => "PRODUCT_REF or id:123456", + 'sp.fk_product' => "ref:PRODUCT_REF or id:123456", 'sp.fk_soc' => "My Supplier", 'sp.ref_fourn' => "XYZ-F123456", 'sp.quantity' => "5", @@ -755,8 +784,13 @@ class modService extends DolibarrModules 'sp.multicurrency_price'=>'' )); } + if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { + $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array( + 'sp.packagning'=>'1', + )); + } - $this->import_updatekeys_array[$r] = array('sp.fk_product'=>'ProductOrService', 'sp.ref_fourn'=>'SupplierRef', 'sp.fk_soc'=>'Supplier'); + $this->import_updatekeys_array[$r] = array('sp.fk_product'=>'ProductOrService', 'sp.ref_fourn'=>'SupplierRef', 'sp.fk_soc'=>'Supplier'); } if (!empty($conf->global->PRODUIT_MULTIPRICES)) { @@ -783,7 +817,7 @@ class modService extends DolibarrModules $this->import_convertvalue_array[$r] = array( 'pr.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); - $this->import_examplevalues_array[$r] = array('pr.fk_product'=>"SERVICE_REF or id:123456", + $this->import_examplevalues_array[$r] = array('pr.fk_product'=>"ref:SERVICE_REF or id:123456", 'pr.price_base_type'=>"HT (for excl tax) or TTC (for inc tax)", 'pr.price_level'=>"1", 'pr.price'=>"100", 'pr.price_ttc'=>"110", 'pr.price_min'=>"100", 'pr.price_min_ttc'=>"110", @@ -806,7 +840,7 @@ class modService extends DolibarrModules $this->import_convertvalue_array[$r] = array( 'l.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); - $this->import_examplevalues_array[$r] = array('l.fk_product'=>'SERVICE_REF or id:123456', 'l.lang'=>'en_US', 'l.label'=>'Label in en_US', 'l.description'=>'Desc in en_US'); + $this->import_examplevalues_array[$r] = array('l.fk_product'=>'ref:SERVICE_REF or id:123456', 'l.lang'=>'en_US', 'l.label'=>'Label in en_US', 'l.description'=>'Desc in en_US'); $this->import_updatekeys_array[$r] = array('l.fk_product'=>'ProductOrService', 'l.lang'=>'Language'); } } diff --git a/htdocs/core/modules/modStock.class.php b/htdocs/core/modules/modStock.class.php index 3d46d606265..c9379fb25d6 100644 --- a/htdocs/core/modules/modStock.class.php +++ b/htdocs/core/modules/modStock.class.php @@ -172,6 +172,12 @@ class modStock extends DolibarrModules $this->rights[9][3] = 0; // Permission by default for new user (0/1) $this->rights[9][4] = 'inventory_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) $this->rights[9][5] = 'changePMP'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) + + $this->rights[10][0] = 1016; + $this->rights[10][1] = 'inventoryDeletePermission'; // Permission label + $this->rights[10][3] = 0; // Permission by default for new user (0/1) + $this->rights[10][4] = 'inventory_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) + $this->rights[10][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) } // Main menu entries diff --git a/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php b/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php index ff9e4da5f0c..1822a5b8c95 100644 --- a/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php +++ b/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php @@ -245,6 +245,7 @@ class doc_generic_odt extends ModeleThirdPartyDoc $newfileformat = substr($newfile, strrpos($newfile, '.') + 1); if (!empty($conf->global->MAIN_DOC_USE_OBJECT_THIRDPARTY_NAME)) { $newfiletmp = dol_sanitizeFileName(dol_string_nospecial($object->name)).'-'.$newfiletmp; + $newfiletmp = preg_replace('/__+/', '_', $newfiletmp); // Replace repeated _ into one _ (to avoid string with substitution syntax) } if (!empty($conf->global->MAIN_DOC_USE_TIMING)) { $format = $conf->global->MAIN_DOC_USE_TIMING; @@ -290,7 +291,7 @@ class doc_generic_odt extends ModeleThirdPartyDoc $sql = "SELECT p.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as p"; - $sql .= " WHERE p.fk_soc = ".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $result = $this->db->query($sql); $num = $this->db->num_rows($result); diff --git a/htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php b/htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php index e5fa94135ad..e37caab3ed1 100644 --- a/htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php +++ b/htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php @@ -1023,7 +1023,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiementfourn_facturefourn as pf, ".MAIN_DB_PREFIX."paiementfourn as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiementfourn = p.rowid and pf.fk_facturefourn = ".$object->id; + $sql .= " WHERE pf.fk_paiementfourn = p.rowid and pf.fk_facturefourn = ".((int) $object->id); $sql .= " ORDER BY p.datep"; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php b/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php index 64d30eeeb93..0e571f26c98 100644 --- a/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php +++ b/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php @@ -198,7 +198,7 @@ class InterfaceStripe extends DolibarrTriggers } $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account"; - $sql .= " WHERE site='stripe' AND fk_soc = ".$object->id; + $sql .= " WHERE site='stripe' AND fk_soc = ".((int) $object->id); $this->db->query($sql); } diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php index 67ba6e64edc..30ffee00248 100644 --- a/htdocs/core/website.inc.php +++ b/htdocs/core/website.inc.php @@ -93,7 +93,7 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') { // If we browsi if (GETPOST('l', 'aZ09')) { $sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page"; $sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp"; - $sql .= " WHERE wp.fk_website = ".$website->id; + $sql .= " WHERE wp.fk_website = ".((int) $website->id); $sql .= " AND (wp.fk_page = ".$pageid." OR wp.rowid = ".$pageid; if (is_object($websitepage) && $websitepage->fk_page > 0) { $sql .= " OR wp.fk_page = ".$websitepage->fk_page." OR wp.rowid = ".$websitepage->fk_page; diff --git a/htdocs/cron/info.php b/htdocs/cron/info.php index 3f0e46e0104..6adc9da030e 100644 --- a/htdocs/cron/info.php +++ b/htdocs/cron/info.php @@ -36,15 +36,17 @@ if (!$user->rights->cron->read) { $id = GETPOST('id', 'int'); -$mesg = ''; +$object = new Cronjob($db); + /* * View -*/ + */ + +$form = new Form($db); // $form is required as global value into dol_banner_tab llxHeader('', $langs->trans("CronInfo")); -$object = new Cronjob($db); $object->fetch($id); $object->info($id); diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php index 5b14b509de4..18887a99e28 100644 --- a/htdocs/delivery/class/delivery.class.php +++ b/htdocs/delivery/class/delivery.class.php @@ -614,7 +614,7 @@ class Delivery extends CommonObject { if ($this->statut == 0) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."commandedet"; - $sql .= " WHERE rowid = ".$lineid; + $sql .= " WHERE rowid = ".((int) $lineid); if ($this->db->query($sql)) { $this->update_price(); @@ -940,7 +940,7 @@ class Delivery extends CommonObject $sqlSourceLine .= ", p.ref, p.label"; $sqlSourceLine .= " FROM ".MAIN_DB_PREFIX.$this->linkedObjectsIds[0]['type']."det as st"; $sqlSourceLine .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON st.fk_product = p.rowid"; - $sqlSourceLine .= " WHERE fk_".$this->linked_object[0]['type']." = ".$this->linked_object[0]['linkid']; + $sqlSourceLine .= " WHERE fk_".$this->linked_object[0]['type']." = ".((int) $this->linked_object[0]['linkid']); $resultSourceLine = $this->db->query($sqlSourceLine); if ($resultSourceLine) { diff --git a/htdocs/don/card.php b/htdocs/don/card.php index 283a8e6b2da..1dfade00bec 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -275,7 +275,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; // Remove file in doc form /*if ($action == 'remove_file') { - $object = new Don($db, 0, $_GET['id']); + $object = new Don($db, 0, GETPOST('id', 'int')); if ($object->fetch($id)) { require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; @@ -329,7 +329,7 @@ if ($action == 'builddoc') * View */ -$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:Módulo_Donaciones'; +$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:Módulo_Donaciones|DE:Modul_Spenden'; llxHeader('', $langs->trans("Donation"), $help_url); diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index a5fb676e314..1ec3ebe1cc5 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -702,7 +702,7 @@ class Don extends CommonObject $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = 1, fk_user_valid = ".$userid." WHERE rowid = ".$id." AND fk_statut = 0"; + $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = 1, fk_user_valid = ".((int) $userid)." WHERE rowid = ".((int) $id)." AND fk_statut = 0"; $resql = $this->db->query($sql); if ($resql) { @@ -759,9 +759,9 @@ class Don extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = 2"; if ($modepayment) { - $sql .= ", fk_payment=".$modepayment; + $sql .= ", fk_payment = ".((int) $modepayment); } - $sql .= " WHERE rowid = ".$id." AND fk_statut = 1"; + $sql .= " WHERE rowid = ".((int) $id)." AND fk_statut = 1"; $resql = $this->db->query($sql); if ($resql) { @@ -843,7 +843,7 @@ class Don extends CommonObject $sql = "SELECT sum(amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."don"; - $sql .= " WHERE fk_statut = ".$param; + $sql .= " WHERE fk_statut = ".((int) $param); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); diff --git a/htdocs/don/class/donstats.class.php b/htdocs/don/class/donstats.class.php index e3deff2dc2d..07eb6d6588e 100644 --- a/htdocs/don/class/donstats.class.php +++ b/htdocs/don/class/donstats.class.php @@ -85,7 +85,7 @@ class DonationStats extends Stats //$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity; $this->where .= " AND d.entity = ".$conf->entity; if ($this->userid > 0) { - $this->where .= ' WHERE c.fk_user_author = '.$this->userid; + $this->where .= ' WHERE c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/don/document.php b/htdocs/don/document.php index 08667c6ab4c..63551a12fa3 100644 --- a/htdocs/don/document.php +++ b/htdocs/don/document.php @@ -102,8 +102,10 @@ if (!empty($conf->projet->enabled)) { } $title = $langs->trans('Donation')." - ".$langs->trans('Documents'); -$helpurl = ""; -llxHeader('', $title, $helpurl); + +$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:Módulo_Donaciones|DE:Modul_Spenden'; + +llxHeader('', $title, $help_url); if ($object->id) { diff --git a/htdocs/don/index.php b/htdocs/don/index.php index 9415a1e928b..98a4bdcde08 100644 --- a/htdocs/don/index.php +++ b/htdocs/don/index.php @@ -53,7 +53,8 @@ $donation_static = new Don($db); $donstatic = new Don($db); -$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:Módulo_Donaciones'; +$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:Módulo_Donaciones|DE:Modul_Spenden'; + llxHeader('', $langs->trans("Donations"), $help_url); $nb = array(); diff --git a/htdocs/don/info.php b/htdocs/don/info.php index 866ff4baf22..8d8f4065dda 100644 --- a/htdocs/don/info.php +++ b/htdocs/don/info.php @@ -57,8 +57,10 @@ if ($action == 'classin' && $user->rights->don->creer) { * View */ $title = $langs->trans('Donation')." - ".$langs->trans('Info'); -$helpurl = ""; -llxHeader('', $title, $helpurl); + +$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:Módulo_Donaciones|DE:Modul_Spenden'; + +llxHeader('', $title, $help_url); $form = new Form($db); if (!empty($conf->projet->enabled)) { diff --git a/htdocs/don/list.php b/htdocs/don/list.php index 6e06071bde7..0c8f51281a3 100644 --- a/htdocs/don/list.php +++ b/htdocs/don/list.php @@ -97,7 +97,9 @@ if (!empty($conf->projet->enabled)) { $projectstatic = new Project($db); } -llxHeader('', $langs->trans("Donations"), 'EN:Module_Donations|FR:Module_Dons|ES:Módulo_Donaciones'); +$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:Módulo_Donaciones|DE:Modul_Spenden'; + +llxHeader('', $langs->trans("Donations"), $help_url); // Genere requete de liste des dons $sql = "SELECT d.rowid, d.datedon, d.fk_soc as socid, d.firstname, d.lastname, d.societe,"; diff --git a/htdocs/don/note.php b/htdocs/don/note.php index fa0122eaba2..2e153d73b95 100644 --- a/htdocs/don/note.php +++ b/htdocs/don/note.php @@ -70,8 +70,10 @@ if ($action == 'classin' && $user->rights->don->creer) { */ $title = $langs->trans('Donation')." - ".$langs->trans('Notes'); -$helpurl = ""; -llxHeader('', $title, $helpurl); + +$help_url = 'EN:Module_Donations|FR:Module_Dons|ES:Módulo_Donaciones|DE:Modul_Spenden'; + +llxHeader('', $title, $help_url); $form = new Form($db); if (!empty($conf->projet->enabled)) { diff --git a/htdocs/don/payment/payment.php b/htdocs/don/payment/payment.php index d571940cc9b..cf6328d15c4 100644 --- a/htdocs/don/payment/payment.php +++ b/htdocs/don/payment/payment.php @@ -144,7 +144,7 @@ llxHeader(); $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_donation as p"; -$sql .= " WHERE p.fk_donation = ".$chid; +$sql .= " WHERE p.fk_donation = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/emailcollector/class/index.html b/htdocs/emailcollector/class/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/emailcollector/class/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/emailcollector/lib/index.html b/htdocs/emailcollector/lib/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/emailcollector/lib/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php index 52c6ef7c311..15724233b31 100644 --- a/htdocs/eventorganization/class/conferenceorbooth.class.php +++ b/htdocs/eventorganization/class/conferenceorbooth.class.php @@ -690,7 +690,7 @@ class ConferenceOrBooth extends ActionComm $sql = 'SELECT rowid, datec as datec, tms as datem,'; $sql .= ' fk_user_author, fk_user_mod'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.id = '.$id; + $sql .= ' WHERE t.id = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/expedition/class/expeditionstats.class.php b/htdocs/expedition/class/expeditionstats.class.php index 50382cef164..d25c7b52098 100644 --- a/htdocs/expedition/class/expeditionstats.class.php +++ b/htdocs/expedition/class/expeditionstats.class.php @@ -77,10 +77,10 @@ class ExpeditionStats extends Stats $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/expedition/contact.php b/htdocs/expedition/contact.php index d1bcab57412..9d5b7c4a8af 100644 --- a/htdocs/expedition/contact.php +++ b/htdocs/expedition/contact.php @@ -99,7 +99,7 @@ if ($action == 'addcontact' && $user->rights->expedition->creer) { $result = $objectsrc->swapContactStatus(GETPOST('ligne', 'int')); } elseif ($action == 'deletecontact' && $user->rights->expedition->creer) { // Efface un contact - $result = $objectsrc->delete_contact(GETPOST("lineid")); + $result = $objectsrc->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); diff --git a/htdocs/expensereport/ajax/ajaxik.php b/htdocs/expensereport/ajax/ajaxik.php index 6b64a28d50c..c2cc8345671 100644 --- a/htdocs/expensereport/ajax/ajaxik.php +++ b/htdocs/expensereport/ajax/ajaxik.php @@ -17,7 +17,7 @@ */ /** - * \file htdocs/expensereport/ajax/ajaxprojet.php + * \file htdocs/expensereport/ajax/ajaxik.php * \ingroup expensereport * \brief File to return Ajax response on third parties request */ @@ -49,6 +49,12 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport_ik.class.php' // Load translation files required by the page $langs->loadlangs(array('errors', 'trips')); +$fk_expense = GETPOST('fk_expense', 'int'); +$fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int'); + +// Security check +$result = restrictedArea($user, 'expensereport', $fk_expense, 'expensereport'); + /* * View @@ -56,9 +62,6 @@ $langs->loadlangs(array('errors', 'trips')); top_httphead(); -$fk_expense = GETPOST('fk_expense', 'int'); -$fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int'); - if (empty($fk_expense) || $fk_expense < 0) { echo json_encode(array('error' => $langs->transnoentitiesnoconv('ErrorBadValueForParameter', $fk_expense, 'fk_expense'))); } elseif (empty($fk_c_exp_tax_cat) || $fk_c_exp_tax_cat < 0) { diff --git a/htdocs/expensereport/ajax/ajaxprojet.php b/htdocs/expensereport/ajax/ajaxprojet.php deleted file mode 100644 index 8549d62fa62..00000000000 --- a/htdocs/expensereport/ajax/ajaxprojet.php +++ /dev/null @@ -1,95 +0,0 @@ - - * Copyright (C) 2005-2009 Regis Houssin - * Copyright (C) 2007-2010 Laurent Destailleur - * Copyright (C) 2010 Cyrille de Lambert - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/expensereport/ajax/ajaxprojet.php - * \ingroup expensereport - * \brief File to return Ajax response on third parties request - */ - -if (!defined('NOTOKENRENEWAL')) { - define('NOTOKENRENEWAL', 1); // Disables token renewal -} -if (!defined('NOREQUIREMENU')) { - define('NOREQUIREMENU', '1'); -} -if (!defined('NOREQUIREHTML')) { - define('NOREQUIREHTML', '1'); -} -if (!defined('NOREQUIREAJAX')) { - define('NOREQUIREAJAX', '1'); -} -if (!defined('NOREQUIRESOC')) { - define('NOREQUIRESOC', '1'); -} -if (!defined('NOCSRFCHECK')) { - define('NOCSRFCHECK', '1'); -} - -$res = 0; -require '../../main.inc.php'; - - -/* - * View - */ - -// Ajout directives pour resoudre bug IE -//header('Cache-Control: Public, must-revalidate'); -//header('Pragma: public'); - -//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header. -top_httphead(); - -//print ''."\n"; - -dol_syslog(join(',', $_GET)); - - -// Generation liste des projets -if (GETPOST('fk_projet') != '') { - $return_arr = array(); - - $sql = "SELECT p.rowid, p.ref, p.title, s.nom"; - $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; - if (!empty($_GET["fk_projet"])) { - $sql .= " WHERE p.ref LIKE '%".$db->escape($_GET["fk_projet"])."%' OR p.title LIKE '%".$db->escape($_GET["fk_projet"])."%' OR s.nom LIKE '%".$db->escape($_GET["fk_projet"])."%'"; // Add other filters - } - $sql .= " ORDER BY p.ref ASC"; - - $resql = $db->query($sql); - if ($resql) { - while ($row = $db->fetch_array($resql)) { - $label = $row['ref'].' - '.$row['title']; - $row_array['label'] = $label; - $row_array['value'] = $label; - $row_array['key'] = $row['rowid']; - - array_push($return_arr, $row_array); - } - - echo json_encode($return_arr); - } else { - echo json_encode(array('nom'=>'Error', 'label'=>'Error', 'key'=>'Error', 'value'=>'Error')); - } -} else { - echo json_encode(array('nom'=>'ErrorBadParameter', 'label'=>'ErrorBadParameter', 'key'=>'ErrorBadParameter', 'value'=>'ErrorBadParameter')); -} diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index 1c3e8594c41..a4c565bc1be 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -67,14 +67,6 @@ $socid = GETPOST('socid', 'int') ?GETPOST('socid', 'int') : GETPOST('socid_id', $childids = $user->getAllChildIds(1); -// Security check -$id = GETPOST("id", 'int'); -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'expensereport', $id, 'expensereport'); - - // Hack to use expensereport dir $rootfordata = DOL_DATA_ROOT; $rootforuser = DOL_DATA_ROOT; @@ -111,10 +103,8 @@ $permissionnote = $user->rights->expensereport->creer; // Used by the include of $permissiondellink = $user->rights->expensereport->creer; // Used by the include of actions_dellink.inc.php $permissiontoadd = $user->rights->expensereport->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php - $upload_dir = $conf->expensereport->dir_output.'/'.dol_sanitizeFileName($object->ref); - if ($object->id > 0) { // Check current user can read this expense report $canread = 0; @@ -129,6 +119,13 @@ if ($object->id > 0) { } } +// Security check +$id = GETPOST("id", 'int'); +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'expensereport', $object->id, 'expensereport'); + /* * Actions @@ -1194,7 +1191,7 @@ if (empty($reshook)) { } $object->update_totaux_del($object_ligne->total_ht, $object_ligne->total_tva); - header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_GET['id']); + header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int')); exit; } else { setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 5ed3e777653..8ec99aa1007 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -663,7 +663,7 @@ class ExpenseReport extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."expensereport"; $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", paid=1"; - $sql .= " WHERE rowid = ".$id." AND fk_statut = ".self::STATUS_APPROVED; + $sql .= " WHERE rowid = ".((int) $id)." AND fk_statut = ".self::STATUS_APPROVED; dol_syslog(get_class($this)."::set_paid sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -880,7 +880,7 @@ class ExpenseReport extends CommonObject if ($user->rights->expensereport->lire) { $sql = "SELECT de.fk_expensereport, de.date, de.comments, de.total_ht, de.total_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as de"; - $sql .= " WHERE de.fk_projet = ".$projectid; + $sql .= " WHERE de.fk_projet = ".((int) $projectid); dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); $result = $this->db->query($sql); @@ -973,7 +973,7 @@ class ExpenseReport extends CommonObject { $sql = 'SELECT tt.total_ht, tt.total_ttc, tt.total_tva'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as tt'; - $sql .= ' WHERE tt.'.$this->fk_element.' = '.$id; + $sql .= ' WHERE tt.'.$this->fk_element.' = '.((int) $id); $total_ht = 0; $total_tva = 0; $total_ttc = 0; @@ -1117,8 +1117,8 @@ class ExpenseReport extends CommonObject // Delete extrafields of lines and lines if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; - //$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + //$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -1154,7 +1154,7 @@ class ExpenseReport extends CommonObject // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -1384,7 +1384,7 @@ class ExpenseReport extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_APPROVED.", fk_user_approve = ".$fuser->id.","; + $sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_APPROVED.", fk_user_approve = ".((int) $fuser->id).","; $sql .= " date_approve='".$this->db->idate($this->date_approve)."'"; $sql .= ' WHERE rowid = '.$this->id; if ($this->db->query($sql)) { @@ -1434,7 +1434,7 @@ class ExpenseReport extends CommonObject // date de refus if ($this->status != self::STATUS_REFUSED) { $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_REFUSED.", fk_user_refuse = ".$fuser->id.","; + $sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_REFUSED.", fk_user_refuse = ".((int) $fuser->id).","; $sql .= " date_refuse='".$this->db->idate($now)."',"; $sql .= " detail_refuse='".$this->db->escape($details)."',"; $sql .= " fk_user_approve = NULL"; @@ -1558,7 +1558,7 @@ class ExpenseReport extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET fk_statut = ".self::STATUS_CANCELED.", fk_user_cancel = ".$fuser->id; + $sql .= " SET fk_statut = ".self::STATUS_CANCELED.", fk_user_cancel = ".((int) $fuser->id); $sql .= ", date_cancel='".$this->db->idate($this->date_cancel)."'"; $sql .= " ,detail_cancel='".$this->db->escape($detail)."'"; $sql .= ' WHERE rowid = '.$this->id; @@ -2124,7 +2124,7 @@ class ExpenseReport extends CommonObject // Select des infos sur le type fees $sql = "SELECT c.code as code_type_fees, c.label as libelle_type_fees"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees as c"; - $sql .= " WHERE c.id = ".$type_fees_id; + $sql .= " WHERE c.id = ".((int) $type_fees_id); $resql = $this->db->query($sql); if ($resql) { $objp_fees = $this->db->fetch_object($resql); @@ -2136,7 +2136,7 @@ class ExpenseReport extends CommonObject // Select des informations du projet $sql = "SELECT p.ref as ref_projet, p.title as title_projet"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; - $sql .= " WHERE p.rowid = ".$projet_id; + $sql .= " WHERE p.rowid = ".((int) $projet_id); $resql = $this->db->query($sql); if ($resql) { $objp_projet = $this->db->fetch_object($resql); @@ -2331,7 +2331,7 @@ class ExpenseReport extends CommonObject $ret = array(); $sql = "SELECT id, code, label"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees"; - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); dol_syslog(get_class($this)."::listOfTypes", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { @@ -2495,7 +2495,7 @@ class ExpenseReport extends CommonObject $type = 'expense_report'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -2757,7 +2757,7 @@ class ExpenseReportLine $sql = 'SELECT SUM(d.total_ttc) as total_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'expensereport_det d'; $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'expensereport e ON (d.fk_expensereport = e.rowid)'; - $sql .= ' WHERE e.fk_user_author = '.$fk_user; + $sql .= ' WHERE e.fk_user_author = '.((int) $fk_user); if (!empty($this->id)) { $sql .= ' AND d.rowid <> '.$this->id; } diff --git a/htdocs/expensereport/class/expensereport_rule.class.php b/htdocs/expensereport/class/expensereport_rule.class.php index 4e4d1009750..653f030b6d2 100644 --- a/htdocs/expensereport/class/expensereport_rule.class.php +++ b/htdocs/expensereport/class/expensereport_rule.class.php @@ -167,7 +167,7 @@ class ExpenseReportRule extends CoreObject if ($fk_user > 0) { $sql .= ' AND (er.is_for_all = 1'; $sql .= ' OR er.fk_user = '.$fk_user; - $sql .= ' OR er.fk_usergroup IN (SELECT ugu.fk_usergroup FROM '.MAIN_DB_PREFIX.'usergroup_user ugu WHERE ugu.fk_user = '.$fk_user.') )'; + $sql .= ' OR er.fk_usergroup IN (SELECT ugu.fk_usergroup FROM '.MAIN_DB_PREFIX.'usergroup_user ugu WHERE ugu.fk_user = '.((int) $fk_user).') )'; } $sql .= ' ORDER BY er.is_for_all, er.fk_usergroup, er.fk_user'; diff --git a/htdocs/expensereport/class/expensereportstats.class.php b/htdocs/expensereport/class/expensereportstats.class.php index ec71f530f51..8f3574f2952 100644 --- a/htdocs/expensereport/class/expensereportstats.class.php +++ b/htdocs/expensereport/class/expensereportstats.class.php @@ -114,7 +114,7 @@ class ExpenseReportStats extends Stats { $sql = "SELECT MONTH(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).") as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(e.".$this->datetouse.") = ".$year; + $sql .= " WHERE YEAR(e.".$this->datetouse.") = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/expensereport/class/paymentexpensereport.class.php b/htdocs/expensereport/class/paymentexpensereport.class.php index c9cf0cdaf41..c673316d491 100644 --- a/htdocs/expensereport/class/paymentexpensereport.class.php +++ b/htdocs/expensereport/class/paymentexpensereport.class.php @@ -607,7 +607,7 @@ class PaymentExpenseReport extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."payment_expensereport SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."payment_expensereport SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php index d50f6336669..b7057af86fc 100644 --- a/htdocs/expensereport/payment/payment.php +++ b/htdocs/expensereport/payment/payment.php @@ -206,7 +206,7 @@ if ($action == 'create' || empty($action)) { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_expensereport as p, ".MAIN_DB_PREFIX."expensereport as e"; - $sql .= " WHERE p.fk_expensereport = e.rowid AND p.fk_expensereport = ".$id; + $sql .= " WHERE p.fk_expensereport = e.rowid AND p.fk_expensereport = ".((int) $id); $sql .= ' AND e.entity IN ('.getEntity('expensereport').')'; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index d23b27278a1..1fef1ed7c03 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -1622,7 +1622,7 @@ class FichinterLigne extends CommonObjectLine $sql = "SELECT SUM(duree) as total_duration, min(date) as dateo, max(date) as datee "; $sql .= " FROM ".MAIN_DB_PREFIX."fichinterdet"; - $sql .= " WHERE fk_fichinter=".$this->fk_fichinter; + $sql .= " WHERE fk_fichinter=".((int) $this->fk_fichinter); dol_syslog("FichinterLigne::update_total", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1634,10 +1634,10 @@ class FichinterLigne extends CommonObjectLine } $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter"; - $sql .= " SET duree = ".$total_duration; + $sql .= " SET duree = ".((int) $total_duration); $sql .= " , dateo = ".(!empty($obj->dateo) ? "'".$this->db->idate($obj->dateo)."'" : "null"); $sql .= " , datee = ".(!empty($obj->datee) ? "'".$this->db->idate($obj->datee)."'" : "null"); - $sql .= " WHERE rowid = ".$this->fk_fichinter; + $sql .= " WHERE rowid = ".((int) $this->fk_fichinter); dol_syslog("FichinterLigne::update_total", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php index 8ed842a70c9..4fe35c32a2c 100644 --- a/htdocs/fichinter/class/fichinterrec.class.php +++ b/htdocs/fichinter/class/fichinterrec.class.php @@ -434,10 +434,10 @@ class FichinterRec extends Fichinter $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet_rec WHERE fk_fichinter = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet_rec WHERE fk_fichinter = ".((int) $rowid); dol_syslog($sql); if ($this->db->query($sql)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter_rec WHERE rowid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter_rec WHERE rowid = ".((int) $rowid); dol_syslog($sql); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -784,8 +784,8 @@ class FichinterRec extends Fichinter } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET nb_gen_max = '.$nb; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' SET nb_gen_max = '.((int) $nb); + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); if ($this->db->query($sql)) { @@ -811,8 +811,8 @@ class FichinterRec extends Fichinter } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET auto_validate = '.$validate; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' SET auto_validate = '.((int) $validate); + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/fichinter/class/fichinterstats.class.php b/htdocs/fichinter/class/fichinterstats.class.php index a0d22cf1e2a..297aeca7760 100644 --- a/htdocs/fichinter/class/fichinterstats.class.php +++ b/htdocs/fichinter/class/fichinterstats.class.php @@ -73,15 +73,15 @@ class FichinterStats extends Stats //$this->where.= " AND c.fk_statut > 0"; // Not draft and not cancelled } if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('fichinter').')'; if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index fad9f001100..0dfb4047b4f 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -1157,7 +1157,7 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".$statut; + $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".((int) $statut); $sql .= " WHERE rowid = ".$this->id; dol_syslog(get_class($this)."::cancel", LOG_DEBUG); if ($this->db->query($sql)) { @@ -2306,7 +2306,7 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; - $sql .= " SET fk_statut = ".$statut; + $sql .= " SET fk_statut = ".((int) $statut); $sql .= " WHERE rowid = ".$this->id; $sql .= " AND fk_statut IN (".self::STATUS_ORDERSENT.",".self::STATUS_RECEIVED_PARTIALLY.")"; // Process running or Partially received diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php index 21c36ced633..0f8b8341a3d 100644 --- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php +++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php @@ -674,8 +674,10 @@ class CommandeFournisseurDispatch extends CommonObject $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; } elseif ($key == 't.datec' || $key == 't.tms' || $key == 't.eatby' || $key == 't.sellby' || $key == 't.batch') { $sqlwhere [] = $key.' = \''.$this->db->escape($value).'\''; + } elseif ($key == 'qty') { + $sqlwhere [] = $key.' = '.((float) $value); } else { - $sqlwhere [] = $key.' = '.$this->db->escape($value); + $sqlwhere [] = $key.' = '.((int) $value); } } } diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 55988f51169..ab7e6ea3fc4 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -1181,7 +1181,7 @@ class FactureFournisseur extends CommonInvoice if (!$error) { // If invoice was converted into a discount not yet consumed, we remove discount $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'societe_remise_except'; - $sql .= ' WHERE fk_invoice_supplier_source = '.$rowid; + $sql .= ' WHERE fk_invoice_supplier_source = '.((int) $rowid); $sql .= ' AND fk_invoice_supplier_line IS NULL'; $resql = $this->db->query($sql); @@ -1465,7 +1465,7 @@ class FactureFournisseur extends CommonInvoice $this->newref = dol_sanitizeFileName($num); $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn"; - $sql .= " SET ref='".$num."', fk_statut = 1, fk_user_valid = ".$user->id.", date_valid = '".$this->db->idate($now)."'"; + $sql .= " SET ref='".$this->db->escape($num)."', fk_statut = 1, fk_user_valid = ".((int) $user->id).", date_valid = '".$this->db->idate($now)."'"; $sql .= " WHERE rowid = ".$this->id; dol_syslog(get_class($this)."::validate", LOG_DEBUG); @@ -2092,7 +2092,7 @@ class FactureFournisseur extends CommonInvoice // Libere remise liee a ligne de facture $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_invoice_supplier_line = NULL'; - $sql .= ' WHERE fk_invoice_supplier_line = '.$rowid; + $sql .= ' WHERE fk_invoice_supplier_line = '.((int) $rowid); dol_syslog(get_class($this)."::deleteline", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php index b124817bf9f..c910cffe8d4 100644 --- a/htdocs/fourn/class/fournisseur.product.class.php +++ b/htdocs/fourn/class/fournisseur.product.class.php @@ -164,7 +164,7 @@ class ProductFournisseur extends Product $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".$id_fourn; + $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".((int) $id_fourn); dol_syslog(get_class($this)."::remove_fournisseur", LOG_DEBUG); $resql2 = $this->db->query($sql); @@ -208,7 +208,7 @@ class ProductFournisseur extends Product if (empty($error)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::remove_product_fournisseur_price", LOG_DEBUG); $resql = $this->db->query($sql); @@ -372,15 +372,15 @@ class ProductFournisseur extends Product } } $sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " SET fk_user = ".$user->id." ,"; + $sql .= " SET fk_user = ".((int) $user->id)." ,"; $sql .= " ref_fourn = '".$this->db->escape($ref_fourn)."',"; $sql .= " desc_fourn = '".$this->db->escape($desc_fourn)."',"; - $sql .= " price = ".$buyprice.","; - $sql .= " quantity = ".$qty.","; - $sql .= " remise_percent = ".$remise_percent.","; - $sql .= " remise = ".$remise.","; - $sql .= " unitprice = ".$unitBuyPrice.","; - $sql .= " fk_availability = ".$availability.","; + $sql .= " price = ".((float) $buyprice).","; + $sql .= " quantity = ".((float) $qty).","; + $sql .= " remise_percent = ".((float) $remise_percent).","; + $sql .= " remise = ".((float) $remise).","; + $sql .= " unitprice = ".((float) $unitBuyPrice).","; + $sql .= " fk_availability = ".((int) $availability).","; $sql .= " multicurrency_price = ".(isset($multicurrency_buyprice) ? "'".$this->db->escape(price2num($multicurrency_buyprice))."'" : 'null').","; $sql .= " multicurrency_unitprice = ".(isset($multicurrency_unitBuyPrice) ? "'".$this->db->escape(price2num($multicurrency_unitBuyPrice))."'" : 'null').","; $sql .= " multicurrency_tx = ".(isset($multicurrency_tx) ? "'".$this->db->escape($multicurrency_tx)."'" : '1').","; @@ -394,16 +394,16 @@ class ProductFournisseur extends Product //$sql.= " localtax1_type=".($localtaxtype1!=''?"'".$this->db->escape($localtaxtype1)."'":"'0'").","; //$sql.= " localtax2_type=".($localtaxtype2!=''?"'".$this->db->escape($localtaxtype2)."'":"'0'").","; $sql .= " default_vat_code=".($newdefaultvatcode ? "'".$this->db->escape($newdefaultvatcode)."'" : "null").","; - $sql .= " info_bits = ".$newnpr.","; - $sql .= " charges = ".$charges.","; // deprecated - $sql .= " delivery_time_days = ".($delivery_time_days != '' ? $delivery_time_days : 'null').","; + $sql .= " info_bits = ".((int) $newnpr).","; + $sql .= " charges = ".((float) $charges).","; // deprecated + $sql .= " delivery_time_days = ".($delivery_time_days != '' ? ((int) $delivery_time_days) : 'null').","; $sql .= " supplier_reputation = ".(empty($supplier_reputation) ? 'NULL' : "'".$this->db->escape($supplier_reputation)."'").","; $sql .= " barcode = ".(empty($barcode) ? 'NULL' : "'".$this->db->escape($barcode)."'").","; $sql .= " fk_barcode_type = ".(empty($fk_barcode_type) ? 'NULL' : "'".$this->db->escape($fk_barcode_type)."'"); if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { $sql .= ", packaging = ".(empty($packaging) ? 1 : $packaging); } - $sql .= " WHERE rowid = ".$this->product_fourn_price_id; + $sql .= " WHERE rowid = ".((int) $this->product_fourn_price_id); // TODO Add price_base_type and price_ttc dol_syslog(get_class($this).'::update_buyprice update knowing id of line = product_fourn_price_id = '.$this->product_fourn_price_id, LOG_DEBUG); @@ -438,7 +438,7 @@ class ProductFournisseur extends Product // Delete price for this quantity $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".$qty." AND entity = ".$conf->entity; + $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".((float) $qty)." AND entity = ".$conf->entity; $resql = $this->db->query($sql); if ($resql) { // Add price for this quantity to supplier @@ -653,7 +653,7 @@ class ProductFournisseur extends Product $sql .= " WHERE pfp.entity IN (".getEntity('productsupplierprice').")"; $sql .= " AND pfp.fk_soc = s.rowid AND pfp.fk_product = p.rowid"; $sql .= " AND s.status=1"; // only enabled company selected - $sql .= " AND pfp.fk_product = ".$prodid; + $sql .= " AND pfp.fk_product = ".((int) $prodid); if (empty($sortfield)) { $sql .= " ORDER BY s.nom, pfp.quantity, pfp.price"; } else { @@ -885,8 +885,8 @@ class ProductFournisseur extends Product $expression_id = $expression_id != 0 ? $expression_id : 'NULL'; $sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " SET fk_supplier_price_expression = ".$expression_id; - $sql .= " WHERE rowid = ".$this->product_fourn_price_id; + $sql .= " SET fk_supplier_price_expression = ".((int) $expression_id); + $sql .= " WHERE rowid = ".((int) $this->product_fourn_price_id); dol_syslog(get_class($this)."::setSupplierPriceExpression", LOG_DEBUG); diff --git a/htdocs/fourn/recap-fourn.php b/htdocs/fourn/recap-fourn.php index 06ad90ec858..97a6b53f2e2 100644 --- a/htdocs/fourn/recap-fourn.php +++ b/htdocs/fourn/recap-fourn.php @@ -73,7 +73,7 @@ if ($socid > 0) { $sql .= " f.paye as paye, f.fk_statut as statut, f.rowid as facid,"; $sql .= " u.login, u.rowid as userid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_fourn as f,".