| ';
diff --git a/htdocs/asterisk/wrapper.php b/htdocs/asterisk/wrapper.php
index 865d2754981..cc230431420 100644
--- a/htdocs/asterisk/wrapper.php
+++ b/htdocs/asterisk/wrapper.php
@@ -18,8 +18,7 @@
/**
* \file htdocs/asterisk/wrapper.php
* \brief File that is entry point to call an Asterisk server
- * \remarks To be used, an Asterisk user must be created by adding this
- * in /etc/asterisk/manager.conf
+ * \remarks To be used, an Asterisk user must be created by adding this in /etc/asterisk/manager.conf
* [dolibarr]
* secret = dolibarr
* deny=0.0.0.0/0.0.0.0
diff --git a/htdocs/compta/paiement/list.php b/htdocs/compta/paiement/list.php
index db14ad82ccc..279581096ea 100644
--- a/htdocs/compta/paiement/list.php
+++ b/htdocs/compta/paiement/list.php
@@ -47,10 +47,11 @@ $massaction = GETPOST('massaction', 'alpha');
$confirm = GETPOST('confirm', 'alpha');
$optioncss = GETPOST('optioncss', 'alpha');
$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'paymentlist';
+$mode = GETPOST('mode', 'alpha');
-$facid = GETPOSTINT('facid');
-$socid = GETPOSTINT('socid');
-$userid = GETPOSTINT('userid');
+$facid = GETPOST('facid', 'int');
+$socid = GETPOST('socid', 'int');
+$userid = GETPOST('userid', 'int');
$search_ref = GETPOST("search_ref", "alpha");
$search_date_startday = GETPOSTINT('search_date_startday');
@@ -69,7 +70,7 @@ $search_amount = GETPOST("search_amount", 'alpha'); // alpha because we must be
$search_status = GETPOST('search_status', 'intcomma');
$search_sale = GETPOSTINT('search_sale');
-$mode = GETPOST('mode', 'alpha');
+
$limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
diff --git a/htdocs/core/class/commonnumrefgenerator.class.php b/htdocs/core/class/commonnumrefgenerator.class.php
index 264a5417771..bdffbf7a372 100644
--- a/htdocs/core/class/commonnumrefgenerator.class.php
+++ b/htdocs/core/class/commonnumrefgenerator.class.php
@@ -125,7 +125,6 @@ abstract class CommonNumRefGenerator
*/
public function info($langs)
{
- global $langs;
return $langs->trans("NoDescription");
}
diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php
index c06ddaaea55..4e6d8c1762c 100644
--- a/htdocs/core/class/extrafields.class.php
+++ b/htdocs/core/class/extrafields.class.php
@@ -1082,6 +1082,9 @@ class ExtraFields
$help = $this->attributes[$extrafieldsobjectkey]['help'][$key];
$hidden = (empty($list) ? 1 : 0); // If empty, we are sure it is hidden, otherwise we show. If it depends on mode (view/create/edit form or list, this must be filtered by caller)
+ //var_dump('key='.$key.' '.$value.' '.$moreparam.' '.$keysuffix.' '.$keyprefix.' '.$objectid.' '.$extrafieldsobjectkey.' '.$mode);
+ //var_dump('label='.$label.' type='.$type.' param='.var_export($param, 1));
+
if ($computed) {
if (!preg_match('/^search_/', $keyprefix)) {
return ''.$langs->trans("AutomaticallyCalculated").'';
@@ -1691,10 +1694,10 @@ class ExtraFields
}
}
} elseif ($type == 'link') {
- $param_list = array_keys($param['options']); // $param_list='ObjectName:classPath'
+ $param_list = array_keys($param['options']); // $param_list[0] = 'ObjectName:classPath' but can also be 'ObjectName:classPath:1:(status:=:1)'
/* Removed.
- The selectForForms is called with parameter $objectfield defined, so that the app can retrieve the filter inside the ajax component instead of being provided as parameters. The
- filter was used to pass SQL requests leading to serious SQL injection problems. This should not be possible. Also the call of the ajax was broken by some WAF.
+ The selectForForms is called with parameter $objectfield defined, so the app can retrieve the filter inside the ajax component instead of being provided as parameters. The
+ filter was used to pass SQL requests leading to serious SQL injection problem. This should not be possible. Also the call of the ajax was broken by some WAF.
if (strpos($param_list[0], '$ID$') !== false && !empty($objectid)) {
$param_list[0] = str_replace('$ID$', $objectid, $param_list[0]);
}*/
@@ -1709,8 +1712,11 @@ class ExtraFields
$element = 'project';
}
- //$out = $form->selectForForms($param_list[0], $keyprefix.$key.$keysuffix, $value, $showempty, '', '', $morecss, '', 0, 0, '');
- $out = $form->selectForForms($tmparray[0], $keyprefix.$key.$keysuffix, $value, $showempty, '', '', $morecss, '', 0, 0, '', $element.':options_'.$key);
+ //$objectdesc = $param_list[0]; // Example: 'ObjectName:classPath:1:(status:=:1)' Replaced by next line: this was propagated also a filter by ajax call that was blocked by some WAF
+ $objectdesc = $tmparray[0]; // Example: 'ObjectName:classPath' To not propagate any filter (selectForForms do ajax call and propagating SQL filter is blocked by some WAF). Also we should use the one into the definition in the ->fields of $elem if found.
