diff --git a/COPYRIGHT b/COPYRIGHT index 83d054d63be..8c8a1f56355 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -33,6 +33,7 @@ PEAR Mail_MIME 1.8.9 BSD Yes ParseDown 1.6 MIT License Yes Markdown parser PCLZip 2.8.4 LGPL-3+ Yes Library to zip/unzip files PHPDebugBar 1.15.1 MIT License Yes Used only by the module "debugbar" for developers +PHP-Imap 2.7.2 MIT License Yes Library to use IMAP with OAuth PHPSpreadSheet 1.8.2 LGPL-2.1+ Yes Read/Write XLS files, read ODS files php-iban 4.1 LGPL-3+ Yes Parse and validate IBAN (and IIBAN) bank account information in PHP PHPoAuthLib 0.8.2 MIT License Yes Library to provide oauth1 and oauth2 to different service diff --git a/ChangeLog b/ChangeLog index 9a5513031e9..7a87f3fbc2d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -59,66 +59,60 @@ NEW: Add margin info in proposal and order list NEW: Add massaction "Edit Extrafield" for Product NEW: Add more fields to detect duplicate during import of thirdparties NEW: Add option to foce delivery on email for purchase order receipt to yes -NEW: Add param boder table for md theme +NEW: Add param border table for md theme NEW: Add param color button action NEW: Add possibility to create contract from invoice NEW: Add possibility with constant MAIN_LOGIN_BADCHARUNAUTHORIZED to define bad character unauthorized into login name NEW: Add private and public notes on tax files. -NEW: Add status "Obsolete" to KM articles NEW: Add substitutions "user numbers" NEW: allow a ticket to be automatically marked as read when created from backend. NEW: allow cut&paste as real numeric value to excel NEW: A public form to send a message and create a lead is available NEW: automatically set totally received status in reception NEW: Auto set invoice paid when adding credit not and remain to pay is 0 -NEW: Availibility dictionnary has a new column unit and number NEW: Can change value of AWP during the inventory NEW: Can enter price with tax for predefined products on purchase objects NEW: Can filter on a thirdparty on product statistics NEW: Can removed doc templates from setup page of thirdparty -NEW: Can set the parent company during the creation of thirdparty (action=add of societe/card.php) NEW: Can use ! to make a search that exclude a string NEW: Change in theme colors does not need to use the refresh button NEW: clean values and amount in FEC import NEW: const MAIL_MASS_ACTION_ADD_LAST_IF_MAIN_DOC_NOT_FOUND for mailing mass action NEW: Contact filter project list NEW: Create contract from invoice -NEW: create third-party with contact if not found on public ticket +NEW: Database: Can store the session into database (instead of beeing managed by PHP) +NEW: Database: Some core tables are created only at module activation NEW: Default value for MAIN_SECURITY_CSRF_WITH_TOKEN is now 2 (GET are also protected agains CSRF attacks) NEW: deposit payment terms: add field into dictionary admin page to define default percentage of deposit. NEW: Dictionaries - add possibility to manage countries in EEC +NEW: Dictionaries - Availibility dictionnary has a new column unit and number NEW: Display errors in a message box after generating documents -NEW: Display physical and virtual stock of the products when creating OF from a BOM -NEW: Display product ref in "Object link" product tab for BOM NEW: Enhance the import. Can use 'auto' for the ref (import of orders) NEW: Events on Proposal to Return to Draft NEW: Page to list expense report payments NEW: JS inventory autocalc input NEW: language support for more emailing target selectors NEW: leave requests: add field into type dictionary to block request if balance is negative -NEW: MAIN_MAIL_AUTOCOPY_TO can accept several email and special keys -NEW: MAIN_SEARCH_CAT_OR_BY_DEFAULT const for search by category NEW: Mass action "Close shipments" NEW: Module BOM - Add tabs for nets Bom NEW: Module BOM - Add the possibility to add sub-BOMs to BOM -NEW: Module Recruitment - Add a public page with all list of open job positions. +NEW: Module Recruitment - Add a public page with list of all open job positions. NEW: Module Recruitment - Add a tab with list of application on the jobposition file. -NEW: Module Website - supports now the multicompany module NEW: More mode for THEME_TOPMENU_DISABLE_IMAGE (2, 3, ...) NEW: Add option to move checkbox column as first column on Thirdparty list (only few screens) -NEW: on redirect of page in website module, GET parameters are kept. -NEW: optional display warning icons on ticket list NEW: payment conditions enabling semi-automatic deposit creation (Issue #18439) NEW: possibility to consume multiple batch NEW: Reverse movement product consumption NEW: Send email to the supplier order contact NEW: add permission to report time on timesheet -NEW: SEPA XML - option to place payment Type Info at Credit transfer Transaction level -NEW: Some core tables are created only at module activation +NEW: Knowledge Management - Add status "Obsolete" to KM articles NEW: MRP - split consumption line on MO +NEW: MRP - Display physical and virtual stock of the products when creating OF from a BOM +NEW: MRP - Display product ref in "Object link" product tab for BOM NEW: Proposals - option update prices on proposal cloning -NEW: stock filter in reassort lists -NEW: stock limit in stock export CSV +NEW: SEPA XML - option to place payment Type Info at Credit transfer Transaction level +NEW: Stocks - stock filter in reassort lists +NEW: Stocks - stock limit in stock export CSV NEW: Supplier order - Show ref supplier of reception in linked object block NEW: support user_modif in order NEW: Surveys - Show number of votes into the label of tab "Results" of a survey @@ -128,20 +122,24 @@ NEW: TakePOS - show product reference NEW: TakePOS - add constant to hide categories NEW: TakePOS - add constant to show category description NEW: TakePOS - add constant to show only the products in stock +NEW: Third-Parties - Add rules "customer accountancy code" is mandatory to validate invoice +NEW: Third-Parties - Can set the parent company during the creation of thirdparty (action=add of societe/card.php) +NEW: Tickets - create Third-party with contact if not found on public ticket NEW: Tickets - option to default check "notify tier at creation" NEW: Tickets - Trigger: allow to automatically send messages on new tickets +NEW: Tickets - optional display warning icons on ticket list +NEW: Websites Module - supports now the multicompany module +NEW: Websites Module - on redirect of page in website module, GET parameters are kept. NEW: The backup tools has an "lowmemory" option for mysqldump on large database NEW: The 'reposition' class works on ajax constantonoff that make redirects -NEW: Thirdparty - Add rules "customer accountancy code" is mandatory to validate invoice NEW: thumbnail field in product list NEW: total mark rate in list NEW: uncheck "send message" by default on a ticket when private messages has been checked NEW: VAT Report by month - Show detail by rate and also by code -NEW: Can store the session into database (instead of beeing managed by PHP) NEW: Added MMK currency (Myanmar Kyat) NEW: On a form to send an email, we show all emails of contacts of object - Modules + Modules state NEW: Module Partnership Management NEW: Module Event Organization Management @@ -164,7 +162,7 @@ NEW: Creation of the function select_bom() used to display bom select list NEW: Add trigger and event on completely received status change NEW: Add utility function send backup by mail NEW: add WordPress OAuth to save a token (not SSO) -NEW: A module can embed a sql script run at each Dolibarr upgrade +NEW: A module can embed a SQL script run at each Dolibarr upgrade NEW: Add param to keep the robot=index meta tag on public pages NEW: Add method hintindex() in database handlers. NEW: add modifications for new function "$db->prefix()" @@ -209,9 +207,11 @@ NEW: TakePOS - add hook doaction in TakePOS invoice Config Options: NEW: Add hidden option on contract PDF line to hide qty and price -NEW: Option INVOICEREC_SET_AUTOFILL_DATE_START/END -NEW: Option MAIL_MASS_ACTION_ADD_LAST_IF_MAIN_DOC_NOT_FOUND to send last document in mass mailing action - +NEW: Option MAIL_MASS_ACTION_ADD_LAST_IF_MAIN_DOC_NOT_FOUND to send last document in mass mailing action +NEW: Option MAIN_API_DEBUG to save API logs into a file +NEW: Option MAIN_MAIL_AUTOCOPY_TO can accept several email and special keys +NEW: Option MAIN_SEARCH_CAT_OR_BY_DEFAULT const for search by category +NEW: Option INVOICEREC_SET_AUTOFILL_DATE_START/END WARNING: diff --git a/htdocs/accountancy/journal/variousjournal.php b/htdocs/accountancy/journal/variousjournal.php index 874559751d6..b56271850e5 100644 --- a/htdocs/accountancy/journal/variousjournal.php +++ b/htdocs/accountancy/journal/variousjournal.php @@ -52,7 +52,7 @@ if ($result > 0) { } elseif ($result < 0) { dol_print_error('', $object->error, $object->errors); } elseif ($result == 0) { - accessforbidden($langs->trans('ErrorRecordNotFound')); + accessforbidden('ErrorRecordNotFound'); } $hookmanager->initHooks(array('globaljournal', $object->nature.'journal')); diff --git a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php index 696520f79d4..4b0eed154c0 100644 --- a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php +++ b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php @@ -1,6 +1,6 @@ - * Copyright (C) 2012 Philippe Grand + * Copyright (C) 2012-2022 Philippe Grand * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -124,7 +124,7 @@ if (!empty($this->control->tpl['action_delete'])) { if (empty($user->socid)) { echo '
'; - if ($user->rights->adherent->creer) { + if ($user->hasRight('adherent', 'creer')) { echo ''.$langs->trans('Modify').''; } diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 6816023f8de..b9e04015d7d 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -110,10 +110,10 @@ if ($id > 0 || !empty($ref)) { } // Define variables to determine what the current user can do on the members -$canaddmember = $user->rights->adherent->creer; +$canaddmember = $user->hasRight('adherent', 'creer'); // Define variables to determine what the current user can do on the properties of a member if ($id) { - $caneditfieldmember = $user->rights->adherent->creer; + $caneditfieldmember = $user->hasRight('adherent', 'creer'); } // Security check @@ -246,7 +246,7 @@ if (empty($reshook)) { } } - if ($action == 'update' && !$cancel && $user->rights->adherent->creer) { + if ($action == 'update' && !$cancel && $user->hasRight('adherent', 'creer')) { require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $birthdate = ''; @@ -421,7 +421,7 @@ if (empty($reshook)) { } } - if ($action == 'add' && $user->rights->adherent->creer) { + if ($action == 'add' && $user->hasRight('adherent', 'creer')) { if ($canvas) { $object->canvas = $canvas; } @@ -629,7 +629,7 @@ if (empty($reshook)) { } } - if ($user->rights->adherent->creer && $action == 'confirm_valid' && $confirm == 'yes') { + if ($user->hasRight('adherent', 'creer') && $action == 'confirm_valid' && $confirm == 'yes') { $error = 0; $db->begin(); @@ -854,7 +854,7 @@ if (empty($reshook)) { } } - if ($user->rights->adherent->creer && $action == 'confirm_add_spip' && $confirm == 'yes') { + if ($user->hasRight('adherent', 'creer') && $action == 'confirm_add_spip' && $confirm == 'yes') { if (!count($object->errors)) { if (!$mailmanspip->add_to_spip($object)) { setEventMessages($langs->trans('AddIntoSpipError').': '.$mailmanspip->error, null, 'errors'); @@ -867,7 +867,7 @@ if (empty($reshook)) { // Actions to build doc $upload_dir = $conf->adherent->dir_output; - $permissiontoadd = $user->rights->adherent->creer; + $permissiontoadd = $user->hasRight('adherent', 'creer'); include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; // Actions to send emails @@ -1222,7 +1222,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Type print ''.$langs->trans("Type").''; - if ($user->rights->adherent->creer) { + if ($user->hasRight('adherent', 'creer')) { print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid") ? GETPOST("typeid", 'int') : $object->typeid), 0, 0, 0, '', 0, 0, 0, '', '', 1); } else { print $adht->getNomUrl(1); @@ -1820,7 +1820,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Third party Dolibarr if (isModEnabled('societe')) { print ''; - $editenable = $user->rights->adherent->creer; + $editenable = $user->hasRight('adherent', 'creer'); print $form->editfieldkey('LinkedToDolibarrThirdParty', 'thirdparty', '', $object, $editenable); print ''; if ($action == 'editthirdparty') { @@ -1857,7 +1857,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Login Dolibarr - Link to user print ''; - $editenable = $user->rights->adherent->creer && $user->rights->user->user->creer; + $editenable = $user->hasRight('adherent', 'creer') && $user->rights->user->user->creer; print $form->editfieldkey('LinkedToDolibarrUser', 'login', '', $object, $editenable); print ''; if ($action == 'editlogin') { @@ -1901,7 +1901,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Send card by email // TODO Remove this to replace with a template /* - if ($user->rights->adherent->creer) { + if ($user->hasRight('adherent', 'creer')) { if (Adherent::STATUS_VALIDATED == $object->statut) { if ($object->email) print ''.$langs->trans("SendCardByMail")."\n"; else print ''.$langs->trans("SendCardByMail")."\n"; @@ -1913,7 +1913,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { }*/ // Modify - if (!empty($user->rights->adherent->creer)) { + if ($user->hasRight('adherent', 'creer')) { print ''.$langs->trans("Modify").''."\n"; } else { print ''.$langs->trans("Modify").''."\n"; @@ -1921,7 +1921,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Validate if (Adherent::STATUS_DRAFT == $object->statut) { - if ($user->rights->adherent->creer) { + if ($user->hasRight('adherent', 'creer')) { print ''.$langs->trans("Validate").''."\n"; } else { print ''.$langs->trans("Validate").''."\n"; @@ -1930,7 +1930,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Reactivate if (Adherent::STATUS_RESILIATED == $object->statut || Adherent::STATUS_EXCLUDED == $object->statut) { - if ($user->rights->adherent->creer) { + if ($user->hasRight('adherent', 'creer')) { print ''.$langs->trans("Reenable")."\n"; } else { print ''.$langs->trans("Reenable").''."\n"; @@ -2022,7 +2022,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $filedir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member'); $urlsource = $_SERVER['PHP_SELF'].'?id='.$object->id; $genallowed = $user->rights->adherent->lire; - $delallowed = $user->rights->adherent->creer; + $delallowed = $user->hasRight('adherent', 'creer'); print $formfile->showdocuments('member', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', (empty($object->default_lang) ? '' : $object->default_lang), '', $object); $somethingshown = $formfile->numoffiles; diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index d30e851b9a2..35ab65e9d82 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -2,7 +2,7 @@ /* Copyright (C) 2016 Xebax Christy * Copyright (C) 2017 Regis Houssin * Copyright (C) 2020 Thibault FOUCART - * Copyright (C) 2020 Frédéric France + * Copyright (C) 2020 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -286,7 +286,7 @@ class Members extends DolibarrApi */ public function post($request_data = null) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } // Check mandatory fields @@ -311,7 +311,7 @@ class Members extends DolibarrApi */ public function put($id, $request_data = null) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } diff --git a/htdocs/adherents/class/api_subscriptions.class.php b/htdocs/adherents/class/api_subscriptions.class.php index f969017146b..0512ea46b20 100644 --- a/htdocs/adherents/class/api_subscriptions.class.php +++ b/htdocs/adherents/class/api_subscriptions.class.php @@ -173,7 +173,7 @@ class Subscriptions extends DolibarrApi */ public function put($id, $request_data = null) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php index 968f95088dd..bce8227ab57 100644 --- a/htdocs/adherents/document.php +++ b/htdocs/adherents/document.php @@ -88,10 +88,10 @@ if ($id > 0 || !empty($ref)) { } // Define variables to determine what the current user can do on the members -$canaddmember = $user->rights->adherent->creer; +$canaddmember = $user->hasRight('adherent', 'creer'); // Define variables to determine what the current user can do on the properties of a member if ($id) { - $caneditfieldmember = $user->rights->adherent->creer; + $caneditfieldmember = $user->hasRight('adherent', 'creer'); } $permissiontoadd = $canaddmember; @@ -187,8 +187,8 @@ if ($id > 0) { print dol_get_fiche_end(); $modulepart = 'member'; - $permissiontoadd = $user->rights->adherent->creer; - $permtoedit = $user->rights->adherent->creer; + $permissiontoadd = $user->hasRight('adherent', 'creer'); + $permtoedit = $user->hasRight('adherent', 'creer'); $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; print "

"; diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index 32b758fee12..7f09bccb3d3 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -63,10 +63,10 @@ if ($id > 0 || !empty($ref)) { } // Define variables to determine what the current user can do on the members -$canaddmember = $user->rights->adherent->creer; +$canaddmember = $user->hasRight('adherent', 'creer'); // Define variables to determine what the current user can do on the properties of a member if ($id) { - $caneditfieldmember = $user->rights->adherent->creer; + $caneditfieldmember = $user->hasRight('adherent', 'creer'); } // Security check diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 98d75c9fefb..b0e63098322 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -232,7 +232,7 @@ if (empty($reshook)) { } // Close - if ($massaction == 'close' && $user->rights->adherent->creer) { + if ($massaction == 'close' && $user->hasRight('adherent', 'creer')) { $tmpmember = new Adherent($db); $error = 0; $nbclose = 0; @@ -262,7 +262,7 @@ if (empty($reshook)) { } // Create external user - if ($massaction == 'createexternaluser' && $user->rights->adherent->creer && $user->rights->user->user->creer) { + if ($massaction == 'createexternaluser' && $user->hasRight('adherent', 'creer') && $user->rights->user->user->creer) { $tmpmember = new Adherent($db); $error = 0; $nbcreated = 0; @@ -302,7 +302,7 @@ if (empty($reshook)) { $objectlabel = 'Members'; $permissiontoread = $user->rights->adherent->lire; $permissiontodelete = $user->rights->adherent->supprimer; - $permissiontoadd = $user->rights->adherent->creer; + $permissiontoadd = $user->hasRight('adherent', 'creer'); $uploaddir = $conf->adherent->dir_output; include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php'; } @@ -617,7 +617,7 @@ $arrayofmassactions = array( //'presend'=>img_picto('', 'email', 'class="pictofixedwidth"').$langs->trans("SendByMail"), //'builddoc'=>img_picto('', 'pdf', 'class="pictofixedwidth"').$langs->trans("PDFMerge"), ); -if ($user->rights->adherent->creer) { +if ($user->hasRight('adherent', 'creer')) { $arrayofmassactions['close'] = img_picto('', 'close_title', 'class="pictofixedwidth"').$langs->trans("Resiliate"); } if ($user->rights->adherent->supprimer) { @@ -626,7 +626,7 @@ if ($user->rights->adherent->supprimer) { if ($user->rights->societe->creer) { $arrayofmassactions['preaffecttag'] = img_picto('', 'category', 'class="pictofixedwidth"').$langs->trans("AffectTag"); } -if ($user->rights->adherent->creer && $user->rights->user->user->creer) { +if ($user->hasRight('adherent', 'creer') && $user->rights->user->user->creer) { $arrayofmassactions['createexternaluser'] = img_picto('', 'user', 'class="pictofixedwidth"').$langs->trans("CreateExternalUser"); } if (GETPOST('nomassaction', 'int') || in_array($massaction, array('presend', 'predelete', 'preaffecttag'))) { @@ -635,7 +635,7 @@ if (GETPOST('nomassaction', 'int') || in_array($massaction, array('presend', 'pr $massactionbutton = $form->selectMassAction('', $arrayofmassactions); $newcardbutton = ''; -if ($user->rights->adherent->creer) { +if ($user->hasRight('adherent', 'creer')) { $newcardbutton .= dolGetButtonTitle($langs->trans('NewMember'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/adherents/card.php?action=create'); } diff --git a/htdocs/adherents/note.php b/htdocs/adherents/note.php index 7e445e41a37..ea5e22fe153 100644 --- a/htdocs/adherents/note.php +++ b/htdocs/adherents/note.php @@ -51,7 +51,7 @@ if ($result > 0) { } -$permissionnote = $user->rights->adherent->creer; // Used by the include of actions_setnotes.inc.php +$permissionnote = $user->hasRight('adherent', 'creer'); // Used by the include of actions_setnotes.inc.php // Fetch object if ($id > 0 || !empty($ref)) { @@ -71,10 +71,10 @@ if ($id > 0 || !empty($ref)) { } // Define variables to determine what the current user can do on the members -$canaddmember = $user->rights->adherent->creer; +$canaddmember = $user->hasRight('adherent', 'creer'); // Define variables to determine what the current user can do on the properties of a member if ($id) { - $caneditfieldmember = $user->rights->adherent->creer; + $caneditfieldmember = $user->hasRight('adherent', 'creer'); } $hookmanager->initHooks(array('membernote')); @@ -155,7 +155,7 @@ if ($id) { $cssclass = 'titlefield'; - $permission = $user->rights->adherent->creer; // Used by the include of notes.tpl.php + $permission = $user->hasRight('adherent', 'creer'); // Used by the include of notes.tpl.php include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'; diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index a0831becc70..db40a8ad465 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -113,10 +113,10 @@ if ($id > 0 || !empty($ref)) { } // Define variables to determine what the current user can do on the members -$canaddmember = $user->rights->adherent->creer; +$canaddmember = $user->hasRight('adherent', 'creer'); // Define variables to determine what the current user can do on the properties of a member if ($id) { - $caneditfieldmember = $user->rights->adherent->creer; + $caneditfieldmember = $user->hasRight('adherent', 'creer'); } // Security check @@ -595,7 +595,7 @@ if ($rowid > 0) { print ''; - if ($action != 'editthirdparty' && $user->rights->adherent->creer) { + if ($action != 'editthirdparty' && $user->hasRight('adherent', 'creer')) { print ''; } print '
'; print $langs->trans("LinkedToDolibarrThirdParty"); print 'id.'">'.img_edit($langs->trans('SetLinkToThirdParty'), 1).'
'; @@ -637,7 +637,7 @@ if ($rowid > 0) { print ''; - if ($action != 'editlogin' && $user->rights->adherent->creer) { + if ($action != 'editlogin' && $user->hasRight('adherent', 'creer')) { print ''; print ''; print ''; print ''; print ''; print ''; print ''; print ''; } diff --git a/htdocs/admin/reception_setup.php b/htdocs/admin/reception_setup.php index 09a11999603..c86db66e464 100644 --- a/htdocs/admin/reception_setup.php +++ b/htdocs/admin/reception_setup.php @@ -238,7 +238,7 @@ foreach ($dirmodels as $reldir) { if ($conf->global->RECEPTION_ADDON_NUMBER == "$file") { print img_picto($langs->trans("Activated"), 'switch_on'); } else { - print 'scandir.'&label='.urlencode($module->name).'">'; + print 'scandir) ? '&scan_dir='.$module->scandir : '').(!empty($module->name) ? '&label='.urlencode($module->name) : '').'">'; print img_picto($langs->trans("Disabled"), 'switch_off'); print ''; } @@ -345,10 +345,10 @@ foreach ($dirmodels as $reldir) { $module = new $classname($db); $modulequalified = 1; - if ($module->version == 'development' && $conf->global->MAIN_FEATURES_LEVEL < 2) { + if (isset($module->version) && $module->version == 'development' && $conf->global->MAIN_FEATURES_LEVEL < 2) { $modulequalified = 0; } - if ($module->version == 'experimental' && $conf->global->MAIN_FEATURES_LEVEL < 1) { + if (isset($module->version) && $module->version == 'experimental' && $conf->global->MAIN_FEATURES_LEVEL < 1) { $modulequalified = 0; } diff --git a/htdocs/admin/supplier_invoice.php b/htdocs/admin/supplier_invoice.php index 61085b4aeb8..3524111c96e 100644 --- a/htdocs/admin/supplier_invoice.php +++ b/htdocs/admin/supplier_invoice.php @@ -393,7 +393,7 @@ foreach ($dirmodels as $reldir) { // Default print '
'; print $langs->trans("LinkedToDolibarrUser"); print ''; if ($user->rights->user->user->creer) { print 'id.'">'.img_edit($langs->trans('SetLinkToUser'), 1).''; diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index 95a8b153ec3..c26a9d13536 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -754,7 +754,7 @@ if ($rowid > 0) { // Actions print ''; - if ($user->rights->adherent->creer) { + if ($user->hasRight('adherent', 'creer')) { print ''.img_edit().''; } if ($user->rights->adherent->supprimer) { diff --git a/htdocs/adherents/vcard.php b/htdocs/adherents/vcard.php index 1d97ed7c619..1b5a0e5d0fe 100644 --- a/htdocs/adherents/vcard.php +++ b/htdocs/adherents/vcard.php @@ -54,10 +54,10 @@ if ($id > 0 || !empty($ref)) { } // Define variables to determine what the current user can do on the members -$canaddmember = $user->rights->adherent->creer; +$canaddmember = $user->hasRight('adherent', 'creer'); // Define variables to determine what the current user can do on the properties of a member if ($id) { - $caneditfieldmember = $user->rights->adherent->creer; + $caneditfieldmember = $user->hasRight('adherent', 'creer'); } // Security check diff --git a/htdocs/admin/clicktodial.php b/htdocs/admin/clicktodial.php index 5e72dc58c67..3174b5bc091 100644 --- a/htdocs/admin/clicktodial.php +++ b/htdocs/admin/clicktodial.php @@ -36,8 +36,8 @@ if (!$user->admin) { $action = GETPOST('action', 'aZ09'); -if (!in_array('clicktodial', $conf->modules)) { - accessforbidden($langs->trans("WarningModuleNotActive", $langs->transnoentitiesnoconv("Module58Name"))); +if (!isModEnabled('clicktodial')) { + accessforbidden($langs->transnoentitiesnoconv("WarningModuleNotActive", $langs->transnoentitiesnoconv("Module58Name"))); } diff --git a/htdocs/admin/fichinter.php b/htdocs/admin/fichinter.php index 8323ff27440..4e4438263c3 100644 --- a/htdocs/admin/fichinter.php +++ b/htdocs/admin/fichinter.php @@ -538,7 +538,7 @@ print '' print '
'; print $langs->trans("PrintProductsOnFichinter").' ('.$langs->trans("PrintProductsOnFichinterDetails").')global->FICHINTER_PRINT_PRODUCTS) { +if (getDolGlobalString("FICHINTER_PRINT_PRODUCTS")) { print 'checked '; } print '/>'; @@ -555,7 +555,7 @@ print ''; print $langs->trans("UseServicesDurationOnFichinter"); print ''; -print 'global->FICHINTER_USE_SERVICE_DURATION ? ' checked' : '').'>'; +print ''; print ''; print ''; @@ -571,7 +571,7 @@ print ''; print $langs->trans("UseDurationOnFichinter"); print ''; -print 'global->FICHINTER_WITHOUT_DURATION ? ' checked' : '').'>'; +print ''; print ''; print ''; @@ -587,7 +587,7 @@ print ''; print $langs->trans("UseDateWithoutHourOnFichinter"); print ''; -print 'global->FICHINTER_DATE_WITHOUT_HOUR ? ' checked' : '').'>'; +print ''; print ''; print ''; diff --git a/htdocs/admin/hrm.php b/htdocs/admin/hrm.php index c568e6de39c..838e9bf9a0b 100644 --- a/htdocs/admin/hrm.php +++ b/htdocs/admin/hrm.php @@ -624,7 +624,7 @@ if ($action == 'edit') { setEventMessages(null, $object->errors, "errors"); } } else { - print $conf->global->{$constname}; + print getDolGlobalString($constname); } print '
'; - if ($conf->global->INVOICE_SUPPLIER_ADDON_PDF == "$name") { + if (getDolGlobalString("INVOICE_SUPPLIER_ADDON_PDF") == "$name") { //print img_picto($langs->trans("Default"),'on'); // Even if choice is the default value, we allow to disable it: For supplier invoice, we accept to have no doc generation at all print 'scandir.'&label='.urlencode($module->name).'&type=invoice_supplier"" alt="'.$langs->trans("Disable").'">'.img_picto($langs->trans("Enabled"), 'on').''; diff --git a/htdocs/admin/supplier_order.php b/htdocs/admin/supplier_order.php index d1cd596f0e6..b5114314eef 100644 --- a/htdocs/admin/supplier_order.php +++ b/htdocs/admin/supplier_order.php @@ -1,25 +1,25 @@ - * Copyright (C) 2004-2011 Laurent Destailleur - * Copyright (C) 2005-2011 Regis Houssin - * Copyright (C) 2004 Sebastien Di Cintio - * Copyright (C) 2004 Benoit Mortier - * Copyright (C) 2010-2013 Juanjo Menent - * Copyright (C) 2011-2018 Philippe Grand - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ +* Copyright (C) 2004-2011 Laurent Destailleur +* Copyright (C) 2005-2011 Regis Houssin +* Copyright (C) 2004 Sebastien Di Cintio +* Copyright (C) 2004 Benoit Mortier +* Copyright (C) 2010-2013 Juanjo Menent +* Copyright (C) 2011-2018 Philippe Grand +* +* This program is free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation; either version 3 of the License, or +* (at your option) any later version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program. If not, see . +*/ /** * \file htdocs/admin/supplier_order.php @@ -55,8 +55,8 @@ $specimenthirdparty->initAsSpecimen(); /* - * Actions - */ +* Actions +*/ include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php'; @@ -85,7 +85,9 @@ if ($action == 'updateMask') { $commande->thirdparty = $specimenthirdparty; // Search template files - $file = ''; $classname = ''; $filefound = 0; + $file = ''; + $classname = ''; + $filefound = 0; $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); foreach ($dirmodels as $reldir) { $file = dol_buildpath($reldir."core/modules/supplier_order/doc/pdf_".$modele.".modules.php", 0); @@ -195,8 +197,8 @@ if ($action == 'updateMask') { /* - * View - */ +* View +*/ $form = new Form($db); @@ -314,8 +316,8 @@ print '

'; /* - * Documents models for supplier orders - */ +* Documents models for supplier orders +*/ print load_fiche_titre($langs->trans("OrdersModelModule"), '', ''); @@ -370,7 +372,7 @@ foreach ($dirmodels as $reldir) { print "\n"; print ""; - print (empty($module->name) ? $name : $module->name); + print(empty($module->name) ? $name : $module->name); print "\n"; print "\n"; require_once $dir.'/'.$file; @@ -438,8 +440,8 @@ foreach ($dirmodels as $reldir) { print '
'; /* - * Other options - */ +* Other options +*/ print '
'; print ''; @@ -457,7 +459,7 @@ print ''; print $form->textwithpicto($langs->trans("UseDoubleApproval"), $langs->trans("Use3StepsApproval"), 1, 'help').'
