Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Merge branch '6.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source 
Conflicts:
	htdocs/filefunc.inc.php
This commit is contained in:
Laurent Destailleur
2017-09-06 19:24:42 +02:00
parent 7a6f3d899c 33e2179b65
commit 859d0dfe97
19 changed files with 267 additions and 247 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
htdocs/admin/company.php
View File

@@ -49,7 +49,7 @@ $error=0;
* Actions
*/
if ( ($action == 'update' && empty($_POST["cancel"]))
if ( ($action == 'update' && ! GETPOST("cancel",'alpha'))
|| ($action == 'updateedit') )
{
$tmparray=getCountry(GETPOST('country_id','int'),'all',$db,$langs,0);
@@ -63,18 +63,18 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_COUNTRY", $s,'chaine',0,'',$conf->entity);
}
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM",$_POST["nom"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS",$_POST["address"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN",$_POST["town"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP",$_POST["zipcode"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_STATE",$_POST["state_id"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_MONNAIE",$_POST["currency"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL",$_POST["tel"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX",$_POST["fax"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL",$_POST["mail"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB",$_POST["web"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE",$_POST["note"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD",$_POST["barcode"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM", GETPOST("nom",'nohtml'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS", GETPOST("address",'nohtml'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN", GETPOST("town",'nohtml'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("zipcode",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_STATE", GETPOST("state_id",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_MONNAIE", GETPOST("currency",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL", GETPOST("tel",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note",'none'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode",'alpha'),'chaine',0,'',$conf->entity);
$varforimage='logo'; $dirforimage=$conf->mycompany->dir_output.'/logos/';
if ($_FILES[$varforimage]["tmp_name"])
@@ -144,26 +144,26 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
}
}
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MANAGERS",$_POST["MAIN_INFO_SOCIETE_MANAGERS"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_CAPITAL",$_POST["capital"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE",$_POST["forme_juridique_code"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SIREN",$_POST["siren"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SIRET",$_POST["siret"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_APE",$_POST["ape"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_RCS",$_POST["rcs"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_PROFID5",$_POST["MAIN_INFO_PROFID5"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_PROFID6",$_POST["MAIN_INFO_PROFID6"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MANAGERS", GETPOST("MAIN_INFO_SOCIETE_MANAGERS",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_CAPITAL", GETPOST("capital",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE", GETPOST("forme_juridique_code",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SIREN", GETPOST("siren",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SIRET", GETPOST("siret",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_APE", GETPOST("ape",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_RCS", GETPOST("rcs",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_PROFID5", GETPOST("MAIN_INFO_PROFID5",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_PROFID6", GETPOST("MAIN_INFO_PROFID6",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_TVAINTRA",$_POST["tva"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_OBJECT",$_POST["object"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_TVAINTRA", GETPOST("tva",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_OBJECT", GETPOST("object",'nohtml'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "SOCIETE_FISCAL_MONTH_START",$_POST["fiscalmonthstart"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "SOCIETE_FISCAL_MONTH_START", GETPOST("fiscalmonthstart",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_TVAOPTION",$_POST["optiontva"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_TVAOPTION", GETPOST("optiontva",'alpha'),'chaine',0,'',$conf->entity);