+ $objectfield = $element.':options_'.$key; // Example: 'actioncomm:options_fff' To be used in priority to know object linked with all its definition (including filters)
+
+ $out = $form->selectForForms($objectdesc, $keyprefix.$key.$keysuffix, $value, $showempty, '', '', $morecss, '', 0, 0, '', $objectfield);
} elseif (in_array($type, ['point', 'multipts', 'linestrg', 'polygon'])) {
require_once DOL_DOCUMENT_ROOT.'/core/class/dolgeophp.class.php';
$dolgeophp = new DolGeoPHP($this->db);
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 15c02064301..6d146cb93f5 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -8216,6 +8216,8 @@ class Form
{
global $conf, $extrafields, $user;
+ //var_dump($objectdesc); debug_print_backtrace();
+
$objectdescorig = $objectdesc;
$objecttmp = null;
$InfoFieldList = array();
@@ -8226,29 +8228,32 @@ class Form
if ($objectfield) { // We must retrieve the objectdesc from the field or extrafield
// Example: $objectfield = 'product:options_package' or 'myobject@mymodule:options_myfield'
$tmparray = explode(':', $objectfield);
- $objectdesc = '';
// Get instance of object from $element
$objectforfieldstmp = fetchObjectByElement(0, strtolower($tmparray[0]));
- $reg = array();
- if (preg_match('/^options_(.*)$/', $tmparray[1], $reg)) {
- // For a property in extrafields
- $key = $reg[1];
- // fetch optionals attributes and labels
- $extrafields->fetch_name_optionals_label($objectforfieldstmp->table_element);
+ if (is_object($objectforfieldstmp)) {
+ $objectdesc = '';
- if (!empty($extrafields->attributes[$objectforfieldstmp->table_element]['type'][$key]) && $extrafields->attributes[$objectforfieldstmp->table_element]['type'][$key] == 'link') {
- if (!empty($extrafields->attributes[$objectforfieldstmp->table_element]['param'][$key]['options'])) {
- $tmpextrafields = array_keys($extrafields->attributes[$objectforfieldstmp->table_element]['param'][$key]['options']);
- $objectdesc = $tmpextrafields[0];
+ $reg = array();
+ if (preg_match('/^options_(.*)$/', $tmparray[1], $reg)) {
+ // For a property in extrafields
+ $key = $reg[1];
+ // fetch optionals attributes and labels
+ $extrafields->fetch_name_optionals_label($objectforfieldstmp->table_element);
+
+ if (!empty($extrafields->attributes[$objectforfieldstmp->table_element]['type'][$key]) && $extrafields->attributes[$objectforfieldstmp->table_element]['type'][$key] == 'link') {
+ if (!empty($extrafields->attributes[$objectforfieldstmp->table_element]['param'][$key]['options'])) {
+ $tmpextrafields = array_keys($extrafields->attributes[$objectforfieldstmp->table_element]['param'][$key]['options']);
+ $objectdesc = $tmpextrafields[0];
+ }
+ }
+ } else {
+ // For a property in ->fields
+ if (array_key_exists($tmparray[1], $objectforfieldstmp->fields)) {
+ $objectdesc = $objectforfieldstmp->fields[$tmparray[1]]['type'];
+ $objectdesc = preg_replace('/^integer[^:]*:/', '', $objectdesc);
}
- }
- } else {
- // For a property in ->fields
- if (array_key_exists($tmparray[1], $objectforfieldstmp->fields)) {
- $objectdesc = $objectforfieldstmp->fields[$tmparray[1]]['type']; // should be integer:ObjectClass...
- $objectdesc = preg_replace('/^integer[^:]*:/', '', $objectdesc);
}
}
}
@@ -8267,7 +8272,7 @@ class Form
$InfoFieldList[3] = preg_replace('/:\w*$/', '', $vartmp); // take the filter field
$classname = $InfoFieldList[0];
- $classpath = $InfoFieldList[1];
+ $classpath = empty($InfoFieldList[1]) ? '' : $InfoFieldList[1];
//$addcreatebuttonornot = empty($InfoFieldList[2]) ? 0 : $InfoFieldList[2];
$filter = empty($InfoFieldList[3]) ? '' : $InfoFieldList[3];
$sortfield = empty($InfoFieldList[4]) ? '' : $InfoFieldList[4];
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index ea0a35ccc25..6708d10243d 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -6580,7 +6580,7 @@ function price($amount, $form = 0, $outlangs = '', $trunc = 1, $rounding = -1, $
$currency_code = $conf->currency;
}
- $listofcurrenciesbefore = array('AUD', 'CAD', 'CNY', 'COP', 'CLP', 'GBP', 'HKD', 'MXN', 'PEN', 'USD', 'CRC');
+ $listofcurrenciesbefore = array('AUD', 'CAD', 'CNY', 'COP', 'CLP', 'GBP', 'HKD', 'MXN', 'PEN', 'USD', 'CRC', 'ZAR');
$listoflanguagesbefore = array('nl_NL');
if (in_array($currency_code, $listofcurrenciesbefore) || in_array($outlangs->defaultlang, $listoflanguagesbefore)) {
$cursymbolbefore .= $outlangs->getCurrencySymbol($currency_code);
@@ -12441,7 +12441,7 @@ function getElementProperties($elementType)
}
}
// For compatibility and to work with non standard path
- if ($elementType == "action") {
+ if ($elementType == "action" || $elementType == "actioncomm") {
$classpath = 'comm/action/class';
$subelement = 'Actioncomm';
$module = 'agenda';
@@ -12764,6 +12764,9 @@ function fetchObjectByElement($element_id, $element_type, $element_ref = '', $us
} else {
$ismodenabled = isModEnabled($element_prop['module']);
}
+ //var_dump('element_type='.$element_type);
+ //var_dump($element_prop);
+ //var_dump($element_prop['module'].' '.$ismodenabled);
if (is_array($element_prop) && (empty($element_prop['module']) || $ismodenabled)) {
if ($useCache === 1
|