'; print $langs->trans("IfSetToYesDontForgetPermission"); print ''; -print ''; +print ''; print ''; print ''; print "\n"; @@ -467,30 +469,30 @@ print "\n"; /* Kept as hidden for the moment if (isModEnabled('banque')) { - print ''; - print $langs->trans("BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER").' '; - if (!empty($conf->use_javascript_ajax)) - { - print ajax_constantonoff('BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER'); - } - else - { - if (empty($conf->global->BANK_ASK_PAYMENT_BANK_DURING_ORDER)) - { - print ''.img_picto($langs->trans("Disabled"),'switch_off').''; - } - else - { - print ''.img_picto($langs->trans("Enabled"),'switch_on').''; - } - } - print ''; +print ''; +print $langs->trans("BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER").' '; +if (!empty($conf->use_javascript_ajax)) +{ +print ajax_constantonoff('BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER'); +} +else +{ +if (empty($conf->global->BANK_ASK_PAYMENT_BANK_DURING_ORDER)) +{ +print ''.img_picto($langs->trans("Disabled"),'switch_off').''; +} +else +{ +print ''.img_picto($langs->trans("Enabled"),'switch_on').''; +} +} +print ''; } else { - print ''; - print $langs->trans("BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER").' '.$langs->trans('NotAvailable').''; +print ''; +print $langs->trans("BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER").' '.$langs->trans('NotAvailable').''; } */ @@ -540,8 +542,8 @@ print '
'; /* - * Notifications - */ +* Notifications +*/ print load_fiche_titre($langs->trans("Notifications"), '', ''); print ''; diff --git a/htdocs/admin/supplier_payment.php b/htdocs/admin/supplier_payment.php index 967d7f95998..86fcccfb8f2 100644 --- a/htdocs/admin/supplier_payment.php +++ b/htdocs/admin/supplier_payment.php @@ -75,7 +75,7 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - if ($conf->global->FACTURE_ADDON_PDF == "$value") { + if (getDolGlobalString("FACTURE_ADDON_PDF") == "$value") { dolibarr_del_const($db, 'SUPPLIER_PAYMENT_ADDON_PDF', $conf->entity); } } @@ -263,7 +263,7 @@ foreach ($dirmodels as $reldir) { if ($conf->global->SUPPLIER_PAYMENT_ADDON == $file || $conf->global->SUPPLIER_PAYMENT_ADDON.'.php' == $file) { print img_picto($langs->trans("Activated"), 'switch_on'); } else { - print ''.img_picto($langs->trans("Disabled"), 'switch_off').''; + print 'scandir) ? '&scandir='.$module->scandir : '').'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"), 'switch_off').''; } print ''; @@ -289,7 +289,7 @@ foreach ($dirmodels as $reldir) { print '\n"; print "\n"; print '\n"; diff --git a/htdocs/admin/ticket.php b/htdocs/admin/ticket.php index b4a24a2d0cd..73491532c56 100644 --- a/htdocs/admin/ticket.php +++ b/htdocs/admin/ticket.php @@ -429,7 +429,7 @@ foreach ($dirmodels as $reldir) { // Default print ''; print ''; if (isModEnabled('product')) { + $htmlname = "product_category_id"; print ''; print ''; + print ''; print ''; print ''; // Text to help to enter a ticket - $public_text_help_message = $conf->global->TICKET_PUBLIC_TEXT_HELP_MESSAGE ? $conf->global->TICKET_PUBLIC_TEXT_HELP_MESSAGE : $langs->trans('TicketPublicPleaseBeAccuratelyDescribe'); + $public_text_help_message = getDolGlobalString("TICKET_PUBLIC_TEXT_HELP_MESSAGE", $langs->trans('TicketPublicPleaseBeAccuratelyDescribe')); print ''; // Url public interface - $url_interface = $conf->global->TICKET_URL_PUBLIC_INTERFACE; + $url_interface = getDolGlobalString("TICKET_URL_PUBLIC_INTERFACE"); print ''; + print ''; print ''; print ''; // Text of email after creatio of a ticket - $mail_mesg_new = $conf->global->TICKET_MESSAGE_MAIL_NEW ? $conf->global->TICKET_MESSAGE_MAIL_NEW : $langs->trans('TicketNewEmailBody'); + $mail_mesg_new = getDolGlobalString("TICKET_MESSAGE_MAIL_NEW", $langs->trans('TicketNewEmailBody')); print ''; print ''; @@ -478,7 +478,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print ''; + print ''; print ''; print ''; diff --git a/htdocs/admin/tools/purge.php b/htdocs/admin/tools/purge.php index d8d68de7450..ee95fd7b44e 100644 --- a/htdocs/admin/tools/purge.php +++ b/htdocs/admin/tools/purge.php @@ -34,7 +34,7 @@ $langs->load("admin"); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $choice = GETPOST('choice', 'aZ09'); - +$nbsecondsold = GETPOSTINT('nbsecondsold'); // Define filelog to discard it from purge $filelog = ''; @@ -43,6 +43,7 @@ if (!empty($conf->syslog->enabled)) { $filelog = preg_replace('/DOL_DATA_ROOT/i', DOL_DATA_ROOT, $filelog); } +// Security if (!$user->admin) { accessforbidden(); } @@ -65,7 +66,8 @@ if ($action == 'purge' && !preg_match('/^confirm/i', $choice) && ($choice != 'al require_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php'; $utils = new Utils($db); - $result = $utils->purgeFiles($choice); + + $result = $utils->purgeFiles($choice, $nbsecondsold); $mesg = $utils->output; setEventMessages($mesg, null, 'mesgs'); @@ -115,8 +117,11 @@ print '>
'; print $form->textwithpicto('', $htmltooltip, 1, 0); - if ($conf->global->PAYMENT_ADDON.'.php' == $file) { // If module is the one used, we show existing errors + if (getDolGlobalString("PAYMENT_ADDON").'.php' == $file) { // If module is the one used, we show existing errors if (!empty($module->error)) { dol_htmloutput_mesg($module->error, '', 'error', 1); } @@ -351,7 +351,7 @@ foreach ($dirmodels as $reldir) { print "\n"; require_once $dir.'/'.$file; - $module = new $classname($db, $specimenthirdparty); + $module = new $classname($db, new Societe($db)); if (method_exists($module, 'info')) { print $module->info($langs); } else { @@ -383,7 +383,7 @@ foreach ($dirmodels as $reldir) { // Default print ''; - if ($conf->global->SUPPLIER_PAYMENT_ADDON_PDF == "$name") { + if (getDolGlobalString("SUPPLIER_PAYMENT_ADDON_PDF") == "$name") { //print img_picto($langs->trans("Default"),'on'); // Even if choice is the default value, we allow to disable it: For supplier invoice, we accept to have no doc generation at all print 'scandir).'&label='.urlencode($module->name).'&type=SUPPLIER_PAYMENT"" alt="'.$langs->trans("Disable").'">'.img_picto($langs->trans("Enabled"), 'on').''; @@ -442,7 +442,7 @@ print "
'; print $langs->trans("GroupPaymentsByModOnReports"); print ''; -print $form->selectyesno("PAYMENTS_FOURN_REPORT_GROUP_BY_MOD", $conf->global->PAYMENTS_FOURN_REPORT_GROUP_BY_MOD, 1); +print $form->selectyesno("PAYMENTS_FOURN_REPORT_GROUP_BY_MOD", getDolGlobalString("PAYMENTS_FOURN_REPORT_GROUP_BY_MOD"), 1); print ''; print "
'; - if ($conf->global->TICKET_ADDON_PDF == $name) { + if (getDolGlobalString("TICKET_ADDON_PDF") == $name) { print img_picto($langs->trans("Default"), 'on'); } else { print 'scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"), 'off').''; @@ -541,9 +541,10 @@ print '
'.$langs->trans("TicketChooseProductCategory").''; - $formcategory->selectProductCategory($conf->global->TICKET_PRODUCT_CATEGORY, 'product_category_id'); + $formcategory->selectProductCategory($conf->global->TICKET_PRODUCT_CATEGORY, $htmlname); if ($conf->use_javascript_ajax) { print ajax_combobox('select_'.$htmlname); } diff --git a/htdocs/admin/ticket_public.php b/htdocs/admin/ticket_public.php index e1557f7d14e..8693da8deb2 100644 --- a/htdocs/admin/ticket_public.php +++ b/htdocs/admin/ticket_public.php @@ -382,10 +382,10 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { } // Interface topic - $url_interface = $conf->global->TICKET_PUBLIC_INTERFACE_TOPIC; + $url_interface = getDolGlobalString("TICKET_PUBLIC_INTERFACE_TOPIC"); print '
'.$langs->trans("TicketPublicInterfaceTopicLabelAdmin").''; print ''; - print ''; print $form->textwithpicto('', $langs->trans("TicketPublicInterfaceTopicHelp"), 1, 'help'); @@ -404,7 +404,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print '
'.$langs->trans("TicketPublicInterfaceTextHelpMessageLabelAdmin").''; print ''; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; @@ -416,10 +416,10 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print '
'.$langs->trans("TicketUrlPublicInterfaceLabelAdmin").''; print ''; - print ''; print $form->textwithpicto('', $langs->trans("TicketUrlPublicInterfaceHelpAdmin"), 1, 'help'); @@ -449,7 +449,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print '
'; print $form->textwithpicto($langs->trans("TicketNewEmailBodyLabel"), $langs->trans("TicketNewEmailBodyHelp"), 1, 'help'); print ''; @@ -469,7 +469,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print ajax_constantonoff('TICKET_PUBLIC_NOTIFICATION_NEW_MESSAGE_ENABLED'); } else { $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); - print $form->selectarray("TICKET_PUBLIC_NOTIFICATION_NEW_MESSAGE_ENABLED", $arrval, $conf->global->TICKET_PUBLIC_NOTIFICATION_NEW_MESSAGE_ENABLED); + print $form->selectarray("TICKET_PUBLIC_NOTIFICATION_NEW_MESSAGE_ENABLED", $arrval, getDolGlobalString("TICKET_PUBLIC_NOTIFICATION_NEW_MESSAGE_ENABLED")); } print '
'; print $form->textwithpicto($langs->trans("TicketPublicNotificationNewMessageDefaultEmail"), $langs->trans("TicketPublicNotificationNewMessageDefaultEmailHelp"), 1, 'help'); print ''; - print '
'; //if ($choice != 'confirm_allfiles') @@ -130,7 +135,7 @@ print ''; if (preg_match('/^confirm/i', $choice)) { print '
'; $formquestion = array(); - print $form->formconfirm($_SERVER["PHP_SELF"].'?choice=allfiles', $langs->trans('Purge'), $langs->trans('ConfirmPurge').img_warning().' ', 'purge', $formquestion, 'no', 2); + print $form->formconfirm($_SERVER["PHP_SELF"].'?choice=allfiles&nbsecondsold='.$nbsecondsold, $langs->trans('Purge'), $langs->trans('ConfirmPurge').img_warning().' ', 'purge', $formquestion, 'no', 2); } // End of page diff --git a/htdocs/api/index.php b/htdocs/api/index.php index 8543e284533..4c0d36fdcfe 100644 --- a/htdocs/api/index.php +++ b/htdocs/api/index.php @@ -76,6 +76,8 @@ if (preg_match('/\/api\/index\.php/', $_SERVER["PHP_SELF"])) { header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE'); header('Access-Control-Allow-Headers: Content-Type, Authorization, api_key, DOLAPIKEY'); } +header('X-Frame-Options: SAMEORIGIN'); + $res = 0; if (!$res && file_exists("../main.inc.php")) { diff --git a/htdocs/categories/class/api_categories.class.php b/htdocs/categories/class/api_categories.class.php index d5345106093..76381c0d53d 100644 --- a/htdocs/categories/class/api_categories.class.php +++ b/htdocs/categories/class/api_categories.class.php @@ -386,7 +386,7 @@ class Categories extends DolibarrApi } $object = new Contact($this->db); } elseif ($type === Categorie::TYPE_MEMBER) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } $object = new Adherent($this->db); @@ -466,7 +466,7 @@ class Categories extends DolibarrApi } $object = new Contact($this->db); } elseif ($type === Categorie::TYPE_MEMBER) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } $object = new Adherent($this->db); @@ -546,7 +546,7 @@ class Categories extends DolibarrApi } $object = new Contact($this->db); } elseif ($type === Categorie::TYPE_MEMBER) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } $object = new Adherent($this->db); @@ -624,7 +624,7 @@ class Categories extends DolibarrApi } $object = new Contact($this->db); } elseif ($type === Categorie::TYPE_MEMBER) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } $object = new Adherent($this->db); diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index 8fbb897d900..194229725c3 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -118,7 +118,7 @@ if ($id > 0 && $removeelem > 0 && $action == 'unlink') { $tmpobject = new Societe($db); $result = $tmpobject->fetch($removeelem); $elementtype = 'customer'; - } elseif ($type == Categorie::TYPE_MEMBER && $user->rights->adherent->creer) { + } elseif ($type == Categorie::TYPE_MEMBER && $user->hasRight('adherent', 'creer')) { require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; $tmpobject = new Adherent($db); $result = $tmpobject->fetch($removeelem); @@ -564,7 +564,7 @@ if ($type == Categorie::TYPE_PRODUCT) { } } else { print_barre_liste($langs->trans("ProductsAndServices"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'products'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -644,7 +644,7 @@ if ($type == Categorie::TYPE_CUSTOMER) { } } else { print_barre_liste($langs->trans("Customers"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'companies'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -725,7 +725,7 @@ if ($type == Categorie::TYPE_SUPPLIER) { } } else { print_barre_liste($langs->trans("Suppliers"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'companies'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -734,7 +734,7 @@ if ($type == Categorie::TYPE_MEMBER) { if ($user->hasRight("adherent", "read")) { require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; - $permission = $user->rights->adherent->creer; + $permission = $user->hasRight('adherent', 'creer'); $prods = $object->getObjectsInCateg($type, 0, $limit, $offset); if ($prods < 0) { @@ -769,7 +769,7 @@ if ($type == Categorie::TYPE_MEMBER) { print '
'; $param = '&limit='.$limit.'&id='.$id.'&type='.$type; $num = count($prods); $nbtotalofrecords = ''; - $newcardbutton = dolGetButtonTitle($langs->trans("AddMember"), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/adherents/card.php?action=create&memcats[]='.$object->id.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?id='.$object->id), '', $user->rights->adherent->creer); + $newcardbutton = dolGetButtonTitle($langs->trans("AddMember"), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/adherents/card.php?action=create&memcats[]='.$object->id.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?id='.$object->id), '', $user->hasRight('adherent', 'creer')); print_barre_liste($langs->trans("Member"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'members', 0, $newcardbutton, '', $limit); print "\n"; @@ -809,7 +809,7 @@ if ($type == Categorie::TYPE_MEMBER) { } } else { print_barre_liste($langs->trans("Member"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'members'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -896,7 +896,7 @@ if ($type == Categorie::TYPE_CONTACT) { } } else { print_barre_liste($langs->trans("Contact"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'contact'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -978,7 +978,7 @@ if ($type == Categorie::TYPE_ACCOUNT) { } } else { print_barre_liste($langs->trans("Banque"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'bank'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -1061,7 +1061,7 @@ if ($type == Categorie::TYPE_PROJECT) { } } else { print_barre_liste($langs->trans("Project"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'project'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -1138,7 +1138,7 @@ if ($type == Categorie::TYPE_USER) { } } else { print_barre_liste($langs->trans("Users"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'user'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -1202,7 +1202,7 @@ if ($type == Categorie::TYPE_WAREHOUSE) { } } else { print_barre_liste($langs->trans("Warehouse"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'stock'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -1281,7 +1281,7 @@ if ($type == Categorie::TYPE_TICKET) { } } else { print_barre_liste($langs->trans("Ticket"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'ticket'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 20c30783337..2c008202348 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -25,32 +25,35 @@ */ /** - * \file htdocs/comm/action/card.php - * \ingroup agenda - * \brief Page for event card + * \file htdocs/comm/action/card.php + * \ingroup agenda + * \brief Page for event card */ // Load Dolibarr environment require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; -require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; -require_once DOL_DOCUMENT_ROOT.'/comm/action/class/cactioncomm.class.php'; -require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; -require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncommreminder.class.php'; + +require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncommreminder.class.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/action/class/cactioncomm.class.php'; +require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; require_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; -require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; +require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; + // Load translation files required by the page $langs->loadLangs(array("companies", "other", "commercial", "bills", "orders", "agenda", "mails")); +// Get Parameters $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); @@ -97,6 +100,7 @@ if ($user->socid) { $error = GETPOST("error"); $donotclearsession = GETPOST('donotclearsession') ?GETPOST('donotclearsession') : 0; +// Initialize Objects $object = new ActionComm($db); $cactioncomm = new CActionComm($db); $contact = new Contact($db); diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 790c1744bd8..25e389f2e85 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -27,10 +27,6 @@ * \brief Page to list actions */ -if (!defined("NOREDIRECTBYMAINTOLOGIN")) { - define('NOREDIRECTBYMAINTOLOGIN', 1); -} - // Load Dolibarr environment require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index 47ea39de146..61092df5665 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -23,21 +23,21 @@ /** - * \file htdocs/comm/action/pertype.php - * \ingroup agenda - * \brief Tab of calendar events per type + * \file htdocs/comm/action/pertype.php + * \ingroup agenda + * \brief Tab of calendar events per type */ // Load Dolibarr environment require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; -require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; -require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; -require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; +require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; +require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; +require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php'; if (!isset($conf->global->AGENDA_MAX_EVENTS_DAY_VIEW)) { @@ -52,28 +52,35 @@ $filter = GETPOST("search_filter", 'alpha', 3) ? GETPOST("search_filter", 'alpha $filtert = GETPOST("search_filtert", "int", 3) ? GETPOST("search_filtert", "int", 3) : GETPOST("filtert", "int", 3); $usergroup = GETPOST("search_usergroup", "int", 3) ? GETPOST("search_usergroup", "int", 3) : GETPOST("usergroup", "int", 3); //if (! ($usergroup > 0) && ! ($filtert > 0)) $filtert = $user->id; -//$showbirthday = empty($conf->use_javascript_ajax)?GETPOST("showbirthday","int"):1; -$showbirthday = 0; + +// $showbirthday = empty($conf->use_javascript_ajax)?GETPOST("showbirthday","int"):1; +$showbirthday = 0; // will be hidden here // If not choice done on calendar owner, we filter on user. if (empty($filtert) && empty($conf->global->AGENDA_ALL_CALENDARS)) { $filtert = $user->id; } +// Sorting $sortfield = GETPOST('sortfield', 'aZ09comma'); +if (!$sortfield) { + $sortfield = "a.datec"; +} + $sortorder = GETPOST('sortorder', 'aZ09comma'); +if (!$sortorder) { + $sortorder = "ASC"; +} + +// Page $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $offset = $limit * $page; -if (!$sortorder) { - $sortorder = "ASC"; -} -if (!$sortfield) { - $sortfield = "a.datec"; -} + + // Security check $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOST("socid", "int"); @@ -84,6 +91,7 @@ if ($socid < 0) { $socid = ''; } +// Permissions $canedit = 1; if (empty($user->rights->agenda->myactions->read)) { accessforbidden(); @@ -106,6 +114,7 @@ $status = GETPOSTISSET("search_status") ? GETPOST("search_status", 'alpha') : GE $type = GETPOSTISSET("search_type") ? GETPOST("search_type", 'alpha') : GETPOST("type", 'alpha'); $maxprint = ((GETPOST("maxprint", 'int') != '') ? GETPOST("maxprint", 'int') : $conf->global->AGENDA_MAX_EVENTS_DAY_VIEW); $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') + // Set actioncode (this code must be same for setting actioncode into peruser, listacton and index) if (GETPOST('search_actioncode', 'array')) { $actioncode = GETPOST('search_actioncode', 'array', 3); @@ -118,11 +127,12 @@ if (GETPOST('search_actioncode', 'array')) { $dateselect = dol_mktime(0, 0, 0, GETPOST('dateselectmonth', 'int'), GETPOST('dateselectday', 'int'), GETPOST('dateselectyear', 'int')); if ($dateselect > 0) { - $day = GETPOST('dateselectday', 'int'); + $day = GETPOST('dateselectday', 'int'); $month = GETPOST('dateselectmonth', 'int'); - $year = GETPOST('dateselectyear', 'int'); + $year = GETPOST('dateselectyear', 'int'); } +// working hours $tmp = empty($conf->global->MAIN_DEFAULT_WORKING_HOURS) ? '9-18' : $conf->global->MAIN_DEFAULT_WORKING_HOURS; $tmp = str_replace(' ', '', $tmp); // FIX 7533 $tmparray = explode('-', $tmp); @@ -138,6 +148,7 @@ if ($end_h <= $begin_h) { $end_h = $begin_h + 1; } +// working days $tmp = empty($conf->global->MAIN_DEFAULT_WORKING_DAYS) ? '1-5' : $conf->global->MAIN_DEFAULT_WORKING_DAYS; $tmp = str_replace(' ', '', $tmp); // FIX 7533 $tmparray = explode('-', $tmp); @@ -151,19 +162,24 @@ if (empty($mode) && !GETPOSTISSET('mode')) { $mode = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW); } +// View by month if (GETPOST('viewcal', 'alpha') && $mode != 'show_day' && $mode != 'show_week' && $mode != 'show_peruser') { $mode = 'show_month'; $day = ''; -} // View by month +} +// View by week if (GETPOST('viewweek', 'alpha') || $mode == 'show_week') { $mode = 'show_week'; $week = ($week ? $week : date("W")); $day = ($day ? $day : date("d")); -} // View by week +} +// View by day if (GETPOST('viewday', 'alpha') || $mode == 'show_day') { $mode = 'show_day'; $day = ($day ? $day : date("d")); -} // View by day +} +// View by year if (GETPOST('viewyear', 'alpha') || $mode == 'show_year') { $mode = 'show_year'; -} // View by year +} +// Initialize object $object = new ActionComm($db); // Load translation files required by the page @@ -219,6 +235,7 @@ $parameters = array( 'resourceid' => $resourceid, 'usergroup' => $usergroup, ); + $reshook = $hookmanager->executeHooks('beforeAgendaPerType', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); @@ -227,14 +244,14 @@ if ($reshook < 0) { $form = new Form($db); $companystatic = new Societe($db); -$help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:Módulo_Agenda'; +$help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:Módulo_Agenda|DE:Modul_Terminplanung'; llxHeader('', $langs->trans("Agenda"), $help_url); $now = dol_now(); $nowarray = dol_getdate($now); -$nowyear = $nowarray['year']; +$nowyear = $nowarray['year']; $nowmonth = $nowarray['mon']; -$nowday = $nowarray['mday']; +$nowday = $nowarray['mday']; // Define list of all external calendars (global setup) @@ -247,7 +264,7 @@ $first_year = $year; $week = $prev['week']; -$day = (int) $day; +$day = (int) $day; $next = dol_get_next_day($day, $month, $year); $next_year = $year + 1; $next_month = $month; diff --git a/htdocs/compta/bank/annuel.php b/htdocs/compta/bank/annuel.php index 93fbf63780b..610cf17498c 100644 --- a/htdocs/compta/bank/annuel.php +++ b/htdocs/compta/bank/annuel.php @@ -193,6 +193,9 @@ for ($mois = 1; $mois < 13; $mois++) { print ''; print ""; for ($annee = $year_start; $annee <= $year_end; $annee++) { + $totsorties[$annee] = 0; + $totentrees[$annee] = 0; + $case = sprintf("%04s-%02s", $annee, $mois); print '"; print ""; - if ($conf->global->MULTICOMPANY_INVOICE_SHARING_ENABLED) { + if (getDolGlobalString("MULTICOMPANY_INVOICE_SHARING_ENABLED")) { if ($tmpobj->family == 'invoice') { $mc->getInfo($tmpobj->entity); print ""; diff --git a/htdocs/compta/paiement/cheque/list.php b/htdocs/compta/paiement/cheque/list.php index ea65eac132b..9ab1ab7f1bd 100644 --- a/htdocs/compta/paiement/cheque/list.php +++ b/htdocs/compta/paiement/cheque/list.php @@ -64,6 +64,8 @@ if (!$sortfield) { $year = GETPOST("year"); $month = GETPOST("month"); +$optioncss = GETPOST('optioncss', 'alpha'); +$view = GETPOST("view", 'alpha'); $form = new Form($db); $formother = new FormOther($db); diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index 2429e9c62c9..afcf2d4f086 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -62,6 +62,7 @@ $offset = $limit * $page; $hookmanager->initHooks(array('directdebitcreatecard', 'globalcard')); // Security check +$socid = GETPOST('socid', 'int'); if ($user->socid) { $socid = $user->socid; } @@ -72,7 +73,7 @@ if ($type == 'bank-transfer') { } $error = 0; - +$option = ""; /* * Actions diff --git a/htdocs/compta/prelevement/orders_list.php b/htdocs/compta/prelevement/orders_list.php index bc5ba09ed83..4fe9e23a8cd 100644 --- a/htdocs/compta/prelevement/orders_list.php +++ b/htdocs/compta/prelevement/orders_list.php @@ -53,6 +53,8 @@ if (!