From b0d86d12fb8097df071c8c5f05a6e5710208c294 Mon Sep 17 00:00:00 2001 From: Christophe Battarel Date: Thu, 18 Nov 2021 10:43:52 +0100 Subject: [PATCH 001/212] fix url on formextra --- htdocs/core/tpl/extrafields_view.tpl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index b5656c89339..15d529e01b6 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -243,7 +243,7 @@ if (empty($reshook) && isset($extrafields->attributes[$object->table_element]['l if ($object->table_element == 'societe') { $fieldid = 'socid'; } - print '
'; + print ''; print ''; print ''; print ''; From ac740e0a93d82f1f0921515705778cdb3a0bff3a Mon Sep 17 00:00:00 2001 From: atm-lena Date: Fri, 4 Mar 2022 11:28:03 +0100 Subject: [PATCH 002/212] Add pages to products list in inventory --- htdocs/product/inventory/inventory.php | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index 95c9e2972cb..fc8b7c5cc35 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -40,6 +40,16 @@ $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'aZ09'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'inventorycard'; // To manage different context of search $backtopage = GETPOST('backtopage', 'alpha'); +$listoffset = GETPOST('listoffset', 'alpha'); +$limit = GETPOST('limit', 'int') > 0 ?GETPOST('limit', 'int') : $conf->liste_limit; +$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); +if (empty($page) || $page == -1) { + $page = 0; +} +$offset = $limit * $page; +$pageprev = $page - 1; +$pagenext = $page + 1; +$savlimit = $limit; $fk_warehouse = GETPOST('fk_warehouse', 'int'); $fk_product = GETPOST('fk_product', 'int'); @@ -228,6 +238,7 @@ if (empty($reshook)) { $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); + $i = 0; $totalarray = array(); $inventoryline = new InventoryLine($db); @@ -284,7 +295,6 @@ if (empty($reshook)) { } } - $backurlforlist = DOL_URL_ROOT.'/product/inventory/list.php'; $backtopage = DOL_URL_ROOT.'/product/inventory/inventory.php?id='.$object->id; @@ -396,6 +406,14 @@ jQuery(document).ready(function() { // Part to show record if ($object->id > 0) { + + $param = '&id='.$object->id; + $param .= '&action=updateinventorylines'; + if ($limit > 0 && $limit != $conf->liste_limit) { + $param .= '&limit='.urlencode($limit); + } + $paramwithsearch = $param; + $res = $object->fetch_optionals(); $head = inventoryPrepareHead($object); @@ -905,6 +923,7 @@ if ($object->id > 0) { $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated, id.fk_movement'; $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; $sql .= ' WHERE id.fk_inventory = '.((int) $object->id); + $sql .= $db->plimit($limit + 1, $offset); $cacheOfProducts = array(); $cacheOfWarehouses = array(); @@ -914,6 +933,10 @@ if ($object->id > 0) { if ($resql) { $num = $db->num_rows($resql); + if (!empty($savlimit != 0) || $num > $limit || $page) { + print_fleche_navigation($page, $_SERVER["PHP_SELF"], $paramwithsearch, ($num > $limit), '', '',$limit, $num); + } + $i = 0; $hasinput = false; $totalarray = array(); From f3fb0ffd8a37966ee2d27c3b9c9854a69d75d97e Mon Sep 17 00:00:00 2001 From: atm-lena Date: Fri, 4 Mar 2022 16:44:15 +0100 Subject: [PATCH 003/212] Keep qty value between pages --- htdocs/core/actions_addupdatedelete.inc.php | 4 +- htdocs/product/inventory/inventory.php | 64 ++++++++++++++++----- 2 files changed, 52 insertions(+), 16 deletions(-) diff --git a/htdocs/core/actions_addupdatedelete.inc.php b/htdocs/core/actions_addupdatedelete.inc.php index 4857902b8cc..0a6151a5f60 100644 --- a/htdocs/core/actions_addupdatedelete.inc.php +++ b/htdocs/core/actions_addupdatedelete.inc.php @@ -28,6 +28,7 @@ // $permissiontodelete must be defined // $backurlforlist must be defined // $backtopage may be defined +// $gotopage // $triggermodname may be defined if (!empty($permissionedit) && empty($permissiontoadd)) { @@ -348,8 +349,7 @@ if ($action == 'confirm_deleteline' && $confirm == 'yes' && !empty($permissionto } setEventMessages($langs->trans('RecordDeleted'), null, 'mesgs'); - - header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id); + header('Location: '.((empty($gotopage)) ? $_SERVER["PHP_SELF"].'?id='.$object->id : $gotopage)); exit; } else { $error++; diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index fc8b7c5cc35..480dbbaa27d 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -49,7 +49,6 @@ if (empty($page) || $page == -1) { $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; -$savlimit = $limit; $fk_warehouse = GETPOST('fk_warehouse', 'int'); $fk_product = GETPOST('fk_product', 'int'); @@ -104,6 +103,13 @@ if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { $now = dol_now(); +//Parameters Page +$param = '&id='.$object->id; +if ($limit > 0 && $limit != $conf->liste_limit) { + $param .= '&limit='.urlencode($limit); +} +$paramwithsearch = $param; + /* * Actions @@ -232,6 +238,7 @@ if (empty($reshook)) { $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; $sql .= ' WHERE id.fk_inventory = '.((int) $object->id); + $sql .= $db->plimit($limit, $offset); $db->begin(); @@ -295,6 +302,10 @@ if (empty($reshook)) { } } + if($action == 'confirm_deleteline'){ + $gotopage = $_SERVER["PHP_SELF"].'?id='.$object->id.'&page='.$page.$paramwithsearch; + } + $backurlforlist = DOL_URL_ROOT.'/product/inventory/list.php'; $backtopage = DOL_URL_ROOT.'/product/inventory/inventory.php?id='.$object->id; @@ -407,13 +418,6 @@ jQuery(document).ready(function() { // Part to show record if ($object->id > 0) { - $param = '&id='.$object->id; - $param .= '&action=updateinventorylines'; - if ($limit > 0 && $limit != $conf->liste_limit) { - $param .= '&limit='.urlencode($limit); - } - $paramwithsearch = $param; - $res = $object->fetch_optionals(); $head = inventoryPrepareHead($object); @@ -427,7 +431,7 @@ if ($object->id > 0) { } // Confirmation to delete line if ($action == 'deleteline') { - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&lineid='.$lineid, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_deleteline', '', 0, 1); + $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&lineid='.$lineid.'&page='.$page.$paramwithsearch, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_deleteline', '', 0, 1); } // Clone confirmation @@ -923,7 +927,7 @@ if ($object->id > 0) { $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated, id.fk_movement'; $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; $sql .= ' WHERE id.fk_inventory = '.((int) $object->id); - $sql .= $db->plimit($limit + 1, $offset); + $sql .= $db->plimit($limit, $offset); $cacheOfProducts = array(); $cacheOfWarehouses = array(); @@ -933,8 +937,8 @@ if ($object->id > 0) { if ($resql) { $num = $db->num_rows($resql); - if (!empty($savlimit != 0) || $num > $limit || $page) { - print_fleche_navigation($page, $_SERVER["PHP_SELF"], $paramwithsearch, ($num > $limit), '', '',$limit, $num); + if (!empty($limit != 0) || $num > $limit || $page) { + print_fleche_navigation($page, $_SERVER["PHP_SELF"], $paramwithsearch, ($num >= $limit), '', '',$limit); } $i = 0; @@ -1014,7 +1018,7 @@ if ($object->id > 0) { // Picto delete line print ''; - print ''.img_delete().''; + print ''.img_delete().''; $qty_tmp = price2num(GETPOST("id_".$obj->rowid."_input_tmp", 'MS')) >= 0 ? GETPOST("id_".$obj->rowid."_input_tmp") : $qty_view; print ''; print ''; @@ -1048,7 +1052,6 @@ if ($object->id > 0) { print ''; - // Call method to disable the button if no qty entered yet for inventory if ($object->status != $object::STATUS_VALIDATED || !$hasinput) { @@ -1060,6 +1063,39 @@ if ($object->id > 0) { '; } print ''; + + + print ''; + } // End of page From 4e8dd1b6a582f39374b9017000643ffbb0704c7e Mon Sep 17 00:00:00 2001 From: atm-lena Date: Tue, 8 Mar 2022 10:02:30 +0100 Subject: [PATCH 004/212] Delete function disable button disablebuttonmakemovementandclose() --- htdocs/langs/en_US/stocks.lang | 4 +-- htdocs/product/inventory/inventory.php | 34 -------------------------- 2 files changed, 2 insertions(+), 36 deletions(-) diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index 98faab0c423..af06ce7e94c 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -251,7 +251,7 @@ SelectAStockMovementFileToImport=select a stock movement file to import InfoTemplateImport=Uploaded file needs to have this format (* are mandatory fields):
Source Warehouse* | Target Warehouse* | Product* | Quantity* | Lot/serial number
CSV character separator must be "%s" LabelOfInventoryMovemement=Inventory %s ReOpen=Reopen -ConfirmFinish=Do you confirm the closing of the inventory ? This will generate all stock movements to update your stock to the real qty you entered into the inventory. +ConfirmFinish=Do you confirm the closing of the inventory ? This will generate all stock movements to update your stock to the real qty you entered into the inventory.

No stock movement will be made on products that do not have an actual quantity entered. ObjectNotFound=%s not found MakeMovementsAndClose=Generate movements and close AutofillWithExpected=Fill real quantity with expected quantity @@ -271,4 +271,4 @@ ErrorCantFindCodeInInventory=Can't find the following code in inventory QtyWasAddedToTheScannedBarcode=Success !! The quantity was added to all the requested barcode. You can close the Scanner tool. StockChangeDisabled=Change on stock disabled NoWarehouseDefinedForTerminal=No warehouse defined for terminal -ClearQtys=Clear all quantities \ No newline at end of file +ClearQtys=Clear all quantities diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index 480dbbaa27d..385aae39248 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -393,28 +393,6 @@ $help_url = ''; llxHeader('', $langs->trans('Inventory'), $help_url); -// Disable button Generate movement if data were modified and not saved -print ''; - - // Part to show record if ($object->id > 0) { @@ -607,7 +585,6 @@ if ($object->id > 0) { objecttofill.value = object.innerText; }) console.log("Values filled (after click on fillwithexpected)"); - disablebuttonmakemovementandclose(); return false; });'; print '});'; @@ -858,7 +835,6 @@ if ($object->id > 0) { id = id.split("_")[1]; tmpvalue = $("#id_"+id+"_input_tmp").val() $("#id_"+id+"_input")[0].value = tmpvalue; - disablebuttonmakemovementandclose(); return false; /* disable submit */ }); });'; @@ -1052,16 +1028,6 @@ if ($object->id > 0) { print ''; - // Call method to disable the button if no qty entered yet for inventory - - if ($object->status != $object::STATUS_VALIDATED || !$hasinput) { - print ''; - } print ''; From 85628bad219028699b53c1e4b708142b4a3a63a6 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Tue, 8 Mar 2022 10:20:58 +0100 Subject: [PATCH 005/212] Fix save button --- htdocs/product/inventory/inventory.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index 385aae39248..ea51080803e 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -516,7 +516,7 @@ if ($object->id > 0) { print dol_get_fiche_end(); - print '
'; + print ''; print ''; print ''; print ''; From 38e0a8817d4f9688398523ce77bcfc4be993a836 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Tue, 8 Mar 2022 09:49:31 +0000 Subject: [PATCH 006/212] Fixing style errors. --- htdocs/product/inventory/inventory.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index ea51080803e..34aca5ef35f 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -302,7 +302,7 @@ if (empty($reshook)) { } } - if($action == 'confirm_deleteline'){ + if ($action == 'confirm_deleteline') { $gotopage = $_SERVER["PHP_SELF"].'?id='.$object->id.'&page='.$page.$paramwithsearch; } @@ -395,7 +395,6 @@ llxHeader('', $langs->trans('Inventory'), $help_url); // Part to show record if ($object->id > 0) { - $res = $object->fetch_optionals(); $head = inventoryPrepareHead($object); @@ -914,7 +913,7 @@ if ($object->id > 0) { $num = $db->num_rows($resql); if (!empty($limit != 0) || $num > $limit || $page) { - print_fleche_navigation($page, $_SERVER["PHP_SELF"], $paramwithsearch, ($num >= $limit), '', '',$limit); + print_fleche_navigation($page, $_SERVER["PHP_SELF"], $paramwithsearch, ($num >= $limit), '', '', $limit); } $i = 0; @@ -1061,7 +1060,6 @@ if ($object->id > 0) { }); }); '; - } // End of page From 7a6a980b69fac8d00e548c24f58d3f9c5b29c62d Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Fri, 22 Apr 2022 07:36:56 +0000 Subject: [PATCH 007/212] Fixing style errors. --- htdocs/product/inventory/inventory.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index 05e8e50d514..0ee1806335c 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -1190,7 +1190,7 @@ if ($object->id > 0) { } print ''; -print ''; - - // Part to show record if ($object->id > 0) { $res = $object->fetch_optionals(); @@ -1207,7 +1183,6 @@ print ''; From 99efd244d6f3f1ab9dfcb9d8fe1a12b6b7bcb2d2 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Thu, 16 Jun 2022 14:57:32 +0200 Subject: [PATCH 009/212] FIX Page limit GET / POST --- htdocs/product/inventory/inventory.php | 17 +++++++++-------- htdocs/ticket/list.php | 1 - 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index ff21b499912..5e0bf2055e5 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -94,6 +94,14 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ //if ($user->socid > 0) $socid = $user->socid; //$result = restrictedArea($user, 'mymodule', $id); +//Parameters Page +$param = '&id='.$object->id; +if ($limit > 0 && $limit != $conf->liste_limit) { + $param .= '&limit='.urlencode($limit); +} +$paramwithsearch = $param; + + if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { $permissiontoadd = $user->rights->stock->creer; $permissiontodelete = $user->rights->stock->supprimer; @@ -104,12 +112,6 @@ if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { $now = dol_now(); -//Parameters Page -$param = '&id='.$object->id; -if ($limit > 0 && $limit != $conf->liste_limit) { - $param .= '&limit='.urlencode($limit); -} -$paramwithsearch = $param; /* @@ -547,8 +549,7 @@ if ($object->id > 0) { print dol_get_fiche_end(); - - print '
'; + print ''; print ''; print ''; print ''; diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index a8314c4bf89..edc42dadccb 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -683,7 +683,6 @@ if ($search_dateclose_end) { $param .= '&search_date_endmonth='.urlencode($tmparray['mon']); $param .= '&search_date_endyear='.urlencode($tmparray['year']); } - // List of mass actions available $arrayofmassactions = array( //'presend'=>img_picto('', 'email', 'class="pictofixedwidth"').$langs->trans("SendByMail"), From 8328923e096809480f45792185e85952dd6adfa0 Mon Sep 17 00:00:00 2001 From: Anthony Berton Date: Mon, 22 Aug 2022 17:18:31 +0200 Subject: [PATCH 010/212] update date --- htdocs/comm/propal/card.php | 23 +++++++++++++++++++++-- htdocs/comm/propal/class/propal.class.php | 2 +- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index c05554d2242..ad5722eb187 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -315,9 +315,28 @@ if (empty($reshook)) { } if (!$error) { + if (isset($object->duree_validite) && !empty($object->fin_validite)) { + $object->fin_validite = $datep + ($object->duree_validite * 24 * 3600); + } $result = $object->set_date($user, $datep); if ($result < 0) { dol_print_error($db, $object->error); + } elseif (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) { + $outputlangs = $langs; + $newlang = ''; + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang) && GETPOST('lang_id', 'aZ09')) $newlang = GETPOST('lang_id', 'aZ09'); + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang)) $newlang = $object->thirdparty->default_lang; + if (!empty($newlang)) { + $outputlangs = new Translate("", $conf); + $outputlangs->setDefaultLang($newlang); + } + $model = $object->model_pdf; + $ret = $object->fetch($id); // Reload to get new records + if ($ret > 0) { + $object->fetch_thirdparty(); + } + + $object->generateDocument($model, $outputlangs, $hidedetails, $hidedesc, $hideref); } } } elseif ($action == 'setecheance' && $usercancreate) { @@ -326,8 +345,8 @@ if (empty($reshook)) { if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) { $outputlangs = $langs; $newlang = ''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id', 'aZ09')) $newlang = GETPOST('lang_id', 'aZ09'); - if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang = $object->thirdparty->default_lang; + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang) && GETPOST('lang_id', 'aZ09')) $newlang = GETPOST('lang_id', 'aZ09'); + if (!empty($conf->global->MAIN_MULTILANGS) && empty($newlang)) $newlang = $object->thirdparty->default_lang; if (!empty($newlang)) { $outputlangs = new Translate("", $conf); $outputlangs->setDefaultLang($newlang); diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index d0524ec895f..5924cfc9d67 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2066,7 +2066,7 @@ class Propal extends CommonObject $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET datep = '".$this->db->idate($date)."'"; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET datep = '".$this->db->idate($date)."',fin_validite = '".$this->db->idate($this->fin_validite)."'"; $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); From 5a4d5d7f97e8dd328bb00e5d8b0296f43b61f857 Mon Sep 17 00:00:00 2001 From: Anthony Berton Date: Tue, 23 Aug 2022 08:56:00 +0200 Subject: [PATCH 011/212] set_echeance no in set_date --- htdocs/comm/propal/card.php | 24 +++++++++++++---------- htdocs/comm/propal/class/propal.class.php | 4 ++-- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index ad5722eb187..c5bf5bbf80f 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -315,10 +315,11 @@ if (empty($reshook)) { } if (!$error) { - if (isset($object->duree_validite) && !empty($object->fin_validite)) { - $object->fin_validite = $datep + ($object->duree_validite * 24 * 3600); - } $result = $object->set_date($user, $datep); + if ($result > 0 && !empty($object->duree_validite) && !empty($object->fin_validite)) { + $datev = $datep + ($object->duree_validite * 24 * 3600); + $result = $object->set_echeance($user, $datev, 1); + } if ($result < 0) { dol_print_error($db, $object->error); } elseif (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) { @@ -2301,13 +2302,16 @@ if ($action == 'create') { // Date of proposal print ''; print ''; - print ''; - if ($action != 'editdate' && $usercancreate && $caneditfield) { - print ''; - } - print '
'; - print $langs->trans('DatePropal'); - print 'id.'">'.img_edit($langs->trans('SetDate'), 1).'
'; + // print ''; + // if ($action != 'editdate' && $usercancreate && $caneditfield) { + // print ''; + // } + + // print '
'; + // print $langs->trans('DatePropal'); + // print 'id.'">'.img_edit($langs->trans('SetDate'), 1).'
'; + $editenable = $usercancreate && $caneditfield && $object->statut == Propal::STATUS_DRAFT; + print $form->editfieldkey("DatePropal", 'date', '', $object, $editenable); print ''; if ($action == 'editdate' && $usercancreate && $caneditfield) { print ''; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 5924cfc9d67..cd56fac3e7b 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -384,7 +384,7 @@ class Propal extends CommonObject $this->socid = $socid; $this->id = $propalid; - $this->duree_validite = ((int) $conf->global->PROPALE_VALIDITY_DURATION); + $this->duree_validite = isset($conf->global->PROPALE_VALIDITY_DURATION)?((int) $conf->global->PROPALE_VALIDITY_DURATION):0; } @@ -2066,7 +2066,7 @@ class Propal extends CommonObject $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET datep = '".$this->db->idate($date)."',fin_validite = '".$this->db->idate($this->fin_validite)."'"; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET datep = '".$this->db->idate($date)."'"; $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); From 88b5594af31f54bed54d0c89e61930f78c48404e Mon Sep 17 00:00:00 2001 From: kamel Date: Wed, 31 Aug 2022 09:59:24 +0200 Subject: [PATCH 012/212] FIX: Preview button position on documents list (case when the file is too long) --- htdocs/core/class/html.formfile.class.php | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 349b05416aa..6fe10788c54 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -850,6 +850,7 @@ class FormFile // Show file name with link to download $out .= ''; + $out .= $this->showPreview($file, $modulepart, $relativepath, 0, $param, 'paddingright')."\n"; $out .= 'trans("File").': '.$file["name"]); $out .= dol_trunc($file["name"], 150); - $out .= ''."\n"; - $out .= $this->showPreview($file, $modulepart, $relativepath, 0, $param); + $out .= ''; $out .= ''; // Show file size @@ -1307,6 +1307,11 @@ class FormFile // File name print ''; + // Preview link + if (!$editline) { + print $this->showPreview($file, $modulepart, $filepath, 0, '&entity='.(!empty($object->entity) ? $object->entity : $conf->entity), 'paddingright') . "\n"; + } + // Show file name with link to download //print "XX".$file['name']; //$file['name'] must be utf8 print '\n"; @@ -2097,9 +2098,10 @@ class FormFile * @param string $relativepath Relative path of docs * @param integer $ruleforpicto Rule for picto: 0=Use the generic preview picto, 1=Use the picto of mime type of file) * @param string $param More param on http links + * @param string $moreclass Add more class to class style * @return string $out Output string with HTML */ - public function showPreview($file, $modulepart, $relativepath, $ruleforpicto = 0, $param = '') + public function showPreview($file, $modulepart, $relativepath, $ruleforpicto = 0, $param = '', $moreclass = '') { global $langs, $conf; @@ -2107,7 +2109,7 @@ class FormFile if ($conf->browser->layout != 'phone' && !empty($conf->use_javascript_ajax)) { $urladvancedpreview = getAdvancedPreviewUrl($modulepart, $relativepath, 1, $param); // Return if a file is qualified for preview. if (count($urladvancedpreview)) { - $out .= ''; + $out .= ''; //$out.= ''; if (empty($ruleforpicto)) { //$out.= img_picto($langs->trans('Preview').' '.$file['name'], 'detail'); From e1bf5a5e6b53e7ac6da8453c916293d1c8d1e619 Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Thu, 1 Sep 2022 17:16:59 +0200 Subject: [PATCH 013/212] FIX : Recursively retrieves all parent bom in the tree that leads to the $bom_id bom to check if we're allowed to add bom as bomline --- htdocs/bom/bom_card.php | 10 ++++++++++ htdocs/bom/class/bom.class.php | 28 ++++++++++++++++++++++++++++ htdocs/langs/en_US/mrp.lang | 1 + htdocs/langs/fr_FR/mrp.lang | 1 + 4 files changed, 40 insertions(+) diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index ee619a589e3..11d2b3b4e31 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -180,6 +180,16 @@ if (empty($reshook)) { $error++; } + // We check if we're allowed to add this bom + $TParentBom=array(); + $object->getParentBomTreeRecursive($TParentBom, $object->id); + if($bom_child_id > 0 && !empty($TParentBom) && in_array($bom_child_id, $TParentBom)) { + $n_child = new BOM($db); + $n_child->fetch($bom_child_id); + setEventMessages($langs->transnoentities('BomCantAddChildBom', $n_child->getNomUrl(1), $object->getNomUrl(1)), null, 'errors'); + $error++; + } + if (!$error) { $bomline = new BOMLine($db); $bomline->fk_bom = $id; diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 8adcac855c2..e178c76c024 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -1147,6 +1147,34 @@ class BOM extends CommonObject } } } + + /** + * Recursively retrieves all parent bom in the tree that leads to the $bom_id bom + * + * @param array $TParentBom We put all found parent bom in $TParentBom + * @param int $bom_id ID of bom from which we want to get parent bom ids + * @return void + */ + public function getParentBomTreeRecursive(&$TParentBom, $bom_id) { + + $sql = 'SELECT l.fk_bom, b.label + FROM '.MAIN_DB_PREFIX.'bom_bomline l + INNER JOIN '.MAIN_DB_PREFIX.$this->table_element.' b ON b.rowid = l.fk_bom + WHERE fk_bom_child = '.$bom_id; + + $resql = $this->db->query($sql); + if(!empty($resql)) { + + while($res = $this->db->fetch_object($resql)) { + + $TParentBom[$res->fk_bom] = $res->fk_bom; + $this->getParentBomTreeRecursive($TParentBom, $res->fk_bom); + + } + + } + + } } diff --git a/htdocs/langs/en_US/mrp.lang b/htdocs/langs/en_US/mrp.lang index 7f29b774b29..9e1c8bb64ce 100644 --- a/htdocs/langs/en_US/mrp.lang +++ b/htdocs/langs/en_US/mrp.lang @@ -112,3 +112,4 @@ MOAndLines=Manufacturing Orders and lines MoChildGenerate=Generate Child Mo ParentMo=MO Parent MOChild=MO Child +BomCantAddChildBom=The nomenclature %s is already present in the tree leading to the nomenclature %s diff --git a/htdocs/langs/fr_FR/mrp.lang b/htdocs/langs/fr_FR/mrp.lang index e65244b584f..709ff68b963 100644 --- a/htdocs/langs/fr_FR/mrp.lang +++ b/htdocs/langs/fr_FR/mrp.lang @@ -112,3 +112,4 @@ MOAndLines=Ordres de fabrication et lignes MoChildGenerate=Generate Child Mo ParentMo=MO Parent MOChild=MO Child +BomCantAddChildBom=La nomenclature %s est déjà présente dans l'arborescence qui mène à la nomenclature %s From d4122278bdfe3144a77f16a59cb6fca56285af6a Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Thu, 1 Sep 2022 15:23:40 +0000 Subject: [PATCH 014/212] Fixing style errors. --- htdocs/bom/bom_card.php | 2 +- htdocs/bom/class/bom.class.php | 12 ++++-------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index 11d2b3b4e31..669eb70d069 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -183,7 +183,7 @@ if (empty($reshook)) { // We check if we're allowed to add this bom $TParentBom=array(); $object->getParentBomTreeRecursive($TParentBom, $object->id); - if($bom_child_id > 0 && !empty($TParentBom) && in_array($bom_child_id, $TParentBom)) { + if ($bom_child_id > 0 && !empty($TParentBom) && in_array($bom_child_id, $TParentBom)) { $n_child = new BOM($db); $n_child->fetch($bom_child_id); setEventMessages($langs->transnoentities('BomCantAddChildBom', $n_child->getNomUrl(1), $object->getNomUrl(1)), null, 'errors'); diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index e178c76c024..458e51cdf2c 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -1155,7 +1155,8 @@ class BOM extends CommonObject * @param int $bom_id ID of bom from which we want to get parent bom ids * @return void */ - public function getParentBomTreeRecursive(&$TParentBom, $bom_id) { + public function getParentBomTreeRecursive(&$TParentBom, $bom_id) + { $sql = 'SELECT l.fk_bom, b.label FROM '.MAIN_DB_PREFIX.'bom_bomline l @@ -1163,17 +1164,12 @@ class BOM extends CommonObject WHERE fk_bom_child = '.$bom_id; $resql = $this->db->query($sql); - if(!empty($resql)) { - - while($res = $this->db->fetch_object($resql)) { - + if (!empty($resql)) { + while ($res = $this->db->fetch_object($resql)) { $TParentBom[$res->fk_bom] = $res->fk_bom; $this->getParentBomTreeRecursive($TParentBom, $res->fk_bom); - } - } - } } From 30ce816c0cc3b7cab2d2364bf26a6e576cbfcd17 Mon Sep 17 00:00:00 2001 From: Thomas Negre Date: Thu, 1 Sep 2022 17:07:20 +0200 Subject: [PATCH 015/212] Fix: On a not configured personalized accounting group, the group code would be used in the formula. --- htdocs/compta/resultat/result.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/resultat/result.php b/htdocs/compta/resultat/result.php index 635531ab86b..b6ac4c1b33f 100644 --- a/htdocs/compta/resultat/result.php +++ b/htdocs/compta/resultat/result.php @@ -405,6 +405,9 @@ if ($modecompta == 'CREANCES-DETTES') { // Set $cpts with array of accounts in the category/group $cpts = $AccCat->getCptsCat($cat['rowid']); + // We should loop over empty $cpts array, else the category _code_ is used in the formula, which leads to wrong result if the code is a number. + if (empty($cpts)) $cpts[] = array(); + $arrayofaccountforfilter = array(); foreach ($cpts as $i => $cpt) { // Loop on each account. @@ -477,7 +480,7 @@ if ($modecompta == 'CREANCES-DETTES') { // Label of group print ''; print dol_escape_htmltag($cat['label']); - if (count($cpts) > 0) { // Show example of 5 first accounting accounts + if (count($cpts) > 0 && !empty($cpts[0])) { // Show example of 5 first accounting accounts $i = 0; foreach ($cpts as $cpt) { if ($i > 5) { From ce78e0164aeb2ca4dd3a77861ce28c2b5fcd9ec3 Mon Sep 17 00:00:00 2001 From: Thomas Negre Date: Thu, 1 Sep 2022 17:19:08 +0200 Subject: [PATCH 016/212] Fix: When a custom compta group would be unactive, its code would stay in the computed formula. This would lead to wrong totals if the code is a number. --- htdocs/accountancy/class/accountancycategory.class.php | 7 ++++--- htdocs/compta/resultat/result.php | 6 ++++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 77d10516daa..5aec2d48fa2 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -785,12 +785,13 @@ class AccountancyCategory // extends CommonObject } /** - * Return list of custom groups that are active + * Return list of custom groups. * * @param int $categorytype -1=All, 0=Only non computed groups, 1=Only computed groups + * @param int $active 1= active, 0=not active * @return array|int Array of groups or -1 if error */ - public function getCats($categorytype = -1) + public function getCats($categorytype = -1, $active = 1) { global $conf, $mysoc; @@ -801,7 +802,7 @@ class AccountancyCategory // extends CommonObject $sql = "SELECT c.rowid, c.code, c.label, c.formula, c.position, c.category_type, c.sens"; $sql .= " FROM ".MAIN_DB_PREFIX."c_accounting_category as c"; - $sql .= " WHERE c.active = 1"; + $sql .= " WHERE c.active = " . (int) $active; $sql .= " AND c.entity = ".$conf->entity; if ($categorytype >= 0) { $sql .= " AND c.category_type = 1"; diff --git a/htdocs/compta/resultat/result.php b/htdocs/compta/resultat/result.php index b6ac4c1b33f..93fc7d57203 100644 --- a/htdocs/compta/resultat/result.php +++ b/htdocs/compta/resultat/result.php @@ -274,6 +274,7 @@ if ($modecompta == 'CREANCES-DETTES') { } elseif ($modecompta == "BOOKKEEPING") { // Get array of all report groups that are active $cats = $AccCat->getCats(); // WARNING: Computed groups must be after group they include + $unactive_cats = $AccCat->getCats(-1, 0); /* $sql = 'SELECT DISTINCT t.numero_compte as nb FROM '.MAIN_DB_PREFIX.'accounting_bookkeeping as t, '.MAIN_DB_PREFIX.'accounting_account as aa'; @@ -325,6 +326,11 @@ if ($modecompta == 'CREANCES-DETTES') { $vars = array(); + // Unactive categories have a total of 0 to be used in the formula. + foreach($unactive_cats as $un_cat) { + $vars[$un_cat['code']] = 0; + } + // Previous Fiscal year (N-1) foreach ($sommes as $code => $det) { $vars[$code] = $det['NP']; From f1ce73263915d5d24197fe956ab9d6164006fb49 Mon Sep 17 00:00:00 2001 From: Thomas Negre Date: Thu, 1 Sep 2022 18:06:35 +0200 Subject: [PATCH 017/212] empty commit to re-launch stickler From 1269e1b86e23973110ef4f1a933ae4013797f5a5 Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Fri, 2 Sep 2022 08:44:16 +0200 Subject: [PATCH 018/212] FIX : cast --- htdocs/bom/class/bom.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index e178c76c024..1a21c73baee 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -1160,7 +1160,7 @@ class BOM extends CommonObject $sql = 'SELECT l.fk_bom, b.label FROM '.MAIN_DB_PREFIX.'bom_bomline l INNER JOIN '.MAIN_DB_PREFIX.$this->table_element.' b ON b.rowid = l.fk_bom - WHERE fk_bom_child = '.$bom_id; + WHERE fk_bom_child = '.((int) $bom_id); $resql = $this->db->query($sql); if(!empty($resql)) { From 16e1c7ea713bbb8bef343b5c784b3722ebc473eb Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 2 Sep 2022 10:25:12 +0200 Subject: [PATCH 019/212] Update result.php Fixed Stickler --- htdocs/compta/resultat/result.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/resultat/result.php b/htdocs/compta/resultat/result.php index 93fc7d57203..378e594c9db 100644 --- a/htdocs/compta/resultat/result.php +++ b/htdocs/compta/resultat/result.php @@ -327,7 +327,7 @@ if ($modecompta == 'CREANCES-DETTES') { $vars = array(); // Unactive categories have a total of 0 to be used in the formula. - foreach($unactive_cats as $un_cat) { + foreach ($unactive_cats as $un_cat) { $vars[$un_cat['code']] = 0; } From c28407a1c9b0a45de91f34cf3f27ae5c0da591a3 Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Fri, 2 Sep 2022 10:28:19 +0200 Subject: [PATCH 020/212] FIX : default value for bom_id with $this->id and protection against infinite loop --- htdocs/bom/bom_card.php | 2 +- htdocs/bom/class/bom.class.php | 12 ++++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index 669eb70d069..573478a6b3d 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -182,7 +182,7 @@ if (empty($reshook)) { // We check if we're allowed to add this bom $TParentBom=array(); - $object->getParentBomTreeRecursive($TParentBom, $object->id); + $object->getParentBomTreeRecursive($TParentBom); if ($bom_child_id > 0 && !empty($TParentBom) && in_array($bom_child_id, $TParentBom)) { $n_child = new BOM($db); $n_child->fetch($bom_child_id); diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 6cd1d1d42d8..374d4af248b 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -1153,11 +1153,19 @@ class BOM extends CommonObject * * @param array $TParentBom We put all found parent bom in $TParentBom * @param int $bom_id ID of bom from which we want to get parent bom ids + * @param int $level Protection against infinite loop * @return void */ - public function getParentBomTreeRecursive(&$TParentBom, $bom_id) + public function getParentBomTreeRecursive(&$TParentBom, $bom_id='', $level=1) { + // Protection against infinite loop + if ($level > 1000) { + return 0; + } + + if(empty($bom_id)) $bom_id=$this->id; + $sql = 'SELECT l.fk_bom, b.label FROM '.MAIN_DB_PREFIX.'bom_bomline l INNER JOIN '.MAIN_DB_PREFIX.$this->table_element.' b ON b.rowid = l.fk_bom @@ -1167,7 +1175,7 @@ class BOM extends CommonObject if (!empty($resql)) { while ($res = $this->db->fetch_object($resql)) { $TParentBom[$res->fk_bom] = $res->fk_bom; - $this->getParentBomTreeRecursive($TParentBom, $res->fk_bom); + $this->getParentBomTreeRecursive($TParentBom, $res->fk_bom, $level+1); } } } From db7bb77d03ff51565856aec6dac8f5de99598726 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Fri, 2 Sep 2022 10:31:56 +0200 Subject: [PATCH 021/212] Update bom_card.php --- htdocs/bom/bom_card.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index 25b7a8730dd..2801b8e3d66 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -17,9 +17,9 @@ */ /** - * \file htdocs/bom/bom_card.php - * \ingroup bom - * \brief Page to create/edit/view bom + * \file htdocs/bom/bom_card.php + * \ingroup bom + * \brief Page to create/edit/view BOM */ // Load Dolibarr environment @@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/mrp/lib/mrp.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("mrp", "other")); +$langs->loadLangs(array('mrp', 'other')); // Get parameters $id = GETPOST('id', 'int'); @@ -335,7 +335,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea } $text = $langs->trans('ConfirmValidateBom', $numref); - /*if (!empty($conf->notification->enabled)) + /*if (! empty($conf->notification->enabled)) { require_once DOL_DOCUMENT_ROOT . '/core/class/notify.class.php'; $notify = new Notify($db); @@ -363,7 +363,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Confirmation of closing if ($action == 'close') { $text = $langs->trans('ConfirmCloseBom', $object->ref); - /*if (!empty($conf->notification->enabled)) + /*if (! empty($conf->notification->enabled)) { require_once DOL_DOCUMENT_ROOT . '/core/class/notify.class.php'; $notify = new Notify($db); @@ -391,7 +391,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Confirmation of reopen if ($action == 'reopen') { $text = $langs->trans('ConfirmReopenBom', $object->ref); - /*if (!empty($conf->notification->enabled)) + /*if (! empty($conf->notification->enabled)) { require_once DOL_DOCUMENT_ROOT . '/core/class/notify.class.php'; $notify = new Notify($db); @@ -457,7 +457,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Thirdparty $morehtmlref.='
'.$langs->trans('ThirdParty') . ' : ' . $soc->getNomUrl(1); // Project - if (!empty($conf->project->enabled)) + if (! empty($conf->project->enabled)) { $langs->load("projects"); $morehtmlref.='
'.$langs->trans('Project') . ' '; @@ -477,7 +477,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); } } else { - if (!empty($object->fk_project)) { + if (! empty($object->fk_project)) { $proj = new Project($db); $proj->fetch($object->fk_project); $morehtmlref.=$proj->getNomUrl(); From 21517cf5789de767087a02c5ca99861e3f889aa3 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Fri, 2 Sep 2022 08:33:27 +0000 Subject: [PATCH 022/212] Fixing style errors. --- htdocs/bom/class/bom.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 374d4af248b..5fa2957e663 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -1156,7 +1156,7 @@ class BOM extends CommonObject * @param int $level Protection against infinite loop * @return void */ - public function getParentBomTreeRecursive(&$TParentBom, $bom_id='', $level=1) + public function getParentBomTreeRecursive(&$TParentBom, $bom_id = '', $level = 1) { // Protection against infinite loop @@ -1164,7 +1164,7 @@ class BOM extends CommonObject return 0; } - if(empty($bom_id)) $bom_id=$this->id; + if (empty($bom_id)) $bom_id=$this->id; $sql = 'SELECT l.fk_bom, b.label FROM '.MAIN_DB_PREFIX.'bom_bomline l From 360bfed601f018bf9234aafc9f6d44e3cd282479 Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Fri, 2 Sep 2022 11:57:29 +0200 Subject: [PATCH 023/212] FIX : return void --- htdocs/bom/class/bom.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 374d4af248b..5ddbf05eca4 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -1161,7 +1161,7 @@ class BOM extends CommonObject // Protection against infinite loop if ($level > 1000) { - return 0; + return; } if(empty($bom_id)) $bom_id=$this->id; From 0d9e595f0ef277e7e470f54839e8b1b20c3df477 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 2 Sep 2022 19:43:48 +0200 Subject: [PATCH 024/212] Fix profile to export categories --- htdocs/core/modules/modCategorie.class.php | 42 +++++++++++++--------- htdocs/langs/en_US/categories.lang | 1 + 2 files changed, 26 insertions(+), 17 deletions(-) diff --git a/htdocs/core/modules/modCategorie.class.php b/htdocs/core/modules/modCategorie.class.php index c3b7f256b4b..905392aa996 100644 --- a/htdocs/core/modules/modCategorie.class.php +++ b/htdocs/core/modules/modCategorie.class.php @@ -164,8 +164,9 @@ class modCategorie extends DolibarrModules $typeexample .= ($typeexample ? " / " : "")."11=Website page"; } - $this->export_fields_array[$r] = array('cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.type'=>"Type", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategory", 'pcat.label'=>"ParentCategoryLabel"); - $this->export_TypeFields_array[$r] = array('cat.label'=>"Text", 'cat.type'=>"Numeric", 'cat.description'=>"Text", 'cat.fk_parent'=>'List:categorie:label:rowid', 'pcat.label'=>'Text'); + // Definition of vars + $this->export_fields_array[$r] = array('cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.type'=>"Type", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategoryID", 'pcat.label'=>"ParentCategoryLabel"); + $this->export_TypeFields_array[$r] = array('cat.rowid'=>'Numeric', 'cat.label'=>"Text", 'cat.type'=>"Numeric", 'cat.description'=>"Text", 'cat.fk_parent'=>'Numeric', 'pcat.label'=>'Text'); $this->export_entities_array[$r] = array(); // We define here only fields that use another picto $this->export_help_array[$r] = array('cat.type'=>$typeexample); @@ -181,8 +182,8 @@ class modCategorie extends DolibarrModules $this->export_icon[$r] = $this->picto; $this->export_enabled[$r] = '!empty($conf->product->enabled) || !empty($conf->service->abled)'; $this->export_permission[$r] = array(array("categorie", "lire"), array("produit", "export")); - $this->export_fields_array[$r] = array('cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategory", 'p.rowid'=>'ProductId', 'p.ref'=>'Ref', 'p.label'=>'Label'); - $this->export_TypeFields_array[$r] = array('cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'List:categorie:label:rowid', 'p.ref'=>'Text', 'p.label'=>'Text'); + $this->export_fields_array[$r] = array('cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategoryID", 'pcat.label'=>"ParentCategoryLabel", 'p.rowid'=>'ProductId', 'p.ref'=>'Ref', 'p.label'=>'Label'); + $this->export_TypeFields_array[$r] = array('cat.rowid'=>'Numeric', 'cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'Numeric', 'pcat.label'=>'Text', 'p.rowid'=>'Numeric', 'p.ref'=>'Text', 'p.label'=>'Text'); $this->export_entities_array[$r] = array('p.rowid'=>'product', 'p.ref'=>'product', 'p.label'=>'product'); // We define here only fields that use another picto $keyforselect = 'product'; @@ -192,6 +193,7 @@ class modCategorie extends DolibarrModules $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'categorie as cat'; + $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as pcat ON pcat.rowid = cat.fk_parent'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'categorie_product as cp ON cp.fk_categorie = cat.rowid'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'product as p ON p.rowid = cp.fk_product'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra ON extra.fk_object = p.rowid'; @@ -206,7 +208,7 @@ class modCategorie extends DolibarrModules $this->export_enabled[$r] = '!