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$societe->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $societe->id); $sql .= " AND f.entity IN (".getEntity("facture_fourn").")"; // Recognition of the entity attributed to this invoice for Multicompany $sql .= " AND f.fk_user_valid = u.rowid"; $sql .= " ORDER BY f.datef DESC"; diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 4b5c742b3f1..ffd394a35b3 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -2069,7 +2069,7 @@ class Holiday extends CommonObject $sql = "SELECT rowid, code, label, affect, delay, newByMonth"; $sql .= " FROM ".MAIN_DB_PREFIX."c_holiday_types"; - $sql .= " WHERE (fk_country IS NULL OR fk_country = ".$mysoc->country_id.')'; + $sql .= " WHERE (fk_country IS NULL OR fk_country = ".((int) $mysoc->country_id).')'; if ($active >= 0) { $sql .= " AND active = ".((int) $active); } diff --git a/htdocs/imports/import.php b/htdocs/imports/import.php index 50ab14dfce5..f484e3b0901 100644 --- a/htdocs/imports/import.php +++ b/htdocs/imports/import.php @@ -307,8 +307,8 @@ if ($step == 4 && $action == 'select_model') { if ($action == 'saveorder') { // Enregistrement de la position des champs - dol_syslog("boxorder=".$_GET['boxorder']." datatoimport=".$_GET["datatoimport"], LOG_DEBUG); - $part = explode(':', $_GET['boxorder']); + dol_syslog("boxorder=".GETPOST('boxorder')." datatoimport=".GETPOST("datatoimport"), LOG_DEBUG); + $part = explode(':', GETPOST('boxorder')); $colonne = $part[0]; $list = $part[1]; dol_syslog('column='.$colonne.' list='.$list); diff --git a/htdocs/install/lib/repair.lib.php b/htdocs/install/lib/repair.lib.php index 6133f3eccc8..242fbff25d4 100644 --- a/htdocs/install/lib/repair.lib.php +++ b/htdocs/install/lib/repair.lib.php @@ -106,7 +106,7 @@ function checkLinkedElements($sourcetype, $targettype) foreach ($elements as $key => $element) { if (!checkElementExist($element[$sourcetype], $sourcetable) || !checkElementExist($element[$targettype], $targettable)) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'element_element'; - $sql .= ' WHERE rowid = '.$key; + $sql .= ' WHERE rowid = '.((int) $key); $resql = $db->query($sql); $deleted++; } diff --git a/htdocs/install/mysql/data/llx_10_c_regions.sql b/htdocs/install/mysql/data/llx_10_c_regions.sql index 284dc77b8e8..b054ca383ef 100644 --- a/htdocs/install/mysql/data/llx_10_c_regions.sql +++ b/htdocs/install/mysql/data/llx_10_c_regions.sql @@ -11,10 +11,6 @@ -- Copyright (C) 2015 Ferran Marcet -- Copyright (C) 2019~ Lao Tian <281388879@qq.com> -- Copyright (C) 2020-2021 Udo Tamm - - - --- LICENSE --------------------------------------------------------------------- -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by @@ -60,16 +56,40 @@ insert into llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 0 INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 13, 1301, '', 0, 'Algerie'); +-- Argentina Regions (id country=23) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 23, 2301, '', 0, 'Norte'); +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 23, 2302, '', 0, 'Litoral'); +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 23, 2303, '', 0, 'Cuyana'); +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 23, 2304, '', 0, 'Central'); +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 23, 2305, '', 0, 'Patagonia'); + + +-- Australia Regions (id country=28) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 28, 2801, '', 0, 'Australia'); + + -- Austria Regions (id country=41) INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 41, 4101, '', 0, 'Österreich'); +-- Barbados Regions (id country=46) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 46, 4601, '', 0, 'Barbados'); + + -- Belgium Regions (id country=2) insert into llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 2, 201, '',1,'Flandre'); insert into llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 2, 202, '',2,'Wallonie'); insert into llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 2, 203, '',3,'Bruxelles-Capitale'); +-- Brazil Regions (id country=56) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 56, 5601, '', 0, 'Brasil'); + + +-- Canada Region (id country=14) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 14, 1401, '', 0, 'Canada'); + + -- Regions France (id country=1) insert into llx_c_regions (fk_pays,code_region,cheflieu,tncc,nom) values ( 1, 1,'97105',3,'Guadeloupe'); insert into llx_c_regions (fk_pays,code_region,cheflieu,tncc,nom) values ( 1, 2,'97209',3,'Martinique'); @@ -193,25 +213,9 @@ insert into llx_c_regions (fk_pays,code_region,cheflieu,tncc,nom) values (10,102 INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 11, 1101, '', 0, 'United-States', 1); - --- Region Canada (id country=14) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 14, 1401, '', 0, 'Canada', 1); - -- Regions The Netherlands (id country=17) INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 17, 1701, '', 0,'Provincies van Nederland ', 1); --- Regions Argentina (id country=23) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 23, 2301, '', 0, 'Norte', 1); -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 23, 2302, '', 0, 'Litoral', 1); -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 23, 2303, '', 0, 'Cuyana', 1); -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 23, 2304, '', 0, 'Central', 1); -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 23, 2305, '', 0, 'Patagonia', 1); - --- Regions Australia (id country=28) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 28, 2801, '', 0, 'Australia', 1); - --- Regions Barbados (id country=46) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 46, 4601, '', 0, 'Barbados', 1); -- Regions Bolivia (id country=52) INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 52, 5201, '', 0, 'Chuquisaca', 1); @@ -224,8 +228,6 @@ INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) v INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 52, 5208, '', 0, 'El Beni', 1); INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 52, 5209, '', 0, 'Pando', 1); --- Regions Brazil (id country=56) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 56, 5601, '', 0, 'Brasil', 1); -- Regions Colombie (id country=70) INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 70, 7001, '', 0, 'Colombie', 1); diff --git a/htdocs/install/mysql/data/llx_20_c_departements.sql b/htdocs/install/mysql/data/llx_20_c_departements.sql index c1999a1834b..2ac7a30a99b 100644 --- a/htdocs/install/mysql/data/llx_20_c_departements.sql +++ b/htdocs/install/mysql/data/llx_20_c_departements.sql @@ -7,11 +7,10 @@ -- Copyright (C) 2007 Patrick Raguin -- Copyright (C) 2010-2016 Juanjo Menent -- Copyright (C) 2012 Sebastian Neuwert --- Copyright (C) 2012 Ricardo Schluter --- Copyright (C) 2015 Ferran Marcet +-- Copyright (C) 2012 Ricardo Schluter +-- Copyright (C) 2015 Ferran Marcet +-- Copyright (C) 2020-2021 Udo Tamm -- - --- LICENSE ------------------------------------------------------------------- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by -- the Free Software Foundation; either version 3 of the License, or @@ -27,15 +26,25 @@ -- --- WARNING ------------------------------------------------------------------- +-- WARNING --------------------------------------------------------------------- -- Do not put comments at the end of the lines, this file is parsed during -- the install and all '-' prefixed texts are removed. -- Do not concatenate the values in a single query, for the same reason. --- NOTES ---------------------------------- +-- NOTES ----------------------------------------------------------------------- -- Departements/Cantons/Provinces/States -- +-- Algeria +-- Andorra +-- Argentina +-- Australia +-- Austria +-- Barbados +-- Belgium +-- Canada +-- France +-- Germany -- TEMPLATE ------------------------------------------------------------------------------------------------------------- @@ -103,27 +112,70 @@ INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (34000, 'AD-008', 'AD700', NULL, NULL, 'Escaldes-Engordany'); +-- Argentina Provinces / provincias (id country=23) +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2301, '2301', '', 0, 'CATAMARCA', 'Catamarca'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2301, '2302', '', 0, 'JUJUY', 'Jujuy'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2301, '2303', '', 0, 'TUCAMAN', 'Tucamán'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2301, '2304', '', 0, 'SANTIAGO DEL ESTERO', 'Santiago del Estero'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2301, '2305', '', 0, 'SALTA', 'Salta'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2302, '2306', '', 0, 'CHACO', 'Chaco'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2302, '2307', '', 0, 'CORRIENTES', 'Corrientes'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2302, '2308', '', 0, 'ENTRE RIOS', 'Entre Ríos'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2302, '2309', '', 0, 'FORMOSA', 'Formosa'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2302, '2310', '', 0, 'SANTA FE', 'Santa Fe'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2303, '2311', '', 0, 'LA RIOJA', 'La Rioja'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2303, '2312', '', 0, 'MENDOZA', 'Mendoza'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2303, '2313', '', 0, 'SAN JUAN', 'San Juan'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2303, '2314', '', 0, 'SAN LUIS', 'San Luis'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2304, '2315', '', 0, 'CORDOBA', 'Córdoba'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2304, '2316', '', 0, 'BUENOS AIRES', 'Buenos Aires'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2304, '2317', '', 0, 'CABA', 'Caba'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2318', '', 0, 'LA PAMPA', 'La Pampa'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2319', '', 0, 'NEUQUEN', 'Neuquén'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2320', '', 0, 'RIO NEGRO', 'Río Negro'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2321', '', 0, 'CHUBUT', 'Chubut'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2322', '', 0, 'SANTA CRUZ', 'Santa Cruz'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2323', '', 0, 'TIERRA DEL FUEGO', 'Tierra del Fuego'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2324', '', 0, 'ISLAS MALVINAS', 'Islas Malvinas'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2325', '', 0, 'ANTARTIDA', 'Antártida'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (2305, '2326', '', 0, 'MISIONES', 'Misiones'); + + -- Australia States & Territories (id country=28) -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'NSW','',1,'','New South Wales'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'VIC','',1,'','Victoria'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'QLD','',1,'','Queensland'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'SA' ,'',1,'','South Australia'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'ACT','',1,'','Australia Capital Territory'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'TAS','',1,'','Tasmania'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'WA' ,'',1,'','Western Australia'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'NT' ,'',1,'','Northern Territory'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'NSW','',1,'','New South Wales'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'VIC','',1,'','Victoria'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'QLD','',1,'','Queensland'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'SA' ,'',1,'','South Australia'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'ACT','',1,'','Australia Capital Territory'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'TAS','',1,'','Tasmania'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'WA' ,'',1,'','Western Australia'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'NT' ,'',1,'','Northern Territory'); -- Austria States / Österreich Bundesländer (id country=41) -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'B','BURGENLAND','Burgenland',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'K','KAERNTEN','Kärnten',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'N','NIEDEROESTERREICH','Niederösterreich',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'O','OBEROESTERREICH','Oberösterreich',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'S','SALZBURG','Salzburg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'ST','STEIERMARK','Steiermark',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'T','TIROL','Tirol',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'V','VORARLBERG','Vorarlberg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'W','WIEN','Wien',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'B','BURGENLAND','Burgenland',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'K','KAERNTEN','Kärnten',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'N','NIEDEROESTERREICH','Niederösterreich',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'O','OBEROESTERREICH','Oberösterreich',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'S','SALZBURG','Salzburg',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'ST','STEIERMARK','Steiermark',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'T','TIROL','Tirol',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'V','VORARLBERG','Vorarlberg',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'W','WIEN','Wien',1); + + +-- Barbados Parish (id country=46) +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'CC', 'Oistins', 0, 'CC', 'Christ Church'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SA', 'Greenland', 0, 'SA', 'Saint Andrew'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SG', 'Bulkeley', 0, 'SG', 'Saint George'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'JA', 'Holetown', 0, 'JA', 'Saint James'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SJ', 'Four Roads', 0, 'SJ', 'Saint John'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SB', 'Bathsheba', 0, 'SB', 'Saint Joseph'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SL', 'Crab Hill', 0, 'SL', 'Saint Lucy'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SM', 'Bridgetown', 0, 'SM', 'Saint Michael'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SP', 'Speightstown', 0, 'SP', 'Saint Peter'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SC', 'Crane', 0, 'SC', 'Saint Philip'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'ST', 'Hillaby', 0, 'ST', 'Saint Thomas'); -- Belgium Provinces (id country=2) @@ -153,12 +205,12 @@ insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'NL','',1,'','Newfoundland and Labrador'); --- Departements France (id country=1) -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 1,'971','97105',3,'GUADELOUPE','Guadeloupe'); -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 2,'972','97209',3,'MARTINIQUE','Martinique'); -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 3,'973','97302',3,'GUYANE','Guyane'); -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 4,'974','97411',3,'REUNION','Réunion'); -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 6,'976','97601',3,'MAYOTTE','Mayotte'); +-- France Departements (id country=1) +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 1,'971','97105',3,'GUADELOUPE','Guadeloupe'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 2,'972','97209',3,'MARTINIQUE','Martinique'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 3,'973','97302',3,'GUYANE','Guyane'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 4,'974','97411',3,'REUNION','Réunion'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 6,'976','97601',3,'MAYOTTE','Mayotte'); insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (84,'01','01053',5,'AIN','Ain'); insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (32,'02','02408',5,'AISNE','Aisne'); @@ -258,6 +310,25 @@ insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,no insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (11,'95','95500',2,'VAL-D OISE','Val-d Oise'); +-- Germany States / Bundesländer (id country=5) +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'BW', 'BADEN-WÜRTTEMBERG', 'Baden-Württemberg'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'BY', 'BAYERN', 'Bayern'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'BE', 'BERLIN', 'Berlin'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'BB', 'BRANDENBURG', 'Brandenburg'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'HB', 'BREMEN', 'Bremen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'HH', 'HAMBURG', 'Hamburg'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'HE', 'HESSEN', 'Hessen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'MV', 'MECKLENBURG-VORPOMMERN', 'Mecklenburg-Vorpommern'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'NI', 'NIEDERSACHSEN', 'Niedersachsen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'NW', 'NORDRHEIN-WESTFALEN', 'Nordrhein-Westfalen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'RP', 'RHEINLAND-PFALZ', 'Rheinland-Pfalz'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'SL', 'SAARLAND', 'Saarland'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'SN', 'SACHSEN', 'Sachsen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'ST', 'SACHSEN-ANHALT', 'Sachsen-Anhalt'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'SH', 'SCHLESWIG-HOLSTEIN', 'Schleswig-Holstein'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'TH', 'THÜRINGEN', 'Thüringen'); + + -- Provinces Italy (id=3) insert into llx_c_departements (code_departement,fk_region,cheflieu,tncc,ncc,nom) values ('AG',315,NULL,NULL,NULL,'AGRIGENTO'); insert into llx_c_departements (code_departement,fk_region,cheflieu,tncc,ncc,nom) values ('AL',312,NULL,NULL,NULL,'ALESSANDRIA'); @@ -650,23 +721,6 @@ INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('ZA', '403', '49', 3, 'ZAMORA', 'Zamora'); INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('Z', '402', '50', 1, 'ZARAGOZA', 'Zaragoza'); --- Provinces Germany (id country=5) -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'BW','BADEN-WÜRTTEMBERG','Baden-Württemberg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'BY','BAYERN','Bayern',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'BE','BERLIN','Berlin',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'BB','BRANDENBURG','Brandenburg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'HB','BREMEN','Bremen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'HH','HAMBURG','Hamburg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'HE','HESSEN','Hessen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'MV','MECKLENBURG-VORPOMMERN','Mecklenburg-Vorpommern',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'NI','NIEDERSACHSEN','Niedersachsen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'NW','NORDRHEIN-WESTFALEN','Nordrhein-Westfalen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'RP','RHEINLAND-PFALZ','Rheinland-Pfalz',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'SL','SAARLAND','Saarland',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'SN','SACHSEN','Sachsen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'ST','SACHSEN-ANHALT','Sachsen-Anhalt',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'SH','SCHLESWIG-HOLSTEIN','Schleswig-Holstein',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'TH','THÜRINGEN','Thüringen',1); -- Provinces Greece (id country=102) INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('66', 10201, '', 0, '', 'Αθήνα', 1); @@ -969,46 +1023,6 @@ INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, nc INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SV', 8601, '', 0, '', 'San Vicente', 1); INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('CU', 8601, '', 0, '', 'Cuscatlan', 1); --- Provinces Argentina (id country=23) -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2301', 2301, '', 0, 'CATAMARCA', 'Catamarca', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2302', 2301, '', 0, 'JUJUY', 'Jujuy', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2303', 2301, '', 0, 'TUCAMAN', 'Tucamán', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2304', 2301, '', 0, 'SANTIAGO DEL ESTERO', 'Santiago del Estero', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2305', 2301, '', 0, 'SALTA', 'Salta', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2306', 2302, '', 0, 'CHACO', 'Chaco', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2307', 2302, '', 0, 'CORRIENTES', 'Corrientes', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2308', 2302, '', 0, 'ENTRE RIOS', 'Entre Ríos', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2309', 2302, '', 0, 'FORMOSA', 'Formosa', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2310', 2302, '', 0, 'SANTA FE', 'Santa Fe', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2311', 2303, '', 0, 'LA RIOJA', 'La Rioja', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2312', 2303, '', 0, 'MENDOZA', 'Mendoza', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2313', 2303, '', 0, 'SAN JUAN', 'San Juan', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2314', 2303, '', 0, 'SAN LUIS', 'San Luis', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2315', 2304, '', 0, 'CORDOBA', 'Córdoba', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2316', 2304, '', 0, 'BUENOS AIRES', 'Buenos Aires', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2317', 2304, '', 0, 'CABA', 'Caba', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2318', 2305, '', 0, 'LA PAMPA', 'La Pampa', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2319', 2305, '', 0, 'NEUQUEN', 'Neuquén', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2320', 2305, '', 0, 'RIO NEGRO', 'Río Negro', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2321', 2305, '', 0, 'CHUBUT', 'Chubut', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2322', 2305, '', 0, 'SANTA CRUZ', 'Santa Cruz', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2323', 2305, '', 0, 'TIERRA DEL FUEGO', 'Tierra del Fuego', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2324', 2305, '', 0, 'ISLAS MALVINAS', 'Islas Malvinas', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2325', 2305, '', 0, 'ANTARTIDA', 'Antártida', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2326', 2305, '', 0, 'MISIONES', 'Misiones', 1); - --- Parish Barbados (id country=46) -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('CC', 4601, 'Oistins', 0, 'CC', 'Christ Church', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SA', 4601, 'Greenland', 0, 'SA', 'Saint Andrew', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SG', 4601, 'Bulkeley', 0, 'SG', 'Saint George', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('JA', 4601, 'Holetown', 0, 'JA', 'Saint James', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SJ', 4601, 'Four Roads', 0, 'SJ', 'Saint John', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SB', 4601, 'Bathsheba', 0, 'SB', 'Saint Joseph', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SL', 4601, 'Crab Hill', 0, 'SL', 'Saint Lucy', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SM', 4601, 'Bridgetown', 0, 'SM', 'Saint Michael', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SP', 4601, 'Speightstown', 0, 'SP', 'Saint Peter', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SC', 4601, 'Crane', 0, 'SC', 'Saint Philip', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('ST', 4601, 'Hillaby', 0, 'ST', 'Saint Thomas', 1); -- Provinces Brazil (id country=56) INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('AC', 5601, 'ACRE', 0, 'AC', 'Acre', 1); diff --git a/htdocs/install/mysql/data/llx_c_forme_juridique.sql b/htdocs/install/mysql/data/llx_c_forme_juridique.sql index b3182846723..07a09724ed2 100644 --- a/htdocs/install/mysql/data/llx_c_forme_juridique.sql +++ b/htdocs/install/mysql/data/llx_c_forme_juridique.sql @@ -8,14 +8,10 @@ -- Copyright (C) 2010-2016 Juanjo Menent -- Copyright (C) 2012 Sebastian Neuwert -- Copyright (C) 2012 Tommaso Basilici --- Copyright (C) 2012 Ricardo Schluter --- Copyright (C) 2013 Cedric GROSS +-- Copyright (C) 2012 Ricardo Schluter +-- Copyright (C) 2013 Cedric GROSS -- Copyright (C) 2020-2021 Udo Tamm -- - - --- LICENSE --------------------------------------------------------------- --- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by -- the Free Software Foundation; either version 3 of the License, or diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index 32fffe038ff..4a1cf73eea9 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -350,5 +350,12 @@ create table llx_eventorganization_conferenceorboothattendee_extrafields ALTER TABLE llx_eventorganization_conferenceorboothattendee_extrafields ADD INDEX idx_conferenceorboothattendee_fk_object(fk_object); ALTER TABLE llx_c_ticket_category ADD COLUMN public integer DEFAULT 0; +ALTER TABLE llc_c_ticket_category MODIFY COLUMN pos integer DEFAULT 0 NOT NULL; +ALTER TABLE llx_propal ADD COLUMN date_signature datetime AFTER date_valid; +ALTER TABLE llx_propal ADD COLUMN fk_user_signature integer AFTER fk_user_valid; +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_signature FOREIGN KEY (fk_user_signature) REFERENCES llx_user (rowid); + +UPDATE llx_propal SET fk_user_signature = fk_user_cloture WHERE fk_user_signature IS NULL AND fk_user_cloture IS NOT NULL; +UPDATE llx_propal SET date_signature = date_cloture WHERE date_signature IS NULL AND date_cloture IS NOT NULL; diff --git a/htdocs/install/mysql/tables/llx_c_ticket_category.sql b/htdocs/install/mysql/tables/llx_c_ticket_category.sql index c42c3f029d4..317be25e142 100644 --- a/htdocs/install/mysql/tables/llx_c_ticket_category.sql +++ b/htdocs/install/mysql/tables/llx_c_ticket_category.sql @@ -21,7 +21,7 @@ create table llx_c_ticket_category entity integer DEFAULT 1, code varchar(32) NOT NULL, label varchar(128) NOT NULL, - pos varchar(32) NOT NULL, + pos integer DEFAULT 0 NOT NULL, public integer DEFAULT 0, use_default integer DEFAULT 1, active integer DEFAULT 1, diff --git a/htdocs/install/mysql/tables/llx_holiday_extrafields.sql b/htdocs/install/mysql/tables/llx_holiday_extrafields.sql index 8b6e3ef8dc9..6baf1789dc2 100644 --- a/htdocs/install/mysql/tables/llx_holiday_extrafields.sql +++ b/htdocs/install/mysql/tables/llx_holiday_extrafields.sql @@ -1,6 +1,9 @@ -- ======================================================================== -- Copyright (C) 2016 Laurent Destailleur -- +-- +-- LICENSE ================================================================ +-- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by -- the Free Software Foundation; either version 3 of the License, or @@ -12,7 +15,7 @@ -- GNU General Public License for more details. -- -- You should have received a copy of the GNU General Public License --- along with this program. If not, see . +-- along with this program. If not, see . -- -- ======================================================================== diff --git a/htdocs/install/mysql/tables/llx_propal.key.sql b/htdocs/install/mysql/tables/llx_propal.key.sql index 89a0c54ad83..d0265e6fcdf 100644 --- a/htdocs/install/mysql/tables/llx_propal.key.sql +++ b/htdocs/install/mysql/tables/llx_propal.key.sql @@ -24,6 +24,7 @@ ALTER TABLE llx_propal ADD UNIQUE INDEX uk_propal_ref (ref, entity); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_soc (fk_soc); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_author (fk_user_author); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_valid (fk_user_valid); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_signature (fk_user_signature); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_cloture (fk_user_cloture); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_projet (fk_projet); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_account(fk_account); @@ -33,6 +34,7 @@ ALTER TABLE llx_propal ADD INDEX idx_propal_fk_warehouse(fk_warehouse); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_soc FOREIGN KEY (fk_soc) REFERENCES llx_societe (rowid); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_author FOREIGN KEY (fk_user_author) REFERENCES llx_user (rowid); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_valid FOREIGN KEY (fk_user_valid) REFERENCES llx_user (rowid); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_signature FOREIGN KEY (fk_user_signature) REFERENCES llx_user (rowid); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_cloture FOREIGN KEY (fk_user_cloture) REFERENCES llx_user (rowid); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_projet FOREIGN KEY (fk_projet) REFERENCES llx_projet (rowid); --ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_warehouse FOREIGN KEY (fk_warehouse) REFERENCES llx_entrepot(rowid); diff --git a/htdocs/install/mysql/tables/llx_propal.sql b/htdocs/install/mysql/tables/llx_propal.sql index 004bb027d35..7c94086b3b9 100644 --- a/htdocs/install/mysql/tables/llx_propal.sql +++ b/htdocs/install/mysql/tables/llx_propal.sql @@ -37,11 +37,13 @@ create table llx_propal datep date, -- date de la propal fin_validite datetime, -- date de fin de validite date_valid datetime, -- date de validation + date_signature datetime, -- date signature date_cloture datetime, -- date de cloture fk_user_author integer, -- user making creation fk_user_modif integer, -- user making last change fk_user_valid integer, -- user validating - fk_user_cloture integer, -- user closing (signed or not) + fk_user_signature integer, -- user signing (signed or not) + fk_user_cloture integer, -- user closing fk_statut smallint DEFAULT 0 NOT NULL, -- 0=draft, 1=validated, 2=accepted, 3=refused, 4=billed/closed price real DEFAULT 0, -- (obsolete) remise_percent real DEFAULT 0, -- remise globale relative en pourcent (obsolete) diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 1d695f40249..1f80d37efd8 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -933,14 +933,14 @@ if ($ok && GETPOST('clean_product_stock_batch', 'alpha')) { } if ($methodtofix == 'updatestock') { // Method 2 - print ' -> Update qty of product_stock with qty = '.($obj->reelbatch ? $obj->reelbatch : '0').' for ps.rowid = '.$obj->psrowid; + print ' -> Update qty of product_stock with qty = '.($obj->reelbatch ? ((float) $obj->reelbatch) : '0').' for ps.rowid = '.((int) $obj->psrowid); if (GETPOST('clean_product_stock_batch') == 'confirmed') { $error = 0; $db->begin(); $sql2 = "UPDATE ".MAIN_DB_PREFIX."product_stock"; - $sql2 .= " SET reel = ".($obj->reelbatch ? $obj->reelbatch : '0')." WHERE rowid = ".$obj->psrowid; + $sql2 .= " SET reel = ".($obj->reelbatch ? ((float) $obj->reelbatch) : '0')." WHERE rowid = ".((int) $obj->psrowid); $resql2 = $db->query($sql2); if ($resql2) { // We update product_stock, so we must fill p.stock into product too. @@ -1027,7 +1027,7 @@ if ($ok && GETPOST('set_empty_time_spent_amount', 'alpha')) { if (GETPOST('set_empty_time_spent_amount') == 'confirmed') { $sql2 = "UPDATE ".MAIN_DB_PREFIX."projet_task_time"; - $sql2 .= " SET thm = ".$obj->user_thm." WHERE thm IS NULL AND fk_user = ".$obj->user_id; + $sql2 .= " SET thm = ".$obj->user_thm." WHERE thm IS NULL AND fk_user = ".((int) $obj->user_id); $resql2 = $db->query($sql2); if (!$resql2) { $error++; @@ -1318,8 +1318,8 @@ if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) { } while ($obj_dispatch = $db->fetch_object($resql_dispatch)) { $sql_line = 'SELECT line.rowid, line.qty FROM '.MAIN_DB_PREFIX.'commande_fournisseurdet AS line'; - $sql_line .= ' WHERE line.fk_commande = '.$obj_dispatch->fk_commande; - $sql_line .= ' AND line.fk_product = '.$obj_dispatch->fk_product; + $sql_line .= ' WHERE line.fk_commande = '.((int) $obj_dispatch->fk_commande); + $sql_line .= ' AND line.fk_product = '.((int) $obj_dispatch->fk_product); $resql_line = $db->query($sql_line); // s’il y a plusieurs lignes avec le même produit sur cette commande fournisseur, @@ -1347,8 +1347,8 @@ if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) { $qty_for_line = min($remaining_qty, $obj_line->qty); if ($first_iteration) { $sql_attach = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; - $sql_attach .= ' SET fk_commandefourndet = '.$obj_line->rowid.', qty = '.$qty_for_line; - $sql_attach .= ' WHERE rowid = '.$obj_dispatch->rowid; + $sql_attach .= ' SET fk_commandefourndet = '.((int) $obj_line->rowid).', qty = '.((float) $qty_for_line); + $sql_attach .= ' WHERE rowid = '.((int) $obj_dispatch->rowid); $first_iteration = false; } else { $sql_attach_values = array( diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index d613e4a18b0..32959af80cc 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -678,7 +678,7 @@ function migrate_paiements($db, $langs, $conf) $res += $db->query($sql); - $sql = "UPDATE ".MAIN_DB_PREFIX."paiement SET fk_facture = 0 WHERE rowid = ".$row[$i][0]; + $sql = "UPDATE ".MAIN_DB_PREFIX."paiement SET fk_facture = 0 WHERE rowid = ".((int) $row[$i][0]); $res += $db->query($sql); @@ -1342,7 +1342,7 @@ function migrate_paiementfourn_facturefourn($db, $langs, $conf) // Verifier si la ligne est deja dans la nouvelle table. On ne veut pas inserer de doublons. $check_sql = 'SELECT fk_paiementfourn, fk_facturefourn'; $check_sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn'; - $check_sql .= ' WHERE fk_paiementfourn = '.$select_obj->rowid.' AND fk_facturefourn = '.$select_obj->fk_facture_fourn; + $check_sql .= ' WHERE fk_paiementfourn = '.((int) $select_obj->rowid).' AND fk_facturefourn = '.((int) $select_obj->fk_facture_fourn); $check_resql = $db->query($check_sql); if ($check_resql) { $check_num = $db->num_rows($check_resql); @@ -2161,7 +2161,7 @@ function migrate_detail_livraison($db, $langs, $conf) if ($resql2) { $sql = "SELECT total_ht"; $sql .= " FROM ".MAIN_DB_PREFIX."livraison"; - $sql .= " WHERE rowid = ".$obj->fk_livraison; + $sql .= " WHERE rowid = ".((int) $obj->fk_livraison); $resql3 = $db->query($sql); if ($resql3) { @@ -2864,7 +2864,7 @@ function migrate_project_task_time($db, $langs, $conf) foreach ($totaltime as $taskid => $total_duration) { $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET"; $sql .= " duration_effective = ".$total_duration; - $sql .= " WHERE rowid = ".$taskid; + $sql .= " WHERE rowid = ".((int) $taskid); $resql = $db->query($sql); if (!$resql) { @@ -3235,7 +3235,7 @@ function migrate_mode_reglement($db, $langs, $conf) $sqlSelect = "SELECT id"; $sqlSelect .= " FROM ".MAIN_DB_PREFIX."c_paiement"; - $sqlSelect .= " WHERE id = ".$old_id; + $sqlSelect .= " WHERE id = ".((int) $old_id); $sqlSelect .= " AND code = '".$db->escape($elements['code'][$key])."'"; $resql = $db->query($sqlSelect); @@ -3246,23 +3246,23 @@ function migrate_mode_reglement($db, $langs, $conf) $db->begin(); - $sqla = "UPDATE ".MAIN_DB_PREFIX."paiement SET "; - $sqla .= "fk_paiement = ".$elements['new_id'][$key]; - $sqla .= " WHERE fk_paiement = ".$old_id; - $sqla .= " AND fk_paiement IN (SELECT id FROM ".MAIN_DB_PREFIX."c_paiement WHERE id = ".$old_id." AND code = '".$db->escape($elements['code'][$key])."')"; + $sqla = "UPDATE ".MAIN_DB_PREFIX."paiement SET"; + $sqla .= " fk_paiement = ".((int) $elements['new_id'][$key]); + $sqla .= " WHERE fk_paiement = ".((int) $old_id); + $sqla .= " AND fk_paiement IN (SELECT id FROM ".MAIN_DB_PREFIX."c_paiement WHERE id = ".((int) $old_id)." AND code = '".$db->escape($elements['code'][$key])."')"; $resqla = $db->query($sqla); - $sql = "UPDATE ".MAIN_DB_PREFIX."c_paiement SET "; - $sql .= "id = ".$elements['new_id'][$key]; - $sql .= " WHERE id = ".$old_id; + $sql = "UPDATE ".MAIN_DB_PREFIX."c_paiement SET"; + $sql .= " id = ".((int) $elements['new_id'][$key]); + $sql .= " WHERE id = ".((int) $old_id); $sql .= " AND code = '".$db->escape($elements['code'][$key])."'"; $resql = $db->query($sql); if ($resqla && $resql) { foreach ($elements['tables'] as $table) { $sql = "UPDATE ".MAIN_DB_PREFIX.$table." SET "; - $sql .= "fk_mode_reglement = ".$elements['new_id'][$key]; - $sql .= " WHERE fk_mode_reglement = ".$old_id; + $sql .= "fk_mode_reglement = ".((int) $elements['new_id'][$key]); + $sql .= " WHERE fk_mode_reglement = ".((int) $old_id); $resql = $db->query($sql); if (!$resql) { @@ -3786,16 +3786,16 @@ function migrate_remise_except_entity($db, $langs, $conf) $sqlSelect2 = "SELECT f.entity"; $sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."facture as f"; - $sqlSelect2 .= " WHERE f.rowid = ".$fk_facture; + $sqlSelect2 .= " WHERE f.rowid = ".((int) $fk_facture); } elseif (!empty($obj->fk_facture_line)) { $sqlSelect2 = "SELECT f.entity"; $sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."facturedet as fd"; - $sqlSelect2 .= " WHERE fd.rowid = ".$obj->fk_facture_line; + $sqlSelect2 .= " WHERE fd.rowid = ".((int) $obj->fk_facture_line); $sqlSelect2 .= " AND fd.fk_facture = f.rowid"; } else { $sqlSelect2 = "SELECT s.entity"; $sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sqlSelect2 .= " WHERE s.rowid = ".$obj->fk_soc; + $sqlSelect2 .= " WHERE s.rowid = ".((int) $obj->fk_soc); } $resql2 = $db->query($sqlSelect2); diff --git a/htdocs/intracommreport/class/intracommreport.class.php b/htdocs/intracommreport/class/intracommreport.class.php index cd4765161e9..a36a489ea70 100644 --- a/htdocs/intracommreport/class/intracommreport.class.php +++ b/htdocs/intracommreport/class/intracommreport.class.php @@ -417,7 +417,7 @@ class IntracommReport extends CommonObject ( SELECT fk_product FROM '.MAIN_DB_PREFIX.'categorie_product - WHERE fk_categorie = '.$categ_fraisdeport->id.' + WHERE fk_categorie = '.((int) $categ_fraisdeport->id).' ) )'; diff --git a/htdocs/langs/en_US/compta.lang b/htdocs/langs/en_US/compta.lang index d42d8845aeb..befb6adf75b 100644 --- a/htdocs/langs/en_US/compta.lang +++ b/htdocs/langs/en_US/compta.lang @@ -175,6 +175,7 @@ RulesResultInOut=- It includes the real payments made on invoices, expenses, VAT RulesCADue=- It includes the customer's due invoices whether they are paid or not.