// Local taxes
dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION",$_POST["optionlocaltax1"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION",$_POST["optionlocaltax2"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION", GETPOST("optionlocaltax1",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION", GETPOST("optionlocaltax2",'alpha'),'chaine',0,'',$conf->entity);
if($_POST["optionlocaltax1"]=="localtax1on")
{
@@ -173,9 +173,9 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
}
else
{
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", GETPOST('lt1'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", GETPOST('lt1','alpha'),'chaine',0,'',$conf->entity);
}
dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC1", $_POST["clt1"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC1", GETPOST("clt1",'alpha'),'chaine',0,'',$conf->entity);
}
if($_POST["optionlocaltax2"]=="localtax2on")
{
@@ -185,9 +185,9 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
}
else
{
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", GETPOST('lt2'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", GETPOST('lt2','alpha'),'chaine',0,'',$conf->entity);
}
dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC2", $_POST["clt2"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC2", GETPOST("clt2",'alpha'),'chaine',0,'',$conf->entity);
}
if ($action != 'updateedit' && ! $error)
@@ -311,20 +311,20 @@ if ($action == 'edit' || $action == 'updateedit')
// Name
print '<tr class="oddeven"><td class="fieldrequired"><label for="name">'.$langs->trans("CompanyName").'</label></td><td>';
print '<input name="nom" id="name" class="minwidth200" value="'. ($conf->global->MAIN_INFO_SOCIETE_NOM?$conf->global->MAIN_INFO_SOCIETE_NOM:$_POST["nom"]) . '" autofocus="autofocus"></td></tr>'."\n";
print '<input name="nom" id="name" class="minwidth200" value="'. ($conf->global->MAIN_INFO_SOCIETE_NOM?$conf->global->MAIN_INFO_SOCIETE_NOM: GETPOST("nom",'nohtml')) . '" autofocus="autofocus"></td></tr>'."\n";
// Addresse
print '<tr class="oddeven"><td><label for="address">'.$langs->trans("CompanyAddress").'</label></td><td>';
print '<textarea name="address" id="address" class="quatrevingtpercent" rows="'.ROWS_3.'">'. ($conf->global->MAIN_INFO_SOCIETE_ADDRESS?$conf->global->MAIN_INFO_SOCIETE_ADDRESS:$_POST["address"]) . '</textarea></td></tr>'."\n";
print '<textarea name="address" id="address" class="quatrevingtpercent" rows="'.ROWS_3.'">'. ($conf->global->MAIN_INFO_SOCIETE_ADDRESS?$conf->global->MAIN_INFO_SOCIETE_ADDRESS: GETPOST("address",'nohtml')) . '</textarea></td></tr>'."\n";
print '<tr class="oddeven"><td><label for="zipcode">'.$langs->trans("CompanyZip").'</label></td><td>';
print '<input class="minwidth100" name="zipcode" id="zipcode" value="'. ($conf->global->MAIN_INFO_SOCIETE_ZIP?$conf->global->MAIN_INFO_SOCIETE_ZIP:$_POST["zipcode"]) . '"></td></tr>'."\n";
print '<input class="minwidth100" name="zipcode" id="zipcode" value="'. ($conf->global->MAIN_INFO_SOCIETE_ZIP?$conf->global->MAIN_INFO_SOCIETE_ZIP: GETPOST("zipcode",'alpha')) . '"></td></tr>'."\n";
print '<tr class="oddeven"><td><label for="town">'.$langs->trans("CompanyTown").'</label></td><td>';
print '<input name="town" class="minwidth100" id="town" value="'. ($conf->global->MAIN_INFO_SOCIETE_TOWN?$conf->global->MAIN_INFO_SOCIETE_TOWN:$_POST["town"]) . '"></td></tr>'."\n";
print '<input name="town" class="minwidth100" id="town" value="'. ($conf->global->MAIN_INFO_SOCIETE_TOWN?$conf->global->MAIN_INFO_SOCIETE_TOWN: GETPOST("town",'nohtml')) . '"></td></tr>'."\n";
// Country
@@ -394,7 +394,7 @@ if ($action == 'edit' || $action == 'updateedit')
// Note
print '<tr class="oddeven"><td class="tdtop"><label for="note">'.$langs->trans("Note").'</label></td><td>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(! empty($conf->global->MAIN_INFO_SOCIETE_NOTE) ? $conf->global->MAIN_INFO_SOCIETE_NOTE : '').'</textarea></td></tr>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOST('note','none') ? GETPOST('note','none') : $conf->global->MAIN_INFO_SOCIETE_NOTE).'</textarea></td></tr>';
print '</td></tr>';
print '</table>';