$sortfield) { $sortfield = "p.datec"; } +$optioncss = GETPOST('optioncss', 'alpha'); + // Get supervariables $statut = GETPOST('statut', 'int'); $search_ref = GETPOST('search_ref', 'alpha'); diff --git a/htdocs/core/actions_linkedfiles.inc.php b/htdocs/core/actions_linkedfiles.inc.php index 86d4e923131..f11058312d1 100644 --- a/htdocs/core/actions_linkedfiles.inc.php +++ b/htdocs/core/actions_linkedfiles.inc.php @@ -41,8 +41,8 @@ if ((GETPOST('sendit', 'alpha') || ($action == 'confirm_deletefile' && $confirm == 'yes') || ($action == 'confirm_updateline' && GETPOST('save', 'alpha') && GETPOST('link', 'alpha')) || ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha'))) && empty($permissiontoadd)) { - dol_syslog('The file actions_linkedfiles.inc.php was included but paramater $permissiontoadd as not set before.'); - print 'The file actions_linkedfiles.inc.php was included but paramater $permissiontoadd as not set before.'; + dol_syslog('The file actions_linkedfiles.inc.php was included but parameter $permissiontoadd was not set before.'); + print 'The file actions_linkedfiles.inc.php was included but parameter $permissiontoadd was not set before.'; die; } diff --git a/htdocs/core/ajax/objectonoff.php b/htdocs/core/ajax/objectonoff.php index 1df1bbba213..c66a49557d0 100644 --- a/htdocs/core/ajax/objectonoff.php +++ b/htdocs/core/ajax/objectonoff.php @@ -1,5 +1,6 @@ + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or @@ -66,13 +67,15 @@ if (!empty($user->socid)) { $socid = $user->socid; } +//$user->rights->societe->lire = 0;$user->rights->fournisseur->lire = 0; +//restrictedArea($user, 'societe', $id); + if (in_array($field, array('status'))) { restrictedArea($user, $element, $id); } elseif ($element == 'product' && in_array($field, array('tosell', 'tobuy', 'tobatch'))) { // Special case for products restrictedArea($user, 'produit|service', $id, 'product&product', '', '', 'rowid'); } else { - accessforbidden("Bad value for combination of parameters element/field.", 0, 0, 1); - exit; + httponly_accessforbidden("Bad value for combination of parameters element/field."); } diff --git a/htdocs/core/ajax/onlineSign.php b/htdocs/core/ajax/onlineSign.php index c342f7aeab1..f3a82783a2b 100644 --- a/htdocs/core/ajax/onlineSign.php +++ b/htdocs/core/ajax/onlineSign.php @@ -74,9 +74,7 @@ if ($type == 'proposal') { } if (empty($SECUREKEY) || !dol_verifyHash($securekeyseed.$type.$ref.(!isModEnabled('multicompany') ? '' : $entity), $SECUREKEY, '0')) { - http_response_code(403); - print 'Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref); - exit(-1); + httponly_accessforbidden('Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref), 403); } diff --git a/htdocs/core/ajax/selectsearchbox.php b/htdocs/core/ajax/selectsearchbox.php index b643351dc73..19f7523fd21 100644 --- a/htdocs/core/ajax/selectsearchbox.php +++ b/htdocs/core/ajax/selectsearchbox.php @@ -40,6 +40,7 @@ if (!isset($usedbyinclude) || empty($usedbyinclude)) { define('NOREQUIREAJAX', '1'); } if (!defined('NOREDIRECTBYMAINTOLOGIN')) { + // Disable redirect to main login because the selectsearch must not ask a login define('NOREDIRECTBYMAINTOLOGIN', '1'); } diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index bed28c63035..fed9c810573 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -823,6 +823,815 @@ abstract class CommonInvoice extends CommonObject } } + + // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps + /** + * Create a withdrawal request for a direct debit order or a credit transfer order. + * Use the remain to pay excluding all existing open direct debit requests. + * + * @param User $fuser User asking the direct debit transfer + * @param float $amount Amount we request direct debit for + * @param string $type 'direct-debit' or 'bank-transfer' + * @param string $sourcetype Source ('facture' or 'supplier_invoice') + * @return int <0 if KO, >0 if OK + */ + public function demande_prelevement_stripe($fuser, $amount = 0, $type = 'direct-debit', $sourcetype = 'facture') + { + // phpcs:enable + global $conf, $mysoc, $user, $langs; + + if (empty($conf->global->STRIPE_SEPA_DIRECT_DEBIT)) { + //exit + return 0; + } + + $error = 0; + + dol_syslog(get_class($this)."::demande_prelevement_stripe 0", LOG_DEBUG); + + if ($this->statut > self::STATUS_DRAFT && $this->paye == 0) { + require_once DOL_DOCUMENT_ROOT.'/societe/class/companybankaccount.class.php'; + $bac = new CompanyBankAccount($this->db); + $bac->fetch(0, $this->socid); + + $sql = 'SELECT count(*)'; + $sql .= ' FROM '.MAIN_DB_PREFIX.'prelevement_facture_demande'; + $sql .= ' WHERE fk_facture = '.((int) $this->id); + $sql .= ' AND ext_payment_id IS NULL'; // To exclude record done for some online payments + $sql .= ' AND traite = 0'; + + dol_syslog(get_class($this)."::demande_prelevement_stripe 1", LOG_DEBUG); + $resql = $this->db->query($sql); + if ($resql) { + $row = $this->db->fetch_row($resql); + + if ($row[0] == 0) { + $now = dol_now(); + + $totalpaye = $this->getSommePaiement(); + $totalcreditnotes = $this->getSumCreditNotesUsed(); + $totaldeposits = $this->getSumDepositsUsed(); + //print "totalpaye=".$totalpaye." totalcreditnotes=".$totalcreditnotes." totaldeposts=".$totaldeposits; + + // We can also use bcadd to avoid pb with floating points + // For example print 239.2 - 229.3 - 9.9; does not return 0. + //$resteapayer=bcadd($this->total_ttc,$totalpaye,$conf->global->MAIN_MAX_DECIMALS_TOT); + //$resteapayer=bcadd($resteapayer,$totalavoir,$conf->global->MAIN_MAX_DECIMALS_TOT); + if (empty($amount)) { + $amount = price2num($this->total_ttc - $totalpaye - $totalcreditnotes - $totaldeposits, 'MT'); + } + + if (is_numeric($amount) && $amount != 0) { + require_once DOL_DOCUMENT_ROOT.'/societe/class/companypaymentmode.class.php'; + $companypaymentmode = new CompanyPaymentMode($this->db); + $companypaymentmode->fetch($bac->id); + + dol_syslog(get_class($this)."::demande_prelevement_stripe amount=$amount, companypaymentmode = " . $companypaymentmode->id, LOG_DEBUG); + + //Start code from sellyoursaas + $service = 'StripeTest'; + $servicestatus = 0; + if (!empty($conf->global->STRIPE_LIVE) && !GETPOST('forcesandbox', 'alpha')) { + $service = 'StripeLive'; + $servicestatus = 1; + } + + $langs->load("agenda"); + dol_syslog("doTakePaymentStripeForThirdparty service=" . $service . " servicestatus=" . $servicestatus . " thirdparty_id=" . $this->socid . " companypaymentmode=" . $companypaymentmode->id . " noemailtocustomeriferror=" . $noemailtocustomeriferror . " nocancelifpaymenterror=" . $nocancelifpaymenterror . " calledinmyaccountcontext=" . $calledinmyaccountcontext); + + $this->stripechargedone = 0; + $this->stripechargeerror = 0; + $now = dol_now(); + + $currency = $conf->currency; + + global $stripearrayofkeysbyenv; + global $savstripearrayofkeysbyenv; + + $errorforinvoice = 0; // We reset the $errorforinvoice at each invoice loop + + $this->fetch_thirdparty(); + + dol_syslog("--- Process invoice thirdparty_id=" . $this->id . ", thirdparty_name=" . $this->thirdparty->name . " id=" . $this->id . ", ref=" . $this->ref . ", datef=" . dol_print_date($this->date, 'dayhourlog'), LOG_DEBUG); + + $alreadypayed = $this->getSommePaiement(); + $amount_credit_notes_included = $this->getSumCreditNotesUsed(); + $amounttopay = $this->total_ttc - $alreadypayed - $amount_credit_notes_included; + + // Correct the amount according to unit of currency + // See https://support.stripe.com/questions/which-zero-decimal-currencies-does-stripe-support + $arrayzerounitcurrency = ['BIF', 'CLP', 'DJF', 'GNF', 'JPY', 'KMF', 'KRW', 'MGA', 'PYG', 'RWF', 'VND', 'VUV', 'XAF', 'XOF', 'XPF']; + $amountstripe = $amounttopay; + if (!in_array($currency, $arrayzerounitcurrency)) { + $amountstripe = $amountstripe * 100; + } + + if ($amountstripe > 0) { + try { + //var_dump($companypaymentmode); + dol_syslog("We will try to pay with companypaymentmodeid=" . $companypaymentmode->id . " stripe_card_ref=" . $companypaymentmode->stripe_card_ref . " mode=" . $companypaymentmode->status, LOG_DEBUG); + + $thirdparty = new Societe($this->db); + $resultthirdparty = $thirdparty->fetch($this->socid); + + include_once DOL_DOCUMENT_ROOT . '/stripe/class/stripe.class.php'; // This include the include of htdocs/stripe/config.php + // So it inits or erases the $stripearrayofkeysbyenv + $stripe = new Stripe($this->db); + + if (empty($savstripearrayofkeysbyenv)) { + $savstripearrayofkeysbyenv = $stripearrayofkeysbyenv; + } + dol_syslog("Current Stripe environment is " . $stripearrayofkeysbyenv[$servicestatus]['publishable_key']); + dol_syslog("Current Saved Stripe environment is " . $savstripearrayofkeysbyenv[$servicestatus]['publishable_key']); + + $foundalternativestripeaccount = ''; + + // Force stripe to another value (by default this value is empty) + if (!empty($thirdparty->array_options['options_stripeaccount'])) { + dol_syslog("The thirdparty id=" . $thirdparty->id . " has a dedicated Stripe Account, so we switch to it."); + + $tmparray = explode('@', $thirdparty->array_options['options_stripeaccount']); + if (!empty($tmparray[1])) { + $tmparray2 = explode(':', $tmparray[1]); + if (!empty($tmparray2[3])) { + $stripearrayofkeysbyenv = [ + 0 => [ + "publishable_key" => $tmparray2[0], + "secret_key" => $tmparray2[1] + ], + 1 => [ + "publishable_key" => $tmparray2[2], + "secret_key" => $tmparray2[3] + ] + ]; + + $stripearrayofkeys = $stripearrayofkeysbyenv[$servicestatus]; + \Stripe\Stripe::setApiKey($stripearrayofkeys['secret_key']); + + $foundalternativestripeaccount = $tmparray[0]; // Store the customer id + + dol_syslog("We use now customer=" . $foundalternativestripeaccount . " publishable_key=" . $stripearrayofkeys['publishable_key'], LOG_DEBUG); + } + } + + if (!$foundalternativestripeaccount) { + $stripearrayofkeysbyenv = $savstripearrayofkeysbyenv; + + $stripearrayofkeys = $savstripearrayofkeysbyenv[$servicestatus]; + \Stripe\Stripe::setApiKey($stripearrayofkeys['secret_key']); + dol_syslog("We found a bad value for Stripe Account for thirdparty id=" . $thirdparty->id . ", so we ignore it and keep using the global one, so " . $stripearrayofkeys['publishable_key'], LOG_WARNING); + } + } else { + $stripearrayofkeysbyenv = $savstripearrayofkeysbyenv; + + $stripearrayofkeys = $savstripearrayofkeysbyenv[$servicestatus]; + \Stripe\Stripe::setApiKey($stripearrayofkeys['secret_key']); + dol_syslog("The thirdparty id=" . $thirdparty->id . " has no dedicated Stripe Account, so we use global one, so " . json_encode($stripearrayofkeys), LOG_DEBUG); + } + + + dol_syslog("get stripe account", LOG_DEBUG); + $stripeacc = $stripe->getStripeAccount($service, $this->socid); // Get Stripe OAuth connect account if it exists (no network access here) + dol_syslog("get stripe account return " . json_encode($stripeacc), LOG_DEBUG); + + if ($foundalternativestripeaccount) { + if (empty($stripeacc)) { // If the Stripe connect account not set, we use common API usage + $customer = \Stripe\Customer::retrieve(['id' => "$foundalternativestripeaccount", 'expand[]' => 'sources']); + } else { + $customer = \Stripe\Customer::retrieve(['id' => "$foundalternativestripeaccount", 'expand[]' => 'sources'], ["stripe_account" => $stripeacc]); + } + } else { + $customer = $stripe->customerStripe($thirdparty, $stripeacc, $servicestatus, 0); + if (empty($customer) && !empty($stripe->error)) { + $this->errors[] = $stripe->error; + } + /*if (!empty($customer) && empty($customer->sources)) { + $customer = null; + $this->errors[] = '\Stripe\Customer::retrieve did not returned the sources'; + }*/ + } + + // $nbhoursbetweentries = (empty($conf->global->SELLYOURSAAS_NBHOURSBETWEENTRIES) ? 49 : $conf->global->SELLYOURSAAS_NBHOURSBETWEENTRIES); // Must have more that 48 hours + 1 between each try (so 1 try every 3 daily batch) + // $nbdaysbeforeendoftries = (empty($conf->global->SELLYOURSAAS_NBDAYSBEFOREENDOFTRIES) ? 35 : $conf->global->SELLYOURSAAS_NBDAYSBEFOREENDOFTRIES); + $labeltouse = ''; + $postactionmessages = []; + + if ($resultthirdparty > 0 && !empty($customer)) { + if (!$error && !empty($this->array_options['options_delayautopayment']) && $this->array_options['options_delayautopayment'] > $now && empty($calledinmyaccountcontext)) { + $errmsg = 'Payment try was canceled (invoice qualified by the automatic payment was delayed after the ' . dol_print_date($this->array_options['options_delayautopayment'], 'day') . ')'; + dol_syslog($errmsg, LOG_DEBUG); + + $error++; + $errorforinvoice++; + $this->errors[] = $errmsg; + } + // if (!$error && ($this->date < ($now - ($nbdaysbeforeendoftries * 24 * 3600))) // We try until we reach $nbdaysbeforeendoftries + // && ($this->date < ($now - (62 * 24 * 3600)) || $this->date > ($now - (60 * 24 * 3600))) // or when we have 60 days + // && ($this->date < ($now - (92 * 24 * 3600)) || $this->date > ($now - (90 * 24 * 3600))) // or when we have 90 days + // && empty($nocancelifpaymenterror)) { + // $errmsg = 'Payment try was canceled (invoice date is older than ' . $nbdaysbeforeendoftries . ' days and not 60 days old and not 90 days old) - You can still take payment from backoffice.'; + // dol_syslog($errmsg, LOG_DEBUG); + + // $error++; + // $errorforinvoice++; + // $this->errors[] = $errmsg; + // } + // if (!$error && empty($nocancelifpaymenterror)) { // If we are not in a mode that ask to avoid cancelation, we cancel payment. + // // Test if last AC_PAYMENT_STRIPE_KO event is an old error lower than $nbhoursbetweentries hours. + // $recentfailedpayment = false; + // $sqlonevents = 'SELECT COUNT(*) as nb FROM ' . MAIN_DB_PREFIX . 'actioncomm WHERE fk_soc = ' . ((int) $thirdparty->id) . " AND code ='AC_PAYMENT_STRIPE_KO' AND datep > '" . $this->db->idate($now - ($nbhoursbetweentries * 3600)) . "'"; + // $resqlonevents = $this->db->query($sqlonevents); + // if ($resqlonevents) { + // $obj = $this->db->fetch_object($resqlonevents); + // if ($obj && $obj->nb > 0) { + // $recentfailedpayment = true; + // } + // } + + // if ($recentfailedpayment) { + // $errmsg = 'Payment try was canceled (recent payment, in last ' . $nbhoursbetweentries . ' hours, with error AC_PAYMENT_STRIPE_KO for this customer)'; + // dol_syslog($errmsg, LOG_DEBUG); + + // $error++; + // $errorforinvoice++; + // $this->errors[] = $errmsg; + // } + // } + + if (!$error) { // Payment was not canceled + //erics card or sepa ? + $sepaMode = false; + if ($companypaymentmode->type == 'ban') { + $sepaMode = true; + $stripecard = $stripe->sepaStripe($customer, $companypaymentmode, $stripeacc, $servicestatus, 0); + } else { + $stripecard = $stripe->cardStripe($customer, $companypaymentmode, $stripeacc, $servicestatus, 0); + } + + if ($stripecard) { // Can be card_... (old mode) or pm_... (new mode) + $FULLTAG = 'INV=' . $this->id . '-CUS=' . $thirdparty->id; + $description = 'Stripe payment from doTakePaymentStripeForThirdparty: ' . $FULLTAG . ' ref=' . $this->ref; + + $stripefailurecode = ''; + $stripefailuremessage = ''; + $stripefailuredeclinecode = ''; + + if (preg_match('/^card_/', $stripecard->id)) { // Using old method + dol_syslog("* Create charge on card " . $stripecard->id . ", amountstripe=" . $amountstripe . ", FULLTAG=" . $FULLTAG, LOG_DEBUG); + + $ipaddress = getUserRemoteIP(); + + $charge = null; // Force reset of $charge, so, if already set from a previous fetch, it will be empty even if there is an exception at next step + try { + $charge = \Stripe\Charge::create([ + 'amount' => price2num($amountstripe, 'MU'), + 'currency' => $currency, + 'capture' => true, // Charge immediatly + 'description' => $description, + 'metadata' => ["FULLTAG" => $FULLTAG, 'Recipient' => $mysoc->name, 'dol_version' => DOL_VERSION, 'dol_entity' => $conf->entity, 'ipaddress' => $ipaddress], + 'customer' => $customer->id, + //'customer' => 'bidon_to_force_error', // To use to force a stripe error + 'source' => $stripecard, + 'statement_descriptor' => dol_trunc('INV=' . $this->id, 10, 'right', 'UTF-8', 1), // 22 chars that appears on bank receipt (company + description) + ]); + } catch (\Stripe\Error\Card $e) { + // Since it's a decline, Stripe_CardError will be caught + $body = $e->getJsonBody(); + $err = $body['error']; + + $stripefailurecode = $err['code']; + $stripefailuremessage = $err['message']; + $stripefailuredeclinecode = $err['decline_code']; + } catch (Exception $e) { + $stripefailurecode = 'UnknownChargeError'; + $stripefailuremessage = $e->getMessage(); + } + } else { // Using new SCA method + if ($sepaMode) + dol_syslog("* Create payment on SEPA " . $stripecard->id . ", amounttopay=" . $amounttopay . ", amountstripe=" . $amountstripe . ", FULLTAG=" . $FULLTAG, LOG_DEBUG); + else dol_syslog("* Create payment on card " . $stripecard->id . ", amounttopay=" . $amounttopay . ", amountstripe=" . $amountstripe . ", FULLTAG=" . $FULLTAG, LOG_DEBUG); + + // Create payment intent and charge payment (confirmnow = true) + $paymentintent = $stripe->getPaymentIntent($amounttopay, $currency, $FULLTAG, $description, $invoice, $customer->id, $stripeacc, $servicestatus, 0, 'automatic', true, $stripecard->id, 1); + + $charge = new stdClass(); + //erics add processing sepa is like success ? + if ($paymentintent->status === 'succeeded' || $paymentintent->status === 'processing') { + $charge->status = 'ok'; + $charge->id = $paymentintent->id; + $charge->customer = $customer->id; + } elseif ($paymentintent->status === 'requires_action') { + //paymentintent->status may be => 'requires_action' (no error in such a case) + dol_syslog(var_export($paymentintent, true), LOG_DEBUG); + + $charge->status = 'failed'; + $charge->customer = $customer->id; + $charge->failure_code = $stripe->code; + $charge->failure_message = $stripe->error; + $charge->failure_declinecode = $stripe->declinecode; + $stripefailurecode = $stripe->code; + $stripefailuremessage = 'Action required. Contact the support at ';// . $conf->global->SELLYOURSAAS_MAIN_EMAIL; + $stripefailuredeclinecode = $stripe->declinecode; + } else { + dol_syslog(var_export($paymentintent, true), LOG_DEBUG); + + $charge->status = 'failed'; + $charge->customer = $customer->id; + $charge->failure_code = $stripe->code; + $charge->failure_message = $stripe->error; + $charge->failure_declinecode = $stripe->declinecode; + $stripefailurecode = $stripe->code; + $stripefailuremessage = $stripe->error; + $stripefailuredeclinecode = $stripe->declinecode; + } + + //var_dump("stripefailurecode=".$stripefailurecode." stripefailuremessage=".$stripefailuremessage." stripefailuredeclinecode=".$stripefailuredeclinecode); + //exit; + } + + // Return $charge = array('id'=>'ch_XXXX', 'status'=>'succeeded|pending|failed', 'failure_code'=>, 'failure_message'=>...) + if (empty($charge) || $charge->status == 'failed') { + dol_syslog('Failed to charge card or payment mode ' . $stripecard->id . ' stripefailurecode=' . $stripefailurecode . ' stripefailuremessage=' . $stripefailuremessage . ' stripefailuredeclinecode=' . $stripefailuredeclinecode, LOG_WARNING); + + // Save a stripe payment was in error + $this->stripechargeerror++; + + $error++; + $errorforinvoice++; + $errmsg = $langs->trans("FailedToChargeCard"); + if (!empty($charge)) { + if ($stripefailuredeclinecode == 'authentication_required') { + $errauthenticationmessage = $langs->trans("ErrSCAAuthentication"); + $errmsg = $errauthenticationmessage; + } elseif (in_array($stripefailuredeclinecode, ['insufficient_funds', 'generic_decline'])) { + $errmsg .= ': ' . $charge->failure_code; + $errmsg .= ($charge->failure_message ? ' - ' : '') . ' ' . $charge->failure_message; + if (empty($stripefailurecode)) { + $stripefailurecode = $charge->failure_code; + } + if (empty($stripefailuremessage)) { + $stripefailuremessage = $charge->failure_message; + } + } else { + $errmsg .= ': failure_code=' . $charge->failure_code; + $errmsg .= ($charge->failure_message ? ' - ' : '') . ' failure_message=' . $charge->failure_message; + if (empty($stripefailurecode)) { + $stripefailurecode = $charge->failure_code; + } + if (empty($stripefailuremessage)) { + $stripefailuremessage = $charge->failure_message; + } + } + } else { + $errmsg .= ': ' . $stripefailurecode . ' - ' . $stripefailuremessage; + $errmsg .= ($stripefailuredeclinecode ? ' - ' . $stripefailuredeclinecode : ''); + } + + $description = 'Stripe payment ERROR from doTakePaymentStripeForThirdparty: ' . $FULLTAG; + $postactionmessages[] = $errmsg . ' (' . $stripearrayofkeys['publishable_key'] . ')'; + $this->errors[] = $errmsg; + } else { + dol_syslog('Successfuly charge card ' . $stripecard->id); + + $postactionmessages[] = 'Success to charge card (' . $charge->id . ' with ' . $stripearrayofkeys['publishable_key'] . ')'; + + // Save a stripe payment was done in realy life so later we will be able to force a commit on recorded payments + // even if in batch mode (method doTakePaymentStripe), we will always make all action in one transaction with a forced commit. + $this->stripechargedone++; + + // Default description used for label of event. Will be overwrite by another value later. + $description = 'Stripe payment OK (' . $charge->id . ') from doTakePaymentStripeForThirdparty: ' . $FULLTAG; + + $db = $this->db; + + $ipaddress = getUserRemoteIP(); + + $TRANSACTIONID = $charge->id; + $currency = $conf->currency; + $paymentmethod = 'stripe'; + $emetteur_name = $charge->customer; + + // Same code than into paymentok.php... + + $paymentTypeId = 0; + if ($paymentmethod == 'paybox') { + $paymentTypeId = $conf->global->PAYBOX_PAYMENT_MODE_FOR_PAYMENTS; + } + if ($paymentmethod == 'paypal') { + $paymentTypeId = $conf->global->PAYPAL_PAYMENT_MODE_FOR_PAYMENTS; + } + if ($paymentmethod == 'stripe') { + $paymentTypeId = $conf->global->STRIPE_PAYMENT_MODE_FOR_PAYMENTS; + } + if (empty($paymentTypeId)) { + //erics + if ($sepaMode) { + $paymentType = 'PRE'; + } else { + $paymentType = $_SESSION["paymentType"]; + if (empty($paymentType)) { + $paymentType = 'CB'; + } + } + $paymentTypeId = dol_getIdFromCode($this->db, $paymentType, 'c_paiement', 'code', 'id', 1); + } + + $currencyCodeType = $currency; + + $ispostactionok = 1; + + // Creation of payment line + include_once DOL_DOCUMENT_ROOT . '/compta/paiement/class/paiement.class.php'; + $paiement = new Paiement($this->db); + $paiement->datepaye = $now; + $paiement->date = $now; + if ($currencyCodeType == $conf->currency) { + $paiement->amounts = [$this->id => $amounttopay]; // Array with all payments dispatching with invoice id + } else { + $paiement->multicurrency_amounts = [$this->id => $amounttopay]; // Array with all payments dispatching + + $postactionmessages[] = 'Payment was done in a different currency than currency expected of company'; + $ispostactionok = -1; + // Not yet supported, so error + $error++; + $errorforinvoice++; + } + $paiement->paiementid = $paymentTypeId; + $paiement->num_paiement = ''; + $paiement->num_payment = ''; + // Add a comment with keyword 'SellYourSaas' in text. Used by trigger. + $paiement->note_public = 'StripeSepa payment ' . dol_print_date($now, 'standard') . ' using ' . $paymentmethod . ($ipaddress ? ' from ip ' . $ipaddress : '') . ' - Transaction ID = ' . $TRANSACTIONID; + $paiement->note_private = 'StripeSepa payment ' . dol_print_date($now, 'standard') . ' using ' . $paymentmethod . ($ipaddress ? ' from ip ' . $ipaddress : '') . ' - Transaction ID = ' . $TRANSACTIONID; + $paiement->ext_payment_id = $charge->id . ':' . $customer->id . '@' . $stripearrayofkeys['publishable_key']; + $paiement->ext_payment_site = 'stripe'; + + if (!$errorforinvoice) { + dol_syslog('* Record payment for invoice id ' . $this->id . '. It includes closing of invoice and regenerating document'); + + // This include closing invoices to 'paid' (and trigger including unsuspending) and regenerating document + $paiement_id = $paiement->create($user, 1); + if ($paiement_id < 0) { + $postactionmessages[] = $paiement->error . ($paiement->error ? ' ' : '') . join("
\n", $paiement->errors); + $ispostactionok = -1; + $error++; + $errorforinvoice++; + } else { + $postactionmessages[] = 'Payment created'; + } + + dol_syslog("The payment has been created for invoice id " . $this->id); + } + + if (!$errorforinvoice && !empty($conf->banque->enabled)) { + dol_syslog('* Add payment to bank'); + + $bankaccountid = 0; + if ($paymentmethod == 'paybox') { + $bankaccountid = $conf->global->PAYBOX_BANK_ACCOUNT_FOR_PAYMENTS; + } + if ($paymentmethod == 'paypal') { + $bankaccountid = $conf->global->PAYPAL_BANK_ACCOUNT_FOR_PAYMENTS; + } + if ($paymentmethod == 'stripe') { + $bankaccountid = $conf->global->STRIPE_BANK_ACCOUNT_FOR_PAYMENTS; + } + + if ($bankaccountid > 0) { + $label = '(CustomerInvoicePayment)'; + if ($this->type == Facture::TYPE_CREDIT_NOTE) { + $label = '(CustomerInvoicePaymentBack)'; + } // Refund of a credit note + $result = $paiement->addPaymentToBank($user, 'payment', $label, $bankaccountid, $emetteur_name, ''); + if ($result < 0) { + $postactionmessages[] = $paiement->error . ($paiement->error ? ' ' : '') . join("