- It is based on the billing date of these invoices.
RulesCAIn=- It includes all the effective payments of invoices received from customers.
- It is based on the payment date of these invoices
RulesCATotalSaleJournal=It includes all credit lines from the Sale journal. +RulesSalesTurnoverOfIncomeAccounts=It includes all debit of product accounts in group INCOME RulesAmountOnInOutBookkeepingRecord=It includes record in your Ledger with accounting accounts that has the group "EXPENSE" or "INCOME" RulesResultBookkeepingPredefined=It includes record in your Ledger with accounting accounts that has the group "EXPENSE" or "INCOME" RulesResultBookkeepingPersonalized=It show record in your Ledger with accounting accounts grouped by personalized groups @@ -280,6 +281,7 @@ PurchaseTurnoverCollected=Purchase turnover collected RulesPurchaseTurnoverDue=- It includes the supplier's due invoices whether they are paid or not.
- It is based on the invoice date of these invoices.
RulesPurchaseTurnoverIn=- It includes all the effective payments of invoices done to suppliers.
- It is based on the payment date of these invoices
RulesPurchaseTurnoverTotalPurchaseJournal=It includes all debit lines from the purchase journal. +RulesPurchaseTurnoverOfExpenseAccounts=It includes all debit of product accounts in group EXPENSE ReportPurchaseTurnover=Purchase turnover invoiced ReportPurchaseTurnoverCollected=Purchase turnover collected IncludeVarpaysInResults = Include various payments in reports diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index b13e15b4a9f..dc2a83f2015 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -278,6 +278,7 @@ DateModificationShort=Modif. date IPModification=Modification IP DateLastModification=Latest modification date DateValidation=Validation date +DateSigning=Signing date DateClosing=Closing date DateDue=Due date DateValue=Value date diff --git a/htdocs/langs/en_US/other.lang b/htdocs/langs/en_US/other.lang index 7a895bb1ca5..5ae6c7727b3 100644 --- a/htdocs/langs/en_US/other.lang +++ b/htdocs/langs/en_US/other.lang @@ -114,6 +114,7 @@ DemoCompanyAll=Company with multiple activities (all main modules) CreatedBy=Created by %s ModifiedBy=Modified by %s ValidatedBy=Validated by %s +SignedBy=Signed by %s ClosedBy=Closed by %s CreatedById=User id who created ModifiedById=User id who made latest change diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index 8e949661c49..24dc4cef0c6 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -62,6 +62,7 @@ EnhancedValueOfWarehouses=Warehouses value UserWarehouseAutoCreate=Create a user warehouse automatically when creating a user AllowAddLimitStockByWarehouse=Manage also value for minimum and desired stock per pairing (product-warehouse) in addition to the value for minimum and desired stock per product RuleForWarehouse=Rule for warehouses +WarehouseAskWarehouseOnThirparty=Set a warehouse on thirparty WarehouseAskWarehouseDuringPropal=Set a warehouse on Commercial proposals WarehouseAskWarehouseDuringOrder=Set a warehouse on Sale orders UserDefaultWarehouse=Set a warehouse on Users @@ -184,6 +185,7 @@ inventoryCreatePermission=Create new inventory inventoryReadPermission=View inventories inventoryWritePermission=Update inventories inventoryValidatePermission=Validate inventory +inventoryDeletePermission=Delete inventory inventoryTitle=Inventory inventoryListTitle=Inventories inventoryListEmpty=No inventory in progress @@ -242,4 +244,12 @@ InventoryRealQtyHelp=Set value to 0 to reset qty
Keep field empty, or remove UpdateByScaning=Update by scaning UpdateByScaningProductBarcode=Update by scan (product barcode) UpdateByScaningLot=Update by scan (lot|serial barcode) -DisableStockChangeOfSubProduct=Deactivate the stock change for all the subproducts of this Kit during this movement. \ No newline at end of file +DisableStockChangeOfSubProduct=Deactivate the stock change for all the subproducts of this Kit during this movement. +ImportFromCSV=Import CSV list of movement +ChooseFileToImport=Upload file then click on the %s icon to select file as source import file... +SelectAStockMovementFileToImport=select a stock movement file to import +InfoTemplateImport=Uploaded file needs to have this format (* are mandatory fields):
Source Warehouse* | Target Warehouse* | Product* | Quantity* | Lot/serial number
CSV character separator must be "%s" +LabelOfInventoryMovemement=Inventory %s +ReOpen=Reopen +ConfirmFinish=Confirm closing + diff --git a/htdocs/langs/fr_FR/main.lang b/htdocs/langs/fr_FR/main.lang index 86ba2247682..a8b13c7e914 100644 --- a/htdocs/langs/fr_FR/main.lang +++ b/htdocs/langs/fr_FR/main.lang @@ -278,6 +278,7 @@ DateModificationShort=Date modif. IPModification=Modification IP DateLastModification=Date de dernière modification DateValidation=Date validation +DateSigning=Date signature DateClosing=Date clôture DateDue=Date échéance DateValue=Date valeur diff --git a/htdocs/langs/fr_FR/other.lang b/htdocs/langs/fr_FR/other.lang index 3023cd7216e..a8078129464 100644 --- a/htdocs/langs/fr_FR/other.lang +++ b/htdocs/langs/fr_FR/other.lang @@ -114,6 +114,7 @@ DemoCompanyAll=Société avec de multiples activités (tous les modules principa CreatedBy=Créé par %s ModifiedBy=Modifié par %s ValidatedBy=Validé par %s +SignedBy=Signé par %s ClosedBy=Clôturé par %s CreatedById=Id utilisateur créateur ModifiedById=Id utilisateur du dernier changement diff --git a/htdocs/langs/fr_FR/stocks.lang b/htdocs/langs/fr_FR/stocks.lang index c29c3b26d82..2d2be548f3b 100644 --- a/htdocs/langs/fr_FR/stocks.lang +++ b/htdocs/langs/fr_FR/stocks.lang @@ -62,6 +62,7 @@ EnhancedValueOfWarehouses=Valorisation des stocks UserWarehouseAutoCreate=Créer automatiquement un stock/entrepôt propre à l'utilisateur lors de sa création AllowAddLimitStockByWarehouse=Gérez également les valeurs des stocks minimums et souhaités par paire (produit-entrepôt) en plus des valeurs de minimums et souhaités par produit RuleForWarehouse=Règle pour les entrepôts +WarehouseAskWarehouseOnThirparty=Définir un entrepôt sur les tiers WarehouseAskWarehouseDuringPropal=Définir un entrepôt sur les propositions WarehouseAskWarehouseDuringOrder=Définir un entrepôt sur les commandes UserDefaultWarehouse=Définir un entrepôt sur les utilisateurs diff --git a/htdocs/loan/card.php b/htdocs/loan/card.php index 9e9e1a0a992..c3c08b6cf2f 100644 --- a/htdocs/loan/card.php +++ b/htdocs/loan/card.php @@ -636,7 +636,7 @@ if ($id > 0) { $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepayment = c.id"; $sql .= ", ".MAIN_DB_PREFIX."loan as l"; - $sql .= " WHERE p.fk_loan = ".$id; + $sql .= " WHERE p.fk_loan = ".((int) $id); $sql .= " AND p.fk_loan = l.rowid"; $sql .= " AND l.entity IN ( ".getEntity('loan').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/loan/class/loanschedule.class.php b/htdocs/loan/class/loanschedule.class.php index bc819f747ca..54d4607ab70 100644 --- a/htdocs/loan/class/loanschedule.class.php +++ b/htdocs/loan/class/loanschedule.class.php @@ -447,7 +447,7 @@ class LoanSchedule extends CommonObject $sql .= " t.fk_user_creat,"; $sql .= " t.fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; - $sql .= " WHERE t.fk_loan = ".$loanid; + $sql .= " WHERE t.fk_loan = ".((int) $loanid); dol_syslog(get_class($this)."::fetchAll", LOG_DEBUG); $resql = $this->db->query($sql); @@ -535,7 +535,7 @@ class LoanSchedule extends CommonObject { $sql = "SELECT p.datep"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as p "; - $sql .= " WHERE p.fk_loan = ".$loanid; + $sql .= " WHERE p.fk_loan = ".((int) $loanid); $sql .= " ORDER BY p.datep DESC "; $sql .= " LIMIT 1 "; @@ -563,7 +563,7 @@ class LoanSchedule extends CommonObject $sql = "SELECT p.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as p "; - $sql .= " WHERE p.fk_loan = ".$loanid; + $sql .= " WHERE p.fk_loan = ".((int) $loanid); if (!empty($datemax)) { $sql .= " AND p.datep > '".$this->db->idate($datemax)."'"; } diff --git a/htdocs/loan/class/paymentloan.class.php b/htdocs/loan/class/paymentloan.class.php index c7f1940943b..cf0a8e87f63 100644 --- a/htdocs/loan/class/paymentloan.class.php +++ b/htdocs/loan/class/paymentloan.class.php @@ -594,12 +594,12 @@ class PaymentLoan extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."payment_loan SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."payment_loan SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { - $this->fk_bank = $id_bank; + $this->fk_bank = ((int) $id_bank); return 1; } else { $this->error = $this->db->error(); diff --git a/htdocs/loan/payment/card.php b/htdocs/loan/payment/card.php index cf4466bb0da..675401e34f9 100644 --- a/htdocs/loan/payment/card.php +++ b/htdocs/loan/payment/card.php @@ -58,7 +58,7 @@ if ($id > 0) { if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->loan->delete) { $db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."loan_schedule SET fk_bank = 0 WHERE fk_bank = ".$payment->fk_bank; + $sql = "UPDATE ".MAIN_DB_PREFIX."loan_schedule SET fk_bank = 0 WHERE fk_bank = ".((int) $payment->fk_bank); $db->query($sql); $fk_loan = $payment->fk_loan; @@ -66,7 +66,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->loan->del $result = $payment->delete($user); if ($result > 0) { $db->commit(); - header("Location: ".DOL_URL_ROOT."/loan/card.php?id=".$fk_loan); + header("Location: ".DOL_URL_ROOT."/loan/card.php?id=".urlencode($fk_loan)); exit; } else { setEventMessages($payment->error, $payment->errors, 'errors'); diff --git a/htdocs/loan/payment/payment.php b/htdocs/loan/payment/payment.php index eec24d9b3e2..58783be181e 100644 --- a/htdocs/loan/payment/payment.php +++ b/htdocs/loan/payment/payment.php @@ -239,7 +239,7 @@ if ($action == 'create') { $sql = "SELECT SUM(amount_capital) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan"; - $sql .= " WHERE fk_loan = ".$chid; + $sql .= " WHERE fk_loan = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index f18022f45d6..a5d485d1b14 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -150,7 +150,7 @@ function testSqlAndScriptInject($val, $type) $inj += preg_match('/"/i', $val); // We refused " in GET parameters value. } if ($type == 2) { - $inj += preg_match('/[;"<>]/', $val); // PHP_SELF is a file system (or url path without parameters). It can contains spaces. + $inj += preg_match('/[:;"\'<>\?\(\){}\$%]/', $val); // PHP_SELF is a file system (or url path without parameters). It can contains spaces. } return $inj; @@ -438,13 +438,13 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl 'confirm_create_user', 'confirm_create_thirdparty', 'confirm_purge', 'confirm_reject_check', 'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'disable', 'doprev', 'donext', 'dvprev', 'dvnext', - 'enable' + 'enable', 'setpricelevel' ); $sensitiveget = false; if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) { $sensitiveget = true; } - if (preg_match('/^(disable_|enable_)/', GETPOST('action', 'aZ09'))) { + if (preg_match('/^(disable_|enable_|setremise)/', GETPOST('action', 'aZ09'))) { $sensitiveget = true; } diff --git a/htdocs/margin/agentMargins.php b/htdocs/margin/agentMargins.php index a27393c8bb2..1ac670c4a7f 100644 --- a/htdocs/margin/agentMargins.php +++ b/htdocs/margin/agentMargins.php @@ -290,7 +290,7 @@ if ($result) { // sql nb sellers $sql_seller = "SELECT COUNT(sc.rowid) as nb"; $sql_seller .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql_seller .= " WHERE sc.fk_soc = ".$objp->socid; + $sql_seller .= " WHERE sc.fk_soc = ".((int) $objp->socid); $sql_seller .= " LIMIT 1"; $resql_seller = $db->query($sql_seller); diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index 6a17e500a69..df687f84e56 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -579,9 +579,9 @@ class MyObject extends CommonObject $sql .= ", date_validation = '".$this->db->idate($now)."'"; } if (!empty($this->fields['fk_user_valid'])) { - $sql .= ", fk_user_valid = ".$user->id; + $sql .= ", fk_user_valid = ".((int) $user->id); } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/multicurrency/class/multicurrency.class.php b/htdocs/multicurrency/class/multicurrency.class.php index 7886bd35774..5067a6e91d5 100644 --- a/htdocs/multicurrency/class/multicurrency.class.php +++ b/htdocs/multicurrency/class/multicurrency.class.php @@ -591,7 +591,7 @@ class MultiCurrency extends CommonObject { global $db; - $sql = 'SELECT multicurrency_tx FROM '.MAIN_DB_PREFIX.$table.' WHERE rowid = '.$fk_facture; + $sql = 'SELECT multicurrency_tx FROM '.MAIN_DB_PREFIX.$table.' WHERE rowid = '.((int) $fk_facture); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/opensurvey/class/opensurveysondage.class.php b/htdocs/opensurvey/class/opensurveysondage.class.php index badb3f60149..e11fb65184a 100644 --- a/htdocs/opensurvey/class/opensurveysondage.class.php +++ b/htdocs/opensurvey/class/opensurveysondage.class.php @@ -594,7 +594,7 @@ class Opensurveysondage extends CommonObject */ public function deleteComment($id_comment) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'opensurvey_comments WHERE id_comment = '.$id_comment.' AND id_sondage = "'.$this->db->escape($this->id_sondage).'"'; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'opensurvey_comments WHERE id_comment = '.((int) $id_comment).' AND id_sondage = "'.$this->db->escape($this->id_sondage).'"'; $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index 25bd65a77fe..6d12259a39f 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -53,7 +53,7 @@ $nblines = $object->fetch_lines(); // Return to the results if (GETPOST('retoursondage')) { - header('Location: results.php?id='.$_GET['id']); + header('Location: results.php?id='.GETPOST('id', 'int')); exit; } @@ -283,7 +283,7 @@ for ($i = 0; $i < $nblines; $i++) { if ($compteur == $i) { $sql2 = 'DELETE FROM '.MAIN_DB_PREFIX.'opensurvey_user_studs'; - $sql2 .= ' WHERE id_users = '.$db->escape($obj->id_users); + $sql2 .= " WHERE id_users = ".((int) $obj->id_users); $resql2 = $db->query($sql2); } diff --git a/htdocs/product/admin/price_rules.php b/htdocs/product/admin/price_rules.php index fada766f065..2166ada6138 100644 --- a/htdocs/product/admin/price_rules.php +++ b/htdocs/product/admin/price_rules.php @@ -86,7 +86,7 @@ if ($action == 'update') { if (!$db->query($sql)) { //If we could not create, then we try updating $sql = "UPDATE ".MAIN_DB_PREFIX."product_pricerules"; - $sql .= " SET fk_level = ".$db->escape($i_fk_level).", var_percent = ".$i_var_percent.", var_min_percent = ".$i_var_min_percent." WHERE level = ".$i; + $sql .= " SET fk_level = ".$db->escape($i_fk_level).", var_percent = ".$i_var_percent.", var_min_percent = ".$i_var_min_percent." WHERE level = ".((int) $i); if (!$db->query($sql)) { setEventMessages($langs->trans('ErrorSavingChanges'), null, 'errors'); diff --git a/htdocs/product/ajax/products.php b/htdocs/product/ajax/products.php index 9dacb4e547d..b09c29f75da 100644 --- a/htdocs/product/ajax/products.php +++ b/htdocs/product/ajax/products.php @@ -68,8 +68,6 @@ $hidepriceinlabel = GETPOST('hidepriceinlabel', 'int'); */ // print ''."\n"; - -dol_syslog(join(',', $_GET)); // print_r($_GET); if (!empty($action) && $action == 'fetch' && !empty($id)) { diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 2c0531acaea..094ce8670a9 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -940,20 +940,6 @@ if (empty($reshook)) { * View */ -$title = $langs->trans('ProductServiceCard'); -$helpurl = ''; -$shortlabel = dol_trunc($object->label, 16); -if (GETPOST("type") == '0' || ($object->type == Product::TYPE_PRODUCT)) { - $title = $langs->trans('Product')." ".$shortlabel." - ".$langs->trans('Card'); - $helpurl = 'EN:Module_Products|FR:Module_Produits|ES:Módulo_Productos|DE:Modul_Produkte'; -} -if (GETPOST("type") == '1' || ($object->type == Product::TYPE_SERVICE)) { - $title = $langs->trans('Service')." ".$shortlabel." - ".$langs->trans('Card'); - $helpurl = 'EN:Module_Services_En|FR:Module_Services|ES:Módulo_Servicios|DE:Modul_Leistungen'; -} - -llxHeader('', $title, $helpurl); - $form = new Form($db); $formfile = new FormFile($db); $formproduct = new FormProduct($db); @@ -962,6 +948,21 @@ if (!empty($conf->accounting->enabled)) { $formaccounting = new FormAccounting($db); } + +$title = $langs->trans('ProductServiceCard'); +$help_url = ''; +$shortlabel = dol_trunc($object->label, 16); +if (GETPOST("type") == '0' || ($object->type == Product::TYPE_PRODUCT)) { + $title = $langs->trans('Product')." ".$shortlabel." - ".$langs->trans('Card'); + $help_url = 'EN:Module_Products|FR:Module_Produits|ES:Módulo_Productos|DE:Modul_Produkte'; +} +if (GETPOST("type") == '1' || ($object->type == Product::TYPE_SERVICE)) { + $title = $langs->trans('Service')." ".$shortlabel." - ".$langs->trans('Card'); + $help_url = 'EN:Module_Services_En|FR:Module_Services|ES:Módulo_Servicios|DE:Modul_Leistungen'; +} + +llxHeader('', $title, $help_url); + // Load object modBarCodeProduct $res = 0; if (!empty($conf->barcode->enabled) && !empty($conf->global->BARCODE_PRODUCT_ADDON_NUM)) { @@ -984,7 +985,6 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // When used with CANVAS // ----------------------------------------- if (empty($object->error) && $id) { - $object = new Product($db); $result = $object->fetch($id); if ($result <= 0) { dol_print_error('', $object->error); @@ -1465,6 +1465,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { /* * Product card */ + // Fiche en mode edition if ($action == 'edit' && $usercancreate) { //WYSIWYG Editor diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 77b73074b38..16bbc508ac9 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -725,7 +725,7 @@ class Product extends CommonObject // update accountancy for this entity if (!$error && !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_accounting ("; + $sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_perentity ("; $sql .= " fk_product"; $sql .= ", entity"; $sql .= ", accountancy_code_buy"; @@ -1119,9 +1119,9 @@ class Product extends CommonObject // update accountancy for this entity if (!$error && !empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "product_accounting WHERE fk_product = " . $this->id . " AND entity = " . $conf->entity); + $this->db->query("DELETE FROM " . MAIN_DB_PREFIX . "product_perentity WHERE fk_product = " . $this->id . " AND entity = " . $conf->entity); - $sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_accounting ("; + $sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_perentity ("; $sql .= " fk_product"; $sql .= ", entity"; $sql .= ", accountancy_code_buy"; @@ -1820,9 +1820,9 @@ class Product extends CommonObject $sql .= ", pfp.packaging"; } $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; - $sql .= " WHERE pfp.rowid = ".$prodfournprice; + $sql .= " WHERE pfp.rowid = ".((int) $prodfournprice); if ($qty > 0) { - $sql .= " AND pfp.quantity <= ".$qty; + $sql .= " AND pfp.quantity <= ".((float) $qty); } $sql .= " ORDER BY pfp.quantity DESC"; @@ -1874,15 +1874,15 @@ class Product extends CommonObject $sql .= " pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code,"; $sql .= " pfp.packaging"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; - $sql .= " WHERE pfp.fk_product = ".$product_id; + $sql .= " WHERE pfp.fk_product = ".((int) $product_id); if ($fourn_ref != 'none') { $sql .= " AND pfp.ref_fourn = '".$this->db->escape($fourn_ref)."'"; } if ($fk_soc > 0) { - $sql .= " AND pfp.fk_soc = ".$fk_soc; + $sql .= " AND pfp.fk_soc = ".((int) $fk_soc); } if ($qty > 0) { - $sql .= " AND pfp.quantity <= ".$qty; + $sql .= " AND pfp.quantity <= ".((float) $qty); } $sql .= " ORDER BY pfp.quantity DESC"; $sql .= " LIMIT 1"; @@ -2172,20 +2172,20 @@ class Product extends CommonObject } $sql .= " p.stock,p.pmp, p.datec, p.tms, p.import_key, p.entity, p.desiredstock, p.tobatch, p.fk_unit,"; $sql .= " p.fk_price_expression, p.price_autogen, p.model_pdf"; - $sql .= " FROM ".MAIN_DB_PREFIX."product"; + $sql .= " FROM ".MAIN_DB_PREFIX."product as p"; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } if ($id) { - $sql .= " WHERE rowid = ".(int) $id; + $sql .= " WHERE p.rowid = ".((int) $id); } else { - $sql .= " WHERE entity IN (".getEntity($this->element).")"; + $sql .= " WHERE p.entity IN (".getEntity($this->element).")"; if ($ref) { - $sql .= " AND ref = '".$this->db->escape($ref)."'"; + $sql .= " AND p.ref = '".$this->db->escape($ref)."'"; } elseif ($ref_ext) { - $sql .= " AND ref_ext = '".$this->db->escape($ref_ext)."'"; + $sql .= " AND p.ref_ext = '".$this->db->escape($ref_ext)."'"; } elseif ($barcode) { - $sql .= " AND barcode = '".$this->db->escape($barcode)."'"; + $sql .= " AND p.barcode = '".$this->db->escape($barcode)."'"; } } @@ -2360,7 +2360,7 @@ class Product extends CommonObject $sql = "SELECT price, price_ttc, price_min, price_min_ttc,"; $sql .= " price_base_type, tva_tx, default_vat_code, tosell, price_by_qty, rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; - $sql .= " WHERE fk_product = ".$this->id; + $sql .= " WHERE fk_product = ".((int) $this->id); $sql .= " ORDER BY date_price DESC, rowid DESC"; $sql .= " LIMIT 1"; $resql = $this->db->query($sql); @@ -2374,7 +2374,7 @@ class Product extends CommonObject if ($this->prices_by_qty[0] == 1) { $sql = "SELECT rowid,price, unitprice, quantity, remise_percent, remise, remise, price_base_type"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price = ".$this->prices_by_qty_id[0]; + $sql .= " WHERE fk_product_price = ".((int) $this->prices_by_qty_id[0]); $sql .= " ORDER BY quantity ASC"; $resultat = array(); $resql = $this->db->query($sql); @@ -3862,7 +3862,7 @@ class Product extends CommonObject // Check not already father of id_pere (to avoid father -> child -> father links) $sql = 'SELECT fk_product_pere from '.MAIN_DB_PREFIX.'product_association'; - $sql .= ' WHERE fk_product_pere = '.$id_fils.' AND fk_product_fils = '.$id_pere; + $sql .= ' WHERE fk_product_pere = '.((int) $id_fils).' AND fk_product_fils = '.((int) $id_pere); if (!$this->db->query($sql)) { dol_print_error($this->db); return -1; @@ -3875,7 +3875,7 @@ class Product extends CommonObject return -1; } else { $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association(fk_product_pere,fk_product_fils,qty,incdec)'; - $sql .= ' VALUES ('.$id_pere.', '.$id_fils.', '.$qty.', '.$incdec.')'; + $sql .= ' VALUES ('.((int) $id_pere).', '.((int) $id_fils).', '.((float) $qty).', '.((int) $incdec).')'; if (!$this->db->query($sql)) { dol_print_error($this->db); return -1; @@ -3946,8 +3946,8 @@ class Product extends CommonObject } $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_association"; - $sql .= " WHERE fk_product_pere = ".$fk_parent; - $sql .= " AND fk_product_fils = ".$fk_child; + $sql .= " WHERE fk_product_pere = ".((int) $fk_parent); + $sql .= " AND fk_product_fils = ".((int) $fk_child); dol_syslog(get_class($this).'::del_sousproduit', LOG_DEBUG); if (!$this->db->query($sql)) { @@ -4040,14 +4040,14 @@ class Product extends CommonObject $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_soc = ".$id_fourn; + $sql .= " WHERE fk_soc = ".((int) $id_fourn); if ($ref_fourn) { $sql .= " AND ref_fourn = '".$this->db->escape($ref_fourn)."'"; } else { $sql .= " AND (ref_fourn = '' OR ref_fourn IS NULL)"; } - $sql .= " AND quantity = ".$quantity; - $sql .= " AND fk_product = ".$this->id; + $sql .= " AND quantity = ".((float) $quantity); + $sql .= " AND fk_product = ".((int) $this->id); $sql .= " AND entity IN (".getEntity('productsupplierprice').")"; $resql = $this->db->query($sql); @@ -4198,7 +4198,7 @@ class Product extends CommonObject $sql .= ", multicurrency_price"; $sql .= ", multicurrency_price_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; - $sql .= " WHERE fk_product = ".$fromId; + $sql .= " WHERE fk_product = ".((int) $fromId); $sql .= " ORDER BY date_price DESC"; if ($conf->global->PRODUIT_MULTIPRICES_LIMIT > 0) { $sql .= " LIMIT ".$conf->global->PRODUIT_MULTIPRICES_LIMIT; @@ -4230,7 +4230,7 @@ class Product extends CommonObject $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association (fk_product_pere, fk_product_fils, qty)'; $sql .= " SELECT ".$toId.", fk_product_fils, qty FROM ".MAIN_DB_PREFIX."product_association"; - $sql .= " WHERE fk_product_pere = ".$fromId; + $sql .= " WHERE fk_product_pere = ".((int) $fromId); dol_syslog(get_class($this).'::clone_association', LOG_DEBUG); if (!$this->db->query($sql)) { @@ -4262,7 +4262,7 @@ class Product extends CommonObject . " datec, fk_product, fk_soc, ref_fourn, fk_user_author )" . " SELECT '".$this->db->idate($now)."', ".$toId.", fk_soc, ref_fourn, fk_user_author" . " FROM ".MAIN_DB_PREFIX."product_fournisseur" - . " WHERE fk_product = ".$fromId; + . " WHERE fk_product = ".((int) $fromId); if ( ! $this->db->query($sql ) ) { @@ -4273,9 +4273,9 @@ class Product extends CommonObject // les prix de fournisseurs. $sql = "INSERT ".MAIN_DB_PREFIX."product_fournisseur_price ("; $sql .= " datec, fk_product, fk_soc, price, quantity, fk_user)"; - $sql .= " SELECT '".$this->db->idate($now)."', ".$toId.", fk_soc, price, quantity, fk_user"; + $sql .= " SELECT '".$this->db->idate($now)."', ".((int) $toId).", fk_soc, price, quantity, fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_product = ".$fromId; + $sql .= " WHERE fk_product = ".((int) $fromId); dol_syslog(get_class($this).'::clone_fournisseurs', LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 046aed05a10..9b0d29b4cdd 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -814,7 +814,7 @@ class Productcustomerprice extends CommonObject // Find all susidiaries $sql = "SELECT s.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql .= " WHERE s.parent = ".$this->fk_soc; + $sql .= " WHERE s.parent = ".((int) $this->fk_soc); $sql .= " AND s.entity IN (".getEntity('societe').")"; dol_syslog(get_class($this)."::setPriceOnAffiliateThirdparty", LOG_DEBUG); diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php new file mode 100644 index 00000000000..709afcb6d20 --- /dev/null +++ b/htdocs/product/class/productfournisseurprice.class.php @@ -0,0 +1,843 @@ + + * Copyright (C) 2021 Alexis LAURIER + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file class/productfournisseurprice.class.php + * \ingroup product + * \brief This file is a CRUD class file for ProductFournisseurPrice (Create/Read/Update/Delete) + */ + +// Put here all includes required by your class file +require_once DOL_DOCUMENT_ROOT.'/core/class/commonobject.class.php'; + +/** + * Class for ProductFournisseurPrice + */ +class ProductFournisseurPrice extends CommonObject +{ + /** + * @var string ID to identify managed object. + */ + public $element = 'productfournisseurprice'; + + /** + * @var string Name of table without prefix where object is stored. This is also the key used for extrafields management. + */ + public $table_element = 'product_fournisseur_price'; + + /** + * @var int Does this object support multicompany module ? + * 0=No test on entity, 1=Test with field entity, 'field@table'=Test with link by field@table + */ + public $ismultientitymanaged = 1; + + /** + * @var int Does object support extrafields ? 0=No, 1=Yes + */ + public $isextrafieldmanaged = 1; + + /** + * @var string String with name of icon for productfournisseurprice. Must be the part after the 'object_' into object_productfournisseurprice.png + */ + public $picto = 'productfournisseurprice@buypricehistory'; + + + const STATUS_DRAFT = 0; + const STATUS_VALIDATED = 1; + const STATUS_CANCELED = 9; + + + /** + * 'type' field format ('integer', 'integer:ObjectClass:PathToClass[:AddCreateButtonOrNot[:Filter]]', 'sellist:TableName:LabelFieldName[:KeyFieldName[:KeyFieldParent[:Filter]]]', 'varchar(x)', 'double(24,8)', 'real', 'price', 'text', 'text:none', 'html', 'date', 'datetime', 'timestamp', 'duration', 'mail', 'phone', 'url', 'password') + * Note: Filter can be a string like "(t.ref:like:'SO-%') or (t.date_creation:<:'20160101') or (t.nature:is:NULL)" + * 'label' the translation key. + * 'picto' is code of a picto to show before value in forms + * 'enabled' is a condition when the field must be managed (Example: 1 or '$conf->global->MY_SETUP_PARAM) + * 'position' is the sort order of field. + * 'notnull' is set to 1 if not null in database. Set to -1 if we must set data to null if empty ('' or 0). + * 'visible' says if field is visible in list (Examples: 0=Not visible, 1=Visible on list and create/update/view forms, 2=Visible on list only, 3=Visible on create/update/view form only (not list), 4=Visible on list and update/view form only (not create). 5=Visible on list and view only (not create/not update). Using a negative value means field is not shown by default on list but can be selected for viewing) + * 'noteditable' says if field is not editable (1 or 0) + * 'default' is a default value for creation (can still be overwrote by the Setup of Default Values if field is editable in creation form). Note: If default is set to '(PROV)' and field is 'ref', the default value will be set to '(PROVid)' where id is rowid when a new record is created. + * 'index' if we want an index in database. + * 'foreignkey'=>'tablename.field' if the field is a foreign key (it is recommanded to name the field fk_...). + * 'searchall' is 1 if we want to search in this field when making a search from the quick search button. + * 'isameasure' must be set to 1 if you want to have a total on list for this field. Field type must be summable like integer or double(24,8). + * 'css' and 'cssview' and 'csslist' is the CSS style to use on field. 'css' is used in creation and update. 'cssview' is used in view mode. 'csslist' is used for columns in lists. For example: 'maxwidth200', 'wordbreak', 'tdoverflowmax200' + * 'help' is a 'TranslationString' to use to show a tooltip on field. You can also use 'TranslationString:keyfortooltiponlick' for a tooltip on click. + * 'showoncombobox' if value of the field must be visible into the label of the combobox that list record + * 'disabled' is 1 if we want to have the field locked by a 'disabled' attribute. In most cases, this is never set into the definition of $fields into class, but is set dynamically by some part of code. + * 'arraykeyval' to set list of value if type is a list of predefined values. For example: array("0"=>"Draft","1"=>"Active","-1"=>"Cancel") + * 'autofocusoncreate' to have field having the focus on a create form. Only 1 field should have this property set to 1. + * 'comment' is not used. You can store here any text of your choice. It is not used by application. + * + * Note: To have value dynamic, you can set value to 0 in definition and edit the value on the fly into the constructor. + */ + + // BEGIN MODULEBUILDER PROPERTIES + /** + * @var array Array with all fields and their property. Do not use it as a static var. It may be modified by constructor. + */ + public $fields=array( + 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>10, 'notnull'=>1, 'visible'=>0,), + 'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>'1', 'position'=>15, 'notnull'=>1, 'visible'=>-2, 'default'=>'1', 'index'=>1,), + 'datec' => array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>'1', 'position'=>20, 'notnull'=>0, 'visible'=>-1,), + 'tms' => array('type'=>'timestamp', 'label'=>'DateModification', 'enabled'=>'1', 'position'=>25, 'notnull'=>1, 'visible'=>-1,), + 'fk_product' => array('type'=>'integer:Product:product/class/product.class.php:1', 'label'=>'Fkproduct', 'enabled'=>'1', 'position'=>30, 'notnull'=>0, 'visible'=>-1,), + 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>35, 'notnull'=>0, 'visible'=>-1,), + 'ref_fourn' => array('type'=>'varchar(255)', 'label'=>'Reffourn', 'enabled'=>'1', 'position'=>40, 'notnull'=>0, 'visible'=>-1,), + 'desc_fourn' => array('type'=>'text', 'label'=>'Descfourn', 'enabled'=>'1', 'position'=>45, 'notnull'=>0, 'visible'=>-1,), + 'fk_availability' => array('type'=>'integer', 'label'=>'Fkavailability', 'enabled'=>'1', 'position'=>50, 'notnull'=>0, 'visible'=>-1,), + 'price' => array('type'=>'double(24,8)', 'label'=>'Price', 'enabled'=>'1', 'position'=>55, 'notnull'=>0, 'visible'=>-1,), + 'quantity' => array('type'=>'double', 'label'=>'Quantity', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>-1,), + 'remise_percent' => array('type'=>'double', 'label'=>'Remisepercent', 'enabled'=>'1', 'position'=>65, 'notnull'=>1, 'visible'=>-1,), + 'remise' => array('type'=>'double', 'label'=>'Remise', 'enabled'=>'1', 'position'=>70, 'notnull'=>1, 'visible'=>-1,), + 'unitprice' => array('type'=>'double(24,8)', 'label'=>'Unitprice', 'enabled'=>'1', 'position'=>75, 'notnull'=>0, 'visible'=>-1,), + 'charges' => array('type'=>'double(24,8)', 'label'=>'Charges', 'enabled'=>'1', 'position'=>80, 'notnull'=>0, 'visible'=>-1,), + 'default_vat_code' => array('type'=>'varchar(10)', 'label'=>'Defaultvatcode', 'enabled'=>'1', 'position'=>85, 'notnull'=>0, 'visible'=>-1,), + 'tva_tx' => array('type'=>'double(6,3)', 'label'=>'Tvatx', 'enabled'=>'1', 'position'=>90, 'notnull'=>1, 'visible'=>-1,), + 'info_bits' => array('type'=>'integer', 'label'=>'Infobits', 'enabled'=>'1', 'position'=>95, 'notnull'=>1, 'visible'=>-1,), + 'fk_user' => array('type'=>'integer:User:user/class/user.class.php', 'label'=>'Fkuser', 'enabled'=>'1', 'position'=>100, 'notnull'=>0, 'visible'=>-1,), + 'fk_supplier_price_expression' => array('type'=>'integer', 'label'=>'Fksupplierpriceexpression', 'enabled'=>'1', 'position'=>105, 'notnull'=>0, 'visible'=>-1,), + 'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>'1', 'position'=>900, 'notnull'=>0, 'visible'=>-2,), + 'delivery_time_days' => array('type'=>'integer', 'label'=>'Deliverytimedays', 'enabled'=>'1', 'position'=>115, 'notnull'=>0, 'visible'=>-1,), + 'supplier_reputation' => array('type'=>'varchar(10)', 'label'=>'Supplierreputation', 'enabled'=>'1', 'position'=>120, 'notnull'=>0, 'visible'=>-1,), + 'fk_multicurrency' => array('type'=>'integer', 'label'=>'Fkmulticurrency', 'enabled'=>'1', 'position'=>125, 'notnull'=>0, 'visible'=>-1,), + 'multicurrency_code' => array('type'=>'varchar(255)', 'label'=>'Multicurrencycode', 'enabled'=>'1', 'position'=>130, 'notnull'=>0, 'visible'=>-1,), + 'multicurrency_tx' => array('type'=>'double(24,8)', 'label'=>'Multicurrencytx', 'enabled'=>'1', 'position'=>135, 'notnull'=>0, 'visible'=>-1,), + 'multicurrency_price' => array('type'=>'double(24,8)', 'label'=>'Multicurrencyprice', 'enabled'=>'1', 'position'=>140, 'notnull'=>0, 'visible'=>-1,), + 'multicurrency_unitprice' => array('type'=>'double(24,8)', 'label'=>'Multicurrencyunitprice', 'enabled'=>'1', 'position'=>145, 'notnull'=>0, 'visible'=>-1,), + 'localtax1_tx' => array('type'=>'double(6,3)', 'label'=>'Localtax1tx', 'enabled'=>'1', 'position'=>150, 'notnull'=>0, 'visible'=>-1,), + 'localtax1_type' => array('type'=>'varchar(10)', 'label'=>'Localtax1type', 'enabled'=>'1', 'position'=>155, 'notnull'=>1, 'visible'=>-1,), + 'localtax2_tx' => array('type'=>'double(6,3)', 'label'=>'Localtax2tx', 'enabled'=>'1', 'position'=>160, 'notnull'=>0, 'visible'=>-1,), + 'localtax2_type' => array('type'=>'varchar(10)', 'label'=>'Localtax2type', 'enabled'=>'1', 'position'=>165, 'notnull'=>1, 'visible'=>-1,), + 'barcode' => array('type'=>'varchar(180)', 'label'=>'Barcode', 'enabled'=>'1', 'position'=>170, 'notnull'=>0, 'visible'=>-1,), + 'fk_barcode_type' => array('type'=>'integer', 'label'=>'Fkbarcodetype', 'enabled'=>'1', 'position'=>175, 'notnull'=>0, 'visible'=>-1,), + 'packaging' => array('type'=>'varchar(64)', 'label'=>'Packaging', 'enabled'=>'1', 'position'=>180, 'notnull'=>0, 'visible'=>-1,), + ); + public $rowid; + public $entity; + public $datec; + public $tms; + public $fk_product; + public $fk_soc; + public $ref_fourn; + public $desc_fourn; + public $fk_availability; + public $price; + public $quantity; + public $remise_percent; + public $remise; + public $unitprice; + public $charges; + public $default_vat_code; + public $tva_tx; + public $info_bits; + public $fk_user; + public $fk_supplier_price_expression; + public $import_key; + public $delivery_time_days; + public $supplier_reputation; + public $fk_multicurrency; + public $multicurrency_code; + public $multicurrency_tx; + public $multicurrency_price; + public $multicurrency_unitprice; + public $localtax1_tx; + public $localtax1_type; + public $localtax2_tx; + public $localtax2_type; + public $barcode; + public $fk_barcode_type; + public $packaging; + // END MODULEBUILDER PROPERTIES + + /** + * Constructor + * + * @param DoliDb $db Database handler + */ + public function __construct(DoliDB $db) + { + global $conf, $langs; + + $this->db = $db; + + if (empty($conf->global->MAIN_SHOW_TECHNICAL_ID) && isset($this->fields['rowid'])) $this->fields['rowid']['visible'] = 0; + if (empty($conf->multicompany->enabled) && isset($this->fields['entity'])) $this->fields['entity']['enabled'] = 0; + + // Unset fields that are disabled + foreach ($this->fields as $key => $val) { + if (isset($val['enabled']) && empty($val['enabled'])) { + unset($this->fields[$key]); + } + } + } + + /** + * Create object into database + * + * @param User $user User that creates + * @param bool $notrigger false=launch triggers after, true=disable triggers + * @return int <0 if KO, Id of created object if OK + */ + public function create(User $user, $notrigger = false) + { + return $this->createCommon($user, $notrigger); + } + + /** + * Clone an object into another one + * + * @param User $user User that creates + * @param int $fromid Id of object to clone + * @return mixed New object created, <0 if KO + */ + public function createFromClone(User $user, $fromid) + { + global $langs, $extrafields; + $error = 0; + + dol_syslog(__METHOD__, LOG_DEBUG); + + $object = new self($this->db); + + $this->db->begin(); + + // Load source object + $result = $object->fetchCommon($fromid); + if ($result > 0 && !empty($object->table_element_line)) $object->fetchLines(); + + // get lines so they will be clone + //foreach($this->lines as $line) + // $line->fetch_optionals(); + + // Reset some properties + unset($object->id); + unset($object->fk_user_creat); + unset($object->import_key); + + // Clear fields + if (property_exists($object, 'ref')) $object->ref = empty($this->fields['ref']['default']) ? "Copy_Of_".