91
htdocs/admin/menus/edit.php
View File

@@ -85,25 +85,25 @@ if ($action == 'update')
}
$menu = new Menubase($db);
$result=$menu->fetch($_POST['menuId']);
$result=$menu->fetch(GETPOST('menuId', 'int'));
if ($result > 0)
{
$menu->titre=$_POST['titre'];
$menu->leftmenu=$_POST['leftmenu'];
$menu->url=$_POST['url'];
$menu->langs=$_POST['langs'];
$menu->position=$_POST['position'];
$menu->enabled=$_POST['enabled'];
$menu->perms=$_POST['perms'];
$menu->target=$_POST['target'];
$menu->user=$_POST['user'];
if (is_numeric($_POST['menuIdParent']))
$menu->titre=GETPOST('titre', 'alpha');
$menu->leftmenu=GETPOST('leftmenu', 'alpha');
$menu->url=GETPOST('url','alpha');
$menu->langs=GETPOST('langs','alpha');
$menu->position=GETPOST('position','int');
$menu->enabled=GETPOST('enabled','alpha');
$menu->perms=GETPOST('perms','alpha');
$menu->target=GETPOST('target','alpha');
$menu->user=GETPOST('user','alpha');
if (is_numeric(GETPOST('menuIdParent','alpha')))
{
$menu->fk_menu=$_POST['menuIdParent'];
$menu->fk_menu=GETPOST('menuIdParent','alpha');
}
else
{
if ($_POST['type'] == 'top') $menu->fk_menu=0;
if (GETPOST('type','alpha') == 'top') $menu->fk_menu=0;
else $menu->fk_menu=-1;
$menu->fk_mainmenu=$mainmenu;
$menu->fk_leftmenu=$leftmenu;
@@ -123,7 +123,6 @@ if ($action == 'update')
{
setEventMessages($menu->error, $menu->errors, 'errors');
}
$_GET["menuId"] = $_POST['menuId'];
$action = "edit";
}
else
@@ -148,9 +147,9 @@ if ($action == 'add')
}
$leftmenu=''; $mainmenu='';
if (! empty($_POST['menuId']) && ! is_numeric($_POST['menuId']))
if (GETPOST('menuId','int') && ! is_numeric(GETPOST('menuId','int')))
{
$tmp=explode('&',$_POST['menuId']);
$tmp=explode('&',GETPOST('menuId','int'));
foreach($tmp as $s)
{
if (preg_match('/fk_mainmenu=/',$s))
@@ -197,7 +196,7 @@ if ($action == 'add')
$action = 'create';
$error++;
}
if (! $error && empty($_POST['menuId']) && $_POST['type'] == 'left')
if (! $error && ! $_POST['menuId'] && $_POST['type'] == 'left')
{
setEventMessages($langs->trans("ErrorLeftMenuMustHaveAParentId"), null, 'errors');
$action = 'create';
@@ -207,23 +206,23 @@ if ($action == 'add')
if (! $error)
{
$menu = new Menubase($db);
$menu->menu_handler=preg_replace('/_menu$/','',$_POST['menu_handler']);
$menu->type=$_POST['type'];
$menu->titre=$_POST['titre'];
$menu->url=$_POST['url'];
$menu->langs=$_POST['langs'];
$menu->position=$_POST['position'];
$menu->enabled=$_POST['enabled'];
$menu->perms=$_POST['perms'];
$menu->target=$_POST['target'];
$menu->user=$_POST['user'];
if (is_numeric($_POST['menuId']))
$menu->menu_handler=preg_replace('/_menu$/','',GETPOST('menu_handler','aZ09'));
$menu->type=GETPOST('type','alpha');
$menu->titre=GETPOST('titre','alpha');
$menu->url=GETPOST('url','alpha');
$menu->langs=GETPOST('langs','alpha');
$menu->position=GETPOST('position','int');
$menu->enabled=GETPOST('enabled','alpha');
$menu->perms=GETPOST('perms','alpha');
$menu->target=GETPOST('target','alpha');
$menu->user=GETPOST('user','alpha');
if (is_numeric(GETPOST('menuId','int')))
{
$menu->fk_menu=$_POST['menuId'];
$menu->fk_menu=GETPOST('menuId','int');
}
else
{
if ($_POST['type'] == 'top') $menu->fk_menu=0;
if (GETPOST('type','alpha') == 'top') $menu->fk_menu=0;