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) || !empty($conf->supplier_order->enabled) || !empty($conf->supplier_invoice->enabled)'; $this->export_permission[$r] = array(array("categorie", "lire"), array("fournisseur", "lire")); $this->export_fields_array[$r] = array( - 'cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategory", + 'cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategoryID", 'pcat.label'=>"ParentCategoryLabel", 's.rowid'=>'IdThirdParty', 's.nom'=>'Name', 's.prefix_comm'=>"Prefix", 's.fournisseur'=>"Supplier", 's.datec'=>"DateCreation", 's.tms'=>"DateLastModification", 's.code_fournisseur'=>"SupplierCode", 's.address'=>"Address", 's.zip'=>"Zip", 's.town'=>"Town", 'c.label'=>"Country", 'c.code'=>"CountryCode", 's.phone'=>"Phone", 's.fax'=>"Fax", 's.url'=>"Url", 's.email'=>"Email", @@ -214,7 +216,7 @@ class modCategorie extends DolibarrModules 't.libelle'=>'ThirdPartyType' ); $this->export_TypeFields_array[$r] = array( - 'cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'List:categorie:label:rowid', + 'cat.rowid'=>'Numeric', 'cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'Numeric', 'pcat.label'=>'Text', 's.rowid'=>'List:societe:nom', 's.nom'=>'Text', 's.prefix_comm'=>"Text", 's.fournisseur'=>"Text", 's.datec'=>"Date", 's.tms'=>"Date", 's.code_fournisseur'=>"Text", 's.address'=>"Text", 's.zip'=>"Text", 's.town'=>"Text", 'c.label'=>"List:c_country:label:label", 'c.code'=>"Text", 's.phone'=>"Text", 's.fax'=>"Text", 's.url'=>"Text", 's.email'=>"Text", @@ -236,6 +238,7 @@ class modCategorie extends DolibarrModules $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'categorie as cat'; + $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as pcat ON pcat.rowid = cat.fk_parent'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'categorie_fournisseur as cf ON cf.fk_categorie = cat.rowid'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = cf.fk_soc'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe_extrafields as extra ON s.rowid = extra.fk_object'; @@ -252,7 +255,7 @@ class modCategorie extends DolibarrModules $this->export_enabled[$r] = '!empty($conf->societe->enabled)'; $this->export_permission[$r] = array(array("categorie", "lire"), array("societe", "export")); $this->export_fields_array[$r] = array( - 'cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategory", + 'cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategoryID", 'pcat.label'=>"ParentCategoryLabel", 's.rowid'=>'IdThirdParty', 's.nom'=>'Name', 's.prefix_comm'=>"Prefix", 's.client'=>"Customer", 's.datec'=>"DateCreation", 's.tms'=>"DateLastModification", 's.code_client'=>"CustomerCode", 's.address'=>"Address", 's.zip'=>"Zip", 's.town'=>"Town", 'c.label'=>"Country", 'c.code'=>"CountryCode", 's.phone'=>"Phone", 's.fax'=>"Fax", 's.url'=>"Url", 's.email'=>"Email", @@ -260,7 +263,7 @@ class modCategorie extends DolibarrModules 't.libelle'=>'ThirdPartyType', 'pl.code'=>'ProspectLevel', 'st.code'=>'ProspectStatus' ); $this->export_TypeFields_array[$r] = array( - 'cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'List:categorie:label:rowid', + 'cat.rowid'=>'Numeric', 'cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'Numeric', 'pcat.label'=>'Text', 's.rowid'=>'List:societe:nom', 's.nom'=>'Text', 's.prefix_comm'=>"Text", 's.client'=>"Text", 's.datec'=>"Date", 's.tms'=>"Date", 's.code_client'=>"Text", 's.address'=>"Text", 's.zip'=>"Text", 's.town'=>"Text", 'c.label'=>"List:c_country:label:label", 'c.code'=>"Text", 's.phone'=>"Text", 's.fax'=>"Text", 's.url'=>"Text", 's.email'=>"Text", @@ -282,6 +285,7 @@ class modCategorie extends DolibarrModules $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'categorie as cat'; + $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as pcat ON pcat.rowid = cat.fk_parent'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_categorie = cat.rowid'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = cs.fk_soc'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe_extrafields as extra ON s.rowid = extra.fk_object'; @@ -299,8 +303,8 @@ class modCategorie extends DolibarrModules $this->export_icon[$r] = $this->picto; $this->export_enabled[$r] = '!empty($conf->adherent->enabled)'; $this->export_permission[$r] = array(array("categorie", "lire"), array("adherent", "export")); - $this->export_fields_array[$r] = array('cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategory", 'p.rowid'=>'MemberId', 'p.lastname'=>'LastName', 'p.firstname'=>'Firstname'); - $this->export_TypeFields_array[$r] = array('cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'List:categorie:label:rowid', 'p.lastname'=>'Text', 'p.firstname'=>'Text'); + $this->export_fields_array[$r] = array('cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategoryID", 'pcat.label'=>"ParentCategoryLabel", 'p.rowid'=>'MemberId', 'p.lastname'=>'LastName', 'p.firstname'=>'Firstname'); + $this->export_TypeFields_array[$r] = array('cat.rowid'=>"Numeric", 'cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'Numeric', 'pcat.label'=>'Text', 'p.lastname'=>'Text', 'p.firstname'=>'Text'); $this->export_entities_array[$r] = array('p.rowid'=>'member', 'p.lastname'=>'member', 'p.firstname'=>'member'); // We define here only fields that use another picto $keyforselect = 'adherent'; @@ -310,6 +314,7 @@ class modCategorie extends DolibarrModules $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'categorie as cat'; + $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as pcat ON pcat.rowid = cat.fk_parent'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'categorie_member as cm ON cm.fk_categorie = cat.rowid'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'adherent as p ON p.rowid = cm.fk_member'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'adherent_extrafields as extra ON cat.rowid = extra.fk_object '; @@ -324,7 +329,7 @@ class modCategorie extends DolibarrModules $this->export_enabled[$r] = '!empty($conf->societe->enabled)'; $this->export_permission[$r] = array(array("categorie", "lire"), array("societe", "contact", "export")); $this->export_fields_array[$r] = array( - 'cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategory", + 'cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategoryID", 'pcat.label'=>"ParentCategoryLabel", 'p.rowid' => 'ContactId', 'civ.label' => 'UserTitle', 'p.lastname' => 'LastName', 'p.firstname' => 'Firstname', 'p.address' => 'Address', 'p.zip' => 'Zip', 'p.town' => 'Town', 'c.code' => 'CountryCode', 'c.label' => 'Country', 'p.birthday' => 'DateOfBirth', 'p.poste' => 'PostOrFunction', @@ -335,8 +340,8 @@ class modCategorie extends DolibarrModules 's.phone'=>"Phone", 's.fax'=>"Fax", 's.url'=>"Url", 's.email'=>"Email" ); $this->export_TypeFields_array[$r] = array( - 'cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'List:categorie:label:rowid', - 'civ.label' => 'List:c_civility:label:label', 'p.lastname' => 'Text', 'p.firstname' => 'Text', + 'cat.rowid'=>'Numeric', 'cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'Numeric', 'pcat.label'=>'Text', + 'civ.label' => 'List:c_civility:label:label', 'p.rowid'=>'Numeric', 'p.lastname' => 'Text', 'p.firstname' => 'Text', 'p.address' => 'Text', 'p.zip' => 'Text', 'p.town' => 'Text', 'c.code' => 'Text', 'c.label' => 'List:c_country:label:label', 'p.birthday' => 'Date', 'p.poste' => 'Text', 'p.phone' => 'Text', 'p.phone_perso' => 'Text', 'p.phone_mobile' => 'Text', 'p.fax' => 'Text', 'p.email' => 'Text', @@ -363,6 +368,7 @@ class modCategorie extends DolibarrModules $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'categorie as cat'; + $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as pcat ON pcat.rowid = cat.fk_parent'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'categorie_contact as cc ON cc.fk_categorie = cat.rowid'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'socpeople as p ON p.rowid = cc.fk_socpeople'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'socpeople_extrafields as extra ON extra.fk_object = p.rowid'; @@ -381,8 +387,8 @@ class modCategorie extends DolibarrModules $this->export_icon[$r] = $this->picto; $this->export_enabled[$r] = '!empty($conf->projet->enabled)'; $this->export_permission[$r] = array(array("categorie", "lire"), array("projet", "export")); - $this->export_fields_array[$r] = array('cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategory", 'p.rowid'=>'ProjectId', 'p.ref'=>'Ref', 's.rowid'=>"IdThirdParty", 's.nom'=>"Name"); - $this->export_TypeFields_array[$r] = array('cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'List:categorie:label:rowid', 'p.ref'=>'Text', 's.rowid'=>"List:societe:nom:rowid", 's.nom'=>"Text"); + $this->export_fields_array[$r] = array('cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategory", 'pcat.label'=>"ParentCategoryLabel", 'p.rowid'=>'ProjectId', 'p.ref'=>'Ref', 's.rowid'=>"IdThirdParty", 's.nom'=>"Name"); + $this->export_TypeFields_array[$r] = array('cat.rowid'=>'Numeric', 'cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'Numeric', 'pcat.label'=>'Text', 'p.rowid'=>'Numeric', 'p.ref'=>'Text', 's.rowid'=>"List:societe:nom:rowid", 's.nom'=>"Text"); $this->export_entities_array[$r] = array('p.rowid'=>'project', 'p.ref'=>'project', 's.rowid'=>"company", 's.nom'=>"company"); // We define here only fields that use another picto $keyforselect = 'projet'; @@ -392,6 +398,7 @@ class modCategorie extends DolibarrModules $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'categorie as cat'; + $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as pcat ON pcat.rowid = cat.fk_parent'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'categorie_project as cp ON cp.fk_categorie = cat.rowid'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'projet as p ON p.rowid = cp.fk_project'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet_extrafields as extra ON extra.fk_object = p.rowid'; @@ -406,8 +413,8 @@ class modCategorie extends DolibarrModules $this->export_icon[$r] = $this->picto; $this->export_enabled[$r] = '!empty($conf->user->enabled)'; $this->export_permission[$r] = array(array("categorie", "lire"), array("user", "export")); - $this->export_fields_array[$r] = array('cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategory", 'p.rowid'=>'TechnicalID', 'p.login'=>'Login', 'p.lastname'=>'Lastname', 'p.firstname'=>'Firstname'); - $this->export_TypeFields_array[$r] = array('cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'List:categorie:label:rowid', 'p.login'=>'Text', 'p.lastname'=>'Text', 'p.firstname'=>'Text'); + $this->export_fields_array[$r] = array('cat.rowid'=>"CategId", 'cat.label'=>"Label", 'cat.description'=>"Description", 'cat.fk_parent'=>"ParentCategory", 'pcat.label'=>"ParentCategoryLabel", 'p.rowid'=>'UserID', 'p.login'=>'Login', 'p.lastname'=>'Lastname', 'p.firstname'=>'Firstname'); + $this->export_TypeFields_array[$r] = array('cat.rowid'=>"Numeric", 'cat.label'=>"Text", 'cat.description'=>"Text", 'cat.fk_parent'=>'Numeric', 'pcat.label'=>'Text', 'p.rowid'=>'Numeric', 'p.login'=>'Text', 'p.lastname'=>'Text', 'p.firstname'=>'Text'); $this->export_entities_array[$r] = array('p.rowid'=>'user', 'p.login'=>'user', 'p.lastname'=>'user', 'p.firstname'=>'user'); // We define here only fields that use another picto $keyforselect = 'user'; @@ -417,6 +424,7 @@ class modCategorie extends DolibarrModules $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'categorie as cat'; + $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as pcat ON pcat.rowid = cat.fk_parent'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'categorie_user as cu ON cu.fk_categorie = cat.rowid'; $this->export_sql_end[$r] .= ' INNER JOIN '.MAIN_DB_PREFIX.'user as p ON p.rowid = cu.fk_user'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'user_extrafields as extra ON extra.fk_object = p.rowid'; diff --git a/htdocs/langs/en_US/categories.lang b/htdocs/langs/en_US/categories.lang index a2d05767cae..5330730ad3a 100644 --- a/htdocs/langs/en_US/categories.lang +++ b/htdocs/langs/en_US/categories.lang @@ -67,6 +67,7 @@ StockCategoriesShort=Warehouse tags/categories ThisCategoryHasNoItems=This category does not contain any items. CategId=Tag/category id ParentCategory=Parent tag/category +ParentCategoryID=ID of parent tag/category ParentCategoryLabel=Label of parent tag/category CatSupList=List of vendors tags/categories CatCusList=List of customers/prospects tags/categories From 7fe9784ddb184d8c7a4438fe5e2291ca5ded2273 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Sat, 3 Sep 2022 12:55:54 +0200 Subject: [PATCH 025/212] fix: better global declaration --- htdocs/bookmarks/bookmarks.lib.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index 8eef3396eaa..696545f324c 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -29,9 +29,9 @@ */ function printDropdownBookmarksList() { - global $conf, $user, $db, $langs; + global $conf, $user, $db, $langs, $sortfield, $sortorder; - require_once DOL_DOCUMENT_ROOT.'/bookmarks/class/bookmark.class.php'; + require_once DOL_DOCUMENT_ROOT.'/boo, kmarks/class/bookmark.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php'; $langs->load("bookmarks"); @@ -48,7 +48,6 @@ function printDropdownBookmarksList() } } } - global $sortfield, $sortorder; $tmpurl = ''; // No urlencode, all param $url will be urlencoded later if ($sortfield) { From d5665e220e3ed88874fce45921513ba2e57c8112 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Sat, 3 Sep 2022 13:00:24 +0200 Subject: [PATCH 026/212] fix: better global declaration --- htdocs/bookmarks/bookmarks.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index 696545f324c..f983e25f1da 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -31,7 +31,7 @@ function printDropdownBookmarksList() { global $conf, $user, $db, $langs, $sortfield, $sortorder; - require_once DOL_DOCUMENT_ROOT.'/boo, kmarks/class/bookmark.class.php'; + require_once DOL_DOCUMENT_ROOT.'/bookmarks/class/bookmark.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php'; $langs->load("bookmarks"); From db966495b1b9f28a6e7c1710ec18e793106ebe86 Mon Sep 17 00:00:00 2001 From: Eric Seigne Date: Mon, 29 Aug 2022 15:57:13 +0200 Subject: [PATCH 027/212] fix #21941 call_trigger better fix #21941 : trigger nearest the code that justify its execution --- htdocs/core/ajax/onlineSign.php | 9 +++++++++ htdocs/public/onlinesign/newonlinesign.php | 10 ++++++++++ 2 files changed, 19 insertions(+) diff --git a/htdocs/core/ajax/onlineSign.php b/htdocs/core/ajax/onlineSign.php index 67c3c989a3a..3ec4cfa0f20 100644 --- a/htdocs/core/ajax/onlineSign.php +++ b/htdocs/core/ajax/onlineSign.php @@ -212,6 +212,15 @@ if ($action == "importSignature") { $db->commit(); $response = "success"; setEventMessages("PropalSigned", null, 'warnings'); + if (method_exists($object, 'call_trigger')) { + //customer is not a user !?! so could we use same user as validation ? + $user = new User($db); + $user->fetch($object->user_valid_id); + $result = $object->call_trigger('PROPAL_CLOSE_SIGNED', $user); + if ($result < 0) { + $error++; + } + } } else { $db->rollback(); $error++; diff --git a/htdocs/public/onlinesign/newonlinesign.php b/htdocs/public/onlinesign/newonlinesign.php index a3ad1eaf645..1d90339a0ac 100644 --- a/htdocs/public/onlinesign/newonlinesign.php +++ b/htdocs/public/onlinesign/newonlinesign.php @@ -168,6 +168,15 @@ if ($action == 'confirm_refusepropal' && $confirm == 'yes') { $message = 'refused'; setEventMessages("PropalRefused", null, 'warnings'); + if (method_exists($object, 'call_trigger')) { + //customer is not a user !?! so could we use same user as validation ? + $user = new User($db); + $user->fetch($object->user_valid_id); + $result = $object->call_trigger('PROPAL_CLOSE_REFUSED', $user); + if ($result < 0) { + $error++; + } + } } else { $db->rollback(); } @@ -459,6 +468,7 @@ if ($action == "dosign" && empty($cancel)) { print '
'; if ($message == 'refused') { print ''.$langs->trans("PropalRefused").''; + } else { print ''.$langs->trans("PropalAlreadyRefused").''; } From 8e06c988878aa83d10f8f1ad0b47f7afa3cedffc Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Sat, 3 Sep 2022 12:02:29 +0000 Subject: [PATCH 028/212] Fixing style errors. --- htdocs/public/onlinesign/newonlinesign.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/public/onlinesign/newonlinesign.php b/htdocs/public/onlinesign/newonlinesign.php index 1d90339a0ac..e379853ed91 100644 --- a/htdocs/public/onlinesign/newonlinesign.php +++ b/htdocs/public/onlinesign/newonlinesign.php @@ -468,7 +468,6 @@ if ($action == "dosign" && empty($cancel)) { print '
'; if ($message == 'refused') { print ''.$langs->trans("PropalRefused").''; - } else { print ''.$langs->trans("PropalAlreadyRefused").''; } From c5b3df23baa79aeae32831ae2adb7446b9666aab Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sun, 4 Sep 2022 04:49:09 +0200 Subject: [PATCH 029/212] FIX Dictionary - Display error on >cache_vatrates --- htdocs/admin/dict.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index eab0942ee4e..8ea30ef3b93 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -1963,7 +1963,7 @@ if ($id) { } elseif ($value == 'fk_tva') { foreach ($form->cache_vatrates as $key => $Tab) { if ($form->cache_vatrates[$key]['rowid'] == $valuetoshow) { - $valuetoshow = $form->cache_vatrates[$key]['libtva']; + $valuetoshow = $form->cache_vatrates[$key]['label']; break; } } From a542c86bcda2af394670e3bca49b3f0d9f1b8fe2 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sun, 4 Sep 2022 04:59:31 +0200 Subject: [PATCH 030/212] FIX Project - on global view, missing display of ref customer --- htdocs/compta/facture/class/facture.class.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index b1eb8656645..d646da3b413 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -15,7 +15,7 @@ * Copyright (C) 2013 Cedric Gross * Copyright (C) 2013 Florian Henry * Copyright (C) 2016 Ferran Marcet - * Copyright (C) 2018 Alexandre Spangaro + * Copyright (C) 2018-2022 Alexandre Spangaro * Copyright (C) 2018 Nicolas ZABOURI * Copyright (C) 2022 Sylvain Legrand * @@ -1671,8 +1671,9 @@ class Facture extends CommonInvoice $this->id = $obj->rowid; $this->entity = $obj->entity; - $this->ref = $obj->ref; - $this->ref_client = $obj->ref_client; + $this->ref = $obj->ref; + $this->ref_client = $obj->ref_client; + $this->ref_customer = $obj->ref_client; $this->ref_ext = $obj->ref_ext; $this->type = $obj->type; $this->date = $this->db->jdate($obj->df); From 975d3ecf99f4330b31855b7efee87f99a9ac2291 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Sun, 4 Sep 2022 12:11:45 +0200 Subject: [PATCH 031/212] update code --- htdocs/admin/fckeditor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php index 3c3cd731a7d..60d0f52b036 100644 --- a/htdocs/admin/fckeditor.php +++ b/htdocs/admin/fckeditor.php @@ -65,7 +65,7 @@ $conditions = array( 'PRODUCTDESC' => (isModEnabled("product") || isModEnabled("service")), 'DETAILS' => (isModEnabled('facture') || isModEnabled("propal") || isModEnabled('commande') || isModEnabled('supplier_proposal') || (isModEnabled("fournisseur") && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)) || isModEnabled("supplier_order") || isModEnabled("supplier_invoice")), 'USERSIGN' => 1, - 'MAILING' => !empty($conf->mailing->enabled), + 'MAILING' => isModEnabled('mailing'), 'MAIL' => (isModEnabled('facture') || isModEnabled("propal") || isModEnabled('commande')), 'TICKET' => !empty($conf->ticket->enabled), ); From 34b4ba7f33dd52c139461f4f237b0f799afe3b85 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Sun, 4 Sep 2022 13:24:12 +0200 Subject: [PATCH 032/212] update code --- .../canvas/actions_contactcard_common.class.php | 2 +- htdocs/contact/card.php | 16 ++++++++-------- htdocs/contact/list.php | 6 +++--- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/htdocs/contact/canvas/actions_contactcard_common.class.php b/htdocs/contact/canvas/actions_contactcard_common.class.php index d1cc70b4927..4a3fc28c9de 100644 --- a/htdocs/contact/canvas/actions_contactcard_common.class.php +++ b/htdocs/contact/canvas/actions_contactcard_common.class.php @@ -180,7 +180,7 @@ abstract class ActionsContactCardCommon if ($action == 'view' || $action == 'edit' || $action == 'delete') { // Emailing - if (!empty($conf->mailing->enabled)) { + if (isModEnabled('mailing')) { $langs->load("mails"); $this->tpl['nb_emailing'] = $this->object->getNbOfEMailings(); } diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 4712b673ad1..d751cbef511 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -249,7 +249,7 @@ if (empty($reshook)) { $action = 'create'; } - if (!empty($conf->mailing->enabled) && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS == 2 && $object->no_email == -1 && !empty($object->email)) { + if (isModEnabled('mailing') && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS == 2 && $object->no_email == -1 && !empty($object->email)) { $error++; $errors[] = $langs->trans("ErrorFieldRequired", $langs->transnoentities("No_Email")); $action = 'create'; @@ -290,7 +290,7 @@ if (empty($reshook)) { } } - if (empty($error) && !empty($conf->mailing->enabled) && !empty($object->email)) { + if (empty($error) && isModEnabled('mailing') && !empty($object->email)) { // Add mass emailing flag into table mailing_unsubscribe $result = $object->setNoEmail($object->no_email); if ($result < 0) { @@ -342,7 +342,7 @@ if (empty($reshook)) { $action = 'edit'; } - if (!empty($conf->mailing->enabled) && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS == 2 && GETPOST("no_email", "int") == -1 && !empty(GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL))) { + if (isModEnabled('mailing') && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS == 2 && GETPOST("no_email", "int") == -1 && !empty(GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL))) { $error++; $errors[] = $langs->trans("ErrorFieldRequired", $langs->transnoentities("No_Email")); $action = 'edit'; @@ -830,7 +830,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; // Unsubscribe - if (!empty($conf->mailing->enabled)) { + if (isModEnabled('mailing')) { if ($conf->use_javascript_ajax && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS == 2) { print "\n".' - ' - ); + + ' + ); + } } } diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index 6984255b91c..ef485f62b5f 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -1507,7 +1507,7 @@ if ($resql) { // Payment term if (!empty($arrayfields['c.fk_cond_reglement']['checked'])) { print ''; - $form->select_conditions_paiements($search_fk_cond_reglement, 'search_fk_cond_reglement', 1, 1, 1); + print $form->getSelectConditionsPaiements($search_fk_cond_reglement, 'search_fk_cond_reglement', 1, 1, 1); print ''; } // Payment mode diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index aadaf3895e9..3edefe8f159 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -3670,7 +3670,7 @@ if ($action == 'create') { // Payment term print ''.$langs->trans('PaymentConditionsShort').''; - $form->select_conditions_paiements(GETPOSTISSET('cond_reglement_id') ? GETPOST('cond_reglement_id', 'int') : $cond_reglement_id, 'cond_reglement_id'); + print $form->getSelectConditionsPaiements(GETPOSTISSET('cond_reglement_id') ? GETPOST('cond_reglement_id', 'int') : $cond_reglement_id, 'cond_reglement_id'); print ''; @@ -3702,7 +3702,7 @@ if ($action == 'create') { $retained_warranty_fk_cond_reglement = $conf->global->INVOICE_SITUATION_DEFAULT_RETAINED_WARRANTY_COND_ID; } } - $form->select_conditions_paiements($retained_warranty_fk_cond_reglement, 'retained_warranty_fk_cond_reglement', -1, 1); + print $form->getSelectConditionsPaiements($retained_warranty_fk_cond_reglement, 'retained_warranty_fk_cond_reglement', -1, 1); print ''; print ''; echo $dialog; if ($parameters['currentcontext'] == 'thirdpartycard' && in_array($object->forme_juridique_code, array(11, 12, 13, 15, 17, 18, 19, 35, 60, 200, 311, 312, 316, 401, 600, 700, 1005)) || $object->typent_id == 8) { - echo '
'.$langs->trans("DATAPOLICIES_PORTABILITE").'
'; + echo '
'.$langs->trans("DATAPOLICY_PORTABILITE").'
'; } elseif ($parameters['currentcontext'] == 'membercard') { - echo '
'.$langs->trans("DATAPOLICIES_PORTABILITE").'
'; + echo '
'.$langs->trans("DATAPOLICY_PORTABILITE").'
'; } elseif ($parameters['currentcontext'] == 'contactcard') { - echo '
'.$langs->trans("DATAPOLICIES_PORTABILITE").'
'; + echo '
'.$langs->trans("DATAPOLICY_PORTABILITE").'
'; } if (!empty($object->mail) && empty($object->array_options['options_datapolicy_send']) && $parameters['currentcontext'] == 'thirdpartycard' && in_array($object->forme_juridique_code, array(11, 12, 13, 15, 17, 18, 19, 35, 60, 200, 311, 312, 316, 401, 600, 700, 1005)) || $object->typent_id == 8) { - echo '
'.$langs->trans("DATAPOLICIES_SEND").'
'; + echo '
'.$langs->trans("DATAPOLICY_SEND").'
'; } elseif (!empty($object->mail) && empty($object->array_options['options_datapolicy_send']) && $parameters['currentcontext'] == 'membercard') { - echo '
'.$langs->trans("DATAPOLICIES_SEND").'
'; + echo '
'.$langs->trans("DATAPOLICY_SEND").'
'; } elseif (!empty($object->mail) && empty($object->array_options['options_datapolicy_send']) && $parameters['currentcontext'] == 'contactcard') { - echo '
'.$langs->trans("DATAPOLICIES_SEND").'
'; + echo '
'.$langs->trans("DATAPOLICY_SEND").'
'; } } } @@ -412,7 +412,7 @@ class ActionsDatapolicy if ((in_array($object->forme_juridique_code, array(11, 12, 13, 15, 17, 18, 19, 35, 60, 200, 311, 312, 316, 401, 600, 700, 1005)) || $societe->typent_id == 8) && $societe->isObjectUsed(GETPOST('socid'))) { require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; $form = new Form($this->db); - echo $form->formconfirm($_SERVER["PHP_SELF"]."?socid=".GETPOST('socid'), substr($langs->trans("DATAPOLICIES_POPUP_ANONYME_TITLE"), 0, strlen($langs->trans("DATAPOLICIES_POPUP_ANONYME_TITLE")) - 2), $langs->trans("DATAPOLICIES_POPUP_ANONYME_TEXTE"), 'anonymiser', '', '', 1); + echo $form->formconfirm($_SERVER["PHP_SELF"]."?socid=".GETPOST('socid'), substr($langs->trans("DATAPOLICY_POPUP_ANONYME_TITLE"), 0, strlen($langs->trans("DATAPOLICY_POPUP_ANONYME_TITLE")) - 2), $langs->trans("DATAPOLICY_POPUP_ANONYME_TEXTE"), 'anonymiser', '', '', 1); } } diff --git a/htdocs/datapolicy/class/datapolicy.class.php b/htdocs/datapolicy/class/datapolicy.class.php index d0cf2e48434..7bbe8d7c1a6 100644 --- a/htdocs/datapolicy/class/datapolicy.class.php +++ b/htdocs/datapolicy/class/datapolicy.class.php @@ -23,6 +23,7 @@ include_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; include_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; include_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; +include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php'; /** @@ -161,17 +162,17 @@ class DataPolicy $from = $user->getFullName($langs).' <'.$user->email.'>'; $sendto = $contact->email; - $code = md5($contact->email); + $code = dol_hash($contact->email, 'md5'); if (!empty($contact->default_lang)) { $l = $contact->default_lang; } else { $l = $langs->defaultlang; } // TODO Use a dolibarr email template - $s = "DATAPOLICIESSUBJECT_".$l; - $ma = "DATAPOLICIESCONTENT_".$l; - $la = 'TXTLINKDATAPOLICIESACCEPT_'.$l; - $lr = 'TXTLINKDATAPOLICIESREFUSE_'.$l; + $s = "DATAPOLICYSUBJECT_".$l; + $ma = "DATAPOLICYCONTENT_".$l; + $la = 'TXTLINKDATAPOLICYACCEPT_'.$l; + $lr = 'TXTLINKDATAPOLICYREFUSE_'.$l; $subject = $conf->global->$s; $message = $conf->global->$ma; @@ -182,8 +183,8 @@ class DataPolicy $deliveryreceipt = 0; $substitutionarray = array( - '__LINKACCEPT__' => ''.$linka.'', - '__LINKREFUSED__' => ''.$linkr.'', + '__LINKACCEPT__' => ''.$linka.'', + '__LINKREFUSED__' => ''.$linkr.'', '__FIRSTNAME__' => $contact->firstname, '__NAME__' => $contact->lastname, '__CIVILITY__' => $contact->civility, @@ -238,17 +239,17 @@ class DataPolicy $sendto = $societe->email; - $code = md5($societe->email); + $code = dol_hash($societe->email, 'md5'); if (!empty($societe->default_lang)) { $l = $societe->default_lang; } else { $l = $langs->defaultlang; } // TODO Use a dolibarr email template - $s = "DATAPOLICIESSUBJECT_".$l; - $ma = "DATAPOLICIESCONTENT_".$l; - $la = 'TXTLINKDATAPOLICIESACCEPT_'.$l; - $lr = 'TXTLINKDATAPOLICIESREFUSE_'.$l; + $s = "DATAPOLICYSUBJECT_".$l; + $ma = "DATAPOLICYCONTENT_".$l; + $la = 'TXTLINKDATAPOLICYACCEPT_'.$l; + $lr = 'TXTLINKDATAPOLICYREFUSE_'.$l; $subject = $conf->global->$s; $message = $conf->global->$ma; @@ -259,8 +260,8 @@ class DataPolicy $deliveryreceipt = 0; $substitutionarray = array( - '__LINKACCEPT__' => ''.$linka.'', - '__LINKREFUSED__' => ''.$linkr.'', + '__LINKACCEPT__' => ''.$linka.'', + '__LINKREFUSED__' => ''.$linkr.'', ); $subject = make_substitutions($subject, $substitutionarray); $message = make_substitutions($message, $substitutionarray); @@ -311,17 +312,17 @@ class DataPolicy $sendto = $adherent->email; - $code = md5($adherent->email); + $code = dol_hash($adherent->email, 'md5'); if (!empty($adherent->default_lang)) { $l = $adherent->default_lang; } else { $l = $langs->defaultlang; } // TODO Use a dolibarr email template - $s = 'TXTLINKDATAPOLICIESSUBJECT_'.$l; - $ma = 'TXTLINKDATAPOLICIESMESSAGE_'.$l; - $la = 'TXTLINKDATAPOLICIESACCEPT_'.$l; - $lr = 'TXTLINKDATAPOLICIESREFUSE_'.$l; + $s = 'TXTLINKDATAPOLICYSUBJECT_'.$l; + $ma = 'TXTLINKDATAPOLICYMESSAGE_'.$l; + $la = 'TXTLINKDATAPOLICYACCEPT_'.$l; + $lr = 'TXTLINKDATAPOLICYREFUSE_'.$l; $subject = $conf->global->$s; $message = $conf->global->$ma; @@ -332,8 +333,8 @@ class DataPolicy $deliveryreceipt = 0; $substitutionarray = array( - '__LINKACCEPT__' => ''.$linka.'', - '__LINKREFUSED__' => ''.$linkr.'', + '__LINKACCEPT__' => ''.$linka.'', + '__LINKREFUSED__' => ''.$linkr.'', ); $subject = make_substitutions($subject, $substitutionarray); $message = make_substitutions($message, $substitutionarray); diff --git a/htdocs/datapolicy/class/datapolicycron.class.php b/htdocs/datapolicy/class/datapolicycron.class.php index 965d93754f7..44152f0c68b 100644 --- a/htdocs/datapolicy/class/datapolicycron.class.php +++ b/htdocs/datapolicy/class/datapolicycron.class.php @@ -56,7 +56,7 @@ class DataPolicyCron // FIXME Exclude data from the selection if there is at least 1 invoice. $arrayofparameters = array( - 'DATAPOLICIES_TIERS_CLIENT' => array( + 'DATAPOLICY_TIERS_CLIENT' => array( 'sql' => " SELECT s.rowid FROM ".MAIN_DB_PREFIX."societe as s WHERE s.entity = %d @@ -90,7 +90,7 @@ class DataPolicyCron 'country_id' => '', ) ), - 'DATAPOLICIES_TIERS_PROSPECT' => array( + 'DATAPOLICY_TIERS_PROSPECT' => array( 'sql' => " SELECT s.rowid FROM ".MAIN_DB_PREFIX."societe as s WHERE s.entity = %d @@ -124,7 +124,7 @@ class DataPolicyCron 'country_id' => '', ) ), - 'DATAPOLICIES_TIERS_PROSPECT_CLIENT' => array( + 'DATAPOLICY_TIERS_PROSPECT_CLIENT' => array( 'sql' => " SELECT s.rowid FROM ".MAIN_DB_PREFIX."societe as s WHERE s.entity = %d @@ -158,7 +158,7 @@ class DataPolicyCron 'country_id' => '', ) ), - 'DATAPOLICIES_TIERS_NIPROSPECT_NICLIENT' => array( + 'DATAPOLICY_TIERS_NIPROSPECT_NICLIENT' => array( 'sql' => " SELECT s.rowid FROM ".MAIN_DB_PREFIX."societe as s WHERE s.entity = %d @@ -192,7 +192,7 @@ class DataPolicyCron 'country_id' => '', ) ), - 'DATAPOLICIES_TIERS_FOURNISSEUR' => array( + 'DATAPOLICY_TIERS_FOURNISSEUR' => array( 'sql' => " SELECT s.rowid FROM ".MAIN_DB_PREFIX."societe as s WHERE s.entity = %d @@ -225,7 +225,7 @@ class DataPolicyCron 'country_id' => '', ) ), - 'DATAPOLICIES_CONTACT_CLIENT' => array( + 'DATAPOLICY_CONTACT_CLIENT' => array( 'sql' => " SELECT c.rowid FROM ".MAIN_DB_PREFIX."socpeople as c INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = c.fk_soc @@ -263,7 +263,7 @@ class DataPolicyCron 'country_id' => '', ) ), - 'DATAPOLICIES_CONTACT_PROSPECT' => array( + 'DATAPOLICY_CONTACT_PROSPECT' => array( 'sql' => " SELECT c.rowid FROM ".MAIN_DB_PREFIX."socpeople as c INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = c.fk_soc @@ -301,7 +301,7 @@ class DataPolicyCron 'country_id' => '', ) ), - 'DATAPOLICIES_CONTACT_PROSPECT_CLIENT' => array( + 'DATAPOLICY_CONTACT_PROSPECT_CLIENT' => array( 'sql' => " SELECT c.rowid FROM ".MAIN_DB_PREFIX."socpeople as c INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = c.fk_soc @@ -339,7 +339,7 @@ class DataPolicyCron 'country_id' => '', ) ), - 'DATAPOLICIES_CONTACT_NIPROSPECT_NICLIENT' => array( + 'DATAPOLICY_CONTACT_NIPROSPECT_NICLIENT' => array( 'sql' => " SELECT c.rowid FROM ".MAIN_DB_PREFIX."socpeople as c INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = c.fk_soc @@ -377,7 +377,7 @@ class DataPolicyCron 'country_id' => '', ) ), - 'DATAPOLICIES_CONTACT_FOURNISSEUR' => array( + 'DATAPOLICY_CONTACT_FOURNISSEUR' => array( 'sql' => " SELECT c.rowid FROM ".MAIN_DB_PREFIX."socpeople as c INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = c.fk_soc @@ -414,7 +414,7 @@ class DataPolicyCron 'country_id' => '', ) ), - 'DATAPOLICIES_ADHERENT' => array( + 'DATAPOLICY_ADHERENT' => array( 'sql' => " SELECT a.rowid FROM ".MAIN_DB_PREFIX."adherent as a WHERE a.entity = %d diff --git a/htdocs/datapolicy/langs/fr_FR/datapolicy.lang b/htdocs/datapolicy/langs/fr_FR/datapolicy.lang deleted file mode 100644 index 6bf0c6a904d..00000000000 --- a/htdocs/datapolicy/langs/fr_FR/datapolicy.lang +++ /dev/null @@ -1,97 +0,0 @@ -# Copyright (C) 2018 INOVEA CONSEil info@inovea-conseil.com -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# -# Générique -# - -# Module label 'ModuledatapolicyName' -Module4100Name = Protection des Données -# Module description 'ModuledatapolicyDesc' -Module4100Desc = Module de gestion de la protection des données (RGPD) - -# -# Page d'administration -# -datapolicySetup = Configuration du module Protection des données -Settings_DATAPOLICY = Paramétrage du module Protection des données -datapolicySetupPage = Selon la loi de votre pays (Exemple l’article 5 du RGPD), les données à caractère personnel doivent être conservées pendant une durée n’excédant pas celle nécessaire au regard des finalités pour lesquelles elles ont été traitées, à l’exception de fins archivistiques. La suppression se fera automatiquement après une certaine durée sans évènement (la durée que vous aurez indiquée ci-dessous). -NB_MONTHS = %s mois -ONE_YEAR = 1 an -NB_YEARS = %s ans -DATAPOLICY_TIERS_CLIENT = Client -DATAPOLICY_TIERS_PROSPECT = Prospect -DATAPOLICY_TIERS_PROSPECT_CLIENT = Prospect/Client -DATAPOLICY_TIERS_NIPROSPECT_NICLIENT = Ni prospect / Ni client -DATAPOLICY_TIERS_FOURNISSEUR = Fournisseur -DATAPOLICY_CONTACT_CLIENT = Client -DATAPOLICY_CONTACT_PROSPECT = Prospect -DATAPOLICY_CONTACT_PROSPECT_CLIENT = Prospect/Client -DATAPOLICY_CONTACT_NIPROSPECT_NICLIENT = Ni prospect / Ni client -DATAPOLICY_CONTACT_FOURNISSEUR = Fournisseur -DATAPOLICY_ADHERENT = Adhérent -DATAPOLICY_Tooltip_SETUP = Type du contact - Indiquez vos choix pour chaque type. -DATAPOLICYMail=Paramétrage des emails -DATAPOLICYSUBJECTMAIL=Objet du mail -DATAPOLICYCONTENTMAIL=Contenu du mail -DATAPOLICYSUBSITUTION=Vous pouvez utiliser les variables suivantes dans votre email (LINKACCEPT permet de créer un lien enregistrant l'acceptation de la personne, LINKREFUSED permet d'enregistrer le refus de la personne) : -DATAPOLICYACCEPT=Message suite acceptation -DATAPOLICYREFUSE=Message suite opposition -SendAgreementText=Vous pouvez envoyer un email DATAPOLICY à tous vos contacts concernés (qui n'ont pas encore reçus de mail et pour lesquels vous n'avez rien enregistré concernant leur accord/désaccord DATAPOLICY). Pour cela, utilisez le bouton suivant. -SendAgreement=Envoyer les emails -AllAgreementSend = Tous les e-mails de consentement ont été envoyés -TXTLINKDATAPOLICYACCEPT= Texte du lien d'acceptation -TXTLINKDATAPOLICYREFUSE= Texte du lien d'opposition - - - -# -# Extrafield -# -DATAPOLICY_BLOCKCHECKBOX = DATAPOLICY : Traitement des données à caractère personnel -DATAPOLICY_consentement = Consentement recueilli pour le traitement des données à caractère personnel le concernant -DATAPOLICY_opposition_traitement = S’oppose au traitement de ses données à caractère personnel -DATAPOLICY_opposition_prospection = S’oppose au traitement de ses données à caractère personnel à des fins de prospection - -# -# Popup -# -DATAPOLICY_POPUP_ANONYME_TITLE = Anonymiser un tiers -DATAPOLICY_POPUP_ANONYME_TEXTE = Vous ne pouvez pas supprimer ce contact de Dolibarr car des éléments y sont liés. Conformément au DATAPOLICY, vous allez rendre toutes ces données anonymes afin de respecter vos obligations. Souhaitez-vous continuer ? - -# -# Bouton portabilité -# -DATAPOLICY_PORTABILITE = Portabilité DATAPOLICY -DATAPOLICY_PORTABILITE_TITLE = Export des données à caractère personnel -DATAPOLICY_PORTABILITE_CONFIRMATION = Vous souhaitez exporter les données à caractère personnel de ce contact. Etes-vous sûr ? - -# -# Note ajoutés lors d'une anonymisation -# -ANONYMISER_AT = Anonymisé le %s - -#V2 -DATAPOLICYReturn=Validation DATAPOLICY -DATAPOLICY_date=Date d'accord/opposition au traitement -DATAPOLICY_send=Date envoi consentement -DATAPOLICYReturn=Retour DATAPOLICY -DATAPOLICY_SEND=Envoyer l'email de consentement -MailSent=L'email a bien été envoyé - -#ERROR -ErrorSubjectIsRequired=Erreur : vous n'avez pas indiqué l'objet de l'email dans la configuration -=Suite à un problème technique, nous n'avons pas pu enregistrer votre choix. Nous nous en excusons. Contactez-nous pour nous transmettre votre choix. -NUMBER_MONTH_BEFORE_DELETION = Nombre de mois avant suppression des données diff --git a/htdocs/datapolicy/langs/it_IT/datapolicy.lang b/htdocs/datapolicy/langs/it_IT/datapolicy.lang deleted file mode 100644 index 68284e17844..00000000000 --- a/htdocs/datapolicy/langs/it_IT/datapolicy.lang +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright (C) 2018 INOVEA CONSEIl info@inovea-conseil.com - Thanks to Claudio Aschieri -# -# # Module label 'ModuledatapolicyName' -Module4100Name = Data Policy -# Module description 'ModuledatapolicyDesc' -Module4100Desc = Conformità con GDPR - -# -# Page d'administration -# -datapolicySetup = Module Setup -Settings_DATAPOLICY = Configurazione modulo GDPR -datapolicySetupPage = In accordo con l'art 5 del GDPR i dati personali devono essere conservati per un periodo di tempo che .... ed eliminati se non sono più utili agli scopi per cui sono stati processati. -NB_MONTHS = %s mesi -ONE_YEAR = 1 anno -NB_YEARS = %s anni -DATAPOLICY_TIERS_CLIENT = Cliente -DATAPOLICY_TIERS_PROSPECT = Fornitore -DATAPOLICY_TIERS_PROSPECT_CLIENT = Potenziale Cliente / Cliente -DATAPOLICY_TIERS_NIPROSPECT_NICLIENT = Nè potenziale cliente / Nè cliente -DATAPOLICY_TIERS_FOURNISSEUR = Fornitore -DATAPOLICY_CONTACT_CLIENT = Cliente -DATAPOLICY_CONTACT_PROSPECT = Potenziale cliente -DATAPOLICY_CONTACT_PROSPECT_CLIENT = Potenziale Cliente / Cliente -DATAPOLICY_CONTACT_NIPROSPECT_NICLIENT = Nè potenziale cliente / Nè cliente -DATAPOLICY_CONTACT_FOURNISSEUR = Fornitore -DATAPOLICY_ADHERENT = Membri -DATAPOLICY_Tooltip_SETUP = Tipo di contatto - Indica la scelta per ogni tipologia -DATAPOLICYMail=Configurazione Email -DATAPOLICYSUBJECTMAIL=Subject dell'e-mail -DATAPOLICYCONTENTMAIL=Contenuto dell'e-mail -DATAPOLICYSUBSITUTION=Puoi utilizzare le seguenti variabili nella tua email (LINKACCEPT consente di creare un link per registrare l'accettazione della persona, LINKREFUSED consente di registrare il rifiuto della persona): -DATAPOLICYACCEPT= Messaggio dopo il consenso -DATAPOLICYREFUSE=Messaggio dopo il rifiuto -SendAgreementText=Puoi inviare un'email GDPR a tutti i tuoi contatti rilevanti (che non hanno ancora ricevuto un'e-mail e per i quali non hai registrato nulla sul loro accordo GDPR). Per fare ciò, utilizzare il seguente pulsante. -SendAgreement=Invia emails -AllAgreementSend = Tutte le email sono state inviate -TXTLINKDATAPOLICYACCEPT= Testo per il link "Consenso" -TXTLINKDATAPOLICYREFUSE= Testo per il link "Consenso negato" - -# -# Extrafield -# -DATAPOLICY_BLOCKCHECKBOX = GDPR : Trattamento dei dati personali -DATAPOLICY_consentement = Consenso ottenuto al Trattamento dei dati personali -DATAPOLICY_opposition_traitement = Consenso negato al trattamento dei dati personali -DATAPOLICY_opposition_prospection = Consenso negato al trattamento dei dati personali a fini commerciali - -# -# Popup -# -DATAPOLICY_POPUP_ANONYME_TITLE = Anonimizza un soggetto terzo -DATAPOLICY_POPUP_ANONYME_TEXTE = Impossibile eliminare questo contatto da Dolibarr perchè vi sono elementi collegati. In conformità con il GDPR, renderai tutti questi dati anonimi per rispettare i tuoi obblighi. Vuoi continuare? - - -# -# Bouton portabilité -# -DATAPOLICY_PORTABILITE = Portabilità GDPR -DATAPOLICY_PORTABILITE_TITLE = Esporta i dati personali -DATAPOLICY_PORTABILITE_CONFIRMATION = Vuoi davvero esportare i dati personali di questo contatto? - -# -# Note ajoutée lors d'une anonymisation -# -ANONYMISER_AT = Anonimizzato il %s - -#V2 -DATAPOLICYReturn=GDPR Validazione -DATAPOLICY_date = Data di accordo / disaccordo GDPR -DATAPOLICY_send = Data di invio del consenso (e-mail) -DATAPOLICYReturn = GDPR ritorno -DATAPOLICY_SEND = Inviare GDPR e-mail -MailSent=L'email è stata inviata - -#ERROR -ErrorSubjectIsRequired= Errore: L'oggetto della mail è obbligatorio. Inserisci l'oggetto nella configurazione del modulo. -=A causa di un problema tecnico, non siamo stati in grado di registrare la tua scelta. Ci scusiamo per questo. Contattaci per inviarci la tua scelta. diff --git a/htdocs/datapolicy/lib/datapolicy.lib.php b/htdocs/datapolicy/lib/datapolicy.lib.php index 02ac575047e..eb70736d27c 100644 --- a/htdocs/datapolicy/lib/datapolicy.lib.php +++ b/htdocs/datapolicy/lib/datapolicy.lib.php @@ -31,7 +31,7 @@ function datapolicyAdminPrepareHead() { global $langs, $conf; - $langs->load("datapolicy@datapolicy"); + $langs->load("datapolicy"); $h = 0; $head = array(); @@ -41,10 +41,10 @@ function datapolicyAdminPrepareHead() $head[$h][2] = 'settings'; $h++; - if (!empty($conf->global->DATAPOLICIES_ENABLE_EMAILS)) { + if (!empty($conf->global->DATAPOLICY_ENABLE_EMAILS) || getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 1) { $head[$h][0] = DOL_URL_ROOT."/datapolicy/admin/setupmail.php"; - $head[$h][1] = $langs->trans("DATAPOLICIESMail"); - $head[$h][2] = 'settings'; + $head[$h][1] = $langs->trans("DATAPOLICYMail"); + $head[$h][2] = 'emailing'; $h++; } diff --git a/htdocs/datapolicy/langs/en_US/datapolicy.lang b/htdocs/langs/en_US/datapolicy.lang similarity index 100% rename from htdocs/datapolicy/langs/en_US/datapolicy.lang rename to htdocs/langs/en_US/datapolicy.lang diff --git a/htdocs/modulebuilder/template/mymoduleindex.php b/htdocs/modulebuilder/template/mymoduleindex.php index 2581b407f3b..3b7b1b13009 100644 --- a/htdocs/modulebuilder/template/mymoduleindex.php +++ b/htdocs/modulebuilder/template/mymoduleindex.php @@ -75,7 +75,7 @@ if (isset($user->socid) && $user->socid > 0) { // Security check (enable the most restrictive one) //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; -//if (!isModEnabled('barcode')) { +//if (!isModEnabled('mymodule')) { // accessforbidden('Module not enabled'); //} //if (! $user->hasRight('mymodule', 'myobject', 'read')) { diff --git a/htdocs/modulebuilder/template/myobject_agenda.php b/htdocs/modulebuilder/template/myobject_agenda.php index 3e6213eaa26..6cc99f4f34d 100644 --- a/htdocs/modulebuilder/template/myobject_agenda.php +++ b/htdocs/modulebuilder/template/myobject_agenda.php @@ -148,7 +148,9 @@ if ($enablepermissioncheck) { //if ($user->socid > 0) $socid = $user->socid; //$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); //restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft); -if (empty($conf->mymodule->enabled)) accessforbidden(); +if (!isModEnabled("mymodule")) { + accessforbidden(); +} if (!$permissiontoread) accessforbidden(); diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 18328de1f9d..7ecce8c745f 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -148,8 +148,12 @@ $upload_dir = $conf->mymodule->multidir_output[isset($object->entity) ? $object- //if ($user->socid > 0) $socid = $user->socid; //$isdraft = (isset($object->status) && ($object->status == $object::STATUS_DRAFT) ? 1 : 0); //restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft); -if (empty($conf->mymodule->enabled)) accessforbidden(); -if (!$permissiontoread) accessforbidden(); +if (!isModEnabled("mymodule")) { + accessforbidden(); +} +if (!$permissiontoread) { + accessforbidden(); +} /* diff --git a/htdocs/modulebuilder/template/myobject_contact.php b/htdocs/modulebuilder/template/myobject_contact.php index 9a365dd88f2..b0f7b5cfb30 100644 --- a/htdocs/modulebuilder/template/myobject_contact.php +++ b/htdocs/modulebuilder/template/myobject_contact.php @@ -94,7 +94,9 @@ if ($enablepermissioncheck) { //if ($user->socid > 0) $socid = $user->socid; //$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); //restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft); -if (empty($conf->mymodule->enabled)) accessforbidden(); +if (!isModEnabled("mymodule")) { + accessforbidden(); +} if (!$permissiontoread) accessforbidden(); diff --git a/htdocs/modulebuilder/template/myobject_document.php b/htdocs/modulebuilder/template/myobject_document.php index 173bea760a0..d06eb61ba0e 100644 --- a/htdocs/modulebuilder/template/myobject_document.php +++ b/htdocs/modulebuilder/template/myobject_document.php @@ -140,7 +140,9 @@ if ($enablepermissioncheck) { //if ($user->socid > 0) $socid = $user->socid; //$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); //restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft); -if (empty($conf->mymodule->enabled)) accessforbidden(); +if (!isModEnabled("mymodule")) { + accessforbidden(); +} if (!$permissiontoread) accessforbidden(); diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index ce7aa447c66..987b58f2369 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -199,7 +199,9 @@ if ($user->socid > 0) accessforbidden(); //$socid = 0; if ($user->socid > 0) $socid = $user->socid; //$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); //restrictedArea($user, $object->element, 0, $object->table_element, '', 'fk_soc', 'rowid', $isdraft); -if (empty($conf->mymodule->enabled)) accessforbidden('Module not enabled'); +if (!isModEnabled("mymodule")) { + accessforbidden(); +} if (!$permissiontoread) accessforbidden(); diff --git a/htdocs/modulebuilder/template/myobject_note.php b/htdocs/modulebuilder/template/myobject_note.php index f38e703fa69..6b03ddbf8c6 100644 --- a/htdocs/modulebuilder/template/myobject_note.php +++ b/htdocs/modulebuilder/template/myobject_note.php @@ -120,7 +120,9 @@ if ($enablepermissioncheck) { //if ($user->socid > 0) $socid = $user->socid; //$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); //restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft); -if (empty($conf->mymodule->enabled)) accessforbidden(); +if (!isModEnabled("mymodule")) { + accessforbidden(); +} if (!$permissiontoread) accessforbidden(); diff --git a/htdocs/datapolicy/public/index.php b/htdocs/public/datapolicy/index.php similarity index 75% rename from htdocs/datapolicy/public/index.php rename to htdocs/public/datapolicy/index.php index 104b393bf7e..79172f30efd 100644 --- a/htdocs/datapolicy/public/index.php +++ b/htdocs/public/datapolicy/index.php @@ -1,5 +1,4 @@ * * This program is free software: you can redistribute it and/or modify @@ -19,15 +18,12 @@ /** * \file htdocs/datapolicy/admin/setup.php * \ingroup datapolicy - * \brief datapolicy setup page. + * \brief Page to show the result of updating it Data policiy preferences after an email campaign using sendMailDataPolicyContact() */ if (!defined('NOLOGIN')) { define("NOLOGIN", 1); // This means this output page does not require to be logged. } -if (!defined('NOCSRFCHECK')) { - define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test -} if (!defined('NOREQUIREMENU')) { define('NOREQUIREMENU', '1'); } @@ -38,89 +34,103 @@ require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; require_once DOL_DOCUMENT_ROOT.'/datapolicy/class/datapolicy.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php'; $idc = GETPOST('c', 'int'); $ids = GETPOST('s', 'int'); $ida = GETPOST('a', 'int'); -$action = GETPOST('action', 'aZ09'); -$lang = GETPOST('l', 'alpha'); -$code = GETPOST('key', 'alpha'); +$action = GETPOST('action', 'aZ09'); // 1 or 2 +$l = GETPOST('l', 'alpha'); +$securitykey = GETPOST('key', 'alpha'); -$acc = "DATAPOLICIESACCEPT_".$lang; -$ref = "DATAPOLICIESREFUSE_".$lang; -$langs->load('datapolicy@datapolicy', 0, 0, $lang); +$acc = "DATAPOLICIESACCEPT_".$l; +$ref = "DATAPOLICIESREFUSE_".$l; +$langs->load('datapolicy', 0, 0, $l); + + +/* + * Actions + */ if (empty($action) || (empty($idc) && empty($ids) && empty($ida))) { + print 'Missing paramater s, c or a'; return 0; } elseif (!empty($idc)) { $contact = new Contact($db); $contact->fetch($idc); - $check = md5($contact->email); - if ($check != $code) { - $return = $langs->trans('ErrorEmailDATAPOLICIES'); + $check = dol_hash($contact->email, 'md5'); + if ($check != $securitykey) { + $return = $langs->trans('Bad value for key.'); } elseif ($action == 1) { $contact->array_options['options_datapolicy_consentement'] = 1; $contact->array_options['options_datapolicy_opposition_traitement'] = 0; $contact->array_options['options_datapolicy_opposition_prospection'] = 0; - $contact->array_options['options_datapolicy_date'] = date('Y-m-d', time()); + $contact->array_options['options_datapolicy_date'] = dol_now(); - $return = $conf->global->$acc; + $return = getDolGlobalString($acc); } elseif ($action == 2) { $contact->no_email = 1; $contact->array_options['options_datapolicy_consentement'] = 0; $contact->array_options['options_datapolicy_opposition_traitement'] = 1; $contact->array_options['options_datapolicy_opposition_prospection'] = 1; - $contact->array_options['options_datapolicy_date'] = date('Y-m-d', time()); + $contact->array_options['options_datapolicy_date'] = dol_now(); - $return = $conf->global->$ref; + $return = getDolGlobalString($ref); } $contact->update($idc); } elseif (!empty($ids)) { $societe = new Societe($db); $societe->fetch($ids); - $check = md5($societe->email); - if ($check != $code) { - $return = $langs->trans('ErrorEmailDATAPOLICIES'); + $check = dol_hash($societe->email, 'md5'); + if ($check != $securitykey) { + $return = $langs->trans('Bad value for key.'); } elseif ($action == 1) { $societe->array_options['options_datapolicy_consentement'] = 1; $societe->array_options['options_datapolicy_opposition_traitement'] = 0; $societe->array_options['options_datapolicy_opposition_prospection'] = 0; - $societe->array_options['options_datapolicy_date'] = date('Y-m-d', time()); - $return = $conf->global->$acc; + $societe->array_options['options_datapolicy_date'] = dol_now(); + + $return = getDolGlobalString($acc); } elseif ($action == 2) { $societe->array_options['options_datapolicy_consentement'] = 0; $societe->array_options['options_datapolicy_opposition_traitement'] = 1; $societe->array_options['options_datapolicy_opposition_prospection'] = 1; - $societe->array_options['options_datapolicy_date'] = date('Y-m-d', time()); + $societe->array_options['options_datapolicy_date'] = dol_now(); - $return = $conf->global->$ref; + $return = getDolGlobalString($ref); } $societe->update($ids); } elseif (!empty($ida)) { $adherent = new Adherent($db); $adherent->fetch($ida); - $check = md5($adherent->email); - if ($check != $code) { - $return = $langs->trans('ErrorEmailDATAPOLICIES'); + $check = dol_hash($adherent->email, 'md5'); + if ($check != $securitykey) { + $return = $langs->trans('Bad value for key.'); } elseif ($action == 1) { $adherent->array_options['options_datapolicy_consentement'] = 1; $adherent->array_options['options_datapolicy_opposition_traitement'] = 0; $adherent->array_options['options_datapolicy_opposition_prospection'] = 0; - //$adherent->array_options['options_datapolicy_date'] = date('Y-m-d', time()); - $return = $conf->global->$acc; + //$adherent->array_options['options_datapolicy_date'] = dol_now(); + + $return = getDolGlobalString($acc); } elseif ($action == 2) { $adherent->array_options['options_datapolicy_consentement'] = 0; $adherent->array_options['options_datapolicy_opposition_traitement'] = 1; $adherent->array_options['options_datapolicy_opposition_prospection'] = 1; - //$adherent->array_options['options_datapolicy_date'] = date('Y-m-d', time()); + //$adherent->array_options['options_datapolicy_date'] = dol_now(); - $return = $conf->global->$ref; + $return = getDolGlobalString($ref); } $newuser = new User($db); $adherent->update($newuser); } -header("Content-type: text/html; charset=".