$object->ref : $this->fields['ref']['default']; + if (property_exists($object, 'label')) $object->label = empty($this->fields['label']['default']) ? $langs->trans("CopyOf")." ".$object->label : $this->fields['label']['default']; + if (property_exists($object, 'status')) { $object->status = self::STATUS_DRAFT; } + if (property_exists($object, 'date_creation')) { $object->date_creation = dol_now(); } + if (property_exists($object, 'date_modification')) { $object->date_modification = null; } + // ... + // Clear extrafields that are unique + if (is_array($object->array_options) && count($object->array_options) > 0) { + $extrafields->fetch_name_optionals_label($this->table_element); + foreach ($object->array_options as $key => $option) { + $shortkey = preg_replace('/options_/', '', $key); + if (!empty($extrafields->attributes[$this->table_element]['unique'][$shortkey])) { + //var_dump($key); var_dump($clonedObj->array_options[$key]); exit; + unset($object->array_options[$key]); + } + } + } + + // Create clone + $object->context['createfromclone'] = 'createfromclone'; + $result = $object->createCommon($user); + if ($result < 0) { + $error++; + $this->error = $object->error; + $this->errors = $object->errors; + } + + if (!$error) { + // copy internal contacts + if ($this->copy_linked_contact($object, 'internal') < 0) { + $error++; + } + } + + if (!$error) { + // copy external contacts if same company + if (property_exists($this, 'socid') && $this->socid == $object->socid) { + if ($this->copy_linked_contact($object, 'external') < 0) + $error++; + } + } + + unset($object->context['createfromclone']); + + // End + if (!$error) { + $this->db->commit(); + return $object; + } else { + $this->db->rollback(); + return -1; + } + } + + /** + * Load object in memory from the database + * + * @param int $id Id object + * @return int <0 if KO, 0 if not found, >0 if OK + */ + public function fetch($id) + { + return $this->fetchCommon($id); + } + + /** + * Load list of objects in memory from the database. + * + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit limit + * @param int $offset Offset + * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) + * @param string $filtermode Filter mode (AND or OR) + * @return array|int int <0 if KO, array of pages if OK + */ + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + { + global $conf; + + dol_syslog(__METHOD__, LOG_DEBUG); + + $records = array(); + + $sql = 'SELECT '; + $sql .= $this->getFieldList(); + $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; + if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 1) $sql .= ' WHERE t.entity IN ('.getEntity($this->element).')'; + else $sql .= ' WHERE 1 = 1'; + // Manage filter + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid') { + $sqlwhere[] = $key.'='.$value; + } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { + $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + } elseif ($key == 'customsql') { + $sqlwhere[] = $value; + } elseif (strpos($value, '%') === false) { + $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + } else { + $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + } + } + } + if (count($sqlwhere) > 0) { + $sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')'; + } + + if (!empty($sortfield)) { + $sql .= $this->db->order($sortfield, $sortorder); + } + if (!empty($limit)) { + $sql .= ' '.$this->db->plimit($limit, $offset); + } + + $resql = $this->db->query($sql); + if ($resql) { + $num = $this->db->num_rows($resql); + $i = 0; + while ($i < ($limit ? min($limit, $num) : $num)) { + $obj = $this->db->fetch_object($resql); + + $record = new self($this->db); + $record->setVarsFromFetchObj($obj); + + $records[$record->id] = $record; + + $i++; + } + $this->db->free($resql); + + return $records; + } else { + $this->errors[] = 'Error '.$this->db->lasterror(); + dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + + return -1; + } + } + + /** + * Update object into database + * + * @param User $user User that modifies + * @param bool $notrigger false=launch triggers after, true=disable triggers + * @return int <0 if KO, >0 if OK + */ + public function update(User $user, $notrigger = false) + { + return $this->updateCommon($user, $notrigger); + } + + /** + * Delete object in database + * + * @param User $user User that deletes + * @param bool $notrigger false=launch triggers after, true=disable triggers + * @return int <0 if KO, >0 if OK + */ + public function delete(User $user, $notrigger = false) + { + return $this->deleteCommon($user, $notrigger); + } + + /** + * Validate object + * + * @param User $user User making status change + * @param int $notrigger 1=Does not execute triggers, 0= execute triggers + * @return int <=0 if OK, 0=Nothing done, >0 if KO + */ + public function validate($user, $notrigger = 0) + { + global $conf, $langs; + + require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + + $error = 0; + + // Protection + if ($this->status == self::STATUS_VALIDATED) { + dol_syslog(get_class($this)."::validate action abandonned: already validated", LOG_WARNING); + return 0; + } + + $now = dol_now(); + + $this->db->begin(); + + // Define new ref + if (!$error && (preg_match('/^[\(]?PROV/i', $this->ref) || empty($this->ref))) { // empty should not happened, but when it occurs, the test save life + $num = $this->getNextNumRef(); + } else { + $num = $this->ref; + } + $this->newref = $num; + + if (!empty($num)) { + // Validate + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; + $sql .= " SET ref = '".$this->db->escape($num)."',"; + $sql .= " status = ".self::STATUS_VALIDATED; + if (!empty($this->fields['date_validation'])) $sql .= ", date_validation = '".$this->db->idate($now)."'"; + if (!empty($this->fields['fk_user_valid'])) $sql .= ", fk_user_valid = ".$user->id; + $sql .= " WHERE rowid = ".((int) $this->id); + + dol_syslog(get_class($this)."::validate()", LOG_DEBUG); + $resql = $this->db->query($sql); + if (!$resql) { + dol_print_error($this->db); + $this->error = $this->db->lasterror(); + $error++; + } + + if (!$error && !$notrigger) { + // Call trigger + $result = $this->call_trigger('PRODUCTFOURNISSEURPRICE_VALIDATE', $user); + if ($result < 0) $error++; + // End call triggers + } + } + + if (!$error) { + $this->oldref = $this->ref; + + // Rename directory if dir was a temporary ref + if (preg_match('/^[\(]?PROV/i', $this->ref)) { + // Now we rename also files into index + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'productfournisseurprice/".$this->db->escape($this->newref)."'"; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'productfournisseurprice/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $resql = $this->db->query($sql); + if (!$resql) { $error++; $this->error = $this->db->lasterror(); } + + // We rename directory ($this->ref = old ref, $num = new ref) in order not to lose the attachments + $oldref = dol_sanitizeFileName($this->ref); + $newref = dol_sanitizeFileName($num); + $dirsource = $conf->buypricehistory->dir_output.'/productfournisseurprice/'.$oldref; + $dirdest = $conf->buypricehistory->dir_output.'/productfournisseurprice/'.$newref; + if (!$error && file_exists($dirsource)) { + dol_syslog(get_class($this)."::validate() rename dir ".$dirsource." into ".$dirdest); + + if (@rename($dirsource, $dirdest)) { + dol_syslog("Rename ok"); + // Rename docs starting with $oldref with $newref + $listoffiles = dol_dir_list($conf->buypricehistory->dir_output.'/productfournisseurprice/'.$newref, 'files', 1, '^'.preg_quote($oldref, '/')); + foreach ($listoffiles as $fileentry) { + $dirsource = $fileentry['name']; + $dirdest = preg_replace('/^'.preg_quote($oldref, '/').'/', $newref, $dirsource); + $dirsource = $fileentry['path'].'/'.$dirsource; + $dirdest = $fileentry['path'].'/'.$dirdest; + @rename($dirsource, $dirdest); + } + } + } + } + } + + // Set new ref and current status + if (!$error) { + $this->ref = $num; + $this->status = self::STATUS_VALIDATED; + } + + if (!$error) { + $this->db->commit(); + return 1; + } else { + $this->db->rollback(); + return -1; + } + } + + + /** + * Set draft status + * + * @param User $user Object user that modify + * @param int $notrigger 1=Does not execute triggers, 0=Execute triggers + * @return int <0 if KO, >0 if OK + */ + public function setDraft($user, $notrigger = 0) + { + // Protection + if ($this->status <= self::STATUS_DRAFT) { + return 0; + } + + return $this->setStatusCommon($user, self::STATUS_DRAFT, $notrigger, 'PRODUCTFOURNISSEURPRICE_UNVALIDATE'); + } + + /** + * Set cancel status + * + * @param User $user Object user that modify + * @param int $notrigger 1=Does not execute triggers, 0=Execute triggers + * @return int <0 if KO, 0=Nothing done, >0 if OK + */ + public function cancel($user, $notrigger = 0) + { + // Protection + if ($this->status != self::STATUS_VALIDATED) { + return 0; + } + + return $this->setStatusCommon($user, self::STATUS_CANCELED, $notrigger, 'PRODUCTFOURNISSEURPRICE_CANCEL'); + } + + /** + * Set back to validated status + * + * @param User $user Object user that modify + * @param int $notrigger 1=Does not execute triggers, 0=Execute triggers + * @return int <0 if KO, 0=Nothing done, >0 if OK + */ + public function reopen($user, $notrigger = 0) + { + // Protection + if ($this->status != self::STATUS_CANCELED) { + return 0; + } + + return $this->setStatusCommon($user, self::STATUS_VALIDATED, $notrigger, 'PRODUCTFOURNISSEURPRICE_REOPEN'); + } + + /** + * Return a link to the object card (with optionaly the picto) + * + * @param int $withpicto Include picto in link (0=No picto, 1=Include picto into link, 2=Only picto) + * @param string $option On what the link point to ('nolink', ...) + * @param int $notooltip 1=Disable tooltip + * @param string $morecss Add more css on link + * @param int $save_lastsearch_value -1=Auto, 0=No save of lastsearch_values when clicking, 1=Save lastsearch_values whenclicking + * @return string String with URL + */ + public function getNomUrl($withpicto = 0, $option = '', $notooltip = 0, $morecss = '', $save_lastsearch_value = -1) + { + global $conf, $langs, $hookmanager; + + if (!empty($conf->dol_no_mouse_hover)) $notooltip = 1; // Force disable tooltips + + $result = ''; + + $label = img_picto('', $this->picto).' '.$langs->trans("ProductFournisseurPrice").''; + if (isset($this->status)) { + $label .= ' '.$this->getLibStatut(5); + } + $label .= '
'; + $label .= ''.$langs->trans('Ref').': '.$this->ref; + + $url = dol_buildpath('/buypricehistory/productfournisseurprice_card.php', 1).'?id='.$this->id; + + if ($option != 'nolink') { + // Add param to save lastsearch_values or not + $add_save_lastsearch_values = ($save_lastsearch_value == 1 ? 1 : 0); + if ($save_lastsearch_value == -1 && preg_match('/list\.php/', $_SERVER["PHP_SELF"])) $add_save_lastsearch_values = 1; + if ($add_save_lastsearch_values) $url .= '&save_lastsearch_values=1'; + } + + $linkclose = ''; + if (empty($notooltip)) { + if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { + $label = $langs->trans("ShowProductFournisseurPrice"); + $linkclose .= ' alt="'.dol_escape_htmltag($label, 1).'"'; + } + $linkclose .= ' title="'.dol_escape_htmltag($label, 1).'"'; + $linkclose .= ' class="classfortooltip'.($morecss ? ' '.$morecss : '').'"'; + } else $linkclose = ($morecss ? ' class="'.$morecss.'"' : ''); + + $linkstart = ''; + $linkend = ''; + + $result .= $linkstart; + + if (empty($this->showphoto_on_popup)) { + if ($withpicto) $result .= img_object(($notooltip ? '' : $label), ($this->picto ? $this->picto : 'generic'), ($notooltip ? (($withpicto != 2) ? 'class="paddingright"' : '') : 'class="'.(($withpicto != 2) ? 'paddingright ' : '').'classfortooltip"'), 0, 0, $notooltip ? 0 : 1); + } else { + if ($withpicto) { + require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + + list($class, $module) = explode('@', $this->picto); + $upload_dir = $conf->$module->multidir_output[$conf->entity]."/$class/".dol_sanitizeFileName($this->ref); + $filearray = dol_dir_list($upload_dir, "files"); + $filename = $filearray[0]['name']; + if (!empty($filename)) { + $pospoint = strpos($filearray[0]['name'], '.'); + + $pathtophoto = $class.'/'.$this->ref.'/thumbs/'.substr($filename, 0, $pospoint).'_mini'.substr($filename, $pospoint); + if (empty($conf->global->{strtoupper($module.'_'.$class).'_FORMATLISTPHOTOSASUSERS'})) { + $result .= '
No photo
'; + } else { + $result .= '
No photo
'; + } + + $result .= ''; + } else { + $result .= img_object(($notooltip ? '' : $label), ($this->picto ? $this->picto : 'generic'), ($notooltip ? (($withpicto != 2) ? 'class="paddingright"' : '') : 'class="'.(($withpicto != 2) ? 'paddingright ' : '').'classfortooltip"'), 0, 0, $notooltip ? 0 : 1); + } + } + } + + if ($withpicto != 2) $result .= $this->ref; + + $result .= $linkend; + //if ($withpicto != 2) $result.=(($addlabel && $this->label) ? $sep . dol_trunc($this->label, ($addlabel > 1 ? $addlabel : 0)) : ''); + + global $action, $hookmanager; + $hookmanager->initHooks(array('productfournisseurpricedao')); + $parameters = array('id'=>$this->id, 'getnomurl'=>$result); + $reshook = $hookmanager->executeHooks('getNomUrl', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks + if ($reshook > 0) $result = $hookmanager->resPrint; + else $result .= $hookmanager->resPrint; + + return $result; + } + + /** + * Return the label of the status + * + * @param int $mode 0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto, 6=Long label + Picto + * @return string Label of status + */ + public function getLibStatut($mode = 0) + { + return $this->LibStatut($this->status, $mode); + } + + // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps + /** + * Return the status + * + * @param int $status Id status + * @param int $mode 0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto, 6=Long label + Picto + * @return string Label of status + */ + public function LibStatut($status, $mode = 0) + { + // phpcs:enable + if (empty($this->labelStatus) || empty($this->labelStatusShort)) { + global $langs; + //$langs->load("buypricehistory@buypricehistory"); + $this->labelStatus[self::STATUS_DRAFT] = $langs->trans('Draft'); + $this->labelStatus[self::STATUS_VALIDATED] = $langs->trans('Enabled'); + $this->labelStatus[self::STATUS_CANCELED] = $langs->trans('Disabled'); + $this->labelStatusShort[self::STATUS_DRAFT] = $langs->trans('Draft'); + $this->labelStatusShort[self::STATUS_VALIDATED] = $langs->trans('Enabled'); + $this->labelStatusShort[self::STATUS_CANCELED] = $langs->trans('Disabled'); + } + + $statusType = 'status'.$status; + //if ($status == self::STATUS_VALIDATED) $statusType = 'status1'; + if ($status == self::STATUS_CANCELED) $statusType = 'status6'; + + return dolGetStatus($this->labelStatus[$status], $this->labelStatusShort[$status], '', $statusType, $mode); + } + + /** + * Load the info information in the object + * + * @param int $id Id of object + * @return void + */ + public function info($id) + { + $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; + $sql .= ' fk_user_creat, fk_user_modif'; + $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; + $sql .= ' WHERE t.rowid = '.((int) $id); + $result = $this->db->query($sql); + if ($result) { + if ($this->db->num_rows($result)) { + $obj = $this->db->fetch_object($result); + $this->id = $obj->rowid; + if ($obj->fk_user_author) { + $cuser = new User($this->db); + $cuser->fetch($obj->fk_user_author); + $this->user_creation = $cuser; + } + + if ($obj->fk_user_valid) { + $vuser = new User($this->db); + $vuser->fetch($obj->fk_user_valid); + $this->user_validation = $vuser; + } + + if ($obj->fk_user_cloture) { + $cluser = new User($this->db); + $cluser->fetch($obj->fk_user_cloture); + $this->user_cloture = $cluser; + } + + $this->date_creation = $this->db->jdate($obj->datec); + $this->date_modification = $this->db->jdate($obj->datem); + $this->date_validation = $this->db->jdate($obj->datev); + } + + $this->db->free($result); + } else { + dol_print_error($this->db); + } + } + + /** + * Initialise object with example values + * Id must be 0 if object instance is a specimen + * + * @return void + */ + public function initAsSpecimen() + { + $this->initAsSpecimenCommon(); + } + + /** + * Returns the reference to the following non used object depending on the active numbering module. + * + * @return string Object free reference + */ + public function getNextNumRef() + { + global $langs, $conf; + $langs->load("buypricehistory@buypricehistory"); + + if (empty($conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON)) { + $conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON = 'mod_productfournisseurprice_standard'; + } + + if (!empty($conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON)) { + $mybool = false; + + $file = $conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON.".php"; + $classname = $conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON; + + // Include file with class + $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); + foreach ($dirmodels as $reldir) { + $dir = dol_buildpath($reldir."core/modules/buypricehistory/"); + + // Load file with numbering class (if found) + $mybool |= @include_once $dir.$file; + } + + if ($mybool === false) { + dol_print_error('', "Failed to include file ".$file); + return ''; + } + + if (class_exists($classname)) { + $obj = new $classname(); + $numref = $obj->getNextValue($this); + + if ($numref != '' && $numref != '-1') { + return $numref; + } else { + $this->error = $obj->error; + //dol_print_error($this->db,get_class($this)."::getNextNumRef ".$obj->error); + return ""; + } + } else { + print $langs->trans("Error")." ".$langs->trans("ClassNotFound").' '.$classname; + return ""; + } + } else { + print $langs->trans("ErrorNumberingModuleNotSetup", $this->element); + return ""; + } + } + + /** + * Create a document onto disk according to template module. + * + * @param string $modele Force template to use ('' to not force) + * @param Translate $outputlangs objet lang a utiliser pour traduction + * @param int $hidedetails Hide details of lines + * @param int $hidedesc Hide description + * @param int $hideref Hide ref + * @param null|array $moreparams Array to provide more information + * @return int 0 if KO, 1 if OK + */ + public function generateDocument($modele, $outputlangs, $hidedetails = 0, $hidedesc = 0, $hideref = 0, $moreparams = null) + { + global $conf, $langs; + + $result = 0; + $includedocgeneration = 0; + + $langs->load("buypricehistory@buypricehistory"); + + if (!dol_strlen($modele)) { + $modele = 'standard_productfournisseurprice'; + + if (!empty($this->model_pdf)) { + $modele = $this->model_pdf; + } elseif (!empty($conf->global->PRODUCTFOURNISSEURPRICE_ADDON_PDF)) { + $modele = $conf->global->PRODUCTFOURNISSEURPRICE_ADDON_PDF; + } + } + + $modelpath = "core/modules/buypricehistory/doc/"; + + if ($includedocgeneration && !empty($modele)) { + $result = $this->commonGenerateDocument($modelpath, $modele, $outputlangs, $hidedetails, $hidedesc, $hideref, $moreparams); + } + + return $result; + } +} diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index f7cf48df5e0..a1d92cc492a 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -239,7 +239,7 @@ class Propalmergepdfproduct extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t"; - $sql .= " WHERE t.fk_product = ".$product_id; + $sql .= " WHERE t.fk_product = ".((int) $product_id); if ($conf->global->MAIN_MULTILANGS && !empty($lang)) { $sql .= " AND t.lang = '".$this->db->escape($lang)."'"; } diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php index 6dd6a0ac89d..442232686d3 100644 --- a/htdocs/product/composition/card.php +++ b/htdocs/product/composition/card.php @@ -171,11 +171,11 @@ $help_url = ''; $shortlabel = dol_trunc($object->label, 16); if (GETPOST("type") == '0' || ($object->type == Product::TYPE_PRODUCT)) { $title = $langs->trans('Product')." ".$shortlabel." - ".$langs->trans('AssociatedProducts'); - $help_url = 'EN:Module_Products|FR:Module_Produits|ES:Módulo_Productos'; + $help_url = 'EN:Module_Products|FR:Module_Produits|ES:Módulo_Productos|DE:Modul_Produkte'; } if (GETPOST("type") == '1' || ($object->type == Product::TYPE_SERVICE)) { $title = $langs->trans('Service')." ".$shortlabel." - ".$langs->trans('AssociatedProducts'); - $help_url = 'EN:Module_Services_En|FR:Module_Services|ES:Módulo_Servicios'; + $help_url = 'EN:Module_Services_En|FR:Module_Services|ES:Módulo_Servicios|DE:Modul_Leistungen'; } llxHeader('', $title, $help_url); diff --git a/htdocs/product/dynamic_price/class/price_expression.class.php b/htdocs/product/dynamic_price/class/price_expression.class.php index 546c2050990..db0c427c334 100644 --- a/htdocs/product/dynamic_price/class/price_expression.class.php +++ b/htdocs/product/dynamic_price/class/price_expression.class.php @@ -327,7 +327,7 @@ class PriceExpression if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php index 29505ff8573..5286b932ca7 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php @@ -250,7 +250,7 @@ class PriceGlobalVariable if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php index f43d6bc731d..96e77d661ab 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php @@ -275,7 +275,7 @@ class PriceGlobalVariableUpdater if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 77659142744..6e3b487a429 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -62,9 +62,9 @@ $extrafields = new ExtraFields($db); // If socid provided by ajax company selector if (!empty($_REQUEST['search_fourn_id'])) { - $_GET['id_fourn'] = $_GET['search_fourn_id']; - $_POST['id_fourn'] = $_POST['search_fourn_id']; - $_REQUEST['id_fourn'] = $_REQUEST['search_fourn_id']; + $_GET['id_fourn'] = GETPOST('search_fourn_id', 'int'); + $_POST['id_fourn'] = GETPOST('search_fourn_id', 'int'); + $_REQUEST['id_fourn'] = GETPOST('search_fourn_id', 'int'); } // Security check @@ -290,7 +290,7 @@ if (empty($reshook)) { foreach ($extrafield_values as $key => $value) { $sql .= str_replace('options_', '', $key).' = "'.$value.'", '; } - $sql = substr($sql, 0, strlen($sql) - 2).' WHERE fk_object = '.$object->product_fourn_price_id; + $sql = substr($sql, 0, strlen($sql) - 2).' WHERE fk_object = '.((int) $object->product_fourn_price_id); } // Execute the sql command from above @@ -793,7 +793,7 @@ END; $sql .= ", ".$key; } $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields"; - $sql .= " WHERE fk_object = ".$rowid; + $sql .= " WHERE fk_object = ".((int) $rowid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -1145,7 +1145,7 @@ END; $sql .= ", ".$key; } $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields"; - $sql .= " WHERE fk_object = ".$productfourn->product_fourn_price_id; + $sql .= " WHERE fk_object = ".((int) $productfourn->product_fourn_price_id); $resql = $db->query($sql); if ($resql) { if ($db->num_rows($resql) != 1) { diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index 92ad4c2176b..dda16746398 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -407,6 +407,12 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''.$langs->trans("SetToDraft").''; } } + // Back to validate + if ($object->status == $object::STATUS_RECORDED) { + if ($permissiontoadd) { + print ''.$langs->trans("ReOpen").''; + } + } // Modify if ($object->status == $object::STATUS_DRAFT) { diff --git a/htdocs/product/inventory/class/inventory.class.php b/htdocs/product/inventory/class/inventory.class.php index ce585c51a10..e872d7e353a 100644 --- a/htdocs/product/inventory/class/inventory.class.php +++ b/htdocs/product/inventory/class/inventory.class.php @@ -52,7 +52,7 @@ class Inventory extends CommonObject /** * @var int Does object support extrafields ? 0=No, 1=Yes */ - public $isextrafieldmanaged = 1; + public $isextrafieldmanaged = 0; /** * @var string String with name of icon for inventory @@ -254,6 +254,7 @@ class Inventory extends CommonObject */ public function validate(User $user, $notrigger = false) { + global $conf; $this->db->begin(); $result = 0; @@ -328,6 +329,7 @@ class Inventory extends CommonObject } else { $this->db->rollback(); } + return $result; } /** @@ -357,6 +359,51 @@ class Inventory extends CommonObject } else { $this->db->rollback(); } + return $result; + } + + /** + * Set to Recorded + * + * @param User $user User that creates + * @param bool $notrigger false=launch triggers after, true=disable triggers + * @return int <0 if KO, Id of created object if OK + */ + public function setRecorded(User $user, $notrigger = false) + { + $this->db->begin(); + + $result = $this->setStatut($this::STATUS_RECORDED, null, '', 'INVENTORY_RECORDED'); + + if ($result > 0) { + $this->db->commit(); + } else { + $this->db->rollback(); + return -1; + } + return $result; + } + + /** + * Set to Canceled + * + * @param User $user User that creates + * @param bool $notrigger false=launch triggers after, true=disable triggers + * @return int <0 if KO, Id of created object if OK + */ + public function setCanceled(User $user, $notrigger = false) + { + $this->db->begin(); + + $result = $this->setStatut($this::STATUS_CANCELED, null, '', 'INVENTORY_CANCELED'); + + if ($result > 0) { + $this->db->commit(); + } else { + $this->db->rollback(); + return -1; + } + return $result; } /** @@ -566,9 +613,11 @@ class Inventory extends CommonObject $labelStatus[self::STATUS_DRAFT] = $langs->trans('Draft'); $labelStatus[self::STATUS_VALIDATED] = $langs->trans('Validated').' ('.$langs->trans('Started').')'; $labelStatus[self::STATUS_CANCELED] = $langs->trans('Canceled'); + $labelStatus[self::STATUS_RECORDED] = $langs->trans('Closed'); $labelStatusShort[self::STATUS_DRAFT] = $langs->trans('Draft'); $labelStatusShort[self::STATUS_VALIDATED] = $langs->trans('Started'); $labelStatusShort[self::STATUS_CANCELED] = $langs->trans('Canceled'); + $labelStatusShort[self::STATUS_RECORDED] = $langs->trans('Closed'); return dolGetStatus($labelStatus[$status], $labelStatusShort[$status], '', 'status'.$status, $mode); } @@ -628,6 +677,7 @@ class Inventory extends CommonObject public function initAsSpecimen() { $this->initAsSpecimenCommon(); + $this->title = ''; } } diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index dea3b46c946..30f3a5347dd 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -27,6 +27,7 @@ include_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; include_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; include_once DOL_DOCUMENT_ROOT.'/product/inventory/class/inventory.class.php'; include_once DOL_DOCUMENT_ROOT.'/product/inventory/lib/inventory.lib.php'; +include_once DOL_DOCUMENT_ROOT.'/product/stock/class/mouvementstock.class.php'; // Load translation files required by the page $langs->loadLangs(array("stocks", "other", "productbatch")); @@ -98,6 +99,71 @@ $now = dol_now(); * Actions */ +if ($action == 'cancel_record' && $permissiontoadd) { + $object->setCanceled($user); +} + +if ($action == 'update' && $user->rights->stock->mouvement->creer) { + $stockmovment = new MouvementStock($db); + $stockmovment->origin = $object; + + $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; + $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; + $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; + $sql .= ' WHERE id.fk_inventory = '.$object->id; + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + $totalarray = array(); + while ($i < $num) { + $line = $db->fetch_object($resql); + $qty_view = $line->qty_view; + $qty_stock = $line->qty_stock; + $stock_movement_qty = $qty_view - $qty_stock; + if ($stock_movement_qty != 0) { + if ($stock_movement_qty < 0) { + $movement_type = 1; + } else { + $movement_type = 0; + } + $idstockmove = $stockmovment->_create($user, $line->fk_product, $line->fk_warehouse, $stock_movement_qty, $movement_type, 0, $langs->trans('LabelOfInventoryMovemement', $object->id), 'INV'.$object->id); + if ($idstockmove < 0) { + $error++; + setEventMessages($stockmovment->error, $stockmovment->errors, 'errors'); + } + } + $i++; + } + if (!$error) { + $object->setRecorded($user); + } + } +} + +if ($action =='updateinventorylines' && $permissiontoadd) { + $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; + $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; + $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; + $sql .= ' WHERE id.fk_inventory = '.$object->id; + + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + $totalarray = array(); + while ($i < $num) { + $line = $db->fetch_object($resql); + $lineid = $line->rowid; + $inventoryline = new InventoryLine($db); + $inventoryline->fetch($lineid); + $inventoryline->qty_view = GETPOST("id_".$inventoryline->id); + $inventoryline->update($user); + $i++; + } + } +} + $parameters = array(); $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { @@ -223,6 +289,18 @@ if ($object->id > 0) { $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ToClone'), $langs->trans('ConfirmCloneMyObject', $object->ref), 'confirm_clone', $formquestion, 'yes', 1); } + // Confirmation to close + if ($action == 'record') { + $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('Close'), $langs->trans('ConfirmFinish'), 'update', '', 0, 1); + $action = 'view'; + } + + // Confirmation to close + if ($action == 'confirm_cancel') { + $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('Cancel'), $langs->trans('ConfirmCancel'), 'cancel_record', '', 0, 1); + $action = 'view'; + } + // Call Hook formConfirm $parameters = array('formConfirm' => $formconfirm, 'lineid' => $lineid); $reshook = $hookmanager->executeHooks('formConfirm', $parameters, $object, $action); // Note that $action and $object may have been modified by hook @@ -307,24 +385,7 @@ if ($object->id > 0) { // Buttons for actions - if ($action == 'record') { - print '
'; - print ''; - print ''; - print ''; - if ($backtopage) { - print ''; - } - - print '
'; - print ''.$langs->trans("InventoryDesc").'