else $menu->fk_menu=-1;
$menu->fk_mainmenu=$mainmenu;
$menu->fk_leftmenu=$leftmenu;
@@ -232,7 +231,7 @@ if ($action == 'add')
$result=$menu->create($user);
if ($result > 0)
{
header("Location: ".DOL_URL_ROOT."/admin/menus/index.php?menu_handler=".$_POST['menu_handler']);
header("Location: ".DOL_URL_ROOT."/admin/menus/index.php?menu_handler=".GETPOST('menu_handler','aZ09'));
exit;
}
else
@@ -306,7 +305,7 @@ if ($action == 'create')
print load_fiche_titre($langs->trans("NewMenu"),'','title_setup');
print '<form action="./edit.php?action=add&menuId='.$_GET['menuId'].'" method="post" name="formmenucreate">';
print '<form action="./edit.php?action=add&menuId='.GETPOST('menuId', 'int').'" method="post" name="formmenucreate">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
dol_fiche_head();
@@ -314,8 +313,8 @@ if ($action == 'create')
print '<table class="border" width="100%">';
// Id
$parent_rowid = $_GET['menuId'];
if ($_GET['menuId'])
$parent_rowid = GETPOST('menuId', 'int');
if (GETPOST('menuId', 'int'))
{
$sql = "SELECT m.rowid, m.mainmenu, m.leftmenu, m.level, m.langs FROM ".MAIN_DB_PREFIX."menu as m WHERE m.rowid = ".GETPOST('menuId', 'int');
$res = $db->query($sql);
@@ -375,35 +374,35 @@ if ($action == 'create')
}
else
{
print '<td><input type="text" size="48" id="menuId" name="menuId" value="'.($_POST["menuId"]?$_POST["menuId"]:'').'"></td>';
print '<td><input type="text" size="48" id="menuId" name="menuId" value="'.(GETPOST("menuId", 'int')?GETPOST("menuId", 'int'):'').'"></td>';
}
print '<td>'.$langs->trans('DetailMenuIdParent');
print ', '.$langs->trans("Example").': fk_mainmenu=abc&fk_leftmenu=def';
print '</td></tr>';
// Title
print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.$_POST["titre"].'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.dol_escape_htmltag(GETPOST("titre",'alpha')).'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
// URL
print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td><td><input type="text" size="60" name="url" value="'.$_POST["url"].'"></td><td>'.$langs->trans('DetailUrl').'</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td><td><input type="text" size="60" name="url" value="'.GETPOST("url",'alpha').'"></td><td>'.$langs->trans('DetailUrl').'</td></tr>';
// Langs
print '<tr><td>'.$langs->trans('LangFile').'</td><td><input type="text" size="30" name="langs" value="'.$parent_langs.'"></td><td>'.$langs->trans('DetailLangs').'</td></tr>';
// Position
print '<tr><td>'.$langs->trans('Position').'</td><td><input type="text" size="5" name="position" value="'.(isset($_POST["position"])?$_POST["position"]:100).'"></td><td>'.$langs->trans('DetailPosition').'</td></tr>';
print '<tr><td>'.$langs->trans('Position').'</td><td><input type="text" size="5" name="position" value="'.dol_escape_htmltag(isset($_POST["position"])?$_POST["position"]:100).'"></td><td>'.$langs->trans('DetailPosition').'</td></tr>';
// Target
print '<tr><td>'.$langs->trans('Target').'</td><td><select class="flat" name="target">';
print '<option value=""'.($menu->target==""?' selected':'').'>'.$langs->trans('').'</option>';
print '<option value=""'.($menu->target==""?' selected':'').'>&nbsp;</option>';