\n", $paiement->errors); + $ispostactionok = -1; + $error++; + $errorforinvoice++; + } else { + $postactionmessages[] = 'Bank transaction of payment created (by doTakePaymentStripeForThirdparty)'; + } + } else { + $postactionmessages[] = 'Setup of bank account to use in module ' . $paymentmethod . ' was not set. No way to record the payment.'; + $ispostactionok = -1; + $error++; + $errorforinvoice++; + } + } + + if ($ispostactionok < 1) { + $description = 'Stripe payment OK (' . $charge->id . ' - ' . $amounttopay . ' ' . $conf->currency . ') but post action KO from doTakePaymentStripeForThirdparty: ' . $FULLTAG; + } else { + $description = 'Stripe payment+post action OK (' . $charge->id . ' - ' . $amounttopay . ' ' . $conf->currency . ') from doTakePaymentStripeForThirdparty: ' . $FULLTAG; + } + } + + $object = $invoice; + + // Send emails + $labeltouse = 'InvoicePaymentSuccess'; + $sendemailtocustomer = 1; + + if (empty($charge) || $charge->status == 'failed') { + $labeltouse = 'InvoicePaymentFailure'; + if ($noemailtocustomeriferror) { + $sendemailtocustomer = 0; + } // $noemailtocustomeriferror is set when error already reported on myaccount screen + } + + // Track an event + if (empty($charge) || $charge->status == 'failed') { + $actioncode = 'PAYMENT_STRIPE_KO'; + $extraparams = $stripefailurecode; + $extraparams .= (($extraparams && $stripefailuremessage) ? ' - ' : '') . $stripefailuremessage; + $extraparams .= (($extraparams && $stripefailuredeclinecode) ? ' - ' : '') . $stripefailuredeclinecode; + } else { + $actioncode = 'PAYMENT_STRIPE_OK'; + $extraparams = ''; + } + } else { + $error++; + $errorforinvoice++; + dol_syslog("No card or payment method found for this stripe customer " . $customer->id, LOG_WARNING); + $this->errors[] = 'Failed to get card | payment method for stripe customer = ' . $customer->id; + + $labeltouse = 'InvoicePaymentFailure'; + $sendemailtocustomer = 1; + if ($noemailtocustomeriferror) { + $sendemailtocustomer = 0; + } // $noemailtocustomeriferror is set when error already reported on myaccount screen + + $description = 'Failed to find or use the payment mode - no credit card defined for the customer account'; + $stripefailurecode = 'BADPAYMENTMODE'; + $stripefailuremessage = 'Failed to find or use the payment mode - no credit card defined for the customer account'; + $postactionmessages[] = $description . ' (' . $stripearrayofkeys['publishable_key'] . ')'; + + $object = $invoice; + + $actioncode = 'PAYMENT_STRIPE_KO'; + $extraparams = ''; + } + } else { + // If error because payment was canceled for a logical reason, we do nothing (no email and no event added) + $labeltouse = ''; + $sendemailtocustomer = 0; + + $description = ''; + $stripefailurecode = ''; + $stripefailuremessage = ''; + + $object = $invoice; + + $actioncode = ''; + $extraparams = ''; + } + } else { // Else of the if ($resultthirdparty > 0 && ! empty($customer)) { + if ($resultthirdparty <= 0) { + dol_syslog('SellYourSaasUtils Failed to load customer for thirdparty_id = ' . $thirdparty->id, LOG_WARNING); + $this->errors[] = 'Failed to load customer for thirdparty_id = ' . $thirdparty->id; + } else { // $customer stripe not found + dol_syslog('SellYourSaasUtils Failed to get Stripe customer id for thirdparty_id = ' . $thirdparty->id . " in mode " . $servicestatus . " in Stripe env " . $stripearrayofkeysbyenv[$servicestatus]['publishable_key'], LOG_WARNING); + $this->errors[] = 'Failed to get Stripe customer id for thirdparty_id = ' . $thirdparty->id . " in mode " . $servicestatus . " in Stripe env " . $stripearrayofkeysbyenv[$servicestatus]['publishable_key']; + } + $error++; + $errorforinvoice++; + + $labeltouse = 'InvoicePaymentFailure'; + $sendemailtocustomer = 1; + if ($noemailtocustomeriferror) { + $sendemailtocustomer = 0; + } // $noemailtocustomeriferror is set when error already reported on myaccount screen + + $description = 'Failed to find or use your payment mode (no payment mode for this customer id)'; + $stripefailurecode = 'BADPAYMENTMODE'; + $stripefailuremessage = 'Failed to find or use your payment mode (no payment mode for this customer id)'; + $postactionmessages = []; + + $object = $invoice; + + $actioncode = 'PAYMENT_STRIPE_KO'; + $extraparams = ''; + } + + // Send email + create action after + if ($sendemailtocustomer && $labeltouse) { + dol_syslog("* Send email with result of payment - " . $labeltouse); + + // Set output language + $outputlangs = new Translate('', $conf); + $outputlangs->setDefaultLang(empty($object->thirdparty->default_lang) ? $mysoc->default_lang : $object->thirdparty->default_lang); + $outputlangs->loadLangs(["main", "members", "bills"]); + + // Get email content from templae + $arraydefaultmessage = null; + + include_once DOL_DOCUMENT_ROOT . '/core/class/html.formmail.class.php'; + $formmail = new FormMail($this->db); + + if (!empty($labeltouse)) { + $arraydefaultmessage = $formmail->getEMailTemplate($this->db, 'facture_send', $user, $outputlangs, 0, 1, $labeltouse); + } + + if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) { + $subject = $arraydefaultmessage->topic; + $msg = $arraydefaultmessage->content; + } + + $substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object); + + //$substitutionarray['__SELLYOURSAAS_PAYMENT_ERROR_DESC__'] = $stripefailurecode . ' ' . $stripefailuremessage; + + complete_substitutions_array($substitutionarray, $outputlangs, $object); + + // Set the property ->ref_customer with ref_customer of contract so __REF_CLIENT__ will be replaced in email content + // Search contract linked to invoice + $foundcontract = null; + $this->fetchObjectLinked(); + if (is_array($this->linkedObjects['contrat']) && count($this->linkedObjects['contrat']) > 0) { + //dol_sort_array($object->linkedObjects['facture'], 'date'); + foreach ($this->linkedObjects['contrat'] as $idcontract => $contract) { + $substitutionarray['__CONTRACT_REF__'] = $contract->ref_customer; + $substitutionarray['__REFCLIENT__'] = $contract->ref_customer; // For backward compatibility + $substitutionarray['__REF_CLIENT__'] = $contract->ref_customer; + $foundcontract = $contract; + break; + } + } + + dol_syslog('__DIRECTDOWNLOAD_URL_INVOICE__=' . $substitutionarray['__DIRECTDOWNLOAD_URL_INVOICE__']); + + //erics - erreur de réécriture de l'url de téléchargement direct de la facture ... le lien de base est le bon + //on cherche donc d'ou vien le pb ... + //$urlforsellyoursaasaccount = getRootUrlForAccount($foundcontract); + // if ($urlforsellyoursaasaccount) { + // $tmpforurl = preg_replace('/.*document.php/', '', $substitutionarray['__DIRECTDOWNLOAD_URL_INVOICE__']); + // if ($tmpforurl) { + // dol_syslog('__DIRECTDOWNLOAD_URL_INVOICE__ cas 1, urlforsellyoursaasaccount=' . $urlforsellyoursaasaccount); + // // $substitutionarray['__DIRECTDOWNLOAD_URL_INVOICE__'] = $urlforsellyoursaasaccount . '/source/document.php' . $tmpforurl; + // } else { + // dol_syslog('__DIRECTDOWNLOAD_URL_INVOICE__ cas 2, urlforsellyoursaasaccount=' . $urlforsellyoursaasaccount); + // // $substitutionarray['__DIRECTDOWNLOAD_URL_INVOICE__'] = $urlforsellyoursaasaccount; + // } + // } + + $subjecttosend = make_substitutions($subject, $substitutionarray, $outputlangs); + $texttosend = make_substitutions($msg, $substitutionarray, $outputlangs); + + // Attach a file ? + $file = ''; + $listofpaths = []; + $listofnames = []; + $listofmimes = []; + if (is_object($invoice)) { + $invoicediroutput = $conf->facture->dir_output; + //erics - choix du PDF a joindre aux mails + $fileparams = dol_most_recent_file($invoicediroutput . '/' . $this->ref, preg_quote($this->ref, '/') . '[^\-]+*.pdf'); + $file = $fileparams['fullname']; + //$file = $invoicediroutput . '/' . $this->ref . '/' . $this->ref . '.pdf'; + // $file = ''; // Disable attachment of invoice in emails + + if ($file) { + $listofpaths = [$file]; + $listofnames = [basename($file)]; + $listofmimes = [dol_mimetype($file)]; + } + } + $from = "";//$conf->global->SELLYOURSAAS_NOREPLY_EMAIL; + + $trackid = 'inv' . $this->id; + $moreinheader = 'X-Dolibarr-Info: doTakeStripePaymentForThirdParty' . "\r\n"; + + // Send email (substitutionarray must be done just before this) + include_once DOL_DOCUMENT_ROOT . '/core/class/CMailFile.class.php'; + $mailfile = new CMailFile($subjecttosend, $this->thirdparty->email, $from, $texttosend, $listofpaths, $listofmimes, $listofnames, '', '', 0, -1, '', '', $trackid, $moreinheader); + if ($mailfile->sendfile()) { + $result = 1; + } else { + $this->error = $langs->trans("ErrorFailedToSendMail", $from, $this->thirdparty->email) . '. ' . $mailfile->error; + $result = -1; + } + + if ($result < 0) { + $errmsg = $this->error; + $postactionmessages[] = $errmsg; + $ispostactionok = -1; + } else { + if ($file) { + $postactionmessages[] = 'Email sent to thirdparty (to ' . $this->thirdparty->email . ' with invoice document attached: ' . $file . ', language = ' . $outputlangs->defaultlang . ')'; + } else { + $postactionmessages[] = 'Email sent to thirdparty (to ' . $this->thirdparty->email . ' without any attached document, language = ' . $outputlangs->defaultlang . ')'; + } + } + } + + if ($description) { + dol_syslog("* Record event for payment result - " . $description); + require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; + + // Insert record of payment (success or error) + $actioncomm = new ActionComm($this->db); + + $actioncomm->type_code = 'AC_OTH_AUTO'; // Type of event ('AC_OTH', 'AC_OTH_AUTO', 'AC_XXX'...) + $actioncomm->code = 'AC_' . $actioncode; + $actioncomm->label = $description; + $actioncomm->note_private = join(",\n", $postactionmessages); + $actioncomm->fk_project = $this->fk_project; + $actioncomm->datep = $now; + $actioncomm->datef = $now; + $actioncomm->percentage = -1; // Not applicable + $actioncomm->socid = $thirdparty->id; + $actioncomm->contactid = 0; + $actioncomm->authorid = $user->id; // User saving action + $actioncomm->userownerid = $user->id; // Owner of action + // Fields when action is a real email (content is already into note) + /*$actioncomm->email_msgid = $object->email_msgid; + $actioncomm->email_from = $object->email_from; + $actioncomm->email_sender= $object->email_sender; + $actioncomm->email_to = $object->email_to; + $actioncomm->email_tocc = $object->email_tocc; + $actioncomm->email_tobcc = $object->email_tobcc; + $actioncomm->email_subject = $object->email_subject; + $actioncomm->errors_to = $object->errors_to;*/ + $actioncomm->fk_element = $this->id; + $actioncomm->elementtype = $this->element; + $actioncomm->extraparams = dol_trunc($extraparams, 250); + + $actioncomm->create($user); + } + + $this->description = $description; + $this->postactionmessages = $postactionmessages; + } catch (Exception $e) { + $error++; + $errorforinvoice++; + dol_syslog('Error ' . $e->getMessage(), LOG_ERR); + $this->errors[] = 'Error ' . $e->getMessage(); + } + } else { // If remain to pay is null + $error++; + $errorforinvoice++; + dol_syslog("Remain to pay is null for the invoice " . $this->id . " " . $this->ref . ". Why is the invoice not classified 'Paid' ?", LOG_WARNING); + $this->errors[] = "Remain to pay is null for the invoice " . $this->id . " " . $this->ref . ". Why is the invoice not classified 'Paid' ?"; + } + + //end copy + // print json_encode($stripecard); + // exit; + + $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'prelevement_facture_demande('; + $sql .= 'fk_facture, '; + $sql .= ' amount, date_demande, fk_user_demande, ext_payment_id, ext_payment_site, sourcetype, entity)'; + $sql .= ' VALUES ('.$this->id; + $sql .= ",'".price2num($amount)."'"; + $sql .= ",'".$this->db->idate($now)."'"; + $sql .= ",".$fuser->id; + $sql .= ",'".$this->db->escape($stripe_id)."'"; + $sql .= ",'".$this->db->escape($stripe_uri)."'"; + $sql .= ",'".$this->db->escape($sourcetype)."'"; + $sql .= ",".$conf->entity; + $sql .= ")"; + + dol_syslog(get_class($this)."::demande_prelevement_stripe", LOG_DEBUG); + $resql = $this->db->query($sql); + if (!$resql) { + $this->error = $this->db->lasterror(); + dol_syslog(get_class($this).'::demande_prelevement_stripe Erreur'); + $error++; + } + } else { + $this->error = 'WithdrawRequestErrorNilAmount'; + dol_syslog(get_class($this).'::demande_prelevement_stripe WithdrawRequestErrorNilAmount'); + $error++; + } + + if (!$error) { + // Force payment mode of invoice to withdraw + $payment_mode_id = dol_getIdFromCode($this->db, ($type == 'bank-transfer' ? 'VIR' : 'PRE'), 'c_paiement', 'code', 'id', 1); + if ($payment_mode_id > 0) { + $result = $this->setPaymentMethods($payment_mode_id); + } + } + + if ($error) { + return -1; + } + return 1; + } else { + $this->error = "A request already exists"; + dol_syslog(get_class($this).'::demande_prelevement_stripe Impossible de creer une demande, demande deja en cours'); + return 0; + } + } else { + $this->error = $this->db->error(); + dol_syslog(get_class($this).'::demande_prelevement_stripe Erreur -2'); + return -2; + } + } else { + $this->error = "Status of invoice does not allow this"; + dol_syslog(get_class($this)."::demande_prelevement_stripe ".$this->error." $this->statut, $this->paye, $this->mode_reglement_id"); + return -3; + } + } + // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Remove a direct debit request or a credit transfer request diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index 1a48da2f752..7c5007ddca2 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -77,6 +77,7 @@ class FormTicket public $withtitletopic; public $withtopicreadonly; + public $withreadid; public $withcompany; // affiche liste déroulante company public $withfromsocid; public $withfromcontactid; diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index cd1ea12bb40..f15d9f4d732 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -52,8 +52,8 @@ class Utils * Purge files into directory of data files. * CAN BE A CRON TASK * - * @param string $choices Choice of purge mode ('tempfiles', 'tempfilesold' to purge temp older than $nbsecondsold seconds, 'logfiles', or mix of this). Note 'allfiles' is possible too but very dangerous. - * @param int $nbsecondsold Nb of seconds old to accept deletion of a directory if $choice is 'tempfilesold' + * @param string $choices Choice of purge mode ('tempfiles', 'tempfilesold' to purge temp older than $nbsecondsold seconds, 'logfiles', or mix of this). Note that 'allfiles' is also possible but very dangerous. + * @param int $nbsecondsold Nb of seconds old to accept deletion of a directory if $choice is 'tempfilesold', or deletion of file if $choice is 'allfiles' * @return int 0 if OK, < 0 if KO (this function is used also by cron so only 0 is OK) */ public function purgeFiles($choices = 'tempfilesold+logfiles', $nbsecondsold = 86400) @@ -67,6 +67,9 @@ class Utils if (empty($choices)) { $choices = 'tempfilesold+logfiles'; } + if ($choices == 'allfiles' && $nbsecondsold > 0) { + $choices = 'allfilesold'; + } dol_syslog("Utils::purgeFiles choice=".$choices, LOG_DEBUG); @@ -77,6 +80,7 @@ class Utils $choicesarray = preg_split('/[\+,]/', $choices); foreach ($choicesarray as $choice) { + $now = dol_now(); $filesarray = array(); if ($choice == 'tempfiles' || $choice == 'tempfilesold') { @@ -85,7 +89,6 @@ class Utils $filesarray = dol_dir_list($dolibarr_main_data_root, "directories", 1, '^temp$', '', 'name', SORT_ASC, 2, 0, '', 1); // Do not follow symlinks if ($choice == 'tempfilesold') { - $now = dol_now(); foreach ($filesarray as $key => $val) { if ($val['date'] > ($now - ($nbsecondsold))) { unset($filesarray[$key]); // Discard temp dir not older than $nbsecondsold @@ -98,7 +101,14 @@ class Utils if ($choice == 'allfiles') { // Delete all files (except install.lock, do not follow symbolic links) if ($dolibarr_main_data_root) { - $filesarray = dol_dir_list($dolibarr_main_data_root, "all", 0, '', 'install\.lock$', 'name', SORT_ASC, 0, 0, '', 1); + $filesarray = dol_dir_list($dolibarr_main_data_root, "all", 0, '', 'install\.lock$', 'name', SORT_ASC, 0, 0, '', 1); // No need to use recursive, we will delete directory + } + } + + if ($choice == 'allfilesold') { + // Delete all files (except install.lock, do not follow symbolic links) + if ($dolibarr_main_data_root) { + $filesarray = dol_dir_list($dolibarr_main_data_root, "files", 1, '', 'install\.lock$', 'name', SORT_ASC, 0, 0, '', 1, $nbsecondsold); // No need to use recursive, we will delete directory } } @@ -138,14 +148,16 @@ class Utils $countdeleted += $tmpcountdeleted; } } elseif ($filesarray[$key]['type'] == 'file') { - // If (file that is not logfile) or (if mode is logfile) - if ($filesarray[$key]['fullname'] != $filelog || $choice == 'logfile' || $choice == 'logfiles') { - $result = dol_delete_file($filesarray[$key]['fullname'], 1, 1); - if ($result) { - $count++; - $countdeleted++; - } else { - $counterror++; + if ($choice != 'allfilesold' || $filesarray[$key]['date'] < ($now - $nbsecondsold)) { + // If (file that is not logfile) or (if mode is logfile) + if ($filesarray[$key]['fullname'] != $filelog || $choice == 'logfile' || $choice == 'logfiles') { + $result = dol_delete_file($filesarray[$key]['fullname'], 1, 1); + if ($result) { + $count++; + $countdeleted++; + } else { + $counterror++; + } } } } diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php index 9b1d78f1694..1fe4ce77414 100644 --- a/htdocs/core/db/mysqli.class.php +++ b/htdocs/core/db/mysqli.class.php @@ -421,7 +421,7 @@ class DoliDBMysqli extends DoliDB if (!is_object($resultset)) { $resultset = $this->_results; } - return $resultset->num_rows; + return isset($resultset->num_rows) ? $resultset->num_rows : 0; } // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 2b53fbbf230..3b3077425a5 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -54,10 +54,11 @@ function dol_basename($pathfile) * @param int $nohook Disable all hooks * @param string $relativename For recursive purpose only. Must be "" at first call. * @param string $donotfollowsymlinks Do not follow symbolic links + * @param string $nbsecondsold Only files older than $nbsecondsold * @return array Array of array('name'=>'xxx','fullname'=>'/abc/xxx','date'=>'yyy','size'=>99,'type'=>'dir|file',...) * @see dol_dir_list_in_database() */ -function dol_dir_list($path, $types = "all", $recursive = 0, $filter = "", $excludefilter = null, $sortcriteria = "name", $sortorder = SORT_ASC, $mode = 0, $nohook = 0, $relativename = "", $donotfollowsymlinks = 0) +function dol_dir_list($path, $types = "all", $recursive = 0, $filter = "", $excludefilter = null, $sortcriteria = "name", $sortorder = SORT_ASC, $mode = 0, $nohook = 0, $relativename = "", $donotfollowsymlinks = 0, $nbsecondsold = 0) { global $db, $hookmanager; global $object; @@ -67,13 +68,14 @@ function dol_dir_list($path, $types = "all", $recursive = 0, $filter = "", $excl //print 'xxx'."files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter); } - $loaddate = ($mode == 1 || $mode == 2) ?true:false; - $loadsize = ($mode == 1 || $mode == 3) ?true:false; - $loadperm = ($mode == 1 || $mode == 4) ?true:false; + $loaddate = ($mode == 1 || $mode == 2 || $nbsecondsold) ? true : false; + $loadsize = ($mode == 1 || $mode == 3) ?true : false; + $loadperm = ($mode == 1 || $mode == 4) ?true : false; // Clean parameters $path = preg_replace('/([\\/]+)$/i', '', $path); $newpath = dol_osencode($path); + $now = dol_now(); $reshook = 0; $file_list = array(); @@ -170,7 +172,7 @@ function dol_dir_list($path, $types = "all", $recursive = 0, $filter = "", $excl if ($recursive > 0) { if (empty($donotfollowsymlinks) || !is_link($path."/".$file)) { //var_dump('eee '. $path."/".$file. ' '.is_dir($path."/".$file).' '.is_link($path."/".$file)); - $file_list = array_merge($file_list, dol_dir_list($path."/".$file, $types, $recursive + 1, $filter, $excludefilter, $sortcriteria, $sortorder, $mode, $nohook, ($relativename != '' ? $relativename.'/' : '').$file, $donotfollowsymlinks)); + $file_list = array_merge($file_list, dol_dir_list($path."/".$file, $types, $recursive + 1, $filter, $excludefilter, $sortcriteria, $sortorder, $mode, $nohook, ($relativename != '' ? $relativename.'/' : '').$file, $donotfollowsymlinks, $nbsecondsold)); } } } elseif (!$isdir && (($types == "files") || ($types == "all"))) { @@ -183,18 +185,20 @@ function dol_dir_list($path, $types = "all", $recursive = 0, $filter = "", $excl } if (!$filter || preg_match('/'.$filter.'/i', $file)) { // We do not search key $filter into $path, only into $file - preg_match('/([^\/]+)\/[^\/]+$/', $path.'/'.$file, $reg); - $level1name = (isset($reg[1]) ? $reg[1] : ''); - $file_list[] = array( - "name" => $file, - "path" => $path, - "level1name" => $level1name, - "relativename" => ($relativename ? $relativename.'/' : '').$file, - "fullname" => $path.'/'.$file, - "date" => $filedate, - "size" => $filesize, - "type" => 'file' - ); + if (empty($nbsecondsold) || $filedate <= ($now - $nbsecondsold)) { + preg_match('/([^\/]+)\/[^\/]+$/', $path.'/'.$file, $reg); + $level1name = (isset($reg[1]) ? $reg[1] : ''); + $file_list[] = array( + "name" => $file, + "path" => $path, + "level1name" => $level1name, + "relativename" => ($relativename ? $relativename.'/' : '').$file, + "fullname" => $path.'/'.$file, + "date" => $filedate, + "size" => $filesize, + "type" => 'file' + ); + } } } } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 7391785312f..a18e3a761a9 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -4955,8 +4955,9 @@ function dol_print_error($db = '', $error = '', $errors = null) $out .= "
\n"; } - // Return a http error code if possible + // Return a http header with error code if possible if (!headers_sent()) { + top_httphead(); http_response_code(500); } diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index d0067d7575b..ce6f9b38320 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -329,11 +329,11 @@ function dolGetLdapPasswordHash($password, $type = 'md5') * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional) * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional) * @param int $isdraft 1=The object with id=$objectid is a draft - * @param int $mode Mode (0=default, 1=return with not die) + * @param int $mode Mode (0=default, 1=return without dieing) * @return int If mode = 0 (default): Always 1, die process if not allowed. If mode = 1: Return 0 if access not allowed. * @see dol_check_secure_access_document(), checkUserAccessToObject() */ -function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0) +function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0) { global $db, $conf; global $hookmanager; @@ -1016,8 +1016,35 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl return true; } + /** - * Show a message to say access is forbidden and stop program + * Show a message to say access is forbidden and stop program. + * This includes only HTTP header. + * Calling this function terminate execution of PHP. + * + * @param string $message Force error message + * @param int $http_response_code HTTP response code + * @param int $stringalreadysanitized 1 if string is already sanitized with HTML entities + * @return void + * @see accessforbidden() + */ +function httponly_accessforbidden($message = 1, $http_response_code = 403, $stringalreadysanitized = 0) +{ + top_httphead(); + http_response_code($http_response_code); + + if ($stringalreadysanitized) { + print $message; + } else { + print htmlentities($message); + } + + exit(1); +} + +/** + * Show a message to say access is forbidden and stop program. + * This includes HTTP and HTML header and footer (except if $printheader and $printfooter is 0, use this case inside an already started page). * Calling this function terminate execution of PHP. * * @param string $message Force error message @@ -1026,10 +1053,12 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl * @param int $showonlymessage Show only message parameter. Otherwise add more information. * @param array|null $params More parameters provided to hook * @return void + * @see httponly_accessforbidden() */ function accessforbidden($message = '', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params = null) { global $conf, $db, $user, $langs, $hookmanager; + if (!is_object($langs)) { include_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php'; $langs = new Translate('', $conf); @@ -1046,10 +1075,10 @@ function accessforbidden($message = '', $printheader = 1, $printfooter = 1, $sho } } print '
'; - if (!$message) { + if (empty($message)) { print $langs->trans("ErrorForbidden"); } else { - print $message; + print $langs->trans($message); } print '
'; print '
'; @@ -1077,6 +1106,7 @@ function accessforbidden($message = '', $printheader = 1, $printfooter = 1, $sho if ($printfooter && function_exists("llxFooter")) { llxFooter(); } + exit(0); } diff --git a/htdocs/core/modules/commande/mod_commande_saphir.php b/htdocs/core/modules/commande/mod_commande_saphir.php index 36efdcc1d88..ad2b109f2d1 100644 --- a/htdocs/core/modules/commande/mod_commande_saphir.php +++ b/htdocs/core/modules/commande/mod_commande_saphir.php @@ -79,7 +79,7 @@ class mod_commande_saphir extends ModeleNumRefCommandes // Parametrage du prefix $texte .= ''; - $texte .= ''; + $texte .= ''; $texte .= ''; @@ -128,7 +128,7 @@ class mod_commande_saphir extends ModeleNumRefCommandes require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // We get cursor rule - $mask = $conf->global->COMMANDE_SAPHIR_MASK; + $mask = getDolGlobalString("COMMANDE_SAPHIR_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/contract/mod_contract_magre.php b/htdocs/core/modules/contract/mod_contract_magre.php index e0c54c1d022..e88d2c46b32 100644 --- a/htdocs/core/modules/contract/mod_contract_magre.php +++ b/htdocs/core/modules/contract/mod_contract_magre.php @@ -85,7 +85,7 @@ class mod_contract_magre extends ModelNumRefContracts $tooltip .= $langs->trans("GenericMaskCodes5"); $texte .= ''; - $texte .= ''; + $texte .= ''; $texte .= ''; $texte .= ''; $texte .= '
".dol_print_date(dol_mktime(1, 1, 1, $mois, 1, 2000), "%B")." '; diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 0b534b18c45..c6ec38abded 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -1278,7 +1278,7 @@ if ($resql) { } // Extra fields $element = 'banktransaction'; - if (is_array($extrafields->attributes[$element]['label']) && count($extrafields->attributes[$element]['label'])) { + if (!empty($extrafields->attributes[$element]['label']) && is_array($extrafields->attributes[$element]['label']) && count($extrafields->attributes[$element]['label'])) { foreach ($extrafields->attributes[$element]['label'] as $key => $val) { if (!empty($arrayfields["ef.".$key]['checked'])) { if (!empty($arrayfields[$key]['checked'])) { diff --git a/htdocs/compta/bank/transfer.php b/htdocs/compta/bank/transfer.php index d613cfcca1c..d896c3e6069 100644 --- a/htdocs/compta/bank/transfer.php +++ b/htdocs/compta/bank/transfer.php @@ -22,9 +22,9 @@ */ /** - * \file htdocs/compta/bank/transfer.php - * \ingroup banque - * \brief Page de saisie d'un virement + * \file htdocs/compta/bank/transfer.php + * \ingroup bank + * \brief Page for entering a bank transfer */ // Load Dolibarr environment @@ -33,7 +33,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/bank.lib.php'; require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; // Load translation files required by the page -$langs->loadLangs(array("banks", "categories", "multicurrency")); +$langs->loadLangs(array('banks', 'categories', 'multicurrency')); + + $socid = 0; if ($user->socid > 0) { $socid = $user->socid; diff --git a/htdocs/compta/bank/treso.php b/htdocs/compta/bank/treso.php index fd910e642e4..32fbe92b90d 100644 --- a/htdocs/compta/bank/treso.php +++ b/htdocs/compta/bank/treso.php @@ -294,7 +294,7 @@ if (GETPOST("account") || GETPOST("ref")) { } print "".$ref."".$mc->label."