'; - print ''; - print '   '; - print ''; - print '
'; - print '
'; - print ''; - } else { + if ($action != 'record') { print '
'."\n"; $parameters = array(); $reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been modified by hook @@ -360,7 +421,8 @@ if ($object->id > 0) { if ($object->status == Inventory::STATUS_VALIDATED) { if ($permissiontoadd) { - print ''.$langs->trans("Finish").''."\n"; + print ''.$langs->trans("Cancel").''."\n"; + print ''.$langs->trans("Close").''."\n"; } else { print ''.$langs->trans('Finish').''."\n"; } @@ -419,10 +481,12 @@ if ($object->id > 0) { print '
'; - // Actions - print ''; - print ''; + if ($object->status == $object::STATUS_VALIDATED) { + // Actions + print ''; + print ''; + } // Line to add a new line in inventory if ($object->status == $object::STATUS_VALIDATED) { @@ -453,7 +517,7 @@ if ($object->id > 0) { $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; - $sql .= ' WHERE id.fk_inventory = '.$object->id; + $sql .= ' WHERE id.fk_inventory = '.((int) $object->id); $cacheOfProducts = array(); $cacheOfWarehouses = array(); @@ -505,15 +569,20 @@ if ($object->id > 0) { } print ''; print ''; - print ''; - + if ($object->status == $object::STATUS_VALIDATED) { + $qty_view = GETPOST("id_".$obj->rowid) ? GETPOST("id_".$obj->rowid) : $obj->qty_view; + print ''; + print ''; + print ''; + } else { + print $obj->qty_view; + print ''; + } print ''; $i++; diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 7df96cbd97c..dc035187f30 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -191,7 +191,7 @@ if (empty($conf->global->PRODUIT_MULTIPRICES)) { $isInEEC = isInEEC($mysoc); -$alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa"; +$alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pa"; // Definition of fields for lists $arrayfields = array( @@ -228,12 +228,12 @@ $arrayfields = array( 'p.tobatch'=>array('label'=>"ManageLotSerial", 'checked'=>0, 'enabled'=>(!empty($conf->productbatch->enabled)), 'position'=>60), 'p.fk_country'=>array('label'=>"Country", 'checked'=>0, 'position'=>100), 'p.fk_state'=>array('label'=>"State", 'checked'=>0, 'position'=>101), - $alias_product_accounting . '.accountancy_code_sell'=>array('label'=>"ProductAccountancySellCode", 'checked'=>0, 'position'=>400), - $alias_product_accounting . '.accountancy_code_sell_intra'=>array('label'=>"ProductAccountancySellIntraCode", 'checked'=>0, 'enabled'=>$isInEEC, 'position'=>401), - $alias_product_accounting . '.accountancy_code_sell_export'=>array('label'=>"ProductAccountancySellExportCode", 'checked'=>0, 'position'=>402), - $alias_product_accounting . '.accountancy_code_buy'=>array('label'=>"ProductAccountancyBuyCode", 'checked'=>0, 'position'=>403), - $alias_product_accounting . '.accountancy_code_buy_intra'=>array('label'=>"ProductAccountancyBuyIntraCode", 'checked'=>0, 'enabled'=>$isInEEC, 'position'=>404), - $alias_product_accounting . '.accountancy_code_buy_export'=>array('label'=>"ProductAccountancyBuyExportCode", 'checked'=>0, 'position'=>405), + $alias_product_perentity . '.accountancy_code_sell'=>array('label'=>"ProductAccountancySellCode", 'checked'=>0, 'position'=>400), + $alias_product_perentity . '.accountancy_code_sell_intra'=>array('label'=>"ProductAccountancySellIntraCode", 'checked'=>0, 'enabled'=>$isInEEC, 'position'=>401), + $alias_product_perentity . '.accountancy_code_sell_export'=>array('label'=>"ProductAccountancySellExportCode", 'checked'=>0, 'position'=>402), + $alias_product_perentity . '.accountancy_code_buy'=>array('label'=>"ProductAccountancyBuyCode", 'checked'=>0, 'position'=>403), + $alias_product_perentity . '.accountancy_code_buy_intra'=>array('label'=>"ProductAccountancyBuyIntraCode", 'checked'=>0, 'enabled'=>$isInEEC, 'position'=>404), + $alias_product_perentity . '.accountancy_code_buy_export'=>array('label'=>"ProductAccountancyBuyExportCode", 'checked'=>0, 'position'=>405), 'p.datec'=>array('label'=>"DateCreation", 'checked'=>0, 'position'=>500), 'p.tms'=>array('label'=>"DateModificationShort", 'checked'=>0, 'position'=>500), 'p.tosell'=>array('label'=>$langs->transnoentitiesnoconv("Status").' ('.$langs->transnoentitiesnoconv("Sell").')', 'checked'=>1, 'position'=>1000), @@ -387,7 +387,7 @@ $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // N $sql .= $hookmanager->resPrint; $sql .= ' FROM '.MAIN_DB_PREFIX.'product as p'; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); } if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_extrafields as ef on (p.rowid = ef.fk_object)"; @@ -473,7 +473,7 @@ if ($searchCategoryProductOperator == 1) { if (intval($searchCategoryProduct) == -2) { $searchCategoryProductSqlList[] = "cp.fk_categorie IS NULL"; } elseif (intval($searchCategoryProduct) > 0) { - $searchCategoryProductSqlList[] = "p.rowid IN (SELECT fk_product FROM ".MAIN_DB_PREFIX."categorie_product WHERE fk_categorie = ".$searchCategoryProduct.")"; + $searchCategoryProductSqlList[] = "p.rowid IN (SELECT fk_product FROM ".MAIN_DB_PREFIX."categorie_product WHERE fk_categorie = ".((int) $searchCategoryProduct).")"; } } if (!empty($searchCategoryProductSqlList)) { @@ -493,22 +493,22 @@ if ($search_finished >= 0 && $search_finished !== '') { $sql .= " AND p.finished = ".((int) $search_finished); } if ($search_accountancy_code_sell) { - $sql .= natural_search($alias_product_accounting . '.accountancy_code_sell', $search_accountancy_code_sell); + $sql .= natural_search($alias_product_perentity . '.accountancy_code_sell', $search_accountancy_code_sell); } if ($search_accountancy_code_sell_intra) { - $sql .= natural_search($alias_product_accounting . '.accountancy_code_sell_intra', $search_accountancy_code_sell_intra); + $sql .= natural_search($alias_product_perentity . '.accountancy_code_sell_intra', $search_accountancy_code_sell_intra); } if ($search_accountancy_code_sell_export) { - $sql .= natural_search($alias_product_accounting . '.accountancy_code_sell_export', $search_accountancy_code_sell_export); + $sql .= natural_search($alias_product_perentity . '.accountancy_code_sell_export', $search_accountancy_code_sell_export); } if ($search_accountancy_code_buy) { - $sql .= natural_search($alias_product_accounting . '.accountancy_code_buy', $search_accountancy_code_buy); + $sql .= natural_search($alias_product_perentity . '.accountancy_code_buy', $search_accountancy_code_buy); } if ($search_accountancy_code_buy_intra) { - $sql .= natural_search($alias_product_accounting . '.accountancy_code_buy_intra', $search_accountancy_code_buy_intra); + $sql .= natural_search($alias_product_perentity . '.accountancy_code_buy_intra', $search_accountancy_code_buy_intra); } if ($search_accountancy_code_buy_export) { - $sql .= natural_search($alias_product_accounting . '.accountancy_code_buy_export', $search_accountancy_code_buy_export); + $sql .= natural_search($alias_product_perentity . '.accountancy_code_buy_export', $search_accountancy_code_buy_export); } // Add where from extra fields @@ -1004,23 +1004,23 @@ if ($resql) { print ''; } // Accountancy code sell - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell']['checked'])) { + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_sell']['checked'])) { print ''; } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell_intra']['checked'])) { + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_sell_intra']['checked'])) { print ''; } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell_export']['checked'])) { + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_sell_export']['checked'])) { print ''; } // Accountancy code buy - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy']['checked'])) { + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_buy']['checked'])) { print ''; } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy_intra']['checked'])) { + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_buy_intra']['checked'])) { print ''; } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy_export']['checked'])) { + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_buy_export']['checked'])) { print ''; } // Extra fields @@ -1167,23 +1167,23 @@ if ($resql) { if (!empty($arrayfields['p.fk_state']['checked'])) { print_liste_field_titre($arrayfields['p.fk_state']['label'], $_SERVER["PHP_SELF"], "p.fk_state", "", $param, '', $sortfield, $sortorder); } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell']['checked'])) { - print_liste_field_titre($arrayfields[$alias_product_accounting . '.accountancy_code_sell']['label'], $_SERVER["PHP_SELF"], $alias_product_accounting . ".accountancy_code_sell", "", $param, '', $sortfield, $sortorder); + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_sell']['checked'])) { + print_liste_field_titre($arrayfields[$alias_product_perentity . '.accountancy_code_sell']['label'], $_SERVER["PHP_SELF"], $alias_product_perentity . ".accountancy_code_sell", "", $param, '', $sortfield, $sortorder); } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell_intra']['checked'])) { - print_liste_field_titre($arrayfields[$alias_product_accounting . '.accountancy_code_sell_intra']['label'], $_SERVER["PHP_SELF"], $alias_product_accounting . ".accountancy_code_sell_intra", "", $param, '', $sortfield, $sortorder); + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_sell_intra']['checked'])) { + print_liste_field_titre($arrayfields[$alias_product_perentity . '.accountancy_code_sell_intra']['label'], $_SERVER["PHP_SELF"], $alias_product_perentity . ".accountancy_code_sell_intra", "", $param, '', $sortfield, $sortorder); } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell_export']['checked'])) { - print_liste_field_titre($arrayfields[$alias_product_accounting . '.accountancy_code_sell_export']['label'], $_SERVER["PHP_SELF"], $alias_product_accounting . ".accountancy_code_sell_export", "", $param, '', $sortfield, $sortorder); + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_sell_export']['checked'])) { + print_liste_field_titre($arrayfields[$alias_product_perentity . '.accountancy_code_sell_export']['label'], $_SERVER["PHP_SELF"], $alias_product_perentity . ".accountancy_code_sell_export", "", $param, '', $sortfield, $sortorder); } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy']['checked'])) { - print_liste_field_titre($arrayfields[$alias_product_accounting . '.accountancy_code_buy']['label'], $_SERVER["PHP_SELF"], $alias_product_accounting . ".accountancy_code_buy", "", $param, '', $sortfield, $sortorder); + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_buy']['checked'])) { + print_liste_field_titre($arrayfields[$alias_product_perentity . '.accountancy_code_buy']['label'], $_SERVER["PHP_SELF"], $alias_product_perentity . ".accountancy_code_buy", "", $param, '', $sortfield, $sortorder); } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy_intra']['checked'])) { - print_liste_field_titre($arrayfields[$alias_product_accounting . '.accountancy_code_buy_intra']['label'], $_SERVER["PHP_SELF"], $alias_product_accounting . ".accountancy_code_buy_intra", "", $param, '', $sortfield, $sortorder); + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_buy_intra']['checked'])) { + print_liste_field_titre($arrayfields[$alias_product_perentity . '.accountancy_code_buy_intra']['label'], $_SERVER["PHP_SELF"], $alias_product_perentity . ".accountancy_code_buy_intra", "", $param, '', $sortfield, $sortorder); } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy_export']['checked'])) { - print_liste_field_titre($arrayfields[$alias_product_accounting . '.accountancy_code_buy_export']['label'], $_SERVER["PHP_SELF"], $alias_product_accounting . ".accountancy_code_buy_export", "", $param, '', $sortfield, $sortorder); + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_buy_export']['checked'])) { + print_liste_field_titre($arrayfields[$alias_product_perentity . '.accountancy_code_buy_export']['label'], $_SERVER["PHP_SELF"], $alias_product_perentity . ".accountancy_code_buy_export", "", $param, '', $sortfield, $sortorder); } // Extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php'; @@ -1530,7 +1530,7 @@ if ($resql) { // then reuse the cache array if we need prices for other price levels $sqlp = "SELECT p.rowid, p.fk_product, p.price, p.price_ttc, p.price_level, p.date_price, p.price_base_type"; $sqlp .= " FROM ".MAIN_DB_PREFIX."product_price as p"; - $sqlp .= " WHERE fk_product = ".$obj->rowid; + $sqlp .= " WHERE fk_product = ".((int) $obj->rowid); $sqlp .= " ORDER BY p.date_price DESC, p.rowid DESC, p.price_level ASC"; $resultp = $db->query($sqlp); if ($resultp) { @@ -1708,38 +1708,38 @@ if ($resql) { } } // Accountancy code sell - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell']['checked'])) { + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_sell']['checked'])) { print ''; if (!$i) { $totalarray['nbfield']++; } } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell_intra']['checked'])) { + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_sell_intra']['checked'])) { print ''; if (!$i) { $totalarray['nbfield']++; } } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_sell_export']['checked'])) { + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_sell_export']['checked'])) { print ''; if (!$i) { $totalarray['nbfield']++; } } // Accountancy code buy - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy']['checked'])) { + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_buy']['checked'])) { print ''; if (!$i) { $totalarray['nbfield']++; } } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy_intra']['checked'])) { + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_buy_intra']['checked'])) { print ''; if (!$i) { $totalarray['nbfield']++; } } - if (!empty($arrayfields[$alias_product_accounting . '.accountancy_code_buy_export']['checked'])) { + if (!empty($arrayfields[$alias_product_perentity . '.accountancy_code_buy_export']['checked'])) { print ''; if (!$i) { $totalarray['nbfield']++; diff --git a/htdocs/product/price.php b/htdocs/product/price.php index ee86d43c09f..6647201b719 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -429,12 +429,12 @@ if (empty($reshook)) { // Ajout / mise à jour if ($rowid > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."product_price_by_qty SET"; - $sql .= " price='".$db->escape($price)."',"; - $sql .= " unitprice=".$unitPrice.","; - $sql .= " quantity=".$quantity.","; - $sql .= " remise_percent=".$remise_percent.","; - $sql .= " remise=".$remise; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " price=".((float) $price)."',"; + $sql .= " unitprice=".((float) $unitPrice).","; + $sql .= " quantity=".((float) $quantity).","; + $sql .= " remise_percent=".((float) $remise_percent).","; + $sql .= " remise=".((float) $remise); + $sql .= " WHERE rowid = ".((int) $rowid); $result = $db->query($sql); if (!$result) { @@ -442,7 +442,7 @@ if (empty($reshook)) { } } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_price_by_qty (fk_product_price,price,unitprice,quantity,remise_percent,remise) values ("; - $sql .= $priceid.','.$price.','.$unitPrice.','.$quantity.','.$remise_percent.','.$remise.')'; + $sql .= ((int) $priceid).','.((float) $price).','.((float) $unitPrice).','.((float) $quantity).','.((float) $remise_percent).','.((float) $remise).')'; $result = $db->query($sql); if (!$result) { @@ -460,7 +460,7 @@ if (empty($reshook)) { $rowid = GETPOST('rowid', 'int'); if (!empty($rowid)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); $result = $db->query($sql); } else { @@ -472,7 +472,7 @@ if (empty($reshook)) { $priceid = GETPOST('priceid', 'int'); if (!empty($rowid)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price = ".$priceid; + $sql .= " WHERE fk_product_price = ".((int) $priceid); $result = $db->query($sql); } else { @@ -1413,11 +1413,11 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action == 'showlog_defaul $sql .= " p.date_price as dp, p.fk_price_expression, u.rowid as user_id, u.login"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price as p,"; $sql .= " ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE fk_product = ".$object->id; + $sql .= " WHERE fk_product = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('productprice').")"; $sql .= " AND p.fk_user_author = u.rowid"; if (!empty($socid) && !empty($conf->global->PRODUIT_MULTIPRICES)) { - $sql .= " AND p.price_level = ".$soc->price_level; + $sql .= " AND p.price_level = ".((int) $soc->price_level); } $sql .= " ORDER BY p.date_price DESC, p.rowid DESC, p.price_level ASC"; // $sql .= $db->plimit(); diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 30dba05e417..214a12ead14 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -436,7 +436,7 @@ class Entrepot extends CommonObject $sql .= " model_pdf, import_key"; $sql .= " FROM ".MAIN_DB_PREFIX."entrepot"; if ($id) { - $sql .= " WHERE rowid = '".$id."'"; + $sql .= " WHERE rowid = ".((int) $id); } else { $sql .= " WHERE entity = ".$conf->entity; if ($ref) { @@ -782,7 +782,7 @@ class Entrepot extends CommonObject $parentid = $this->fk_parent; // If parent_id not defined on current object, we do not start consecutive searches of parents $i = 0; while ($parentid > 0 && $i < $protection) { - $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'entrepot WHERE rowid = '.$parentid; + $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'entrepot WHERE rowid = '.((int) $parentid); $resql = $this->db->query($sql); if ($resql) { $objarbo = $this->db->fetch_object($resql); @@ -817,7 +817,7 @@ class Entrepot extends CommonObject $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'entrepot - WHERE fk_parent = '.$id; + WHERE fk_parent = '.((int) $id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index 8b2d729c29c..d8dad67bee2 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -488,7 +488,7 @@ class MouvementStock extends CommonObject if (!$error) { $sql = "SELECT rowid, reel FROM ".MAIN_DB_PREFIX."product_stock"; - $sql .= " WHERE fk_entrepot = ".$entrepot_id." AND fk_product = ".$fk_product; // This is a unique key + $sql .= " WHERE fk_entrepot = ".((int) $entrepot_id)." AND fk_product = ".((int) $fk_product); // This is a unique key dol_syslog(get_class($this)."::_create check if a record already exists in product_stock", LOG_DEBUG); $resql = $this->db->query($sql); @@ -544,12 +544,12 @@ class MouvementStock extends CommonObject { if ($alreadyarecord > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."product_stock SET reel = reel + ".$qty; - $sql .= " WHERE fk_entrepot = ".$entrepot_id." AND fk_product = ".$fk_product; + $sql = "UPDATE ".MAIN_DB_PREFIX."product_stock SET reel = reel + ".((float) $qty); + $sql .= " WHERE fk_entrepot = ".((int) $entrepot_id)." AND fk_product = ".((int) $fk_product); } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_stock"; $sql .= " (reel, fk_entrepot, fk_product) VALUES "; - $sql .= " (".$qty.", ".$entrepot_id.", ".$fk_product.")"; + $sql .= " (".((float) $qty).", ".((int) $entrepot_id).", ".((int) $fk_product).")"; } dol_syslog(get_class($this)."::_create update stock value", LOG_DEBUG); @@ -602,11 +602,11 @@ class MouvementStock extends CommonObject $newpmp = price2num($newpmp, 'MU'); // $sql = "UPDATE ".MAIN_DB_PREFIX."product SET pmp = ".$newpmp.", stock = ".$this->db->ifsql("stock IS NULL", 0, "stock") . " + ".$qty; - // $sql.= " WHERE rowid = ".$fk_product; + // $sql.= " WHERE rowid = ".((int) $fk_product); // Update pmp + denormalized fields because we change content of produt_stock. Warning: Do not use "SET p.stock", does not works with pgsql - $sql = "UPDATE ".MAIN_DB_PREFIX."product as p SET pmp = ".$newpmp.","; + $sql = "UPDATE ".MAIN_DB_PREFIX."product as p SET pmp = ".((float) $newpmp).","; $sql .= " stock=(SELECT SUM(ps.reel) FROM ".MAIN_DB_PREFIX."product_stock as ps WHERE ps.fk_product = p.rowid)"; - $sql .= " WHERE rowid = ".$fk_product; + $sql .= " WHERE rowid = ".((int) $fk_product); dol_syslog(get_class($this)."::_create update AWP", LOG_DEBUG); $resql = $this->db->query($sql); @@ -763,7 +763,7 @@ class MouvementStock extends CommonObject $sql = "SELECT fk_product_pere, fk_product_fils, qty"; $sql .= " FROM ".MAIN_DB_PREFIX."product_association"; - $sql .= " WHERE fk_product_pere = ".$idProduct; + $sql .= " WHERE fk_product_pere = ".((int) $idProduct); $sql .= " AND incdec = 1"; dol_syslog(get_class($this)."::_createSubProduct for parent product ".$idProduct, LOG_DEBUG); @@ -875,7 +875,7 @@ class MouvementStock extends CommonObject $nbSP=0; $resql = "SELECT count(*) as nb FROM ".MAIN_DB_PREFIX."product_association"; - $resql.= " WHERE fk_product_pere = ".$id; + $resql.= " WHERE fk_product_pere = ".((int) $id); if ($this->db->query($resql)) { $obj=$this->db->fetch_object($resql); @@ -896,7 +896,7 @@ class MouvementStock extends CommonObject $nb = 0; $sql = 'SELECT SUM(value) as nb from '.MAIN_DB_PREFIX.'stock_mouvement'; - $sql .= ' WHERE fk_product = '.$productidselected; + $sql .= ' WHERE fk_product = '.((int) $productidselected); $sql .= " AND datem < '".$this->db->idate($datebefore)."'"; dol_syslog(get_class($this).__METHOD__.'', LOG_DEBUG); @@ -1284,7 +1284,7 @@ class MouvementStock extends CommonObject $sql = "SELECT sum(pb.qty) as cpt"; $sql .= " FROM ".MAIN_DB_PREFIX."product_batch as pb"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."product_stock as ps ON ps.rowid = pb.fk_product_stock"; - $sql .= " WHERE ps.fk_product = " . $fk_product; + $sql .= " WHERE ps.fk_product = " . ((int) $fk_product); $sql .= " AND pb.batch = '" . $this->db->escape($batch) . "'"; $result = $this->db->query($sql); diff --git a/htdocs/product/stock/class/productlot.class.php b/htdocs/product/stock/class/productlot.class.php index 9b6c0a38a1c..f05d6ebc168 100644 --- a/htdocs/product/stock/class/productlot.class.php +++ b/htdocs/product/stock/class/productlot.class.php @@ -275,7 +275,7 @@ class Productlot extends CommonObject $sql .= " t.import_key"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if ($product_id > 0 && $batch != '') { - $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".$product_id; + $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".((int) $product_id); } else { $sql .= ' WHERE t.rowid = '.((int) $id); } diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index 88fc636e07e..aea8c3e1f14 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -196,7 +196,7 @@ class ProductStockEntrepot extends CommonObject if (!empty($id)) { $sql .= ' WHERE t.rowid = '.((int) $id); } else { - $sql .= ' WHERE t.fk_product = '.$fk_product.' AND t.fk_entrepot = '.$fk_entrepot; + $sql .= ' WHERE t.fk_product = '.((int) $fk_product).' AND t.fk_entrepot = '.((int) $fk_entrepot); } $resql = $this->db->query($sql); diff --git a/htdocs/product/stock/fiche-valo.php b/htdocs/product/stock/fiche-valo.php index 34380efbe7a..a2a15a34e53 100644 --- a/htdocs/product/stock/fiche-valo.php +++ b/htdocs/product/stock/fiche-valo.php @@ -28,7 +28,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/stock.lib.php'; // Load translation files required by the page $langs->loadLangs(array('products', 'stocks', 'companies')); -$mesg = ''; + +$id = GETPOST('id', 'int'); // Security check $result = restrictedArea($user, 'stock'); @@ -43,18 +44,13 @@ $form = new Form($db); $help_url = 'EN:Module_Stocks_En|FR:Module_Stock|ES:Módulo_Stocks'; llxHeader("", $langs->trans("WarehouseCard"), $help_url); -if ($_GET["id"]) { - if ($mesg) { - print $mesg; - } - +if ($id > 0) { $entrepot = new Entrepot($db); - $result = $entrepot->fetch($_GET["id"]); + $result = $entrepot->fetch($id); if ($result < 0) { dol_print_error($db); } - $head = stock_prepare_head($entrepot); print dol_get_fiche_head($head, 'value', $langs->trans("Warehouse"), 0, 'stock'); diff --git a/htdocs/product/stock/lib/replenishment.lib.php b/htdocs/product/stock/lib/replenishment.lib.php index d0415ccad78..1faa67ad860 100644 --- a/htdocs/product/stock/lib/replenishment.lib.php +++ b/htdocs/product/stock/lib/replenishment.lib.php @@ -39,7 +39,7 @@ function dolDispatchToDo($order_id) // Count nb of quantity dispatched per product $sql = 'SELECT fk_product, SUM(qty) FROM '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; - $sql .= ' WHERE fk_commande = '.$order_id; + $sql .= ' WHERE fk_commande = '.((int) $order_id); $sql .= ' GROUP BY fk_product'; $sql .= ' ORDER by fk_product'; $resql = $db->query($sql); @@ -51,7 +51,7 @@ function dolDispatchToDo($order_id) // Count nb of quantity to dispatch per product $sql = 'SELECT fk_product, SUM(qty) FROM '.MAIN_DB_PREFIX.'commande_fournisseurdet'; - $sql .= ' WHERE fk_commande = '.$order_id; + $sql .= ' WHERE fk_commande = '.((int) $order_id); $sql .= ' AND fk_product > 0'; if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) { $sql .= ' AND product_type = 0'; diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index 5a5808b04f3..0627a6a1cf7 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -30,6 +30,12 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php'; require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/modules/import/import_csv.modules.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/import.lib.php'; + +$confirm = GETPOST('confirm', 'alpha'); +$filetoimport = GETPOST('filetoimport'); // Load translation files required by the page $langs->loadLangs(array('products', 'stocks', 'orders', 'productbatch')); @@ -80,7 +86,7 @@ if (!empty($_SESSION['massstockmove'])) { * Actions */ -if ($action == 'addline') { +if ($action == 'addline' && !empty($user->rights->stock->mouvement->creer)) { if (!($id_product > 0)) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Product")), null, 'errors'); @@ -142,7 +148,7 @@ if ($action == 'addline') { } } -if ($action == 'delline' && $idline != '') { +if ($action == 'delline' && $idline != '' && !empty($user->rights->stock->mouvement->creer)) { if (!empty($listofdata[$idline])) { unset($listofdata[$idline]); } @@ -153,7 +159,7 @@ if ($action == 'delline' && $idline != '') { } } -if ($action == 'createmovements') { +if ($action == 'createmovements' && !empty($user->rights->stock->mouvement->creer)) { $error = 0; if (!GETPOST("label")) { @@ -288,6 +294,131 @@ if ($action == 'createmovements') { } } +if ($action == 'importCSV' && !empty($user->rights->stock->mouvement->creer)) { + dol_mkdir($conf->stock->dir_temp); + $nowyearmonth = dol_print_date(dol_now(), '%Y%m%d%H%M%S'); + + $fullpath = $conf->stock->dir_temp."/".$user->id.'-csvfiletotimport.csv'; + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $fullpath, 1) > 0) { + dol_syslog("File ".$fullpath." was added for import"); + } else { + $error++; + $langs->load("errors"); + setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors'); + } + + if (!$error) { + $importcsv = new ImportCsv($db, 'massstocklist'); + //print $importcsv->separator; + + $nblinesrecord = $importcsv->import_get_nb_of_lines($fullpath)-1; + $importcsv->import_open_file($fullpath); + $labelsrecord = $importcsv->import_read_record(); + + if ($nblinesrecord <= 1) { + setEventMessages($langs->trans("BadNumberOfLinesMustHaveAtLeastOneLinePlusTitle"), null, 'errors'); + } else { + $i=0; + $data = array(); + while (($i < $nblinesrecord) && !$error) { + $data[] = $importcsv->import_read_record(); + if (count($data[$i]) == 1) { + // Only 1 empty line + unset($data[$i]); + $i++; + continue; + } + //var_dump($data); + + $tmp_id_sw = $data[$i][0]['val']; + $tmp_id_tw = $data[$i][1]['val']; + $tmp_id_product = $data[$i][2]['val']; + $tmp_qty = $data[$i][3]['val']; + $tmp_batch = $data[$i][4]['val']; + + // TODO If product is a ref (not numeric or starts with "ref:..."), retreive the id of product from the ref + if (!($tmp_id_product > 0)) { + $error++; + setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Product")), null, 'errors'); + } + // TODO If warehouse is a ref (not numeric or starts with "ref:..."), retreive the id of product from the ref + if (!($tmp_id_sw > 0)) { + $error++; + setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("WarehouseSource")), null, 'errors'); + } + // TODO If warehouse is a ref (not numeric or starts with "ref:..."), retreive the id of product from the ref + if (!($tmp_id_tw > 0)) { + $error++; + setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("WarehouseTarget")), null, 'errors'); + } + if ($tmp_id_sw > 0 && $tmp_id_tw == $tmp_id_sw) { + $error++; + $langs->load("errors"); + setEventMessages($langs->trans("ErrorWarehouseMustDiffers"), null, 'errors'); + } + if (!$tmp_qty) { + $error++; + setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Qty")), null, 'errors'); + } + + // Check a batch number is provided if product need it + if (!$error) { + $producttmp = new Product($db); + $producttmp->fetch($tmp_id_product); + if ($producttmp->hasbatch()) { + if (empty($tmp_batch)) { + $error++; + $langs->load("errors"); + setEventMessages($langs->trans("ErrorTryToMakeMoveOnProductRequiringBatchData", $producttmp->ref), null, 'errors'); + } + } + } + + $i++; + } + + if (!$error) { + foreach ($data as $key => $value) { + if (count(array_keys($listofdata)) > 0) { + $id = max(array_keys($listofdata)) + 1; + } else { + $id = 1; + } + $tmp_id_sw = $data[$key][0]['val']; + $tmp_id_tw = $data[$key][1]['val']; + $tmp_id_product = $data[$key][2]['val']; + $tmp_qty = $data[$key][3]['val']; + $tmp_batch = $data[$key][4]['val']; + $listofdata[$key] = array('id'=>$key, 'id_sw'=>$tmp_id_sw, 'id_tw'=>$tmp_id_tw, 'id_product'=>$tmp_id_product, 'qty'=>$tmp_qty, 'batch'=>$tmp_batch); + } + } + } + } + + $_SESSION['massstockmove'] = json_encode($listofdata); +} + +if ($action == 'confirm_deletefile' && $confirm == 'yes') { + $langs->load("other"); + + $param = '&datatoimport='.urlencode($datatoimport).'&format='.urlencode($format); + if ($excludefirstline) { + $param .= '&excludefirstline='.urlencode($excludefirstline); + } + if ($endatlinenb) { + $param .= '&endatlinenb='.urlencode($endatlinenb); + } + + $file = $conf->stock->dir_temp.'/'.GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). + $ret = dol_delete_file($file); + if ($ret) { + setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs'); + } else { + setEventMessages($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), null, 'errors'); + } + Header('Location: '.$_SERVER["PHP_SELF"]); + exit; +} /* @@ -315,7 +446,79 @@ $buttonrecord = $langs->trans("RecordMovement"); $titletoaddnoent = $langs->transnoentitiesnoconv("Select"); $buttonrecordnoent = $langs->transnoentitiesnoconv("RecordMovement"); print ''.$langs->trans("SelectProductInAndOutWareHouse", $titletoaddnoent, $buttonrecordnoent).'