print '<option value="_blank"'.($menu->target=="_blank"?' selected':'').'>'.$langs->trans('_blank').'</option>';
print '</select></td></td><td>'.$langs->trans('DetailTarget').'</td></tr>';
// Enabled
print '<tr><td>'.$langs->trans('Enabled').'</td><td><input type="text" size="60" name="enabled" value="'.$_POST["enabled"].'"></td><td>'.$langs->trans('DetailEnabled').'</td></tr>';
print '<tr><td>'.$langs->trans('Enabled').'</td><td><input type="text" size="60" name="enabled" value="'.GETPOST("enabled",'alpha').'"></td><td>'.$langs->trans('DetailEnabled').'</td></tr>';
// Perms
print '<tr><td>'.$langs->trans('Rights').'</td><td><input type="text" size="60" name="perms" value="'.$_POST["perms"].'"></td><td>'.$langs->trans('DetailRight').'</td></tr>';
print '<tr><td>'.$langs->trans('Rights').'</td><td><input type="text" size="60" name="perms" value="'.GETPOST('perms','alpha').'"></td><td>'.$langs->trans('DetailRight').'</td></tr>';
print '</table>';
@@ -426,14 +425,14 @@ elseif ($action == 'edit')
print '<form action="./edit.php?action=update" method="POST" name="formmenuedit">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="handler_origine" value="'.$menu_handler.'">';
print '<input type="hidden" name="menuId" value="'.$_GET['menuId'].'">';
print '<input type="hidden" name="menuId" value="'.GETPOST('menuId', 'int').'">';
dol_fiche_head();
print '<table class="border" width="100%">';
$menu = new Menubase($db);
$result=$menu->fetch($_GET['menuId']);
$result=$menu->fetch(GETPOST('menuId', 'int'));
//var_dump($menu);
// Id
@@ -472,20 +471,20 @@ elseif ($action == 'edit')
//print '<tr><td>'.$langs->trans('Level').'</td><td>'.$menu->level.'</td><td>'.$langs->trans('DetailLevel').'</td></tr>';
// Title
print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.$menu->titre.'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.dol_escape_htmltag($menu->titre).'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
// Url
print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td><td><input type="text" class="quatrevingtpercent" name="url" value="'.$menu->url.'"></td><td>'.$langs->trans('DetailUrl').'</td></tr>';
// Langs
print '<tr><td>'.$langs->trans('LangFile').'</td><td><input type="text" size="30" name="langs" value="'.$menu->langs.'"></td><td>'.$langs->trans('DetailLangs').'</td></tr>';
print '<tr><td>'.$langs->trans('LangFile').'</td><td><input type="text" size="30" name="langs" value="'.dol_escape_htmltag($menu->langs).'"></td><td>'.$langs->trans('DetailLangs').'</td></tr>';
// Position
print '<tr><td>'.$langs->trans('Position').'</td><td><input type="text" size="5" name="position" value="'.$menu->position.'"></td><td>'.$langs->trans('DetailPosition').'</td></tr>';
// Target
print '<tr><td>'.$langs->trans('Target').'</td><td><select class="flat" name="target">';
print '<option value=""'.($menu->target==""?' selected':'').'>'.$langs->trans('').'</option>';
print '<option value=""'.($menu->target==""?' selected':'').'>&nbsp;</option>';
print '<option value="_blank"'.($menu->target=="_blank"?' selected':'').'>'.$langs->trans('_blank').'</option>';
print '</select></td><td>'.$langs->trans('DetailTarget').'</td></tr>';