'.$langs->trans("Mask").':'.$form->textwithpicto('', $tooltip, 1, 1).''.$form->textwithpicto('', $tooltip, 1, 1).' 
'.$langs->trans("Mask").':'.$form->textwithpicto('', $tooltip, 1, 1).''.$form->textwithpicto('', $tooltip, 1, 1).' 
'; @@ -127,7 +127,7 @@ class mod_contract_magre extends ModelNumRefContracts require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; - $mask = $conf->global->CONTRACT_MAGRE_MASK; + $mask = getDolGlobalString("CONTRACT_MAGRE_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/fichinter/mod_arctic.php b/htdocs/core/modules/fichinter/mod_arctic.php index cb5acddd6e9..8efd936601b 100644 --- a/htdocs/core/modules/fichinter/mod_arctic.php +++ b/htdocs/core/modules/fichinter/mod_arctic.php @@ -84,7 +84,7 @@ class mod_arctic extends ModeleNumRefFicheinter // Setting the prefix $texte .= ''.$langs->trans("Mask").':'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= '  '; @@ -130,7 +130,7 @@ class mod_arctic extends ModeleNumRefFicheinter require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // We define the search criteria of the counter - $mask = $conf->global->FICHINTER_ARTIC_MASK; + $mask = getDolGlobalString("FICHINTER_ARTIC_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/modZapier.class.php b/htdocs/core/modules/modZapier.class.php index 77d80780284..b0a1daf642e 100644 --- a/htdocs/core/modules/modZapier.class.php +++ b/htdocs/core/modules/modZapier.class.php @@ -15,6 +15,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ + /** * \defgroup zapier Module Zapier * \brief Zapier module descriptor. @@ -23,7 +24,8 @@ * \ingroup zapier * \brief Description and activation file for the module Zapier */ -include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; + +require_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; /** * Description and activation class for module Zapier diff --git a/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php b/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php index 8314d62dada..dfcc9273505 100644 --- a/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php +++ b/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php @@ -123,7 +123,7 @@ class doc_generic_proposal_odt extends ModelePDFPropales $texte .= ''; $texte .= ''; $texte .= ''; - if ($conf->global->MAIN_PROPAL_CHOOSE_ODT_DOCUMENT > 0) { + if (getDolGlobalInt("MAIN_PROPAL_CHOOSE_ODT_DOCUMENT") > 0) { $texte .= ''; $texte .= ''; $texte .= ''; @@ -187,7 +187,7 @@ class doc_generic_proposal_odt extends ModelePDFPropales $texte .= '
'; // Set default template for different status of proposal - if ($conf->global->MAIN_PROPAL_CHOOSE_ODT_DOCUMENT > 0) { + if (getDolGlobalInt("MAIN_PROPAL_CHOOSE_ODT_DOCUMENT") > 0) { // Model for creation $list = ModelePDFPropales::liste_modeles($this->db); $texte .= ''; diff --git a/htdocs/core/modules/reception/mod_reception_moonstone.php b/htdocs/core/modules/reception/mod_reception_moonstone.php index e1a5669dc09..40aaa63a7a8 100644 --- a/htdocs/core/modules/reception/mod_reception_moonstone.php +++ b/htdocs/core/modules/reception/mod_reception_moonstone.php @@ -61,7 +61,7 @@ class mod_reception_moonstone extends ModelNumRefReception $tooltip .= $langs->trans("GenericMaskCodes5"); $texte .= ''; - $texte .= ''; + $texte .= ''; $texte .= ''; $texte .= ''; $texte .= '
'.$langs->trans("Mask").':'.$form->textwithpicto('', $tooltip, 1, 1).''.$form->textwithpicto('', $tooltip, 1, 1).' 
'; @@ -106,7 +106,7 @@ class mod_reception_moonstone extends ModelNumRefReception require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; - $mask = $conf->global->RECEPTION_MOONSTONE_MASK; + $mask = getDolGlobalString("RECEPTION_MOONSTONE_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php b/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php index e6838b9c4c4..0aacecc69da 100644 --- a/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php +++ b/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php @@ -67,12 +67,12 @@ class mod_facture_fournisseur_tulip extends ModeleNumRefSuppliersInvoices */ public function info() { - global $conf, $langs; + global $conf, $langs, $db; // Load translation files required by the page $langs->loadLangs(array("bills", "admin")); - $form = new Form($this->db); + $form = new Form($db); $texte = $langs->trans('GenericNumRefModelDesc')."
\n"; $texte .= '
'; @@ -93,7 +93,7 @@ class mod_facture_fournisseur_tulip extends ModeleNumRefSuppliersInvoices // Setting the prefix $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("InvoiceStandard").')'; $texte .= ':'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= '  '; @@ -101,19 +101,19 @@ class mod_facture_fournisseur_tulip extends ModeleNumRefSuppliersInvoices // Prefix setting of credit note $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("InvoiceAvoir").'):'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= ''; if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) { // Parametrage du prefix des replacement $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("InvoiceReplacement").'):'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= ''; } // Prefix setting of deposit $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("InvoiceDeposit").'):'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= ''; $texte .= ''; @@ -159,16 +159,16 @@ class mod_facture_fournisseur_tulip extends ModeleNumRefSuppliersInvoices // Get Mask value $mask = ''; if (is_object($object) && $object->type == 1) { - $mask = $conf->global->SUPPLIER_REPLACEMENT_TULIP_MASK; + $mask = getDolGlobalString("SUPPLIER_REPLACEMENT_TULIP_MASK"); if (!$mask) { - $mask = $conf->global->SUPPLIER_INVOICE_TULIP_MASK; + $mask = getDolGlobalString("SUPPLIER_INVOICE_TULIP_MASK"); } } elseif (is_object($object) && $object->type == 2) { - $mask = $conf->global->SUPPLIER_CREDIT_TULIP_MASK; + $mask = getDolGlobalString("SUPPLIER_CREDIT_TULIP_MASK"); } elseif (is_object($object) && $object->type == 3) { - $mask = $conf->global->SUPPLIER_DEPOSIT_TULIP_MASK; + $mask = getDolGlobalString("SUPPLIER_DEPOSIT_TULIP_MASK"); } else { - $mask = $conf->global->SUPPLIER_INVOICE_TULIP_MASK; + $mask = getDolGlobalString("SUPPLIER_INVOICE_TULIP_MASK"); } if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php b/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php index 473664cb44c..8f67f28b42d 100644 --- a/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php +++ b/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php @@ -85,7 +85,7 @@ class mod_commande_fournisseur_orchidee extends ModeleNumRefSuppliersOrders // Parametrage du prefix $texte .= ''.$langs->trans("Mask").':'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= '  '; @@ -131,7 +131,7 @@ class mod_commande_fournisseur_orchidee extends ModeleNumRefSuppliersOrders require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // On defini critere recherche compteur - $mask = $conf->global->COMMANDE_FOURNISSEUR_ORCHIDEE_MASK; + $mask = getDolGlobalString("COMMANDE_FOURNISSEUR_ORCHIDEE_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php b/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php index 0bc0543e6cd..292662a14ad 100644 --- a/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php +++ b/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php @@ -61,11 +61,11 @@ class mod_supplier_payment_brodator extends ModeleNumRefSupplierPayments */ public function info() { - global $conf, $langs; + global $conf, $langs, $db; $langs->load("bills"); - $form = new Form($this->db); + $form = new Form($db); $texte = $langs->trans('GenericNumRefModelDesc')."
\n"; $texte .= ''; @@ -82,7 +82,7 @@ class mod_supplier_payment_brodator extends ModeleNumRefSupplierPayments // Parametrage du prefix $texte .= ''.$langs->trans("Mask").':'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= '  '; @@ -128,7 +128,7 @@ class mod_supplier_payment_brodator extends ModeleNumRefSupplierPayments require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // We get cursor rule - $mask = $conf->global->SUPPLIER_PAYMENT_BRODATOR_MASK; + $mask = getDolGlobalString("SUPPLIER_PAYMENT_BRODATOR_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/supplier_proposal/doc/pdf_aurore.modules.php b/htdocs/core/modules/supplier_proposal/doc/pdf_aurore.modules.php index 28c8ed0a3bd..8ca9a36b0f8 100644 --- a/htdocs/core/modules/supplier_proposal/doc/pdf_aurore.modules.php +++ b/htdocs/core/modules/supplier_proposal/doc/pdf_aurore.modules.php @@ -1323,7 +1323,7 @@ class pdf_aurore extends ModelePDFSupplierProposal } } else { $text = $this->emetteur->name; - $pdf->MultiCell(100, 4, $outputlangs->convToOutputCharset($text), 0, $ltrdirection); + $pdf->MultiCell(100, 4, $outputlangs->convToOutputCharset($text), 0); } } @@ -1343,11 +1343,11 @@ class pdf_aurore extends ModelePDFSupplierProposal $posy += 1; $pdf->SetFont('', '', $default_font_size - 2); - if ($object->ref_client) { + if ($object->ref_fourn) { $posy += 4; $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); - $pdf->MultiCell(100, 3, $outputlangs->transnoentities("RefCustomer")." : ".dol_trunc($outputlangs->convToOutputCharset($object->ref_client), 65), '', 'R'); + $pdf->MultiCell(100, 3, $outputlangs->transnoentities("RefSupplier")." : ".dol_trunc($outputlangs->convToOutputCharset($object->ref_fourn), 65), '', 'R'); } /* PHFAVRE $posy+=4; diff --git a/htdocs/core/modules/ticket/mod_ticket_universal.php b/htdocs/core/modules/ticket/mod_ticket_universal.php index 2c46376eea1..8efc2f6a4e5 100644 --- a/htdocs/core/modules/ticket/mod_ticket_universal.php +++ b/htdocs/core/modules/ticket/mod_ticket_universal.php @@ -81,7 +81,7 @@ class mod_ticket_universal extends ModeleNumRefTicket // Parametrage du prefix $texte .= ''.$langs->trans("Mask").':'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= '  '; @@ -127,7 +127,7 @@ class mod_ticket_universal extends ModeleNumRefTicket include_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // On defini critere recherche compteur - $mask = $conf->global->TICKET_UNIVERSAL_MASK; + $mask = getDolGlobalString("TICKET_UNIVERSAL_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php index b07bb66b46c..f179ea9ed36 100644 --- a/htdocs/core/tpl/login.tpl.php +++ b/htdocs/core/tpl/login.tpl.php @@ -33,10 +33,8 @@ if (empty($conf) || !is_object($conf)) { // DDOS protection $size = (empty($_SERVER['CONTENT_LENGTH']) ? 0 : (int) $_SERVER['CONTENT_LENGTH']); if ($size > 10000) { - http_response_code(413); $langs->loadLangs(array("errors", "install")); - accessforbidden('
'.$langs->trans("ErrorRequestTooLarge").'.
'.$langs->trans("ClickHereToGoToApp").'
', 0, 0, 1); - exit; + httponly_accessforbidden('
'.$langs->trans("ErrorRequestTooLarge").'.
'.$langs->trans("ClickHereToGoToApp").'
', 413, 1); } require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; diff --git a/htdocs/core/tpl/passwordforgotten.tpl.php b/htdocs/core/tpl/passwordforgotten.tpl.php index 6d52cfff267..9aaba5745bb 100644 --- a/htdocs/core/tpl/passwordforgotten.tpl.php +++ b/htdocs/core/tpl/passwordforgotten.tpl.php @@ -30,10 +30,8 @@ if (empty($conf) || !is_object($conf)) { // DDOS protection $size = (int) $_SERVER['CONTENT_LENGTH']; if ($size > 10000) { - http_response_code(413); $langs->loadLangs(array("errors", "install")); - accessforbidden('
'.$langs->trans("ErrorRequestTooLarge").'
'.$langs->trans("ClickHereToGoToApp").'
', 0, 0, 1); - exit; + httponly_accessforbidden('
'.$langs->trans("ErrorRequestTooLarge").'
'.$langs->trans("ClickHereToGoToApp").'
', 413, 1); } require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php index 3bbfe225bee..2bdc9080b78 100644 --- a/htdocs/core/website.inc.php +++ b/htdocs/core/website.inc.php @@ -75,6 +75,18 @@ if ($pageid > 0) { if (!defined('USEDOLIBARREDITOR') && (in_array($websitepage->type_container, array('menu', 'other')) || empty($websitepage->status) && !defined('USEDOLIBARRSERVER'))) { $weblangs->load("website"); + + // Security options + + // X-Content-Type-Options + header("X-Content-Type-Options: nosniff"); + + // X-Frame-Options + if (empty($websitepage->allowed_in_frames) && empty($conf->global->WEBSITE_ALLOW_FRAMES_ON_ALL_PAGES)) { + header("X-Frame-Options: SAMEORIGIN"); + } + + //httponly_accessforbidden('


'.$weblangs->trans("YouTryToAccessToAFileThatIsNotAWebsitePage", $websitepage->pageurl, $websitepage->type_container, $websitepage->status).'
', 404, 1); http_response_code(404); print '


'.$weblangs->trans("YouTryToAccessToAFileThatIsNotAWebsitePage", $websitepage->pageurl, $websitepage->type_container, $websitepage->status).'
'; exit; @@ -198,9 +210,21 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') { // If we browsi } } -// Show off line message +// Show off line message when all website is off if (!defined('USEDOLIBARREDITOR') && empty($website->status)) { + // Security options + + // X-Content-Type-Options + header("X-Content-Type-Options: nosniff"); + + // X-Frame-Options + if (empty($websitepage->allowed_in_frames) && empty($conf->global->WEBSITE_ALLOW_FRAMES_ON_ALL_PAGES)) { + header("X-Frame-Options: SAMEORIGIN"); + } + $weblangs->load("website"); + + //httponly_accessforbidden('


'.$weblangs->trans("SorryWebsiteIsCurrentlyOffLine").'
', 503, 1); http_response_code(503); print '


'.$weblangs->trans("SorryWebsiteIsCurrentlyOffLine").'
'; exit; diff --git a/htdocs/document.php b/htdocs/document.php index 65e5cce7e5f..4f6652fafda 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -104,10 +104,10 @@ $entity = GETPOST('entity', 'int') ?GETPOST('entity', 'int') : $conf->entity; // Security check if (empty($modulepart) && empty($hashp)) { - accessforbidden('Bad link. Bad value for parameter modulepart', 0, 0, 1); + httponly_accessforbidden('Bad link. Bad value for parameter modulepart', 400); } if (empty($original_file) && empty($hashp)) { - accessforbidden('Bad link. Missing identification to find file (original_file or hashp)', 0, 0, 1); + httponly_accessforbidden('Bad link. Missing identification to find file (original_file or hashp)', 400); } if ($modulepart == 'fckeditor') { $modulepart = 'medias'; // For backward compatibility @@ -158,7 +158,7 @@ if (!empty($hashp)) { $original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir //var_dump($original_file); exit; } else { - accessforbidden('Bad link. File is from another module part.', 0, 0, 1); + httponly_accessforbidden('Bad link. File is from another module part.', 403); } } else { $modulepart = $moduleparttocheck; @@ -171,7 +171,7 @@ if (!empty($hashp)) { } } else { $langs->load("errors"); - accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 0, 0, 1); + httponly_accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 403, 1); } } diff --git a/htdocs/eventorganization/conferenceorboothattendee_note.php b/htdocs/eventorganization/conferenceorboothattendee_note.php index b6e343e4496..adc4a1683b8 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_note.php +++ b/htdocs/eventorganization/conferenceorboothattendee_note.php @@ -38,7 +38,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index 936f12e5d1f..4b8c1cffc6d 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -189,7 +189,9 @@ $arrayfields = array( 'state.nom'=>array('label'=>"StateShort", 'enabled'=>1, 'position'=>48), 'country.code_iso'=>array('label'=>"Country", 'enabled'=>1, 'position'=>49), 'typent.code'=>array('label'=>"ThirdPartyType", 'enabled'=>$checkedtypetiers, 'position'=>50), - 'u.login'=>array('label'=>"AuthorRequest", 'enabled'=>1, 'position'=>51) + 'u.login'=>array('label'=>"AuthorRequest", 'enabled'=>1, 'position'=>51), + 'cf.note_public'=>array('label'=>'NotePublic', 'checked'=>0, 'enabled'=>(empty($conf->global->MAIN_LIST_ALLOW_PUBLIC_NOTES)), 'position'=>100), + 'cf.note_private'=>array('label'=>'NotePrivate', 'checked'=>0, 'enabled'=>(empty($conf->global->MAIN_LIST_ALLOW_PRIVATE_NOTES)), 'position'=>110), ); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field @@ -1441,6 +1443,16 @@ if ($resql) { print ''; print ''; } + // Note public + if (!empty($arrayfields['cf.note_public']['checked'])) { + print ''; + print ''; + } + // Note private + if (!empty($arrayfields['cf.note_private']['checked'])) { + print ''; + print ''; + } // Action column print ''; $searchpicto = $form->showFilterButtons(); @@ -1541,6 +1553,12 @@ if ($resql) { if (!empty($arrayfields['cf.date_approve']['checked'])) { print_liste_field_titre($arrayfields['cf.date_approve']['label'], $_SERVER["PHP_SELF"], 'cf.date_approve', '', $param, '', $sortfield, $sortorder, 'center '); } + if (!empty($arrayfields['cf.note_public']['checked'])) { + print_liste_field_titre($arrayfields['cf.note_public']['label'], $_SERVER["PHP_SELF"], "cf.note_public", "", $param, '', $sortfield, $sortorder, 'center '); + } + if (!empty($arrayfields['cf.note_private']['checked'])) { + print_liste_field_titre($arrayfields['cf.note_private']['label'], $_SERVER["PHP_SELF"], "cf.note_private", "", $param, '', $sortfield, $sortorder, 'center '); + } print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', '', '', $sortfield, $sortorder, 'center maxwidthsearch '); print "\n"; @@ -1868,6 +1886,25 @@ if ($resql) { $totalarray['nbfield']++; } } + // Note public + if (!empty($arrayfields['cf.note_public']['checked'])) { + print ''; + print dol_string_nohtmltag($obj->note_public); + print ''; + if (!$i) { + $totalarray['nbfield']++; + } + } + + // Note private + if (!empty($arrayfields['cf.note_private']['checked'])) { + print ''; + print dol_string_nohtmltag($obj->note_private); + print ''; + if (!$i) { + $totalarray['nbfield']++; + } + } // Action column print ''; diff --git a/htdocs/hrm/admin/admin_establishment.php b/htdocs/hrm/admin/admin_establishment.php index 223f8a720d5..f28c0285e1f 100644 --- a/htdocs/hrm/admin/admin_establishment.php +++ b/htdocs/hrm/admin/admin_establishment.php @@ -53,10 +53,10 @@ if (empty($page) || $page == -1) { $page = 0; } +$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; -$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; /* diff --git a/htdocs/hrm/establishment/card.php b/htdocs/hrm/establishment/card.php index 71c48b63011..14ae1364494 100644 --- a/htdocs/hrm/establishment/card.php +++ b/htdocs/hrm/establishment/card.php @@ -255,7 +255,7 @@ if ($action == 'create') { } // Part to edit record -if (($id || $ref) && $action == 'edit') { +if ((!empty($id) || !empty($ref)) && $action == 'edit') { $result = $object->fetch($id); if ($result > 0) { $head = establishment_prepare_head($object); diff --git a/htdocs/hrm/position.php b/htdocs/hrm/position.php index 2659321e5fc..24ce9ec3b51 100644 --- a/htdocs/hrm/position.php +++ b/htdocs/hrm/position.php @@ -41,7 +41,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/hrm/skill_card.php b/htdocs/hrm/skill_card.php index 9093766d3ed..4fd3a0bc28b 100644 --- a/htdocs/hrm/skill_card.php +++ b/htdocs/hrm/skill_card.php @@ -47,7 +47,7 @@ $cancel = GETPOST('cancel', 'aZ09'); $contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'skillcard'; // To manage different context of search $backtopage = GETPOST('backtopage', 'alpha'); $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha'); -//$lineid = GETPOST('lineid', 'int'); +$lineid = GETPOST('lineid', 'int'); // Initialize technical objects $object = new Skill($db); @@ -577,7 +577,7 @@ if ($action != "create" && $action != "edit") { $title = $langs->transnoentitiesnoconv("Skilldets"); $morejs = array(); $morecss = array(); - + $nbtotalofrecords = 0; // Build and execute select // -------------------------------------------------------------------- @@ -626,8 +626,10 @@ if ($action != "create" && $action != "edit") { print ''; } - $param_fk = "&fk_skill=" . $id . "&fk_user_creat=" . $user->rowid; + $param_fk = "&fk_skill=" . $id . "&fk_user_creat=" . (!empty($user->rowid) ? $user->rowid :0); $backtopage = dol_buildpath('/hrm/skill_card.php', 1) . '?id=' . $id; + $param = ""; + $massactionbutton = ""; //$newcardbutton = dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', dol_buildpath('/hrm/skilldet_card.php', 1) . '?action=create&backtopage=' . urlencode($_SERVER['PHP_SELF']) . $param_fk . '&backtopage=' . $backtopage, '', $permissiontoadd); print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'object_' . $object->picto, 0, "", '', '', 0, 0, 1); @@ -688,7 +690,7 @@ if ($action != "create" && $action != "edit") { // $cssforfield .= ($cssforfield ? ' ' : '') . 'right'; // } if (!empty($arrayfields['t.' . $key]['checked'])) { - print getTitleFieldOfList($arrayfields['t.' . $key]['label'], 0, $_SERVER['PHP_SELF'], 't.' . $key, '', $param, ($cssforfield ? 'class="' . $cssforfield . '"' : ''), $sortfield, $sortorder, ($cssforfield ? $cssforfield . ' ' : '')) . "\n"; + print getTitleFieldOfList($arrayfields['t.' . $key]['label'], 0, $_SERVER['PHP_SELF'], 't.' . $key, '', $param, (!empty($cssforfield) ? 'class="' . $cssforfield . '"' : ''), $sortfield, $sortorder, (!empty($cssforfield) ? $cssforfield . ' ' : '')) . "\n"; } } print ''; @@ -814,8 +816,7 @@ if ($action != "create" && $action != "edit") { print '' . $langs->trans("NoRecordFound") . ''; } - - $db->free($resql); + if (!empty($resql)) $db->free($resql); $parameters = array('arrayfields' => $arrayfields, 'sql' => $sql); $reshook = $hookmanager->executeHooks('printFieldListFooter', $parameters, $objectline); // Note that $action and $objectline may have been modified by hook diff --git a/htdocs/hrm/skill_tab.php b/htdocs/hrm/skill_tab.php index c48a7c405c6..393e20ba3c4 100644 --- a/htdocs/hrm/skill_tab.php +++ b/htdocs/hrm/skill_tab.php @@ -64,7 +64,9 @@ if (in_array($objecttype, $TAuthorizedObjects)) { } elseif ($objecttype == "user") { $object = new User($db); } -} else accessforbidden($langs->trans('ErrorBadObjectType')); +} else { + accessforbidden('ErrorBadObjectType'); +} $hookmanager->initHooks(array('skilltab', 'globalcard')); // Note that conf->hooks_modules contains array diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index b47199e8fe2..fba4f286b62 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -292,7 +292,8 @@ ErrorThirpdartyOrMemberidIsMandatory=Third party or Member of partnership is man ErrorFailedToWriteInTempDirectory=Failed to write in temp directory ErrorQuantityIsLimitedTo=Quantity is limited to %s ErrorFailedToLoadThirdParty=Failed to find/load thirdparty from id=%s, email=%s, name=%s - +ErrorThisPaymentModeIsNotSepa=This payment mode is not a bank account + # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup. WarningPasswordSetWithNoAccount=A password was set for this member. However, no user account was created. So this password is stored but can't be used to login to Dolibarr. It may be used by an external module/interface but if you don't need to define any login nor password for a member, you can disable option "Manage a login for each member" from Member module setup. If you need to manage a login but don't need any password, you can keep this field empty to avoid this warning. Note: Email can also be used as a login if the member is linked to a user. diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 06ff00e474f..6d89923f20e 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -547,12 +547,12 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt( ) { // If token is not provided or empty, error (we are in case it is mandatory) if (!GETPOST('token', 'alpha') || GETPOST('token', 'alpha') == 'notrequired') { + top_httphead(); if (GETPOST('uploadform', 'int')) { dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused. File size too large or not provided."); $langs->loadLangs(array("errors", "install")); print $langs->trans("ErrorFileSizeTooLarge").' '; print $langs->trans("ErrorGoBackAndCorrectParameters"); - die; } else { http_response_code(403); if (defined('CSRFCHECK_WITH_TOKEN')) { @@ -567,8 +567,8 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt( } print " into setup).\n"; } - die; } + die; } } @@ -851,12 +851,16 @@ if (!defined('NOLOGIN')) { // No data to test login, so we show the login page. dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." - action=".GETPOST('action', 'aZ09')." - actionlogin=".GETPOST('actionlogin', 'aZ09')." - showing the login form and exit", LOG_INFO); if (defined('NOREDIRECTBYMAINTOLOGIN')) { + // When used with NOREDIRECTBYMAINTOLOGIN set, the http header must already be set when including the main. + // See example with selectsearchbox.php. This case is reserverd for the selectesearchbox.php so we can + // report a message to ask to login when search ajax component is used after a timeout. + //top_httphead(); return 'ERROR_NOT_LOGGED'; } else { if ($_SERVER["HTTP_USER_AGENT"] == 'securitytest') { http_response_code(401); // It makes easier to understand if session was broken during security tests } - dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : '')); + dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : '')); // This include http headers } exit; } @@ -1242,8 +1246,7 @@ if (!defined('NOLOGIN')) { // If not active, we refuse the user $langs->loadLangs(array("errors", "other")); dol_syslog("Authentication KO as login is disabled", LOG_NOTICE); - accessforbidden($langs->trans("ErrorLoginDisabled")); - exit; + accessforbidden("ErrorLoginDisabled"); } // Load permissions diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index e25350f9e16..8441dd530ee 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -82,10 +82,10 @@ $idmodule= GETPOST('idmodule', 'alpha'); // Security check if (!isModEnabled('modulebuilder')) { - accessforbidden(); + accessforbidden('Module ModuleBuilder not enabled'); } if (!$user->admin && empty($conf->global->MODULEBUILDER_FOREVERYONE)) { - accessforbidden($langs->trans('ModuleBuilderNotAllowed')); + accessforbidden('ModuleBuilderNotAllowed'); } diff --git a/htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php b/htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php index 290048785fd..280f62dc2c1 100644 --- a/htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php +++ b/htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php @@ -46,12 +46,8 @@ class mailing_mailinglist_mymodule_myobject extends MailingTargets */ public function __construct($db) { - global $conf; - $this->db = $db; - if (is_array($conf->modules)) { - $this->enabled = in_array('mymodule', $conf->modules) ? 1 : 0; - } + $this->enabled = isModEnabled('mymodule'); } diff --git a/htdocs/modulebuilder/template/myobject_agenda.php b/htdocs/modulebuilder/template/myobject_agenda.php index 6cc99f4f34d..0a397dceaa6 100644 --- a/htdocs/modulebuilder/template/myobject_agenda.php +++ b/htdocs/modulebuilder/template/myobject_agenda.php @@ -38,7 +38,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 7ecce8c745f..aa2680ea568 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -38,7 +38,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification @@ -248,8 +247,7 @@ llxHeader('', $title, $help_url); // Part to create if ($action == 'create') { if (empty($permissiontoadd)) { - accessforbidden($langs->trans('NotEnoughPermissions'), 0, 1); - exit; + accessforbidden('NotEnoughPermissions', 0, 1); } print load_fiche_titre($langs->trans("NewObject", $langs->transnoentitiesnoconv("MyObject")), '', 'object_'.$object->picto); diff --git a/htdocs/modulebuilder/template/myobject_document.php b/htdocs/modulebuilder/template/myobject_document.php index d06eb61ba0e..4a4b68391bc 100644 --- a/htdocs/modulebuilder/template/myobject_document.php +++ b/htdocs/modulebuilder/template/myobject_document.php @@ -38,7 +38,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification @@ -143,7 +142,13 @@ if ($enablepermissioncheck) { if (!isModEnabled("mymodule")) { accessforbidden(); } -if (!$permissiontoread) accessforbidden(); +if (!$permissiontoread) { + accessforbidden(); +} +if (empty($object->id)) { + accessforbidden(); +} + /* @@ -164,100 +169,94 @@ $help_url = ''; //$help_url='EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas'; llxHeader('', $title, $help_url); -if ($object->id) { - /* - * Show tabs - */ - $head = myobjectPrepareHead($object); +// Show tabs +$head = myobjectPrepareHead($object); - print dol_get_fiche_head($head, 'document', $langs->trans("MyObject"), -1, $object->picto); +print dol_get_fiche_head($head, 'document', $langs->trans("MyObject"), -1, $object->picto); - // Build file list - $filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); - $totalsize = 0; - foreach ($filearray as $key => $file) { - $totalsize += $file['size']; - } - - // Object card - // ------------------------------------------------------------ - $linkback = ''.$langs->trans("BackToList").''; - - $morehtmlref = '
'; - /* - // Ref customer - $morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); - $morehtmlref.=$form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1); - // Thirdparty - $morehtmlref.='
'.$langs->trans('ThirdParty') . ' : ' . (is_object($object->thirdparty) ? $object->thirdparty->getNomUrl(1) : ''); - // Project - if (!empty($conf->project->enabled)) - { - $langs->load("projects"); - $morehtmlref.='
'.$langs->trans('Project') . ' '; - if ($permissiontoadd) - { - if ($action != 'classify') - //$morehtmlref.='' . img_edit($langs->transnoentitiesnoconv('SetProject')) . ' : '; - $morehtmlref.=' : '; - if ($action == 'classify') { - //$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1); - $morehtmlref.=''; - $morehtmlref.=''; - $morehtmlref.=''; - $morehtmlref.=$formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref.=''; - $morehtmlref.=''; - } else { - $morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); - } - } else { - if (!empty($object->fk_project)) { - $proj = new Project($db); - $proj->fetch($object->fk_project); - $morehtmlref .= ': '.$proj->getNomUrl(); - } else { - $morehtmlref .= ''; - } - } - }*/ - $morehtmlref .= '
'; - - dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); - - print '
'; - - print '
'; - print ''; - - // Number of files - print ''; - - // Total size - print ''; - - print '
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.$totalsize.' '.$langs->trans("bytes").'