'; -print '
'."\n"; + +print '
'; + +// Form to upload a file +print ''; +print ''; +print ''; +print ''; +print ''; +print $langs->trans("or").' '; +$importcsv = new ImportCsv($db, 'massstocklist'); +print $form->textwithpicto($langs->trans('SelectAStockMovementFileToImport'), $langs->transnoentitiesnoconv("InfoTemplateImport", $importcsv->separator)); +print ''; + +print '     '; +$out = (empty($conf->global->MAIN_UPLOAD_DOC) ? ' disabled' : ''); +print ''; +$out = ''; +if (!empty($conf->global->MAIN_UPLOAD_DOC)) { + $max = $conf->global->MAIN_UPLOAD_DOC; // In Kb + $maxphp = @ini_get('upload_max_filesize'); // In unknown + if (preg_match('/k$/i', $maxphp)) { + $maxphp = $maxphp * 1; + } + if (preg_match('/m$/i', $maxphp)) { + $maxphp = $maxphp * 1024; + } + if (preg_match('/g$/i', $maxphp)) { + $maxphp = $maxphp * 1024 * 1024; + } + if (preg_match('/t$/i', $maxphp)) { + $maxphp = $maxphp * 1024 * 1024 * 1024; + } + $maxphp2 = @ini_get('post_max_size'); // In unknown + if (preg_match('/k$/i', $maxphp2)) { + $maxphp2 = $maxphp2 * 1; + } + if (preg_match('/m$/i', $maxphp2)) { + $maxphp2 = $maxphp2 * 1024; + } + if (preg_match('/g$/i', $maxphp2)) { + $maxphp2 = $maxphp2 * 1024 * 1024; + } + if (preg_match('/t$/i', $maxphp2)) { + $maxphp2 = $maxphp2 * 1024 * 1024 * 1024; + } + // Now $max and $maxphp and $maxphp2 are in Kb + $maxmin = $max; + $maxphptoshow = $maxphptoshowparam = ''; + if ($maxphp > 0) { + $maxmin = min($max, $maxphp); + $maxphptoshow = $maxphp; + $maxphptoshowparam = 'upload_max_filesize'; + } + if ($maxphp2 > 0) { + $maxmin = min($max, $maxphp2); + if ($maxphp2 < $maxphp) { + $maxphptoshow = $maxphp2; + $maxphptoshowparam = 'post_max_size'; + } + } + + $langs->load('other'); + $out .= ' '; + $out .= info_admin($langs->trans("ThisLimitIsDefinedInSetup", $max, $maxphptoshow), 1); +} else { + $out .= ' ('.$langs->trans("UploadDisabled").')'; +} +print $out; + +print ''; + +print '

'; // Form to add a line print ''; @@ -325,7 +528,6 @@ print ''; print '
'; print '
'.$payment_vat_static->getNomUrl(1)."'; $tva->id = $obj->rowid; $tva->ref = $obj->rowid; @@ -192,6 +193,9 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { print $tva->getNomUrl(1, '20'); print ''.$obj->label.''.dol_print_date($date, 'day').'
'.$langs->trans("Total").'    '.$objp->ref_client.''.(!empty($objp->ref_client) ? $objp->ref_client : $objp->ref_supplier).''; if ($possiblelink['label'] == 'LinkToContract') { $form = new Form($this->db); diff --git a/htdocs/core/class/html.formaccounting.class.php b/htdocs/core/class/html.formaccounting.class.php index e6ada4d67c7..87706703c23 100644 --- a/htdocs/core/class/html.formaccounting.class.php +++ b/htdocs/core/class/html.formaccounting.class.php @@ -330,15 +330,15 @@ class FormAccounting extends Form /** * Return list of accounts with label by chart of accounts * - * @param string $selectid Preselected id of accounting accounts (depends on $select_in) - * @param string $htmlname Name of HTML field id. If name start with '.', it is name of HTML css class, so several component with same name in different forms can be used. - * @param int $showempty 1=Add an empty field, 2=Add an empty field+'None' field - * @param array $event Event options - * @param int $select_in 0=selectid value is a aa.rowid (default) or 1=selectid is aa.account_number - * @param int $select_out Set value returned by select. 0=rowid (default), 1=account_number - * @param string $morecss More css non HTML object - * @param string $usecache Key to use to store result into a cache. Next call with same key will reuse the cache. - * @return string String with HTML select + * @param string $selectid Preselected id of accounting accounts (depends on $select_in) + * @param string $htmlname Name of HTML field id. If name start with '.', it is name of HTML css class, so several component with same name in different forms can be used. + * @param int|string $showempty 1=Add an empty field, 2=Add an empty field+'None' field + * @param array $event Event options + * @param int $select_in 0=selectid value is a aa.rowid (default) or 1=selectid is aa.account_number + * @param int $select_out Set value returned by select. 0=rowid (default), 1=account_number + * @param string $morecss More css non HTML object + * @param string $usecache Key to use to store result into a cache. Next call with same key will reuse the cache. + * @return string String with HTML select */ public function select_account($selectid, $htmlname = 'account', $showempty = 0, $event = array(), $select_in = 0, $select_out = 0, $morecss = 'minwidth100 maxwidth300 maxwidthonsmartphone', $usecache = '') { diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index 2af5cae96f6..7b82e5be253 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -713,7 +713,7 @@ class FormCompany extends Form if ($resql) { print '
'; + } + print $langs->trans('SignedBy'); + if ($usetable) { + print ''; + } else { + print ': '; + } + if (is_object($object->user_signature)) { + if ($object->user_signature->id) { + print $object->user_signature->getNomUrl(-1, '', 0, 0, 0); + } else { + print $langs->trans('Unknown'); + } + } else { + $userstatic = new User($db); + $userstatic->fetch($object->user_signature); + if ($userstatic->id) { + print $userstatic->getNomUrl(-1, '', 0, 0, 0); + } else { + print $langs->trans('Unknown'); + } + } + if ($usetable) { + print '
'; + } + print $langs->trans('DateSigning'); + if ($usetable) { + print ''; + } else { + print ': '; + } + print dol_print_date($object->date_signature, 'dayhour'); + if ($deltadateforuser) { + print ' '.$langs->trans('CurrentHour').'   /   '.dol_print_date($object->date_signature, 'dayhour', 'tzuserrel').'  '.$langs->trans('ClientHour'); + } + if ($usetable) { + print '
'; print $form->textwithpicto($langs->trans("RealQty"), $langs->trans("InventoryRealQtyHelp")); print ''; - print '
'; + print '
'; - print 'TODO'; + print $obj->qty_stock; print ''; - print 'rowid).'">'; - print ''; - print ''.img_delete().''; - print ''; + print ''.img_delete().''; + print '
'.$formcompany->select_state($search_state, $search_country).''.$obj->accountancy_code_sell.''.$obj->accountancy_code_sell_intra.''.$obj->accountancy_code_sell_export.''.$obj->accountancy_code_buy.''.$obj->accountancy_code_buy_intra.''.$obj->accountancy_code_buy_export.'
'; -//print '
'; $param = ''; @@ -340,7 +542,6 @@ print getTitleFieldOfList($langs->trans('Qty'), 0, $_SERVER["PHP_SELF"], '', $pa print getTitleFieldOfList('', 0); print ''; - print '
'; // From warehouse print ''; print ''; - print ''; } @@ -411,32 +610,37 @@ print ''; print ''; - print '
'; +// Form to validate all movements +if (count($listofdata)) { + print ''; + print ''; + print ''; -print ''; -print ''; -print ''; + // Button to record mass movement + $codemove = (GETPOSTISSET("codemove") ? GETPOST("codemove", 'alpha') : dol_print_date(dol_now(), '%Y%m%d%H%M%S')); + $labelmovement = GETPOST("label") ? GETPOST('label') : $langs->trans("StockTransfer").' '.dol_print_date($now, '%Y-%m-%d %H:%M'); -// Button to record mass movement -$codemove = (GETPOSTISSET("codemove") ? GETPOST("codemove", 'alpha') : dol_print_date(dol_now(), '%Y%m%d%H%M%S')); -$labelmovement = GETPOST("label") ? GETPOST('label') : $langs->trans("StockTransfer").' '.dol_print_date($now, '%Y-%m-%d %H:%M'); + print '
'; + print ''.$langs->trans("InventoryCode").': '; + print '   '; + print ''; + print $langs->trans("MovementLabel").': '; + print '
'; + print '
'; -print '
'; -print ''.$langs->trans("InventoryCode").': '; -print '   '; -print ''; -print $langs->trans("MovementLabel").': '; -print '
'; -print '
'; + print '
'; -print '
'; + print '
'; + print '
'; -print '
'; -print '
'; + print ''; +} -print ''; +if ($action == 'delete') { + print $form->formconfirm($_SERVER["PHP_SELF"].'?urlfile='.urlencode(GETPOST('urlfile')).'&step=3'.$param, $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1); +} // End of page llxFooter(); diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 904fa9b7e94..393fbc73ae2 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -205,7 +205,7 @@ if ($action == 'order' && GETPOST('valid')) { $order = new CommandeFournisseur($db); // Check if an order for the supplier exists $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."commande_fournisseur"; - $sql .= " WHERE fk_soc = ".$suppliersid[$i]; + $sql .= " WHERE fk_soc = ".((int) $suppliersid[$i]); $sql .= " AND source = 42 AND fk_statut = 0"; $sql .= " AND entity IN (".getEntity('commande_fournisseur').")"; $sql .= " ORDER BY date_creation DESC"; @@ -756,7 +756,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { if (!empty($conf->global->MAIN_MULTILANGS)) { $sql = 'SELECT label,description'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang'; - $sql .= ' WHERE fk_product = '.$objp->rowid; + $sql .= ' WHERE fk_product = '.((int) $objp->rowid); $sql .= ' AND lang = "'.$langs->getDefaultLang().'"'; $sql .= ' LIMIT 1'; diff --git a/htdocs/product/stock/stockatdate.php b/htdocs/product/stock/stockatdate.php index bdac3a70f54..d9a9be0cd70 100644 --- a/htdocs/product/stock/stockatdate.php +++ b/htdocs/product/stock/stockatdate.php @@ -487,7 +487,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { { $sql = 'SELECT label,description'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang'; - $sql .= ' WHERE fk_product = '.$objp->rowid; + $sql .= ' WHERE fk_product = '.((int) $objp->rowid); $sql .= ' AND lang = "'.$langs->getDefaultLang().'"'; $sql .= ' LIMIT 1'; diff --git a/htdocs/projet/activity/perday.php b/htdocs/projet/activity/perday.php index 5b30d77ca21..fc5ea53e98a 100644 --- a/htdocs/projet/activity/perday.php +++ b/htdocs/projet/activity/perday.php @@ -50,7 +50,7 @@ if ($mode == 'mine') { $mine = 1; } -$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); +$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); $hookmanager->initHooks(array('timesheetperdaycard')); diff --git a/htdocs/projet/activity/permonth.php b/htdocs/projet/activity/permonth.php index 7f40ab1c9a1..5fd76694c34 100644 --- a/htdocs/projet/activity/permonth.php +++ b/htdocs/projet/activity/permonth.php @@ -48,7 +48,7 @@ if ($mode == 'mine') { $mine = 1; } -$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); +$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); // Security check $socid = 0; diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php index b6cd2c04f10..4201fca41b6 100644 --- a/htdocs/projet/activity/perweek.php +++ b/htdocs/projet/activity/perweek.php @@ -50,7 +50,7 @@ if ($mode == 'mine') { $mine = 1; } -$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); +$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); $hookmanager->initHooks(array('timesheetperweekcard')); diff --git a/htdocs/projet/ajax/projects.php b/htdocs/projet/ajax/projects.php index 74d9236d26d..5264fa02596 100644 --- a/htdocs/projet/ajax/projects.php +++ b/htdocs/projet/ajax/projects.php @@ -49,15 +49,18 @@ require '../../main.inc.php'; $htmlname = GETPOST('htmlname', 'aZ09'); $socid = GETPOST('socid', 'int'); +$mode = GETPOST('mode', 'aZ09'); $discard_closed = GETPOST('discardclosed', 'int'); +// Security check +restrictedArea($user, 'projet', 0, 'projet&project'); + /* * View */ dol_syslog("Call ajax projet/ajax/projects.php"); -//dol_syslog(join(',', $_GET)); require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; @@ -68,7 +71,7 @@ if (empty($htmlname) && !GETPOST('mode', 'aZ09')) { } // Mode to get list of projects -if (!GETPOST('mode', 'aZ09') || GETPOST('mode', 'aZ09') != 'gettasks') { +if (empty($mode) || $mode != 'gettasks') { // When used from jQuery, the search term is added as GET param "term". $searchkey = (GETPOSTISSET($htmlname) ? GETPOST($htmlname, 'aZ09') : ''); @@ -77,7 +80,7 @@ if (!GETPOST('mode', 'aZ09') || GETPOST('mode', 'aZ09') != 'gettasks') { } // Mode to get list of tasks -if (GETPOST('mode', 'aZ09') == 'gettasks') { +if ($mode == 'gettasks') { $formproject = new FormProjets($db); $formproject->selectTasks((!empty($$socid) ? $socid : -1), 0, 'taskid', 24, 1, '1', 1, 0, 0, 'maxwidth500', GETPOST('projectid', 'int'), ''); return; diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index ffd3d4e2b58..e39869c409f 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -78,17 +78,17 @@ if ($id > 0 || !empty($ref)) { } } -// Security check -$socid = GETPOST('socid', 'int'); -//if ($user->socid > 0) $socid = $user->socid; // For external user, no check is done on company because readability is managed by public status of project and assignement. -$result = restrictedArea($user, 'projet', $object->id, 'projet&project'); - // fetch optionals attributes and labels $extrafields->fetch_name_optionals_label($object->table_element); $date_start = dol_mktime(0, 0, 0, GETPOST('projectstartmonth', 'int'), GETPOST('projectstartday', 'int'), GETPOST('projectstartyear', 'int')); $date_end = dol_mktime(0, 0, 0, GETPOST('projectendmonth', 'int'), GETPOST('projectendday', 'int'), GETPOST('projectendyear', 'int')); +// Security check +$socid = GETPOST('socid', 'int'); +//if ($user->socid > 0) $socid = $user->socid; // For external user, no check is done on company because readability is managed by public status of project and assignement. +restrictedArea($user, 'projet', $object->id, 'projet&project'); + /* * Actions diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index acfa92d6804..7fc9646c489 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -496,7 +496,7 @@ class Project extends CommonObject $sql .= ", accept_booth_suggestions = ".($this->accept_booth_suggestions ? 1 : 0); $sql .= ", price_registration = ".(strcmp($this->price_registration, '') ? price2num($this->price_registration) : "null"); $sql .= ", price_booth = ".(strcmp($this->price_booth, '') ? price2num($this->price_booth) : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -804,7 +804,7 @@ class Project extends CommonObject 'actioncomm'=>'fk_project', 'mrp_mo'=>'fk_project' ); foreach ($listoftables as $key => $value) { - $sql = "UPDATE ".MAIN_DB_PREFIX.$key." SET ".$value." = NULL where ".$value." = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX.$key." SET ".$value." = NULL where ".$value." = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->errors[] = $this->db->lasterror(); @@ -816,7 +816,7 @@ class Project extends CommonObject // Remove linked categories. if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_project"; - $sql .= " WHERE fk_project = ".$this->id; + $sql .= " WHERE fk_project = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -841,7 +841,7 @@ class Project extends CommonObject foreach ($elements as $table) { if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE fk_project = ".$this->id; + $sql .= " WHERE fk_project = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -933,17 +933,17 @@ class Project extends CommonObject if ($type == 'agenda') { $sql = "SELECT COUNT(id) as nb FROM ".MAIN_DB_PREFIX."actioncomm WHERE fk_project = ".$this->id." AND entity IN (".getEntity('agenda').")"; } elseif ($type == 'expensereport') { - $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".$this->id; + $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".((int) $this->id); } elseif ($type == 'project_task') { $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt WHERE pt.fk_projet = ".$this->id; } elseif ($type == 'project_task_time') { // Case we want to duplicate line foreach user - $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet = ".$this->id; + $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet = ".((int) $this->id); } elseif ($type == 'stock_mouvement') { - $sql = 'SELECT COUNT(ms.rowid) as nb FROM '.MAIN_DB_PREFIX."stock_mouvement as ms, ".MAIN_DB_PREFIX."entrepot as e WHERE e.rowid = ms.fk_entrepot AND e.entity IN (".getEntity('stock').") AND ms.origintype = 'project' AND ms.fk_origin = ".$this->id." AND ms.type_mouvement = 1"; + $sql = 'SELECT COUNT(ms.rowid) as nb FROM '.MAIN_DB_PREFIX."stock_mouvement as ms, ".MAIN_DB_PREFIX."entrepot as e WHERE e.rowid = ms.fk_entrepot AND e.entity IN (".getEntity('stock').") AND ms.origintype = 'project' AND ms.fk_origin = ".((int) $this->id)." AND ms.type_mouvement = 1"; } elseif ($type == 'loan') { - $sql = 'SELECT COUNT(l.rowid) as nb FROM '.MAIN_DB_PREFIX."loan as l WHERE l.entity IN (".getEntity('loan').") AND l.fk_projet = ".$this->id; + $sql = 'SELECT COUNT(l.rowid) as nb FROM '.MAIN_DB_PREFIX."loan as l WHERE l.entity IN (".getEntity('loan').") AND l.fk_projet = ".((int) $this->id); } else { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$projectkey." = ".$this->id." AND entity IN (".getEntity($type).")"; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$projectkey." = ".((int) $this->id)." AND entity IN (".getEntity($type).")"; } $result = $this->db->query($sql); @@ -1066,7 +1066,7 @@ class Project extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."projet"; - $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", fk_user_close = ".$user->id.", date_close = '".$this->db->idate($now)."'"; + $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", fk_user_close = ".((int) $user->id).", date_close = '".$this->db->idate($now)."'"; $sql .= " WHERE rowid = ".$this->id; $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 091409539a8..fe8b2eeb8e3 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -1197,11 +1197,11 @@ class Task extends CommonObject if ($ret > 0) { // Recalculate amount of time spent for task and update denormalized field $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task"; - $sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".$this->id.")"; + $sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".((int) $this->id).")"; if (isset($this->progress)) { - $sql .= ", progress = ".$this->progress; // Do not overwrite value if not provided + $sql .= ", progress = ".((float) $this->progress); // Do not overwrite value if not provided } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::addTimeSpent", LOG_DEBUG); if (!$this->db->query($sql)) { @@ -1210,8 +1210,8 @@ class Task extends CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task_time"; - $sql .= " SET thm = (SELECT thm FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".$this->timespent_fk_user.")"; // set average hour rate of user - $sql .= " WHERE rowid = ".$tasktime_id; + $sql .= " SET thm = (SELECT thm FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".((int) $this->timespent_fk_user).")"; // set average hour rate of user + $sql .= " WHERE rowid = ".((int) $tasktime_id); dol_syslog(get_class($this)."::addTimeSpent", LOG_DEBUG); if (!$this->db->query($sql)) { @@ -1317,9 +1317,9 @@ class Task extends CommonObject $sql .= " SUM(t.task_duration) as nbseconds,"; $sql .= " SUM(t.task_duration / 3600 * ".$this->db->ifsql("t.thm IS NULL", 0, "t.thm").") as amount, SUM(".$this->db->ifsql("t.thm IS NULL", 1, 0).") as nblinesnull"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t"; - $sql .= " WHERE t.fk_task = ".$id; + $sql .= " WHERE t.fk_task = ".((int) $id); if (is_object($fuser) && $fuser->id > 0) { - $sql .= " AND fk_user = ".$fuser->id; + $sql .= " AND fk_user = ".((int) $fuser->id); } if ($dates > 0) { $datefieldname = "task_datehour"; @@ -1552,8 +1552,8 @@ class Task extends CommonObject $newDuration = $this->timespent_duration - $this->timespent_old_duration; $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task"; - $sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".$this->db->escape($this->id).")"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".((int) $this->id).")"; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::updateTimeSpent", LOG_DEBUG); if (!$this->db->query($sql)) { diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php index fe434891fa9..92f4e4e3b15 100644 --- a/htdocs/projet/contact.php +++ b/htdocs/projet/contact.php @@ -223,7 +223,7 @@ if ($action == 'swapstatut' && $user->rights->projet->creer) { // Delete a contact if (($action == 'deleteline' || $action == 'deletecontact') && $user->rights->projet->creer) { $object->fetch($id); - $result = $object->delete_contact(GETPOST("lineid")); + $result = $object->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: contact.php?id=".$object->id); diff --git a/htdocs/projet/tasks/comment.php b/htdocs/projet/tasks/comment.php index c0ebc6850cc..aaa8bd0cd89 100644 --- a/htdocs/projet/tasks/comment.php +++ b/htdocs/projet/tasks/comment.php @@ -284,14 +284,14 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_head($head, 'task_comment', $langs->trans("Task"), -1, 'projecttask'); if ($action == 'delete') { - print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"].'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete"); + print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".GETPOST("id", "int").'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete"); } if (!GETPOST('withproject') || empty($projectstatic->id)) { $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1); $object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")"; } else { - $object->next_prev_filter = " fk_projet = ".$projectstatic->id; + $object->next_prev_filter = " fk_projet = ".((int) $projectstatic->id); } $morehtmlref = ''; diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 0f6b67a0482..780d387512e 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -474,14 +474,14 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_head($head, 'task_task', $langs->trans("Task"), -1, 'projecttask', 0, '', 'reposition'); if ($action == 'delete') { - print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"].'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete"); + print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".GETPOST("id", 'int').'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete"); } if (!GETPOST('withproject') || empty($projectstatic->id)) { $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1); $object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")"; } else { - $object->next_prev_filter = " fk_projet = ".$projectstatic->id; + $object->next_prev_filter = " fk_projet = ".((int) $projectstatic->id); } $morehtmlref = ''; diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 2fb226b5eb2..1c3cacb4cee 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -185,12 +185,12 @@ if ($action == 'addtimespent' && $user->rights->projet->lire) { $action = 'createtime'; $error++; } else { - $object->timespent_note = GETPOST("timespent_note"); + $object->timespent_note = GETPOST("timespent_note", 'alpha'); if (GETPOST('progress', 'int') > 0) { $object->progress = GETPOST('progress', 'int'); // If progress is -1 (not defined), we do not change value } - $object->timespent_duration = GETPOST("timespent_durationhour") * 60 * 60; // We store duration in seconds - $object->timespent_duration += (GETPOST("timespent_durationmin") ? GETPOST("timespent_durationmin") : 0) * 60; // We store duration in seconds + $object->timespent_duration = GETPOSTINT("timespent_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOSTINT('timespent_durationmin') ? GETPOSTINT('timespent_durationmin') : 0) * 60; // We store duration in seconds if (GETPOST("timehour") != '' && GETPOST("timehour") >= 0) { // If hour was entered $object->timespent_date = dol_mktime(GETPOST("timehour"), GETPOST("timemin"), 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear")); $object->timespent_withhour = 1; @@ -233,10 +233,10 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us $result = $object->delTimeSpent($user); $object->fetch($id, $ref); - $object->timespent_note = GETPOST("timespent_note_line"); + $object->timespent_note = GETPOST("timespent_note_line", 'alpha'); $object->timespent_old_duration = GETPOST("old_duration"); - $object->timespent_duration = GETPOST("new_durationhour") * 60 * 60; // We store duration in seconds - $object->timespent_duration += (GETPOST("new_durationmin") ? GETPOST("new_durationmin") : 0) * 60; // We store duration in seconds + $object->timespent_duration = GETPOSTINT("new_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOSTINT("new_durationmin") ? GETPOSTINT('new_durationmin') : 0) * 60; // We store duration in seconds if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) { // If hour was entered $object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); $object->timespent_withhour = 1; @@ -258,8 +258,8 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us $object->timespent_id = GETPOST("lineid", 'int'); $object->timespent_note = GETPOST("timespent_note_line"); $object->timespent_old_duration = GETPOST("old_duration"); - $object->timespent_duration = GETPOST("new_durationhour") * 60 * 60; // We store duration in seconds - $object->timespent_duration += (GETPOST("new_durationmin") ? GETPOST("new_durationmin") : 0) * 60; // We store duration in seconds + $object->timespent_duration = GETPOSTINT("new_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOSTINT("new_durationmin") ? GETPOSTINT('new_durationmin') : 0) * 60; // We store duration in seconds if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) { // If hour was entered $object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); $object->timespent_withhour = 1; @@ -428,7 +428,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($langs->trans("TimeSpentForInvoice", $username).' : '.$qtyhourtext, $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid); $result = $db->query($sql); if (!$result) { @@ -467,7 +467,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($value['note'], $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid); $result = $db->query($sql); if (!$result) { @@ -503,7 +503,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($lineName, $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).')'; $result = $db->query($sql); if (!$result) { diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php index 454201203cc..ea9eeb377e7 100644 --- a/htdocs/public/emailing/mailing-read.php +++ b/htdocs/public/emailing/mailing-read.php @@ -122,19 +122,19 @@ if (!empty($tag)) { //Update status of target $statut = '2'; - $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE rowid = ".((int) $obj->rowid); + $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".((int) $statut)." WHERE rowid = ".((int) $obj->rowid); $resql = $db->query($sql); if (!$resql) dol_print_error($db); //Update status communication of thirdparty prospect if ($obj->source_id > 0 && $obj->source_type == 'thirdparty' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.$obj->source_id; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.((int) $obj->source_id); $resql = $db->query($sql); } //Update status communication of contact prospect if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.$obj->source_id.')'; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.((int) $obj->source_id).')'; $resql = $db->query($sql); } } diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php index a19c1212761..80e092f2951 100644 --- a/htdocs/public/members/public_list.php +++ b/htdocs/public/members/public_list.php @@ -131,7 +131,7 @@ llxHeaderVierge($langs->trans("ListOfValidatedPublicMembers"), $morehead); $sql = "SELECT rowid, firstname, lastname, societe, zip, town, email, birth, photo"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent"; -$sql .= " WHERE entity = ".$entity; +$sql .= " WHERE entity = ".((int) $entity); $sql .= " AND statut = 1"; $sql .= " AND public = 1"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index dc5d99a43eb..486223b0293 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -405,8 +405,8 @@ if ($action == 'charge' && !empty($conf->stripe->enabled)) { } dol_syslog("--- newpayment.php Execute action = ".$action, LOG_DEBUG, 0, '_stripe'); - dol_syslog("POST keys : ".join(',', array_keys($_POST)), LOG_DEBUG, 0, '_stripe'); - dol_syslog("POST values: ".join(',', $_POST), LOG_DEBUG, 0, '_stripe'); + dol_syslog("GET=".var_export($_GET, true), LOG_DEBUG, 0, '_stripe'); + dol_syslog("POST=".var_export($_POST, true), LOG_DEBUG, 0, '_stripe'); $stripeToken = GETPOST("stripeToken", 'alpha'); $email = GETPOST("email", 'alpha'); @@ -414,7 +414,7 @@ if ($action == 'charge' && !empty($conf->stripe->enabled)) { $dol_type = (GETPOST('s', 'alpha') ? GETPOST('s', 'alpha') : GETPOST('source', 'alpha')); $dol_id = GETPOST('dol_id', 'int'); $vatnumber = GETPOST('vatnumber', 'alpha'); - $savesource = GETPOSTISSET('savesource') ?GETPOST('savesource', 'int') : 1; + $savesource = GETPOSTISSET('savesource') ? GETPOST('savesource', 'int') : 1; dol_syslog("POST stripeToken = ".$stripeToken, LOG_DEBUG, 0, '_stripe'); dol_syslog("POST email = ".$email, LOG_DEBUG, 0, '_stripe'); diff --git a/htdocs/public/stripe/confirm_payment.php b/htdocs/public/stripe/confirm_payment.php deleted file mode 100644 index b0f8f8213a0..00000000000 --- a/htdocs/public/stripe/confirm_payment.php +++ /dev/null @@ -1,169 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -// TODO Do we really need this page. We alread have a ipn.php page ! - -if (!defined('NOLOGIN')) { - define("NOLOGIN", 1); // This means this output page does not require to be logged. -} -if (!defined('NOCSRFCHECK')) { - define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. -} -if (!defined('NOIPCHECK')) { - define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -} -if (!defined('NOBROWSERNOTIF')) { - define('NOBROWSERNOTIF', '1'); -} - -$entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_numeric($entity)) { - define("DOLENTITY", $entity); -} - -require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/ccountry.class.php'; -require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php'; -require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; -require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; -require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; -require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; - -require_once DOL_DOCUMENT_ROOT.'/includes/stripe/stripe-php/init.php'; -require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php'; - -if (empty($conf->stripe->enabled)) { - accessforbidden('', 0, 0, 1); -} - - -// You can find your endpoint's secret in your webhook settings -if (isset($_GET['connect'])) { - if (isset($_GET['test'])) { - $endpoint_secret = $conf->global->STRIPE_TEST_WEBHOOK_CONNECT_KEY; - $service = 'StripeTest'; - $servicestatus = 0; - } else { - $endpoint_secret = $conf->global->STRIPE_LIVE_WEBHOOK_CONNECT_KEY; - $service = 'StripeLive'; - $servicestatus = 1; - } -} else { - if (isset($_GET['test'])) { - $endpoint_secret = $conf->global->STRIPE_TEST_WEBHOOK_KEY; - $service = 'StripeTest'; - $servicestatus = 0; - } else { - $endpoint_secret = $conf->global->STRIPE_LIVE_WEBHOOK_KEY; - $service = 'StripeLive'; - $servicestatus = 1; - } -} - - - -/* - * Actions - */ - -$langs->load("main"); - -// TODO Do we really need a user in setup just to have an name to fill an email topic when it is a technical system notification email -$user = new User($db); -$user->fetch($conf->global->STRIPE_USER_ACCOUNT_FOR_ACTIONS); -$user->getrights(); - -// list of action -$stripe = new Stripe($db); - -// Subject -$societeName = $conf->global->MAIN_INFO_SOCIETE_NOM; -if (!empty($conf->global->MAIN_APPLICATION_TITLE)) { - $societeName = $conf->global->MAIN_APPLICATION_TITLE; -} - - -dol_syslog("Stripe confirm_payment was called"); -dol_syslog("GET=".var_export($_GET, true)); -dol_syslog("POST=".var_export($_POST, true)); - - -header('Content-Type: application/json'); - -// retrieve json from POST body -$json_str = file_get_contents('php://input'); -$json_obj = json_decode($json_str); - -$intent = null; -try { - if (isset($json_obj->payment_method_id)) { - // Create the PaymentIntent - $intent = \Stripe\PaymentIntent::create(array( - 'payment_method' => $json_obj->payment_method_id, - 'amount' => 1099, - 'currency' => 'eur', - 'confirmation_method' => 'manual', - 'confirm' => true, - )); - } - if (isset($json_obj->payment_intent_id)) { - $intent = \Stripe\PaymentIntent::retrieve( - $json_obj->payment_intent_id - ); - $intent->confirm(); - } - generatePaymentResponse($intent); -} catch (\Stripe\Error\Base $e) { - // Display error on client - echo json_encode(array( - 'error' => $e->getMessage() - )); -} - -/** - * Generate payment response - * - * @param \Stripe\PaymentIntent $intent PaymentIntent - * @return void - */ -function generatePaymentResponse($intent) -{ - if ($intent->status == 'requires_source_action' && - $intent->next_action->type == 'use_stripe_sdk') { - // Tell the client to handle the action - echo json_encode(array( - 'requires_action' => true, - 'payment_intent_client_secret' => $intent->client_secret - )); - } elseif ($intent->status == 'succeeded') { - // The payment didn’t need any additional actions and completed! - // Handle post-payment fulfillment - - // TODO - - echo json_encode(array( - "success" => true - )); - } else { - // Invalid status - http_response_code(500); - echo json_encode(array('error' => 'Invalid PaymentIntent status')); - } -} diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php index d39f48f2dfe..f44bc0b1c99 100644 --- a/htdocs/public/stripe/ipn.php +++ b/htdocs/public/stripe/ipn.php @@ -373,7 +373,7 @@ if ($event->type == 'payout.created') { } } elseif ($event->type == 'payment_method.detached') { $db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_rib WHERE number = '".