$conf->file->character_set_client); + +/* + * View + */ + +top_httphead(); print ''; print "\n"; From e19e65d362ea339c309e2fe1b9e3ae9cb95d403a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 8 Sep 2022 16:38:39 +0200 Subject: [PATCH 088/212] Fix phpunit --- htdocs/user/class/user.class.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index f521d10c936..12b2a52742d 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -750,7 +750,9 @@ class User extends CommonObject // In $conf->modules, we have 'accounting', 'product', 'facture', ... // In $user->rights, we have 'accounting', 'produit', 'facture', ... - //if ($a) { var_dump($module); var_dump($this->rights->$rightsPath); var_dump($conf->modules); } + //var_dump($module); + //var_dump($this->rights->$rightsPath); + //var_dump($conf->modules); if (!in_array($module, $conf->modules)) { return 0; } From f26e2652e61c0c5a735f3f3c749a35665eb8ba6f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 8 Sep 2022 16:39:47 +0200 Subject: [PATCH 089/212] Debug --- htdocs/datapolicy/lib/datapolicy.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/datapolicy/lib/datapolicy.lib.php b/htdocs/datapolicy/lib/datapolicy.lib.php index eb70736d27c..2f195bfc3ab 100644 --- a/htdocs/datapolicy/lib/datapolicy.lib.php +++ b/htdocs/datapolicy/lib/datapolicy.lib.php @@ -41,7 +41,7 @@ function datapolicyAdminPrepareHead() $head[$h][2] = 'settings'; $h++; - if (!empty($conf->global->DATAPOLICY_ENABLE_EMAILS) || getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 1) { + if (!empty($conf->global->DATAPOLICY_ENABLE_EMAILS) || getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) { $head[$h][0] = DOL_URL_ROOT."/datapolicy/admin/setupmail.php"; $head[$h][1] = $langs->trans("DATAPOLICYMail"); $head[$h][2] = 'emailing'; From 4d14c0850f1eb0b8ecdbbc99b4f6e608b22766d7 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 8 Sep 2022 18:56:48 +0200 Subject: [PATCH 090/212] Update ChangeLog - NEW: Add param *border* table for md theme - border instead of boder? - start moving CONFIG_OPTIONS from *For users:* section to *For developers or integrators:* --- ChangeLog | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9a5513031e9..7a87f3fbc2d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -59,66 +59,60 @@ NEW: Add margin info in proposal and order list NEW: Add massaction "Edit Extrafield" for Product NEW: Add more fields to detect duplicate during import of thirdparties NEW: Add option to foce delivery on email for purchase order receipt to yes -NEW: Add param boder table for md theme +NEW: Add param border table for md theme NEW: Add param color button action NEW: Add possibility to create contract from invoice NEW: Add possibility with constant MAIN_LOGIN_BADCHARUNAUTHORIZED to define bad character unauthorized into login name NEW: Add private and public notes on tax files. -NEW: Add status "Obsolete" to KM articles NEW: Add substitutions "user numbers" NEW: allow a ticket to be automatically marked as read when created from backend. NEW: allow cut&paste as real numeric value to excel NEW: A public form to send a message and create a lead is available NEW: automatically set totally received status in reception NEW: Auto set invoice paid when adding credit not and remain to pay is 0 -NEW: Availibility dictionnary has a new column unit and number NEW: Can change value of AWP during the inventory NEW: Can enter price with tax for predefined products on purchase objects NEW: Can filter on a thirdparty on product statistics NEW: Can removed doc templates from setup page of thirdparty -NEW: Can set the parent company during the creation of thirdparty (action=add of societe/card.php) NEW: Can use ! to make a search that exclude a string NEW: Change in theme colors does not need to use the refresh button NEW: clean values and amount in FEC import NEW: const MAIL_MASS_ACTION_ADD_LAST_IF_MAIN_DOC_NOT_FOUND for mailing mass action NEW: Contact filter project list NEW: Create contract from invoice -NEW: create third-party with contact if not found on public ticket +NEW: Database: Can store the session into database (instead of beeing managed by PHP) +NEW: Database: Some core tables are created only at module activation NEW: Default value for MAIN_SECURITY_CSRF_WITH_TOKEN is now 2 (GET are also protected agains CSRF attacks) NEW: deposit payment terms: add field into dictionary admin page to define default percentage of deposit. NEW: Dictionaries - add possibility to manage countries in EEC +NEW: Dictionaries - Availibility dictionnary has a new column unit and number NEW: Display errors in a message box after generating documents -NEW: Display physical and virtual stock of the products when creating OF from a BOM -NEW: Display product ref in "Object link" product tab for BOM NEW: Enhance the import. Can use 'auto' for the ref (import of orders) NEW: Events on Proposal to Return to Draft NEW: Page to list expense report payments NEW: JS inventory autocalc input NEW: language support for more emailing target selectors NEW: leave requests: add field into type dictionary to block request if balance is negative -NEW: MAIN_MAIL_AUTOCOPY_TO can accept several email and special keys -NEW: MAIN_SEARCH_CAT_OR_BY_DEFAULT const for search by category NEW: Mass action "Close shipments" NEW: Module BOM - Add tabs for nets Bom NEW: Module BOM - Add the possibility to add sub-BOMs to BOM -NEW: Module Recruitment - Add a public page with all list of open job positions. +NEW: Module Recruitment - Add a public page with list of all open job positions. NEW: Module Recruitment - Add a tab with list of application on the jobposition file. -NEW: Module Website - supports now the multicompany module NEW: More mode for THEME_TOPMENU_DISABLE_IMAGE (2, 3, ...) NEW: Add option to move checkbox column as first column on Thirdparty list (only few screens) -NEW: on redirect of page in website module, GET parameters are kept. -NEW: optional display warning icons on ticket list NEW: payment conditions enabling semi-automatic deposit creation (Issue #18439) NEW: possibility to consume multiple batch NEW: Reverse movement product consumption NEW: Send email to the supplier order contact NEW: add permission to report time on timesheet -NEW: SEPA XML - option to place payment Type Info at Credit transfer Transaction level -NEW: Some core tables are created only at module activation +NEW: Knowledge Management - Add status "Obsolete" to KM articles NEW: MRP - split consumption line on MO +NEW: MRP - Display physical and virtual stock of the products when creating OF from a BOM +NEW: MRP - Display product ref in "Object link" product tab for BOM NEW: Proposals - option update prices on proposal cloning -NEW: stock filter in reassort lists -NEW: stock limit in stock export CSV +NEW: SEPA XML - option to place payment Type Info at Credit transfer Transaction level +NEW: Stocks - stock filter in reassort lists +NEW: Stocks - stock limit in stock export CSV NEW: Supplier order - Show ref supplier of reception in linked object block NEW: support user_modif in order NEW: Surveys - Show number of votes into the label of tab "Results" of a survey @@ -128,20 +122,24 @@ NEW: TakePOS - show product reference NEW: TakePOS - add constant to hide categories NEW: TakePOS - add constant to show category description NEW: TakePOS - add constant to show only the products in stock +NEW: Third-Parties - Add rules "customer accountancy code" is mandatory to validate invoice +NEW: Third-Parties - Can set the parent company during the creation of thirdparty (action=add of societe/card.php) +NEW: Tickets - create Third-party with contact if not found on public ticket NEW: Tickets - option to default check "notify tier at creation" NEW: Tickets - Trigger: allow to automatically send messages on new tickets +NEW: Tickets - optional display warning icons on ticket list +NEW: Websites Module - supports now the multicompany module +NEW: Websites Module - on redirect of page in website module, GET parameters are kept. NEW: The backup tools has an "lowmemory" option for mysqldump on large database NEW: The 'reposition' class works on ajax constantonoff that make redirects -NEW: Thirdparty - Add rules "customer accountancy code" is mandatory to validate invoice NEW: thumbnail field in product list NEW: total mark rate in list NEW: uncheck "send message" by default on a ticket when private messages has been checked NEW: VAT Report by month - Show detail by rate and also by code -NEW: Can store the session into database (instead of beeing managed by PHP) NEW: Added MMK currency (Myanmar Kyat) NEW: On a form to send an email, we show all emails of contacts of object - Modules + Modules state NEW: Module Partnership Management NEW: Module Event Organization Management @@ -164,7 +162,7 @@ NEW: Creation of the function select_bom() used to display bom select list NEW: Add trigger and event on completely received status change NEW: Add utility function send backup by mail NEW: add WordPress OAuth to save a token (not SSO) -NEW: A module can embed a sql script run at each Dolibarr upgrade +NEW: A module can embed a SQL script run at each Dolibarr upgrade NEW: Add param to keep the robot=index meta tag on public pages NEW: Add method hintindex() in database handlers. NEW: add modifications for new function "$db->prefix()" @@ -209,9 +207,11 @@ NEW: TakePOS - add hook doaction in TakePOS invoice Config Options: NEW: Add hidden option on contract PDF line to hide qty and price -NEW: Option INVOICEREC_SET_AUTOFILL_DATE_START/END -NEW: Option MAIL_MASS_ACTION_ADD_LAST_IF_MAIN_DOC_NOT_FOUND to send last document in mass mailing action - +NEW: Option MAIL_MASS_ACTION_ADD_LAST_IF_MAIN_DOC_NOT_FOUND to send last document in mass mailing action +NEW: Option MAIN_API_DEBUG to save API logs into a file +NEW: Option MAIN_MAIL_AUTOCOPY_TO can accept several email and special keys +NEW: Option MAIN_SEARCH_CAT_OR_BY_DEFAULT const for search by category +NEW: Option INVOICEREC_SET_AUTOFILL_DATE_START/END WARNING: From 043a48892705136e57ddaf45c63c259af3e8d4d4 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 8 Sep 2022 19:17:11 +0200 Subject: [PATCH 091/212] Update agenda.php add $langs->loadLangs 'agenda' --- htdocs/societe/agenda.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/societe/agenda.php b/htdocs/societe/agenda.php index c0525767527..3a4ca2df6f5 100644 --- a/htdocs/societe/agenda.php +++ b/htdocs/societe/agenda.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // Load translation files required by the page -$langs->loadLangs(array('bills', 'companies', 'orders', 'propal')); +$langs->loadLangs(array('agenda', 'bills', 'companies', 'orders', 'propal')); if (GETPOST('actioncode', 'array')) { From 34522910e8d69cbf10028cf7f12e9bb9255575d1 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 8 Sep 2022 19:37:40 +0200 Subject: [PATCH 092/212] Update card.php --- htdocs/product/card.php | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 17387e3948d..dd0a2cd75e0 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -44,19 +44,19 @@ // Load Dolibarr environment require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/canvas.class.php'; -require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; -require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/product.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/product.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/modules/product/modules_product.class.php'; +require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; +require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; +require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; -if (isModEnabled("propal")) { +if (isModEnabled('propal')) { require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; } if (isModEnabled('facture')) { @@ -91,7 +91,7 @@ $mesg = ''; $error = 0; $errors = array(); $refalreadyexists = 0; // Get parameters -$id = GETPOST('id', 'int'); +$id = GETPOST('id', 'int'); $ref = (GETPOSTISSET('ref') ? GETPOST('ref', 'alpha') : null); $type = (GETPOSTISSET('type') ? GETPOST('type', 'int') : Product::TYPE_PRODUCT); $action = (GETPOST('action', 'alpha') ? GETPOST('action', 'alpha') : 'view'); @@ -184,7 +184,8 @@ if ($object->id > 0) { // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productcard', 'globalcard')); -$usercanread = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->lire) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->lire)); +// Permissions +$usercanread = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->lire) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->lire)); $usercancreate = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer)); $usercandelete = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->supprimer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->supprimer)); From e6b5ef99a91bdbea4ead726b85591b046d53adc8 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 8 Sep 2022 19:47:17 +0200 Subject: [PATCH 093/212] Update card.php --- htdocs/comm/action/card.php | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 14654914dd5..30339f51310 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -25,31 +25,36 @@ */ /** - * \file htdocs/comm/action/card.php - * \ingroup agenda - * \brief Page for event card + * \file htdocs/comm/action/card.php + * \ingroup agenda + * \brief Page for event card */ + +// Load Dolibarr environment require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; -require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; -require_once DOL_DOCUMENT_ROOT.'/comm/action/class/cactioncomm.class.php'; -require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; -require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncommreminder.class.php'; + +require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncommreminder.class.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/action/class/cactioncomm.class.php'; +require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; require_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; -require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; +require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; + // Load translation files required by the page $langs->loadLangs(array("companies", "other", "commercial", "bills", "orders", "agenda", "mails")); +// Get Parameters $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); @@ -96,6 +101,7 @@ if ($user->socid) { $error = GETPOST("error"); $donotclearsession = GETPOST('donotclearsession') ?GETPOST('donotclearsession') : 0; +// Initialize Objects $object = new ActionComm($db); $cactioncomm = new CActionComm($db); $contact = new Contact($db); From b1ff726e9c5590b8df91eaaefa4de2f20a7df324 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 8 Sep 2022 19:55:11 +0200 Subject: [PATCH 094/212] Update mo_card.php --- htdocs/mrp/mo_card.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/htdocs/mrp/mo_card.php b/htdocs/mrp/mo_card.php index 5d06f8c0f52..cda6088a982 100644 --- a/htdocs/mrp/mo_card.php +++ b/htdocs/mrp/mo_card.php @@ -16,11 +16,12 @@ */ /** - * \file mo_card.php - * \ingroup mrp - * \brief Page to create/edit/view mo + * \file htdocs/mrp/mo_card.php + * \ingroup mrp + * \brief Page to create/edit/view MO Manufacturing Order */ + // Load Dolibarr environment require '../main.inc.php'; @@ -35,7 +36,8 @@ require_once DOL_DOCUMENT_ROOT.'/bom/lib/bom.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("mrp", "other")); +$langs->loadLangs(array('mrp', 'other')); + // Get parameters $id = GETPOST('id', 'int'); @@ -97,6 +99,7 @@ if (GETPOST('fk_bom', 'int') > 0) { $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); $result = restrictedArea($user, 'mrp', $object->id, 'mrp_mo', '', 'fk_soc', 'rowid', $isdraft); +// Permissions $permissionnote = $user->rights->mrp->write; // Used by the include of actions_setnotes.inc.php $permissiondellink = $user->rights->mrp->write; // Used by the include of actions_dellink.inc.php $permissiontoadd = $user->rights->mrp->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php From 376825b3dd433c15643ceba11b7600ff22929e36 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 8 Sep 2022 20:12:52 +0200 Subject: [PATCH 095/212] Update pay.php --- htdocs/takepos/pay.php | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/htdocs/takepos/pay.php b/htdocs/takepos/pay.php index 7b5d4aea6b5..81d6d5d13d9 100644 --- a/htdocs/takepos/pay.php +++ b/htdocs/takepos/pay.php @@ -22,10 +22,11 @@ * \brief Page with the content of the popup to enter payments */ -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); +// if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language +// if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language +// if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); +// if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); + if (!defined('NOCSRFCHECK')) { define('NOCSRFCHECK', '1'); } @@ -39,11 +40,15 @@ if (!defined('NOREQUIREHTML')) { define('NOREQUIREHTML', '1'); } -require '../main.inc.php'; // Load $user and permissions +// Load Dolibarr environment +require '../main.inc.php'; // Load $user and permissions + +require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; + +// Load translation files required by the page $langs->loadLangs(array("main", "bills", "cashdesk", "banks")); $place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : '0'); // $place is id of table for Bar or Restaurant From ec6d490c99c87fad31642a637add72eab34e62b3 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 8 Sep 2022 20:16:22 +0200 Subject: [PATCH 096/212] Update invoice.php --- htdocs/takepos/invoice.php | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 8659cc6ea52..f383b630275 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -18,15 +18,16 @@ */ /** - * \file htdocs/takepos/invoice.php - * \ingroup takepos - * \brief Page to generate section with list of lines + * \file htdocs/takepos/invoice.php + * \ingroup takepos + * \brief Page to generate section with list of lines */ -// if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language -// if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language -// if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); -// if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); +// if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language +// if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language +// if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); +// if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); + if (!defined('NOCSRFCHECK')) { define('NOCSRFCHECK', '1'); } @@ -43,13 +44,16 @@ if (!defined('NOREQUIREAJAX')) { define('NOREQUIREAJAX', '1'); } +// Load Dolibarr environment if (!defined('INCLUDE_PHONEPAGE_FROM_PUBLIC_PAGE')) { require '../main.inc.php'; } -require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; -require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; +require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; +require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; + + $hookmanager->initHooks(array('takeposinvoice')); global $mysoc; From 3bd74e41884169e2369f996190cf72224b6eaa9a Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 8 Sep 2022 20:20:57 +0200 Subject: [PATCH 097/212] Update index.php --- htdocs/takepos/index.php | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index 410de2c330c..dd7eb27178f 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -18,15 +18,16 @@ */ /** - * \file htdocs/takepos/index.php - * \ingroup takepos - * \brief Main TakePOS screen + * \file htdocs/takepos/index.php + * \ingroup takepos + * \brief Main TakePOS screen */ -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); +// if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Not disabled cause need to load personalized language +// if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Not disabled cause need to load personalized language +// if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); +// if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); + if (!defined('NOCSRFCHECK')) { define('NOCSRFCHECK', '1'); } @@ -43,14 +44,16 @@ if (!defined('NOREQUIREAJAX')) { define('NOREQUIREAJAX', '1'); } +// Load Dolibarr environment require '../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; -require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; -require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; -require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; +require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; +require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; + $place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : 0); // $place is id of table for Bar or Restaurant or multiple sales $action = GETPOST('action', 'aZ09'); From 854cf63a6aa10ef4a1c7fde79c2cafd2be7130b7 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 8 Sep 2022 20:26:31 +0200 Subject: [PATCH 098/212] Update multicurrency_rate.php --- htdocs/multicurrency/multicurrency_rate.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/htdocs/multicurrency/multicurrency_rate.php b/htdocs/multicurrency/multicurrency_rate.php index 3f20476f72a..2cc729bb35d 100644 --- a/htdocs/multicurrency/multicurrency_rate.php +++ b/htdocs/multicurrency/multicurrency_rate.php @@ -23,15 +23,16 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . + * along with this program. If not, see . */ /** - * \file htdocs/multicurrency/multicurrency_rate.php - * \ingroup multicurrency - * \brief Page to list multicurrency rate + * \file htdocs/multicurrency/multicurrency_rate.php + * \ingroup multicurrency + * \brief Page to list multicurrency rate */ +// Dolibarr Environment require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/multicurrency.lib.php'; @@ -39,6 +40,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/multicurrency.lib.php'; // Load translation files required by the page $langs->loadLangs(array('multicurrency')); +// Get Parameters $action = GETPOST('action', 'alpha'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); From 309dfe788f597ae70b544b00ddc377d7a0ec326c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20France?= Date: Thu, 8 Sep 2022 20:32:18 +0200 Subject: [PATCH 099/212] clean code --- .../recruitmentcandidature_agenda.php | 8 ++-- .../recruitmentcandidature_card.php | 8 ++-- .../recruitmentcandidature_document.php | 5 +-- .../recruitmentcandidature_list.php | 15 +++---- .../recruitmentcandidature_note.php | 9 ++-- .../recruitmentjobposition_agenda.php | 8 ++-- .../recruitmentjobposition_applications.php | 41 +++---------------- .../recruitmentjobposition_card.php | 6 +-- .../recruitmentjobposition_list.php | 3 -- .../recruitmentjobposition_note.php | 9 ++-- htdocs/zapier/lib/zapier.lib.php | 2 +- 11 files changed, 38 insertions(+), 76 deletions(-) diff --git a/htdocs/recruitment/recruitmentcandidature_agenda.php b/htdocs/recruitment/recruitmentcandidature_agenda.php index 50a79a35872..2aeb51628a6 100644 --- a/htdocs/recruitment/recruitmentcandidature_agenda.php +++ b/htdocs/recruitment/recruitmentcandidature_agenda.php @@ -27,8 +27,8 @@ require_once '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; -dol_include_once('/recruitment/class/recruitmentcandidature.class.php'); -dol_include_once('/recruitment/lib/recruitment_recruitmentcandidature.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentcandidature.class.php'; +require_once DOL_DOCUMENT_ROOT.'/recruitment/lib/recruitment_recruitmentcandidature.lib.php'; // Load translation files required by the page @@ -36,9 +36,9 @@ $langs->loadLangs(array("recruitment", "other")); // Get parameters $id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); +$ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -$cancel = GETPOST('cancel', 'aZ09'); +$cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); if (GETPOST('actioncode', 'array')) { diff --git a/htdocs/recruitment/recruitmentcandidature_card.php b/htdocs/recruitment/recruitmentcandidature_card.php index f3d41f9de97..ca7e3c20e2c 100644 --- a/htdocs/recruitment/recruitmentcandidature_card.php +++ b/htdocs/recruitment/recruitmentcandidature_card.php @@ -36,14 +36,14 @@ $langs->loadLangs(array("recruitment", "other", "users")); // Get parameters $id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); +$ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -$confirm = GETPOST('confirm', 'alpha'); -$cancel = GETPOST('cancel', 'aZ09'); +$confirm = GETPOST('confirm', 'alpha'); +$cancel = GETPOST('cancel', 'aZ09'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'recruitmentcandidaturecard'; // To manage different context of search $backtopage = GETPOST('backtopage', 'alpha'); $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha'); -//$lineid = GETPOST('lineid', 'int'); +//$lineid = GETPOST('lineid', 'int'); // Initialize technical objects $object = new RecruitmentCandidature($db); diff --git a/htdocs/recruitment/recruitmentcandidature_document.php b/htdocs/recruitment/recruitmentcandidature_document.php index f72271a3105..3f08c770111 100644 --- a/htdocs/recruitment/recruitmentcandidature_document.php +++ b/htdocs/recruitment/recruitmentcandidature_document.php @@ -28,8 +28,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; -dol_include_once('/recruitment/class/recruitmentcandidature.class.php'); -dol_include_once('/recruitment/lib/recruitment_recruitmentcandidature.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentcandidature.class.php'; +require_once DOL_DOCUMENT_ROOT.'/recruitment/lib/recruitment_recruitmentcandidature.lib.php'; // Load translation files required by the page $langs->loadLangs(array("recruitment", "companies", "other", "mails")); @@ -118,7 +118,6 @@ if ($object->id) { } // Object card - // ------------------------------------------------------------ $linkback = ''.$langs->trans("BackToList").''; $morehtmlref = '
'; diff --git a/htdocs/recruitment/recruitmentcandidature_list.php b/htdocs/recruitment/recruitmentcandidature_list.php index 2b1126e838f..34b852574f6 100644 --- a/htdocs/recruitment/recruitmentcandidature_list.php +++ b/htdocs/recruitment/recruitmentcandidature_list.php @@ -31,25 +31,22 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentcandidature.class.php'; require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentjobposition.class.php'; -// for other modules -//dol_include_once('/othermodule/class/otherobject.class.php'); - // Load translation files required by the page $langs->loadLangs(array("recruitment", "other")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'aZ09') ?GETPOST('action', 'aZ09') : 'view'; // The action 'add', 'create', 'edit', 'update', 'view', ... +$action = GETPOST('action', 'aZ09') ?GETPOST('action', 'aZ09') : 'view'; // The action 'add', 'create', 'edit', 'update', 'view', ... $massaction = GETPOST('massaction', 'alpha'); // The bulk action (combo box choice into lists) $show_files = GETPOST('show_files', 'int'); // Show files area generated by bulk actions ? -$confirm = GETPOST('confirm', 'alpha'); // Result of a confirmation -$cancel = GETPOST('cancel', 'alpha'); // We click on a Cancel button -$toselect = GETPOST('toselect', 'array'); // Array of ids of elements selected into a list +$confirm = GETPOST('confirm', 'alpha'); // Result of a confirmation +$cancel = GETPOST('cancel', 'alpha'); // We click on a Cancel button +$toselect = GETPOST('toselect', 'array'); // Array of ids of elements selected into a list $contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : ((empty($id) && empty($ref)) ? 'recruitmentcandidaturelist' : 'recruitmentjobposition_candidature'); // To manage different context of search $backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page -$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') -$mode = GETPOST('mode', 'aZ'); +$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') +$mode = GETPOST('mode', 'aZ'); // Load variable for pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; diff --git a/htdocs/recruitment/recruitmentcandidature_note.php b/htdocs/recruitment/recruitmentcandidature_note.php index ccb6b2a60cc..543d7a66c10 100644 --- a/htdocs/recruitment/recruitmentcandidature_note.php +++ b/htdocs/recruitment/recruitmentcandidature_note.php @@ -24,17 +24,17 @@ // Load Dolibarr environment require_once '../main.inc.php'; -dol_include_once('/recruitment/class/recruitmentcandidature.class.php'); -dol_include_once('/recruitment/lib/recruitment_recruitmentcandidature.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentcandidature.class.php'; +require_once DOL_DOCUMENT_ROOT.'/recruitment/lib/recruitment_recruitmentcandidature.lib.php'; // Load translation files required by the page $langs->loadLangs(array("recruitment", "companies")); // Get parameters $id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); +$ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -$cancel = GETPOST('cancel', 'aZ09'); +$cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); // Initialize technical objects @@ -139,7 +139,6 @@ if ($id > 0 || !empty($ref)) { dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); - print '
'; print '
'; diff --git a/htdocs/recruitment/recruitmentjobposition_agenda.php b/htdocs/recruitment/recruitmentjobposition_agenda.php index 11e54486bfe..38adf67acc1 100644 --- a/htdocs/recruitment/recruitmentjobposition_agenda.php +++ b/htdocs/recruitment/recruitmentjobposition_agenda.php @@ -27,8 +27,8 @@ require_once '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; -dol_include_once('/recruitment/class/recruitmentjobposition.class.php'); -dol_include_once('/recruitment/lib/recruitment_recruitmentjobposition.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentjobposition.class.php'; +require_once DOL_DOCUMENT_ROOT.'/recruitment/lib/recruitment_recruitmentjobposition.lib.php'; // Load translation files required by the page @@ -36,9 +36,9 @@ $langs->loadLangs(array("recruitment", "other")); // Get parameters $id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); +$ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -$cancel = GETPOST('cancel', 'aZ09'); +$cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); if (GETPOST('actioncode', 'array')) { diff --git a/htdocs/recruitment/recruitmentjobposition_applications.php b/htdocs/recruitment/recruitmentjobposition_applications.php index 6a7d471046e..3cdca44c93e 100644 --- a/htdocs/recruitment/recruitmentjobposition_applications.php +++ b/htdocs/recruitment/recruitmentjobposition_applications.php @@ -22,52 +22,23 @@ */ // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} - +require_once '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; -dol_include_once('/recruitment/class/recruitmentjobposition.class.php'); -dol_include_once('/recruitment/lib/recruitment_recruitmentjobposition.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentjobposition.class.php'; +require_once DOL_DOCUMENT_ROOT.'/recruitment/lib/recruitment_recruitmentjobposition.lib.php'; // Load translation files required by the page $langs->loadLangs(array("recruitment", "other")); // Get parameters $id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); +$ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -$confirm = GETPOST('confirm', 'alpha'); -$cancel = GETPOST('cancel', 'aZ09'); +$confirm = GETPOST('confirm', 'alpha'); +$cancel = GETPOST('cancel', 'aZ09'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'recruitmentjobpositioncard'; // To manage different context of search $backtopage = GETPOST('backtopage', 'alpha'); $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha'); diff --git a/htdocs/recruitment/recruitmentjobposition_card.php b/htdocs/recruitment/recruitmentjobposition_card.php index cf41a06f954..bdae11bdc60 100644 --- a/htdocs/recruitment/recruitmentjobposition_card.php +++ b/htdocs/recruitment/recruitmentjobposition_card.php @@ -37,12 +37,12 @@ $langs->loadLangs(array("recruitment", "other")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -$confirm = GETPOST('confirm', 'alpha'); -$cancel = GETPOST('cancel', 'aZ09'); +$confirm = GETPOST('confirm', 'alpha'); +$cancel = GETPOST('cancel', 'aZ09'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'recruitmentjobpositioncard'; // To manage different context of search $backtopage = GETPOST('backtopage', 'alpha'); $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha'); -//$lineid = GETPOST('lineid', 'int'); +//$lineid = GETPOST('lineid', 'int'); // Initialize technical objects $object = new RecruitmentJobPosition($db); diff --git a/htdocs/recruitment/recruitmentjobposition_list.php b/htdocs/recruitment/recruitmentjobposition_list.php index 5435a5a2ac2..5b1bee43e56 100644 --- a/htdocs/recruitment/recruitmentjobposition_list.php +++ b/htdocs/recruitment/recruitmentjobposition_list.php @@ -29,9 +29,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentjobposition.class.php'; -// for other modules -//dol_include_once('/othermodule/class/otherobject.class.php'); - // Load translation files required by the page $langs->loadLangs(array("recruitment", "other")); diff --git a/htdocs/recruitment/recruitmentjobposition_note.php b/htdocs/recruitment/recruitmentjobposition_note.php index bbcced5326a..dcda5b53109 100644 --- a/htdocs/recruitment/recruitmentjobposition_note.php +++ b/htdocs/recruitment/recruitmentjobposition_note.php @@ -24,17 +24,17 @@ // Load Dolibarr environment require_once '../main.inc.php'; -dol_include_once('/recruitment/class/recruitmentjobposition.class.php'); -dol_include_once('/recruitment/lib/recruitment_recruitmentjobposition.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentjobposition.class.php'; +require_once DOL_DOCUMENT_ROOT.'/recruitment/lib/recruitment_recruitmentjobposition.lib.php'; // Load translation files required by the page $langs->loadLangs(array("recruitment", "companies")); // Get parameters $id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); +$ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -$cancel = GETPOST('cancel', 'aZ09'); +$cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); // Initialize technical objects @@ -97,7 +97,6 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_head($head, 'note', $langs->trans("RecruitmentJobPosition"), -1, $object->picto); // Object card - // ------------------------------------------------------------ $linkback = ''.$langs->trans("BackToList").''; $morehtmlref = '
'; diff --git a/htdocs/zapier/lib/zapier.lib.php b/htdocs/zapier/lib/zapier.lib.php index e483ebd9229..dedec01ac71 100644 --- a/htdocs/zapier/lib/zapier.lib.php +++ b/htdocs/zapier/lib/zapier.lib.php @@ -52,7 +52,7 @@ function zapierAdminPrepareHead() //$this->tabs = array( // 'entity:-tabname:Title:@zapier:/zapier/mypage.php?id=__ID__' //); // to remove a tab - complete_head_from_modules($conf, $langs, $object, $head, $h, 'zapier'); + complete_head_from_modules($conf, $langs, null, $head, $h, 'zapier'); return $head; } From 32f5642156c53c5ae9c4cb501abbd24e4f4d1b20 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Thu, 8 Sep 2022 20:43:26 +0200 Subject: [PATCH 100/212] Update transfer.php --- htdocs/compta/bank/transfer.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/htdocs/compta/bank/transfer.php b/htdocs/compta/bank/transfer.php index ff38abb32d4..cb3f04d5126 100644 --- a/htdocs/compta/bank/transfer.php +++ b/htdocs/compta/bank/transfer.php @@ -22,17 +22,21 @@ */ /** - * \file htdocs/compta/bank/transfer.php - * \ingroup banque - * \brief Page de saisie d'un virement + * \file htdocs/compta/bank/transfer.php + * \ingroup bank + * \brief Page for entering a bank transfer */ + +// Load Dolibarr environment require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/bank.lib.php'; require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; // Load translation files required by the page -$langs->loadLangs(array("banks", "categories", "multicurrency")); +$langs->loadLangs(array('banks', 'categories', 'multicurrency')); + + $socid = 0; if ($user->socid > 0) { $socid = $user->socid; From af6308799cf252f61805fc28ea57265c77f5e9c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 8 Sep 2022 20:48:05 +0200 Subject: [PATCH 101/212] Update ticket.class.php --- htdocs/ticket/class/ticket.class.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 18cdf5e1067..9d19e5d95c6 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -1,7 +1,7 @@ * Copyright (C) 2016 Christophe Battarel - * Copyright (C) 2019-2020 Frédéric France + * Copyright (C) 2019-2022 Frédéric France * Copyright (C) 2020 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify @@ -108,7 +108,8 @@ class Ticket extends CommonObject /** * @var int Ticket statut - * @deprecated + * @deprecated use status + * @see $status */ public $fk_statut; @@ -217,7 +218,9 @@ class Ticket extends CommonObject */ public $oldcopy; - + /** + * @var array array of TicketsLine + */ public $lines; @@ -3013,7 +3016,7 @@ class TicketsLine { /** * @var int ID - * @deprecated + * @deprecated use id */ public $rowid; From 31c8dce167b9d985c0f6fb43aa7d311018bdef0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 8 Sep 2022 20:51:12 +0200 Subject: [PATCH 102/212] Update agenda.php --- htdocs/ticket/agenda.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/ticket/agenda.php b/htdocs/ticket/agenda.php index a79d30bb377..5f7263f5214 100644 --- a/htdocs/ticket/agenda.php +++ b/htdocs/ticket/agenda.php @@ -41,12 +41,12 @@ $track_id = GETPOST('track_id', 'alpha', 3); $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); -$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; +$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); $sortorder = GETPOST('sortorder', 'aZ09comma'); -$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); -$page = is_numeric($page) ? $page : 0; -$page = $page == -1 ? 0 : $page; +$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); +$page = is_numeric($page) ? $page : 0; +$page = $page == -1 ? 0 : $page; if (!$sortfield) { $sortfield = "a.datep,a.id"; } @@ -90,7 +90,7 @@ if ($user->socid > 0 && ($object->fk_soc != $user->socid)) { accessforbidden(); } // or for unauthorized internals users -if (!$user->socid && ($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY && $object->fk_user_assign != $user->id) && !$user->rights->ticket->manage) { +if (!$user->socid && (!empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) && $object->fk_user_assign != $user->id) && !$user->rights->ticket->manage) { accessforbidden(); } @@ -146,7 +146,7 @@ if ($socid > 0) { print dol_get_fiche_end(); } -if (!$user->socid && $conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) { +if (!$user->socid && !empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY)) { $object->next_prev_filter = "te.fk_user_assign = '".$user->id."'"; } elseif ($user->socid > 0) { $object->next_prev_filter = "te.fk_soc = '".$user->socid."'"; @@ -244,12 +244,12 @@ if (!empty($object->id)) { $morehtmlright .= dolGetButtonTitle($langs->trans('MessageListViewType'), '', 'fa fa-bars imgforviewmode', $messagingUrl, '', 1, array('morecss'=>'btnTitleSelected')); // Show link to add a message (if read and not closed) - $btnstatus = $object->fk_statut < Ticket::STATUS_CLOSED && $action != "presend" && $action != "presend_addmessage"; + $btnstatus = $object->status < Ticket::STATUS_CLOSED && $action != "presend" && $action != "presend_addmessage"; $url = 'card.php?track_id='.$object->track_id.'&action=presend_addmessage&mode=init'; $morehtmlright .= dolGetButtonTitle($langs->trans('TicketAddMessage'), '', 'fa fa-comment-dots', $url, 'add-new-ticket-title-button', $btnstatus); // Show link to add event (if read and not closed) - $btnstatus = $object->fk_statut < Ticket::STATUS_CLOSED && $action != "presend" && $action != "presend_addmessage"; + $btnstatus = $object->status < Ticket::STATUS_CLOSED && $action != "presend" && $action != "presend_addmessage"; $url = DOL_URL_ROOT.'/comm/action/card.php?action=create&datep='.date('YmdHi').'&origin=ticket&originid='.$object->id.'&projectid='.$object->fk_project.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?id='.$object->id); $morehtmlright .= dolGetButtonTitle($langs->trans('AddAction'), '', 'fa fa-plus-circle', $url, 'add-new-ticket-even-button', $btnstatus); From 1a3ff13808622cf97d72a6f1631fafdfef2a2aa9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 8 Sep 2022 20:52:33 +0200 Subject: [PATCH 103/212] FIX Restore the option MAIN_OPTIMIZEFORTEXTBROWSER --- htdocs/core/lib/usergroups.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php index accbd84ba8c..367a4eb087e 100644 --- a/htdocs/core/lib/usergroups.lib.php +++ b/htdocs/core/lib/usergroups.lib.php @@ -906,7 +906,7 @@ function showSkins($fuser, $edit = 0, $foruserprofile = false) } // Use MAIN_OPTIMIZEFORTEXTBROWSER - if ($foruserprofile && !empty($fuser->conf->MAIN_OPTIMIZEFORTEXTBROWSER)) { + if ($foruserprofile) { //$default=yn($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER); $default = $langs->trans('No'); print ''; From 64beee3396d9978ef4483163bb150224e42de903 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 8 Sep 2022 22:04:29 +0200 Subject: [PATCH 104/212] FIX the shipment PDF was using the full size logo instead of small --- .../modules/expedition/doc/pdf_espadon.modules.php | 10 +++++++++- .../core/modules/expedition/doc/pdf_merou.modules.php | 10 +++++++++- .../core/modules/expedition/doc/pdf_rouget.modules.php | 10 +++++++++- 3 files changed, 27 insertions(+), 3 deletions(-) diff --git a/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php b/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php index 39df041bb51..5280c2b7a1e 100644 --- a/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_espadon.modules.php @@ -969,8 +969,16 @@ class pdf_espadon extends ModelePdfExpedition $pdf->SetXY($this->marge_gauche, $posy); // Logo - $logo = $conf->mycompany->dir_output.'/logos/'.$this->emetteur->logo; if ($this->emetteur->logo) { + $logodir = $conf->mycompany->dir_output; + if (!empty($conf->mycompany->multidir_output[$object->entity])) { + $logodir = $conf->mycompany->multidir_output[$object->entity]; + } + if (empty($conf->global->MAIN_PDF_USE_LARGE_LOGO)) { + $logo = $logodir.'/logos/thumbs/'.$this->emetteur->logo_small; + } else { + $logo = $logodir.'/logos/'.$this->emetteur->logo; + } if (is_readable($logo)) { $height = pdf_getHeightForLogo($logo); $pdf->Image($logo, $this->marge_gauche, $posy, 0, $height); // width=0 (auto) diff --git a/htdocs/core/modules/expedition/doc/pdf_merou.modules.php b/htdocs/core/modules/expedition/doc/pdf_merou.modules.php index 9a905422ff1..3646ef515de 100644 --- a/htdocs/core/modules/expedition/doc/pdf_merou.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_merou.modules.php @@ -548,8 +548,16 @@ class pdf_merou extends ModelePdfExpedition //*********************LOGO**************************** $pdf->SetXY(11, 7); - $logo = $conf->mycompany->dir_output.'/logos/'.$this->emetteur->logo; if ($this->emetteur->logo) { + $logodir = $conf->mycompany->dir_output; + if (!empty($conf->mycompany->multidir_output[$object->entity])) { + $logodir = $conf->mycompany->multidir_output[$object->entity]; + } + if (empty($conf->global->MAIN_PDF_USE_LARGE_LOGO)) { + $logo = $logodir.'/logos/thumbs/'.$this->emetteur->logo_small; + } else { + $logo = $logodir.'/logos/'.$this->emetteur->logo; + } if (is_readable($logo)) { $height = pdf_getHeightForLogo($logo); $pdf->Image($logo, 10, 5, 0, $height); // width=0 (auto) diff --git a/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php b/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php index eededb90d67..b2bacffa901 100644 --- a/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_rouget.modules.php @@ -914,8 +914,16 @@ class pdf_rouget extends ModelePdfExpedition $pdf->SetXY($this->marge_gauche, $posy); // Logo - $logo = $conf->mycompany->dir_output.'/logos/'.$this->emetteur->logo; if ($this->emetteur->logo) { + $logodir = $conf->mycompany->dir_output; + if (!empty($conf->mycompany->multidir_output[$object->entity])) { + $logodir = $conf->mycompany->multidir_output[$object->entity]; + } + if (empty($conf->global->MAIN_PDF_USE_LARGE_LOGO)) { + $logo = $logodir.'/logos/thumbs/'.$this->emetteur->logo_small; + } else { + $logo = $logodir.'/logos/'.$this->emetteur->logo; + } if (is_readable($logo)) { $height = pdf_getHeightForLogo($logo); $pdf->Image($logo, $this->marge_gauche, $posy, 0, $height); // width=0 (auto) From 36b798e9a81986b16b432f05ee1366925274b459 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 8 Sep 2022 22:16:31 +0200 Subject: [PATCH 105/212] Fix responsive --- htdocs/expedition/list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index 2d81c5e0545..9b55ff46c14 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -658,7 +658,7 @@ if (!empty($arrayfields['e.fk_shipping_method']['checked'])) { // Delivery method print ''; $shipment->fetch_delivery_methods(); - print $form->selectarray("search_shipping_method_id", $shipment->meths, $search_shipping_method_id, 1, 0, 0, "", 1); + print $form->selectarray("search_shipping_method_id", $shipment->meths, $search_shipping_method_id, 1, 0, 0, "", 1, 0, 0, '', 'maxwidth150'); print "\n"; } // Tracking number @@ -904,7 +904,7 @@ while ($i < min($num, $limit)) { if (!empty($arrayfields['e.fk_shipping_method']['checked'])) { // Get code using getLabelFromKey $code=$langs->getLabelFromKey($db, $shipment->shipping_method_id, 'c_shipment_mode', 'rowid', 'code'); - print ''; + print ''; if ($shipment->shipping_method_id > 0) print $langs->trans("SendingMethod".strtoupper($code)); print ''; } From 25199fd9c627855da164b5d276ac143cae176614 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 8 Sep 2022 23:49:25 +0200 Subject: [PATCH 106/212] Code comment --- htdocs/admin/mails_templates.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index 0c12ba1a3a0..dc46561b1f8 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -1060,21 +1060,29 @@ if ($num) { print ''.$form->textwithpicto($langs->trans("FilesAttachedToEmail"), $tabhelp[$id][$tmpfieldlist], 1, 'help', '', 0, 2, $tmpfieldlist).' '; print ''; } + + // If $acceptlocallinktomedia is true, we can add link media files int email templates (we already can do this into HTML editor of an email). + // Note that local link to a file into medias are replaced with a real link by email in CMailFile.class.php with value $urlwithroot defined like this: + // $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); + // $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file + $acceptlocallinktomedia = true; // TODO Set it to true only if $urlwithroot is a HTTPS link ? + if ($tmpfieldlist == 'content') { print $form->textwithpicto($langs->trans("Content"), $tabhelp[$id][$tmpfieldlist], 1, 'help', '', 0, 2, $tmpfieldlist).'