'; - - print '
'; - - print dol_get_fiche_end(); - - $modulepart = 'mymodule'; - //$permissiontoadd = $user->rights->mymodule->myobject->write; - $permissiontoadd = 1; - //$permtoedit = $user->rights->mymodule->myobject->write; - $permtoedit = 1; - $param = '&id='.$object->id; - - //$relativepathwithnofile='myobject/' . dol_sanitizeFileName($object->id).'/'; - $relativepathwithnofile = 'myobject/'.dol_sanitizeFileName($object->ref).'/'; - - include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; -} else { - accessforbidden('', 0, 1); +// Build file list +$filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); +$totalsize = 0; +foreach ($filearray as $key => $file) { + $totalsize += $file['size']; } +// Object card +// ------------------------------------------------------------ +$linkback = ''.$langs->trans("BackToList").''; + +$morehtmlref = '
'; +/* + // Ref customer + $morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); + $morehtmlref.=$form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1); + // Thirdparty + $morehtmlref.='
'.$langs->trans('ThirdParty') . ' : ' . (is_object($object->thirdparty) ? $object->thirdparty->getNomUrl(1) : ''); + // Project + if (!empty($conf->project->enabled)) + { + $langs->load("projects"); + $morehtmlref.='
'.$langs->trans('Project') . ' '; + if ($permissiontoadd) + { + if ($action != 'classify') + //$morehtmlref.='' . img_edit($langs->transnoentitiesnoconv('SetProject')) . ' : '; + $morehtmlref.=' : '; + if ($action == 'classify') { + //$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1); + $morehtmlref.='
'; + $morehtmlref.=''; + $morehtmlref.=''; + $morehtmlref.=$formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); + $morehtmlref.=''; + $morehtmlref.='
'; + } else { + $morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); + } + } else { + if (!empty($object->fk_project)) { + $proj = new Project($db); + $proj->fetch($object->fk_project); + $morehtmlref .= ': '.$proj->getNomUrl(); + } else { + $morehtmlref .= ''; + } + } + }*/ +$morehtmlref .= '
'; + +dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); + +print '
'; + +print '
'; +print ''; + +// Number of files +print ''; + +// Total size +print ''; + +print '
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.$totalsize.' '.$langs->trans("bytes").'
'; + +print '
'; + +print dol_get_fiche_end(); + +$modulepart = 'mymodule'; +//$permissiontoadd = $user->rights->mymodule->myobject->write; +$permissiontoadd = 1; +//$permtoedit = $user->rights->mymodule->myobject->write; +$permtoedit = 1; +$param = '&id='.$object->id; + +//$relativepathwithnofile='myobject/' . dol_sanitizeFileName($object->id).'/'; +$relativepathwithnofile = 'myobject/'.dol_sanitizeFileName($object->ref).'/'; + +include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; + // End of page llxFooter(); $db->close(); diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index 987b58f2369..789a5d2312d 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -38,7 +38,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/modulebuilder/template/myobject_note.php b/htdocs/modulebuilder/template/myobject_note.php index 6b03ddbf8c6..e97d131551a 100644 --- a/htdocs/modulebuilder/template/myobject_note.php +++ b/htdocs/modulebuilder/template/myobject_note.php @@ -38,7 +38,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/modulebuilder/template/scripts/mymodule.php b/htdocs/modulebuilder/template/scripts/mymodule.php index 860c3a54bec..2d9b3aac79c 100644 --- a/htdocs/modulebuilder/template/scripts/mymodule.php +++ b/htdocs/modulebuilder/template/scripts/mymodule.php @@ -39,7 +39,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification if (!defined('NOSESSION')) define('NOSESSION', '1'); // On CLI mode, no need to use web sessions diff --git a/htdocs/mrp/mo_card.php b/htdocs/mrp/mo_card.php index 5d06f8c0f52..cda6088a982 100644 --- a/htdocs/mrp/mo_card.php +++ b/htdocs/mrp/mo_card.php @@ -16,11 +16,12 @@ */ /** - * \file mo_card.php - * \ingroup mrp - * \brief Page to create/edit/view mo + * \file htdocs/mrp/mo_card.php + * \ingroup mrp + * \brief Page to create/edit/view MO Manufacturing Order */ + // Load Dolibarr environment require '../main.inc.php'; @@ -35,7 +36,8 @@ require_once DOL_DOCUMENT_ROOT.'/bom/lib/bom.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("mrp", "other")); +$langs->loadLangs(array('mrp', 'other')); + // Get parameters $id = GETPOST('id', 'int'); @@ -97,6 +99,7 @@ if (GETPOST('fk_bom', 'int') > 0) { $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); $result = restrictedArea($user, 'mrp', $object->id, 'mrp_mo', '', 'fk_soc', 'rowid', $isdraft); +// Permissions $permissionnote = $user->rights->mrp->write; // Used by the include of actions_setnotes.inc.php $permissiondellink = $user->rights->mrp->write; // Used by the include of actions_dellink.inc.php $permissiontoadd = $user->rights->mrp->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php diff --git a/htdocs/multicurrency/multicurrency_rate.php b/htdocs/multicurrency/multicurrency_rate.php index 312f9f95559..7e9000909f1 100644 --- a/htdocs/multicurrency/multicurrency_rate.php +++ b/htdocs/multicurrency/multicurrency_rate.php @@ -27,9 +27,9 @@ */ /** - * \file htdocs/multicurrency/multicurrency_rate.php - * \ingroup multicurrency - * \brief Page to list multicurrency rate + * \file htdocs/multicurrency/multicurrency_rate.php + * \ingroup multicurrency + * \brief Page to list multicurrency rate */ // Load Dolibarr environment @@ -37,9 +37,11 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/multicurrency.lib.php'; + // Load translation files required by the page $langs->loadLangs(array('multicurrency')); +// Get Parameters $action = GETPOST('action', 'alpha'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); @@ -70,12 +72,13 @@ if (!$sortfield) $sortfield = "cr.date_sync"; if (!$sortorder) $sortorder = "DESC"; -// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks +// Initialize technical objects $object = new CurrencyRate($db); - -$extrafields = new ExtraFields($db); $form = new Form($db); +$extrafields = new ExtraFields($db); + +// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks $hookmanager->initHooks(array('EditorRatelist', 'globallist')); if (empty($action)) { diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php index fa6201eb77f..2fa2f6d9f31 100644 --- a/htdocs/opensurvey/card.php +++ b/htdocs/opensurvey/card.php @@ -18,16 +18,16 @@ */ /** - * \file htdocs/opensurvey/card.php - * \ingroup opensurvey - * \brief Page to edit survey + * \file htdocs/opensurvey/card.php + * \ingroup opensurvey + * \brief Page to edit survey */ // Load Dolibarr environment require '../main.inc.php'; +require_once DOL_DOCUMENT_ROOT."/core/class/doleditor.class.php"; require_once DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php"; require_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"; -require_once DOL_DOCUMENT_ROOT."/core/class/doleditor.class.php"; require_once DOL_DOCUMENT_ROOT."/opensurvey/class/opensurveysondage.class.php"; require_once DOL_DOCUMENT_ROOT."/opensurvey/lib/opensurvey.lib.php"; @@ -37,7 +37,7 @@ if (empty($user->rights->opensurvey->read)) { accessforbidden(); } -// Initialisation des variables +// Initialize Variables $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); @@ -47,6 +47,7 @@ if (GETPOST('id')) { $numsondage = (string) GETPOST('id', 'alpha'); } +// Initialize objects $object = new Opensurveysondage($db); $result = $object->fetch(0, $numsondage); diff --git a/htdocs/opensurvey/exportcsv.php b/htdocs/opensurvey/exportcsv.php index 26fd6f57168..a7e8b709793 100644 --- a/htdocs/opensurvey/exportcsv.php +++ b/htdocs/opensurvey/exportcsv.php @@ -1,6 +1,6 @@ - * Copyright (C) 2014 Marcos García +/* Copyright (C) 2013 Laurent Destailleur + * Copyright (C) 2014 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,9 +17,9 @@ */ /** - * \file htdocs/opensurvey/exportcsv.php - * \ingroup opensurvey - * \brief Page to list surveys + * \file htdocs/opensurvey/exportcsv.php + * \ingroup opensurvey + * \brief Page to list surveys */ @@ -29,12 +29,14 @@ require_once DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php"; require_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"; require_once DOL_DOCUMENT_ROOT."/opensurvey/class/opensurveysondage.class.php"; + $action = GETPOST('action', 'aZ09'); $numsondage = ''; if (GETPOST('id')) { $numsondage = GETPOST("id", 'alpha'); } +// Initialize Objects $object = new Opensurveysondage($db); $result = $object->fetch(0, $numsondage); if ($result <= 0) { diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 17387e3948d..dd0a2cd75e0 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -44,19 +44,19 @@ // Load Dolibarr environment require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/canvas.class.php'; -require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; -require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/product.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/product.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/modules/product/modules_product.class.php'; +require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; +require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; +require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; -if (isModEnabled("propal")) { +if (isModEnabled('propal')) { require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; } if (isModEnabled('facture')) { @@ -91,7 +91,7 @@ $mesg = ''; $error = 0; $errors = array(); $refalreadyexists = 0; // Get parameters -$id = GETPOST('id', 'int'); +$id = GETPOST('id', 'int'); $ref = (GETPOSTISSET('ref') ? GETPOST('ref', 'alpha') : null); $type = (GETPOSTISSET('type') ? GETPOST('type', 'int') : Product::TYPE_PRODUCT); $action = (GETPOST('action', 'alpha') ? GETPOST('action', 'alpha') : 'view'); @@ -184,7 +184,8 @@ if ($object->id > 0) { // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productcard', 'globalcard')); -$usercanread = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->lire) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->lire)); +// Permissions +$usercanread = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->lire) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->lire)); $usercancreate = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer)); $usercandelete = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->supprimer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->supprimer)); diff --git a/htdocs/projet/class/projectstats.class.php b/htdocs/projet/class/projectstats.class.php index f1295c10424..322277187f7 100644 --- a/htdocs/projet/class/projectstats.class.php +++ b/htdocs/projet/class/projectstats.class.php @@ -32,6 +32,11 @@ class ProjectStats extends Stats public $status; public $opp_status; + //SQL stat + public $field; + public $from; + public $where; + /** * Constructor @@ -46,6 +51,18 @@ class ProjectStats extends Stats require_once 'project.class.php'; $this->project = new Project($this->db); + + $this->from = MAIN_DB_PREFIX.$this->project->table_element; + $this->field = 'opp_amount'; + $this->where = " entity = ".$conf->entity; + if ($this->socid > 0) { + $this->where .= " AND fk_soc = ".((int) $this->socid); + } + if (is_array($this->userid) && count($this->userid) > 0) { + $this->where .= ' AND fk_user IN ('.$this->db->sanitize(join(',', $this->userid)).')'; + } elseif ($this->userid > 0) { + $this->where .= " AND fk_user = ".((int) $this->userid); + } } @@ -538,7 +555,6 @@ class ProjectStats extends Stats { $sql = "SELECT date_format(datef,'%m') as dm, AVG(f.".$this->field.")"; $sql .= " FROM ".$this->from; - $sql .= $this->join; $sql .= " WHERE f.datef BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'"; $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; diff --git a/htdocs/public/agenda/agendaexport.php b/htdocs/public/agenda/agendaexport.php index aa145326dbb..e8d9f986f91 100644 --- a/htdocs/public/agenda/agendaexport.php +++ b/htdocs/public/agenda/agendaexport.php @@ -85,7 +85,7 @@ require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; // Security check if (empty($conf->agenda->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Agenda not enabled'); } // Not older than diff --git a/htdocs/public/cron/cron_run_jobs_by_url.php b/htdocs/public/cron/cron_run_jobs_by_url.php index fa81b8d8bd7..497c68954db 100644 --- a/htdocs/public/cron/cron_run_jobs_by_url.php +++ b/htdocs/public/cron/cron_run_jobs_by_url.php @@ -75,7 +75,7 @@ $langs->loadLangs(array("admin", "cron", "dict")); // Security check if (empty($conf->cron->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Cron not enabled'); } diff --git a/htdocs/public/demo/index.php b/htdocs/public/demo/index.php index 93aeff82157..2762a57eced 100644 --- a/htdocs/public/demo/index.php +++ b/htdocs/public/demo/index.php @@ -52,7 +52,7 @@ $conf->dol_use_jmobile = GETPOST('dol_use_jmobile', 'int'); // Security check global $dolibarr_main_demo; if (empty($dolibarr_main_demo)) { - accessforbidden('Parameter dolibarr_main_demo must be defined in conf file with value "default login,default pass" to enable the demo entry page', 0, 0, 1); + httponly_accessforbidden('Parameter dolibarr_main_demo must be defined in conf file with value "default login,default pass" to enable the demo entry page'); } // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context diff --git a/htdocs/public/donations/donateurs_code.php b/htdocs/public/donations/donateurs_code.php index 675566fad44..5fb3798f428 100644 --- a/htdocs/public/donations/donateurs_code.php +++ b/htdocs/public/donations/donateurs_code.php @@ -61,7 +61,7 @@ require_once DOL_DOCUMENT_ROOT.'/don/class/don.class.php'; // Security check if (empty($conf->don->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Donation not enabled'); } diff --git a/htdocs/public/eventorganization/attendee_new.php b/htdocs/public/eventorganization/attendee_new.php index 3b45ba7374a..589bf2c8dac 100644 --- a/htdocs/public/eventorganization/attendee_new.php +++ b/htdocs/public/eventorganization/attendee_new.php @@ -139,7 +139,7 @@ $user->loadDefaultValues(); // Security check if (empty($conf->eventorganization->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Event organization not enabled'); } diff --git a/htdocs/public/eventorganization/subscriptionok.php b/htdocs/public/eventorganization/subscriptionok.php index 9e07f17d3cb..745c9885647 100644 --- a/htdocs/public/eventorganization/subscriptionok.php +++ b/htdocs/public/eventorganization/subscriptionok.php @@ -78,7 +78,7 @@ if ($securekeyreceived != $securekeytocompare) { // Security check if (empty($conf->eventorganization->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Event organization not enabled'); } diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index 2a69b4b0ef0..0a1ebc0600e 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -86,12 +86,11 @@ $langs->loadLangs(array("main", "members", "companies", "install", "other")); // Security check if (empty($conf->adherent->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Membership not enabled'); } if (empty($conf->global->MEMBER_ENABLE_PUBLIC)) { - print $langs->trans("Auto subscription form for public visitors has not been enabled"); - exit; + httponly_accessforbidden("Auto subscription form for public visitors has not been enabled"); } // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context diff --git a/htdocs/public/members/public_card.php b/htdocs/public/members/public_card.php index 6e58d51681b..ffce8730d8f 100644 --- a/htdocs/public/members/public_card.php +++ b/htdocs/public/members/public_card.php @@ -54,7 +54,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; // Security check if (empty($conf->adherent->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Memebership no enabled'); } diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php index 09eb36b6f47..700c0383516 100644 --- a/htdocs/public/members/public_list.php +++ b/htdocs/public/members/public_list.php @@ -50,7 +50,7 @@ require '../../main.inc.php'; // Security check if (empty($conf->adherent->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Membership not enabled'); } diff --git a/htdocs/public/onlinesign/newonlinesign.php b/htdocs/public/onlinesign/newonlinesign.php index 57deb1c6459..19fd85ace7e 100644 --- a/htdocs/public/onlinesign/newonlinesign.php +++ b/htdocs/public/onlinesign/newonlinesign.php @@ -82,13 +82,6 @@ $ref = $REF = GETPOST("ref", 'alpha'); if (empty($source)) { $source = 'proposal'; } - -if (!$action) { - if ($source && !$ref) { - print $langs->trans('ErrorBadParameters')." - ref missing"; - exit; - } -} if (!empty($refusepropal)) { $action = "refusepropal"; } @@ -124,15 +117,12 @@ $urlko = preg_replace('/&$/', '', $urlko); // Remove last & $creditor = $mysoc->name; $type = $source; -if ($source == 'proposal') { - require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; - $object = new Propal($db); - $result= $object->fetch(0, $ref, '', $entity); -} else { - accessforbidden('Bad value for source'); - exit; -} +if (!$action) { + if ($source && !$ref) { + httponly_accessforbidden($langs->trans('ErrorBadParameters')." - ref missing", 400, 1); + } +} // Check securitykey $securekeyseed = ''; @@ -140,10 +130,16 @@ if ($source == 'proposal') { $securekeyseed = getDolGlobalString('PROPOSAL_ONLINE_SIGNATURE_SECURITY_TOKEN'); } -if (!dol_verifyHash($securekeyseed.$type.$ref.(!isModEnabled('multicompany') ? '' : $entity), $SECUREKEY, '0')) { - http_response_code(403); - print 'Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref); - exit(-1); +if (!dol_verifyHash($securekeyseed.$type.$ref.(isModEnabled('multicompany') ? $entity : ''), $SECUREKEY, '0')) { + httponly_accessforbidden('Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref), 403, 1); +} + +if ($source == 'proposal') { + require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; + $object = new Propal($db); + $result= $object->fetch(0, $ref, '', $entity); +} else { + httponly_accessforbidden($langs->trans('ErrorBadParameters')." - Bad value for source", 400, 1); } diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index cc49dff5b50..bd49b6afbe4 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -60,7 +60,7 @@ $canbemodified = ((empty($object->date_fin) || $object->date_fin > dol_now()) && // Security check if (empty($conf->opensurvey->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Survey not enabled'); } @@ -75,7 +75,7 @@ $listofvoters = explode(',', $_SESSION["savevoter"]); // Add comment if (GETPOST('ajoutcomment', 'alpha')) { if (!$canbemodified) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('ErrorForbidden'); } $error = 0; @@ -109,7 +109,7 @@ if (GETPOST('ajoutcomment', 'alpha')) { // Add vote if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // boutonp for chrome, boutonp_x for firefox if (!$canbemodified) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('ErrorForbidden'); } //Si le nom est bien entré @@ -215,7 +215,7 @@ if ($testmodifier) { } if (!$canbemodified) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('ErrorForbidden'); } $idtomodify = GETPOST("idtomodify".$modifier); @@ -233,7 +233,7 @@ if ($testmodifier) { $idcomment = GETPOST('deletecomment', 'int'); if ($idcomment) { if (!$canbemodified) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('ErrorForbidden'); } $resql = $object->deleteComment($idcomment); diff --git a/htdocs/public/partnership/new.php b/htdocs/public/partnership/new.php index b38ca18a1eb..68e9034a761 100644 --- a/htdocs/public/partnership/new.php +++ b/htdocs/public/partnership/new.php @@ -72,12 +72,11 @@ $langs->loadLangs(array("main", "members", "partnership", "companies", "install" // Security check if (empty($conf->partnership->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Partnership not enabled'); } if (empty($conf->global->PARTNERSHIP_ENABLE_PUBLIC)) { - print $langs->trans("Auto subscription form for public visitors has not been enabled"); - exit; + httponly_accessforbidden("Auto subscription form for public visitors has not been enabled"); } // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context diff --git a/htdocs/public/payment/paymentko.php b/htdocs/public/payment/paymentko.php index 7c9def65c96..5bf9b6115ed 100644 --- a/htdocs/public/payment/paymentko.php +++ b/htdocs/public/payment/paymentko.php @@ -109,7 +109,7 @@ if (!empty($conf->stripe->enabled)) { // Security check if (empty($validpaymentmethod)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('No valid payment mode'); } diff --git a/htdocs/public/payment/paymentok.php b/htdocs/public/payment/paymentok.php index 8c793f6bbaa..b8e4e9d4e19 100644 --- a/htdocs/public/payment/paymentok.php +++ b/htdocs/public/payment/paymentok.php @@ -139,7 +139,7 @@ if (!empty($conf->stripe->enabled)) { // Security check if (empty($validpaymentmethod)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('No valid payment mode'); } diff --git a/htdocs/public/project/index.php b/htdocs/public/project/index.php index 917f2cda531..dfcfde94b17 100644 --- a/htdocs/public/project/index.php +++ b/htdocs/public/project/index.php @@ -85,7 +85,7 @@ if ($resultproject < 0) { // Security check if (empty($conf->project->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Project not enabled'); } diff --git a/htdocs/public/project/new.php b/htdocs/public/project/new.php index 3594d227f41..61bbd23ea61 100644 --- a/htdocs/public/project/new.php +++ b/htdocs/public/project/new.php @@ -83,7 +83,7 @@ $user->loadDefaultValues(); // Security check if (empty($conf->project->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Project not enabled'); } diff --git a/htdocs/public/project/suggestbooth.php b/htdocs/public/project/suggestbooth.php index 98173d2eebf..f42e75b21b1 100644 --- a/htdocs/public/project/suggestbooth.php +++ b/htdocs/public/project/suggestbooth.php @@ -106,7 +106,7 @@ $arrayofconfboothtype = $cactioncomm->liste_array('', 'id', '', 0, "module='boot // Security check if (empty($conf->eventorganization->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Event organization not enabled'); } diff --git a/htdocs/public/project/suggestconference.php b/htdocs/public/project/suggestconference.php index b19a7f40637..f0b9299f980 100644 --- a/htdocs/public/project/suggestconference.php +++ b/htdocs/public/project/suggestconference.php @@ -107,7 +107,7 @@ $arrayofconfboothtype = $cactioncomm->liste_array('', 'id', '', 0, "module='conf // Security check if (empty($conf->eventorganization->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Event organization not enabled'); } diff --git a/htdocs/public/project/viewandvote.php b/htdocs/public/project/viewandvote.php index c7461835615..1d9fc58c810 100644 --- a/htdocs/public/project/viewandvote.php +++ b/htdocs/public/project/viewandvote.php @@ -92,7 +92,7 @@ if ($resultproject < 0) { // Security check if (empty($conf->eventorganization->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Event organization not enabled'); } diff --git a/htdocs/public/recruitment/index.php b/htdocs/public/recruitment/index.php index 4656216364e..bb135d54d50 100644 --- a/htdocs/public/recruitment/index.php +++ b/htdocs/public/recruitment/index.php @@ -81,7 +81,7 @@ $urlwithroot = DOL_MAIN_URL_ROOT; // This is to use same domain name than curren // Security check if (empty($conf->recruitment->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Recruitment not enabled'); } diff --git a/htdocs/public/recruitment/view.php b/htdocs/public/recruitment/view.php index 92400498801..24c0eaf6088 100644 --- a/htdocs/public/recruitment/view.php +++ b/htdocs/public/recruitment/view.php @@ -78,7 +78,7 @@ $urlwithroot = DOL_MAIN_URL_ROOT; // This is to use same domain name than curren // Security check if (empty($conf->recruitment->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Recruitment not enabled'); } diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php index 6cebee29cd8..dd5b1db148f 100644 --- a/htdocs/public/stripe/ipn.php +++ b/htdocs/public/stripe/ipn.php @@ -50,11 +50,6 @@ require_once DOL_DOCUMENT_ROOT.'