9
htdocs/core/lib/functions.lib.php
View File

@@ -3263,7 +3263,12 @@ function dol_print_error($db='',$error='',$errors=null)
}
if (empty($dolibarr_main_prod)) print $out;
else define("MAIN_CORE_ERROR", 1);
else
{
print $langs->trans("DolibarrHasDetectedError").'. ';
print $langs->trans("YouCanSetOptionDolibarrMainProdToZero");
define("MAIN_CORE_ERROR", 1);
}
//else print 'Sorry, an error occured but the parameter $dolibarr_main_prod is defined in conf file so no message is reported to your browser. Please read the log file for error message.';
dol_syslog("Error ".$syslog, LOG_ERR);
}
@@ -6209,6 +6214,8 @@ function natural_search($fields, $value, $mode=0, $nofirstand=0)
{
global $db,$langs;
$value=trim($value);
if ($mode == 0)
{
$value=preg_replace('/\*/','%',$value); // Replace * with %

7
htdocs/core/modules/commande/mod_commande_saphir.php
View File

@@ -88,9 +88,12 @@ class mod_commande_saphir extends ModeleNumRefCommandes
global $conf,$langs,$mysoc;
$old_code_client=$mysoc->code_client;
$old_code_type=$mysoc->typent_code;
$mysoc->code_client='CCCCCCCCCC';
$mysoc->typent_code='TTTTTTTTTT';
$numExample = $this->getNextValue($mysoc,'');
$mysoc->code_client=$old_code_client;
$mysoc->typent_code=$old_code_type;
if (! $numExample)
{
@@ -121,7 +124,9 @@ class mod_commande_saphir extends ModeleNumRefCommandes
return 0;
}
$numFinal=get_next_value($db,$mask,'commande','ref','',$objsoc,$object->date);
$date = ($object->date_commande ? $object->date_commande : $object->date);
$numFinal=get_next_value($db,$mask,'commande','ref','',$objsoc,$date);
return $numFinal;
}

7
htdocs/core/modules/expedition/mod_expedition_ribera.php
View File

@@ -79,9 +79,12 @@ class mod_expedition_ribera extends ModelNumRefExpedition
global $conf,$langs,$mysoc;
$old_code_client=$mysoc->code_client;
$old_code_type=$mysoc->typent_code;
$mysoc->code_client='CCCCCCCCCC';
$mysoc->typent_code='TTTTTTTTTT';
$numExample = $this->getNextValue($mysoc,'');
$mysoc->code_client=$old_code_client;
$mysoc->typent_code=$old_code_type;
if (! $numExample)
{
@@ -111,7 +114,9 @@ class mod_expedition_ribera extends ModelNumRefExpedition
return 0;
}
$numFinal=get_next_value($db,$mask,'expedition','ref','',$objsoc->code_client,$shipment->date_expedition);
$date = $shipment->date_expedition;
$numFinal=get_next_value($db,$mask,'expedition','ref','',$objsoc,$date);
return $numFinal;
}

7
htdocs/core/modules/propale/mod_propale_saphir.php
View File

@@ -88,9 +88,12 @@ class mod_propale_saphir extends ModeleNumRefPropales
global $conf,$langs,$mysoc;
$old_code_client=$mysoc->code_client;
$old_code_type=$mysoc->typent_code;
$mysoc->code_client='CCCCCCCCCC';
$mysoc->typent_code='TTTTTTTTTT';
$numExample = $this->getNextValue($mysoc,'');
$mysoc->code_client=$old_code_client;
$mysoc->typent_code=$old_code_type;
if (! $numExample)
{
@@ -121,8 +124,8 @@ class mod_propale_saphir extends ModeleNumRefPropales
return 0;
}
$date=$propal->datep;
$customercode=$objsoc->code_client;
$date = $propal->date;
$numFinal=get_next_value($db,$mask,'propal','ref','',$objsoc,$date);
return $numFinal;