'; $okforextended = true; if (empty($conf->global->FCKEDITOR_ENABLE_MAIL)) { $okforextended = false; } - $doleditor = new DolEditor($tmpfieldlist.'-'.$rowid, (!empty($obj->{$tmpfieldlist}) ? $obj->{$tmpfieldlist} : ''), '', 500, 'dolibarr_mailings', 'In', 0, true, $okforextended, ROWS_6, '90%'); + $doleditor = new DolEditor($tmpfieldlist.'-'.$rowid, (!empty($obj->{$tmpfieldlist}) ? $obj->{$tmpfieldlist} : ''), '', 500, 'dolibarr_mailings', 'In', 0, $acceptlocallinktomedia, $okforextended, ROWS_6, '90%'); print $doleditor->Create(1); } if ($tmpfieldlist == 'content_lines') { print $form->textwithpicto($langs->trans("ContentForLines"), $tabhelp[$id][$tmpfieldlist], 1, 'help', '', 0, 2, $tmpfieldlist).'
'; $okforextended = true; - if (empty($conf->global->FCKEDITOR_ENABLE_MAIL)) + if (empty($conf->global->FCKEDITOR_ENABLE_MAIL)) { $okforextended = false; - $doleditor = new DolEditor($tmpfieldlist.'-'.$rowid, (! empty($obj->{$tmpfieldlist}) ? $obj->{$tmpfieldlist} : ''), '', 140, 'dolibarr_mailings', 'In', 0, false, $okforextended, ROWS_6, '90%'); + } + $doleditor = new DolEditor($tmpfieldlist.'-'.$rowid, (! empty($obj->{$tmpfieldlist}) ? $obj->{$tmpfieldlist} : ''), '', 140, 'dolibarr_mailings', 'In', 0, $acceptlocallinktomedia, $okforextended, ROWS_6, '90%'); print $doleditor->Create(1); } print ''; From a87fbd3f06c3edf0c138ffd924bcbdd656bad10e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 8 Sep 2022 23:58:38 +0200 Subject: [PATCH 107/212] Bad type --- htdocs/core/class/doleditor.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/doleditor.class.php b/htdocs/core/class/doleditor.class.php index 2be0c36c56c..4402ff51732 100644 --- a/htdocs/core/class/doleditor.class.php +++ b/htdocs/core/class/doleditor.class.php @@ -68,7 +68,7 @@ class DolEditor * @param int $readonly 0=Read/Edit, 1=Read only * @param array $poscursor Array for initial cursor position array('x'=>x, 'y'=>y) */ - public function __construct($htmlname, $content, $width = '', $height = 200, $toolbarname = 'Basic', $toolbarlocation = 'In', $toolbarstartexpanded = false, $uselocalbrowser = true, $okforextendededitor = true, $rows = 0, $cols = 0, $readonly = 0, $poscursor = array()) + public function __construct($htmlname, $content, $width = '', $height = 200, $toolbarname = 'Basic', $toolbarlocation = 'In', $toolbarstartexpanded = false, $uselocalbrowser = 1, $okforextendededitor = true, $rows = 0, $cols = 0, $readonly = 0, $poscursor = array()) { global $conf, $langs; From e03d2311c39d37e893f54b38c46e73d87fd9b788 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Sep 2022 00:08:20 +0200 Subject: [PATCH 108/212] Accept media links if public url is not private --- htdocs/admin/mails_templates.php | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index dc46561b1f8..58a694726bc 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -1065,7 +1065,35 @@ if ($num) { // Note that local link to a file into medias are replaced with a real link by email in CMailFile.class.php with value $urlwithroot defined like this: // $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); // $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file - $acceptlocallinktomedia = true; // TODO Set it to true only if $urlwithroot is a HTTPS link ? + $acceptlocallinktomedia = getDolGlobalInt('MAIN_DISALLOW_MEDIAS_IN_EMAIL_TEMPLATES') ? 0 : 1; + if ($acceptlocallinktomedia) { + global $dolibarr_main_url_root; + $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); + + // Parse $newUrl + $newUrlArray = parse_url($urlwithouturlroot); + $hosttocheck = $newUrlArray['host']; + $hosttocheck = str_replace(array('[', ']'), '', $hosttocheck); // Remove brackets of IPv6 + + if (function_exists('gethostbyname')) { + $iptocheck = gethostbyname($hosttocheck); + } else { + $iptocheck = $hosttocheck; + } + + //var_dump($iptocheck.' '.$acceptlocallinktomedia); + if (!filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { + // If ip of public url is an private network IP, we do not allow this. + $acceptlocallinktomedia = 0; + // TODO Show a warning + } + + if (preg_match('/http:/i', $urlwithouturlroot)) { + // If public url is not a https, we do not allow to add medias link. It will generate security alerts when email will be sent. + $acceptlocallinktomedia = 0; + // TODO Show a warning + } + } if ($tmpfieldlist == 'content') { print $form->textwithpicto($langs->trans("Content"), $tabhelp[$id][$tmpfieldlist], 1, 'help', '', 0, 2, $tmpfieldlist).'
'; From fa64be5e82ef7093985f5c88aafeb3580c4a5404 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Sep 2022 00:29:45 +0200 Subject: [PATCH 109/212] Fix wrong number of td --- htdocs/compta/resultat/clientfourn.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index 936adb482d2..915fa4de771 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -1520,15 +1520,17 @@ $hookmanager->initHooks(array('externalbalance')); $reshook = $hookmanager->executeHooks('addBalanceLine', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks print $hookmanager->resPrint; + + // Total print ''; -print ' '; +print ' '; print ''; print ''.$langs->trans("Income").''; if ($modecompta == 'CREANCES-DETTES') { print ''.price(price2num($total_ht_income, 'MT')).''; -} else { +} elseif ($modecompta == 'RECETTES-DEPENSES') { print ''; } print ''.price(price2num($total_ttc_income, 'MT')).''; @@ -1536,7 +1538,7 @@ print ''; print ''.$langs->trans("Outcome").''; if ($modecompta == 'CREANCES-DETTES') { print ''.price(price2num(-$total_ht_outcome, 'MT')).''; -} else { +} elseif ($modecompta == 'RECETTES-DEPENSES') { print ''; } print ''.price(price2num(-$total_ttc_outcome, 'MT')).''; @@ -1544,7 +1546,7 @@ print ''; print ''.$langs->trans("Profit").''; if ($modecompta == 'CREANCES-DETTES') { print ''.price(price2num($total_ht, 'MT')).''; -} else { +} elseif ($modecompta == 'RECETTES-DEPENSES') { print ''; } print ''.price(price2num($total_ttc, 'MT')).''; From c5d5a963cb377f55bc95b5e2a4125f205965dfce Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Sep 2022 00:38:16 +0200 Subject: [PATCH 110/212] Fix preselected country --- htdocs/accountancy/admin/categories_list.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index ea613ea38cd..aca2854df7f 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -885,9 +885,11 @@ function fieldListAccountingCategories($fieldlist, $obj = '', $tabname = '', $co $fieldname = 'country'; if ($context == 'add') { $fieldname = 'country_id'; - print $form->select_country(GETPOST('country_id', 'int'), $fieldname, '', 28, 'maxwidth200 maxwidthonsmartphone'); + $preselectcountrycode = GETPOSTISSET('country_id') ? GETPOST('country_id', 'int') : $mysoc->country_code; + print $form->select_country($preselectcountrycode, $fieldname, '', 28, 'maxwidth200 maxwidthonsmartphone'); } else { - print $form->select_country((!empty($obj->country_code) ? $obj->country_code : (!empty($obj->country) ? $obj->country : $mysoc->country_code)), $fieldname, '', 28, 'maxwidth200 maxwidthonsmartphone'); + $preselectcountrycode = (empty($obj->country_code) ? (empty($obj->country) ? $mysoc->country_code : $obj->country) : $obj->country_code); + print $form->select_country($preselectcountrycode, $fieldname, '', 28, 'maxwidth200 maxwidthonsmartphone'); } print ''; } elseif ($fieldlist[$field] == 'country_id') { From 5341c7a4a18cb7f12d376e4666c1ecfb1e9ffb53 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Sep 2022 01:36:58 +0200 Subject: [PATCH 111/212] Fix sql error --- htdocs/compta/resultat/clientfourn.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index 915fa4de771..2c9d467ddc2 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -1062,7 +1062,11 @@ if ($modecompta == 'BOOKKEEPING') { $sql .= " AND $column >= '".$db->idate($date_start)."' AND $column <= '".$db->idate($date_end)."'"; } - $sql .= " GROUP BY u.rowid, p.rowid, p.ref, u.firstname, u.lastname, dm"; + if ($modecompta == 'CREANCES-DETTES') { + //No need of GROUP BY + } else { + $sql .= " GROUP BY u.rowid, p.rowid, p.ref, u.firstname, u.lastname, dm"; + } $newsortfield = $sortfield; if ($newsortfield == 's.nom, s.rowid') { $newsortfield = 'p.ref'; From c505b6618aad8c7551357c8addf051753cbadcd0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Sep 2022 01:42:43 +0200 Subject: [PATCH 112/212] Fix type --- htdocs/core/class/doleditor.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/doleditor.class.php b/htdocs/core/class/doleditor.class.php index b529d23ebda..e5b7512895c 100644 --- a/htdocs/core/class/doleditor.class.php +++ b/htdocs/core/class/doleditor.class.php @@ -68,7 +68,7 @@ class DolEditor * @param int $readonly 0=Read/Edit, 1=Read only * @param array $poscursor Array for initial cursor position array('x'=>x, 'y'=>y) */ - public function __construct($htmlname, $content, $width = '', $height = 200, $toolbarname = 'Basic', $toolbarlocation = 'In', $toolbarstartexpanded = false, $uselocalbrowser = true, $okforextendededitor = true, $rows = 0, $cols = 0, $readonly = 0, $poscursor = array()) + public function __construct($htmlname, $content, $width = '', $height = 200, $toolbarname = 'Basic', $toolbarlocation = 'In', $toolbarstartexpanded = false, $uselocalbrowser = 1, $okforextendededitor = true, $rows = 0, $cols = 0, $readonly = 0, $poscursor = array()) { global $conf, $langs; From 9a09e0f304b21af390ba8e7a632b2a94844369ed Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Sep 2022 02:26:45 +0200 Subject: [PATCH 113/212] Merge SEPA payment using Stripe manually. --- htdocs/compta/facture/prelevement.php | 24 ++- htdocs/langs/en_US/withdrawals.lang | 1 + htdocs/stripe/class/stripe.class.php | 251 +++++++++++++------------- 3 files changed, 149 insertions(+), 127 deletions(-) diff --git a/htdocs/compta/facture/prelevement.php b/htdocs/compta/facture/prelevement.php index 5a10c2055c0..8bd2a02ce57 100644 --- a/htdocs/compta/facture/prelevement.php +++ b/htdocs/compta/facture/prelevement.php @@ -111,8 +111,14 @@ if (empty($reshook)) { $sourcetype = 'supplier_invoice'; $newtype = 'bank-transfer'; } + $paymentservice = GETPOST('paymentservice'); + + if (preg_match('/stripesepa/', $paymentservice)) { + $result = $object->demande_prelevement_stripe($user, price2num(GETPOST('withdraw_request_amount', 'alpha')), $newtype, $sourcetype); + } else { + $result = $object->demande_prelevement($user, price2num(GETPOST('withdraw_request_amount', 'alpha')), $newtype, $sourcetype); + } - $result = $object->demande_prelevement($user, price2num(GETPOST('withdraw_request_amount', 'alpha')), $newtype, $sourcetype); if ($result > 0) { $db->commit(); @@ -736,6 +742,22 @@ if ($object->id > 0) { print ''; print ''; print ''; + + if (!empty($conf->global->STRIPE_SEPA_DIRECT_DEBIT)) { + print "
"; + //add stripe sepa button + $buttonlabel = $langs->trans("MakeWithdrawRequestStripe"); + print '
'; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print '
'; + } } else { print ''.$buttonlabel.''; } diff --git a/htdocs/langs/en_US/withdrawals.lang b/htdocs/langs/en_US/withdrawals.lang index c7820a965aa..c2d9a042ece 100644 --- a/htdocs/langs/en_US/withdrawals.lang +++ b/htdocs/langs/en_US/withdrawals.lang @@ -42,6 +42,7 @@ CreditTransferStatistics=Credit transfer statistics Rejects=Rejects LastWithdrawalReceipt=Latest %s direct debit receipts MakeWithdrawRequest=Make a direct debit payment request +MakeWithdrawRequestStripe=Make a direct debit payment request via Stripe MakeBankTransferOrder=Make a credit transfer request WithdrawRequestsDone=%s direct debit payment requests recorded BankTransferRequestsDone=%s credit transfer requests recorded diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php index 6410050c642..ea453b28412 100644 --- a/htdocs/stripe/class/stripe.class.php +++ b/htdocs/stripe/class/stripe.class.php @@ -434,8 +434,10 @@ class Stripe extends CommonObject // list of payment method types $paymentmethodtypes = array("card"); + $descriptor = dol_trunc($tag, 10, 'right', 'UTF-8', 1); if (!empty($conf->global->STRIPE_SEPA_DIRECT_DEBIT)) { $paymentmethodtypes[] = "sepa_debit"; //&& ($object->thirdparty->isInEEC()) + //$descriptor = preg_replace('/ref=[^:=]+/', '', $descriptor); // Clean ref } if (!empty($conf->global->STRIPE_KLARNA)) { $paymentmethodtypes[] = "klarna"; @@ -463,7 +465,8 @@ class Stripe extends CommonObject "currency" => $currency_code, "payment_method_types" => $paymentmethodtypes, "description" => $description, - "statement_descriptor_suffix" => dol_trunc($tag, 10, 'right', 'UTF-8', 1), // 22 chars that appears on bank receipt (company + description) + "statement_descriptor_suffix" => $descriptor, // For card payment, 22 chars that appears on bank receipt (prefix into stripe setup + this suffix) + "statement_descriptor" => $descriptor, // For SEPA, it will take only statement_descriptor, not statement_descriptor_suffix //"save_payment_method" => true, "setup_future_usage" => "on_session", "metadata" => $metadata @@ -589,131 +592,6 @@ class Stripe extends CommonObject } } - /** - * Get the Stripe SEPA of a company payment mode - * - * @param \Stripe\StripeCustomer $cu Object stripe customer. - * @param CompanyPaymentMode $object Object companypaymentmode to check, or create on stripe (create on stripe also update the societe_rib table for current entity) - * @param string $stripeacc ''=Use common API. If not '', it is the Stripe connect account 'acc_....' to use Stripe connect - * @param int $status Status (0=test, 1=live) - * @param int $createifnotlinkedtostripe 1=Create the stripe sepa and the link if the sepa is not yet linked to a stripe sepa. Deprecated with new Stripe API and SCA. - * @return \Stripe\PaymentMethod|null Stripe SEPA or null if not found - */ - public function sepaStripe($cu, CompanyPaymentMode $object, $stripeacc = '', $status = 0, $createifnotlinkedtostripe = 0) - { - global $conf, $user, $langs; - $sepa = null; - - $sql = "SELECT sa.stripe_card_ref, sa.proprio, sa.iban_prefix"; // stripe_card_ref is src_ for sepa - $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib as sa"; - $sql .= " WHERE sa.rowid = '".$this->db->escape($object->id)."'"; // We get record from ID, no need for filter on entity - $sql .= " AND sa.type = 'ban'"; //type ban to get normal bank account of customer (prelevement) - - $soc = new Societe($this->db); - $soc->fetch($object->fk_soc); - - dol_syslog(get_class($this)."::fetch search stripe sepa(card) id for paymentmode id=".$object->id.", stripeacc=".$stripeacc.", status=".$status.", createifnotlinkedtostripe=".$createifnotlinkedtostripe, LOG_DEBUG); - $resql = $this->db->query($sql); - if ($resql) { - $num = $this->db->num_rows($resql); - if ($num) { - $obj = $this->db->fetch_object($resql); - $cardref = $obj->stripe_card_ref; - dol_syslog(get_class($this)."::cardStripe cardref=".$cardref); - if ($cardref) { - try { - if (empty($stripeacc)) { // If the Stripe connect account not set, we use common API usage - if (!preg_match('/^pm_/', $cardref) && !empty($cu->sources)) { - $sepa = $cu->sources->retrieve($cardref); - } else { - $sepa = \Stripe\PaymentMethod::retrieve($cardref); - } - } else { - if (!preg_match('/^pm_/', $cardref) && !empty($cu->sources)) { - //$sepa = $cu->sources->retrieve($cardref, array("stripe_account" => $stripeacc)); // this API fails when array stripe_account is provided - $sepa = $cu->sources->retrieve($cardref); - } else { - //$sepa = \Stripe\PaymentMethod::retrieve($cardref, array("stripe_account" => $stripeacc)); // Don't know if this works - $sepa = \Stripe\PaymentMethod::retrieve($cardref); - } - } - } catch (Exception $e) { - $this->error = $e->getMessage(); - dol_syslog($this->error, LOG_WARNING); - } - } elseif ($createifnotlinkedtostripe) { - $iban = $obj->iban_prefix; //prefix ? - $ipaddress = getUserRemoteIP(); - - $dataforcard = array( - 'type'=>'sepa_debit', - "sepa_debit" => array('iban' => $iban), - 'currency' => 'eur', - 'usage' => 'reusable', - 'owner' => array( - 'name' => $soc->name, - ), - "metadata" => array('dol_id'=>$object->id, 'dol_version'=>DOL_VERSION, 'dol_entity'=>$conf->entity, 'ipaddress'=>$ipaddress) - ); - - //$a = \Stripe\Stripe::getApiKey(); - //var_dump($a);var_dump($stripeacc);exit; - try { - dol_syslog("Try to create sepa_debit 0"); - - $service = 'StripeTest'; - $servicestatus = 0; - if (!empty($conf->global->STRIPE_LIVE) && !GETPOST('forcesandbox', 'alpha')) { - $service = 'StripeLive'; - $servicestatus = 1; - } - // Force to use the correct API key - global $stripearrayofkeysbyenv; - $stripeacc = $stripearrayofkeysbyenv[$servicestatus]['secret_key']; - - dol_syslog("Try to create sepa_debit with data = ".json_encode($dataforcard)); - $s = new \Stripe\StripeClient($stripeacc); - $sepa = $s->sources->create($dataforcard); - if (!$sepa) { - $this->error = 'Creation of sepa_debit on Stripe has failed'; - } else { - //association du client avec cette source de paimeent - $cs = $cu->createSource( - $cu->id, - [ - 'source' => $sepa->id, - ] - ); - if (!$cs) { - $this->error = 'Link SEPA <-> Customer failed'; - } else { - dol_syslog("Try to create sepa_debit 3"); - // print json_encode($sepa); - - $sql = "UPDATE ".MAIN_DB_PREFIX."societe_rib"; - $sql .= " SET stripe_card_ref = '".$this->db->escape($sepa->id)."', card_type = 'sepa_debit',"; - $sql .= " stripe_account= '" . $this->db->escape($cu->id . "@" . $stripeacc) . "'"; - $sql .= " WHERE rowid = '".$this->db->escape($object->id)."'"; - $sql .= " AND type = 'ban'"; - $resql = $this->db->query($sql); - if (!$resql) { - $this->error = $this->db->lasterror(); - } - } - } - } catch (Exception $e) { - $this->error = $e->getMessage(); - dol_syslog($this->error, LOG_WARNING); - } - } - } - } else { - dol_print_error($this->db); - } - - return $sepa; - } - /** * Get the Stripe payment intent. Create it with confirmnow=false * Warning. If a payment was tried and failed, a payment intent was created. @@ -1012,6 +890,127 @@ class Stripe extends CommonObject return $card; } + + /** + * Get the Stripe SEPA of a company payment mode + * + * @param \Stripe\StripeCustomer $cu Object stripe customer. + * @param CompanyPaymentMode $object Object companypaymentmode to check, or create on stripe (create on stripe also update the societe_rib table for current entity) + * @param string $stripeacc ''=Use common API. If not '', it is the Stripe connect account 'acc_....' to use Stripe connect + * @param int $status Status (0=test, 1=live) + * @param int $createifnotlinkedtostripe 1=Create the stripe sepa and the link if the sepa is not yet linked to a stripe sepa. Deprecated with new Stripe API and SCA. + * @return \Stripe\PaymentMethod|null Stripe SEPA or null if not found + */ + public function sepaStripe($cu, CompanyPaymentMode $object, $stripeacc = '', $status = 0, $createifnotlinkedtostripe = 0) + { + global $conf, $user, $langs; + $sepa = null; + + $sql = "SELECT sa.stripe_card_ref, sa.proprio, sa.iban_prefix"; // stripe_card_ref is src_ for sepa + $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib as sa"; + $sql .= " WHERE sa.rowid = '".$this->db->escape($object->id)."'"; // We get record from ID, no need for filter on entity + $sql .= " AND sa.type = 'ban'"; //type ban to get normal bank account of customer (prelevement) + + $soc = new Societe($this->db); + $soc->fetch($object->fk_soc); + + dol_syslog(get_class($this)."::fetch search stripe sepa(card) id for paymentmode id=".$object->id.", stripeacc=".$stripeacc.", status=".$status.", createifnotlinkedtostripe=".$createifnotlinkedtostripe, LOG_DEBUG); + $resql = $this->db->query($sql); + if ($resql) { + $num = $this->db->num_rows($resql); + if ($num) { + $obj = $this->db->fetch_object($resql); + $cardref = $obj->stripe_card_ref; + dol_syslog(get_class($this)."::cardStripe cardref=".$cardref); + if ($cardref) { + try { + if (empty($stripeacc)) { // If the Stripe connect account not set, we use common API usage + if (!preg_match('/^pm_/', $cardref) && !empty($cu->sources)) { + $sepa = $cu->sources->retrieve($cardref); + } else { + $sepa = \Stripe\PaymentMethod::retrieve($cardref); + } + } else { + if (!preg_match('/^pm_/', $cardref) && !empty($cu->sources)) { + //$sepa = $cu->sources->retrieve($cardref, array("stripe_account" => $stripeacc)); // this API fails when array stripe_account is provided + $sepa = $cu->sources->retrieve($cardref); + } else { + //$sepa = \Stripe\PaymentMethod::retrieve($cardref, array("stripe_account" => $stripeacc)); // Don't know if this works + $sepa = \Stripe\PaymentMethod::retrieve($cardref); + } + } + } catch (Exception $e) { + $this->error = $e->getMessage(); + dol_syslog($this->error, LOG_WARNING); + } + } elseif ($createifnotlinkedtostripe) { + $iban = $obj->iban_prefix; //prefix ? + $ipaddress = getUserRemoteIP(); + + $dataforcard = array( + 'type'=>'sepa_debit', + "sepa_debit" => array('iban' => $iban), + 'currency' => 'eur', + 'usage' => 'reusable', + 'owner' => array( + 'name' => $soc->name, + ), + "metadata" => array('dol_id'=>$object->id, 'dol_version'=>DOL_VERSION, 'dol_entity'=>$conf->entity, 'ipaddress'=>$ipaddress) + ); + + //$a = \Stripe\Stripe::getApiKey(); + //var_dump($a);var_dump($stripeacc);exit; + try { + dol_syslog("Try to create sepa_debit 0"); + + $service = 'StripeTest'; + $servicestatus = 0; + if (!empty($conf->global->STRIPE_LIVE) && !GETPOST('forcesandbox', 'alpha')) { + $service = 'StripeLive'; + $servicestatus = 1; + } + // Force to use the correct API key + global $stripearrayofkeysbyenv; + $stripeacc = $stripearrayofkeysbyenv[$servicestatus]['secret_key']; + + dol_syslog("Try to create sepa_debit with data = ".json_encode($dataforcard)); + $s = new \Stripe\StripeClient($stripeacc); + $sepa = $s->sources->create($dataforcard); + if (!$sepa) { + $this->error = 'Creation of sepa_debit on Stripe has failed'; + } else { + // association du client avec cette source de paimeent + $cs = $cu->createSource($cu->id, array('source' => $sepa->id)); + if (!$cs) { + $this->error = 'Link SEPA <-> Customer failed'; + } else { + dol_syslog("Try to create sepa_debit 3"); + // print json_encode($sepa); + + $sql = "UPDATE ".MAIN_DB_PREFIX."societe_rib"; + $sql .= " SET stripe_card_ref = '".$this->db->escape($sepa->id)."', card_type = 'sepa_debit',"; + $sql .= " stripe_account= '" . $this->db->escape($cu->id . "@" . $stripeacc) . "'"; + $sql .= " WHERE rowid = '".$this->db->escape($object->id)."'"; + $sql .= " AND type = 'ban'"; + $resql = $this->db->query($sql); + if (!$resql) { + $this->error = $this->db->lasterror(); + } + } + } + } catch (Exception $e) { + $this->error = $e->getMessage(); + dol_syslog($this->error, LOG_WARNING); + } + } + } + } else { + dol_print_error($this->db); + } + + return $sepa; + } + /** * Create charge. * This is called by page htdocs/stripe/payment.php and may be deprecated. From 584f9e6a73117e3d652ff52c01271788ee158f87 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Sep 2022 04:10:48 +0200 Subject: [PATCH 114/212] Clean code to manage SEPA payment using external service --- htdocs/core/class/commoninvoice.class.php | 809 ++++++++++++++++++ htdocs/langs/en_US/errors.lang | 3 +- .../class/companybankaccount.class.php | 10 +- htdocs/societe/paymentmodes.php | 442 +++++++--- htdocs/stripe/class/stripe.class.php | 8 +- 5 files changed, 1148 insertions(+), 124 deletions(-) diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index bed28c63035..190e3a3fc62 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -823,6 +823,815 @@ abstract class CommonInvoice extends CommonObject } } + + // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps + /** + * Create a withdrawal request for a direct debit order or a credit transfer order. + * Use the remain to pay excluding all existing open direct debit requests. + * + * @param User $fuser User asking the direct debit transfer + * @param float $amount Amount we request direct debit for + * @param string $type 'direct-debit' or 'bank-transfer' + * @param string $sourcetype Source ('facture' or 'supplier_invoice') + * @return int <0 if KO, >0 if OK + */ + public function demande_prelevement_stripe($fuser, $amount = 0, $type = 'direct-debit', $sourcetype = 'facture') + { + // phpcs:enable + global $conf, $mysoc, $user, $langs; + + if (empty($conf->global->STRIPE_SEPA_DIRECT_DEBIT)) { + //exit + return 0; + } + + $error = 0; + + dol_syslog(get_class($this)."::demande_prelevement_stripe 0", LOG_DEBUG); + + if ($this->statut > self::STATUS_DRAFT && $this->paye == 0) { + require_once DOL_DOCUMENT_ROOT.'/societe/class/companybankaccount.class.php'; + $bac = new CompanyBankAccount($this->db); + $bac->fetch(0, $this->socid); + + $sql = 'SELECT count(*)'; + $sql .= ' FROM '.MAIN_DB_PREFIX.'prelevement_facture_demande'; + $sql .= ' WHERE fk_facture = '.$this->id; + $sql .= ' AND ext_payment_id IS NULL'; // To exclude record done for some online payments + $sql .= ' AND traite = 0'; + + dol_syslog(get_class($this)."::demande_prelevement_stripe 1", LOG_DEBUG); + $resql = $this->db->query($sql); + if ($resql) { + $row = $this->db->fetch_row($resql); + + if ($row[0] == 0) { + $now = dol_now(); + + $totalpaye = $this->getSommePaiement(); + $totalcreditnotes = $this->getSumCreditNotesUsed(); + $totaldeposits = $this->getSumDepositsUsed(); + //print "totalpaye=".$totalpaye." totalcreditnotes=".$totalcreditnotes." totaldeposts=".$totaldeposits; + + // We can also use bcadd to avoid pb with floating points + // For example print 239.2 - 229.3 - 9.9; does not return 0. + //$resteapayer=bcadd($this->total_ttc,$totalpaye,$conf->global->MAIN_MAX_DECIMALS_TOT); + //$resteapayer=bcadd($resteapayer,$totalavoir,$conf->global->MAIN_MAX_DECIMALS_TOT); + if (empty($amount)) { + $amount = price2num($this->total_ttc - $totalpaye - $totalcreditnotes - $totaldeposits, 'MT'); + } + + if (is_numeric($amount) && $amount != 0) { + require_once DOL_DOCUMENT_ROOT.'/societe/class/companypaymentmode.class.php'; + $companypaymentmode = new CompanyPaymentMode($this->db); + $companypaymentmode->fetch($bac->id); + + dol_syslog(get_class($this)."::demande_prelevement_stripe amount=$amount, companypaymentmode = " . $companypaymentmode->id, LOG_DEBUG); + + //Start code from sellyoursaas + $service = 'StripeTest'; + $servicestatus = 0; + if (!empty($conf->global->STRIPE_LIVE) && !GETPOST('forcesandbox', 'alpha')) { + $service = 'StripeLive'; + $servicestatus = 1; + } + + $langs->load("agenda"); + dol_syslog("doTakePaymentStripeForThirdparty service=" . $service . " servicestatus=" . $servicestatus . " thirdparty_id=" . $this->socid . " companypaymentmode=" . $companypaymentmode->id . " noemailtocustomeriferror=" . $noemailtocustomeriferror . " nocancelifpaymenterror=" . $nocancelifpaymenterror . " calledinmyaccountcontext=" . $calledinmyaccountcontext); + + $this->stripechargedone = 0; + $this->stripechargeerror = 0; + $now = dol_now(); + + $currency = $conf->currency; + + global $stripearrayofkeysbyenv; + global $savstripearrayofkeysbyenv; + + $errorforinvoice = 0; // We reset the $errorforinvoice at each invoice loop + + $this->fetch_thirdparty(); + + dol_syslog("--- Process invoice thirdparty_id=" . $this->id . ", thirdparty_name=" . $this->thirdparty->name . " id=" . $this->id . ", ref=" . $this->ref . ", datef=" . dol_print_date($this->date, 'dayhourlog'), LOG_DEBUG); + + $alreadypayed = $this->getSommePaiement(); + $amount_credit_notes_included = $this->getSumCreditNotesUsed(); + $amounttopay = $this->total_ttc - $alreadypayed - $amount_credit_notes_included; + + // Correct the amount according to unit of currency + // See https://support.stripe.com/questions/which-zero-decimal-currencies-does-stripe-support + $arrayzerounitcurrency = ['BIF', 'CLP', 'DJF', 'GNF', 'JPY', 'KMF', 'KRW', 'MGA', 'PYG', 'RWF', 'VND', 'VUV', 'XAF', 'XOF', 'XPF']; + $amountstripe = $amounttopay; + if (!in_array($currency, $arrayzerounitcurrency)) { + $amountstripe = $amountstripe * 100; + } + + if ($amountstripe > 0) { + try { + //var_dump($companypaymentmode); + dol_syslog("We will try to pay with companypaymentmodeid=" . $companypaymentmode->id . " stripe_card_ref=" . $companypaymentmode->stripe_card_ref . " mode=" . $companypaymentmode->status, LOG_DEBUG); + + $thirdparty = new Societe($this->db); + $resultthirdparty = $thirdparty->fetch($this->socid); + + include_once DOL_DOCUMENT_ROOT . '/stripe/class/stripe.class.php'; // This include the include of htdocs/stripe/config.php + // So it inits or erases the $stripearrayofkeysbyenv + $stripe = new Stripe($this->db); + + if (empty($savstripearrayofkeysbyenv)) { + $savstripearrayofkeysbyenv = $stripearrayofkeysbyenv; + } + dol_syslog("Current Stripe environment is " . $stripearrayofkeysbyenv[$servicestatus]['publishable_key']); + dol_syslog("Current Saved Stripe environment is " . $savstripearrayofkeysbyenv[$servicestatus]['publishable_key']); + + $foundalternativestripeaccount = ''; + + // Force stripe to another value (by default this value is empty) + if (!empty($thirdparty->array_options['options_stripeaccount'])) { + dol_syslog("The thirdparty id=" . $thirdparty->id . " has a dedicated Stripe Account, so we switch to it."); + + $tmparray = explode('@', $thirdparty->array_options['options_stripeaccount']); + if (!empty($tmparray[1])) { + $tmparray2 = explode(':', $tmparray[1]); + if (!empty($tmparray2[3])) { + $stripearrayofkeysbyenv = [ + 0 => [ + "publishable_key" => $tmparray2[0], + "secret_key" => $tmparray2[1] + ], + 1 => [ + "publishable_key" => $tmparray2[2], + "secret_key" => $tmparray2[3] + ] + ]; + + $stripearrayofkeys = $stripearrayofkeysbyenv[$servicestatus]; + \Stripe\Stripe::setApiKey($stripearrayofkeys['secret_key']); + + $foundalternativestripeaccount = $tmparray[0]; // Store the customer id + + dol_syslog("We use now customer=" . $foundalternativestripeaccount . " publishable_key=" . $stripearrayofkeys['publishable_key'], LOG_DEBUG); + } + } + + if (!$foundalternativestripeaccount) { + $stripearrayofkeysbyenv = $savstripearrayofkeysbyenv; + + $stripearrayofkeys = $savstripearrayofkeysbyenv[$servicestatus]; + \Stripe\Stripe::setApiKey($stripearrayofkeys['secret_key']); + dol_syslog("We found a bad value for Stripe Account for thirdparty id=" . $thirdparty->id . ", so we ignore it and keep using the global one, so " . $stripearrayofkeys['publishable_key'], LOG_WARNING); + } + } else { + $stripearrayofkeysbyenv = $savstripearrayofkeysbyenv; + + $stripearrayofkeys = $savstripearrayofkeysbyenv[$servicestatus]; + \Stripe\Stripe::setApiKey($stripearrayofkeys['secret_key']); + dol_syslog("The thirdparty id=" . $thirdparty->id . " has no dedicated Stripe Account, so we use global one, so " . json_encode($stripearrayofkeys), LOG_DEBUG); + } + + + dol_syslog("get stripe account", LOG_DEBUG); + $stripeacc = $stripe->getStripeAccount($service, $this->socid); // Get Stripe OAuth connect account if it exists (no network access here) + dol_syslog("get stripe account return " . json_encode($stripeacc), LOG_DEBUG); + + if ($foundalternativestripeaccount) { + if (empty($stripeacc)) { // If the Stripe connect account not set, we use common API usage + $customer = \Stripe\Customer::retrieve(['id' => "$foundalternativestripeaccount", 'expand[]' => 'sources']); + } else { + $customer = \Stripe\Customer::retrieve(['id' => "$foundalternativestripeaccount", 'expand[]' => 'sources'], ["stripe_account" => $stripeacc]); + } + } else { + $customer = $stripe->customerStripe($thirdparty, $stripeacc, $servicestatus, 0); + if (empty($customer) && !empty($stripe->error)) { + $this->errors[] = $stripe->error; + } + /*if (!empty($customer) && empty($customer->sources)) { + $customer = null; + $this->errors[] = '\Stripe\Customer::retrieve did not returned the sources'; + }*/ + } + + // $nbhoursbetweentries = (empty($conf->global->SELLYOURSAAS_NBHOURSBETWEENTRIES) ? 49 : $conf->global->SELLYOURSAAS_NBHOURSBETWEENTRIES); // Must have more that 48 hours + 1 between each try (so 1 try every 3 daily batch) + // $nbdaysbeforeendoftries = (empty($conf->global->SELLYOURSAAS_NBDAYSBEFOREENDOFTRIES) ? 35 : $conf->global->SELLYOURSAAS_NBDAYSBEFOREENDOFTRIES); + $labeltouse = ''; + $postactionmessages = []; + + if ($resultthirdparty > 0 && !empty($customer)) { + if (!$error && !empty($this->array_options['options_delayautopayment']) && $this->array_options['options_delayautopayment'] > $now && empty($calledinmyaccountcontext)) { + $errmsg = 'Payment try was canceled (invoice qualified by the automatic payment was delayed after the ' . dol_print_date($this->array_options['options_delayautopayment'], 'day') . ')'; + dol_syslog($errmsg, LOG_DEBUG); + + $error++; + $errorforinvoice++; + $this->errors[] = $errmsg; + } + // if (!$error && ($this->date < ($now - ($nbdaysbeforeendoftries * 24 * 3600))) // We try until we reach $nbdaysbeforeendoftries + // && ($this->date < ($now - (62 * 24 * 3600)) || $this->date > ($now - (60 * 24 * 3600))) // or when we have 60 days + // && ($this->date < ($now - (92 * 24 * 3600)) || $this->date > ($now - (90 * 24 * 3600))) // or when we have 90 days + // && empty($nocancelifpaymenterror)) { + // $errmsg = 'Payment try was canceled (invoice date is older than ' . $nbdaysbeforeendoftries . ' days and not 60 days old and not 90 days old) - You can still take payment from backoffice.'; + // dol_syslog($errmsg, LOG_DEBUG); + + // $error++; + // $errorforinvoice++; + // $this->errors[] = $errmsg; + // } + // if (!$error && empty($nocancelifpaymenterror)) { // If we are not in a mode that ask to avoid cancelation, we cancel payment. + // // Test if last AC_PAYMENT_STRIPE_KO event is an old error lower than $nbhoursbetweentries hours. + // $recentfailedpayment = false; + // $sqlonevents = 'SELECT COUNT(*) as nb FROM ' . MAIN_DB_PREFIX . 'actioncomm WHERE fk_soc = ' . $thirdparty->id . " AND code ='AC_PAYMENT_STRIPE_KO' AND datep > '" . $this->db->idate($now - ($nbhoursbetweentries * 3600)) . "'"; + // $resqlonevents = $this->db->query($sqlonevents); + // if ($resqlonevents) { + // $obj = $this->db->fetch_object($resqlonevents); + // if ($obj && $obj->nb > 0) { + // $recentfailedpayment = true; + // } + // } + + // if ($recentfailedpayment) { + // $errmsg = 'Payment try was canceled (recent payment, in last ' . $nbhoursbetweentries . ' hours, with error AC_PAYMENT_STRIPE_KO for this customer)'; + // dol_syslog($errmsg, LOG_DEBUG); + + // $error++; + // $errorforinvoice++; + // $this->errors[] = $errmsg; + // } + // } + + if (!$error) { // Payment was not canceled + //erics card or sepa ? + $sepaMode = false; + if ($companypaymentmode->type == 'ban') { + $sepaMode = true; + $stripecard = $stripe->sepaStripe($customer, $companypaymentmode, $stripeacc, $servicestatus, 0); + } else { + $stripecard = $stripe->cardStripe($customer, $companypaymentmode, $stripeacc, $servicestatus, 0); + } + + if ($stripecard) { // Can be card_... (old mode) or pm_... (new mode) + $FULLTAG = 'INV=' . $this->id . '-CUS=' . $thirdparty->id; + $description = 'Stripe payment from doTakePaymentStripeForThirdparty: ' . $FULLTAG . ' ref=' . $this->ref; + + $stripefailurecode = ''; + $stripefailuremessage = ''; + $stripefailuredeclinecode = ''; + + if (preg_match('/^card_/', $stripecard->id)) { // Using old method + dol_syslog("* Create charge on card " . $stripecard->id . ", amountstripe=" . $amountstripe . ", FULLTAG=" . $FULLTAG, LOG_DEBUG); + + $ipaddress = getUserRemoteIP(); + + $charge = null; // Force reset of $charge, so, if already set from a previous fetch, it will be empty even if there is an exception at next step + try { + $charge = \Stripe\Charge::create([ + 'amount' => price2num($amountstripe, 'MU'), + 'currency' => $currency, + 'capture' => true, // Charge immediatly + 'description' => $description, + 'metadata' => ["FULLTAG" => $FULLTAG, 'Recipient' => $mysoc->name, 'dol_version' => DOL_VERSION, 'dol_entity' => $conf->entity, 'ipaddress' => $ipaddress], + 'customer' => $customer->id, + //'customer' => 'bidon_to_force_error', // To use to force a stripe error + 'source' => $stripecard, + 'statement_descriptor' => dol_trunc('INV=' . $this->id, 10, 'right', 'UTF-8', 1), // 22 chars that appears on bank receipt (company + description) + ]); + } catch (\Stripe\Error\Card $e) { + // Since it's a decline, Stripe_CardError will be caught + $body = $e->getJsonBody(); + $err = $body['error']; + + $stripefailurecode = $err['code']; + $stripefailuremessage = $err['message']; + $stripefailuredeclinecode = $err['decline_code']; + } catch (Exception $e) { + $stripefailurecode = 'UnknownChargeError'; + $stripefailuremessage = $e->getMessage(); + } + } else { // Using new SCA method + if ($sepaMode) + dol_syslog("* Create payment on SEPA " . $stripecard->id . ", amounttopay=" . $amounttopay . ", amountstripe=" . $amountstripe . ", FULLTAG=" . $FULLTAG, LOG_DEBUG); + else dol_syslog("* Create payment on card " . $stripecard->id . ", amounttopay=" . $amounttopay . ", amountstripe=" . $amountstripe . ", FULLTAG=" . $FULLTAG, LOG_DEBUG); + + // Create payment intent and charge payment (confirmnow = true) + $paymentintent = $stripe->getPaymentIntent($amounttopay, $currency, $FULLTAG, $description, $invoice, $customer->id, $stripeacc, $servicestatus, 0, 'automatic', true, $stripecard->id, 1); + + $charge = new stdClass(); + //erics add processing sepa is like success ? + if ($paymentintent->status === 'succeeded' || $paymentintent->status === 'processing') { + $charge->status = 'ok'; + $charge->id = $paymentintent->id; + $charge->customer = $customer->id; + } elseif ($paymentintent->status === 'requires_action') { + //paymentintent->status may be => 'requires_action' (no error in such a case) + dol_syslog(var_export($paymentintent, true), LOG_DEBUG); + + $charge->status = 'failed'; + $charge->customer = $customer->id; + $charge->failure_code = $stripe->code; + $charge->failure_message = $stripe->error; + $charge->failure_declinecode = $stripe->declinecode; + $stripefailurecode = $stripe->code; + $stripefailuremessage = 'Action required. Contact the support at ';// . $conf->global->SELLYOURSAAS_MAIN_EMAIL; + $stripefailuredeclinecode = $stripe->declinecode; + } else { + dol_syslog(var_export($paymentintent, true), LOG_DEBUG); + + $charge->status = 'failed'; + $charge->customer = $customer->id; + $charge->failure_code = $stripe->code; + $charge->failure_message = $stripe->error; + $charge->failure_declinecode = $stripe->declinecode; + $stripefailurecode = $stripe->code; + $stripefailuremessage = $stripe->error; + $stripefailuredeclinecode = $stripe->declinecode; + } + + //var_dump("stripefailurecode=".$stripefailurecode." stripefailuremessage=".$stripefailuremessage." stripefailuredeclinecode=".$stripefailuredeclinecode); + //exit; + } + + // Return $charge = array('id'=>'ch_XXXX', 'status'=>'succeeded|pending|failed', 'failure_code'=>, 'failure_message'=>...) + if (empty($charge) || $charge->status == 'failed') { + dol_syslog('Failed to charge card or payment mode ' . $stripecard->id . ' stripefailurecode=' . $stripefailurecode . ' stripefailuremessage=' . $stripefailuremessage . ' stripefailuredeclinecode=' . $stripefailuredeclinecode, LOG_WARNING); + + // Save a stripe payment was in error + $this->stripechargeerror++; + + $error++; + $errorforinvoice++; + $errmsg = $langs->trans("FailedToChargeCard"); + if (!empty($charge)) { + if ($stripefailuredeclinecode == 'authentication_required') { + $errauthenticationmessage = $langs->trans("ErrSCAAuthentication"); + $errmsg = $errauthenticationmessage; + } elseif (in_array($stripefailuredeclinecode, ['insufficient_funds', 'generic_decline'])) { + $errmsg .= ': ' . $charge->failure_code; + $errmsg .= ($charge->failure_message ? ' - ' : '') . ' ' . $charge->failure_message; + if (empty($stripefailurecode)) { + $stripefailurecode = $charge->failure_code; + } + if (empty($stripefailuremessage)) { + $stripefailuremessage = $charge->failure_message; + } + } else { + $errmsg .= ': failure_code=' . $charge->failure_code; + $errmsg .= ($charge->failure_message ? ' - ' : '') . ' failure_message=' . $charge->failure_message; + if (empty($stripefailurecode)) { + $stripefailurecode = $charge->failure_code; + } + if (empty($stripefailuremessage)) { + $stripefailuremessage = $charge->failure_message; + } + } + } else { + $errmsg .= ': ' . $stripefailurecode . ' - ' . $stripefailuremessage; + $errmsg .= ($stripefailuredeclinecode ? ' - ' . $stripefailuredeclinecode : ''); + } + + $description = 'Stripe payment ERROR from doTakePaymentStripeForThirdparty: ' . $FULLTAG; + $postactionmessages[] = $errmsg . ' (' . $stripearrayofkeys['publishable_key'] . ')'; + $this->errors[] = $errmsg; + } else { + dol_syslog('Successfuly charge card ' . $stripecard->id); + + $postactionmessages[] = 'Success to charge card (' . $charge->id . ' with ' . $stripearrayofkeys['publishable_key'] . ')'; + + // Save a stripe payment was done in realy life so later we will be able to force a commit on recorded payments + // even if in batch mode (method doTakePaymentStripe), we will always make all action in one transaction with a forced commit. + $this->stripechargedone++; + + // Default description used for label of event. Will be overwrite by another value later. + $description = 'Stripe payment OK (' . $charge->id . ') from doTakePaymentStripeForThirdparty: ' . $FULLTAG; + + $db = $this->db; + + $ipaddress = getUserRemoteIP(); + + $TRANSACTIONID = $charge->id; + $currency = $conf->currency; + $paymentmethod = 'stripe'; + $emetteur_name = $charge->customer; + + // Same code than into paymentok.php... + + $paymentTypeId = 0; + if ($paymentmethod == 'paybox') { + $paymentTypeId = $conf->global->PAYBOX_PAYMENT_MODE_FOR_PAYMENTS; + } + if ($paymentmethod == 'paypal') { + $paymentTypeId = $conf->global->PAYPAL_PAYMENT_MODE_FOR_PAYMENTS; + } + if ($paymentmethod == 'stripe') { + $paymentTypeId = $conf->global->STRIPE_PAYMENT_MODE_FOR_PAYMENTS; + } + if (empty($paymentTypeId)) { + //erics + if ($sepaMode) { + $paymentType = 'PRE'; + } else { + $paymentType = $_SESSION["paymentType"]; + if (empty($paymentType)) { + $paymentType = 'CB'; + } + } + $paymentTypeId = dol_getIdFromCode($this->db, $paymentType, 'c_paiement', 'code', 'id', 1); + } + + $currencyCodeType = $currency; + + $ispostactionok = 1; + + // Creation of payment line + include_once DOL_DOCUMENT_ROOT . '/compta/paiement/class/paiement.class.php'; + $paiement = new Paiement($this->db); + $paiement->datepaye = $now; + $paiement->date = $now; + if ($currencyCodeType == $conf->currency) { + $paiement->amounts = [$this->id => $amounttopay]; // Array with all payments dispatching with invoice id + } else { + $paiement->multicurrency_amounts = [$this->id => $amounttopay]; // Array with all payments dispatching + + $postactionmessages[] = 'Payment was done in a different currency than currency expected of company'; + $ispostactionok = -1; + // Not yet supported, so error + $error++; + $errorforinvoice++; + } + $paiement->paiementid = $paymentTypeId; + $paiement->num_paiement = ''; + $paiement->num_payment = ''; + // Add a comment with keyword 'SellYourSaas' in text. Used by trigger. + $paiement->note_public = 'StripeSepa payment ' . dol_print_date($now, 'standard') . ' using ' . $paymentmethod . ($ipaddress ? ' from ip ' . $ipaddress : '') . ' - Transaction ID = ' . $TRANSACTIONID; + $paiement->note_private = 'StripeSepa payment ' . dol_print_date($now, 'standard') . ' using ' . $paymentmethod . ($ipaddress ? ' from ip ' . $ipaddress : '') . ' - Transaction ID = ' . $TRANSACTIONID; + $paiement->ext_payment_id = $charge->id . ':' . $customer->id . '@' . $stripearrayofkeys['publishable_key']; + $paiement->ext_payment_site = 'stripe'; + + if (!$errorforinvoice) { + dol_syslog('* Record payment for invoice id ' . $this->id . '. It includes closing of invoice and regenerating document'); + + // This include closing invoices to 'paid' (and trigger including unsuspending) and regenerating document + $paiement_id = $paiement->create($user, 1); + if ($paiement_id < 0) { + $postactionmessages[] = $paiement->error . ($paiement->error ? ' ' : '') . join("