/includes/stripe/stripe-php/init.php'; require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php'; -if (empty($conf->stripe->enabled)) { - accessforbidden('', 0, 0, 1); -} - - // You can find your endpoint's secret in your webhook settings if (isset($_GET['connect'])) { if (isset($_GET['test'])) { @@ -78,10 +73,12 @@ if (isset($_GET['connect'])) { } } +if (empty($conf->stripe->enabled)) { + httponly_accessforbidden('Module Stripe not enabled'); +} + if (empty($endpoint_secret)) { - print 'Error: Setup of module Stripe not complete for mode '.$service.'. The WEBHOOK_KEY is not defined.'; - http_response_code(400); // PHP 5.4 or greater - exit(); + httponly_accessforbidden('Error: Setup of module Stripe not complete for mode '.dol_escape_htmltag($service).'. The WEBHOOK_KEY is not defined.', 400, 1); } if (!empty($conf->global->STRIPE_USER_ACCOUNT_FOR_ACTIONS)) { @@ -90,9 +87,7 @@ if (!empty($conf->global->STRIPE_USER_ACCOUNT_FOR_ACTIONS)) { $user->fetch($conf->global->STRIPE_USER_ACCOUNT_FOR_ACTIONS); $user->getrights(); } else { - print 'Error: Setup of module Stripe not complete for mode '.$service.'. The STRIPE_USER_ACCOUNT_FOR_ACTIONS is not defined.'; - http_response_code(400); // PHP 5.4 or greater - exit(); + httponly_accessforbidden('Error: Setup of module Stripe not complete for mode '.dol_escape_htmltag($service).'. The STRIPE_USER_ACCOUNT_FOR_ACTIONS is not defined.', 400, 1); } @@ -114,12 +109,9 @@ try { $event = \Stripe\Webhook::constructEvent($payload, $sig_header, $endpoint_secret); } catch (\UnexpectedValueException $e) { // Invalid payload - http_response_code(400); // PHP 5.4 or greater - exit(); + httponly_accessforbidden('Invalid payload', 400); } catch (\Stripe\Error\SignatureVerification $e) { - // Invalid signature - http_response_code(400); // PHP 5.4 or greater - exit(); + httponly_accessforbidden('Invalid signature', 400); } // Do something with $event @@ -156,6 +148,7 @@ if (!empty($conf->global->MAIN_APPLICATION_TITLE)) { $societeName = $conf->global->MAIN_APPLICATION_TITLE; } +top_httphead(); dol_syslog("***** Stripe IPN was called with event->type = ".$event->type); @@ -196,11 +189,10 @@ if ($event->type == 'payout.created') { $ret = $mailfile->sendfile(); - http_response_code(200); // PHP 5.4 or greater return 1; } else { $error++; - http_response_code(500); // PHP 5.4 or greater + http_response_code(500); return -1; } } elseif ($event->type == 'payout.paid') { @@ -288,7 +280,6 @@ if ($event->type == 'payout.created') { $ret = $mailfile->sendfile(); - http_response_code(200); return 1; } else { $error++; @@ -397,4 +388,4 @@ if ($event->type == 'payout.created') { // This event is deprecated. } -http_response_code(200); +// End of page. Default return HTTP code will be 200 diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index e95c60f205c..b4df70e3dd8 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -92,7 +92,7 @@ if (!empty($conf->global->TICKET_CREATE_THIRD_PARTY_WITH_CONTACT_IF_NOT_EXIST)) $extrafields->fetch_name_optionals_label($object->table_element); if (empty($conf->ticket->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Ticket not enabled'); } diff --git a/htdocs/public/ticket/index.php b/htdocs/public/ticket/index.php index d764fdc57a5..bec8417b492 100644 --- a/htdocs/public/ticket/index.php +++ b/htdocs/public/ticket/index.php @@ -60,7 +60,7 @@ $action = GETPOST('action', 'aZ09'); $suffix = ""; if (empty($conf->ticket->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Ticket not enabled'); } diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 3dc9c19aaf4..fb0316dcd56 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -80,7 +80,7 @@ $object = new Ticket($db); $hookmanager->initHooks(array('ticketpubliclist', 'globalcard')); if (empty($conf->ticket->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Ticket not enabled'); } diff --git a/htdocs/public/ticket/view.php b/htdocs/public/ticket/view.php index 846db5ed1fe..4bc9071218a 100644 --- a/htdocs/public/ticket/view.php +++ b/htdocs/public/ticket/view.php @@ -74,7 +74,7 @@ if (isset($_SESSION['email_customer'])) { $object = new ActionsTicket($db); if (empty($conf->ticket->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Ticket not enabled'); } diff --git a/htdocs/societe/agenda.php b/htdocs/societe/agenda.php index c0525767527..3a4ca2df6f5 100644 --- a/htdocs/societe/agenda.php +++ b/htdocs/societe/agenda.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // Load translation files required by the page -$langs->loadLangs(array('bills', 'companies', 'orders', 'propal')); +$langs->loadLangs(array('agenda', 'bills', 'companies', 'orders', 'propal')); if (GETPOST('actioncode', 'array')) { diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index 4ddbd1c613f..c3ecbe31ccd 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -47,6 +47,9 @@ class CompanyBankAccount extends Account public $rum; public $date_rum; + public $stripe_card_ref; // ID of BAN into an external payment system + public $stripe_account; // Account of the external payment system + /** * Date creation record (datec) * @@ -187,6 +190,8 @@ class CompanyBankAccount extends Account } else { $sql .= ",label = NULL"; } + $sql .= ",stripe_card_ref = '".$this->db->escape($this->stripe_card_ref)."'"; + $sql .= ",stripe_account = '".$this->db->escape($this->stripe_account)."'"; $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); @@ -232,7 +237,8 @@ class CompanyBankAccount extends Account } $sql = "SELECT rowid, type, fk_soc, bank, number, code_banque, code_guichet, cle_rib, bic, iban_prefix as iban, domiciliation, proprio,"; - $sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur, date_rum"; + $sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur, date_rum,"; + $sql .= " stripe_card_ref, stripe_account"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib"; if ($id) { $sql .= " WHERE rowid = ".((int) $id); @@ -274,6 +280,8 @@ class CompanyBankAccount extends Account $this->rum = $obj->rum; $this->frstrecur = $obj->frstrecur; $this->date_rum = $this->db->jdate($obj->date_rum); + $this->stripe_card_ref = $obj->stripe_card_ref; + $this->stripe_account = $obj->stripe_account; } $this->db->free($resql); diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php index 92c7efb63d9..fccb1ae3044 100644 --- a/htdocs/societe/document.php +++ b/htdocs/societe/document.php @@ -92,7 +92,9 @@ if ($user->socid > 0) { } $result = restrictedArea($user, 'societe', $object->id, '&societe'); -$permissiontoadd = $user->rights->societe->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles +if (empty($object->id)) { + accessforbidden(); +} /* @@ -115,88 +117,80 @@ if (!empty($conf->global->MAIN_HTML_TITLE) && preg_match('/thirdpartynameonly/', $help_url = 'EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas'; llxHeader('', $title, $help_url); -if ($object->id) { - /* - * Show tabs - */ - if (!empty($conf->notification->enabled)) { - $langs->load("mails"); - } - $head = societe_prepare_head($object); - - $form = new Form($db); - - print dol_get_fiche_head($head, 'document', $langs->trans("ThirdParty"), -1, 'company'); - - - // Build file list - $filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); - $totalsize = 0; - foreach ($filearray as $key => $file) { - $totalsize += $file['size']; - } - - $linkback = ''.$langs->trans("BackToList").''; - - dol_banner_tab($object, 'socid', $linkback, ($user->socid ? 0 : 1), 'rowid', 'nom'); - - print '
'; - - print '
'; - print ''; - - // Type Prospect/Customer/Supplier - print ''; - - // Prefix - if (!empty($conf->global->SOCIETE_USEPREFIX)) { // Old not used prefix field - print ''; - } - - if ($object->client) { - print ''; - } - - if ($object->fournisseur) { - print ''; - } - - // Number of files - print ''; - - // Total size - print ''; - - print '
'.$langs->trans('NatureOfThirdParty').''; - print $object->getTypeUrl(1); - print '
'.$langs->trans('Prefix').''.$object->prefix_comm.'
'; - print $langs->trans('CustomerCode').''; - print showValueWithClipboardCPButton(dol_escape_htmltag($object->code_client)); - $tmpcheck = $object->check_codeclient(); - if ($tmpcheck != 0 && $tmpcheck != -5) { - print ' ('.$langs->trans("WrongCustomerCode").')'; - } - print '
'; - print $langs->trans('SupplierCode').''; - print showValueWithClipboardCPButton(dol_escape_htmltag($object->code_fournisseur)); - $tmpcheck = $object->check_codefournisseur(); - if ($tmpcheck != 0 && $tmpcheck != -5) { - print ' ('.$langs->trans("WrongSupplierCode").')'; - } - print '
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.dol_print_size($totalsize, 1, 1).'
'; - - print '
'; - - print dol_get_fiche_end(); - - $modulepart = 'societe'; - $permissiontoadd = $user->rights->societe->creer; - $permtoedit = $user->rights->societe->creer; - $param = '&id='.$object->id; - include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; -} else { - accessforbidden('', 0, 0); +// Show tabs +if (!empty($conf->notification->enabled)) { + $langs->load("mails"); } +$head = societe_prepare_head($object); + +print dol_get_fiche_head($head, 'document', $langs->trans("ThirdParty"), -1, 'company'); + + +// Build file list +$filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); +$totalsize = 0; +foreach ($filearray as $key => $file) { + $totalsize += $file['size']; +} + +$linkback = ''.$langs->trans("BackToList").''; + +dol_banner_tab($object, 'socid', $linkback, ($user->socid ? 0 : 1), 'rowid', 'nom'); + +print '
'; + +print '
'; +print ''; + +// Type Prospect/Customer/Supplier +print ''; + +// Prefix +if (!empty($conf->global->SOCIETE_USEPREFIX)) { // Old not used prefix field + print ''; +} + +if ($object->client) { + print ''; +} + +if ($object->fournisseur) { + print ''; +} + +// Number of files +print ''; + +// Total size +print ''; + +print '
'.$langs->trans('NatureOfThirdParty').''; +print $object->getTypeUrl(1); +print '
'.$langs->trans('Prefix').''.$object->prefix_comm.'
'; + print $langs->trans('CustomerCode').''; + print showValueWithClipboardCPButton(dol_escape_htmltag($object->code_client)); + $tmpcheck = $object->check_codeclient(); + if ($tmpcheck != 0 && $tmpcheck != -5) { + print ' ('.$langs->trans("WrongCustomerCode").')'; + } + print '
'; + print $langs->trans('SupplierCode').''; + print showValueWithClipboardCPButton(dol_escape_htmltag($object->code_fournisseur)); + $tmpcheck = $object->check_codefournisseur(); + if ($tmpcheck != 0 && $tmpcheck != -5) { + print ' ('.$langs->trans("WrongSupplierCode").')'; + } + print '
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.dol_print_size($totalsize, 1, 1).'
'; + +print '
'; + +print dol_get_fiche_end(); + +$modulepart = 'societe'; +$permissiontoadd = $user->rights->societe->creer; +$permtoedit = $user->rights->societe->creer; +$param = '&id='.$object->id; +include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; // End of page llxFooter(); diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index e7899db813e..7e3c916ec27 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -175,6 +175,12 @@ if (empty($reshook)) { $companybankaccount->rum = $prelevement->buildRumNumber($object->code_client, $companybankaccount->datec, $companybankaccount->id); } + if (GETPOST('stripe_card_ref', 'alpha') && GETPOST('stripe_card_ref', 'alpha') != $companypaymentmode->stripe_card_ref) { + // If we set a stripe value that is different than previous one, we also set the stripe account + $companypaymentmode->stripe_account = $stripecu.'@'.$site_account; + } + $companybankaccount->stripe_card_ref = GETPOST('stripe_card_ref', 'alpha'); + $result = $companybankaccount->update($user); if (!$result) { setEventMessages($companybankaccount->error, $companybankaccount->errors, 'errors'); @@ -416,6 +422,7 @@ if (empty($reshook)) { if ($action == 'confirm_deletecard' && GETPOST('confirm', 'alpha') == 'yes') { $companypaymentmode = new CompanyPaymentMode($db); if ($companypaymentmode->fetch($ribid ? $ribid : $id)) { + // TODO This is currently done at bottom of page instead of asking confirm /*if ($companypaymentmode->stripe_card_ref && preg_match('/pm_/', $companypaymentmode->stripe_card_ref)) { $payment_method = \Stripe\PaymentMethod::retrieve($companypaymentmode->stripe_card_ref); @@ -440,6 +447,16 @@ if (empty($reshook)) { if ($action == 'confirm_delete' && GETPOST('confirm', 'alpha') == 'yes') { $companybankaccount = new CompanyBankAccount($db); if ($companybankaccount->fetch($ribid ? $ribid : $id)) { + // TODO This is currently done at bottom of page instead of asking confirm + /*if ($companypaymentmode->stripe_card_ref && preg_match('/pm_/', $companypaymentmode->stripe_card_ref)) + { + $payment_method = \Stripe\PaymentMethod::retrieve($companypaymentmode->stripe_card_ref); + if ($payment_method) + { + $payment_method->detach(); + } + }*/ + $result = $companybankaccount->delete($user); if ($result > 0) { $url = $_SERVER['PHP_SELF']."?socid=".$object->id; @@ -505,7 +522,7 @@ if (empty($reshook)) { } if (!$error) { - // Creation of Stripe card + update of societe_account + // Creation of Stripe card + update of llx_societe_rib // Note that with the new Stripe API, option to create a card is no more available, instead an error message will be returned to // ask to create the crdit card from Stripe backoffice. $card = $stripe->cardStripe($cu, $companypaymentmode, $stripeacc, $servicestatus, 1); @@ -517,18 +534,13 @@ if (empty($reshook)) { } } if ($action == 'syncsepatostripe') { - $companybankaccount->fetch(GETPOST('bankid', 'int')); - // print "stripe account = " . json_encode($stripe->getStripeAccount($service)); - // print json_encode($companybankaccount); - // print "fetch id = " . json_encode($socid); - - $companypaymentmode = new CompanyPaymentMode($db); - $companypaymentmode->fetch(null, null, $socid); - // print json_encode($companypaymentmode); + $companypaymentmode = new CompanyPaymentMode($db); // Get record in llx_societe_rib + $companypaymentmode->fetch($id); if ($companypaymentmode->type != 'ban') { $error++; - setEventMessages('ThisPaymentModeIsNotSepa', null, 'errors'); + $langs->load("errors"); + setEventMessages('ThisPaymentModeIsNotABan', null, 'errors'); } else { // Get the Stripe customer $cu = $stripe->customerStripe($object, $stripeacc, $servicestatus); @@ -539,13 +551,13 @@ if (empty($reshook)) { } if (!$error) { - // Creation of Stripe SEPA + update of societe_account + // Creation of Stripe SEPA + update of llx_societe_rib $card = $stripe->sepaStripe($cu, $companypaymentmode, $stripeacc, $servicestatus, 1); if (!$card) { $error++; setEventMessages($stripe->error, $stripe->errors, 'errors'); } else { - setEventMessages("", array("SEPA on Stripe", "SEPA IBAN is now linked to the Stripe customer account !")); + setEventMessages("", array("Bank Account on Stripe", "BAN is now linked to the Stripe customer account !")); } } } @@ -711,6 +723,37 @@ if (empty($reshook)) { $error++; setEventMessages($e->getMessage(), null, 'errors'); } + } elseif ($action == 'delete' && $source) { + try { + if (preg_match('/pm_/', $source)) { + $payment_method = \Stripe\PaymentMethod::retrieve($source, array("stripe_account" => $stripeacc)); + if ($payment_method) { + $payment_method->detach(); + } + } else { + $cu = $stripe->customerStripe($object, $stripeacc, $servicestatus); + $card = $cu->sources->retrieve("$source"); + if ($card) { + // $card->detach(); Does not work with card_, only with src_ + if (method_exists($card, 'detach')) { + $card->detach(); + $sql = "UPDATE ".MAIN_DB_PREFIX."societe_rib as sr "; + $sql .= " SET stripe_card_ref = null"; + $sql .= " WHERE sr.stripe_card_ref = '".$db->escape($source)."'"; + $resql = $db->query($sql); + } else { + $card->delete(); + } + } + } + + $url = DOL_URL_ROOT.'/societe/paymentmodes.php?socid='.$object->id; + header('Location: '.$url); + exit; + } catch (Exception $e) { + $error++; + setEventMessages($e->getMessage(), null, 'errors'); + } } } } @@ -938,70 +981,75 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print '
'; - // List of Stripe payment modes - if (!(empty($conf->stripe->enabled)) && $object->client) { + $showcardpaymentmode = 0; + if (isModEnabled('stripe')) { + $showcardpaymentmode++; + } + + // Get list of remote payment modes + $listofsources = array(); + + if (is_object($stripe)) { + try { + $customerstripe = $stripe->customerStripe($object, $stripeacc, $servicestatus); + if (!empty($customerstripe->id)) { + // When using the Charge API architecture + if (empty($conf->global->STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION)) { + $listofsources = $customerstripe->sources->data; + } else { + $service = 'StripeTest'; + $servicestatus = 0; + if (!empty($conf->global->STRIPE_LIVE) && !GETPOST('forcesandbox', 'alpha')) { + $service = 'StripeLive'; + $servicestatus = 1; + } + + // Force to use the correct API key + global $stripearrayofkeysbyenv; + \Stripe\Stripe::setApiKey($stripearrayofkeysbyenv[$servicestatus]['secret_key']); + + try { + if (empty($stripeacc)) { // If the Stripe connect account not set, we use common API usage + $paymentmethodobjsA = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "card")); + $paymentmethodobjsB = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "sepa_debit")); + } else { + $paymentmethodobjsA = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "card"), array("stripe_account" => $stripeacc)); + $paymentmethodobjsB = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "sepa_debit"), array("stripe_account" => $stripeacc)); + } + + if ($paymentmethodobjsA->data != null && $paymentmethodobjsB->data != null) { + $listofsources = array_merge((array) $paymentmethodobjsA->data, (array) $paymentmethodobjsB->data); + } elseif ($paymentmethodobjsB->data != null) { + $listofsources = $paymentmethodobjsB->data; + } else { + $listofsources = $paymentmethodobjsA->data; + } + } catch (Exception $e) { + $error++; + setEventMessages($e->getMessage(), null, 'errors'); + } + } + } + } catch (Exception $e) { + dol_syslog("Error when searching/loading Stripe customer for thirdparty id =".$object->id); + } + } + + + // List of Card payment modes + if ($showcardpaymentmode && $object->client) { $morehtmlright = ''; if (!empty($conf->global->STRIPE_ALLOW_LOCAL_CARD)) { $morehtmlright .= dolGetButtonTitle($langs->trans('Add'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?socid='.$object->id.'&action=createcard'); } - print load_fiche_titre($langs->trans('StripePaymentModes').($stripeacc ? ' (Stripe connection with StripeConnect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)'), $morehtmlright, 'stripe-s'); + print load_fiche_titre($langs->trans('CreditCard').($stripeacc ? ' (Stripe connection with StripeConnect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)'), $morehtmlright, 'fa-credit-card'); - $listofsources = array(); - if (is_object($stripe)) { - try { - $customerstripe = $stripe->customerStripe($object, $stripeacc, $servicestatus); - if (!empty($customerstripe->id)) { - // When using the Charge API architecture - if (empty($conf->global->STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION)) { - $listofsources = $customerstripe->sources->data; - } else { - $service = 'StripeTest'; - $servicestatus = 0; - if (!empty($conf->global->STRIPE_LIVE) && !GETPOST('forcesandbox', 'alpha')) { - $service = 'StripeLive'; - $servicestatus = 1; - } - - // Force to use the correct API key - global $stripearrayofkeysbyenv; - \Stripe\Stripe::setApiKey($stripearrayofkeysbyenv[$servicestatus]['secret_key']); - - try { - if (empty($stripeacc)) { // If the Stripe connect account not set, we use common API usage - $paymentmethodobjsA = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "card")); - $paymentmethodobjsB = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "sepa_debit")); - } else { - $paymentmethodobjsA = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "card"), array("stripe_account" => $stripeacc)); - $paymentmethodobjsB = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "sepa_debit"), array("stripe_account" => $stripeacc)); - } - - if ($paymentmethodobjsA->data != null && $paymentmethodobjsB->data != null) { - $listofsources = array_merge((array) $paymentmethodobjsA->data, (array) $paymentmethodobjsB->data); - } elseif ($paymentmethodobjsB->data != null) { - $listofsources = $paymentmethodobjsB->data; - } else { - $listofsources = $paymentmethodobjsA->data; - } - } catch (Exception $e) { - $error++; - setEventMessages($e->getMessage(), null, 'errors'); - } - } - } - } catch (Exception $e) { - dol_syslog("Error when searching/loading Stripe customer for thirdparty id =".$object->id); - } - } - - print ''."\n"; + print ''."\n"; print '
'; // You can use div-table-responsive-no-min if you dont need reserved height for your table print ''."\n"; print ''; - if (!empty($conf->global->STRIPE_ALLOW_LOCAL_CARD)) { - print ''; - } print ''; - print ''; + print ''; // external system ID print ''; print ''; print ''; @@ -1018,7 +1066,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' $nbremote = 0; $nblocal = 0; - $arrayofstripecard = array(); + $arrayofremotecard = array(); // Show local sources if (!empty($conf->global->STRIPE_ALLOW_LOCAL_CARD)) { @@ -1042,18 +1090,16 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' if ($obj) { $companypaymentmodetemp->fetch($obj->rowid); - $arrayofstripecard[$companypaymentmodetemp->stripe_card_ref] = $companypaymentmodetemp->stripe_card_ref; + $arrayofremotecard[$companypaymentmodetemp->stripe_card_ref] = $companypaymentmodetemp->stripe_card_ref; - print ''; - print ''; + print ''; + // Label print ''; - print ''; + // Type print ''; + // Information (Owner, ...) print ''; - // Local ID - if (!empty($conf->global->STRIPE_ALLOW_LOCAL_CARD)) { - print ''; + $imgline = ''; + if ($src->object == 'card') { + $imgline = img_credit_card($src->brand); + } elseif ($src->object == 'source' && $src->type == 'card') { + $imgline = img_credit_card($src->card->brand); + } elseif ($src->object == 'payment_method' && $src->type == 'card') { + $imgline = img_credit_card($src->card->brand); + } elseif ($src->object == 'source' && $src->type == 'sepa_debit') { + continue; + } elseif ($src->object == 'payment_method' && $src->type == 'sepa_debit') { + continue; } + + print ''; print ''; // Src ID - print ''; - // Img of credit card + // Img print ''; // Information print ''; + print ''; + // Fields from hook $parameters = array('arrayfields'=>array(), 'stripesource'=>$src, 'linetype'=>'stripecardremoteonly'); $reshook = $hookmanager->executeHooks('printFieldListValue', $parameters, $object); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; + // Action column print '
'.$langs->trans('LocalID').''.$langs->trans('Label').''.$langs->trans('StripeID').''.$langs->trans('StripeID').''.$langs->trans('Type').''.$langs->trans('Informations').'
'; - print $companypaymentmodetemp->id; - print '
'; print dol_escape_htmltag($companypaymentmodetemp->label); print ''; - print $companypaymentmodetemp->stripe_card_ref; - if ($companypaymentmodetemp->stripe_card_ref) { + // External card ID + print ''; + if (!empty($companypaymentmodetemp->stripe_card_ref)) { $connect = ''; if (!empty($stripeacc)) { $connect = $stripeacc.'/'; @@ -1062,12 +1108,15 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' if ($servicestatus) { $url = 'https://dashboard.stripe.com/'.$connect.'search?query='.$companypaymentmodetemp->stripe_card_ref; } - print ' '.img_picto($langs->trans('ShowInStripe').' - Customer and Publishable key = '.$companypaymentmodetemp->stripe_account, 'globe').''; + print ''.img_picto($langs->trans('ShowInStripe').' - Customer and Publishable key = '.$companypaymentmodetemp->stripe_account, 'globe').' '; } + print $companypaymentmodetemp->stripe_card_ref; print ''; print img_credit_card($companypaymentmodetemp->type); print ''; if ($companypaymentmodetemp->proprio) { print ''.$companypaymentmodetemp->proprio.'