$db->escape($event->data->object->id)."' and status = ".$servicestatus; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_rib WHERE number = '".$db->escape($event->data->object->id)."' and status = ".((int) $servicestatus); $db->query($sql); $db->commit(); } elseif ($event->type == 'charge.succeeded') { diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 9392844adf2..1e78c6636ce 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -259,8 +259,6 @@ if (empty($reshook)) { $objectsrc = new $classname($db); $objectsrc->fetch($object->origin_id); - - $object->socid = $objectsrc->socid; $object->ref_supplier = GETPOST('ref_supplier', 'alpha'); $object->model_pdf = GETPOST('model'); @@ -299,15 +297,12 @@ if (empty($reshook)) { $stockLocation = "ent1".$i."_0"; $qty = "qtyl".$i; - - - //var_dump(GETPOST($qty,'int')); var_dump($_POST); var_dump($batch);exit; - //reception line for product with no batch management and no multiple stock location - if (GETPOST($qty, 'int') > 0) { - $totalqty += GETPOST($qty, 'int'); + //var_dump(GETPOST($qty,'int')); var_dump($_POST); var_dump($batch);exit; + //reception line for product with no batch management and no multiple stock location + if (GETPOST($qty, 'alpha') > 0) { + $totalqty += price2num(GETPOST($qty, 'alpha'), 'MS'); } - // Extrafields $array_options[$i] = $extrafields->getOptionalsFromPost($object->table_element_line, $i); } @@ -342,10 +337,16 @@ if (empty($reshook)) { $entrepot_id = is_numeric(GETPOST($ent, 'int')) ? GETPOST($ent, 'int') : GETPOST('entrepot_id', 'int'); + if (!empty($lineToTest)) { + $fk_product = $lineToTest->fk_product; + } else { + $fk_product = $linesrc->fk_product; + } + if ($entrepot_id < 0) { $entrepot_id = ''; } - if (!($lineToTest->fk_product > 0) && empty($conf->global->STOCK_SUPPORTS_SERVICES)) { + if (!($fk_product > 0) && empty($conf->global->STOCK_SUPPORTS_SERVICES)) { $entrepot_id = 0; } $eatby = GETPOST($eatby, 'alpha'); diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index a8a55c7faf2..b2f31505c44 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -1410,7 +1410,7 @@ class Reception extends CommonObject if (!empty($this->shipping_method_id)) { $sql = "SELECT em.code, em.tracking"; $sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as em"; - $sql .= " WHERE em.rowid = ".$this->shipping_method_id; + $sql .= " WHERE em.rowid = ".((int) $this->shipping_method_id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/reception/contact.php b/htdocs/reception/contact.php index 58e046ec0bb..3caa9a90fea 100644 --- a/htdocs/reception/contact.php +++ b/htdocs/reception/contact.php @@ -110,7 +110,7 @@ if ($action == 'addcontact' && $user->rights->reception->creer) { $result = $objectsrc->swapContactStatus(GETPOST('ligne', 'int')); } elseif ($action == 'deletecontact' && $user->rights->reception->creer) { // Efface un contact - $result = $objectsrc->delete_contact(GETPOST("lineid")); + $result = $objectsrc->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php index d82e2265e7e..68fb7a1fea6 100644 --- a/htdocs/recruitment/class/recruitmentjobposition.class.php +++ b/htdocs/recruitment/class/recruitmentjobposition.class.php @@ -670,7 +670,7 @@ class RecruitmentJobPosition extends CommonObject $newprivatenote = dol_concatdesc($this->note_private, $note); $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET status = ".$status.", note_private = '".$this->db->escape($newprivatenote)."'"; + $sql .= " SET status = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."'"; //$sql .= ", date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; $sql .= " WHERE rowid = ".$this->id; diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index 5ab07cdd536..4979a883d9c 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -410,7 +410,7 @@ class Dolresource extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid =".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this), LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/resource/element_resource.php b/htdocs/resource/element_resource.php index c16018a30c1..83a8d58d410 100644 --- a/htdocs/resource/element_resource.php +++ b/htdocs/resource/element_resource.php @@ -2,6 +2,7 @@ /* Copyright (C) 2013-2018 Jean-François Ferry * Copyright (C) 2016 Gilles Poirier * Copyright (C) 2019 Josep Lluís Amador + * Copyright (C) 2021 Frédéric France * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -118,7 +119,7 @@ if (empty($reshook)) { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = '".$db->escape($resource_type)."'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($objstat->element)."'"; - $sql .= " WHERE er.resource_id = ".$resource_id; + $sql .= " WHERE er.resource_id = ".((int) $resource_id); $sql .= " AND er.busy = 1"; $sql .= " AND ("; @@ -193,8 +194,8 @@ if (empty($reshook)) { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = '".$db->escape($object->resource_type)."'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element_type)."'"; - $sql .= " WHERE er.resource_id = ".$object->resource_id; - $sql .= " AND ac.id != ".$object->element_id; + $sql .= " WHERE er.resource_id = ".((int) $object->resource_id); + $sql .= " AND ac.id <> ".((int) $object->element_id); $sql .= " AND er.busy = 1"; $sql .= " AND ("; @@ -355,7 +356,10 @@ if (!$ret) { // Type if (!empty($conf->global->AGENDA_USE_EVENT_TYPE)) { - print ''; + print ''; } // Full day event diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index e1225f15258..afd152fb785 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -780,7 +780,7 @@ if ($id) { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepayment = c.id"; $sql .= ", ".MAIN_DB_PREFIX."salary as salaire"; - $sql .= " WHERE p.fk_salary = ".$id; + $sql .= " WHERE p.fk_salary = ".((int) $id); $sql .= " AND p.fk_salary = salaire.rowid"; $sql .= " AND salaire.entity IN (".getEntity('tax').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/salaries/class/paymentsalary.class.php b/htdocs/salaries/class/paymentsalary.class.php index dc7e310d560..dcb50dac49a 100644 --- a/htdocs/salaries/class/paymentsalary.class.php +++ b/htdocs/salaries/class/paymentsalary.class.php @@ -570,7 +570,7 @@ class PaymentSalary extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/salaries/class/salariesstats.class.php b/htdocs/salaries/class/salariesstats.class.php index f8a7d618fb0..b3e6c20a0ca 100644 --- a/htdocs/salaries/class/salariesstats.class.php +++ b/htdocs/salaries/class/salariesstats.class.php @@ -64,7 +64,7 @@ class SalariesStats extends Stats $this->where = " entity = ".$conf->entity; if ($this->socid > 0) { - $this->where .= " AND fk_soc = ".$this->socid; + $this->where .= " AND fk_soc = ".((int) $this->socid); } if (is_array($this->userid) && count($this->userid) > 0) { $this->where .= ' AND fk_user IN ('.$this->db->sanitize(join(',', $this->userid)).')'; @@ -101,7 +101,7 @@ class SalariesStats extends Stats { $sql = "SELECT MONTH(datep) as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(datep) = ".$year; + $sql .= " WHERE YEAR(datep) = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index fdd1bfd7f73..85ccfc0a1db 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -463,7 +463,7 @@ class Salary extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php index eb9fe8bfd17..6c282eac94d 100644 --- a/htdocs/salaries/paiement_salary.php +++ b/htdocs/salaries/paiement_salary.php @@ -188,12 +188,12 @@ if ($action == 'create') { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p"; - $sql .= " WHERE p.fk_salary = ".$chid; + $sql .= " WHERE p.fk_salary = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); $sumpaid = $obj->total; - $db->free(); + $db->free($resql); } /*print ''; print '';*/ diff --git a/htdocs/salaries/payment_salary/card.php b/htdocs/salaries/payment_salary/card.php index c6d1fd7d07f..51f80b23efd 100644 --- a/htdocs/salaries/payment_salary/card.php +++ b/htdocs/salaries/payment_salary/card.php @@ -255,7 +255,7 @@ print '
'; if ($action == '') { if ($user->rights->salaries->delete) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/salaries/payments.php b/htdocs/salaries/payments.php index c91613f2327..09c90854f22 100644 --- a/htdocs/salaries/payments.php +++ b/htdocs/salaries/payments.php @@ -75,6 +75,8 @@ $search_user = GETPOST('search_user', 'alpha'); $search_label = GETPOST('search_label', 'alpha'); $search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int')); $search_date_end = dol_mktime(23, 59, 59, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int')); +$search_dateep_start = dol_mktime(0, 0, 0, GETPOST('search_dateep_startmonth', 'int'), GETPOST('search_dateep_startday', 'int'), GETPOST('search_dateep_startyear', 'int')); +$search_dateep_end = dol_mktime(23, 59, 59, GETPOST('search_dateep_endmonth', 'int'), GETPOST('search_dateep_endday', 'int'), GETPOST('search_dateep_endyear', 'int')); $search_amount = GETPOST('search_amount', 'alpha'); $search_account = GETPOST('search_account', 'int'); $search_fk_bank = GETPOST('search_fk_bank', 'int'); @@ -141,6 +143,8 @@ if (empty($reshook)) { $search_label = ""; $search_date_start = ''; $search_date_end = ''; + $search_dateep_start = ''; + $search_dateep_end = ''; $search_amount = ""; $search_account = ''; $search_fk_bank = ''; @@ -184,7 +188,7 @@ $help_url = ''; $title = $langs->trans('SalariesPayments'); $sql = "SELECT u.rowid as uid, u.lastname, u.firstname, u.login, u.email, u.admin, u.salary as current_salary, u.fk_soc as fk_soc, u.statut as status,"; -$sql .= " s.rowid, s.fk_user, s.amount, s.salary, sal.rowid as id_salary, sal.label, s.datep as datep, b.datev as datev, s.fk_typepayment as type, s.num_payment, s.fk_bank,"; +$sql .= " s.rowid, s.fk_user, s.amount, s.salary, sal.rowid as id_salary, sal.label, s.datep as datep, sal.dateep, b.datev as datev, s.fk_typepayment as type, s.num_payment, s.fk_bank,"; $sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel, ba.iban_prefix as iban, ba.bic, ba.currency_code, ba.clos,"; $sql .= " pst.code as payment_code"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as s"; @@ -204,6 +208,8 @@ if ($search_user) $sql .= natural_search(array('u.login', 'u.lastname', 'u.fir if ($search_label) $sql .= natural_search(array('sal.label'), $search_label); if ($search_date_start) $sql .= " AND s.datep >= '".$db->idate($search_date_start)."'"; if ($search_date_end) $sql .= " AND s.datep <= '".$db->idate($search_date_end)."'"; +if ($search_dateep_start) $sql .= " AND sal.dateep >= '".$db->idate($search_dateep_start)."'"; +if ($search_dateep_end) $sql .= " AND sal.dateep <= '".$db->idate($search_dateep_end)."'"; if ($search_amount) $sql .= natural_search("s.amount", $search_amount, 1); if ($search_account > 0) $sql .= " AND b.fk_account=".((int) $search_account); if ($search_fk_bank) $sql .= " AND s.fk_bank=".((int) $search_fk_bank); @@ -259,7 +265,9 @@ if ($search_fk_bank) $param .= '&search_fk_bank='.urlencode($search_fk_bank); if ($search_chq_number) $param .= '&search_chq_number='.urlencode($search_chq_number); if ($search_account) $param .= '&search_account='.urlencode($search_account); if ($search_date_start) $param .= '&search_date_startday='.urlencode(GETPOST('search_date_startday', 'int')).'&search_date_startmonth='.urlencode(GETPOST('search_date_startmonth', 'int')).'&search_date_startyear='.urlencode(GETPOST('search_date_startyear', 'int')); +if ($search_dateep_start) $param .= '&search_dateep_startday='.urlencode(GETPOST('search_dateep_startday', 'int')).'&search_dateep_startmonth='.urlencode(GETPOST('search_dateep_startmonth', 'int')).'&search_dateep_startyear='.urlencode(GETPOST('search_dateep_startyear', 'int')); if ($search_date_end) $param .= '&search_date_endday='.urlencode(GETPOST('search_date_endday', 'int')).'&search_date_endmonth='.urlencode(GETPOST('search_date_endmonth', 'int')).'&search_date_endyear='.urlencode(GETPOST('search_date_endyear', 'int')); +if ($search_dateep_end) $param .= '&search_dateep_endday='.urlencode(GETPOST('search_dateep_endday', 'int')).'&search_dateep_endmonth='.urlencode(GETPOST('search_dateep_endmonth', 'int')).'&search_dateep_endyear='.urlencode(GETPOST('search_dateep_endyear', 'int')); // Add $param from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php'; @@ -308,6 +316,15 @@ print ''; +// Date end period +print '
'; // Date payment print ''; // Date value -print ''; +/*print '';*/ // Employee print ''; print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "s.rowid", "", $param, "", $sortfield, $sortorder); print_liste_field_titre("Salary", $_SERVER["PHP_SELF"], "sal.rowid", "", $param, '', $sortfield, $sortorder); print_liste_field_titre("Label", $_SERVER["PHP_SELF"], "s.label", "", $param, 'class="left"', $sortfield, $sortorder); +print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "sal.dateep", "", $param, '', $sortfield, $sortorder, 'center '); print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "s.datep,s.rowid", "", $param, '', $sortfield, $sortorder, 'center '); -print_liste_field_titre("DateValue", $_SERVER["PHP_SELF"], "b.datev,s.rowid", "", $param, '', $sortfield, $sortorder, 'center '); +//print_liste_field_titre("DateValue", $_SERVER["PHP_SELF"], "b.datev,s.rowid", "", $param, '', $sortfield, $sortorder, 'center '); print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.rowid", "", $param, "", $sortfield, $sortorder); print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pst.code", "", $param, 'class="left"', $sortfield, $sortorder); print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "s.num_payment", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber'); @@ -436,13 +454,17 @@ while ($i < ($limit ? min($num, $limit) : $num)) { print "\n"; if (!$i) $totalarray['nbfield']++; + // Date end period + print '\n"; + if (!$i) $totalarray['nbfield']++; + // Date payment print '\n"; if (!$i) $totalarray['nbfield']++; // Date value - print '\n"; - if (!$i) $totalarray['nbfield']++; + /*print '\n"; + if (!$i) $totalarray['nbfield']++;*/ // Employee print "\n"; @@ -485,7 +507,9 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $accountstatic->accountancy_journal = $accountingjournal->getNomUrl(0, 1, 1, '', 1); } $accountstatic->label = $obj->blabel; - print $accountstatic->getNomUrl(1); + if ($accountstatic->id > 0) { + print $accountstatic->getNomUrl(1); + } } else print ' '; print ''; if (!$i) $totalarray['nbfield']++; diff --git a/htdocs/societe/ajax/company.php b/htdocs/societe/ajax/company.php index 57edbcebc1d..86e6f68c16c 100644 --- a/htdocs/societe/ajax/company.php +++ b/htdocs/societe/ajax/company.php @@ -57,8 +57,6 @@ $showtype = GETPOST('showtype', 'int'); */ //print ''."\n"; - -dol_syslog(join(',', $_GET)); //print_r($_GET); if (!empty($action) && $action == 'fetch' && !empty($id)) { diff --git a/htdocs/societe/ajaxcompanies.php b/htdocs/societe/ajaxcompanies.php index 3221aafff55..cc327b155fa 100644 --- a/htdocs/societe/ajaxcompanies.php +++ b/htdocs/societe/ajaxcompanies.php @@ -58,20 +58,18 @@ top_httphead(); //print ''."\n"; -dol_syslog(join(',', $_GET)); - // Generation liste des societes if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn')) { $return_arr = array(); // Define filter on text typed - $socid = $_GET['newcompany'] ? $_GET['newcompany'] : ''; + $socid = GETPOST('newcompany'); if (!$socid) { - $socid = $_GET['socid'] ? $_GET['socid'] : ''; + $socid = GETPOST('socid', 'int'); } if (!$socid) { - $socid = $_GET['id_fourn'] ? $_GET['id_fourn'] : ''; + $socid = GETPOST('id_fourn', 'int'); } $sql = "SELECT rowid, nom"; @@ -90,7 +88,7 @@ if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn')) { $sql .= " OR code_fournisseur LIKE '%".$db->escape($socid)."%'"; } if (!empty($conf->global->SOCIETE_ALLOW_SEARCH_ON_ROWID)) { - $sql .= " OR rowid = '".$db->escape($socid)."'"; + $sql .= " OR rowid = ".((int) $socid); } $sql .= ")"; } diff --git a/htdocs/societe/ajaxcountries.php b/htdocs/societe/ajaxcountries.php index a4efc4ecc94..aa6cbf70de8 100644 --- a/htdocs/societe/ajaxcountries.php +++ b/htdocs/societe/ajaxcountries.php @@ -59,8 +59,6 @@ top_httphead(); print ''."\n"; -dol_syslog(join(',', $_POST)); - // Generate list of countries if (!empty($country)) { global $langs; diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index fd4fde95243..2a5f2b84a53 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -792,7 +792,7 @@ if (empty($reshook)) { // Update linked member if (!$error && $object->fk_soc > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."adherent"; - $sql .= " SET fk_soc = NULL WHERE fk_soc = ".$id; + $sql .= " SET fk_soc = NULL WHERE fk_soc = ".((int) $socid); if (!$object->db->query($sql)) { $error++; $object->error .= $object->db->lasterror(); diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index ddc9fa41fdb..6fd5160d8a6 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -1017,7 +1017,7 @@ class Thirdparties extends DolibarrApi $sql = "SELECT f.ref, f.type as factype, re.fk_facture_source, re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc, re.description, re.fk_facture, re.fk_facture_line"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f"; - $sql .= " WHERE f.rowid = re.fk_facture_source AND re.fk_soc = ".$id; + $sql .= " WHERE f.rowid = re.fk_facture_source AND re.fk_soc = ".((int) $id); if ($filter == "available") { $sql .= " AND re.fk_facture IS NULL AND re.fk_facture_line IS NULL"; } @@ -1155,7 +1155,7 @@ class Thirdparties extends DolibarrApi $sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib"; if ($id) { - $sql .= " WHERE fk_soc = ".$id." "; + $sql .= " WHERE fk_soc = ".((int) $id); } @@ -1505,7 +1505,7 @@ class Thirdparties extends DolibarrApi throw new RestException(422, 'Unprocessable Entity: You must pass the site attribute in your request data !'); } - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."'"; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."'"; $result = $this->db->query($sql); if ($result && $this->db->num_rows($result) == 0) { @@ -1585,7 +1585,7 @@ class Thirdparties extends DolibarrApi // We found an existing SocieteAccount entity, we are replacing it } else { if (isset($request_data['site']) && $request_data['site'] !== $site) { - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' "; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."' "; $result = $this->db->query($sql); if ($result && $this->db->num_rows($result) !== 0) { @@ -1649,7 +1649,7 @@ class Thirdparties extends DolibarrApi } else { // If the user tries to edit the site member, we check first if if (isset($request_data['site']) && $request_data['site'] !== $site) { - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' "; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."' "; $result = $this->db->query($sql); if ($result && $this->db->num_rows($result) !== 0) { @@ -1733,7 +1733,7 @@ class Thirdparties extends DolibarrApi */ $sql = "SELECT rowid, fk_soc, key_account, site, date_creation, tms"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id; + $sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id); $result = $this->db->query($sql); diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index 6b09d88ac71..eefb71b6772 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -104,7 +104,7 @@ class Client extends Societe $sql = "SELECT id, code, libelle as label, picto FROM ".MAIN_DB_PREFIX."c_stcomm"; if ($active >= 0) { - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); } $resql = $this->db->query($sql); $num = $this->db->num_rows($resql); diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index c611ccab462..3e410019b22 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -217,12 +217,12 @@ class CompanyBankAccount extends Account $sql .= " WHERE rowid = ".((int) $id); } if ($socid) { - $sql .= " WHERE fk_soc = ".$socid; + $sql .= " WHERE fk_soc = ".((int) $socid); if ($default > -1) { - $sql .= " AND default_rib = ".$this->db->escape($default); + $sql .= " AND default_rib = ".((int) $default); } if ($type) { - $sql .= " AND type ='".$this->db->escape($type)."'"; + $sql .= " AND type = '".$this->db->escape($type)."'"; } } @@ -351,12 +351,12 @@ class CompanyBankAccount extends Account $this->db->begin(); $sql2 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 0"; - $sql2 .= " WHERE type = 'ban' AND fk_soc = ".$obj->fk_soc; + $sql2 .= " WHERE type = 'ban' AND fk_soc = ".((int) $obj->fk_soc); dol_syslog(get_class($this).'::setAsDefault', LOG_DEBUG); $result2 = $this->db->query($sql2); $sql3 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 1"; - $sql3 .= " WHERE rowid = ".$obj->id; + $sql3 .= " WHERE rowid = ".((int) $obj->id); dol_syslog(get_class($this).'::setAsDefault', LOG_DEBUG); $result3 = $this->db->query($sql3); diff --git a/htdocs/societe/class/companypaymentmode.class.php b/htdocs/societe/class/companypaymentmode.class.php index db19840fd8e..1f11e6a29c3 100644 --- a/htdocs/societe/class/companypaymentmode.class.php +++ b/htdocs/societe/class/companypaymentmode.class.php @@ -318,7 +318,7 @@ class CompanyPaymentMode extends CommonObject public function fetch($id, $ref = null, $socid = 0, $type = '', $morewhere = '') { if ($socid) { - $morewhere .= " AND fk_soc = ".$this->db->escape($socid)." AND default_rib = 1"; + $morewhere .= " AND fk_soc = ".((int) $socid)." AND default_rib = 1"; } if ($type) { $morewhere .= " AND type = '".$this->db->escape($type)."'"; @@ -464,7 +464,7 @@ class CompanyPaymentMode extends CommonObject $this->db->begin(); $sql2 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 0, tms = tms"; - $sql2 .= " WHERE default_rib <> 0 AND fk_soc = ".$obj->fk_soc; + $sql2 .= " WHERE default_rib <> 0 AND fk_soc = ".((int) $obj->fk_soc); if ($type) { $sql2 .= " AND type = '".$this->db->escape($type)."'"; } @@ -472,7 +472,7 @@ class CompanyPaymentMode extends CommonObject $result2 = $this->db->query($sql2); $sql3 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 1"; - $sql3 .= " WHERE rowid = ".$obj->id; + $sql3 .= " WHERE rowid = ".((int) $obj->id); if ($type) { $sql3 .= " AND type = '".$this->db->escape($type)."'"; } diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 15454f47e2c..6874c4b3b2d 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -868,6 +868,7 @@ class Societe extends CommonObject $sql .= ", name_alias"; $sql .= ", entity"; $sql .= ", datec"; + $sql .= ", fk_typent"; $sql .= ", fk_user_creat"; $sql .= ", canvas"; $sql .= ", status"; @@ -882,6 +883,7 @@ class Societe extends CommonObject $sql .= ", accountancy_code_sell"; $sql .= ") VALUES ('".$this->db->escape($this->name)."', '".$this->db->escape($this->name_alias)."', ".$this->db->escape($this->entity).", '".$this->db->idate($now)."'"; $sql .= ", ".(!empty($user->id) ? ((int) $user->id) : "null"); + $sql .= ", ".(!empty($this->typent_id) ? ((int) $this->typent_id) : "null"); $sql .= ", ".(!empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'" : "null"); $sql .= ", ".$this->status; $sql .= ", ".(!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null"); @@ -958,7 +960,7 @@ class Societe extends CommonObject * @param array $tags Array of tag to affect to contact * @return int <0 if KO, >0 if OK */ - public function create_individual(User $user, $no_email, $tags = array()) + public function create_individual(User $user, $no_email = 0, $tags = array()) { global $conf; @@ -1905,7 +1907,7 @@ class Societe extends CommonObject } } else { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete; - $sql .= " WHERE fk_soc = ".$id; + $sql .= " WHERE fk_soc = ".((int) $id); if (!$this->db->query($sql)) { $error++; $this->errors[] = $this->db->lasterror(); @@ -1928,7 +1930,7 @@ class Societe extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; $sql .= " SET parent = NULL"; - $sql .= " WHERE parent = ".$id; + $sql .= " WHERE parent = ".((int) $id); if (!$this->db->query($sql)) { $error++; $this->errors[] = $this->db->lasterror(); @@ -1983,7 +1985,7 @@ class Societe extends CommonObject $newclient = 3; //If prospect, we keep prospect tag } $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; - $sql .= " SET client = ".$newclient; + $sql .= " SET client = ".((int) $newclient); $sql .= " WHERE rowid = ".$this->id; $resql = $this->db->query($sql); @@ -2285,8 +2287,8 @@ class Societe extends CommonObject $now = dol_now(); $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; - $sql .= " SET price_level = '".$this->db->escape($price_level)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET price_level = ".((int) $price_level); + $sql .= " WHERE rowid = ".((int) $this->id); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -2295,7 +2297,7 @@ class Societe extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_prices"; $sql .= " (datec, fk_soc, price_level, fk_user_author)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$this->id.", '".$this->db->escape($price_level)."', ".$user->id.")"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".$this->id.", ".((int) $price_level).", ".$user->id.")"; if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -2324,7 +2326,7 @@ class Societe extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux"; - $sql .= " WHERE fk_soc = ".$this->id." AND fk_user =".$commid; + $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid); $resql = $this->db->query($sql); if (!$resql) { @@ -2387,7 +2389,7 @@ class Societe extends CommonObject if ($this->id > 0 && $commid > 0) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux "; - $sql .= " WHERE fk_soc = ".$this->id." AND fk_user =".$commid; + $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::del_commercial Erreur"); @@ -3793,11 +3795,14 @@ class Societe extends CommonObject $this->client = 1; // A member is a customer by default $this->code_client = ($customercode ? $customercode : -1); $this->code_fournisseur = -1; + $this->typent_code = ($member->morphy == 'phy' ? 'TE_PRIVATE' : 0); + $this->typent_id = $this->typent_code ? dol_getIdFromCode($this->db, $this->typent_code, 'c_typent', 'id', 'code') : 0; $this->db->begin(); // Cree et positionne $this->id $result = $this->create($user); + if ($result >= 0) { // Auto-create contact on thirdparty creation if (!empty($conf->global->THIRDPARTY_DEFAULT_CREATE_CONTACT)) { @@ -3808,6 +3813,7 @@ class Societe extends CommonObject dol_syslog("We ask to create a contact/address too", LOG_DEBUG); $result = $this->create_individual($user); + if ($result < 0) { setEventMessages($this->error, $this->errors, 'errors'); $this->db->rollback(); @@ -4614,7 +4620,7 @@ class Societe extends CommonObject $resql = $db->query($sql); while ($obj = $db->fetch_object($resql)) { - $db->query('DELETE FROM '.MAIN_DB_PREFIX.'societe_commerciaux WHERE rowid = '.$obj->rowid); + $db->query('DELETE FROM '.MAIN_DB_PREFIX.'societe_commerciaux WHERE rowid = '.((int) $obj->rowid)); } /** diff --git a/htdocs/societe/class/societeaccount.class.php b/htdocs/societe/class/societeaccount.class.php index 5be05d99a56..8fbbbbcee6e 100644 --- a/htdocs/societe/class/societeaccount.class.php +++ b/htdocs/societe/class/societeaccount.class.php @@ -284,7 +284,7 @@ class SocieteAccount extends CommonObject { $sql = "SELECT sa.key_account as key_account, sa.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_account as sa"; - $sql .= " WHERE sa.fk_soc = ".$id; + $sql .= " WHERE sa.fk_soc = ".((int) $id); $sql .= " AND sa.entity IN (".getEntity('societe').")"; $sql .= " AND sa.site = '".$this->db->escape($site)."' AND sa.status = ".((int) $status); $sql .= " AND sa.key_account IS NOT NULL AND sa.key_account <> ''"; diff --git a/htdocs/societe/consumption.php b/htdocs/societe/consumption.php index a7ef895041e..3190ad5e64e 100644 --- a/htdocs/societe/consumption.php +++ b/htdocs/societe/consumption.php @@ -146,7 +146,7 @@ if ($object->client) { print ' ('.$langs->trans("WrongCustomerCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -183,7 +183,7 @@ if ($object->fournisseur) { print ' ('.$langs->trans("WrongSupplierCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."commande_fournisseur where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."commande_fournisseur where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -229,7 +229,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices $documentstatic = new Fichinter($db); $sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datec as dateprint, f.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."fichinter as f LEFT JOIN ".MAIN_DB_PREFIX."fichinterdet as d ON d.fk_fichinter = f.rowid"; // Must use left join to work also with option that disable usage of lines. - $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND f.entity = ".$conf->entity; $dateprint = 'f.datec'; $doc_number = 'f.ref'; @@ -239,7 +239,7 @@ if ($type_element == 'invoice') { // Customer : show products from invoices $documentstatic = new Facture($db); $sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, f.type as doc_type, f.datef as dateprint, f.fk_statut as status, f.paye as paid, '; $tables_from = MAIN_DB_PREFIX."facture as f,".MAIN_DB_PREFIX."facturedet as d"; - $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_facture = f.rowid"; $where .= " AND f.entity IN (".getEntity('invoice').")"; $dateprint = 'f.datef'; @@ -251,7 +251,7 @@ if ($type_element == 'propal') { $documentstatic = new Propal($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.datep as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."propal as c,".MAIN_DB_PREFIX."propaldet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_propal = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $datePrint = 'c.datep'; @@ -263,7 +263,7 @@ if ($type_element == 'order') { $documentstatic = new Commande($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_commande as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."commande as c,".MAIN_DB_PREFIX."commandedet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_commande = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_commande'; @@ -275,7 +275,7 @@ if ($type_element == 'supplier_invoice') { // Supplier : Show products from inv $documentstatic = new FactureFournisseur($db); $sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datef as dateprint, f.fk_statut as status, f.paye as paid, '; $tables_from = MAIN_DB_PREFIX."facture_fourn as f,".MAIN_DB_PREFIX."facture_fourn_det as d"; - $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_facture_fourn = f.rowid"; $where .= " AND f.entity = ".$conf->entity; $dateprint = 'f.datef'; @@ -287,7 +287,7 @@ if ($type_element == 'supplier_proposal') { $documentstatic = new SupplierProposal($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."supplier_proposal as c,".MAIN_DB_PREFIX."supplier_proposaldet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_supplier_proposal = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_valid'; @@ -299,7 +299,7 @@ if ($type_element == 'supplier_order') { // Supplier : Show products from order $documentstatic = new CommandeFournisseur($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."commande_fournisseur as c,".MAIN_DB_PREFIX."commande_fournisseurdet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_commande = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_valid'; @@ -312,7 +312,7 @@ if ($type_element == 'contract') { // Order $documentstaticline = new ContratLigne($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_contrat as dateprint, d.statut as status, '; $tables_from = MAIN_DB_PREFIX."contrat as c,".MAIN_DB_PREFIX."contratdet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_contrat = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_valid'; diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index 8c321b1386d..dc8d95ef42f 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -517,10 +517,10 @@ if (empty($reshook)) { $db->begin(); if (empty($newcu)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; } else { $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX."societe_account"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! } $resql = $db->query($sql); @@ -542,7 +542,7 @@ if (empty($reshook)) { } else { $sql = 'UPDATE '.MAIN_DB_PREFIX."societe_account"; $sql .