\n", $paiement->errors); + $ispostactionok = -1; + $error++; + $errorforinvoice++; + } else { + $postactionmessages[] = 'Payment created'; + } + + dol_syslog("The payment has been created for invoice id " . $this->id); + } + + if (!$errorforinvoice && !empty($conf->banque->enabled)) { + dol_syslog('* Add payment to bank'); + + $bankaccountid = 0; + if ($paymentmethod == 'paybox') { + $bankaccountid = $conf->global->PAYBOX_BANK_ACCOUNT_FOR_PAYMENTS; + } + if ($paymentmethod == 'paypal') { + $bankaccountid = $conf->global->PAYPAL_BANK_ACCOUNT_FOR_PAYMENTS; + } + if ($paymentmethod == 'stripe') { + $bankaccountid = $conf->global->STRIPE_BANK_ACCOUNT_FOR_PAYMENTS; + } + + if ($bankaccountid > 0) { + $label = '(CustomerInvoicePayment)'; + if ($this->type == Facture::TYPE_CREDIT_NOTE) { + $label = '(CustomerInvoicePaymentBack)'; + } // Refund of a credit note + $result = $paiement->addPaymentToBank($user, 'payment', $label, $bankaccountid, $emetteur_name, ''); + if ($result < 0) { + $postactionmessages[] = $paiement->error . ($paiement->error ? ' ' : '') . join("
\n", $paiement->errors); + $ispostactionok = -1; + $error++; + $errorforinvoice++; + } else { + $postactionmessages[] = 'Bank transaction of payment created (by doTakePaymentStripeForThirdparty)'; + } + } else { + $postactionmessages[] = 'Setup of bank account to use in module ' . $paymentmethod . ' was not set. No way to record the payment.'; + $ispostactionok = -1; + $error++; + $errorforinvoice++; + } + } + + if ($ispostactionok < 1) { + $description = 'Stripe payment OK (' . $charge->id . ' - ' . $amounttopay . ' ' . $conf->currency . ') but post action KO from doTakePaymentStripeForThirdparty: ' . $FULLTAG; + } else { + $description = 'Stripe payment+post action OK (' . $charge->id . ' - ' . $amounttopay . ' ' . $conf->currency . ') from doTakePaymentStripeForThirdparty: ' . $FULLTAG; + } + } + + $object = $invoice; + + // Send emails + $labeltouse = 'InvoicePaymentSuccess'; + $sendemailtocustomer = 1; + + if (empty($charge) || $charge->status == 'failed') { + $labeltouse = 'InvoicePaymentFailure'; + if ($noemailtocustomeriferror) { + $sendemailtocustomer = 0; + } // $noemailtocustomeriferror is set when error already reported on myaccount screen + } + + // Track an event + if (empty($charge) || $charge->status == 'failed') { + $actioncode = 'PAYMENT_STRIPE_KO'; + $extraparams = $stripefailurecode; + $extraparams .= (($extraparams && $stripefailuremessage) ? ' - ' : '') . $stripefailuremessage; + $extraparams .= (($extraparams && $stripefailuredeclinecode) ? ' - ' : '') . $stripefailuredeclinecode; + } else { + $actioncode = 'PAYMENT_STRIPE_OK'; + $extraparams = ''; + } + } else { + $error++; + $errorforinvoice++; + dol_syslog("No card or payment method found for this stripe customer " . $customer->id, LOG_WARNING); + $this->errors[] = 'Failed to get card | payment method for stripe customer = ' . $customer->id; + + $labeltouse = 'InvoicePaymentFailure'; + $sendemailtocustomer = 1; + if ($noemailtocustomeriferror) { + $sendemailtocustomer = 0; + } // $noemailtocustomeriferror is set when error already reported on myaccount screen + + $description = 'Failed to find or use the payment mode - no credit card defined for the customer account'; + $stripefailurecode = 'BADPAYMENTMODE'; + $stripefailuremessage = 'Failed to find or use the payment mode - no credit card defined for the customer account'; + $postactionmessages[] = $description . ' (' . $stripearrayofkeys['publishable_key'] . ')'; + + $object = $invoice; + + $actioncode = 'PAYMENT_STRIPE_KO'; + $extraparams = ''; + } + } else { + // If error because payment was canceled for a logical reason, we do nothing (no email and no event added) + $labeltouse = ''; + $sendemailtocustomer = 0; + + $description = ''; + $stripefailurecode = ''; + $stripefailuremessage = ''; + + $object = $invoice; + + $actioncode = ''; + $extraparams = ''; + } + } else { // Else of the if ($resultthirdparty > 0 && ! empty($customer)) { + if ($resultthirdparty <= 0) { + dol_syslog('SellYourSaasUtils Failed to load customer for thirdparty_id = ' . $thirdparty->id, LOG_WARNING); + $this->errors[] = 'Failed to load customer for thirdparty_id = ' . $thirdparty->id; + } else { // $customer stripe not found + dol_syslog('SellYourSaasUtils Failed to get Stripe customer id for thirdparty_id = ' . $thirdparty->id . " in mode " . $servicestatus . " in Stripe env " . $stripearrayofkeysbyenv[$servicestatus]['publishable_key'], LOG_WARNING); + $this->errors[] = 'Failed to get Stripe customer id for thirdparty_id = ' . $thirdparty->id . " in mode " . $servicestatus . " in Stripe env " . $stripearrayofkeysbyenv[$servicestatus]['publishable_key']; + } + $error++; + $errorforinvoice++; + + $labeltouse = 'InvoicePaymentFailure'; + $sendemailtocustomer = 1; + if ($noemailtocustomeriferror) { + $sendemailtocustomer = 0; + } // $noemailtocustomeriferror is set when error already reported on myaccount screen + + $description = 'Failed to find or use your payment mode (no payment mode for this customer id)'; + $stripefailurecode = 'BADPAYMENTMODE'; + $stripefailuremessage = 'Failed to find or use your payment mode (no payment mode for this customer id)'; + $postactionmessages = []; + + $object = $invoice; + + $actioncode = 'PAYMENT_STRIPE_KO'; + $extraparams = ''; + } + + // Send email + create action after + if ($sendemailtocustomer && $labeltouse) { + dol_syslog("* Send email with result of payment - " . $labeltouse); + + // Set output language + $outputlangs = new Translate('', $conf); + $outputlangs->setDefaultLang(empty($object->thirdparty->default_lang) ? $mysoc->default_lang : $object->thirdparty->default_lang); + $outputlangs->loadLangs(["main", "members", "bills"]); + + // Get email content from templae + $arraydefaultmessage = null; + + include_once DOL_DOCUMENT_ROOT . '/core/class/html.formmail.class.php'; + $formmail = new FormMail($this->db); + + if (!empty($labeltouse)) { + $arraydefaultmessage = $formmail->getEMailTemplate($this->db, 'facture_send', $user, $outputlangs, 0, 1, $labeltouse); + } + + if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) { + $subject = $arraydefaultmessage->topic; + $msg = $arraydefaultmessage->content; + } + + $substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object); + + //$substitutionarray['__SELLYOURSAAS_PAYMENT_ERROR_DESC__'] = $stripefailurecode . ' ' . $stripefailuremessage; + + complete_substitutions_array($substitutionarray, $outputlangs, $object); + + // Set the property ->ref_customer with ref_customer of contract so __REF_CLIENT__ will be replaced in email content + // Search contract linked to invoice + $foundcontract = null; + $this->fetchObjectLinked(); + if (is_array($this->linkedObjects['contrat']) && count($this->linkedObjects['contrat']) > 0) { + //dol_sort_array($object->linkedObjects['facture'], 'date'); + foreach ($this->linkedObjects['contrat'] as $idcontract => $contract) { + $substitutionarray['__CONTRACT_REF__'] = $contract->ref_customer; + $substitutionarray['__REFCLIENT__'] = $contract->ref_customer; // For backward compatibility + $substitutionarray['__REF_CLIENT__'] = $contract->ref_customer; + $foundcontract = $contract; + break; + } + } + + dol_syslog('__DIRECTDOWNLOAD_URL_INVOICE__=' . $substitutionarray['__DIRECTDOWNLOAD_URL_INVOICE__']); + + //erics - erreur de réécriture de l'url de téléchargement direct de la facture ... le lien de base est le bon + //on cherche donc d'ou vien le pb ... + //$urlforsellyoursaasaccount = getRootUrlForAccount($foundcontract); + // if ($urlforsellyoursaasaccount) { + // $tmpforurl = preg_replace('/.*document.php/', '', $substitutionarray['__DIRECTDOWNLOAD_URL_INVOICE__']); + // if ($tmpforurl) { + // dol_syslog('__DIRECTDOWNLOAD_URL_INVOICE__ cas 1, urlforsellyoursaasaccount=' . $urlforsellyoursaasaccount); + // // $substitutionarray['__DIRECTDOWNLOAD_URL_INVOICE__'] = $urlforsellyoursaasaccount . '/source/document.php' . $tmpforurl; + // } else { + // dol_syslog('__DIRECTDOWNLOAD_URL_INVOICE__ cas 2, urlforsellyoursaasaccount=' . $urlforsellyoursaasaccount); + // // $substitutionarray['__DIRECTDOWNLOAD_URL_INVOICE__'] = $urlforsellyoursaasaccount; + // } + // } + + $subjecttosend = make_substitutions($subject, $substitutionarray, $outputlangs); + $texttosend = make_substitutions($msg, $substitutionarray, $outputlangs); + + // Attach a file ? + $file = ''; + $listofpaths = []; + $listofnames = []; + $listofmimes = []; + if (is_object($invoice)) { + $invoicediroutput = $conf->facture->dir_output; + //erics - choix du PDF a joindre aux mails + $fileparams = dol_most_recent_file($invoicediroutput . '/' . $this->ref, preg_quote($this->ref, '/') . '[^\-]+*.pdf'); + $file = $fileparams['fullname']; + //$file = $invoicediroutput . '/' . $this->ref . '/' . $this->ref . '.pdf'; + // $file = ''; // Disable attachment of invoice in emails + + if ($file) { + $listofpaths = [$file]; + $listofnames = [basename($file)]; + $listofmimes = [dol_mimetype($file)]; + } + } + $from = "";//$conf->global->SELLYOURSAAS_NOREPLY_EMAIL; + + $trackid = 'inv' . $this->id; + $moreinheader = 'X-Dolibarr-Info: doTakeStripePaymentForThirdParty' . "\r\n"; + + // Send email (substitutionarray must be done just before this) + include_once DOL_DOCUMENT_ROOT . '/core/class/CMailFile.class.php'; + $mailfile = new CMailFile($subjecttosend, $this->thirdparty->email, $from, $texttosend, $listofpaths, $listofmimes, $listofnames, '', '', 0, -1, '', '', $trackid, $moreinheader); + if ($mailfile->sendfile()) { + $result = 1; + } else { + $this->error = $langs->trans("ErrorFailedToSendMail", $from, $this->thirdparty->email) . '. ' . $mailfile->error; + $result = -1; + } + + if ($result < 0) { + $errmsg = $this->error; + $postactionmessages[] = $errmsg; + $ispostactionok = -1; + } else { + if ($file) { + $postactionmessages[] = 'Email sent to thirdparty (to ' . $this->thirdparty->email . ' with invoice document attached: ' . $file . ', language = ' . $outputlangs->defaultlang . ')'; + } else { + $postactionmessages[] = 'Email sent to thirdparty (to ' . $this->thirdparty->email . ' without any attached document, language = ' . $outputlangs->defaultlang . ')'; + } + } + } + + if ($description) { + dol_syslog("* Record event for payment result - " . $description); + require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; + + // Insert record of payment (success or error) + $actioncomm = new ActionComm($this->db); + + $actioncomm->type_code = 'AC_OTH_AUTO'; // Type of event ('AC_OTH', 'AC_OTH_AUTO', 'AC_XXX'...) + $actioncomm->code = 'AC_' . $actioncode; + $actioncomm->label = $description; + $actioncomm->note_private = join(",\n", $postactionmessages); + $actioncomm->fk_project = $this->fk_project; + $actioncomm->datep = $now; + $actioncomm->datef = $now; + $actioncomm->percentage = -1; // Not applicable + $actioncomm->socid = $thirdparty->id; + $actioncomm->contactid = 0; + $actioncomm->authorid = $user->id; // User saving action + $actioncomm->userownerid = $user->id; // Owner of action + // Fields when action is a real email (content is already into note) + /*$actioncomm->email_msgid = $object->email_msgid; + $actioncomm->email_from = $object->email_from; + $actioncomm->email_sender= $object->email_sender; + $actioncomm->email_to = $object->email_to; + $actioncomm->email_tocc = $object->email_tocc; + $actioncomm->email_tobcc = $object->email_tobcc; + $actioncomm->email_subject = $object->email_subject; + $actioncomm->errors_to = $object->errors_to;*/ + $actioncomm->fk_element = $this->id; + $actioncomm->elementtype = $this->element; + $actioncomm->extraparams = dol_trunc($extraparams, 250); + + $actioncomm->create($user); + } + + $this->description = $description; + $this->postactionmessages = $postactionmessages; + } catch (Exception $e) { + $error++; + $errorforinvoice++; + dol_syslog('Error ' . $e->getMessage(), LOG_ERR); + $this->errors[] = 'Error ' . $e->getMessage(); + } + } else { // If remain to pay is null + $error++; + $errorforinvoice++; + dol_syslog("Remain to pay is null for the invoice " . $this->id . " " . $this->ref . ". Why is the invoice not classified 'Paid' ?", LOG_WARNING); + $this->errors[] = "Remain to pay is null for the invoice " . $this->id . " " . $this->ref . ". Why is the invoice not classified 'Paid' ?"; + } + + //end copy + // print json_encode($stripecard); + // exit; + + $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'prelevement_facture_demande('; + $sql .= 'fk_facture, '; + $sql .= ' amount, date_demande, fk_user_demande, ext_payment_id, ext_payment_site, sourcetype, entity)'; + $sql .= ' VALUES ('.$this->id; + $sql .= ",'".price2num($amount)."'"; + $sql .= ",'".$this->db->idate($now)."'"; + $sql .= ",".$fuser->id; + $sql .= ",'".$this->db->escape($stripe_id)."'"; + $sql .= ",'".$this->db->escape($stripe_uri)."'"; + $sql .= ",'".$this->db->escape($sourcetype)."'"; + $sql .= ",".$conf->entity; + $sql .= ")"; + + dol_syslog(get_class($this)."::demande_prelevement_stripe", LOG_DEBUG); + $resql = $this->db->query($sql); + if (!$resql) { + $this->error = $this->db->lasterror(); + dol_syslog(get_class($this).'::demande_prelevement_stripe Erreur'); + $error++; + } + } else { + $this->error = 'WithdrawRequestErrorNilAmount'; + dol_syslog(get_class($this).'::demande_prelevement_stripe WithdrawRequestErrorNilAmount'); + $error++; + } + + if (!$error) { + // Force payment mode of invoice to withdraw + $payment_mode_id = dol_getIdFromCode($this->db, ($type == 'bank-transfer' ? 'VIR' : 'PRE'), 'c_paiement', 'code', 'id', 1); + if ($payment_mode_id > 0) { + $result = $this->setPaymentMethods($payment_mode_id); + } + } + + if ($error) { + return -1; + } + return 1; + } else { + $this->error = "A request already exists"; + dol_syslog(get_class($this).'::demande_prelevement_stripe Impossible de creer une demande, demande deja en cours'); + return 0; + } + } else { + $this->error = $this->db->error(); + dol_syslog(get_class($this).'::demande_prelevement_stripe Erreur -2'); + return -2; + } + } else { + $this->error = "Status of invoice does not allow this"; + dol_syslog(get_class($this)."::demande_prelevement_stripe ".$this->error." $this->statut, $this->paye, $this->mode_reglement_id"); + return -3; + } + } + // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Remove a direct debit request or a credit transfer request diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index b47199e8fe2..fba4f286b62 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -292,7 +292,8 @@ ErrorThirpdartyOrMemberidIsMandatory=Third party or Member of partnership is man ErrorFailedToWriteInTempDirectory=Failed to write in temp directory ErrorQuantityIsLimitedTo=Quantity is limited to %s ErrorFailedToLoadThirdParty=Failed to find/load thirdparty from id=%s, email=%s, name=%s - +ErrorThisPaymentModeIsNotSepa=This payment mode is not a bank account + # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup. WarningPasswordSetWithNoAccount=A password was set for this member. However, no user account was created. So this password is stored but can't be used to login to Dolibarr. It may be used by an external module/interface but if you don't need to define any login nor password for a member, you can disable option "Manage a login for each member" from Member module setup. If you need to manage a login but don't need any password, you can keep this field empty to avoid this warning. Note: Email can also be used as a login if the member is linked to a user. diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index 4ddbd1c613f..c3ecbe31ccd 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -47,6 +47,9 @@ class CompanyBankAccount extends Account public $rum; public $date_rum; + public $stripe_card_ref; // ID of BAN into an external payment system + public $stripe_account; // Account of the external payment system + /** * Date creation record (datec) * @@ -187,6 +190,8 @@ class CompanyBankAccount extends Account } else { $sql .= ",label = NULL"; } + $sql .= ",stripe_card_ref = '".$this->db->escape($this->stripe_card_ref)."'"; + $sql .= ",stripe_account = '".$this->db->escape($this->stripe_account)."'"; $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); @@ -232,7 +237,8 @@ class CompanyBankAccount extends Account } $sql = "SELECT rowid, type, fk_soc, bank, number, code_banque, code_guichet, cle_rib, bic, iban_prefix as iban, domiciliation, proprio,"; - $sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur, date_rum"; + $sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur, date_rum,"; + $sql .= " stripe_card_ref, stripe_account"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib"; if ($id) { $sql .= " WHERE rowid = ".((int) $id); @@ -274,6 +280,8 @@ class CompanyBankAccount extends Account $this->rum = $obj->rum; $this->frstrecur = $obj->frstrecur; $this->date_rum = $this->db->jdate($obj->date_rum); + $this->stripe_card_ref = $obj->stripe_card_ref; + $this->stripe_account = $obj->stripe_account; } $this->db->free($resql); diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index e7899db813e..7e3c916ec27 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -175,6 +175,12 @@ if (empty($reshook)) { $companybankaccount->rum = $prelevement->buildRumNumber($object->code_client, $companybankaccount->datec, $companybankaccount->id); } + if (GETPOST('stripe_card_ref', 'alpha') && GETPOST('stripe_card_ref', 'alpha') != $companypaymentmode->stripe_card_ref) { + // If we set a stripe value that is different than previous one, we also set the stripe account + $companypaymentmode->stripe_account = $stripecu.'@'.$site_account; + } + $companybankaccount->stripe_card_ref = GETPOST('stripe_card_ref', 'alpha'); + $result = $companybankaccount->update($user); if (!$result) { setEventMessages($companybankaccount->error, $companybankaccount->errors, 'errors'); @@ -416,6 +422,7 @@ if (empty($reshook)) { if ($action == 'confirm_deletecard' && GETPOST('confirm', 'alpha') == 'yes') { $companypaymentmode = new CompanyPaymentMode($db); if ($companypaymentmode->fetch($ribid ? $ribid : $id)) { + // TODO This is currently done at bottom of page instead of asking confirm /*if ($companypaymentmode->stripe_card_ref && preg_match('/pm_/', $companypaymentmode->stripe_card_ref)) { $payment_method = \Stripe\PaymentMethod::retrieve($companypaymentmode->stripe_card_ref); @@ -440,6 +447,16 @@ if (empty($reshook)) { if ($action == 'confirm_delete' && GETPOST('confirm', 'alpha') == 'yes') { $companybankaccount = new CompanyBankAccount($db); if ($companybankaccount->fetch($ribid ? $ribid : $id)) { + // TODO This is currently done at bottom of page instead of asking confirm + /*if ($companypaymentmode->stripe_card_ref && preg_match('/pm_/', $companypaymentmode->stripe_card_ref)) + { + $payment_method = \Stripe\PaymentMethod::retrieve($companypaymentmode->stripe_card_ref); + if ($payment_method) + { + $payment_method->detach(); + } + }*/ + $result = $companybankaccount->delete($user); if ($result > 0) { $url = $_SERVER['PHP_SELF']."?socid=".$object->id; @@ -505,7 +522,7 @@ if (empty($reshook)) { } if (!$error) { - // Creation of Stripe card + update of societe_account + // Creation of Stripe card + update of llx_societe_rib // Note that with the new Stripe API, option to create a card is no more available, instead an error message will be returned to // ask to create the crdit card from Stripe backoffice. $card = $stripe->cardStripe($cu, $companypaymentmode, $stripeacc, $servicestatus, 1); @@ -517,18 +534,13 @@ if (empty($reshook)) { } } if ($action == 'syncsepatostripe') { - $companybankaccount->fetch(GETPOST('bankid', 'int')); - // print "stripe account = " . json_encode($stripe->getStripeAccount($service)); - // print json_encode($companybankaccount); - // print "fetch id = " . json_encode($socid); - - $companypaymentmode = new CompanyPaymentMode($db); - $companypaymentmode->fetch(null, null, $socid); - // print json_encode($companypaymentmode); + $companypaymentmode = new CompanyPaymentMode($db); // Get record in llx_societe_rib + $companypaymentmode->fetch($id); if ($companypaymentmode->type != 'ban') { $error++; - setEventMessages('ThisPaymentModeIsNotSepa', null, 'errors'); + $langs->load("errors"); + setEventMessages('ThisPaymentModeIsNotABan', null, 'errors'); } else { // Get the Stripe customer $cu = $stripe->customerStripe($object, $stripeacc, $servicestatus); @@ -539,13 +551,13 @@ if (empty($reshook)) { } if (!$error) { - // Creation of Stripe SEPA + update of societe_account + // Creation of Stripe SEPA + update of llx_societe_rib $card = $stripe->sepaStripe($cu, $companypaymentmode, $stripeacc, $servicestatus, 1); if (!$card) { $error++; setEventMessages($stripe->error, $stripe->errors, 'errors'); } else { - setEventMessages("", array("SEPA on Stripe", "SEPA IBAN is now linked to the Stripe customer account !")); + setEventMessages("", array("Bank Account on Stripe", "BAN is now linked to the Stripe customer account !")); } } } @@ -711,6 +723,37 @@ if (empty($reshook)) { $error++; setEventMessages($e->getMessage(), null, 'errors'); } + } elseif ($action == 'delete' && $source) { + try { + if (preg_match('/pm_/', $source)) { + $payment_method = \Stripe\PaymentMethod::retrieve($source, array("stripe_account" => $stripeacc)); + if ($payment_method) { + $payment_method->detach(); + } + } else { + $cu = $stripe->customerStripe($object, $stripeacc, $servicestatus); + $card = $cu->sources->retrieve("$source"); + if ($card) { + // $card->detach(); Does not work with card_, only with src_ + if (method_exists($card, 'detach')) { + $card->detach(); + $sql = "UPDATE ".MAIN_DB_PREFIX."societe_rib as sr "; + $sql .= " SET stripe_card_ref = null"; + $sql .= " WHERE sr.stripe_card_ref = '".$db->escape($source)."'"; + $resql = $db->query($sql); + } else { + $card->delete(); + } + } + } + + $url = DOL_URL_ROOT.'/societe/paymentmodes.php?socid='.$object->id; + header('Location: '.$url); + exit; + } catch (Exception $e) { + $error++; + setEventMessages($e->getMessage(), null, 'errors'); + } } } } @@ -938,70 +981,75 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print '
'; - // List of Stripe payment modes - if (!(empty($conf->stripe->enabled)) && $object->client) { + $showcardpaymentmode = 0; + if (isModEnabled('stripe')) { + $showcardpaymentmode++; + } + + // Get list of remote payment modes + $listofsources = array(); + + if (is_object($stripe)) { + try { + $customerstripe = $stripe->customerStripe($object, $stripeacc, $servicestatus); + if (!empty($customerstripe->id)) { + // When using the Charge API architecture + if (empty($conf->global->STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION)) { + $listofsources = $customerstripe->sources->data; + } else { + $service = 'StripeTest'; + $servicestatus = 0; + if (!empty($conf->global->STRIPE_LIVE) && !GETPOST('forcesandbox', 'alpha')) { + $service = 'StripeLive'; + $servicestatus = 1; + } + + // Force to use the correct API key + global $stripearrayofkeysbyenv; + \Stripe\Stripe::setApiKey($stripearrayofkeysbyenv[$servicestatus]['secret_key']); + + try { + if (empty($stripeacc)) { // If the Stripe connect account not set, we use common API usage + $paymentmethodobjsA = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "card")); + $paymentmethodobjsB = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "sepa_debit")); + } else { + $paymentmethodobjsA = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "card"), array("stripe_account" => $stripeacc)); + $paymentmethodobjsB = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "sepa_debit"), array("stripe_account" => $stripeacc)); + } + + if ($paymentmethodobjsA->data != null && $paymentmethodobjsB->data != null) { + $listofsources = array_merge((array) $paymentmethodobjsA->data, (array) $paymentmethodobjsB->data); + } elseif ($paymentmethodobjsB->data != null) { + $listofsources = $paymentmethodobjsB->data; + } else { + $listofsources = $paymentmethodobjsA->data; + } + } catch (Exception $e) { + $error++; + setEventMessages($e->getMessage(), null, 'errors'); + } + } + } + } catch (Exception $e) { + dol_syslog("Error when searching/loading Stripe customer for thirdparty id =".$object->id); + } + } + + + // List of Card payment modes + if ($showcardpaymentmode && $object->client) { $morehtmlright = ''; if (!empty($conf->global->STRIPE_ALLOW_LOCAL_CARD)) { $morehtmlright .= dolGetButtonTitle($langs->trans('Add'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?socid='.$object->id.'&action=createcard'); } - print load_fiche_titre($langs->trans('StripePaymentModes').($stripeacc ? ' (Stripe connection with StripeConnect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)'), $morehtmlright, 'stripe-s'); + print load_fiche_titre($langs->trans('CreditCard').($stripeacc ? ' (Stripe connection with StripeConnect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)'), $morehtmlright, 'fa-credit-card'); - $listofsources = array(); - if (is_object($stripe)) { - try { - $customerstripe = $stripe->customerStripe($object, $stripeacc, $servicestatus); - if (!empty($customerstripe->id)) { - // When using the Charge API architecture - if (empty($conf->global->STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION)) { - $listofsources = $customerstripe->sources->data; - } else { - $service = 'StripeTest'; - $servicestatus = 0; - if (!empty($conf->global->STRIPE_LIVE) && !GETPOST('forcesandbox', 'alpha')) { - $service = 'StripeLive'; - $servicestatus = 1; - } - - // Force to use the correct API key - global $stripearrayofkeysbyenv; - \Stripe\Stripe::setApiKey($stripearrayofkeysbyenv[$servicestatus]['secret_key']); - - try { - if (empty($stripeacc)) { // If the Stripe connect account not set, we use common API usage - $paymentmethodobjsA = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "card")); - $paymentmethodobjsB = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "sepa_debit")); - } else { - $paymentmethodobjsA = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "card"), array("stripe_account" => $stripeacc)); - $paymentmethodobjsB = \Stripe\PaymentMethod::all(array("customer" => $customerstripe->id, "type" => "sepa_debit"), array("stripe_account" => $stripeacc)); - } - - if ($paymentmethodobjsA->data != null && $paymentmethodobjsB->data != null) { - $listofsources = array_merge((array) $paymentmethodobjsA->data, (array) $paymentmethodobjsB->data); - } elseif ($paymentmethodobjsB->data != null) { - $listofsources = $paymentmethodobjsB->data; - } else { - $listofsources = $paymentmethodobjsA->data; - } - } catch (Exception $e) { - $error++; - setEventMessages($e->getMessage(), null, 'errors'); - } - } - } - } catch (Exception $e) { - dol_syslog("Error when searching/loading Stripe customer for thirdparty id =".$object->id); - } - } - - print ''."\n"; + print ''."\n"; print '
'; // You can use div-table-responsive-no-min if you dont need reserved height for your table print ''."\n"; print ''; - if (!empty($conf->global->STRIPE_ALLOW_LOCAL_CARD)) { - print ''; - } print ''; - print ''; + print ''; // external system ID print ''; print ''; print ''; @@ -1018,7 +1066,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' $nbremote = 0; $nblocal = 0; - $arrayofstripecard = array(); + $arrayofremotecard = array(); // Show local sources if (!empty($conf->global->STRIPE_ALLOW_LOCAL_CARD)) { @@ -1042,18 +1090,16 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' if ($obj) { $companypaymentmodetemp->fetch($obj->rowid); - $arrayofstripecard[$companypaymentmodetemp->stripe_card_ref] = $companypaymentmodetemp->stripe_card_ref; + $arrayofremotecard[$companypaymentmodetemp->stripe_card_ref] = $companypaymentmodetemp->stripe_card_ref; - print ''; - print ''; + print ''; + // Label print ''; - print ''; + // Type print ''; + // Information (Owner, ...) print ''; - // Local ID - if (!empty($conf->global->STRIPE_ALLOW_LOCAL_CARD)) { - print ''; + $imgline = ''; + if ($src->object == 'card') { + $imgline = img_credit_card($src->brand); + } elseif ($src->object == 'source' && $src->type == 'card') { + $imgline = img_credit_card($src->card->brand); + } elseif ($src->object == 'payment_method' && $src->type == 'card') { + $imgline = img_credit_card($src->card->brand); + } elseif ($src->object == 'source' && $src->type == 'sepa_debit') { + continue; + } elseif ($src->object == 'payment_method' && $src->type == 'sepa_debit') { + continue; } + + print ''; print ''; // Src ID - print ''; - // Img of credit card + // Img print ''; // Information print ''; + print ''; + // Fields from hook $parameters = array('arrayfields'=>array(), 'stripesource'=>$src, 'linetype'=>'stripecardremoteonly'); $reshook = $hookmanager->executeHooks('printFieldListValue', $parameters, $object); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; + // Action column print '
'.$langs->trans('LocalID').''.$langs->trans('Label').''.$langs->trans('StripeID').''.$langs->trans('StripeID').''.$langs->trans('Type').''.$langs->trans('Informations').'
'; - print $companypaymentmodetemp->id; - print '
'; print dol_escape_htmltag($companypaymentmodetemp->label); print ''; - print $companypaymentmodetemp->stripe_card_ref; - if ($companypaymentmodetemp->stripe_card_ref) { + // External card ID + print ''; + if (!empty($companypaymentmodetemp->stripe_card_ref)) { $connect = ''; if (!empty($stripeacc)) { $connect = $stripeacc.'/'; @@ -1062,12 +1108,15 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' if ($servicestatus) { $url = 'https://dashboard.stripe.com/'.$connect.'search?query='.$companypaymentmodetemp->stripe_card_ref; } - print ' '.img_picto($langs->trans('ShowInStripe').' - Customer and Publishable key = '.$companypaymentmodetemp->stripe_account, 'globe').''; + print ''.img_picto($langs->trans('ShowInStripe').' - Customer and Publishable key = '.$companypaymentmodetemp->stripe_account, 'globe').' '; } + print $companypaymentmodetemp->stripe_card_ref; print ''; print img_credit_card($companypaymentmodetemp->type); print ''; if ($companypaymentmodetemp->proprio) { print ''.$companypaymentmodetemp->proprio.'
'; @@ -1121,7 +1170,6 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print ''; print img_picto($langs->trans("Modify"), 'edit'); print ''; - print ' '; print ''; // source='.$companypaymentmodetemp->stripe_card_ref.'& print img_picto($langs->trans("Delete"), 'delete'); print ''; @@ -1140,24 +1188,31 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' // Show remote sources (not already shown as local source) if (is_array($listofsources) && count($listofsources)) { foreach ($listofsources as $src) { - if (!empty($arrayofstripecard[$src->id])) { + if (!empty($arrayofremotecard[$src->id])) { continue; // Already in previous list } $nbremote++; - print '
'; - print '
'; print ''; + print ''; $connect = ''; - print $src->id; if (!empty($stripeacc)) { $connect = $stripeacc.'/'; } @@ -1167,21 +1222,12 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' //$url='https://dashboard.stripe.com/'.$connect.'sources/'.$src->id; $url = 'https://dashboard.stripe.com/'.$connect.'search?query='.$src->id; } - print " ".img_picto($langs->trans('ShowInStripe'), 'globe').""; + print "".img_picto($langs->trans('ShowInStripe'), 'globe')." "; + print $src->id; print ''; - if ($src->object == 'card') { - print img_credit_card($src->brand); - } elseif ($src->object == 'source' && $src->type == 'card') { - print img_credit_card($src->card->brand); - } elseif ($src->object == 'source' && $src->type == 'sepa_debit') { - print ''; - } elseif ($src->object == 'payment_method' && $src->type == 'card') { - print img_credit_card($src->card->brand); - } elseif ($src->object == 'payment_method' && $src->type == 'sepa_debit') { - print ''; - } + print $imgline; print''; @@ -1256,18 +1302,20 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print $langs->trans("Remote"); //if ($src->cvc_check == 'fail') print ' - CVC check fail'; print ''; //var_dump($src); - print ''; print ''; if ($permissiontoaddupdatepaymentinformation) { - print ''; + print ''; print img_picto($langs->trans("Delete"), 'delete'); print ''; } @@ -1286,7 +1334,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print '
'; } - // List of Stripe payment modes + // List of Stripe connect accounts if (!empty($conf->stripe->enabled) && !empty($conf->stripeconnect->enabled) && !empty($stripesupplieracc)) { print load_fiche_titre($langs->trans('StripeBalance').($stripesupplieracc ? ' (Stripe connection with StripeConnect account '.$stripesupplieracc.')' : ' (Stripe connection with keys from Stripe module setup)'), $morehtmlright, 'stripe-s'); $balance = \Stripe\Balance::retrieve(array("stripe_account" => $stripesupplieracc)); @@ -1337,16 +1385,20 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' $morehtmlright = dolGetButtonTitle($langs->trans('Add'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"] . '?socid=' . $object->id . '&action=create'); } - print load_fiche_titre($langs->trans("BankAccounts"), $morehtmlright, 'bank'); + $nblocal = 0; $nbremote = 0; + $arrayofremoteban = array(); + $rib_list = $object->get_all_rib(); + if (is_array($rib_list)) { print '
'; // You can use div-table-responsive-no-min if you don't need reserved height for your table print ''; print ''; - print_liste_field_titre("LabelRIB"); + print_liste_field_titre("Label"); + print_liste_field_titre("StripeID"); // external system ID print_liste_field_titre("Bank"); print_liste_field_titre("RIB"); print_liste_field_titre("IBAN"); @@ -1356,17 +1408,43 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print_liste_field_titre("DateRUM"); print_liste_field_titre("WithdrawMode"); } - print_liste_field_titre("DefaultRIB", '', '', '', '', '', '', '', 'center '); + print_liste_field_titre("Default", '', '', '', '', '', '', '', 'center '); print_liste_field_titre('', '', '', '', '', '', '', '', 'center '); + // Fields from hook + $parameters = array('arrayfields'=>array(), 'linetype'=>'stripebantitle'); + $reshook = $hookmanager->executeHooks('printFieldListValue', $parameters, $object); // Note that $action and $object may have been modified by hook + print $hookmanager->resPrint; print_liste_field_titre('', $_SERVER["PHP_SELF"], "", '', '', '', '', '', 'maxwidthsearch '); print "\n"; + // List of local BAN foreach ($rib_list as $rib) { + $arrayofremoteban[$rib->stripe_card_ref] = $rib->stripe_card_ref; + + $nblocal++; + print ''; // Label - print ''; + print ''; + // Stripe ID + print ''; // Bank name - print ''; + print ''; // Account number print ''; // IBAN - print ''; - print ''; + print ''; print ''; @@ -1500,12 +1578,19 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print $out; print ''; + // Fields from hook + $parameters = array('arrayfields'=>array(), 'stripe_card_ref'=>$rib->stripe_card_ref, 'stripe_account'=>$rib->stripe_account, 'linetype'=>'stripeban'); + $reshook = $hookmanager->executeHooks('printFieldListValue', $parameters, $object); // Note that $action and $object may have been modified by hook + print $hookmanager->resPrint; + // Edit/Delete print ''; } - if (count($rib_list) == 0) { - $colspan = 9; + + // List of remote BAN (if not already added as local) + foreach ($listofsources as $src) { + if (!empty($arrayofremoteban[$src->id])) { + continue; // Already in previous list + } + + $nbremote++; + + $imgline = ''; + if ($src->object == 'source' && $src->type == 'sepa_debit') { + $imgline = ''; + } elseif ($src->object == 'payment_method' && $src->type == 'sepa_debit') { + $imgline = ''; + } else { + continue; + } + + print ''; + print ''; + // Src ID + print ''; + // Bank + print ''; + // Account number + print ''; + // IBAN + print ''; + // BIC + print ''; + if (!empty($conf->prelevement->enabled)) { - $colspan += 2; + // RUM + print ''; + // Date + print ''; + // Mode mandate + print ''; + } + + // Default + print ''; + /* + print ''; + */ + + print ''; + + // Fields from hook + $parameters = array('arrayfields'=>array(), 'stripe_card_ref'=>$rib->stripe_card_ref, 'stripe_account'=>$rib->stripe_account, 'linetype'=>'stripebanremoteonly'); + $reshook = $hookmanager->executeHooks('printFieldListValue', $parameters, $object); // Note that $action and $object may have been modified by hook + print $hookmanager->resPrint; + + // Action column + print ''; + + print ''; + } + + if ($nbremote == 0 && $nblocal == 0) { + $colspan = 10; + if (!empty($conf->prelevement->enabled)) { + $colspan += 3; } print ''; } @@ -1603,10 +1792,12 @@ if ($socid && $action == 'edit' && $permissiontoaddupdatepaymentinformation) { print '
'; + print '
'; + print '
'; print '
'.$rib->label.''.dol_escape_htmltag($rib->label).''; + if ($rib->stripe_card_ref) { + $connect = ''; + if (!empty($stripeacc)) { + $connect = $stripeacc.'/'; + } + //$url='https://dashboard.stripe.com/'.$connect.'test/sources/'.$src->id; + $url = 'https://dashboard.stripe.com/'.$connect.'test/search?query='.$rib->stripe_card_ref; + if ($servicestatus) { + //$url='https://dashboard.stripe.com/'.$connect.'sources/'.$src->id; + $url = 'https://dashboard.stripe.com/'.$connect.'search?query='.$rib->stripe_card_ref; + } + print "".img_picto($langs->trans('ShowInStripe'), 'globe')." "; + } + print $rib->stripe_card_ref; + print ''.$rib->bank.''.dol_escape_htmltag($rib->bank).''; $string = ''; @@ -1398,7 +1476,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print $string; print ''.$rib->iban; + print ''.dol_escape_htmltag($rib->iban); if (!empty($rib->iban)) { if (!checkIbanForAccount($rib)) { print ' '.img_picto($langs->trans("IbanNotValid"), 'warning'); @@ -1417,7 +1495,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' if (!empty($conf->prelevement->enabled)) { // RUM //print ''.$prelevement->buildRumNumber($object->code_client, $rib->datec, $rib->id).''.$rib->rum.''.dol_escape_htmltag($rib->rum).''.dol_print_date($rib->date_rum, 'day').''; if ($permissiontoaddupdatepaymentinformation) { - print ''; - print img_picto($langs->trans("CreateBAN"), 'stripe'); - print ''; + if (empty($rib->stripe_card_ref)) { + print ''; + print img_picto($langs->trans("CreateBAN"), 'stripe'); + print ''; + } print ''; print img_picto($langs->trans("Modify"), 'edit'); @@ -1520,10 +1605,114 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print '
'; + print ''; + $connect = ''; + if (!empty($stripeacc)) { + $connect = $stripeacc.'/'; + } + //$url='https://dashboard.stripe.com/'.$connect.'test/sources/'.$src->id; + $url = 'https://dashboard.stripe.com/'.$connect.'test/search?query='.$src->id; + if ($servicestatus) { + //$url='https://dashboard.stripe.com/'.$connect.'sources/'.$src->id; + $url = 'https://dashboard.stripe.com/'.$connect.'search?query='.$src->id; + } + print "".img_picto($langs->trans('ShowInStripe'), 'globe')." "; + print $src->id; + print ''; + print''; + print ''; + //var_dump($src); + print ''; + //var_dump($src); + print ''; + //var_dump($src); + print ''; + //var_dump($src); + print ''; + //var_dump($src); + print ''; + if ((empty($customerstripe->invoice_settings) && $customerstripe->default_source != $src->id) || + (!empty($customerstripe->invoice_settings) && $customerstripe->invoice_settings->default_payment_method != $src->id)) { + print ''; + print img_picto($langs->trans("Default"), 'off'); + print ''; + } else { + print img_picto($langs->trans("Default"), 'on'); + } + print ''; + print $langs->trans("Remote"); + //if ($src->cvc_check == 'fail') print ' - CVC check fail'; + print ''; + print ''; + if ($permissiontoaddupdatepaymentinformation) { + print ''; + print img_picto($langs->trans("Delete"), 'delete'); + print ''; + } + print '
'.$langs->trans("NoBANRecord").'
'; - print ''; + print ''; print ''; print ''; @@ -1702,6 +1893,9 @@ if ($socid && $action == 'edit' && $permissiontoaddupdatepaymentinformation) { print $form->selectarray("frstrecur", $tblArraychoice, dol_escape_htmltag(GETPOST('frstrecur', 'alpha') ?GETPOST('frstrecur', 'alpha') : $companybankaccount->frstrecur), 0); print ''; + print '"; + print ''; + print '
'.$langs->trans("LabelRIB").'
'.$langs->trans("Label").'
'.$langs->trans("BankName").'
'.$langs->trans("StripeID")." ('src_....')
'; print '
'; } @@ -1720,9 +1914,12 @@ if ($socid && $action == 'editcard' && $permissiontoaddupdatepaymentinformation) dol_banner_tab($object, 'socid', $linkback, ($user->socid ? 0 : 1), 'rowid', 'nom'); - print '
'; + print '
'; print '
'; + + print '
'; + print ''; print ''; @@ -1766,9 +1963,12 @@ if ($socid && $action == 'create' && $permissiontoaddupdatepaymentinformation) { print '
'; print '
'; + + print '
'; + print '
'.$langs->trans("Label").'
'; - print ''; + print ''; print ''; print ''; @@ -1858,6 +2058,9 @@ if ($socid && $action == 'create' && $permissiontoaddupdatepaymentinformation) { print $form->selectarray("frstrecur", $tblArraychoice, (GETPOSTISSET('frstrecur') ? GETPOST('frstrecur') : 'FRST'), 0); print ''; + print '"; + print ''; + print '
'.$langs->trans("LabelRIB").'
'.$langs->trans("Label").'
'.$langs->trans("Bank").'
'.$langs->trans("StripeID")." ('src_....')