'; @@ -1121,7 +1170,6 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print ''; print img_picto($langs->trans("Modify"), 'edit'); print ''; - print ' '; print ''; // source='.$companypaymentmodetemp->stripe_card_ref.'& print img_picto($langs->trans("Delete"), 'delete'); print ''; @@ -1140,24 +1188,31 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' // Show remote sources (not already shown as local source) if (is_array($listofsources) && count($listofsources)) { foreach ($listofsources as $src) { - if (!empty($arrayofstripecard[$src->id])) { + if (!empty($arrayofremotecard[$src->id])) { continue; // Already in previous list } $nbremote++; - print '
'; - print '
'; print ''; + print ''; $connect = ''; - print $src->id; if (!empty($stripeacc)) { $connect = $stripeacc.'/'; } @@ -1167,21 +1222,12 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' //$url='https://dashboard.stripe.com/'.$connect.'sources/'.$src->id; $url = 'https://dashboard.stripe.com/'.$connect.'search?query='.$src->id; } - print " ".img_picto($langs->trans('ShowInStripe'), 'globe').""; + print "".img_picto($langs->trans('ShowInStripe'), 'globe')." "; + print $src->id; print ''; - if ($src->object == 'card') { - print img_credit_card($src->brand); - } elseif ($src->object == 'source' && $src->type == 'card') { - print img_credit_card($src->card->brand); - } elseif ($src->object == 'source' && $src->type == 'sepa_debit') { - print ''; - } elseif ($src->object == 'payment_method' && $src->type == 'card') { - print img_credit_card($src->card->brand); - } elseif ($src->object == 'payment_method' && $src->type == 'sepa_debit') { - print ''; - } + print $imgline; print''; @@ -1256,18 +1302,20 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print $langs->trans("Remote"); //if ($src->cvc_check == 'fail') print ' - CVC check fail'; print ''; //var_dump($src); - print ''; print ''; if ($permissiontoaddupdatepaymentinformation) { - print ''; + print ''; print img_picto($langs->trans("Delete"), 'delete'); print ''; } @@ -1286,7 +1334,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print '
'; } - // List of Stripe payment modes + // List of Stripe connect accounts if (!empty($conf->stripe->enabled) && !empty($conf->stripeconnect->enabled) && !empty($stripesupplieracc)) { print load_fiche_titre($langs->trans('StripeBalance').($stripesupplieracc ? ' (Stripe connection with StripeConnect account '.$stripesupplieracc.')' : ' (Stripe connection with keys from Stripe module setup)'), $morehtmlright, 'stripe-s'); $balance = \Stripe\Balance::retrieve(array("stripe_account" => $stripesupplieracc)); @@ -1337,16 +1385,20 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' $morehtmlright = dolGetButtonTitle($langs->trans('Add'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"] . '?socid=' . $object->id . '&action=create'); } - print load_fiche_titre($langs->trans("BankAccounts"), $morehtmlright, 'bank'); + $nblocal = 0; $nbremote = 0; + $arrayofremoteban = array(); + $rib_list = $object->get_all_rib(); + if (is_array($rib_list)) { print '
'; // You can use div-table-responsive-no-min if you don't need reserved height for your table print ''; print ''; - print_liste_field_titre("LabelRIB"); + print_liste_field_titre("Label"); + print_liste_field_titre("StripeID"); // external system ID print_liste_field_titre("Bank"); print_liste_field_titre("RIB"); print_liste_field_titre("IBAN"); @@ -1356,17 +1408,43 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print_liste_field_titre("DateRUM"); print_liste_field_titre("WithdrawMode"); } - print_liste_field_titre("DefaultRIB", '', '', '', '', '', '', '', 'center '); + print_liste_field_titre("Default", '', '', '', '', '', '', '', 'center '); print_liste_field_titre('', '', '', '', '', '', '', '', 'center '); + // Fields from hook + $parameters = array('arrayfields'=>array(), 'linetype'=>'stripebantitle'); + $reshook = $hookmanager->executeHooks('printFieldListValue', $parameters, $object); // Note that $action and $object may have been modified by hook + print $hookmanager->resPrint; print_liste_field_titre('', $_SERVER["PHP_SELF"], "", '', '', '', '', '', 'maxwidthsearch '); print "\n"; + // List of local BAN foreach ($rib_list as $rib) { + $arrayofremoteban[$rib->stripe_card_ref] = $rib->stripe_card_ref; + + $nblocal++; + print ''; // Label - print ''; + print ''; + // Stripe ID + print ''; // Bank name - print ''; + print ''; // Account number print ''; // IBAN - print ''; - print ''; + print ''; print ''; @@ -1500,12 +1578,19 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print $out; print ''; + // Fields from hook + $parameters = array('arrayfields'=>array(), 'stripe_card_ref'=>$rib->stripe_card_ref, 'stripe_account'=>$rib->stripe_account, 'linetype'=>'stripeban'); + $reshook = $hookmanager->executeHooks('printFieldListValue', $parameters, $object); // Note that $action and $object may have been modified by hook + print $hookmanager->resPrint; + // Edit/Delete print ''; } - if (count($rib_list) == 0) { - $colspan = 9; + + // List of remote BAN (if not already added as local) + foreach ($listofsources as $src) { + if (!empty($arrayofremoteban[$src->id])) { + continue; // Already in previous list + } + + $nbremote++; + + $imgline = ''; + if ($src->object == 'source' && $src->type == 'sepa_debit') { + $imgline = ''; + } elseif ($src->object == 'payment_method' && $src->type == 'sepa_debit') { + $imgline = ''; + } else { + continue; + } + + print ''; + print ''; + // Src ID + print ''; + // Bank + print ''; + // Account number + print ''; + // IBAN + print ''; + // BIC + print ''; + if (!empty($conf->prelevement->enabled)) { - $colspan += 2; + // RUM + print ''; + // Date + print ''; + // Mode mandate + print ''; + } + + // Default + print ''; + /* + print ''; + */ + + print ''; + + // Fields from hook + $parameters = array('arrayfields'=>array(), 'stripe_card_ref'=>$rib->stripe_card_ref, 'stripe_account'=>$rib->stripe_account, 'linetype'=>'stripebanremoteonly'); + $reshook = $hookmanager->executeHooks('printFieldListValue', $parameters, $object); // Note that $action and $object may have been modified by hook + print $hookmanager->resPrint; + + // Action column + print ''; + + print ''; + } + + if ($nbremote == 0 && $nblocal == 0) { + $colspan = 10; + if (!empty($conf->prelevement->enabled)) { + $colspan += 3; } print ''; } @@ -1603,10 +1792,12 @@ if ($socid && $action == 'edit' && $permissiontoaddupdatepaymentinformation) { print '
'; + print '
'; + print '
'; print '
'.$rib->label.''.dol_escape_htmltag($rib->label).''; + if ($rib->stripe_card_ref) { + $connect = ''; + if (!empty($stripeacc)) { + $connect = $stripeacc.'/'; + } + //$url='https://dashboard.stripe.com/'.$connect.'test/sources/'.$src->id; + $url = 'https://dashboard.stripe.com/'.$connect.'test/search?query='.$rib->stripe_card_ref; + if ($servicestatus) { + //$url='https://dashboard.stripe.com/'.$connect.'sources/'.$src->id; + $url = 'https://dashboard.stripe.com/'.$connect.'search?query='.$rib->stripe_card_ref; + } + print "".img_picto($langs->trans('ShowInStripe'), 'globe')." "; + } + print $rib->stripe_card_ref; + print ''.$rib->bank.''.dol_escape_htmltag($rib->bank).''; $string = ''; @@ -1398,7 +1476,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print $string; print ''.$rib->iban; + print ''.dol_escape_htmltag($rib->iban); if (!empty($rib->iban)) { if (!checkIbanForAccount($rib)) { print ' '.img_picto($langs->trans("IbanNotValid"), 'warning'); @@ -1417,7 +1495,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' if (!empty($conf->prelevement->enabled)) { // RUM //print ''.$prelevement->buildRumNumber($object->code_client, $rib->datec, $rib->id).''.$rib->rum.''.dol_escape_htmltag($rib->rum).''.dol_print_date($rib->date_rum, 'day').''; if ($permissiontoaddupdatepaymentinformation) { - print ''; - print img_picto($langs->trans("CreateBAN"), 'stripe'); - print ''; + if (empty($rib->stripe_card_ref)) { + print ''; + print img_picto($langs->trans("CreateBAN"), 'stripe'); + print ''; + } print ''; print img_picto($langs->trans("Modify"), 'edit'); @@ -1520,10 +1605,114 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print '
'; + print ''; + $connect = ''; + if (!empty($stripeacc)) { + $connect = $stripeacc.'/'; + } + //$url='https://dashboard.stripe.com/'.$connect.'test/sources/'.$src->id; + $url = 'https://dashboard.stripe.com/'.$connect.'test/search?query='.$src->id; + if ($servicestatus) { + //$url='https://dashboard.stripe.com/'.$connect.'sources/'.$src->id; + $url = 'https://dashboard.stripe.com/'.$connect.'search?query='.$src->id; + } + print "".img_picto($langs->trans('ShowInStripe'), 'globe')." "; + print $src->id; + print ''; + print''; + print ''; + //var_dump($src); + print ''; + //var_dump($src); + print ''; + //var_dump($src); + print ''; + //var_dump($src); + print ''; + //var_dump($src); + print ''; + if ((empty($customerstripe->invoice_settings) && $customerstripe->default_source != $src->id) || + (!empty($customerstripe->invoice_settings) && $customerstripe->invoice_settings->default_payment_method != $src->id)) { + print ''; + print img_picto($langs->trans("Default"), 'off'); + print ''; + } else { + print img_picto($langs->trans("Default"), 'on'); + } + print ''; + print $langs->trans("Remote"); + //if ($src->cvc_check == 'fail') print ' - CVC check fail'; + print ''; + print ''; + if ($permissiontoaddupdatepaymentinformation) { + print ''; + print img_picto($langs->trans("Delete"), 'delete'); + print ''; + } + print '
'.$langs->trans("NoBANRecord").'
'; - print ''; + print ''; print ''; print ''; @@ -1702,6 +1893,9 @@ if ($socid && $action == 'edit' && $permissiontoaddupdatepaymentinformation) { print $form->selectarray("frstrecur", $tblArraychoice, dol_escape_htmltag(GETPOST('frstrecur', 'alpha') ?GETPOST('frstrecur', 'alpha') : $companybankaccount->frstrecur), 0); print ''; + print '"; + print ''; + print '
'.$langs->trans("LabelRIB").'
'.$langs->trans("Label").'
'.$langs->trans("BankName").'
'.$langs->trans("StripeID")." ('src_....')
'; print '
'; } @@ -1720,9 +1914,12 @@ if ($socid && $action == 'editcard' && $permissiontoaddupdatepaymentinformation) dol_banner_tab($object, 'socid', $linkback, ($user->socid ? 0 : 1), 'rowid', 'nom'); - print '
'; + print '
'; print '
'; + + print '
'; + print ''; print ''; @@ -1766,9 +1963,12 @@ if ($socid && $action == 'create' && $permissiontoaddupdatepaymentinformation) { print '
'; print '
'; + + print '
'; + print '
'.$langs->trans("Label").'
'; - print ''; + print ''; print ''; print ''; @@ -1858,6 +2058,9 @@ if ($socid && $action == 'create' && $permissiontoaddupdatepaymentinformation) { print $form->selectarray("frstrecur", $tblArraychoice, (GETPOSTISSET('frstrecur') ? GETPOST('frstrecur') : 'FRST'), 0); print ''; + print '"; + print ''; + print '
'.$langs->trans("LabelRIB").'
'.$langs->trans("Label").'
'.$langs->trans("Bank").'
'.$langs->trans("StripeID")." ('src_....')
'; } @@ -1881,6 +2084,9 @@ if ($socid && $action == 'createcard' && $permissiontoaddupdatepaymentinformatio print '
'; print '
'; + + print '
'; + print ''; print ''; diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php index ea453b28412..cc8178d2a01 100644 --- a/htdocs/stripe/class/stripe.class.php +++ b/htdocs/stripe/class/stripe.class.php @@ -774,7 +774,7 @@ class Stripe extends CommonObject $sql .= " WHERE sa.rowid = ".((int) $object->id); // We get record from ID, no need for filter on entity $sql .= " AND sa.type = 'card'"; - dol_syslog(get_class($this)."::fetch search stripe card id for paymentmode id=".$object->id.", stripeacc=".$stripeacc.", status=".$status.", createifnotlinkedtostripe=".$createifnotlinkedtostripe, LOG_DEBUG); + dol_syslog(get_class($this)."::cardStripe search stripe card id for paymentmode id=".$object->id.", stripeacc=".$stripeacc.", status=".$status.", createifnotlinkedtostripe=".$createifnotlinkedtostripe, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -914,14 +914,14 @@ class Stripe extends CommonObject $soc = new Societe($this->db); $soc->fetch($object->fk_soc); - dol_syslog(get_class($this)."::fetch search stripe sepa(card) id for paymentmode id=".$object->id.", stripeacc=".$stripeacc.", status=".$status.", createifnotlinkedtostripe=".$createifnotlinkedtostripe, LOG_DEBUG); + dol_syslog(get_class($this)."::sepaStripe search stripe ban id for paymentmode id=".$object->id.", stripeacc=".$stripeacc.", status=".$status.", createifnotlinkedtostripe=".$createifnotlinkedtostripe, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); if ($num) { $obj = $this->db->fetch_object($resql); $cardref = $obj->stripe_card_ref; - dol_syslog(get_class($this)."::cardStripe cardref=".$cardref); + dol_syslog(get_class($this)."::sepaStripe cardref=".$cardref); if ($cardref) { try { if (empty($stripeacc)) { // If the Stripe connect account not set, we use common API usage @@ -990,7 +990,7 @@ class Stripe extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."societe_rib"; $sql .= " SET stripe_card_ref = '".$this->db->escape($sepa->id)."', card_type = 'sepa_debit',"; $sql .= " stripe_account= '" . $this->db->escape($cu->id . "@" . $stripeacc) . "'"; - $sql .= " WHERE rowid = '".$this->db->escape($object->id)."'"; + $sql .= " WHERE rowid = ".((int) $object->id); $sql .= " AND type = 'ban'"; $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/stripe/payout.php b/htdocs/stripe/payout.php index 964a702d338..a7a9812b89c 100644 --- a/htdocs/stripe/payout.php +++ b/htdocs/stripe/payout.php @@ -52,6 +52,10 @@ if (empty($page) || $page == -1) { $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; +$optioncss = GETPOST('optioncss', 'alpha'); +$param = ""; +$num = 0; +$totalnboflines = 0; $result = restrictedArea($user, 'banque'); @@ -96,12 +100,12 @@ if (!$rowid) { print ''; $title = $langs->trans("StripePayoutList"); - $title .= ($stripeaccount ? ' (Stripe connection with Stripe OAuth Connect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)'); + $title .= ($stripeacc ? ' (Stripe connection with Stripe OAuth Connect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)'); print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $totalnboflines, 'title_accountancy.png', 0, '', '', $limit); print '
'; - print '
'.$langs->trans("Label").'
'."\n"; + print '
'."\n"; print ''; print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "", "", "", "", $sortfield, $sortorder); diff --git a/htdocs/stripe/transaction.php b/htdocs/stripe/transaction.php index d883f81becf..62a66140128 100644 --- a/htdocs/stripe/transaction.php +++ b/htdocs/stripe/transaction.php @@ -53,7 +53,9 @@ $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; $optioncss = GETPOST('optioncss', 'alpha'); - +$param = ""; +$num = 0; +$totalnboflines = 0; $result = restrictedArea($user, 'banque'); @@ -96,12 +98,12 @@ if (!$rowid) { print ''; $title = $langs->trans("StripeTransactionList"); - $title .= ($stripeaccount ? ' (Stripe connection with Stripe OAuth Connect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)'); + $title .= (!empty($stripeacc) ? ' (Stripe connection with Stripe OAuth Connect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)'); print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $totalnboflines, 'title_accountancy.png', 0, '', '', $limit); print '
'; - print '
'."\n"; + print '
'."\n"; print ''; print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "", "", "", "", $sortfield, $sortorder); @@ -114,6 +116,7 @@ if (!$rowid) { print_liste_field_titre("Fee", $_SERVER["PHP_SELF"], "", "", "", '', $sortfield, $sortorder, 'right '); print_liste_field_titre("Status", $_SERVER["PHP_SELF"], "", "", "", '', '', '', 'right '); print "\n"; + $connect = ""; try { if ($stripeacc) { @@ -147,7 +150,7 @@ if (!$rowid) { else { $memberstatic->id = 0; - }*/ + } $societestatic->fetch($charge->metadata->idcustomer); $societestatic->id = $charge->metadata->idcustomer; @@ -156,7 +159,7 @@ if (!$rowid) { $societestatic->admin = $obj->admin; $societestatic->login = $obj->login; $societestatic->email = $obj->email; - $societestatic->societe_id = $obj->fk_soc; + $societestatic->societe_id = $obj->fk_soc;*/ print ''; diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 98da7f03365..0e8789dc84a 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -2950,7 +2950,7 @@ class SupplierProposalLine extends CommonObjectLine $this->product_label = $objp->product_label; $this->product_desc = $objp->product_desc; - $this->ref_fourn = $objp->ref_produit_forun; + $this->ref_fourn = $objp->ref_produit_fourn; // Multicurrency $this->fk_multicurrency = $objp->fk_multicurrency; diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index 7e573be9102..dd7eb27178f 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -18,15 +18,16 @@ */ /** - * \file htdocs/takepos/index.php - * \ingroup takepos - * \brief Main TakePOS screen + * \file htdocs/takepos/index.php + * \ingroup takepos + * \brief Main TakePOS screen */ -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); +// if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Not disabled cause need to load personalized language +// if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Not disabled cause need to load personalized language +// if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); +// if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); + if (!defined('NOCSRFCHECK')) { define('NOCSRFCHECK', '1'); } @@ -47,11 +48,12 @@ if (!defined('NOREQUIREAJAX')) { require '../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; -require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; -require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; -require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; +require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; +require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; + $place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : 0); // $place is id of table for Bar or Restaurant or multiple sales $action = GETPOST('action', 'aZ09'); diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 8659cc6ea52..f383b630275 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -18,15 +18,16 @@ */ /** - * \file htdocs/takepos/invoice.php - * \ingroup takepos - * \brief Page to generate section with list of lines + * \file htdocs/takepos/invoice.php + * \ingroup takepos + * \brief Page to generate section with list of lines */ -// if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language -// if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language -// if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); -// if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); +// if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language +// if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language +// if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); +// if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); + if (!defined('NOCSRFCHECK')) { define('NOCSRFCHECK', '1'); } @@ -43,13 +44,16 @@ if (!defined('NOREQUIREAJAX')) { define('NOREQUIREAJAX', '1'); } +// Load Dolibarr environment if (!defined('INCLUDE_PHONEPAGE_FROM_PUBLIC_PAGE')) { require '../main.inc.php'; } -require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; -require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; +require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; +require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; + + $hookmanager->initHooks(array('takeposinvoice')); global $mysoc; diff --git a/htdocs/takepos/pay.php b/htdocs/takepos/pay.php index 8773f52a149..9cea11073ba 100644 --- a/htdocs/takepos/pay.php +++ b/htdocs/takepos/pay.php @@ -22,10 +22,11 @@ * \brief Page with the content of the popup to enter payments */ -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); +// if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language +// if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language +// if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); +// if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); + if (!defined('NOCSRFCHECK')) { define('NOCSRFCHECK', '1'); } @@ -43,8 +44,9 @@ if (!defined('NOREQUIREHTML')) { require '../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; + +// Load translation files required by the page $langs->loadLangs(array("main", "bills", "cashdesk", "banks")); $place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : '0'); // $place is id of table for Bar or Restaurant diff --git a/htdocs/ticket/agenda.php b/htdocs/ticket/agenda.php index a79d30bb377..5f7263f5214 100644 --- a/htdocs/ticket/agenda.php +++ b/htdocs/ticket/agenda.php @@ -41,12 +41,12 @@ $track_id = GETPOST('track_id', 'alpha', 3); $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); -$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; +$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); $sortorder = GETPOST('sortorder', 'aZ09comma'); -$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); -$page = is_numeric($page) ? $page : 0; -$page = $page == -1 ? 0 : $page; +$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); +$page = is_numeric($page) ? $page : 0; +$page = $page == -1 ? 0 : $page; if (!$sortfield) { $sortfield = "a.datep,a.id"; } @@ -90,7 +90,7 @@ if ($user->socid > 0 && ($object->fk_soc != $user->socid)) { accessforbidden(); } // or for unauthorized internals users -if (!$user->socid && ($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY && $object->fk_user_assign != $user->id) && !$user->rights->ticket->manage) { +if (!$user->socid && (!empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) && $object->fk_user_assign != $user->id) && !$user->rights->ticket->manage) { accessforbidden(); } @@ -146,7 +146,7 @@ if ($socid > 0) { print dol_get_fiche_end(); } -if (!$user->socid && $conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) { +if (!$user->socid && !empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY)) { $object->next_prev_filter = "te.fk_user_assign = '".$user->id."'"; } elseif ($user->socid > 0) { $object->next_prev_filter = "te.fk_soc = '".$user->socid."'"; @@ -244,12 +244,12 @@ if (!empty($object->id)) { $morehtmlright .= dolGetButtonTitle($langs->trans('MessageListViewType'), '', 'fa fa-bars imgforviewmode', $messagingUrl, '', 1, array('morecss'=>'btnTitleSelected')); // Show link to add a message (if read and not closed) - $btnstatus = $object->fk_statut < Ticket::STATUS_CLOSED && $action != "presend" && $action != "presend_addmessage"; + $btnstatus = $object->status < Ticket::STATUS_CLOSED && $action != "presend" && $action != "presend_addmessage"; $url = 'card.php?track_id='.$object->track_id.'&action=presend_addmessage&mode=init'; $morehtmlright .= dolGetButtonTitle($langs->trans('TicketAddMessage'), '', 'fa fa-comment-dots', $url, 'add-new-ticket-title-button', $btnstatus); // Show link to add event (if read and not closed) - $btnstatus = $object->fk_statut < Ticket::STATUS_CLOSED && $action != "presend" && $action != "presend_addmessage"; + $btnstatus = $object->status < Ticket::STATUS_CLOSED && $action != "presend" && $action != "presend_addmessage"; $url = DOL_URL_ROOT.'/comm/action/card.php?action=create&datep='.date('YmdHi').'&origin=ticket&originid='.$object->id.'&projectid='.$object->fk_project.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?id='.$object->id); $morehtmlright .= dolGetButtonTitle($langs->trans('AddAction'), '', 'fa fa-plus-circle', $url, 'add-new-ticket-even-button', $btnstatus); diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 18cdf5e1067..9d19e5d95c6 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -1,7 +1,7 @@ * Copyright (C) 2016 Christophe Battarel - * Copyright (C) 2019-2020 Frédéric France + * Copyright (C) 2019-2022 Frédéric France * Copyright (C) 2020 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify @@ -108,7 +108,8 @@ class Ticket extends CommonObject /** * @var int Ticket statut - * @deprecated + * @deprecated use status + * @see $status */ public $fk_statut; @@ -217,7 +218,9 @@ class Ticket extends CommonObject */ public $oldcopy; - + /** + * @var array array of TicketsLine + */ public $lines; @@ -3013,7 +3016,7 @@ class TicketsLine { /** * @var int ID - * @deprecated + * @deprecated use id */ public $rowid; diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php index 0c9540575c1..6d6ced96759 100644 --- a/htdocs/user/bank.php +++ b/htdocs/user/bank.php @@ -647,9 +647,9 @@ if ($action != 'edit' && $action != 'create') { // If not bank account yet, $ac $salary->paye = $objp->paye; $salary->amount = $objp->amount; - $payment_salary->id = $objp->rowid; - $payment_salary->ref = $objp->ref; - $payment_salary->datep = $db->jdate($objp->datep); + $payment_salary->id = !empty($objp->rowid) ? $objp->rowid : 0; + $payment_salary->ref = !empty($objp->ref) ? $objp->ref : ""; + $payment_salary->datep = $db->jdate(!empty($objp->datep) ? $objp->datep : ""); print ''; print '
'; diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 12b2a52742d..cb61ab6c1b1 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -753,7 +753,7 @@ class User extends CommonObject //var_dump($module); //var_dump($this->rights->$rightsPath); //var_dump($conf->modules); - if (!in_array($module, $conf->modules)) { + if (!isModEnabled($module)) { return 0; } diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index f297fed62b4..3b1d60e0e90 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -138,10 +138,10 @@ $entity = GETPOST('entity', 'int') ?GETPOST('entity', 'int') : $conf->entity; // Security check if (empty($modulepart) && empty($hashp)) { - accessforbidden('Bad link. Bad value for parameter modulepart', 0, 0, 1); + httponly_accessforbidden('Bad link. Bad value for parameter modulepart', 400); } if (empty($original_file) && empty($hashp) && $modulepart != 'barcode') { - accessforbidden('Bad link. Missing identification to find file (param file or hashp)', 0, 0, 1); + httponly_accessforbidden('Bad link. Missing identification to find file (param file or hashp)', 400); } if ($modulepart == 'fckeditor') { $modulepart = 'medias'; // For backward compatibility @@ -192,7 +192,7 @@ if (!empty($hashp)) { $original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir //var_dump($original_file); exit; } else { - accessforbidden('Bad link. File is from another module part.', 0, 0, 1); + httponly_accessforbidden('Bad link. File is from another module part.', 403); } } else { $modulepart = $moduleparttocheck; @@ -200,7 +200,7 @@ if (!empty($hashp)) { } } else { $langs->load("errors"); - accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 0, 0, 1); + httponly_accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 403, 1); } } @@ -214,11 +214,11 @@ if (GETPOST('type', 'alpha')) { // Security: This wrapper is for images. We do not allow type/html if (preg_match('/html/i', $type)) { - accessforbidden('Error: Using the image wrapper to output a file with a mime type HTML is not possible.', 0, 0, 1); + httponly_accessforbidden('Error: Using the image wrapper to output a file with a mime type HTML is not possible.'); } // Security: This wrapper is for images. We do not allow files ending with .noexe if (preg_match('/\.noexe$/i', $original_file)) { - accessforbidden('Error: Using the image wrapper to output a file ending with .noexe is not allowed.', 0, 0, 1); + httponly_accessforbidden('Error: Using the image wrapper to output a file ending with .noexe is not allowed.'); } // Security: Delete string ../ or ..\ into $original_file @@ -231,12 +231,12 @@ $refname = basename(dirname($original_file)."/"); // Check that file is allowed for view with viewimage.php if (!empty($original_file) && !dolIsAllowedForPreview($original_file)) { - accessforbidden('This file is not qualified for preview', 0, 0, 1); + httponly_accessforbidden('This file is not qualified for preview', 403); } // Security check if (empty($modulepart)) { - accessforbidden('Bad value for parameter modulepart', 0, 0, 1); + httponly_accessforbidden('Bad value for parameter modulepart', 400); } // When logged in a different entity, medias cannot be accessed because $conf->$module->multidir_output diff --git a/htdocs/webhook/target_card.php b/htdocs/webhook/target_card.php index 2b79fd3fced..a2251d7d4a9 100644 --- a/htdocs/webhook/target_card.php +++ b/htdocs/webhook/target_card.php @@ -191,7 +191,7 @@ llxHeader('', $title, $help_url); // Part to create if ($action == 'create') { if (empty($permissiontoadd)) { - accessforbidden($langs->trans('NotEnoughPermissions'), 0, 1); + accessforbidden('NotEnoughPermissions', 0, 1); exit; }