= " SET key_account = '".$db->escape(GETPOST('key_account', 'alpha'))."', site_account = '".$db->escape($site_account)."'"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! $resql = $db->query($sql); } } @@ -761,7 +761,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print ' ('.$langs->trans("WrongCustomerCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -823,7 +823,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print ' ('.$langs->trans("WrongSupplierCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); diff --git a/htdocs/societe/societecontact.php b/htdocs/societe/societecontact.php index c37f61e4fe2..2a6dd2176df 100644 --- a/htdocs/societe/societecontact.php +++ b/htdocs/societe/societecontact.php @@ -227,7 +227,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " t.libelle as type, t.subscription"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent as d"; $sql .= ", ".MAIN_DB_PREFIX."adherent_type as t"; - $sql .= " WHERE d.fk_soc = ".$id; + $sql .= " WHERE d.fk_soc = ".((int) $id); $sql .= " AND d.fk_adherent_type = t.rowid"; dol_syslog("get list sql=".$sql); diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index ecd506e2cb4..0320a663ea8 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1541,13 +1541,13 @@ class SupplierProposal extends CommonObject $remise = trim($remise) ?trim($remise) : 0; if (!empty($user->rights->supplier_proposal->creer)) { - $remise = price2num($remise); + $remise = price2num($remise, 2); - $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".$remise; + $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".((float) $remise); $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; if ($this->db->query($sql)) { - $this->remise_percent = $remise; + $this->remise_percent = ((float) $remise); $this->update_price(1); return 1; } else { @@ -1569,13 +1569,15 @@ class SupplierProposal extends CommonObject public function set_remise_absolue($user, $remise) { // phpcs:enable - $remise = trim($remise) ?trim($remise) : 0; + if (empty($remise)) { + $remise = 0; + } + + $remise = price2num($remise); if (!empty($user->rights->supplier_proposal->creer)) { - $remise = price2num($remise); - $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal "; - $sql .= " SET remise_absolue = ".$remise; + $sql .= " SET remise_absolue = ".((float) $remise); $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; if ($this->db->query($sql)) { @@ -1608,7 +1610,7 @@ class SupplierProposal extends CommonObject $error = 0; $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; - $sql .= " SET fk_statut = ".$this->statut.","; + $sql .= " SET fk_statut = ".((int) $this->statut).","; if (!empty($note)) { $sql .= " note_private = '".$this->db->escape($note)."',"; } @@ -1669,7 +1671,7 @@ class SupplierProposal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; - $sql .= " SET fk_statut = ".$status.", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; + $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; $sql .= " WHERE rowid = ".$this->id; $resql = $this->db->query($sql); @@ -1775,7 +1777,7 @@ class SupplierProposal extends CommonObject $price = price2num($product->subprice * $product->qty, 'MU'); $unitPrice = price2num($product->subprice, 'MU'); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$product->ref_fourn.'", ' : '').' price ='.$price.', unitprice ='.$unitPrice.' WHERE rowid = '.$idProductFournPrice; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$this->db->escape($product->ref_fourn).'", ' : '').' price ='.((float) $price).', unitprice ='.((float) $unitPrice).' WHERE rowid = '.((int) $idProductFournPrice); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/takepos/receipt.php b/htdocs/takepos/receipt.php index dd895eb4265..e9d721a44e3 100644 --- a/htdocs/takepos/receipt.php +++ b/htdocs/takepos/receipt.php @@ -260,7 +260,7 @@ if ($conf->global->TAKEPOS_PRINT_PAYMENT_METHOD) { $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$facid; + $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $facid); $sql .= " ORDER BY p.datep"; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/theme/eldy/btn.inc.php b/htdocs/theme/eldy/btn.inc.php index d5d21a0d439..3e3ab1d3b01 100644 --- a/htdocs/theme/eldy/btn.inc.php +++ b/htdocs/theme/eldy/btn.inc.php @@ -72,7 +72,7 @@ span.butAction, span.butActionDelete { border-radius: 3px; } .butActionRefused:last-child, .butAction:last-child, .butActionDelete:last-child { - margin-right: 0px !important; + margin-: 0px !important; } .butActionRefused, .butAction, .butAction:link, .butAction:visited, .butAction:hover, .butAction:active, .butActionDelete, .butActionDelete:link, .butActionDelete:visited, .butActionDelete:hover, .butActionDelete:active { text-decoration: none; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index fc3addd6742..5500de16650 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -21,6 +21,7 @@ --colorbacklinepairchecked: rgb(); --colorbacklinebreak: rgb(); --colorbackbody: rgb(); + --colorbackmobilemenu: #f8f8f8; --colortexttitlenotab: rgb(); --colortexttitlenotab2: rgb(); --colortexttitle: rgba(, 0.9); @@ -45,6 +46,8 @@ --amountremaintopaycolor:#880000; --amountpaymentcomplete:#008800; --amountremaintopaybackcolor:none; + --productlinestockod: #002200; + --productlinestocktoolow: #884400; } global->THEME_DARKMODEENABLED)) { --colorbackhmenu1: #1d1e20; --colorbackvmenu1: #2b2c2e; --colorbacktitle1: #2b2d2f; - --colorbacktabcard1: #38393d; + --colorbacktabcard1: #1d1e20; /* Must be same than colorbackbody */ --colorbacktabactive: rgb(220,220,220); --colorbacklineimpair1: #38393d; --colorbacklineimpair2: #2b2d2f; @@ -66,6 +69,7 @@ if (!empty($conf->global->THEME_DARKMODEENABLED)) { --colorbacklinepairhover: #2b2d2f; --colorbacklinepairchecked: #0e5ccd; --colorbackbody: #1d1e20; + --colorbackmobilemenu: #080808; --tooltipbgcolor: #2b2d2f; --colortexttitlenotab: rgb(220,220,220); --colortexttitlenotab2: rgb(220,220,220); @@ -89,7 +93,11 @@ if (!empty($conf->global->THEME_DARKMODEENABLED)) { --amountremaintopaycolor:rgb(252,84,91); --amountpaymentcomplete:rgb(101,184,77); --amountremaintopaybackcolor:rbg(245,130,46); - }\n"; + } + + body, button { + color: #bbb; + }\n"; if ($conf->global->THEME_DARKMODEENABLED != 2) { print "}\n"; } @@ -719,6 +727,9 @@ textarea.centpercent { .paddingright2 { padding-: 2px; } +.paddingright2imp { + padding-: 2px !important; +} .paddingtop { padding-top: 4px; } @@ -1827,7 +1838,7 @@ div.vmenu, td.vmenu { div.fiche { - margin-: dol_optimize_smallscreen) ? '32' : '6')); ?>px; + margin-: dol_optimize_smallscreen) ? '34' : '6')); ?>px; margin-: dol_optimize_smallscreen) ? '30' : '6')); ?>px; global->THEME_DARKMODEENABLED)) { ?> + color: #000; + } div.pagination li.pagination span.inactive { cursor: default; @@ -4271,8 +4284,8 @@ div.boximport { min-height: unset; } -.product_line_stock_ok { color: #002200; } -.product_line_stock_too_low { color: #884400; } +.product_line_stock_ok { color: var(--productlinestockok); } +.product_line_stock_too_low { color: var(--productlinestocktoolow); } .fieldrequired { font-weight: bold; color: var(--fieldrequiredcolor) !important; } @@ -6073,7 +6086,7 @@ li.ui-li-divider .ui-link { color: #FFF !important; } .ui-btn { - margin: 0.1em 2px + margin: 0 2px; } a.ui-link, a.ui-link:hover, .ui-btn:hover, span.ui-btn-text:hover, span.ui-btn-inner:hover { text-decoration: none !important; @@ -6227,7 +6240,7 @@ ul.ulmenu { } .alilevel0 { color: var(--colortexttitle) !important; - background: #f8f8f8 + background: var(--colorbackmobilemenu); } .ulmenu { box-shadow: none !important; diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index 98bcccd4ca1..e6f3f21050c 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -186,7 +186,7 @@ if (empty($reshook)) { $notifyTiers = GETPOST("notify_tiers_at_create", 'alpha'); $object->notify_tiers_at_create = empty($notifyTiers) ? 0 : 1; - $object->fk_project = GETPOST('projectid', 'int'); + $object->fk_project = $projectid; $id = $object->create($user); if ($id <= 0) { @@ -205,9 +205,9 @@ if (empty($reshook)) { $result = $object->add_contact($contactid, $typeid, 'external'); } - // altairis: link ticket to project - if (GETPOST('projectid') > 0) { - $object->setProject(GETPOST('projectid')); + // Link ticket to project + if ($projectid > 0) { + $object->setProject($projectid); } // Auto assign user @@ -236,7 +236,7 @@ if (empty($reshook)) { if ($conf->global->TICKET_AUTO_CREATE_FICHINTER_CREATE) { $fichinter = new Fichinter($db); $fichinter->socid = $object->fk_soc; - $fichinter->fk_project = GETPOST('projectid', 'int'); + $fichinter->fk_project = $projectid; $fichinter->fk_contrat = $contractid; $fichinter->author = $user->id; $fichinter->model_pdf = 'soleil'; @@ -534,7 +534,7 @@ if (empty($reshook)) { } elseif ($action == 'classin' && $user->rights->ticket->write) { // Categorisation dans projet if ($object->fetch(GETPOST('id', 'int'), '', GETPOST('track_id', 'alpha')) >= 0) { - $object->setProject(GETPOST('projectid', 'int')); + $object->setProject($projectid); $url = 'card.php?action=view&track_id='.$object->track_id; header("Location: ".$url); exit(); @@ -778,7 +778,7 @@ if ($action == 'create' || $action == 'presend') { } // project info - if ($projectid) { + if ($projectid > 0) { $projectstat = new Project($db); if ($projectstat->fetch($projectid) > 0) { $projectstat->fetch_thirdparty(); diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 93806bb86aa..1d77e323c10 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -568,7 +568,7 @@ class Ticket extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; if ($id) { - $sql .= " WHERE t.rowid = ".$this->db->escape($id); + $sql .= " WHERE t.rowid = ".((int) $id); } else { $sql .= " WHERE t.entity IN (".getEntity($this->element, 1).")"; if (!empty($ref)) { @@ -1982,8 +1982,8 @@ class Ticket extends CommonObject * Link element with a project * Override core function because of key name 'fk_project' used for this module * - * @param int $projectid Project id to link element to - * @return int <0 if KO, >0 if OK + * @param int $projectid Project id to link element to + * @return int <0 if KO, >0 if OK */ public function setProject($projectid) { @@ -1994,16 +1994,15 @@ class Ticket extends CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; if ($projectid) { - $sql .= ' SET fk_project = '.$projectid; + $sql .= ' SET fk_project = '.((int) $projectid); } else { $sql .= ' SET fk_project = NULL'; } - - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this)."::setProject sql=".$sql); if ($this->db->query($sql)) { - $this->fk_project = $projectid; + $this->fk_project = ((int) $projectid); return 1; } else { dol_print_error($this->db); diff --git a/htdocs/ticket/class/ticketstats.class.php b/htdocs/ticket/class/ticketstats.class.php index 51449c6b233..2bcd0fe89fc 100644 --- a/htdocs/ticket/class/ticketstats.class.php +++ b/htdocs/ticket/class/ticketstats.class.php @@ -98,7 +98,7 @@ class TicketStats extends Stats { $sql = "SELECT MONTH(datec) as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(datec) = ".$year; + $sql .= " WHERE YEAR(datec) = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index c1224285c7c..b3303492417 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -871,7 +871,7 @@ class User extends CommonObject $nid = $obj->id; $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights"; - $sql .= " WHERE fk_user = ".$this->id." AND fk_id=".$nid; + $sql .= " WHERE fk_user = ".$this->id." AND fk_id = ".((int) $nid); $sql .= " AND entity = ".$entity; if (!$this->db->query($sql)) { $error++; @@ -1110,16 +1110,14 @@ class User extends CommonObject // Check parameters if ($this->statut == $status) { return 0; - } else { - $this->statut = $status; } $this->db->begin(); // Save in database $sql = "UPDATE ".MAIN_DB_PREFIX."user"; - $sql .= " SET statut = ".$this->statut; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET statut = ".((int) $status); + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); dol_syslog(get_class($this)."::setstatus", LOG_DEBUG); @@ -1136,6 +1134,8 @@ class User extends CommonObject $this->db->rollback(); return -$error; } else { + $this->status = $status; + $this->statut = $status; $this->db->commit(); return 1; } @@ -1199,7 +1199,7 @@ class User extends CommonObject // If contact, remove link if ($this->contact_id > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET fk_user_creat = null WHERE rowid = ".$this->contact_id; + $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET fk_user_creat = null WHERE rowid = ".((int) $this->contact_id); if (!$error && !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -1737,7 +1737,7 @@ class User extends CommonObject // If user is linked to a member, remove old link to this member if ($this->fk_member > 0) { dol_syslog(get_class($this)."::update remove link with member. We will recreate it later", LOG_DEBUG); - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL where fk_member = ".$this->fk_member; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL where fk_member = ".((int) $this->fk_member); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->error(); $this->db->rollback(); return -5; @@ -1745,7 +1745,7 @@ class User extends CommonObject } // Set link to user dol_syslog(get_class($this)."::update set link with member", LOG_DEBUG); - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member =".($this->fk_member > 0 ? $this->fk_member : 'null')." where rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member =".($this->fk_member > 0 ? ((int) $this->fk_member) : 'null')." where rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->error(); $this->db->rollback(); return -5; diff --git a/htdocs/variants/class/ProductAttribute.class.php b/htdocs/variants/class/ProductAttribute.class.php index a4e9f92eb10..1e7f44bb936 100644 --- a/htdocs/variants/class/ProductAttribute.class.php +++ b/htdocs/variants/class/ProductAttribute.class.php @@ -319,7 +319,7 @@ class ProductAttribute extends CommonObject $newrang = $this->rang + 1; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_attribute SET rang = '.$this->rang.' WHERE rang = '.$newrang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_attribute SET rang = '.((int) $this->rang).' WHERE rang = '.((int) $newrang); if (!$this->db->query($sql)) { $this->db->rollback(); diff --git a/htdocs/webservices/server_contact.php b/htdocs/webservices/server_contact.php index 9f57a445cc3..a28371443d5 100644 --- a/htdocs/webservices/server_contact.php +++ b/htdocs/webservices/server_contact.php @@ -503,7 +503,7 @@ function getContactsForThirdParty($authentication, $idthirdparty) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d ON c.fk_departement = d.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON c.rowid = u.fk_socpeople"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid"; - $sql .= " WHERE c.fk_soc = ".$idthirdparty; + $sql .= " WHERE c.fk_soc = ".((int) $idthirdparty); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/webservices/server_productorservice.php b/htdocs/webservices/server_productorservice.php index 259f3ec67fe..95b7246d021 100644 --- a/htdocs/webservices/server_productorservice.php +++ b/htdocs/webservices/server_productorservice.php @@ -1006,7 +1006,7 @@ function getProductsForCategory($authentication, $id, $lang = '') $table = "product"; $field = "product"; $sql = "SELECT fk_".$field." FROM ".MAIN_DB_PREFIX."categorie_".$table; - $sql .= " WHERE fk_categorie = ".$id; + $sql .= " WHERE fk_categorie = ".((int) $id); $sql .= " ORDER BY fk_".$field." ASC"; diff --git a/htdocs/webservices/server_supplier_invoice.php b/htdocs/webservices/server_supplier_invoice.php index 122d4b10694..2a17ea15265 100644 --- a/htdocs/webservices/server_supplier_invoice.php +++ b/htdocs/webservices/server_supplier_invoice.php @@ -324,7 +324,6 @@ function getSupplierInvoice($authentication, $id = '', $ref = '', $ref_ext = '') * @param array $authentication Array of authentication information * @param int $idthirdparty Id thirdparty * @return array Array result - * */ function getSupplierInvoicesForThirdParty($authentication, $idthirdparty) { diff --git a/htdocs/webservices/server_thirdparty.php b/htdocs/webservices/server_thirdparty.php index 60b28ad06d0..19ff0100d6d 100644 --- a/htdocs/webservices/server_thirdparty.php +++ b/htdocs/webservices/server_thirdparty.php @@ -304,13 +304,15 @@ function getThirdParty($authentication, $id = '', $ref = '', $ref_ext = '') // Init and check authentication $objectresp = array(); - $errorcode = ''; $errorlabel = ''; + $errorcode = ''; + $errorlabel = ''; $error = 0; $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel); // Check parameters if (!$error && (($id && $ref) || ($id && $ref_ext) || ($ref && $ref_ext))) { $error++; - $errorcode = 'BAD_PARAMETERS'; $errorlabel = "Parameter id, ref and ref_ext can't be both provided. You must choose one or other but not both."; + $errorcode = 'BAD_PARAMETERS'; + $errorlabel = "Parameter id, ref and ref_ext can't be both provided. You must choose one or other but not both."; } if (!$error) { @@ -380,6 +382,9 @@ function getThirdParty($authentication, $id = '', $ref = '', $ref_ext = '') $objectresp = array( 'result'=>array('result_code'=>'OK', 'result_label'=>''), 'thirdparty'=>$thirdparty_result_fields); + } elseif ($result == -2) { + $error++; + $errorcode = 'DUPLICATE_FOUND'; $errorlabel = 'Object found several times for id='.$id.' or ref='.$ref.' or ref_ext='.$ref_ext; } else { $error++; $errorcode = 'NOT_FOUND'; $errorlabel = 'Object not found for id='.$id.' nor ref='.$ref.' nor ref_ext='.$ref_ext; diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 27ede3cd0ef..80d31f0024d 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -1281,7 +1281,7 @@ class Website extends CommonObject $objectpagestatic = new WebsitePage($this->db); - $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'website_page WHERE fk_website = '.$this->id; + $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'website_page WHERE fk_website = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1414,10 +1414,10 @@ class Website extends CommonObject $sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page"; $sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp"; - $sql .= " WHERE wp.fk_website = ".$website->id; + $sql .= " WHERE wp.fk_website = ".((int) $website->id); $sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid); if ($tmppage->fk_page > 0) { - $sql .= " OR wp.fk_page = ".$tmppage->fk_page." OR wp.rowid = ".$tmppage->fk_page; + $sql .= " OR wp.fk_page = ".((int) $tmppage->fk_page)." OR wp.rowid = ".((int) $tmppage->fk_page); } $sql .= ")"; diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index 3dbdb353a3e..32c8c0b8688 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -407,7 +407,7 @@ class WebsitePage extends CommonObject $sql .= " t.object_type,"; $sql .= " t.fk_object"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.fk_website = '.$websiteid; + $sql .= ' WHERE t.fk_website = '.((int) $websiteid); // Manage filter (same than into countAll) $sqlwhere = array(); if (count($filter) > 0) { @@ -509,7 +509,7 @@ class WebsitePage extends CommonObject $sql = 'SELECT COUNT(t.rowid) as nb'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.fk_website = '.$websiteid; + $sql .= ' WHERE t.fk_website = '.((int) $websiteid); // Manage filter (same than into fetchAll) $sqlwhere = array(); if (count($filter) > 0) { diff --git a/htdocs/zapier/admin/about.php b/htdocs/zapier/admin/about.php index 27f281d549c..b7e2936fc41 100644 --- a/htdocs/zapier/admin/about.php +++ b/htdocs/zapier/admin/about.php @@ -2,6 +2,9 @@ /* Copyright (C) 2004-2017 Laurent Destailleur * Copyright (C) 2019 Frédéric FRANCE * + * + * LICENSE ================================================================= + * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or @@ -13,7 +16,8 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . + * along with this program. If not, see . + * */ /** diff --git a/htdocs/zapier/class/hook.class.php b/htdocs/zapier/class/hook.class.php index 92066e496e2..5197296f659 100644 --- a/htdocs/zapier/class/hook.class.php +++ b/htdocs/zapier/class/hook.class.php @@ -416,13 +416,13 @@ class Hook extends CommonObject $sql .= ' t.rowid'; // TODO Get all fields $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.entity = '.$conf->entity; + $sql .= ' WHERE t.entity = '.((int) $conf->entity); // Manage filter $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key.' = '.((int) $value); } elseif (strpos($key, 'date') !== false) { $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; } elseif ($key == 'customsql') { diff --git a/scripts/clicktodial/ekiga.sh b/scripts/clicktodial/ekiga.sh index 09331c24350..4fce22f63cb 100755 --- a/scripts/clicktodial/ekiga.sh +++ b/scripts/clicktodial/ekiga.sh @@ -2,8 +2,8 @@ #--------------------------------------------------------- # Script to launch Ekiga softphone. # This script can be used to setup a ClickToDial system -# when using Ekiga soft phone. -# More information on http://wiki.dolibarr.org/index.php/Module_ClickToDial_En +# when using Ekiga soft phone with Dolibarr. +# More information on https://wiki.dolibarr.org/index.php/Module_ClickToDial_En #--------------------------------------------------------- ekiga -c $1 & diff --git a/scripts/clicktodial/linphone.sh b/scripts/clicktodial/linphone.sh index 97c3bcb18d7..ee013526c69 100755 --- a/scripts/clicktodial/linphone.sh +++ b/scripts/clicktodial/linphone.sh @@ -1,9 +1,11 @@ #!/bin/bash #--------------------------------------------------------- # Script to launch LinPhone softphone. +# # This script can be used to setup a ClickToDial system -# when using LinPhone soft phone. -# More information on http://wiki.dolibarr.org/index.php/Module_ClickToDial_En +# when using LinPhone soft phone with Dolibarr. +# +# More information on https://wiki.dolibarr.org/index.php/Module_ClickToDial_En #--------------------------------------------------------- # Note: Adding handler into gconf-tools seems to do nothing diff --git a/test/phpunit/InventoryTest.php b/test/phpunit/InventoryTest.php new file mode 100644 index 00000000000..ad2b19aebd3 --- /dev/null +++ b/test/phpunit/InventoryTest.php @@ -0,0 +1,382 @@ + + * Copyright (C) 2018 Frédéric France + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file test/phpunit/InventoryTest.php + * \ingroup test + * \brief PHPUnit test + * \remarks To run this script as CLI: phpunit filename.php + */ + +global $conf,$user,$langs,$db; +//define('TEST_DB_FORCE_TYPE','mysql'); // This is to force using mysql driver +//require_once 'PHPUnit/Autoload.php'; +require_once dirname(__FILE__).'/../../htdocs/master.inc.php'; +require_once dirname(__FILE__).'/../../htdocs/product/inventory/class/inventory.class.php'; + +if (empty($user->id)) { + print "Load permissions for admin user nb 1\n"; + $user->fetch(1); + $user->getrights(); +} +$conf->global->MAIN_DISABLE_ALL_MAILS=1; + + +/** + * Class for PHPUnit tests + * + * @backupGlobals disabled + * @backupStaticAttributes enabled + * @remarks backupGlobals must be disabled to have db,conf,user and lang not erased. + */ +class InventoryTest extends PHPUnit\Framework\TestCase +{ + protected $savconf; + protected $savuser; + protected $savlangs; + protected $savdb; + + /** + * Constructor + * We save global variables into local variables + * + * @return InventoryTest + */ + public function __construct() + { + parent::__construct(); + + //$this->sharedFixture + global $conf,$user,$langs,$db; + $this->savconf=$conf; + $this->savuser=$user; + $this->savlangs=$langs; + $this->savdb=$db; + + print __METHOD__." db->type=".$db->type." user->id=".$user->id; + //print " - db ".$db->db; + print "\n"; + } + + /** + * setUpBeforeClass + * + * @return void + */ + public static function setUpBeforeClass() + { + global $conf,$user,$langs,$db; + + $db->begin(); // This is to have all actions inside a transaction even if test launched without suite. + + print __METHOD__."\n"; + } + + /** + * tearDownAfterClass + * + * @return void + */ + public static function tearDownAfterClass() + { + global $conf,$user,$langs,$db; + $db->rollback(); + + print __METHOD__."\n"; + } + + /** + * Init phpunit tests + * + * @return void + */ + protected function setUp() + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + print __METHOD__."\n"; + } + + /** + * End phpunit tests + * + * @return void + */ + protected function tearDown() + { + print __METHOD__."\n"; + } + + /** + * testInventoryCreate + * + * @return int + */ + public function testInventoryCreate() + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject=new Inventory($db); + $localobject->initAsSpecimen(); + $result=$localobject->create($user); + $this->assertLessThan($result, 0); + print __METHOD__." result=".$result."\n"; + return $result; + } + + /** + * testInventoryFetch + * + * @param int $id Id invoice + * @return int + * + * @depends testInventoryCreate + * The depends says test is run only if previous is ok + */ + public function testInventoryFetch($id) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject=new Inventory($this->savdb); + $result=$localobject->fetch($id); + + $this->assertLessThan($result, 0); + print __METHOD__." id=".$id." result=".$result."\n"; + return $localobject; + } + + /** + * testInventoryUpdate + * + * @param Inventory $localobject Invoice + * @return int + * + * @depends testInventoryFetch + * The depends says test is run only if previous is ok + */ + public function testInventoryUpdate($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject->status = 9; + $localobject->title = 'test'; + $result=$localobject->update($user, $user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + $this->assertLessThan($result, 0); + return $localobject; + } + + + /** + * testInventoryValidate + * + * @param Inventory $localobject Invoice + * @return void + * + * @depends testInventoryUpdate + * The depends says test is run only if previous is ok + */ + public function testInventoryValidate($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=$localobject->validate($user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + + $this->assertLessThan($result, 0); + $this->assertEquals($localobject->status, '1'); + return $localobject; + } + + /** + * testInventorySetDraft + * + * @param Inventory $localobject Invoice + * @return void + * + * @depends testInventoryValidate + * The depends says test is run only if previous is ok + */ + public function testInventorySetDraft($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=$localobject->setDraft($user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + + $this->assertLessThan($result, 0); + $this->assertEquals($localobject->status, '0'); + return $localobject; + } + + /** + * testInventorySetRecorded + * + * @param Inventory $localobject Invoice + * @return void + * + * @depends testInventorySetDraft + * The depends says test is run only if previous is ok + */ + public function testInventorySetRecorded($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=$localobject->setRecorded($user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + + $this->assertLessThan($result, 0); + $this->assertEquals($localobject->status, '2'); + return $localobject; + } + + /** + * testInventorySetCanceled + * + * @param Inventory $localobject Invoice + * @return void + * + * @depends testInventorySetRecorded + * The depends says test is run only if previous is ok + */ + public function testInventorySetCanceled($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=$localobject->setCanceled($user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + + $this->assertLessThan($result, 0); + $this->assertEquals($localobject->status, '9'); + return $localobject; + } + + /** + * testInventoryOther + * + * @param Inventory $localobject Invoice + * @return int + * @depends testInventorySetRecorded + * The depends says test is run only if previous is ok + */ + public function testInventoryOther($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject->info($localobject->id); + print __METHOD__." localobject->date_creation=".$localobject->date_creation."\n"; + $this->assertNotEquals($localobject->date_creation, ''); + return $localobject->id; + } + + /** + * testInventoryDelete + * + * @param int $id Id of invoice + * @return int + * @depends testInventoryOther + * The depends says test is run only if previous is ok + */ + public function testInventoryDelete($id) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject=new Inventory($this->savdb); + $result=$localobject->fetch($id); + $result=$localobject->delete($user); + print __METHOD__." id=".$id." result=".$result."\n"; + $this->assertLessThan($result, 0); + + return $result; + } + + /** + * Compare all public properties values of 2 objects + * + * @param Object $oA Object operand 1 + * @param Object $oB Object operand 2 + * @param boolean $ignoretype False will not report diff if type of value differs + * @param array $fieldstoignorearray Array of fields to ignore in diff + * @return array Array with differences + */ + public function objCompare($oA, $oB, $ignoretype = true, $fieldstoignorearray = array('id')) + { + $retAr=array(); + + if (get_class($oA) !== get_class($oB)) { + $retAr[]="Supplied objects are not of same class."; + } else { + $oVarsA=get_object_vars($oA); + $oVarsB=get_object_vars($oB); + $aKeys=array_keys($oVarsA); + foreach ($aKeys as $sKey) { + if (in_array($sKey, $fieldstoignorearray)) { + continue; + } + if (! $ignoretype && ($oVarsA[$sKey] !== $oVarsB[$sKey])) { + $retAr[]=$sKey.' : '.(is_object($oVarsA[$sKey])?get_class($oVarsA[$sKey]):$oVarsA[$sKey]).' <> '.(is_object($oVarsB[$sKey])?get_class($oVarsB[$sKey]):$oVarsB[$sKey]); + } + if ($ignoretype && ($oVarsA[$sKey] != $oVarsB[$sKey])) { + $retAr[]=$sKey.' : '.(is_object($oVarsA[$sKey])?get_class($oVarsA[$sKey]):$oVarsA[$sKey]).' <> '.(is_object($oVarsB[$sKey])?get_class($oVarsB[$sKey]):$oVarsB[$sKey]); + } + } + } + return $retAr; + } +} diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 616558f342a..01cd3343877 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -190,7 +190,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $this->assertGreaterThanOrEqual(0, $result, 'Error on testSqlAndScriptInject kkk'); */ - $_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices'; + $_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php'; $result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2); $this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for PHP_SELF that should be ok'); @@ -201,7 +201,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase // Should detect XSS $expectedresult=1; - $_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices;badaction'; + $_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php/'; $result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2); $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject for PHP_SELF that should detect XSS');
'; @@ -379,7 +580,6 @@ print ''; - foreach ($listofdata as $key => $val) { $productstatic->fetch($val['id_product']); $warehousestatics->fetch($val['id_sw']); @@ -402,7 +602,6 @@ foreach ($listofdata as $key => $val) { } print ''.$val['qty'].''.img_delete($langs->trans("Remove")).'
'.$langs->trans("Type").''.$act->type.'
'.$langs->trans("Type").''; + print $act->getTypePicto(); + print $langs->trans("Action".$act->type_code); + print '
'.$langs->trans("AlreadyPaid").''.price($sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).'
'.$langs->trans("RemainderToPay").''.price($total-$sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).'
'; +print '
'; +print $form->selectDate($search_dateep_start ? $search_dateep_start : -1, 'search_dateep_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); +print '
'; +print '
'; +print $form->selectDate($search_dateep_end ? $search_dateep_end : -1, 'search_dateep_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); +print '
'; +print '		'; print '
'; @@ -318,8 +335,8 @@ print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_e print '
'; print '		'; -print ''; +print ''; print ''; @@ -366,8 +383,9 @@ print '
".dol_trunc($obj->label, 40)."'.dol_print_date($db->jdate($obj->dateep), 'day')."'.dol_print_date($db->jdate($obj->datep), 'day')."'.dol_print_date($db->jdate($obj->datev), 'day')."'.dol_print_date($db->jdate($obj->datev), 'day')."".$userstatic->getNomUrl(1)."