'; } @@ -1881,6 +2084,9 @@ if ($socid && $action == 'createcard' && $permissiontoaddupdatepaymentinformatio print '
'; print '
'; + + print '
'; + print ''; print ''; diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php index ea453b28412..cc8178d2a01 100644 --- a/htdocs/stripe/class/stripe.class.php +++ b/htdocs/stripe/class/stripe.class.php @@ -774,7 +774,7 @@ class Stripe extends CommonObject $sql .= " WHERE sa.rowid = ".((int) $object->id); // We get record from ID, no need for filter on entity $sql .= " AND sa.type = 'card'"; - dol_syslog(get_class($this)."::fetch search stripe card id for paymentmode id=".$object->id.", stripeacc=".$stripeacc.", status=".$status.", createifnotlinkedtostripe=".$createifnotlinkedtostripe, LOG_DEBUG); + dol_syslog(get_class($this)."::cardStripe search stripe card id for paymentmode id=".$object->id.", stripeacc=".$stripeacc.", status=".$status.", createifnotlinkedtostripe=".$createifnotlinkedtostripe, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -914,14 +914,14 @@ class Stripe extends CommonObject $soc = new Societe($this->db); $soc->fetch($object->fk_soc); - dol_syslog(get_class($this)."::fetch search stripe sepa(card) id for paymentmode id=".$object->id.", stripeacc=".$stripeacc.", status=".$status.", createifnotlinkedtostripe=".$createifnotlinkedtostripe, LOG_DEBUG); + dol_syslog(get_class($this)."::sepaStripe search stripe ban id for paymentmode id=".$object->id.", stripeacc=".$stripeacc.", status=".$status.", createifnotlinkedtostripe=".$createifnotlinkedtostripe, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); if ($num) { $obj = $this->db->fetch_object($resql); $cardref = $obj->stripe_card_ref; - dol_syslog(get_class($this)."::cardStripe cardref=".$cardref); + dol_syslog(get_class($this)."::sepaStripe cardref=".$cardref); if ($cardref) { try { if (empty($stripeacc)) { // If the Stripe connect account not set, we use common API usage @@ -990,7 +990,7 @@ class Stripe extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."societe_rib"; $sql .= " SET stripe_card_ref = '".$this->db->escape($sepa->id)."', card_type = 'sepa_debit',"; $sql .= " stripe_account= '" . $this->db->escape($cu->id . "@" . $stripeacc) . "'"; - $sql .= " WHERE rowid = '".$this->db->escape($object->id)."'"; + $sql .= " WHERE rowid = ".((int) $object->id); $sql .= " AND type = 'ban'"; $resql = $this->db->query($sql); if (!$resql) { From 9ffc4ef44db341bda78b59c103e2a8cc0e163fa7 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Fri, 9 Sep 2022 08:53:38 +0200 Subject: [PATCH 115/212] Update exportcsv.php --- htdocs/opensurvey/exportcsv.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/opensurvey/exportcsv.php b/htdocs/opensurvey/exportcsv.php index 624fd620816..a7e8b709793 100644 --- a/htdocs/opensurvey/exportcsv.php +++ b/htdocs/opensurvey/exportcsv.php @@ -1,5 +1,4 @@ * Copyright (C) 2014 Marcos García * From 348682c3862d16db8835eaa2c7a79221597d8f2c Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Fri, 9 Sep 2022 09:43:50 +0200 Subject: [PATCH 116/212] Update pertype.php --- htdocs/comm/action/pertype.php | 71 +++++++++++++++++++++------------- 1 file changed, 45 insertions(+), 26 deletions(-) diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index d21b20bbfaf..abfcc5951cf 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -23,20 +23,22 @@ /** - * \file htdocs/comm/action/pertype.php - * \ingroup agenda - * \brief Tab of calendar events per type + * \file htdocs/comm/action/pertype.php + * \ingroup agenda + * \brief Tab of calendar events per type */ + +// Load Dolibarr environment require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; -require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; -require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; -require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; +require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; +require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; +require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php'; if (!isset($conf->global->AGENDA_MAX_EVENTS_DAY_VIEW)) { @@ -51,28 +53,35 @@ $filter = GETPOST("search_filter", 'alpha', 3) ? GETPOST("search_filter", 'alpha $filtert = GETPOST("search_filtert", "int", 3) ? GETPOST("search_filtert", "int", 3) : GETPOST("filtert", "int", 3); $usergroup = GETPOST("search_usergroup", "int", 3) ? GETPOST("search_usergroup", "int", 3) : GETPOST("usergroup", "int", 3); //if (! ($usergroup > 0) && ! ($filtert > 0)) $filtert = $user->id; -//$showbirthday = empty($conf->use_javascript_ajax)?GETPOST("showbirthday","int"):1; -$showbirthday = 0; + +// $showbirthday = empty($conf->use_javascript_ajax)?GETPOST("showbirthday","int"):1; +$showbirthday = 0; // will be hidden here // If not choice done on calendar owner, we filter on user. if (empty($filtert) && empty($conf->global->AGENDA_ALL_CALENDARS)) { $filtert = $user->id; } +// Sorting $sortfield = GETPOST('sortfield', 'aZ09comma'); +if (!$sortfield) { + $sortfield = "a.datec"; +} + $sortorder = GETPOST('sortorder', 'aZ09comma'); +if (!$sortorder) { + $sortorder = "ASC"; +} + +// Page $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $offset = $limit * $page; -if (!$sortorder) { - $sortorder = "ASC"; -} -if (!$sortfield) { - $sortfield = "a.datec"; -} + + // Security check $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOST("socid", "int"); @@ -83,6 +92,7 @@ if ($socid < 0) { $socid = ''; } +// Permissions $canedit = 1; if (empty($user->rights->agenda->myactions->read)) { accessforbidden(); @@ -105,6 +115,7 @@ $status = GETPOSTISSET("search_status") ? GETPOST("search_status", 'alpha') : GE $type = GETPOSTISSET("search_type") ? GETPOST("search_type", 'alpha') : GETPOST("type", 'alpha'); $maxprint = ((GETPOST("maxprint", 'int') != '') ? GETPOST("maxprint", 'int') : $conf->global->AGENDA_MAX_EVENTS_DAY_VIEW); $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') + // Set actioncode (this code must be same for setting actioncode into peruser, listacton and index) if (GETPOST('search_actioncode', 'array')) { $actioncode = GETPOST('search_actioncode', 'array', 3); @@ -117,11 +128,12 @@ if (GETPOST('search_actioncode', 'array')) { $dateselect = dol_mktime(0, 0, 0, GETPOST('dateselectmonth', 'int'), GETPOST('dateselectday', 'int'), GETPOST('dateselectyear', 'int')); if ($dateselect > 0) { - $day = GETPOST('dateselectday', 'int'); + $day = GETPOST('dateselectday', 'int'); $month = GETPOST('dateselectmonth', 'int'); - $year = GETPOST('dateselectyear', 'int'); + $year = GETPOST('dateselectyear', 'int'); } +// working hours $tmp = empty($conf->global->MAIN_DEFAULT_WORKING_HOURS) ? '9-18' : $conf->global->MAIN_DEFAULT_WORKING_HOURS; $tmp = str_replace(' ', '', $tmp); // FIX 7533 $tmparray = explode('-', $tmp); @@ -137,6 +149,7 @@ if ($end_h <= $begin_h) { $end_h = $begin_h + 1; } +// working days $tmp = empty($conf->global->MAIN_DEFAULT_WORKING_DAYS) ? '1-5' : $conf->global->MAIN_DEFAULT_WORKING_DAYS; $tmp = str_replace(' ', '', $tmp); // FIX 7533 $tmparray = explode('-', $tmp); @@ -150,19 +163,24 @@ if (empty($mode) && !GETPOSTISSET('mode')) { $mode = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW); } +// View by month if (GETPOST('viewcal', 'alpha') && $mode != 'show_day' && $mode != 'show_week' && $mode != 'show_peruser') { $mode = 'show_month'; $day = ''; -} // View by month +} +// View by week if (GETPOST('viewweek', 'alpha') || $mode == 'show_week') { $mode = 'show_week'; $week = ($week ? $week : date("W")); $day = ($day ? $day : date("d")); -} // View by week +} +// View by day if (GETPOST('viewday', 'alpha') || $mode == 'show_day') { $mode = 'show_day'; $day = ($day ? $day : date("d")); -} // View by day +} +// View by year if (GETPOST('viewyear', 'alpha') || $mode == 'show_year') { $mode = 'show_year'; -} // View by year +} +// Initialize object $object = new ActionComm($db); // Load translation files required by the page @@ -218,6 +236,7 @@ $parameters = array( 'resourceid' => $resourceid, 'usergroup' => $usergroup, ); + $reshook = $hookmanager->executeHooks('beforeAgendaPerType', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); @@ -226,14 +245,14 @@ if ($reshook < 0) { $form = new Form($db); $companystatic = new Societe($db); -$help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:Módulo_Agenda'; +$help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:Módulo_Agenda|DE:Modul_Terminplanung'; llxHeader('', $langs->trans("Agenda"), $help_url); $now = dol_now(); $nowarray = dol_getdate($now); -$nowyear = $nowarray['year']; +$nowyear = $nowarray['year']; $nowmonth = $nowarray['mon']; -$nowday = $nowarray['mday']; +$nowday = $nowarray['mday']; // Define list of all external calendars (global setup) @@ -246,7 +265,7 @@ $first_year = $year; $week = $prev['week']; -$day = (int) $day; +$day = (int) $day; $next = dol_get_next_day($day, $month, $year); $next_year = $year + 1; $next_month = $month; From 68b72ac17d542473a34b9c031259f8abe779d3d6 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 9 Sep 2022 10:06:16 +0200 Subject: [PATCH 117/212] Fix : php 8.1 warnings --- htdocs/compta/bank/annuel.php | 3 +++ htdocs/compta/bank/bankentries_list.php | 2 +- htdocs/compta/bank/treso.php | 2 +- htdocs/compta/paiement/cheque/list.php | 2 ++ htdocs/compta/prelevement/create.php | 3 ++- htdocs/compta/prelevement/orders_list.php | 2 ++ htdocs/hrm/skill_card.php | 13 +++++++------ htdocs/stripe/payout.php | 8 ++++++-- htdocs/stripe/transaction.php | 13 ++++++++----- htdocs/user/bank.php | 6 +++--- 10 files changed, 35 insertions(+), 19 deletions(-) diff --git a/htdocs/compta/bank/annuel.php b/htdocs/compta/bank/annuel.php index 41d58cb35c2..dda1e4f0758 100644 --- a/htdocs/compta/bank/annuel.php +++ b/htdocs/compta/bank/annuel.php @@ -192,6 +192,9 @@ for ($mois = 1; $mois < 13; $mois++) { print ''; print ""; for ($annee = $year_start; $annee <= $year_end; $annee++) { + $totsorties[$annee] = 0; + $totentrees[$annee] = 0; + $case = sprintf("%04s-%02s", $annee, $mois); print '"; print ""; - if ($conf->global->MULTICOMPANY_INVOICE_SHARING_ENABLED) { + if (getDolGlobalString("MULTICOMPANY_INVOICE_SHARING_ENABLED")) { if ($tmpobj->family == 'invoice') { $mc->getInfo($tmpobj->entity); print ""; diff --git a/htdocs/compta/paiement/cheque/list.php b/htdocs/compta/paiement/cheque/list.php index 1c3abfe87bd..c8b828ebdd5 100644 --- a/htdocs/compta/paiement/cheque/list.php +++ b/htdocs/compta/paiement/cheque/list.php @@ -63,6 +63,8 @@ if (!$sortfield) { $year = GETPOST("year"); $month = GETPOST("month"); +$optioncss = GETPOST('optioncss', 'alpha'); +$view = GETPOST("view", 'alpha'); $form = new Form($db); $formother = new FormOther($db); diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index 832429fe012..21b65d57517 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -61,6 +61,7 @@ $offset = $limit * $page; $hookmanager->initHooks(array('directdebitcreatecard', 'globalcard')); // Security check +$socid = GETPOST('socid', 'int'); if ($user->socid) { $socid = $user->socid; } @@ -71,7 +72,7 @@ if ($type == 'bank-transfer') { } $error = 0; - +$option = ""; /* * Actions diff --git a/htdocs/compta/prelevement/orders_list.php b/htdocs/compta/prelevement/orders_list.php index ee370b9532e..cc1e823c792 100644 --- a/htdocs/compta/prelevement/orders_list.php +++ b/htdocs/compta/prelevement/orders_list.php @@ -52,6 +52,8 @@ if (!$sortfield) { $sortfield = "p.datec"; } +$optioncss = GETPOST('optioncss', 'alpha'); + // Get supervariables $statut = GETPOST('statut', 'int'); $search_ref = GETPOST('search_ref', 'alpha'); diff --git a/htdocs/hrm/skill_card.php b/htdocs/hrm/skill_card.php index 9093766d3ed..4fd3a0bc28b 100644 --- a/htdocs/hrm/skill_card.php +++ b/htdocs/hrm/skill_card.php @@ -47,7 +47,7 @@ $cancel = GETPOST('cancel', 'aZ09'); $contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'skillcard'; // To manage different context of search $backtopage = GETPOST('backtopage', 'alpha'); $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha'); -//$lineid = GETPOST('lineid', 'int'); +$lineid = GETPOST('lineid', 'int'); // Initialize technical objects $object = new Skill($db); @@ -577,7 +577,7 @@ if ($action != "create" && $action != "edit") { $title = $langs->transnoentitiesnoconv("Skilldets"); $morejs = array(); $morecss = array(); - + $nbtotalofrecords = 0; // Build and execute select // -------------------------------------------------------------------- @@ -626,8 +626,10 @@ if ($action != "create" && $action != "edit") { print ''; } - $param_fk = "&fk_skill=" . $id . "&fk_user_creat=" . $user->rowid; + $param_fk = "&fk_skill=" . $id . "&fk_user_creat=" . (!empty($user->rowid) ? $user->rowid :0); $backtopage = dol_buildpath('/hrm/skill_card.php', 1) . '?id=' . $id; + $param = ""; + $massactionbutton = ""; //$newcardbutton = dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', dol_buildpath('/hrm/skilldet_card.php', 1) . '?action=create&backtopage=' . urlencode($_SERVER['PHP_SELF']) . $param_fk . '&backtopage=' . $backtopage, '', $permissiontoadd); print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'object_' . $object->picto, 0, "", '', '', 0, 0, 1); @@ -688,7 +690,7 @@ if ($action != "create" && $action != "edit") { // $cssforfield .= ($cssforfield ? ' ' : '') . 'right'; // } if (!empty($arrayfields['t.' . $key]['checked'])) { - print getTitleFieldOfList($arrayfields['t.' . $key]['label'], 0, $_SERVER['PHP_SELF'], 't.' . $key, '', $param, ($cssforfield ? 'class="' . $cssforfield . '"' : ''), $sortfield, $sortorder, ($cssforfield ? $cssforfield . ' ' : '')) . "\n"; + print getTitleFieldOfList($arrayfields['t.' . $key]['label'], 0, $_SERVER['PHP_SELF'], 't.' . $key, '', $param, (!empty($cssforfield) ? 'class="' . $cssforfield . '"' : ''), $sortfield, $sortorder, (!empty($cssforfield) ? $cssforfield . ' ' : '')) . "\n"; } } print ''; @@ -814,8 +816,7 @@ if ($action != "create" && $action != "edit") { print ''; } - - $db->free($resql); + if (!empty($resql)) $db->free($resql); $parameters = array('arrayfields' => $arrayfields, 'sql' => $sql); $reshook = $hookmanager->executeHooks('printFieldListFooter', $parameters, $objectline); // Note that $action and $objectline may have been modified by hook diff --git a/htdocs/stripe/payout.php b/htdocs/stripe/payout.php index a33c183a1e7..f78734b107f 100644 --- a/htdocs/stripe/payout.php +++ b/htdocs/stripe/payout.php @@ -51,6 +51,10 @@ if (empty($page) || $page == -1) { $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; +$optioncss = GETPOST('optioncss', 'alpha'); +$param = ""; +$num = 0; +$totalnboflines = 0; $result = restrictedArea($user, 'banque'); @@ -95,12 +99,12 @@ if (!$rowid) { print ''; $title = $langs->trans("StripePayoutList"); - $title .= ($stripeaccount ? ' (Stripe connection with Stripe OAuth Connect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)'); + $title .= ($stripeacc ? ' (Stripe connection with Stripe OAuth Connect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)'); print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $totalnboflines, 'title_accountancy.png', 0, '', '', $limit); print '
'; - print '
'.$langs->trans("Label").'
".dol_print_date(dol_mktime(1, 1, 1, $mois, 1, 2000), "%B")." '; diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index d9689202297..d89484174b7 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -1277,7 +1277,7 @@ if ($resql) { } // Extra fields $element = 'banktransaction'; - if (is_array($extrafields->attributes[$element]['label']) && count($extrafields->attributes[$element]['label'])) { + if (!empty($extrafields->attributes[$element]['label']) && is_array($extrafields->attributes[$element]['label']) && count($extrafields->attributes[$element]['label'])) { foreach ($extrafields->attributes[$element]['label'] as $key => $val) { if (!empty($arrayfields["ef.".$key]['checked'])) { if (!empty($arrayfields[$key]['checked'])) { diff --git a/htdocs/compta/bank/treso.php b/htdocs/compta/bank/treso.php index 0d76b40a3e2..abbc4a62a46 100644 --- a/htdocs/compta/bank/treso.php +++ b/htdocs/compta/bank/treso.php @@ -293,7 +293,7 @@ if (GETPOST("account") || GETPOST("ref")) { } print "".$ref."".$mc->label."
' . $langs->trans("NoRecordFound") . '
'."\n"; + print '
'."\n"; print ''; print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "", "", "", "", $sortfield, $sortorder); diff --git a/htdocs/stripe/transaction.php b/htdocs/stripe/transaction.php index f04833ff107..509edc07509 100644 --- a/htdocs/stripe/transaction.php +++ b/htdocs/stripe/transaction.php @@ -52,7 +52,9 @@ $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; $optioncss = GETPOST('optioncss', 'alpha'); - +$param = ""; +$num = 0; +$totalnboflines = 0; $result = restrictedArea($user, 'banque'); @@ -95,12 +97,12 @@ if (!$rowid) { print ''; $title = $langs->trans("StripeTransactionList"); - $title .= ($stripeaccount ? ' (Stripe connection with Stripe OAuth Connect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)'); + $title .= (!empty($stripeacc) ? ' (Stripe connection with Stripe OAuth Connect account '.$stripeacc.')' : ' (Stripe connection with keys from Stripe module setup)'); print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $totalnboflines, 'title_accountancy.png', 0, '', '', $limit); print '
'; - print '
'."\n"; + print '
'."\n"; print ''; print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "", "", "", "", $sortfield, $sortorder); @@ -113,6 +115,7 @@ if (!$rowid) { print_liste_field_titre("Fee", $_SERVER["PHP_SELF"], "", "", "", '', $sortfield, $sortorder, 'right '); print_liste_field_titre("Status", $_SERVER["PHP_SELF"], "", "", "", '', '', '', 'right '); print "\n"; + $connect = ""; try { if ($stripeacc) { @@ -146,7 +149,7 @@ if (!$rowid) { else { $memberstatic->id = 0; - }*/ + } $societestatic->fetch($charge->metadata->idcustomer); $societestatic->id = $charge->metadata->idcustomer; @@ -155,7 +158,7 @@ if (!$rowid) { $societestatic->admin = $obj->admin; $societestatic->login = $obj->login; $societestatic->email = $obj->email; - $societestatic->societe_id = $obj->fk_soc; + $societestatic->societe_id = $obj->fk_soc;*/ print ''; diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php index 4f3ee5c32c8..69f83259f31 100644 --- a/htdocs/user/bank.php +++ b/htdocs/user/bank.php @@ -646,9 +646,9 @@ if ($action != 'edit' && $action != 'create') { // If not bank account yet, $ac $salary->paye = $objp->paye; $salary->amount = $objp->amount; - $payment_salary->id = $objp->rowid; - $payment_salary->ref = $objp->ref; - $payment_salary->datep = $db->jdate($objp->datep); + $payment_salary->id = !empty($objp->rowid) ? $objp->rowid : 0; + $payment_salary->ref = !empty($objp->ref) ? $objp->ref : ""; + $payment_salary->datep = $db->jdate(!empty($objp->datep) ? $objp->datep : ""); print ''; print '
'; From e53457732051ad84e751208d5afa2be1b605185a Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Fri, 9 Sep 2022 10:12:30 +0200 Subject: [PATCH 118/212] fix : Typo --- htdocs/core/actions_linkedfiles.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/actions_linkedfiles.inc.php b/htdocs/core/actions_linkedfiles.inc.php index 86d4e923131..f11058312d1 100644 --- a/htdocs/core/actions_linkedfiles.inc.php +++ b/htdocs/core/actions_linkedfiles.inc.php @@ -41,8 +41,8 @@ if ((GETPOST('sendit', 'alpha') || ($action == 'confirm_deletefile' && $confirm == 'yes') || ($action == 'confirm_updateline' && GETPOST('save', 'alpha') && GETPOST('link', 'alpha')) || ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha'))) && empty($permissiontoadd)) { - dol_syslog('The file actions_linkedfiles.inc.php was included but paramater $permissiontoadd as not set before.'); - print 'The file actions_linkedfiles.inc.php was included but paramater $permissiontoadd as not set before.'; + dol_syslog('The file actions_linkedfiles.inc.php was included but parameter $permissiontoadd was not set before.'); + print 'The file actions_linkedfiles.inc.php was included but parameter $permissiontoadd was not set before.'; die; } From ab9652db5f960d177089c51e38a0633c5c179d75 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Fri, 9 Sep 2022 10:23:07 +0200 Subject: [PATCH 119/212] update code toward php8 compliance --- htdocs/adherents/card.php | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 6816023f8de..b9e04015d7d 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -110,10 +110,10 @@ if ($id > 0 || !empty($ref)) { } // Define variables to determine what the current user can do on the members -$canaddmember = $user->rights->adherent->creer; +$canaddmember = $user->hasRight('adherent', 'creer'); // Define variables to determine what the current user can do on the properties of a member if ($id) { - $caneditfieldmember = $user->rights->adherent->creer; + $caneditfieldmember = $user->hasRight('adherent', 'creer'); } // Security check @@ -246,7 +246,7 @@ if (empty($reshook)) { } } - if ($action == 'update' && !$cancel && $user->rights->adherent->creer) { + if ($action == 'update' && !$cancel && $user->hasRight('adherent', 'creer')) { require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $birthdate = ''; @@ -421,7 +421,7 @@ if (empty($reshook)) { } } - if ($action == 'add' && $user->rights->adherent->creer) { + if ($action == 'add' && $user->hasRight('adherent', 'creer')) { if ($canvas) { $object->canvas = $canvas; } @@ -629,7 +629,7 @@ if (empty($reshook)) { } } - if ($user->rights->adherent->creer && $action == 'confirm_valid' && $confirm == 'yes') { + if ($user->hasRight('adherent', 'creer') && $action == 'confirm_valid' && $confirm == 'yes') { $error = 0; $db->begin(); @@ -854,7 +854,7 @@ if (empty($reshook)) { } } - if ($user->rights->adherent->creer && $action == 'confirm_add_spip' && $confirm == 'yes') { + if ($user->hasRight('adherent', 'creer') && $action == 'confirm_add_spip' && $confirm == 'yes') { if (!count($object->errors)) { if (!$mailmanspip->add_to_spip($object)) { setEventMessages($langs->trans('AddIntoSpipError').': '.$mailmanspip->error, null, 'errors'); @@ -867,7 +867,7 @@ if (empty($reshook)) { // Actions to build doc $upload_dir = $conf->adherent->dir_output; - $permissiontoadd = $user->rights->adherent->creer; + $permissiontoadd = $user->hasRight('adherent', 'creer'); include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; // Actions to send emails @@ -1222,7 +1222,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Type print '
'.$langs->trans("Type").''; - if ($user->rights->adherent->creer) { + if ($user->hasRight('adherent', 'creer')) { print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid") ? GETPOST("typeid", 'int') : $object->typeid), 0, 0, 0, '', 0, 0, 0, '', '', 1); } else { print $adht->getNomUrl(1); @@ -1820,7 +1820,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Third party Dolibarr if (isModEnabled('societe')) { print '
'; - $editenable = $user->rights->adherent->creer; + $editenable = $user->hasRight('adherent', 'creer'); print $form->editfieldkey('LinkedToDolibarrThirdParty', 'thirdparty', '', $object, $editenable); print ''; if ($action == 'editthirdparty') { @@ -1857,7 +1857,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Login Dolibarr - Link to user print '
'; - $editenable = $user->rights->adherent->creer && $user->rights->user->user->creer; + $editenable = $user->hasRight('adherent', 'creer') && $user->rights->user->user->creer; print $form->editfieldkey('LinkedToDolibarrUser', 'login', '', $object, $editenable); print ''; if ($action == 'editlogin') { @@ -1901,7 +1901,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Send card by email // TODO Remove this to replace with a template /* - if ($user->rights->adherent->creer) { + if ($user->hasRight('adherent', 'creer')) { if (Adherent::STATUS_VALIDATED == $object->statut) { if ($object->email) print ''.$langs->trans("SendCardByMail")."\n"; else print ''.$langs->trans("SendCardByMail")."\n"; @@ -1913,7 +1913,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { }*/ // Modify - if (!empty($user->rights->adherent->creer)) { + if ($user->hasRight('adherent', 'creer')) { print ''.$langs->trans("Modify").''."\n"; } else { print ''.$langs->trans("Modify").''."\n"; @@ -1921,7 +1921,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Validate if (Adherent::STATUS_DRAFT == $object->statut) { - if ($user->rights->adherent->creer) { + if ($user->hasRight('adherent', 'creer')) { print ''.$langs->trans("Validate").''."\n"; } else { print ''.$langs->trans("Validate").''."\n"; @@ -1930,7 +1930,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Reactivate if (Adherent::STATUS_RESILIATED == $object->statut || Adherent::STATUS_EXCLUDED == $object->statut) { - if ($user->rights->adherent->creer) { + if ($user->hasRight('adherent', 'creer')) { print ''.$langs->trans("Reenable")."\n"; } else { print ''.$langs->trans("Reenable").''."\n"; @@ -2022,7 +2022,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $filedir = $conf->adherent->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member'); $urlsource = $_SERVER['PHP_SELF'].'?id='.$object->id; $genallowed = $user->rights->adherent->lire; - $delallowed = $user->rights->adherent->creer; + $delallowed = $user->hasRight('adherent', 'creer'); print $formfile->showdocuments('member', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', (empty($object->default_lang) ? '' : $object->default_lang), '', $object); $somethingshown = $formfile->numoffiles; From 1bacb20a872cb1a16bf3b5f991dcea734cb9e824 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Fri, 9 Sep 2022 10:24:38 +0200 Subject: [PATCH 120/212] update code toward php8 compliance --- htdocs/adherents/document.php | 8 ++++---- htdocs/adherents/ldap.php | 4 ++-- htdocs/adherents/list.php | 12 ++++++------ 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php index c8282179fe5..2170fe0ab62 100644 --- a/htdocs/adherents/document.php +++ b/htdocs/adherents/document.php @@ -87,10 +87,10 @@ if ($id > 0 || !empty($ref)) { } // Define variables to determine what the current user can do on the members -$canaddmember = $user->rights->adherent->creer; +$canaddmember = $user->hasRight('adherent', 'creer'); // Define variables to determine what the current user can do on the properties of a member if ($id) { - $caneditfieldmember = $user->rights->adherent->creer; + $caneditfieldmember = $user->hasRight('adherent', 'creer'); } $permissiontoadd = $canaddmember; @@ -186,8 +186,8 @@ if ($id > 0) { print dol_get_fiche_end(); $modulepart = 'member'; - $permissiontoadd = $user->rights->adherent->creer; - $permtoedit = $user->rights->adherent->creer; + $permissiontoadd = $user->hasRight('adherent', 'creer'); + $permtoedit = $user->hasRight('adherent', 'creer'); $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; print "

"; diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index db87e514cb5..6a25b57b532 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -62,10 +62,10 @@ if ($id > 0 || !empty($ref)) { } // Define variables to determine what the current user can do on the members -$canaddmember = $user->rights->adherent->creer; +$canaddmember = $user->hasRight('adherent', 'creer'); // Define variables to determine what the current user can do on the properties of a member if ($id) { - $caneditfieldmember = $user->rights->adherent->creer; + $caneditfieldmember = $user->hasRight('adherent', 'creer'); } // Security check diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 98d75c9fefb..b0e63098322 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -232,7 +232,7 @@ if (empty($reshook)) { } // Close - if ($massaction == 'close' && $user->rights->adherent->creer) { + if ($massaction == 'close' && $user->hasRight('adherent', 'creer')) { $tmpmember = new Adherent($db); $error = 0; $nbclose = 0; @@ -262,7 +262,7 @@ if (empty($reshook)) { } // Create external user - if ($massaction == 'createexternaluser' && $user->rights->adherent->creer && $user->rights->user->user->creer) { + if ($massaction == 'createexternaluser' && $user->hasRight('adherent', 'creer') && $user->rights->user->user->creer) { $tmpmember = new Adherent($db); $error = 0; $nbcreated = 0; @@ -302,7 +302,7 @@ if (empty($reshook)) { $objectlabel = 'Members'; $permissiontoread = $user->rights->adherent->lire; $permissiontodelete = $user->rights->adherent->supprimer; - $permissiontoadd = $user->rights->adherent->creer; + $permissiontoadd = $user->hasRight('adherent', 'creer'); $uploaddir = $conf->adherent->dir_output; include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php'; } @@ -617,7 +617,7 @@ $arrayofmassactions = array( //'presend'=>img_picto('', 'email', 'class="pictofixedwidth"').$langs->trans("SendByMail"), //'builddoc'=>img_picto('', 'pdf', 'class="pictofixedwidth"').$langs->trans("PDFMerge"), ); -if ($user->rights->adherent->creer) { +if ($user->hasRight('adherent', 'creer')) { $arrayofmassactions['close'] = img_picto('', 'close_title', 'class="pictofixedwidth"').$langs->trans("Resiliate"); } if ($user->rights->adherent->supprimer) { @@ -626,7 +626,7 @@ if ($user->rights->adherent->supprimer) { if ($user->rights->societe->creer) { $arrayofmassactions['preaffecttag'] = img_picto('', 'category', 'class="pictofixedwidth"').$langs->trans("AffectTag"); } -if ($user->rights->adherent->creer && $user->rights->user->user->creer) { +if ($user->hasRight('adherent', 'creer') && $user->rights->user->user->creer) { $arrayofmassactions['createexternaluser'] = img_picto('', 'user', 'class="pictofixedwidth"').$langs->trans("CreateExternalUser"); } if (GETPOST('nomassaction', 'int') || in_array($massaction, array('presend', 'predelete', 'preaffecttag'))) { @@ -635,7 +635,7 @@ if (GETPOST('nomassaction', 'int') || in_array($massaction, array('presend', 'pr $massactionbutton = $form->selectMassAction('', $arrayofmassactions); $newcardbutton = ''; -if ($user->rights->adherent->creer) { +if ($user->hasRight('adherent', 'creer')) { $newcardbutton .= dolGetButtonTitle($langs->trans('NewMember'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/adherents/card.php?action=create'); } From b411ec8b596c0a9bd6ee7deaa006904f23f4963f Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Fri, 9 Sep 2022 10:26:01 +0200 Subject: [PATCH 121/212] update code toward php8 compliance --- htdocs/adherents/note.php | 8 ++++---- htdocs/adherents/subscription.php | 8 ++++---- htdocs/adherents/type.php | 2 +- htdocs/adherents/vcard.php | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/htdocs/adherents/note.php b/htdocs/adherents/note.php index 7e445e41a37..ea5e22fe153 100644 --- a/htdocs/adherents/note.php +++ b/htdocs/adherents/note.php @@ -51,7 +51,7 @@ if ($result > 0) { } -$permissionnote = $user->rights->adherent->creer; // Used by the include of actions_setnotes.inc.php +$permissionnote = $user->hasRight('adherent', 'creer'); // Used by the include of actions_setnotes.inc.php // Fetch object if ($id > 0 || !empty($ref)) { @@ -71,10 +71,10 @@ if ($id > 0 || !empty($ref)) { } // Define variables to determine what the current user can do on the members -$canaddmember = $user->rights->adherent->creer; +$canaddmember = $user->hasRight('adherent', 'creer'); // Define variables to determine what the current user can do on the properties of a member if ($id) { - $caneditfieldmember = $user->rights->adherent->creer; + $caneditfieldmember = $user->hasRight('adherent', 'creer'); } $hookmanager->initHooks(array('membernote')); @@ -155,7 +155,7 @@ if ($id) { $cssclass = 'titlefield'; - $permission = $user->rights->adherent->creer; // Used by the include of notes.tpl.php + $permission = $user->hasRight('adherent', 'creer'); // Used by the include of notes.tpl.php include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'; diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 67c2ffef1d0..8700c3669ea 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -112,10 +112,10 @@ if ($id > 0 || !empty($ref)) { } // Define variables to determine what the current user can do on the members -$canaddmember = $user->rights->adherent->creer; +$canaddmember = $user->hasRight('adherent', 'creer'); // Define variables to determine what the current user can do on the properties of a member if ($id) { - $caneditfieldmember = $user->rights->adherent->creer; + $caneditfieldmember = $user->hasRight('adherent', 'creer'); } // Security check @@ -594,7 +594,7 @@ if ($rowid > 0) { print ''; - if ($action != 'editthirdparty' && $user->rights->adherent->creer) { + if ($action != 'editthirdparty' && $user->hasRight('adherent', 'creer')) { print ''; } print '
'; print $langs->trans("LinkedToDolibarrThirdParty"); print 'id.'">'.img_edit($langs->trans('SetLinkToThirdParty'), 1).'
'; @@ -636,7 +636,7 @@ if ($rowid > 0) { print ''; - if ($action != 'editlogin' && $user->rights->adherent->creer) { + if ($action != 'editlogin' && $user->hasRight('adherent', 'creer')) { print '
'; print $langs->trans("LinkedToDolibarrUser"); print ''; if ($user->rights->user->user->creer) { print 'id.'">'.img_edit($langs->trans('SetLinkToUser'), 1).''; diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index b6463e006a9..df74a1e33b7 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -753,7 +753,7 @@ if ($rowid > 0) { // Actions print ''; - if ($user->rights->adherent->creer) { + if ($user->hasRight('adherent', 'creer')) { print ''.img_edit().''; } if ($user->rights->adherent->supprimer) { diff --git a/htdocs/adherents/vcard.php b/htdocs/adherents/vcard.php index 902206c7874..235488b1290 100644 --- a/htdocs/adherents/vcard.php +++ b/htdocs/adherents/vcard.php @@ -53,10 +53,10 @@ if ($id > 0 || !empty($ref)) { } // Define variables to determine what the current user can do on the members -$canaddmember = $user->rights->adherent->creer; +$canaddmember = $user->hasRight('adherent', 'creer'); // Define variables to determine what the current user can do on the properties of a member if ($id) { - $caneditfieldmember = $user->rights->adherent->creer; + $caneditfieldmember = $user->hasRight('adherent', 'creer'); } // Security check From 9027e2b96b9b7ae6054330cd9ce6d3878b9f7d14 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Fri, 9 Sep 2022 10:28:00 +0200 Subject: [PATCH 122/212] update code toward php8 compliance --- .../adherents/canvas/default/tpl/adherentcard_view.tpl.php | 4 ++-- htdocs/adherents/class/api_members.class.php | 6 +++--- htdocs/adherents/class/api_subscriptions.class.php | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php index 696520f79d4..4b0eed154c0 100644 --- a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php +++ b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php @@ -1,6 +1,6 @@ - * Copyright (C) 2012 Philippe Grand + * Copyright (C) 2012-2022 Philippe Grand * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -124,7 +124,7 @@ if (!empty($this->control->tpl['action_delete'])) { if (empty($user->socid)) { echo '
'; - if ($user->rights->adherent->creer) { + if ($user->hasRight('adherent', 'creer')) { echo ''.$langs->trans('Modify').''; } diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index d30e851b9a2..35ab65e9d82 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -2,7 +2,7 @@ /* Copyright (C) 2016 Xebax Christy * Copyright (C) 2017 Regis Houssin * Copyright (C) 2020 Thibault FOUCART - * Copyright (C) 2020 Frédéric France + * Copyright (C) 2020 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -286,7 +286,7 @@ class Members extends DolibarrApi */ public function post($request_data = null) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } // Check mandatory fields @@ -311,7 +311,7 @@ class Members extends DolibarrApi */ public function put($id, $request_data = null) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } diff --git a/htdocs/adherents/class/api_subscriptions.class.php b/htdocs/adherents/class/api_subscriptions.class.php index f969017146b..0512ea46b20 100644 --- a/htdocs/adherents/class/api_subscriptions.class.php +++ b/htdocs/adherents/class/api_subscriptions.class.php @@ -173,7 +173,7 @@ class Subscriptions extends DolibarrApi */ public function put($id, $request_data = null) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } From b3d0be6b6b7c8bf97bbd403484b202625afc96c6 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Fri, 9 Sep 2022 10:29:27 +0200 Subject: [PATCH 123/212] update code toward php8 compliance --- htdocs/categories/class/api_categories.class.php | 8 ++++---- htdocs/categories/viewcat.php | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/categories/class/api_categories.class.php b/htdocs/categories/class/api_categories.class.php index d5345106093..76381c0d53d 100644 --- a/htdocs/categories/class/api_categories.class.php +++ b/htdocs/categories/class/api_categories.class.php @@ -386,7 +386,7 @@ class Categories extends DolibarrApi } $object = new Contact($this->db); } elseif ($type === Categorie::TYPE_MEMBER) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } $object = new Adherent($this->db); @@ -466,7 +466,7 @@ class Categories extends DolibarrApi } $object = new Contact($this->db); } elseif ($type === Categorie::TYPE_MEMBER) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } $object = new Adherent($this->db); @@ -546,7 +546,7 @@ class Categories extends DolibarrApi } $object = new Contact($this->db); } elseif ($type === Categorie::TYPE_MEMBER) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } $object = new Adherent($this->db); @@ -624,7 +624,7 @@ class Categories extends DolibarrApi } $object = new Contact($this->db); } elseif ($type === Categorie::TYPE_MEMBER) { - if (!DolibarrApiAccess::$user->rights->adherent->creer) { + if (!DolibarrApiAccess::$user->hasRight('adherent', 'creer')) { throw new RestException(401); } $object = new Adherent($this->db); diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index 0e5da0735ce..6ed4622ac00 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -117,7 +117,7 @@ if ($id > 0 && $removeelem > 0 && $action == 'unlink') { $tmpobject = new Societe($db); $result = $tmpobject->fetch($removeelem); $elementtype = 'customer'; - } elseif ($type == Categorie::TYPE_MEMBER && $user->rights->adherent->creer) { + } elseif ($type == Categorie::TYPE_MEMBER && $user->hasRight('adherent', 'creer')) { require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; $tmpobject = new Adherent($db); $result = $tmpobject->fetch($removeelem); @@ -733,7 +733,7 @@ if ($type == Categorie::TYPE_MEMBER) { if ($user->hasRight("adherent", "read")) { require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; - $permission = $user->rights->adherent->creer; + $permission = $user->hasRight('adherent', 'creer'); $prods = $object->getObjectsInCateg($type, 0, $limit, $offset); if ($prods < 0) { @@ -768,7 +768,7 @@ if ($type == Categorie::TYPE_MEMBER) { print '
'; $param = '&limit='.$limit.'&id='.$id.'&type='.$type; $num = count($prods); $nbtotalofrecords = ''; - $newcardbutton = dolGetButtonTitle($langs->trans("AddMember"), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/adherents/card.php?action=create&memcats[]='.$object->id.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?id='.$object->id), '', $user->rights->adherent->creer); + $newcardbutton = dolGetButtonTitle($langs->trans("AddMember"), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/adherents/card.php?action=create&memcats[]='.$object->id.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?id='.$object->id), '', $user->hasRight('adherent', 'creer')); print_barre_liste($langs->trans("Member"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'members', 0, $newcardbutton, '', $limit); print "\n"; From f1a68d9272448f60d4f0417dd342a3b3d3c722d7 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Fri, 9 Sep 2022 10:36:08 +0200 Subject: [PATCH 124/212] Update modZapier.class.php IMHO in this case is *require_once* instead of *include_one* more correct --- htdocs/core/modules/modZapier.class.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/htdocs/core/modules/modZapier.class.php b/htdocs/core/modules/modZapier.class.php index c92de9d5909..b0a1daf642e 100644 --- a/htdocs/core/modules/modZapier.class.php +++ b/htdocs/core/modules/modZapier.class.php @@ -13,8 +13,9 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . + * along with this program. If not, see . */ + /** * \defgroup zapier Module Zapier * \brief Zapier module descriptor. @@ -23,7 +24,8 @@ * \ingroup zapier * \brief Description and activation file for the module Zapier */ -include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; + +require_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; /** * Description and activation class for module Zapier From 86d777009e4aa54466996a8cd45ff985bc80c032 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 9 Sep 2022 11:09:53 +0200 Subject: [PATCH 125/212] fix : scrutinaizer report --- htdocs/core/class/html.formticket.class.php | 1 + htdocs/projet/class/projectstats.class.php | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index 1a48da2f752..7c5007ddca2 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -77,6 +77,7 @@ class FormTicket public $withtitletopic; public $withtopicreadonly; + public $withreadid; public $withcompany; // affiche liste déroulante company public $withfromsocid; public $withfromcontactid; diff --git a/htdocs/projet/class/projectstats.class.php b/htdocs/projet/class/projectstats.class.php index f1295c10424..322277187f7 100644 --- a/htdocs/projet/class/projectstats.class.php +++ b/htdocs/projet/class/projectstats.class.php @@ -32,6 +32,11 @@ class ProjectStats extends Stats public $status; public $opp_status; + //SQL stat + public $field; + public $from; + public $where; + /** * Constructor @@ -46,6 +51,18 @@ class ProjectStats extends Stats require_once 'project.class.php'; $this->project = new Project($this->db); + + $this->from = MAIN_DB_PREFIX.$this->project->table_element; + $this->field = 'opp_amount'; + $this->where = " entity = ".$conf->entity; + if ($this->socid > 0) { + $this->where .= " AND fk_soc = ".((int) $this->socid); + } + if (is_array($this->userid) && count($this->userid) > 0) { + $this->where .= ' AND fk_user IN ('.$this->db->sanitize(join(',', $this->userid)).')'; + } elseif ($this->userid > 0) { + $this->where .= " AND fk_user = ".((int) $this->userid); + } } @@ -538,7 +555,6 @@ class ProjectStats extends Stats { $sql = "SELECT date_format(datef,'%m') as dm, AVG(f.".$this->field.")"; $sql .= " FROM ".$this->from; - $sql .= $this->join; $sql .= " WHERE f.datef BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'"; $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; From 999e5861e3343f27391de9116b5228b00631147e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Sep 2022 11:55:45 +0200 Subject: [PATCH 126/212] NEW Add method httponly_accessforbidden() --- htdocs/core/ajax/onlineSign.php | 4 +--- htdocs/core/lib/security.lib.php | 29 +++++++++++++++++++++++++++-- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/htdocs/core/ajax/onlineSign.php b/htdocs/core/ajax/onlineSign.php index c342f7aeab1..f3a82783a2b 100644 --- a/htdocs/core/ajax/onlineSign.php +++ b/htdocs/core/ajax/onlineSign.php @@ -74,9 +74,7 @@ if ($type == 'proposal') { } if (empty($SECUREKEY) || !dol_verifyHash($securekeyseed.$type.$ref.(!isModEnabled('multicompany') ? '' : $entity), $SECUREKEY, '0')) { - http_response_code(403); - print 'Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref); - exit(-1); + httponly_accessforbidden('Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref), 403); } diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index d0067d7575b..1efcbaacf78 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -1016,8 +1016,30 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl return true; } + /** - * Show a message to say access is forbidden and stop program + * Show a message to say access is forbidden and stop program. + * This includes only HTTP header. + * Calling this function terminate execution of PHP. + * + * @param string $message Force error message + * @param int $http_response_code HTTP response code + * @return void + * @see accessforbidden() + */ +function httponly_accessforbidden($message = 1, $http_response_code = 403) +{ + top_httphead('text/html'); + http_response_code($http_response_code); + + print htmlentities($message); + + exit(1); +} + +/** + * Show a message to say access is forbidden and stop program. + * This includes HTTP and HTML header and footer. * Calling this function terminate execution of PHP. * * @param string $message Force error message @@ -1026,10 +1048,12 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl * @param int $showonlymessage Show only message parameter. Otherwise add more information. * @param array|null $params More parameters provided to hook * @return void + * @see httponly_accessforbidden() */ function accessforbidden($message = '', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params = null) { global $conf, $db, $user, $langs, $hookmanager; + if (!is_object($langs)) { include_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php'; $langs = new Translate('', $conf); @@ -1049,7 +1073,7 @@ function accessforbidden($message = '', $printheader = 1, $printfooter = 1, $sho if (!$message) { print $langs->trans("ErrorForbidden"); } else { - print $message; + print $langs->trans($message); } print ''; print '
'; @@ -1077,6 +1101,7 @@ function accessforbidden($message = '', $printheader = 1, $printfooter = 1, $sho if ($printfooter && function_exists("llxFooter")) { llxFooter(); } + exit(0); } From f4973068555cb6b0df45eb0d2230b946ac72d97a Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 9 Sep 2022 11:57:59 +0200 Subject: [PATCH 127/212] NEW : Supplier order list - Add column private and public note --- htdocs/fourn/commande/list.php | 39 +++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index c6401b0a70a..f1f65ed3fa8 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -188,7 +188,9 @@ $arrayfields = array( 'state.nom'=>array('label'=>"StateShort", 'enabled'=>1, 'position'=>48), 'country.code_iso'=>array('label'=>"Country", 'enabled'=>1, 'position'=>49), 'typent.code'=>array('label'=>"ThirdPartyType", 'enabled'=>$checkedtypetiers, 'position'=>50), - 'u.login'=>array('label'=>"AuthorRequest", 'enabled'=>1, 'position'=>51) + 'u.login'=>array('label'=>"AuthorRequest", 'enabled'=>1, 'position'=>51), + 'cf.note_public'=>array('label'=>'NotePublic', 'checked'=>0, 'enabled'=>(empty($conf->global->MAIN_LIST_ALLOW_PUBLIC_NOTES)), 'position'=>100), + 'cf.note_private'=>array('label'=>'NotePrivate', 'checked'=>0, 'enabled'=>(empty($conf->global->MAIN_LIST_ALLOW_PRIVATE_NOTES)), 'position'=>110), ); foreach ($object->fields as $key => $val) { // If $val['visible']==0, then we never show the field @@ -1440,6 +1442,16 @@ if ($resql) { print ''; print ''; } + // Note public + if (!empty($arrayfields['cf.note_public']['checked'])) { + print ''; + } + // Note private + if (!empty($arrayfields['cf.note_private']['checked'])) { + print ''; + } // Action column print '\n"; @@ -1867,6 +1885,25 @@ if ($resql) { $totalarray['nbfield']++; } } + // Note public + if (!empty($arrayfields['cf.note_public']['checked'])) { + print ''; + if (!$i) { + $totalarray['nbfield']++; + } + } + + // Note private + if (!empty($arrayfields['cf.note_private']['checked'])) { + print ''; + if (!$i) { + $totalarray['nbfield']++; + } + } // Action column print '\n"; From ca8c650feb12668abcd6a67fbc8147e577e68299 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9=20Courtier?= Date: Fri, 9 Sep 2022 12:20:47 +0200 Subject: [PATCH 129/212] Fix: status of product suplier price was not recovered --- htdocs/fourn/class/fournisseur.product.class.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php index 0ae975a1cbf..ea5dc639a5e 100644 --- a/htdocs/fourn/class/fournisseur.product.class.php +++ b/htdocs/fourn/class/fournisseur.product.class.php @@ -578,7 +578,7 @@ class ProductFournisseur extends Product $sql .= " pfp.supplier_reputation, pfp.fk_user, pfp.datec,"; $sql .= " pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code,"; $sql .= " pfp.barcode, pfp.fk_barcode_type, pfp.packaging,"; - $sql .= " p.ref as product_ref"; + $sql .= " p.ref as product_ref, p.tosell as status, p.tobuy as status_buy"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp, ".MAIN_DB_PREFIX."product as p"; $sql .= " WHERE pfp.rowid = ".(int) $rowid; $sql .= " AND pfp.fk_product = p.rowid"; @@ -594,7 +594,8 @@ class ProductFournisseur extends Product $this->fk_product = $obj->fk_product; $this->product_id = $obj->fk_product; $this->product_ref = $obj->product_ref; - + $this->status = $obj->status; + $this->status_buy = $obj->status_buy; $this->fourn_id = $obj->fk_soc; $this->fourn_ref = $obj->ref_fourn; // deprecated $this->ref_supplier = $obj->ref_fourn; @@ -670,7 +671,7 @@ class ProductFournisseur extends Product // phpcs:enable global $conf; - $sql = "SELECT s.nom as supplier_name, s.rowid as fourn_id, p.ref as product_ref,"; + $sql = "SELECT s.nom as supplier_name, s.rowid as fourn_id, p.ref as product_ref, p.tosell as status, p.tobuy as status_buy, "; $sql .= " pfp.rowid as product_fourn_pri_id, pfp.entity, pfp.ref_fourn, pfp.desc_fourn, pfp.fk_product as product_fourn_id, pfp.fk_supplier_price_expression,"; $sql .= " pfp.price, pfp.quantity, pfp.unitprice, pfp.remise_percent, pfp.remise, pfp.tva_tx, pfp.fk_availability, pfp.charges, pfp.info_bits, pfp.delivery_time_days, pfp.supplier_reputation,"; $sql .= " pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code, pfp.datec, pfp.tms,"; @@ -699,6 +700,8 @@ class ProductFournisseur extends Product $prodfourn->product_ref = $record["product_ref"]; $prodfourn->product_fourn_price_id = $record["product_fourn_pri_id"]; + $prodfourn->status = $record["status"]; + $prodfourn->status_buy = $record["status_buy"]; $prodfourn->product_fourn_id = $record["product_fourn_id"]; $prodfourn->product_fourn_entity = $record["entity"]; $prodfourn->ref_supplier = $record["ref_fourn"]; From 14a3bc736072d2583ed6647684bc68f50dfc3b9e Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 9 Sep 2022 12:26:17 +0200 Subject: [PATCH 130/212] Fix : php 8.1 warnings --- htdocs/admin/fichinter.php | 8 +- htdocs/admin/hrm.php | 2 +- htdocs/admin/reception_setup.php | 6 +- htdocs/admin/supplier_invoice.php | 2 +- htdocs/admin/supplier_order.php | 354 +++++++++--------- htdocs/admin/supplier_payment.php | 12 +- htdocs/admin/ticket.php | 5 +- htdocs/admin/ticket_public.php | 16 +- htdocs/core/db/mysqli.class.php | 2 +- .../modules/commande/mod_commande_saphir.php | 4 +- .../modules/contract/mod_contract_magre.php | 4 +- htdocs/core/modules/fichinter/mod_arctic.php | 4 +- .../doc/doc_generic_proposal_odt.modules.php | 4 +- .../reception/mod_reception_moonstone.php | 4 +- .../mod_facture_fournisseur_tulip.php | 22 +- .../mod_commande_fournisseur_orchidee.php | 4 +- .../mod_supplier_payment_brodator.php | 8 +- .../modules/ticket/mod_ticket_universal.php | 4 +- htdocs/hrm/admin/admin_establishment.php | 2 +- htdocs/hrm/establishment/card.php | 2 +- 20 files changed, 235 insertions(+), 234 deletions(-) diff --git a/htdocs/admin/fichinter.php b/htdocs/admin/fichinter.php index 79896d0ed74..daa0d7e8570 100644 --- a/htdocs/admin/fichinter.php +++ b/htdocs/admin/fichinter.php @@ -537,7 +537,7 @@ print '' print ''; print ''; print ''; print ''; print ''; print ''; print ''; print ''; } diff --git a/htdocs/admin/reception_setup.php b/htdocs/admin/reception_setup.php index a06760b9da4..a43b8c8003f 100644 --- a/htdocs/admin/reception_setup.php +++ b/htdocs/admin/reception_setup.php @@ -237,7 +237,7 @@ foreach ($dirmodels as $reldir) { if ($conf->global->RECEPTION_ADDON_NUMBER == "$file") { print img_picto($langs->trans("Activated"), 'switch_on'); } else { - print 'scandir.'&label='.urlencode($module->name).'">'; + print 'scandir) ? '&scan_dir='.$module->scandir : '').(!empty($module->name) ? '&label='.urlencode($module->name) : '').'">'; print img_picto($langs->trans("Disabled"), 'switch_off'); print ''; } @@ -344,10 +344,10 @@ foreach ($dirmodels as $reldir) { $module = new $classname($db); $modulequalified = 1; - if ($module->version == 'development' && $conf->global->MAIN_FEATURES_LEVEL < 2) { + if (isset($module->version) && $module->version == 'development' && $conf->global->MAIN_FEATURES_LEVEL < 2) { $modulequalified = 0; } - if ($module->version == 'experimental' && $conf->global->MAIN_FEATURES_LEVEL < 1) { + if (isset($module->version) && $module->version == 'experimental' && $conf->global->MAIN_FEATURES_LEVEL < 1) { $modulequalified = 0; } diff --git a/htdocs/admin/supplier_invoice.php b/htdocs/admin/supplier_invoice.php index aa337ff1f29..646b5e1e13d 100644 --- a/htdocs/admin/supplier_invoice.php +++ b/htdocs/admin/supplier_invoice.php @@ -392,7 +392,7 @@ foreach ($dirmodels as $reldir) { // Default print '
'; + print ''; + print ''; $searchpicto = $form->showFilterButtons(); @@ -1540,6 +1552,12 @@ if ($resql) { if (!empty($arrayfields['cf.date_approve']['checked'])) { print_liste_field_titre($arrayfields['cf.date_approve']['label'], $_SERVER["PHP_SELF"], 'cf.date_approve', '', $param, '', $sortfield, $sortorder, 'center '); } + if (!empty($arrayfields['cf.note_public']['checked'])) { + print_liste_field_titre($arrayfields['cf.note_public']['label'], $_SERVER["PHP_SELF"], "cf.note_public", "", $param, '', $sortfield, $sortorder, 'right '); + } + if (!empty($arrayfields['cf.note_private']['checked'])) { + print_liste_field_titre($arrayfields['cf.note_private']['label'], $_SERVER["PHP_SELF"], "cf.note_private", "", $param, '', $sortfield, $sortorder, 'right '); + } print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', '', '', $sortfield, $sortorder, 'center maxwidthsearch '); print "
'; + print dol_string_nohtmltag($obj->note_public); + print ''; + print dol_string_nohtmltag($obj->note_private); + print ''; From 9890965cfe7c8635da82dc3778f3266f9f756564 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 9 Sep 2022 12:03:42 +0200 Subject: [PATCH 128/212] rather center column title --- htdocs/fourn/commande/list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index f1f65ed3fa8..f71126f60ed 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -1553,10 +1553,10 @@ if ($resql) { print_liste_field_titre($arrayfields['cf.date_approve']['label'], $_SERVER["PHP_SELF"], 'cf.date_approve', '', $param, '', $sortfield, $sortorder, 'center '); } if (!empty($arrayfields['cf.note_public']['checked'])) { - print_liste_field_titre($arrayfields['cf.note_public']['label'], $_SERVER["PHP_SELF"], "cf.note_public", "", $param, '', $sortfield, $sortorder, 'right '); + print_liste_field_titre($arrayfields['cf.note_public']['label'], $_SERVER["PHP_SELF"], "cf.note_public", "", $param, '', $sortfield, $sortorder, 'center '); } if (!empty($arrayfields['cf.note_private']['checked'])) { - print_liste_field_titre($arrayfields['cf.note_private']['label'], $_SERVER["PHP_SELF"], "cf.note_private", "", $param, '', $sortfield, $sortorder, 'right '); + print_liste_field_titre($arrayfields['cf.note_private']['label'], $_SERVER["PHP_SELF"], "cf.note_private", "", $param, '', $sortfield, $sortorder, 'center '); } print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"], "", '', '', '', $sortfield, $sortorder, 'center maxwidthsearch '); print "
'; print $langs->trans("PrintProductsOnFichinter").' ('.$langs->trans("PrintProductsOnFichinterDetails").')global->FICHINTER_PRINT_PRODUCTS) { +if (getDolGlobalString("FICHINTER_PRINT_PRODUCTS")) { print 'checked '; } print '/>'; @@ -554,7 +554,7 @@ print ''; print $langs->trans("UseServicesDurationOnFichinter"); print ''; -print 'global->FICHINTER_USE_SERVICE_DURATION ? ' checked' : '').'>'; +print ''; print ''; print ''; @@ -570,7 +570,7 @@ print ''; print $langs->trans("UseDurationOnFichinter"); print ''; -print 'global->FICHINTER_WITHOUT_DURATION ? ' checked' : '').'>'; +print ''; print ''; print ''; @@ -586,7 +586,7 @@ print ''; print $langs->trans("UseDateWithoutHourOnFichinter"); print ''; -print 'global->FICHINTER_DATE_WITHOUT_HOUR ? ' checked' : '').'>'; +print ''; print ''; print ''; diff --git a/htdocs/admin/hrm.php b/htdocs/admin/hrm.php index c568e6de39c..838e9bf9a0b 100644 --- a/htdocs/admin/hrm.php +++ b/htdocs/admin/hrm.php @@ -624,7 +624,7 @@ if ($action == 'edit') { setEventMessages(null, $object->errors, "errors"); } } else { - print $conf->global->{$constname}; + print getDolGlobalString($constname); } print '
'; - if ($conf->global->INVOICE_SUPPLIER_ADDON_PDF == "$name") { + if (getDolGlobalString("INVOICE_SUPPLIER_ADDON_PDF") == "$name") { //print img_picto($langs->trans("Default"),'on'); // Even if choice is the default value, we allow to disable it: For supplier invoice, we accept to have no doc generation at all print 'scandir.'&label='.urlencode($module->name).'&type=invoice_supplier"" alt="'.$langs->trans("Disable").'">'.img_picto($langs->trans("Enabled"), 'on').''; diff --git a/htdocs/admin/supplier_order.php b/htdocs/admin/supplier_order.php index 0204f184de7..905721128ad 100644 --- a/htdocs/admin/supplier_order.php +++ b/htdocs/admin/supplier_order.php @@ -1,63 +1,63 @@ - * Copyright (C) 2004-2011 Laurent Destailleur - * Copyright (C) 2005-2011 Regis Houssin - * Copyright (C) 2004 Sebastien Di Cintio - * Copyright (C) 2004 Benoit Mortier - * Copyright (C) 2010-2013 Juanjo Menent - * Copyright (C) 2011-2018 Philippe Grand - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ + /* Copyright (C) 2003-2007 Rodolphe Quiedeville + * Copyright (C) 2004-2011 Laurent Destailleur + * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2004 Sebastien Di Cintio + * Copyright (C) 2004 Benoit Mortier + * Copyright (C) 2010-2013 Juanjo Menent + * Copyright (C) 2011-2018 Philippe Grand + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ -/** - * \file htdocs/admin/supplier_order.php - * \ingroup fournisseur - * \brief Page d'administration-configuration du module Fournisseur - */ + /** + * \file htdocs/admin/supplier_order.php + * \ingroup fournisseur + * \brief Page d'administration-configuration du module Fournisseur + */ -require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php'; -require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php'; + require '../main.inc.php'; + require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; + require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php'; + require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php'; + require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php'; + require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php'; -// Load translation files required by the page -$langs->loadLangs(array("admin", "other", "orders", "stocks")); + // Load translation files required by the page + $langs->loadLangs(array("admin", "other", "orders", "stocks")); if (!$user->admin) { accessforbidden(); } -$type = GETPOST('type', 'alpha'); -$value = GETPOST('value', 'alpha'); -$modulepart = GETPOST('modulepart', 'aZ09'); // Used by actions_setmoduleoptions.inc.php + $type = GETPOST('type', 'alpha'); + $value = GETPOST('value', 'alpha'); + $modulepart = GETPOST('modulepart', 'aZ09'); // Used by actions_setmoduleoptions.inc.php -$label = GETPOST('label', 'alpha'); -$action = GETPOST('action', 'aZ09'); -$scandir = GETPOST('scan_dir', 'alpha'); + $label = GETPOST('label', 'alpha'); + $action = GETPOST('action', 'aZ09'); + $scandir = GETPOST('scan_dir', 'alpha'); -$specimenthirdparty = new Societe($db); -$specimenthirdparty->initAsSpecimen(); + $specimenthirdparty = new Societe($db); + $specimenthirdparty->initAsSpecimen(); -/* - * Actions - */ + /* + * Actions + */ -include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php'; + include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php'; if ($action == 'updateMask') { $maskconstorder = GETPOST('maskconstorder', 'alpha'); @@ -193,40 +193,40 @@ if ($action == 'updateMask') { } -/* - * View - */ + /* + * View + */ -$form = new Form($db); + $form = new Form($db); -$dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); + $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); -llxHeader("", ""); + llxHeader("", ""); -$linkback = ''.$langs->trans("BackToModuleList").''; -print load_fiche_titre($langs->trans("SuppliersSetup"), $linkback, 'title_setup'); + $linkback = ''.$langs->trans("BackToModuleList").''; + print load_fiche_titre($langs->trans("SuppliersSetup"), $linkback, 'title_setup'); -print "
"; + print "
"; -$head = supplierorder_admin_prepare_head(); + $head = supplierorder_admin_prepare_head(); -print dol_get_fiche_head($head, 'order', $langs->trans("Suppliers"), -1, 'company'); + print dol_get_fiche_head($head, 'order', $langs->trans("Suppliers"), -1, 'company'); -// Supplier order numbering module + // Supplier order numbering module -print load_fiche_titre($langs->trans("OrdersNumberingModules"), '', ''); + print load_fiche_titre($langs->trans("OrdersNumberingModules"), '', ''); -print ''; -print ''; -print ''; -print ''; -print ''; -print ''; -print ''; -print "\n"; + print '
'.$langs->trans("Name").''.$langs->trans("Description").''.$langs->trans("Example").''.$langs->trans("Status").''.$langs->trans("ShortInfo").'
'; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print "\n"; -clearstatcache(); + clearstatcache(); foreach ($dirmodels as $reldir) { $dir = dol_buildpath($reldir."core/modules/supplier_order/"); @@ -309,24 +309,24 @@ foreach ($dirmodels as $reldir) { } } -print '
'.$langs->trans("Name").''.$langs->trans("Description").''.$langs->trans("Example").''.$langs->trans("Status").''.$langs->trans("ShortInfo").'

'; + print '

'; -/* - * Documents models for supplier orders - */ + /* + * Documents models for supplier orders + */ -print load_fiche_titre($langs->trans("OrdersModelModule"), '', ''); + print load_fiche_titre($langs->trans("OrdersModelModule"), '', ''); -// Defini tableau def de modele -$def = array(); + // Defini tableau def de modele + $def = array(); -$sql = "SELECT nom"; -$sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = 'order_supplier'"; -$sql .= " AND entity = ".$conf->entity; + $sql = "SELECT nom"; + $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; + $sql .= " WHERE type = 'order_supplier'"; + $sql .= " AND entity = ".$conf->entity; -$resql = $db->query($sql); + $resql = $db->query($sql); if ($resql) { $i = 0; $num_rows = $db->num_rows($resql); @@ -339,17 +339,17 @@ if ($resql) { dol_print_error($db); } -print ''."\n"; -print ''."\n"; -print ''."\n"; -print ''."\n"; -print ''."\n"; -print ''."\n"; -print ''; -print ''; -print ''."\n"; + print '
'.$langs->trans("Name").''.$langs->trans("Description").''.$langs->trans("Status").''.$langs->trans("Default").''.$langs->trans("ShortInfo").''.$langs->trans("Preview").'
'."\n"; + print ''."\n"; + print ''."\n"; + print ''."\n"; + print ''."\n"; + print ''."\n"; + print ''; + print ''; + print ''."\n"; -clearstatcache(); + clearstatcache(); foreach ($dirmodels as $reldir) { $realpath = $reldir."core/modules/supplier_order/doc"; @@ -434,76 +434,76 @@ foreach ($dirmodels as $reldir) { } } -print '
'.$langs->trans("Name").''.$langs->trans("Description").''.$langs->trans("Status").''.$langs->trans("Default").''.$langs->trans("ShortInfo").''.$langs->trans("Preview").'

'; + print '

'; -/* - * Other options - */ + /* + * Other options + */ -print '
'; -print ''; -print ''; + print ''; + print ''; + print ''; -print load_fiche_titre($langs->trans("OtherOptions"), '', ''); -print ''; -print ''; -print ''; -print ''; -print ''; -print "\n"; + print load_fiche_titre($langs->trans("OtherOptions"), '', ''); + print '
'.$langs->trans("Parameter").''.$langs->trans("Value").' 
'; + print ''; + print ''; + print ''; + print ''; + print "\n"; -print '\n"; + print '\n"; -// Ask for payment bank during supplier order -/* Kept as hidden for the moment -if (isModEnabled('banque')) { + // Ask for payment bank during supplier order + /* Kept as hidden for the moment + if (isModEnabled('banque')) { - print ''; -} -else -{ + print ''; + } + else + { - print ''; -} -*/ + print ''; + } + */ -$substitutionarray = pdf_getSubstitutionArray($langs, null, null, 2); -$substitutionarray['__(AnyTranslationKey)__'] = $langs->trans("Translation"); -$htmltext = ''.$langs->trans("AvailableVariables").':
'; + $substitutionarray = pdf_getSubstitutionArray($langs, null, null, 2); + $substitutionarray['__(AnyTranslationKey)__'] = $langs->trans("Translation"); + $htmltext = ''.$langs->trans("AvailableVariables").':
'; foreach ($substitutionarray as $key => $val) { $htmltext .= $key.'
'; } -$htmltext .= ''; + $htmltext .= ''; -print '\n"; + print '\n"; -// Option to add a quality/validation step, on products, after reception. -print ''; -print ''; -print ''; -print ''; + print ''; + print ''; + print '\n"; -print "\n"; + print "\n"; + print "\n"; -print '
'.$langs->trans("Parameter").''.$langs->trans("Value").' 
'; -print $form->textwithpicto($langs->trans("UseDoubleApproval"), $langs->trans("Use3StepsApproval"), 1, 'help').'
'; -print $langs->trans("IfSetToYesDontForgetPermission"); -print '		'; -print ''; -print ''; -print ''; -print "
'; + print $form->textwithpicto($langs->trans("UseDoubleApproval"), $langs->trans("Use3StepsApproval"), 1, 'help').'
'; + print $langs->trans("IfSetToYesDontForgetPermission"); + print '		'; + print ''; + print ''; + print ''; + print "
'; - print $langs->trans("BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER").' '; - if (!empty($conf->use_javascript_ajax)) - { - print ajax_constantonoff('BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER'); - } - else - { - if (empty($conf->global->BANK_ASK_PAYMENT_BANK_DURING_ORDER)) - { - print ''.img_picto($langs->trans("Disabled"),'switch_off').''; - } - else - { - print ''.img_picto($langs->trans("Enabled"),'switch_on').''; - } - } - print '
'; + print $langs->trans("BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER").' '; + if (!empty($conf->use_javascript_ajax)) + { + print ajax_constantonoff('BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER'); + } + else + { + if (empty($conf->global->BANK_ASK_PAYMENT_BANK_DURING_ORDER)) + { + print ''.img_picto($langs->trans("Disabled"),'switch_off').''; + } + else + { + print ''.img_picto($langs->trans("Enabled"),'switch_on').''; + } + } + print '
'; - print $langs->trans("BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER").' '.$langs->trans('NotAvailable').'
'; + print $langs->trans("BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER").' '.$langs->trans('NotAvailable').'
'; -print $form->textwithpicto($langs->trans("FreeLegalTextOnOrders"), $langs->trans("AddCRIfTooLong").'

'.$htmltext, 1, 'help', '', 0, 2, 'freetexttooltip').'
'; -$variablename = 'SUPPLIER_ORDER_FREE_TEXT'; + print '
'; + print $form->textwithpicto($langs->trans("FreeLegalTextOnOrders"), $langs->trans("AddCRIfTooLong").'

'.$htmltext, 1, 'help', '', 0, 2, 'freetexttooltip').'
'; + $variablename = 'SUPPLIER_ORDER_FREE_TEXT'; if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { print ''; } else { @@ -511,15 +511,15 @@ if (empty($conf->global->PDF_ALLOW_HTML_FOR_FREE_TEXT)) { $doleditor = new DolEditor($variablename, getDolGlobalString($variablename), '', 80, 'dolibarr_notes'); print $doleditor->Create(); } -print '		'; -print ''; -print "
'; + print ''; + print "
'.$langs->trans("UseDispatchStatus").''; + // Option to add a quality/validation step, on products, after reception. + print '
'.$langs->trans("UseDispatchStatus").''; if (isModEnabled('reception')) { print ''.$langs->trans("FeatureNotAvailableWithReceptionModule").''; } else { @@ -530,33 +530,33 @@ if (isModEnabled('reception')) { print $form->selectarray("SUPPLIER_ORDER_USE_DISPATCH_STATUS", $arrval, $conf->global->SUPPLIER_ORDER_USE_DISPATCH_STATUS); } } -print "

'; + print '

'; -print ''; + print ''; -/* - * Notifications - */ + /* + * Notifications + */ -print load_fiche_titre($langs->trans("Notifications"), '', ''); -print ''; -print ''; -print ''; -print ''; -print ''; -print "\n"; + print load_fiche_titre($langs->trans("Notifications"), '', ''); + print '
'.$langs->trans("Parameter").' 
'; + print ''; + print ''; + print ''; + print ''; + print "\n"; -print '\n"; + print '\n"; -print '
'.$langs->trans("Parameter").' 
'; -print $langs->trans("YouMayFindNotificationsFeaturesIntoModuleNotification").'
'; -print '		'; -print "
'; + print $langs->trans("YouMayFindNotificationsFeaturesIntoModuleNotification").'
'; + print '		'; + print "
'; + print '
'; -// End of page -llxFooter(); -$db->close(); + // End of page + llxFooter(); + $db->close(); diff --git a/htdocs/admin/supplier_payment.php b/htdocs/admin/supplier_payment.php index a41f9fdf80c..187123ebbe7 100644 --- a/htdocs/admin/supplier_payment.php +++ b/htdocs/admin/supplier_payment.php @@ -74,7 +74,7 @@ if ($action == 'updateMask') { } elseif ($action == 'del') { $ret = delDocumentModel($value, $type); if ($ret > 0) { - if ($conf->global->FACTURE_ADDON_PDF == "$value") { + if (getDolGlobalString("FACTURE_ADDON_PDF") == "$value") { dolibarr_del_const($db, 'SUPPLIER_PAYMENT_ADDON_PDF', $conf->entity); } } @@ -262,7 +262,7 @@ foreach ($dirmodels as $reldir) { if ($conf->global->SUPPLIER_PAYMENT_ADDON == $file || $conf->global->SUPPLIER_PAYMENT_ADDON.'.php' == $file) { print img_picto($langs->trans("Activated"), 'switch_on'); } else { - print ''.img_picto($langs->trans("Disabled"), 'switch_off').''; + print 'scandir) ? '&scandir='.$module->scandir : '').'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"), 'switch_off').''; } print ''; @@ -288,7 +288,7 @@ foreach ($dirmodels as $reldir) { print ''; print $form->textwithpicto('', $htmltooltip, 1, 0); - if ($conf->global->PAYMENT_ADDON.'.php' == $file) { // If module is the one used, we show existing errors + if (getDolGlobalString("PAYMENT_ADDON").'.php' == $file) { // If module is the one used, we show existing errors if (!empty($module->error)) { dol_htmloutput_mesg($module->error, '', 'error', 1); } @@ -350,7 +350,7 @@ foreach ($dirmodels as $reldir) { print "\n"; print "\n"; require_once $dir.'/'.$file; - $module = new $classname($db, $specimenthirdparty); + $module = new $classname($db, new Societe($db)); if (method_exists($module, 'info')) { print $module->info($langs); } else { @@ -382,7 +382,7 @@ foreach ($dirmodels as $reldir) { // Default print ''; - if ($conf->global->SUPPLIER_PAYMENT_ADDON_PDF == "$name") { + if (getDolGlobalString("SUPPLIER_PAYMENT_ADDON_PDF") == "$name") { //print img_picto($langs->trans("Default"),'on'); // Even if choice is the default value, we allow to disable it: For supplier invoice, we accept to have no doc generation at all print 'scandir).'&label='.urlencode($module->name).'&type=SUPPLIER_PAYMENT"" alt="'.$langs->trans("Disable").'">'.img_picto($langs->trans("Enabled"), 'on').''; @@ -441,7 +441,7 @@ print "\n"; print ''; print $langs->trans("GroupPaymentsByModOnReports"); print ''; -print $form->selectyesno("PAYMENTS_FOURN_REPORT_GROUP_BY_MOD", $conf->global->PAYMENTS_FOURN_REPORT_GROUP_BY_MOD, 1); +print $form->selectyesno("PAYMENTS_FOURN_REPORT_GROUP_BY_MOD", getDolGlobalString("PAYMENTS_FOURN_REPORT_GROUP_BY_MOD"), 1); print ''; print "\n"; diff --git a/htdocs/admin/ticket.php b/htdocs/admin/ticket.php index f1fbba03840..66b7f24a719 100644 --- a/htdocs/admin/ticket.php +++ b/htdocs/admin/ticket.php @@ -428,7 +428,7 @@ foreach ($dirmodels as $reldir) { // Default print ''; - if ($conf->global->TICKET_ADDON_PDF == $name) { + if (getDolGlobalString("TICKET_ADDON_PDF") == $name) { print img_picto($langs->trans("Default"), 'on'); } else { print 'scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"), 'off').''; @@ -540,9 +540,10 @@ print ''; print ''; if (isModEnabled('product')) { + $htmlname = "product_category_id"; print ''.$langs->trans("TicketChooseProductCategory").''; print ''; - $formcategory->selectProductCategory($conf->global->TICKET_PRODUCT_CATEGORY, 'product_category_id'); + $formcategory->selectProductCategory($conf->global->TICKET_PRODUCT_CATEGORY, $htmlname); if ($conf->use_javascript_ajax) { print ajax_combobox('select_'.$htmlname); } diff --git a/htdocs/admin/ticket_public.php b/htdocs/admin/ticket_public.php index 3e4c088620d..3d2a64e4d96 100644 --- a/htdocs/admin/ticket_public.php +++ b/htdocs/admin/ticket_public.php @@ -381,10 +381,10 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { } // Interface topic - $url_interface = $conf->global->TICKET_PUBLIC_INTERFACE_TOPIC; + $url_interface = getDolGlobalString("TICKET_PUBLIC_INTERFACE_TOPIC"); print ''.$langs->trans("TicketPublicInterfaceTopicLabelAdmin").''; print ''; - print ''; + print ''; print ''; print ''; print $form->textwithpicto('', $langs->trans("TicketPublicInterfaceTopicHelp"), 1, 'help'); @@ -403,7 +403,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print ''; // Text to help to enter a ticket - $public_text_help_message = $conf->global->TICKET_PUBLIC_TEXT_HELP_MESSAGE ? $conf->global->TICKET_PUBLIC_TEXT_HELP_MESSAGE : $langs->trans('TicketPublicPleaseBeAccuratelyDescribe'); + $public_text_help_message = getDolGlobalString("TICKET_PUBLIC_TEXT_HELP_MESSAGE", $langs->trans('TicketPublicPleaseBeAccuratelyDescribe')); print ''.$langs->trans("TicketPublicInterfaceTextHelpMessageLabelAdmin").''; print ''; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; @@ -415,10 +415,10 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print ''; // Url public interface - $url_interface = $conf->global->TICKET_URL_PUBLIC_INTERFACE; + $url_interface = getDolGlobalString("TICKET_URL_PUBLIC_INTERFACE"); print ''.$langs->trans("TicketUrlPublicInterfaceLabelAdmin").''; print ''; - print ''; + print ''; print ''; print ''; print $form->textwithpicto('', $langs->trans("TicketUrlPublicInterfaceHelpAdmin"), 1, 'help'); @@ -448,7 +448,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print ''; // Text of email after creatio of a ticket - $mail_mesg_new = $conf->global->TICKET_MESSAGE_MAIL_NEW ? $conf->global->TICKET_MESSAGE_MAIL_NEW : $langs->trans('TicketNewEmailBody'); + $mail_mesg_new = getDolGlobalString("TICKET_MESSAGE_MAIL_NEW", $langs->trans('TicketNewEmailBody')); print ''; print $form->textwithpicto($langs->trans("TicketNewEmailBodyLabel"), $langs->trans("TicketNewEmailBodyHelp"), 1, 'help'); print ''; @@ -468,7 +468,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print ajax_constantonoff('TICKET_PUBLIC_NOTIFICATION_NEW_MESSAGE_ENABLED'); } else { $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); - print $form->selectarray("TICKET_PUBLIC_NOTIFICATION_NEW_MESSAGE_ENABLED", $arrval, $conf->global->TICKET_PUBLIC_NOTIFICATION_NEW_MESSAGE_ENABLED); + print $form->selectarray("TICKET_PUBLIC_NOTIFICATION_NEW_MESSAGE_ENABLED", $arrval, getDolGlobalString("TICKET_PUBLIC_NOTIFICATION_NEW_MESSAGE_ENABLED")); } print ''; print ''; @@ -477,7 +477,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print ''; print $form->textwithpicto($langs->trans("TicketPublicNotificationNewMessageDefaultEmail"), $langs->trans("TicketPublicNotificationNewMessageDefaultEmailHelp"), 1, 'help'); print ''; - print ''; + print ''; print ''; print ''; diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php index 9b1d78f1694..1fe4ce77414 100644 --- a/htdocs/core/db/mysqli.class.php +++ b/htdocs/core/db/mysqli.class.php @@ -421,7 +421,7 @@ class DoliDBMysqli extends DoliDB if (!is_object($resultset)) { $resultset = $this->_results; } - return $resultset->num_rows; + return isset($resultset->num_rows) ? $resultset->num_rows : 0; } // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps diff --git a/htdocs/core/modules/commande/mod_commande_saphir.php b/htdocs/core/modules/commande/mod_commande_saphir.php index 36efdcc1d88..ad2b109f2d1 100644 --- a/htdocs/core/modules/commande/mod_commande_saphir.php +++ b/htdocs/core/modules/commande/mod_commande_saphir.php @@ -79,7 +79,7 @@ class mod_commande_saphir extends ModeleNumRefCommandes // Parametrage du prefix $texte .= ''.$langs->trans("Mask").':'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= '  '; @@ -128,7 +128,7 @@ class mod_commande_saphir extends ModeleNumRefCommandes require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // We get cursor rule - $mask = $conf->global->COMMANDE_SAPHIR_MASK; + $mask = getDolGlobalString("COMMANDE_SAPHIR_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/contract/mod_contract_magre.php b/htdocs/core/modules/contract/mod_contract_magre.php index e0c54c1d022..e88d2c46b32 100644 --- a/htdocs/core/modules/contract/mod_contract_magre.php +++ b/htdocs/core/modules/contract/mod_contract_magre.php @@ -85,7 +85,7 @@ class mod_contract_magre extends ModelNumRefContracts $tooltip .= $langs->trans("GenericMaskCodes5"); $texte .= ''.$langs->trans("Mask").':'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= '  '; $texte .= ''; $texte .= ''; @@ -127,7 +127,7 @@ class mod_contract_magre extends ModelNumRefContracts require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; - $mask = $conf->global->CONTRACT_MAGRE_MASK; + $mask = getDolGlobalString("CONTRACT_MAGRE_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/fichinter/mod_arctic.php b/htdocs/core/modules/fichinter/mod_arctic.php index cb5acddd6e9..8efd936601b 100644 --- a/htdocs/core/modules/fichinter/mod_arctic.php +++ b/htdocs/core/modules/fichinter/mod_arctic.php @@ -84,7 +84,7 @@ class mod_arctic extends ModeleNumRefFicheinter // Setting the prefix $texte .= ''.$langs->trans("Mask").':'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= '  '; @@ -130,7 +130,7 @@ class mod_arctic extends ModeleNumRefFicheinter require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // We define the search criteria of the counter - $mask = $conf->global->FICHINTER_ARTIC_MASK; + $mask = getDolGlobalString("FICHINTER_ARTIC_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php b/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php index 8314d62dada..dfcc9273505 100644 --- a/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php +++ b/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php @@ -123,7 +123,7 @@ class doc_generic_proposal_odt extends ModelePDFPropales $texte .= ''; $texte .= ''; $texte .= ''; - if ($conf->global->MAIN_PROPAL_CHOOSE_ODT_DOCUMENT > 0) { + if (getDolGlobalInt("MAIN_PROPAL_CHOOSE_ODT_DOCUMENT") > 0) { $texte .= ''; $texte .= ''; $texte .= ''; @@ -187,7 +187,7 @@ class doc_generic_proposal_odt extends ModelePDFPropales $texte .= '
'; // Set default template for different status of proposal - if ($conf->global->MAIN_PROPAL_CHOOSE_ODT_DOCUMENT > 0) { + if (getDolGlobalInt("MAIN_PROPAL_CHOOSE_ODT_DOCUMENT") > 0) { // Model for creation $list = ModelePDFPropales::liste_modeles($this->db); $texte .= ''; diff --git a/htdocs/core/modules/reception/mod_reception_moonstone.php b/htdocs/core/modules/reception/mod_reception_moonstone.php index e1a5669dc09..40aaa63a7a8 100644 --- a/htdocs/core/modules/reception/mod_reception_moonstone.php +++ b/htdocs/core/modules/reception/mod_reception_moonstone.php @@ -61,7 +61,7 @@ class mod_reception_moonstone extends ModelNumRefReception $tooltip .= $langs->trans("GenericMaskCodes5"); $texte .= ''; - $texte .= ''; + $texte .= ''; $texte .= ''; $texte .= ''; $texte .= '
'.$langs->trans("Mask").':'.$form->textwithpicto('', $tooltip, 1, 1).''.$form->textwithpicto('', $tooltip, 1, 1).' 
'; @@ -106,7 +106,7 @@ class mod_reception_moonstone extends ModelNumRefReception require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; - $mask = $conf->global->RECEPTION_MOONSTONE_MASK; + $mask = getDolGlobalString("RECEPTION_MOONSTONE_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php b/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php index e6838b9c4c4..0aacecc69da 100644 --- a/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php +++ b/htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_tulip.php @@ -67,12 +67,12 @@ class mod_facture_fournisseur_tulip extends ModeleNumRefSuppliersInvoices */ public function info() { - global $conf, $langs; + global $conf, $langs, $db; // Load translation files required by the page $langs->loadLangs(array("bills", "admin")); - $form = new Form($this->db); + $form = new Form($db); $texte = $langs->trans('GenericNumRefModelDesc')."
\n"; $texte .= '
'; @@ -93,7 +93,7 @@ class mod_facture_fournisseur_tulip extends ModeleNumRefSuppliersInvoices // Setting the prefix $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("InvoiceStandard").')'; $texte .= ':'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= '  '; @@ -101,19 +101,19 @@ class mod_facture_fournisseur_tulip extends ModeleNumRefSuppliersInvoices // Prefix setting of credit note $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("InvoiceAvoir").'):'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= ''; if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) { // Parametrage du prefix des replacement $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("InvoiceReplacement").'):'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= ''; } // Prefix setting of deposit $texte .= ''.$langs->trans("Mask").' ('.$langs->trans("InvoiceDeposit").'):'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= ''; $texte .= ''; @@ -159,16 +159,16 @@ class mod_facture_fournisseur_tulip extends ModeleNumRefSuppliersInvoices // Get Mask value $mask = ''; if (is_object($object) && $object->type == 1) { - $mask = $conf->global->SUPPLIER_REPLACEMENT_TULIP_MASK; + $mask = getDolGlobalString("SUPPLIER_REPLACEMENT_TULIP_MASK"); if (!$mask) { - $mask = $conf->global->SUPPLIER_INVOICE_TULIP_MASK; + $mask = getDolGlobalString("SUPPLIER_INVOICE_TULIP_MASK"); } } elseif (is_object($object) && $object->type == 2) { - $mask = $conf->global->SUPPLIER_CREDIT_TULIP_MASK; + $mask = getDolGlobalString("SUPPLIER_CREDIT_TULIP_MASK"); } elseif (is_object($object) && $object->type == 3) { - $mask = $conf->global->SUPPLIER_DEPOSIT_TULIP_MASK; + $mask = getDolGlobalString("SUPPLIER_DEPOSIT_TULIP_MASK"); } else { - $mask = $conf->global->SUPPLIER_INVOICE_TULIP_MASK; + $mask = getDolGlobalString("SUPPLIER_INVOICE_TULIP_MASK"); } if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php b/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php index 473664cb44c..8f67f28b42d 100644 --- a/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php +++ b/htdocs/core/modules/supplier_order/mod_commande_fournisseur_orchidee.php @@ -85,7 +85,7 @@ class mod_commande_fournisseur_orchidee extends ModeleNumRefSuppliersOrders // Parametrage du prefix $texte .= ''.$langs->trans("Mask").':'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= '  '; @@ -131,7 +131,7 @@ class mod_commande_fournisseur_orchidee extends ModeleNumRefSuppliersOrders require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // On defini critere recherche compteur - $mask = $conf->global->COMMANDE_FOURNISSEUR_ORCHIDEE_MASK; + $mask = getDolGlobalString("COMMANDE_FOURNISSEUR_ORCHIDEE_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php b/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php index 0bc0543e6cd..292662a14ad 100644 --- a/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php +++ b/htdocs/core/modules/supplier_payment/mod_supplier_payment_brodator.php @@ -61,11 +61,11 @@ class mod_supplier_payment_brodator extends ModeleNumRefSupplierPayments */ public function info() { - global $conf, $langs; + global $conf, $langs, $db; $langs->load("bills"); - $form = new Form($this->db); + $form = new Form($db); $texte = $langs->trans('GenericNumRefModelDesc')."
\n"; $texte .= ''; @@ -82,7 +82,7 @@ class mod_supplier_payment_brodator extends ModeleNumRefSupplierPayments // Parametrage du prefix $texte .= ''.$langs->trans("Mask").':'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= '  '; @@ -128,7 +128,7 @@ class mod_supplier_payment_brodator extends ModeleNumRefSupplierPayments require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // We get cursor rule - $mask = $conf->global->SUPPLIER_PAYMENT_BRODATOR_MASK; + $mask = getDolGlobalString("SUPPLIER_PAYMENT_BRODATOR_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/core/modules/ticket/mod_ticket_universal.php b/htdocs/core/modules/ticket/mod_ticket_universal.php index 2c46376eea1..8efc2f6a4e5 100644 --- a/htdocs/core/modules/ticket/mod_ticket_universal.php +++ b/htdocs/core/modules/ticket/mod_ticket_universal.php @@ -81,7 +81,7 @@ class mod_ticket_universal extends ModeleNumRefTicket // Parametrage du prefix $texte .= ''.$langs->trans("Mask").':'; - $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; + $texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).''; $texte .= '  '; @@ -127,7 +127,7 @@ class mod_ticket_universal extends ModeleNumRefTicket include_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // On defini critere recherche compteur - $mask = $conf->global->TICKET_UNIVERSAL_MASK; + $mask = getDolGlobalString("TICKET_UNIVERSAL_MASK"); if (!$mask) { $this->error = 'NotConfigured'; diff --git a/htdocs/hrm/admin/admin_establishment.php b/htdocs/hrm/admin/admin_establishment.php index 223f8a720d5..f28c0285e1f 100644 --- a/htdocs/hrm/admin/admin_establishment.php +++ b/htdocs/hrm/admin/admin_establishment.php @@ -53,10 +53,10 @@ if (empty($page) || $page == -1) { $page = 0; } +$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; -$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; /* diff --git a/htdocs/hrm/establishment/card.php b/htdocs/hrm/establishment/card.php index 1b30eed663a..fa2ed2f55fd 100644 --- a/htdocs/hrm/establishment/card.php +++ b/htdocs/hrm/establishment/card.php @@ -254,7 +254,7 @@ if ($action == 'create') { } // Part to edit record -if (($id || $ref) && $action == 'edit') { +if ((!empty($id) || !empty($ref)) && $action == 'edit') { $result = $object->fetch($id); if ($result > 0) { $head = establishment_prepare_head($object); From b23ab2cb712a7f89ba989843a48bd12d26b9aa12 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Sep 2022 13:58:54 +0200 Subject: [PATCH 131/212] FIX #yogosha12266 --- htdocs/accountancy/journal/variousjournal.php | 2 +- htdocs/admin/clicktodial.php | 4 +- htdocs/api/index.php | 2 + htdocs/categories/viewcat.php | 20 +- htdocs/comm/action/list.php | 4 - htdocs/core/ajax/objectonoff.php | 9 +- htdocs/core/ajax/selectsearchbox.php | 1 + htdocs/core/lib/functions.lib.php | 3 +- htdocs/core/lib/security.lib.php | 23 ++- htdocs/core/tpl/login.tpl.php | 4 +- htdocs/core/tpl/passwordforgotten.tpl.php | 4 +- htdocs/core/website.inc.php | 26 ++- htdocs/document.php | 8 +- .../conferenceorboothattendee_note.php | 1 - htdocs/hrm/position.php | 1 - htdocs/hrm/skill_tab.php | 4 +- htdocs/main.inc.php | 13 +- htdocs/modulebuilder/index.php | 4 +- .../mailinglist_mymodule_myobject.modules.php | 6 +- .../template/myobject_agenda.php | 1 - .../modulebuilder/template/myobject_card.php | 4 +- .../template/myobject_document.php | 181 +++++++++--------- .../modulebuilder/template/myobject_list.php | 1 - .../modulebuilder/template/myobject_note.php | 1 - .../template/scripts/mymodule.php | 1 - htdocs/public/agenda/agendaexport.php | 2 +- htdocs/public/cron/cron_run_jobs_by_url.php | 2 +- htdocs/public/demo/index.php | 2 +- htdocs/public/donations/donateurs_code.php | 2 +- .../public/eventorganization/attendee_new.php | 2 +- .../eventorganization/subscriptionok.php | 2 +- htdocs/public/members/new.php | 5 +- htdocs/public/members/public_card.php | 2 +- htdocs/public/members/public_list.php | 2 +- htdocs/public/onlinesign/newonlinesign.php | 34 ++-- htdocs/public/opensurvey/studs.php | 10 +- htdocs/public/partnership/new.php | 5 +- htdocs/public/payment/paymentko.php | 2 +- htdocs/public/payment/paymentok.php | 2 +- htdocs/public/project/index.php | 2 +- htdocs/public/project/new.php | 2 +- htdocs/public/project/suggestbooth.php | 2 +- htdocs/public/project/suggestconference.php | 2 +- htdocs/public/project/viewandvote.php | 2 +- htdocs/public/recruitment/index.php | 2 +- htdocs/public/recruitment/view.php | 2 +- htdocs/public/stripe/ipn.php | 31 ++- htdocs/public/ticket/create_ticket.php | 2 +- htdocs/public/ticket/index.php | 2 +- htdocs/public/ticket/list.php | 2 +- htdocs/public/ticket/view.php | 2 +- htdocs/societe/document.php | 158 ++++++++------- htdocs/user/class/user.class.php | 2 +- htdocs/viewimage.php | 16 +- htdocs/webhook/target_card.php | 2 +- 55 files changed, 316 insertions(+), 317 deletions(-) diff --git a/htdocs/accountancy/journal/variousjournal.php b/htdocs/accountancy/journal/variousjournal.php index d737925f2c3..9c944aa7470 100644 --- a/htdocs/accountancy/journal/variousjournal.php +++ b/htdocs/accountancy/journal/variousjournal.php @@ -51,7 +51,7 @@ if ($result > 0) { } elseif ($result < 0) { dol_print_error('', $object->error, $object->errors); } elseif ($result == 0) { - accessforbidden($langs->trans('ErrorRecordNotFound')); + accessforbidden('ErrorRecordNotFound'); } $hookmanager->initHooks(array('globaljournal', $object->nature.'journal')); diff --git a/htdocs/admin/clicktodial.php b/htdocs/admin/clicktodial.php index 8b8f2c6c921..72b7be134bb 100644 --- a/htdocs/admin/clicktodial.php +++ b/htdocs/admin/clicktodial.php @@ -35,8 +35,8 @@ if (!$user->admin) { $action = GETPOST('action', 'aZ09'); -if (!in_array('clicktodial', $conf->modules)) { - accessforbidden($langs->trans("WarningModuleNotActive", $langs->transnoentitiesnoconv("Module58Name"))); +if (!isModEnabled('clicktodial')) { + accessforbidden($langs->transnoentitiesnoconv("WarningModuleNotActive", $langs->transnoentitiesnoconv("Module58Name"))); } diff --git a/htdocs/api/index.php b/htdocs/api/index.php index 8543e284533..4c0d36fdcfe 100644 --- a/htdocs/api/index.php +++ b/htdocs/api/index.php @@ -76,6 +76,8 @@ if (preg_match('/\/api\/index\.php/', $_SERVER["PHP_SELF"])) { header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE'); header('Access-Control-Allow-Headers: Content-Type, Authorization, api_key, DOLAPIKEY'); } +header('X-Frame-Options: SAMEORIGIN'); + $res = 0; if (!$res && file_exists("../main.inc.php")) { diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index 0e5da0735ce..97c6d118842 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -563,7 +563,7 @@ if ($type == Categorie::TYPE_PRODUCT) { } } else { print_barre_liste($langs->trans("ProductsAndServices"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'products'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -643,7 +643,7 @@ if ($type == Categorie::TYPE_CUSTOMER) { } } else { print_barre_liste($langs->trans("Customers"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'companies'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -724,7 +724,7 @@ if ($type == Categorie::TYPE_SUPPLIER) { } } else { print_barre_liste($langs->trans("Suppliers"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'companies'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -808,7 +808,7 @@ if ($type == Categorie::TYPE_MEMBER) { } } else { print_barre_liste($langs->trans("Member"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'members'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -895,7 +895,7 @@ if ($type == Categorie::TYPE_CONTACT) { } } else { print_barre_liste($langs->trans("Contact"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'contact'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -977,7 +977,7 @@ if ($type == Categorie::TYPE_ACCOUNT) { } } else { print_barre_liste($langs->trans("Banque"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'bank'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -1060,7 +1060,7 @@ if ($type == Categorie::TYPE_PROJECT) { } } else { print_barre_liste($langs->trans("Project"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'project'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -1137,7 +1137,7 @@ if ($type == Categorie::TYPE_USER) { } } else { print_barre_liste($langs->trans("Users"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'user'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -1201,7 +1201,7 @@ if ($type == Categorie::TYPE_WAREHOUSE) { } } else { print_barre_liste($langs->trans("Warehouse"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'stock'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } @@ -1280,7 +1280,7 @@ if ($type == Categorie::TYPE_TICKET) { } } else { print_barre_liste($langs->trans("Ticket"), null, $_SERVER["PHP_SELF"], '', '', '', '', '', '', 'ticket'); - accessforbidden($langs->trans("NotEnoughPermissions"), 0, 0); + accessforbidden("NotEnoughPermissions", 0, 0); } } diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index b42bf003333..767c91b8abd 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -27,10 +27,6 @@ * \brief Page to list actions */ -if (!defined("NOREDIRECTBYMAINTOLOGIN")) { - define('NOREDIRECTBYMAINTOLOGIN', 1); -} - require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; diff --git a/htdocs/core/ajax/objectonoff.php b/htdocs/core/ajax/objectonoff.php index ffd05c4747e..5042dadb9b3 100644 --- a/htdocs/core/ajax/objectonoff.php +++ b/htdocs/core/ajax/objectonoff.php @@ -1,5 +1,6 @@ + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or @@ -65,13 +66,15 @@ if (!empty($user->socid)) { $socid = $user->socid; } +//$user->rights->societe->lire = 0;$user->rights->fournisseur->lire = 0; +//restrictedArea($user, 'societe', $id); + if (in_array($field, array('status'))) { restrictedArea($user, $element, $id); } elseif ($element == 'product' && in_array($field, array('tosell', 'tobuy', 'tobatch'))) { // Special case for products restrictedArea($user, 'produit|service', $id, 'product&product', '', '', 'rowid'); } else { - accessforbidden("Bad value for combination of parameters element/field.", 0, 0, 1); - exit; + httponly_accessforbidden("Bad value for combination of parameters element/field."); } diff --git a/htdocs/core/ajax/selectsearchbox.php b/htdocs/core/ajax/selectsearchbox.php index b643351dc73..19f7523fd21 100644 --- a/htdocs/core/ajax/selectsearchbox.php +++ b/htdocs/core/ajax/selectsearchbox.php @@ -40,6 +40,7 @@ if (!isset($usedbyinclude) || empty($usedbyinclude)) { define('NOREQUIREAJAX', '1'); } if (!defined('NOREDIRECTBYMAINTOLOGIN')) { + // Disable redirect to main login because the selectsearch must not ask a login define('NOREDIRECTBYMAINTOLOGIN', '1'); } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 7391785312f..a18e3a761a9 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -4955,8 +4955,9 @@ function dol_print_error($db = '', $error = '', $errors = null) $out .= "
\n"; } - // Return a http error code if possible + // Return a http header with error code if possible if (!headers_sent()) { + top_httphead(); http_response_code(500); } diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 1efcbaacf78..ce6f9b38320 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -329,11 +329,11 @@ function dolGetLdapPasswordHash($password, $type = 'md5') * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional) * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional) * @param int $isdraft 1=The object with id=$objectid is a draft - * @param int $mode Mode (0=default, 1=return with not die) + * @param int $mode Mode (0=default, 1=return without dieing) * @return int If mode = 0 (default): Always 1, die process if not allowed. If mode = 1: Return 0 if access not allowed. * @see dol_check_secure_access_document(), checkUserAccessToObject() */ -function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0) +function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0) { global $db, $conf; global $hookmanager; @@ -1022,24 +1022,29 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl * This includes only HTTP header. * Calling this function terminate execution of PHP. * - * @param string $message Force error message - * @param int $http_response_code HTTP response code + * @param string $message Force error message + * @param int $http_response_code HTTP response code + * @param int $stringalreadysanitized 1 if string is already sanitized with HTML entities * @return void * @see accessforbidden() */ -function httponly_accessforbidden($message = 1, $http_response_code = 403) +function httponly_accessforbidden($message = 1, $http_response_code = 403, $stringalreadysanitized = 0) { - top_httphead('text/html'); + top_httphead(); http_response_code($http_response_code); - print htmlentities($message); + if ($stringalreadysanitized) { + print $message; + } else { + print htmlentities($message); + } exit(1); } /** * Show a message to say access is forbidden and stop program. - * This includes HTTP and HTML header and footer. + * This includes HTTP and HTML header and footer (except if $printheader and $printfooter is 0, use this case inside an already started page). * Calling this function terminate execution of PHP. * * @param string $message Force error message @@ -1070,7 +1075,7 @@ function accessforbidden($message = '', $printheader = 1, $printfooter = 1, $sho } } print '
'; - if (!$message) { + if (empty($message)) { print $langs->trans("ErrorForbidden"); } else { print $langs->trans($message); diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php index b07bb66b46c..f179ea9ed36 100644 --- a/htdocs/core/tpl/login.tpl.php +++ b/htdocs/core/tpl/login.tpl.php @@ -33,10 +33,8 @@ if (empty($conf) || !is_object($conf)) { // DDOS protection $size = (empty($_SERVER['CONTENT_LENGTH']) ? 0 : (int) $_SERVER['CONTENT_LENGTH']); if ($size > 10000) { - http_response_code(413); $langs->loadLangs(array("errors", "install")); - accessforbidden('
'.$langs->trans("ErrorRequestTooLarge").'.
'.$langs->trans("ClickHereToGoToApp").'
', 0, 0, 1); - exit; + httponly_accessforbidden('
'.$langs->trans("ErrorRequestTooLarge").'.
'.$langs->trans("ClickHereToGoToApp").'
', 413, 1); } require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; diff --git a/htdocs/core/tpl/passwordforgotten.tpl.php b/htdocs/core/tpl/passwordforgotten.tpl.php index 6d52cfff267..9aaba5745bb 100644 --- a/htdocs/core/tpl/passwordforgotten.tpl.php +++ b/htdocs/core/tpl/passwordforgotten.tpl.php @@ -30,10 +30,8 @@ if (empty($conf) || !is_object($conf)) { // DDOS protection $size = (int) $_SERVER['CONTENT_LENGTH']; if ($size > 10000) { - http_response_code(413); $langs->loadLangs(array("errors", "install")); - accessforbidden('
'.$langs->trans("ErrorRequestTooLarge").'
'.$langs->trans("ClickHereToGoToApp").'
', 0, 0, 1); - exit; + httponly_accessforbidden('
'.$langs->trans("ErrorRequestTooLarge").'
'.$langs->trans("ClickHereToGoToApp").'
', 413, 1); } require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php index 3bbfe225bee..2bdc9080b78 100644 --- a/htdocs/core/website.inc.php +++ b/htdocs/core/website.inc.php @@ -75,6 +75,18 @@ if ($pageid > 0) { if (!defined('USEDOLIBARREDITOR') && (in_array($websitepage->type_container, array('menu', 'other')) || empty($websitepage->status) && !defined('USEDOLIBARRSERVER'))) { $weblangs->load("website"); + + // Security options + + // X-Content-Type-Options + header("X-Content-Type-Options: nosniff"); + + // X-Frame-Options + if (empty($websitepage->allowed_in_frames) && empty($conf->global->WEBSITE_ALLOW_FRAMES_ON_ALL_PAGES)) { + header("X-Frame-Options: SAMEORIGIN"); + } + + //httponly_accessforbidden('


'.$weblangs->trans("YouTryToAccessToAFileThatIsNotAWebsitePage", $websitepage->pageurl, $websitepage->type_container, $websitepage->status).'
', 404, 1); http_response_code(404); print '


'.$weblangs->trans("YouTryToAccessToAFileThatIsNotAWebsitePage", $websitepage->pageurl, $websitepage->type_container, $websitepage->status).'
'; exit; @@ -198,9 +210,21 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') { // If we browsi } } -// Show off line message +// Show off line message when all website is off if (!defined('USEDOLIBARREDITOR') && empty($website->status)) { + // Security options + + // X-Content-Type-Options + header("X-Content-Type-Options: nosniff"); + + // X-Frame-Options + if (empty($websitepage->allowed_in_frames) && empty($conf->global->WEBSITE_ALLOW_FRAMES_ON_ALL_PAGES)) { + header("X-Frame-Options: SAMEORIGIN"); + } + $weblangs->load("website"); + + //httponly_accessforbidden('


'.$weblangs->trans("SorryWebsiteIsCurrentlyOffLine").'
', 503, 1); http_response_code(503); print '


'.$weblangs->trans("SorryWebsiteIsCurrentlyOffLine").'
'; exit; diff --git a/htdocs/document.php b/htdocs/document.php index 65e5cce7e5f..4f6652fafda 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -104,10 +104,10 @@ $entity = GETPOST('entity', 'int') ?GETPOST('entity', 'int') : $conf->entity; // Security check if (empty($modulepart) && empty($hashp)) { - accessforbidden('Bad link. Bad value for parameter modulepart', 0, 0, 1); + httponly_accessforbidden('Bad link. Bad value for parameter modulepart', 400); } if (empty($original_file) && empty($hashp)) { - accessforbidden('Bad link. Missing identification to find file (original_file or hashp)', 0, 0, 1); + httponly_accessforbidden('Bad link. Missing identification to find file (original_file or hashp)', 400); } if ($modulepart == 'fckeditor') { $modulepart = 'medias'; // For backward compatibility @@ -158,7 +158,7 @@ if (!empty($hashp)) { $original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir //var_dump($original_file); exit; } else { - accessforbidden('Bad link. File is from another module part.', 0, 0, 1); + httponly_accessforbidden('Bad link. File is from another module part.', 403); } } else { $modulepart = $moduleparttocheck; @@ -171,7 +171,7 @@ if (!empty($hashp)) { } } else { $langs->load("errors"); - accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 0, 0, 1); + httponly_accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 403, 1); } } diff --git a/htdocs/eventorganization/conferenceorboothattendee_note.php b/htdocs/eventorganization/conferenceorboothattendee_note.php index b6e343e4496..adc4a1683b8 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_note.php +++ b/htdocs/eventorganization/conferenceorboothattendee_note.php @@ -38,7 +38,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/hrm/position.php b/htdocs/hrm/position.php index 2659321e5fc..24ce9ec3b51 100644 --- a/htdocs/hrm/position.php +++ b/htdocs/hrm/position.php @@ -41,7 +41,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/hrm/skill_tab.php b/htdocs/hrm/skill_tab.php index c48a7c405c6..393e20ba3c4 100644 --- a/htdocs/hrm/skill_tab.php +++ b/htdocs/hrm/skill_tab.php @@ -64,7 +64,9 @@ if (in_array($objecttype, $TAuthorizedObjects)) { } elseif ($objecttype == "user") { $object = new User($db); } -} else accessforbidden($langs->trans('ErrorBadObjectType')); +} else { + accessforbidden('ErrorBadObjectType'); +} $hookmanager->initHooks(array('skilltab', 'globalcard')); // Note that conf->hooks_modules contains array diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 06ff00e474f..6d89923f20e 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -547,12 +547,12 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt( ) { // If token is not provided or empty, error (we are in case it is mandatory) if (!GETPOST('token', 'alpha') || GETPOST('token', 'alpha') == 'notrequired') { + top_httphead(); if (GETPOST('uploadform', 'int')) { dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused. File size too large or not provided."); $langs->loadLangs(array("errors", "install")); print $langs->trans("ErrorFileSizeTooLarge").' '; print $langs->trans("ErrorGoBackAndCorrectParameters"); - die; } else { http_response_code(403); if (defined('CSRFCHECK_WITH_TOKEN')) { @@ -567,8 +567,8 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt( } print " into setup).\n"; } - die; } + die; } } @@ -851,12 +851,16 @@ if (!defined('NOLOGIN')) { // No data to test login, so we show the login page. dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." - action=".GETPOST('action', 'aZ09')." - actionlogin=".GETPOST('actionlogin', 'aZ09')." - showing the login form and exit", LOG_INFO); if (defined('NOREDIRECTBYMAINTOLOGIN')) { + // When used with NOREDIRECTBYMAINTOLOGIN set, the http header must already be set when including the main. + // See example with selectsearchbox.php. This case is reserverd for the selectesearchbox.php so we can + // report a message to ask to login when search ajax component is used after a timeout. + //top_httphead(); return 'ERROR_NOT_LOGGED'; } else { if ($_SERVER["HTTP_USER_AGENT"] == 'securitytest') { http_response_code(401); // It makes easier to understand if session was broken during security tests } - dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : '')); + dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : '')); // This include http headers } exit; } @@ -1242,8 +1246,7 @@ if (!defined('NOLOGIN')) { // If not active, we refuse the user $langs->loadLangs(array("errors", "other")); dol_syslog("Authentication KO as login is disabled", LOG_NOTICE); - accessforbidden($langs->trans("ErrorLoginDisabled")); - exit; + accessforbidden("ErrorLoginDisabled"); } // Load permissions diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 7e086887a37..688f8235174 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -81,10 +81,10 @@ $idmodule= GETPOST('idmodule', 'alpha'); // Security check if (!isModEnabled('modulebuilder')) { - accessforbidden(); + accessforbidden('Module ModuleBuilder not enabled'); } if (!$user->admin && empty($conf->global->MODULEBUILDER_FOREVERYONE)) { - accessforbidden($langs->trans('ModuleBuilderNotAllowed')); + accessforbidden('ModuleBuilderNotAllowed'); } diff --git a/htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php b/htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php index 290048785fd..280f62dc2c1 100644 --- a/htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php +++ b/htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php @@ -46,12 +46,8 @@ class mailing_mailinglist_mymodule_myobject extends MailingTargets */ public function __construct($db) { - global $conf; - $this->db = $db; - if (is_array($conf->modules)) { - $this->enabled = in_array('mymodule', $conf->modules) ? 1 : 0; - } + $this->enabled = isModEnabled('mymodule'); } diff --git a/htdocs/modulebuilder/template/myobject_agenda.php b/htdocs/modulebuilder/template/myobject_agenda.php index 6cc99f4f34d..0a397dceaa6 100644 --- a/htdocs/modulebuilder/template/myobject_agenda.php +++ b/htdocs/modulebuilder/template/myobject_agenda.php @@ -38,7 +38,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 7ecce8c745f..aa2680ea568 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -38,7 +38,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification @@ -248,8 +247,7 @@ llxHeader('', $title, $help_url); // Part to create if ($action == 'create') { if (empty($permissiontoadd)) { - accessforbidden($langs->trans('NotEnoughPermissions'), 0, 1); - exit; + accessforbidden('NotEnoughPermissions', 0, 1); } print load_fiche_titre($langs->trans("NewObject", $langs->transnoentitiesnoconv("MyObject")), '', 'object_'.$object->picto); diff --git a/htdocs/modulebuilder/template/myobject_document.php b/htdocs/modulebuilder/template/myobject_document.php index d06eb61ba0e..4a4b68391bc 100644 --- a/htdocs/modulebuilder/template/myobject_document.php +++ b/htdocs/modulebuilder/template/myobject_document.php @@ -38,7 +38,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification @@ -143,7 +142,13 @@ if ($enablepermissioncheck) { if (!isModEnabled("mymodule")) { accessforbidden(); } -if (!$permissiontoread) accessforbidden(); +if (!$permissiontoread) { + accessforbidden(); +} +if (empty($object->id)) { + accessforbidden(); +} + /* @@ -164,100 +169,94 @@ $help_url = ''; //$help_url='EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas'; llxHeader('', $title, $help_url); -if ($object->id) { - /* - * Show tabs - */ - $head = myobjectPrepareHead($object); +// Show tabs +$head = myobjectPrepareHead($object); - print dol_get_fiche_head($head, 'document', $langs->trans("MyObject"), -1, $object->picto); +print dol_get_fiche_head($head, 'document', $langs->trans("MyObject"), -1, $object->picto); - // Build file list - $filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); - $totalsize = 0; - foreach ($filearray as $key => $file) { - $totalsize += $file['size']; - } - - // Object card - // ------------------------------------------------------------ - $linkback = ''.$langs->trans("BackToList").''; - - $morehtmlref = '
'; - /* - // Ref customer - $morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); - $morehtmlref.=$form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1); - // Thirdparty - $morehtmlref.='
'.$langs->trans('ThirdParty') . ' : ' . (is_object($object->thirdparty) ? $object->thirdparty->getNomUrl(1) : ''); - // Project - if (!empty($conf->project->enabled)) - { - $langs->load("projects"); - $morehtmlref.='
'.$langs->trans('Project') . ' '; - if ($permissiontoadd) - { - if ($action != 'classify') - //$morehtmlref.='' . img_edit($langs->transnoentitiesnoconv('SetProject')) . ' : '; - $morehtmlref.=' : '; - if ($action == 'classify') { - //$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1); - $morehtmlref.=''; - $morehtmlref.=''; - $morehtmlref.=''; - $morehtmlref.=$formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref.=''; - $morehtmlref.=''; - } else { - $morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); - } - } else { - if (!empty($object->fk_project)) { - $proj = new Project($db); - $proj->fetch($object->fk_project); - $morehtmlref .= ': '.$proj->getNomUrl(); - } else { - $morehtmlref .= ''; - } - } - }*/ - $morehtmlref .= '
'; - - dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); - - print '
'; - - print '
'; - print ''; - - // Number of files - print ''; - - // Total size - print ''; - - print '
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.$totalsize.' '.$langs->trans("bytes").'
'; - - print '
'; - - print dol_get_fiche_end(); - - $modulepart = 'mymodule'; - //$permissiontoadd = $user->rights->mymodule->myobject->write; - $permissiontoadd = 1; - //$permtoedit = $user->rights->mymodule->myobject->write; - $permtoedit = 1; - $param = '&id='.$object->id; - - //$relativepathwithnofile='myobject/' . dol_sanitizeFileName($object->id).'/'; - $relativepathwithnofile = 'myobject/'.dol_sanitizeFileName($object->ref).'/'; - - include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; -} else { - accessforbidden('', 0, 1); +// Build file list +$filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); +$totalsize = 0; +foreach ($filearray as $key => $file) { + $totalsize += $file['size']; } +// Object card +// ------------------------------------------------------------ +$linkback = ''.$langs->trans("BackToList").''; + +$morehtmlref = '
'; +/* + // Ref customer + $morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); + $morehtmlref.=$form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1); + // Thirdparty + $morehtmlref.='
'.$langs->trans('ThirdParty') . ' : ' . (is_object($object->thirdparty) ? $object->thirdparty->getNomUrl(1) : ''); + // Project + if (!empty($conf->project->enabled)) + { + $langs->load("projects"); + $morehtmlref.='
'.$langs->trans('Project') . ' '; + if ($permissiontoadd) + { + if ($action != 'classify') + //$morehtmlref.='' . img_edit($langs->transnoentitiesnoconv('SetProject')) . ' : '; + $morehtmlref.=' : '; + if ($action == 'classify') { + //$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1); + $morehtmlref.='
'; + $morehtmlref.=''; + $morehtmlref.=''; + $morehtmlref.=$formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); + $morehtmlref.=''; + $morehtmlref.='
'; + } else { + $morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); + } + } else { + if (!empty($object->fk_project)) { + $proj = new Project($db); + $proj->fetch($object->fk_project); + $morehtmlref .= ': '.$proj->getNomUrl(); + } else { + $morehtmlref .= ''; + } + } + }*/ +$morehtmlref .= '
'; + +dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); + +print '
'; + +print '
'; +print ''; + +// Number of files +print ''; + +// Total size +print ''; + +print '
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.$totalsize.' '.$langs->trans("bytes").'
'; + +print '
'; + +print dol_get_fiche_end(); + +$modulepart = 'mymodule'; +//$permissiontoadd = $user->rights->mymodule->myobject->write; +$permissiontoadd = 1; +//$permtoedit = $user->rights->mymodule->myobject->write; +$permtoedit = 1; +$param = '&id='.$object->id; + +//$relativepathwithnofile='myobject/' . dol_sanitizeFileName($object->id).'/'; +$relativepathwithnofile = 'myobject/'.dol_sanitizeFileName($object->ref).'/'; + +include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; + // End of page llxFooter(); $db->close(); diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index 987b58f2369..789a5d2312d 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -38,7 +38,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/modulebuilder/template/myobject_note.php b/htdocs/modulebuilder/template/myobject_note.php index 6b03ddbf8c6..e97d131551a 100644 --- a/htdocs/modulebuilder/template/myobject_note.php +++ b/htdocs/modulebuilder/template/myobject_note.php @@ -38,7 +38,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("MAIN_SECURITY_FORCECSP")) define('MAIN_SECURITY_FORCECSP', 'none'); // Disable all Content Security Policies //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification diff --git a/htdocs/modulebuilder/template/scripts/mymodule.php b/htdocs/modulebuilder/template/scripts/mymodule.php index 860c3a54bec..2d9b3aac79c 100644 --- a/htdocs/modulebuilder/template/scripts/mymodule.php +++ b/htdocs/modulebuilder/template/scripts/mymodule.php @@ -39,7 +39,6 @@ //if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip //if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification if (!defined('NOSESSION')) define('NOSESSION', '1'); // On CLI mode, no need to use web sessions diff --git a/htdocs/public/agenda/agendaexport.php b/htdocs/public/agenda/agendaexport.php index a0e7ea817a7..fa134da668c 100644 --- a/htdocs/public/agenda/agendaexport.php +++ b/htdocs/public/agenda/agendaexport.php @@ -84,7 +84,7 @@ require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; // Security check if (empty($conf->agenda->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Agenda not enabled'); } // Not older than diff --git a/htdocs/public/cron/cron_run_jobs_by_url.php b/htdocs/public/cron/cron_run_jobs_by_url.php index fa81b8d8bd7..497c68954db 100644 --- a/htdocs/public/cron/cron_run_jobs_by_url.php +++ b/htdocs/public/cron/cron_run_jobs_by_url.php @@ -75,7 +75,7 @@ $langs->loadLangs(array("admin", "cron", "dict")); // Security check if (empty($conf->cron->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Cron not enabled'); } diff --git a/htdocs/public/demo/index.php b/htdocs/public/demo/index.php index 49bde1a2b9b..892eb45870d 100644 --- a/htdocs/public/demo/index.php +++ b/htdocs/public/demo/index.php @@ -51,7 +51,7 @@ $conf->dol_use_jmobile = GETPOST('dol_use_jmobile', 'int'); // Security check global $dolibarr_main_demo; if (empty($dolibarr_main_demo)) { - accessforbidden('Parameter dolibarr_main_demo must be defined in conf file with value "default login,default pass" to enable the demo entry page', 0, 0, 1); + httponly_accessforbidden('Parameter dolibarr_main_demo must be defined in conf file with value "default login,default pass" to enable the demo entry page'); } // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context diff --git a/htdocs/public/donations/donateurs_code.php b/htdocs/public/donations/donateurs_code.php index 87db3ee4133..51f7ef7234b 100644 --- a/htdocs/public/donations/donateurs_code.php +++ b/htdocs/public/donations/donateurs_code.php @@ -60,7 +60,7 @@ require_once DOL_DOCUMENT_ROOT.'/don/class/don.class.php'; // Security check if (empty($conf->don->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Donation not enabled'); } diff --git a/htdocs/public/eventorganization/attendee_new.php b/htdocs/public/eventorganization/attendee_new.php index 8bb85022b2e..b3eb731ab19 100644 --- a/htdocs/public/eventorganization/attendee_new.php +++ b/htdocs/public/eventorganization/attendee_new.php @@ -138,7 +138,7 @@ $user->loadDefaultValues(); // Security check if (empty($conf->eventorganization->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Event organization not enabled'); } diff --git a/htdocs/public/eventorganization/subscriptionok.php b/htdocs/public/eventorganization/subscriptionok.php index 8acf3daba78..248c281a284 100644 --- a/htdocs/public/eventorganization/subscriptionok.php +++ b/htdocs/public/eventorganization/subscriptionok.php @@ -77,7 +77,7 @@ if ($securekeyreceived != $securekeytocompare) { // Security check if (empty($conf->eventorganization->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Event organization not enabled'); } diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index 2a69b4b0ef0..0a1ebc0600e 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -86,12 +86,11 @@ $langs->loadLangs(array("main", "members", "companies", "install", "other")); // Security check if (empty($conf->adherent->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Membership not enabled'); } if (empty($conf->global->MEMBER_ENABLE_PUBLIC)) { - print $langs->trans("Auto subscription form for public visitors has not been enabled"); - exit; + httponly_accessforbidden("Auto subscription form for public visitors has not been enabled"); } // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context diff --git a/htdocs/public/members/public_card.php b/htdocs/public/members/public_card.php index d58b6448edb..067e6ed94ea 100644 --- a/htdocs/public/members/public_card.php +++ b/htdocs/public/members/public_card.php @@ -53,7 +53,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; // Security check if (empty($conf->adherent->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Memebership no enabled'); } diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php index 178af5fce11..24cdcf5c001 100644 --- a/htdocs/public/members/public_list.php +++ b/htdocs/public/members/public_list.php @@ -49,7 +49,7 @@ require '../../main.inc.php'; // Security check if (empty($conf->adherent->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Membership not enabled'); } diff --git a/htdocs/public/onlinesign/newonlinesign.php b/htdocs/public/onlinesign/newonlinesign.php index 65c2faf7918..411a37d6284 100644 --- a/htdocs/public/onlinesign/newonlinesign.php +++ b/htdocs/public/onlinesign/newonlinesign.php @@ -81,13 +81,6 @@ $ref = $REF = GETPOST("ref", 'alpha'); if (empty($source)) { $source = 'proposal'; } - -if (!$action) { - if ($source && !$ref) { - print $langs->trans('ErrorBadParameters')." - ref missing"; - exit; - } -} if (!empty($refusepropal)) { $action = "refusepropal"; } @@ -123,15 +116,12 @@ $urlko = preg_replace('/&$/', '', $urlko); // Remove last & $creditor = $mysoc->name; $type = $source; -if ($source == 'proposal') { - require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; - $object = new Propal($db); - $result= $object->fetch(0, $ref, '', $entity); -} else { - accessforbidden('Bad value for source'); - exit; -} +if (!$action) { + if ($source && !$ref) { + httponly_accessforbidden($langs->trans('ErrorBadParameters')." - ref missing", 400, 1); + } +} // Check securitykey $securekeyseed = ''; @@ -139,10 +129,16 @@ if ($source == 'proposal') { $securekeyseed = getDolGlobalString('PROPOSAL_ONLINE_SIGNATURE_SECURITY_TOKEN'); } -if (!dol_verifyHash($securekeyseed.$type.$ref.(!isModEnabled('multicompany') ? '' : $entity), $SECUREKEY, '0')) { - http_response_code(403); - print 'Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref); - exit(-1); +if (!dol_verifyHash($securekeyseed.$type.$ref.(isModEnabled('multicompany') ? $entity : ''), $SECUREKEY, '0')) { + httponly_accessforbidden('Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref), 403, 1); +} + +if ($source == 'proposal') { + require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; + $object = new Propal($db); + $result= $object->fetch(0, $ref, '', $entity); +} else { + httponly_accessforbidden($langs->trans('ErrorBadParameters')." - Bad value for source", 400, 1); } diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index 4853eec496e..3450393b7b7 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -59,7 +59,7 @@ $canbemodified = ((empty($object->date_fin) || $object->date_fin > dol_now()) && // Security check if (empty($conf->opensurvey->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Survey not enabled'); } @@ -74,7 +74,7 @@ $listofvoters = explode(',', $_SESSION["savevoter"]); // Add comment if (GETPOST('ajoutcomment', 'alpha')) { if (!$canbemodified) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('ErrorForbidden'); } $error = 0; @@ -108,7 +108,7 @@ if (GETPOST('ajoutcomment', 'alpha')) { // Add vote if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // boutonp for chrome, boutonp_x for firefox if (!$canbemodified) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('ErrorForbidden'); } //Si le nom est bien entré @@ -214,7 +214,7 @@ if ($testmodifier) { } if (!$canbemodified) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('ErrorForbidden'); } $idtomodify = GETPOST("idtomodify".$modifier); @@ -232,7 +232,7 @@ if ($testmodifier) { $idcomment = GETPOST('deletecomment', 'int'); if ($idcomment) { if (!$canbemodified) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('ErrorForbidden'); } $resql = $object->deleteComment($idcomment); diff --git a/htdocs/public/partnership/new.php b/htdocs/public/partnership/new.php index a50892c9e08..f2706bf0bc9 100644 --- a/htdocs/public/partnership/new.php +++ b/htdocs/public/partnership/new.php @@ -71,12 +71,11 @@ $langs->loadLangs(array("main", "members", "partnership", "companies", "install" // Security check if (empty($conf->partnership->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Partnership not enabled'); } if (empty($conf->global->PARTNERSHIP_ENABLE_PUBLIC)) { - print $langs->trans("Auto subscription form for public visitors has not been enabled"); - exit; + httponly_accessforbidden("Auto subscription form for public visitors has not been enabled"); } // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context diff --git a/htdocs/public/payment/paymentko.php b/htdocs/public/payment/paymentko.php index 606bed0c490..67ad99d46f3 100644 --- a/htdocs/public/payment/paymentko.php +++ b/htdocs/public/payment/paymentko.php @@ -108,7 +108,7 @@ if (!empty($conf->stripe->enabled)) { // Security check if (empty($validpaymentmethod)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('No valid payment mode'); } diff --git a/htdocs/public/payment/paymentok.php b/htdocs/public/payment/paymentok.php index 209e931a75b..fee0e801964 100644 --- a/htdocs/public/payment/paymentok.php +++ b/htdocs/public/payment/paymentok.php @@ -138,7 +138,7 @@ if (!empty($conf->stripe->enabled)) { // Security check if (empty($validpaymentmethod)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('No valid payment mode'); } diff --git a/htdocs/public/project/index.php b/htdocs/public/project/index.php index e5dfeb59a8e..6c8746152c4 100644 --- a/htdocs/public/project/index.php +++ b/htdocs/public/project/index.php @@ -84,7 +84,7 @@ if ($resultproject < 0) { // Security check if (empty($conf->project->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Project not enabled'); } diff --git a/htdocs/public/project/new.php b/htdocs/public/project/new.php index d984b3346d8..3241b6004ca 100644 --- a/htdocs/public/project/new.php +++ b/htdocs/public/project/new.php @@ -82,7 +82,7 @@ $user->loadDefaultValues(); // Security check if (empty($conf->project->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Project not enabled'); } diff --git a/htdocs/public/project/suggestbooth.php b/htdocs/public/project/suggestbooth.php index 52193e4fcd4..0c11c82e13b 100644 --- a/htdocs/public/project/suggestbooth.php +++ b/htdocs/public/project/suggestbooth.php @@ -105,7 +105,7 @@ $arrayofconfboothtype = $cactioncomm->liste_array('', 'id', '', 0, "module='boot // Security check if (empty($conf->eventorganization->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Event organization not enabled'); } diff --git a/htdocs/public/project/suggestconference.php b/htdocs/public/project/suggestconference.php index 05cc8e61a82..cfe5bb67fec 100644 --- a/htdocs/public/project/suggestconference.php +++ b/htdocs/public/project/suggestconference.php @@ -106,7 +106,7 @@ $arrayofconfboothtype = $cactioncomm->liste_array('', 'id', '', 0, "module='conf // Security check if (empty($conf->eventorganization->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Event organization not enabled'); } diff --git a/htdocs/public/project/viewandvote.php b/htdocs/public/project/viewandvote.php index 805eb8cfdd1..1c8d1208d1f 100644 --- a/htdocs/public/project/viewandvote.php +++ b/htdocs/public/project/viewandvote.php @@ -91,7 +91,7 @@ if ($resultproject < 0) { // Security check if (empty($conf->eventorganization->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Event organization not enabled'); } diff --git a/htdocs/public/recruitment/index.php b/htdocs/public/recruitment/index.php index 32585c94bb4..5ad954af906 100644 --- a/htdocs/public/recruitment/index.php +++ b/htdocs/public/recruitment/index.php @@ -80,7 +80,7 @@ $urlwithroot = DOL_MAIN_URL_ROOT; // This is to use same domain name than curren // Security check if (empty($conf->recruitment->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Recruitment not enabled'); } diff --git a/htdocs/public/recruitment/view.php b/htdocs/public/recruitment/view.php index 2eaa51ac2fe..0875f33ebdd 100644 --- a/htdocs/public/recruitment/view.php +++ b/htdocs/public/recruitment/view.php @@ -77,7 +77,7 @@ $urlwithroot = DOL_MAIN_URL_ROOT; // This is to use same domain name than curren // Security check if (empty($conf->recruitment->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Recruitment not enabled'); } diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php index 29e22c72de7..f1571557d83 100644 --- a/htdocs/public/stripe/ipn.php +++ b/htdocs/public/stripe/ipn.php @@ -49,11 +49,6 @@ require_once DOL_DOCUMENT_ROOT.'/includes/stripe/stripe-php/init.php'; require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php'; -if (empty($conf->stripe->enabled)) { - accessforbidden('', 0, 0, 1); -} - - // You can find your endpoint's secret in your webhook settings if (isset($_GET['connect'])) { if (isset($_GET['test'])) { @@ -77,10 +72,12 @@ if (isset($_GET['connect'])) { } } +if (empty($conf->stripe->enabled)) { + httponly_accessforbidden('Module Stripe not enabled'); +} + if (empty($endpoint_secret)) { - print 'Error: Setup of module Stripe not complete for mode '.$service.'. The WEBHOOK_KEY is not defined.'; - http_response_code(400); // PHP 5.4 or greater - exit(); + httponly_accessforbidden('Error: Setup of module Stripe not complete for mode '.dol_escape_htmltag($service).'. The WEBHOOK_KEY is not defined.', 400, 1); } if (!empty($conf->global->STRIPE_USER_ACCOUNT_FOR_ACTIONS)) { @@ -89,9 +86,7 @@ if (!empty($conf->global->STRIPE_USER_ACCOUNT_FOR_ACTIONS)) { $user->fetch($conf->global->STRIPE_USER_ACCOUNT_FOR_ACTIONS); $user->getrights(); } else { - print 'Error: Setup of module Stripe not complete for mode '.$service.'. The STRIPE_USER_ACCOUNT_FOR_ACTIONS is not defined.'; - http_response_code(400); // PHP 5.4 or greater - exit(); + httponly_accessforbidden('Error: Setup of module Stripe not complete for mode '.dol_escape_htmltag($service).'. The STRIPE_USER_ACCOUNT_FOR_ACTIONS is not defined.', 400, 1); } @@ -113,12 +108,9 @@ try { $event = \Stripe\Webhook::constructEvent($payload, $sig_header, $endpoint_secret); } catch (\UnexpectedValueException $e) { // Invalid payload - http_response_code(400); // PHP 5.4 or greater - exit(); + httponly_accessforbidden('Invalid payload', 400); } catch (\Stripe\Error\SignatureVerification $e) { - // Invalid signature - http_response_code(400); // PHP 5.4 or greater - exit(); + httponly_accessforbidden('Invalid signature', 400); } // Do something with $event @@ -155,6 +147,7 @@ if (!empty($conf->global->MAIN_APPLICATION_TITLE)) { $societeName = $conf->global->MAIN_APPLICATION_TITLE; } +top_httphead(); dol_syslog("***** Stripe IPN was called with event->type = ".$event->type); @@ -195,11 +188,10 @@ if ($event->type == 'payout.created') { $ret = $mailfile->sendfile(); - http_response_code(200); // PHP 5.4 or greater return 1; } else { $error++; - http_response_code(500); // PHP 5.4 or greater + http_response_code(500); return -1; } } elseif ($event->type == 'payout.paid') { @@ -287,7 +279,6 @@ if ($event->type == 'payout.created') { $ret = $mailfile->sendfile(); - http_response_code(200); return 1; } else { $error++; @@ -396,4 +387,4 @@ if ($event->type == 'payout.created') { // This event is deprecated. } -http_response_code(200); +// End of page. Default return HTTP code will be 200 diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 7ebbdb05af3..59f12a64482 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -91,7 +91,7 @@ if (!empty($conf->global->TICKET_CREATE_THIRD_PARTY_WITH_CONTACT_IF_NOT_EXIST)) $extrafields->fetch_name_optionals_label($object->table_element); if (empty($conf->ticket->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Ticket not enabled'); } diff --git a/htdocs/public/ticket/index.php b/htdocs/public/ticket/index.php index 6332f063541..ae9b281900e 100644 --- a/htdocs/public/ticket/index.php +++ b/htdocs/public/ticket/index.php @@ -59,7 +59,7 @@ $action = GETPOST('action', 'aZ09'); $suffix = ""; if (empty($conf->ticket->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Ticket not enabled'); } diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 7af60f50e83..5730ac424df 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -79,7 +79,7 @@ $object = new Ticket($db); $hookmanager->initHooks(array('ticketpubliclist', 'globalcard')); if (empty($conf->ticket->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Ticket not enabled'); } diff --git a/htdocs/public/ticket/view.php b/htdocs/public/ticket/view.php index de76e2f9904..d46944ebd82 100644 --- a/htdocs/public/ticket/view.php +++ b/htdocs/public/ticket/view.php @@ -73,7 +73,7 @@ if (isset($_SESSION['email_customer'])) { $object = new ActionsTicket($db); if (empty($conf->ticket->enabled)) { - accessforbidden('', 0, 0, 1); + httponly_accessforbidden('Module Ticket not enabled'); } diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php index 92c7efb63d9..fccb1ae3044 100644 --- a/htdocs/societe/document.php +++ b/htdocs/societe/document.php @@ -92,7 +92,9 @@ if ($user->socid > 0) { } $result = restrictedArea($user, 'societe', $object->id, '&societe'); -$permissiontoadd = $user->rights->societe->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles +if (empty($object->id)) { + accessforbidden(); +} /* @@ -115,88 +117,80 @@ if (!empty($conf->global->MAIN_HTML_TITLE) && preg_match('/thirdpartynameonly/', $help_url = 'EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas'; llxHeader('', $title, $help_url); -if ($object->id) { - /* - * Show tabs - */ - if (!empty($conf->notification->enabled)) { - $langs->load("mails"); - } - $head = societe_prepare_head($object); - - $form = new Form($db); - - print dol_get_fiche_head($head, 'document', $langs->trans("ThirdParty"), -1, 'company'); - - - // Build file list - $filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); - $totalsize = 0; - foreach ($filearray as $key => $file) { - $totalsize += $file['size']; - } - - $linkback = ''.$langs->trans("BackToList").''; - - dol_banner_tab($object, 'socid', $linkback, ($user->socid ? 0 : 1), 'rowid', 'nom'); - - print '
'; - - print '
'; - print ''; - - // Type Prospect/Customer/Supplier - print ''; - - // Prefix - if (!empty($conf->global->SOCIETE_USEPREFIX)) { // Old not used prefix field - print ''; - } - - if ($object->client) { - print ''; - } - - if ($object->fournisseur) { - print ''; - } - - // Number of files - print ''; - - // Total size - print ''; - - print '
'.$langs->trans('NatureOfThirdParty').''; - print $object->getTypeUrl(1); - print '
'.$langs->trans('Prefix').''.$object->prefix_comm.'
'; - print $langs->trans('CustomerCode').''; - print showValueWithClipboardCPButton(dol_escape_htmltag($object->code_client)); - $tmpcheck = $object->check_codeclient(); - if ($tmpcheck != 0 && $tmpcheck != -5) { - print ' ('.$langs->trans("WrongCustomerCode").')'; - } - print '
'; - print $langs->trans('SupplierCode').''; - print showValueWithClipboardCPButton(dol_escape_htmltag($object->code_fournisseur)); - $tmpcheck = $object->check_codefournisseur(); - if ($tmpcheck != 0 && $tmpcheck != -5) { - print ' ('.$langs->trans("WrongSupplierCode").')'; - } - print '
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.dol_print_size($totalsize, 1, 1).'
'; - - print '
'; - - print dol_get_fiche_end(); - - $modulepart = 'societe'; - $permissiontoadd = $user->rights->societe->creer; - $permtoedit = $user->rights->societe->creer; - $param = '&id='.$object->id; - include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; -} else { - accessforbidden('', 0, 0); +// Show tabs +if (!empty($conf->notification->enabled)) { + $langs->load("mails"); } +$head = societe_prepare_head($object); + +print dol_get_fiche_head($head, 'document', $langs->trans("ThirdParty"), -1, 'company'); + + +// Build file list +$filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); +$totalsize = 0; +foreach ($filearray as $key => $file) { + $totalsize += $file['size']; +} + +$linkback = ''.$langs->trans("BackToList").''; + +dol_banner_tab($object, 'socid', $linkback, ($user->socid ? 0 : 1), 'rowid', 'nom'); + +print '
'; + +print '
'; +print ''; + +// Type Prospect/Customer/Supplier +print ''; + +// Prefix +if (!empty($conf->global->SOCIETE_USEPREFIX)) { // Old not used prefix field + print ''; +} + +if ($object->client) { + print ''; +} + +if ($object->fournisseur) { + print ''; +} + +// Number of files +print ''; + +// Total size +print ''; + +print '
'.$langs->trans('NatureOfThirdParty').''; +print $object->getTypeUrl(1); +print '
'.$langs->trans('Prefix').''.$object->prefix_comm.'
'; + print $langs->trans('CustomerCode').''; + print showValueWithClipboardCPButton(dol_escape_htmltag($object->code_client)); + $tmpcheck = $object->check_codeclient(); + if ($tmpcheck != 0 && $tmpcheck != -5) { + print ' ('.$langs->trans("WrongCustomerCode").')'; + } + print '
'; + print $langs->trans('SupplierCode').''; + print showValueWithClipboardCPButton(dol_escape_htmltag($object->code_fournisseur)); + $tmpcheck = $object->check_codefournisseur(); + if ($tmpcheck != 0 && $tmpcheck != -5) { + print ' ('.$langs->trans("WrongSupplierCode").')'; + } + print '
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.dol_print_size($totalsize, 1, 1).'
'; + +print '
'; + +print dol_get_fiche_end(); + +$modulepart = 'societe'; +$permissiontoadd = $user->rights->societe->creer; +$permtoedit = $user->rights->societe->creer; +$param = '&id='.$object->id; +include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; // End of page llxFooter(); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 12b2a52742d..cb61ab6c1b1 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -753,7 +753,7 @@ class User extends CommonObject //var_dump($module); //var_dump($this->rights->$rightsPath); //var_dump($conf->modules); - if (!in_array($module, $conf->modules)) { + if (!isModEnabled($module)) { return 0; } diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index f297fed62b4..3b1d60e0e90 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -138,10 +138,10 @@ $entity = GETPOST('entity', 'int') ?GETPOST('entity', 'int') : $conf->entity; // Security check if (empty($modulepart) && empty($hashp)) { - accessforbidden('Bad link. Bad value for parameter modulepart', 0, 0, 1); + httponly_accessforbidden('Bad link. Bad value for parameter modulepart', 400); } if (empty($original_file) && empty($hashp) && $modulepart != 'barcode') { - accessforbidden('Bad link. Missing identification to find file (param file or hashp)', 0, 0, 1); + httponly_accessforbidden('Bad link. Missing identification to find file (param file or hashp)', 400); } if ($modulepart == 'fckeditor') { $modulepart = 'medias'; // For backward compatibility @@ -192,7 +192,7 @@ if (!empty($hashp)) { $original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir //var_dump($original_file); exit; } else { - accessforbidden('Bad link. File is from another module part.', 0, 0, 1); + httponly_accessforbidden('Bad link. File is from another module part.', 403); } } else { $modulepart = $moduleparttocheck; @@ -200,7 +200,7 @@ if (!empty($hashp)) { } } else { $langs->load("errors"); - accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 0, 0, 1); + httponly_accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"), 403, 1); } } @@ -214,11 +214,11 @@ if (GETPOST('type', 'alpha')) { // Security: This wrapper is for images. We do not allow type/html if (preg_match('/html/i', $type)) { - accessforbidden('Error: Using the image wrapper to output a file with a mime type HTML is not possible.', 0, 0, 1); + httponly_accessforbidden('Error: Using the image wrapper to output a file with a mime type HTML is not possible.'); } // Security: This wrapper is for images. We do not allow files ending with .noexe if (preg_match('/\.noexe$/i', $original_file)) { - accessforbidden('Error: Using the image wrapper to output a file ending with .noexe is not allowed.', 0, 0, 1); + httponly_accessforbidden('Error: Using the image wrapper to output a file ending with .noexe is not allowed.'); } // Security: Delete string ../ or ..\ into $original_file @@ -231,12 +231,12 @@ $refname = basename(dirname($original_file)."/"); // Check that file is allowed for view with viewimage.php if (!empty($original_file) && !dolIsAllowedForPreview($original_file)) { - accessforbidden('This file is not qualified for preview', 0, 0, 1); + httponly_accessforbidden('This file is not qualified for preview', 403); } // Security check if (empty($modulepart)) { - accessforbidden('Bad value for parameter modulepart', 0, 0, 1); + httponly_accessforbidden('Bad value for parameter modulepart', 400); } // When logged in a different entity, medias cannot be accessed because $conf->$module->multidir_output diff --git a/htdocs/webhook/target_card.php b/htdocs/webhook/target_card.php index 2b79fd3fced..a2251d7d4a9 100644 --- a/htdocs/webhook/target_card.php +++ b/htdocs/webhook/target_card.php @@ -191,7 +191,7 @@ llxHeader('', $title, $help_url); // Part to create if ($action == 'create') { if (empty($permissiontoadd)) { - accessforbidden($langs->trans('NotEnoughPermissions'), 0, 1); + accessforbidden('NotEnoughPermissions', 0, 1); exit; } From f60ea48d75c6dd9a7421cbe7642445ae0e9a68c7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Sep 2022 14:02:55 +0200 Subject: [PATCH 132/212] Update doc --- COPYRIGHT | 1 + 1 file changed, 1 insertion(+) diff --git a/COPYRIGHT b/COPYRIGHT index 83d054d63be..8c8a1f56355 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -33,6 +33,7 @@ PEAR Mail_MIME 1.8.9 BSD Yes ParseDown 1.6 MIT License Yes Markdown parser PCLZip 2.8.4 LGPL-3+ Yes Library to zip/unzip files PHPDebugBar 1.15.1 MIT License Yes Used only by the module "debugbar" for developers +PHP-Imap 2.7.2 MIT License Yes Library to use IMAP with OAuth PHPSpreadSheet 1.8.2 LGPL-2.1+ Yes Read/Write XLS files, read ODS files php-iban 4.1 LGPL-3+ Yes Parse and validate IBAN (and IIBAN) bank account information in PHP PHPoAuthLib 0.8.2 MIT License Yes Library to provide oauth1 and oauth2 to different service From 26ad6199e55d56a22ccf43f4693aa3732271bd64 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Sep 2022 15:33:55 +0200 Subject: [PATCH 133/212] NEW The purge of iles can purge only if older than a number of seconds --- htdocs/admin/tools/purge.php | 15 ++++++++---- htdocs/core/class/utils.class.php | 36 +++++++++++++++++++---------- htdocs/core/lib/files.lib.php | 38 +++++++++++++++++-------------- 3 files changed, 55 insertions(+), 34 deletions(-) diff --git a/htdocs/admin/tools/purge.php b/htdocs/admin/tools/purge.php index f6ce58a40c0..4b31d98490e 100644 --- a/htdocs/admin/tools/purge.php +++ b/htdocs/admin/tools/purge.php @@ -33,7 +33,7 @@ $langs->load("admin"); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $choice = GETPOST('choice', 'aZ09'); - +$nbsecondsold = GETPOSTINT('nbsecondsold'); // Define filelog to discard it from purge $filelog = ''; @@ -42,6 +42,7 @@ if (!empty($conf->syslog->enabled)) { $filelog = preg_replace('/DOL_DATA_ROOT/i', DOL_DATA_ROOT, $filelog); } +// Security if (!$user->admin) { accessforbidden(); } @@ -64,7 +65,8 @@ if ($action == 'purge' && !preg_match('/^confirm/i', $choice) && ($choice != 'al require_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php'; $utils = new Utils($db); - $result = $utils->purgeFiles($choice); + + $result = $utils->purgeFiles($choice, $nbsecondsold); $mesg = $utils->output; setEventMessages($mesg, null, 'mesgs'); @@ -114,8 +116,11 @@ print '>