29
htdocs/document.php
View File

@@ -110,7 +110,7 @@ if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname);
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$original_file = $check_access['original_file']; // original_file is now a full path name
$fullpath_original_file = $check_access['original_file']; // $fullpath_original_file is now a full path name
// Basic protection (against external users only)
if ($user->societe_id > 0)
@@ -137,36 +137,35 @@ if ($user->societe_id > 0)
}
// Security:
// Limite acces si droits non corrects
// Limit access if permissions are wrong
if (! $accessallowed)
{
accessforbidden();
}
// Security:
// On interdit les remontees de repertoire ainsi que les pipe dans
// les noms de fichiers.
if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
// On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
if (preg_match('/\.\./',$fullpath_original_file) || preg_match('/[<>|]/',$fullpath_original_file))
{
dol_syslog("Refused to deliver file ".$original_file);
$file=basename($original_file); // Do no show plain path of original_file in shown error message
dol_print_error(0,$langs->trans("ErrorFileNameInvalid",$file));
dol_syslog("Refused to deliver file ".$fullpath_original_file);
print "ErrorFileNameInvalid: ".$original_file;
exit;
}
clearstatcache();
$filename = basename($original_file);
$filename = basename($fullpath_original_file);
// Output file on browser
dol_syslog("document.php download $original_file $filename content-type=$type");
$original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset
dol_syslog("document.php download $fullpath_original_file filename=$filename content-type=$type");
$fullpath_original_file_osencoded=dol_osencode($fullpath_original_file); // New file name encoded in OS encoding charset
// This test if file exists should be useless. We keep it to find bug more easily
if (! file_exists($original_file_osencoded))
if (! file_exists($fullpath_original_file_osencoded))
{
dol_print_error(0,$langs->trans("ErrorFileDoesNotExists",$original_file));
dol_syslog("ErrorFileDoesNotExists: ".$fullpath_original_file);
print "ErrorFileDoesNotExists: ".$original_file;
exit;
}
@@ -177,7 +176,7 @@ if ($encoding) header('Content-Encoding: '.$encoding);
// Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, atachment=need user action to open)
if ($attachment) header('Content-Disposition: attachment; filename="'.$filename.'"');
else header('Content-Disposition: inline; filename="'.$filename.'"');
header('Content-Length: ' . dol_filesize($original_file));
header('Content-Length: ' . dol_filesize($fullpath_original_file));
// Ajout directives pour resoudre bug IE
header('Cache-Control: Public, must-revalidate');
header('Pragma: public');
@@ -185,6 +184,6 @@ header('Pragma: public');
//ob_clean();
//flush();
readfile($original_file_osencoded);
readfile($fullpath_original_file_osencoded);
if (is_object($db)) $db->close();

6
htdocs/don/card.php
View File

@@ -345,7 +345,7 @@ if ($action == 'create')
// Public note
print '<tr>';
print '<td class="border" valign="top">' . $langs->trans('NotePublic') . '</td>';
print '<td class="tdtop">' . $langs->trans('NotePublic') . '</td>';
print '<td>';
$doleditor = new DolEditor('note_public', $note_public, '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
@@ -355,7 +355,7 @@ if ($action == 'create')
// Private note
if (empty($user->societe_id)) {
print '<tr>';
print '<td class="border" valign="top">' . $langs->trans('NotePrivate') . '</td>';
print '<td class="tdtop">' . $langs->trans('NotePrivate') . '</td>';
print '<td>';
$doleditor = new DolEditor('note_private', $note_private, '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
@@ -542,7 +542,7 @@ if (! empty($id) && $action != 'edit')
$hselected='card';
$head = donation_prepare_head($object);
dol_fiche_head($head, $hselected, $langs->trans("Donation"), 0, 'generic');
dol_fiche_head($head, $hselected, $langs->trans("Donation"), -1, 'generic');
// Print form confirm
print $formconfirm;

2
htdocs/don/document.php
View File

@@ -104,7 +104,7 @@ if ($object->id)
$head=donation_prepare_head($object);
dol_fiche_head($head, 'documents', $langs->trans("Donation"), 0, 'generic');
dol_fiche_head($head, 'documents', $langs->trans("Donation"), -1, 'generic');
// Construit liste des fichiers

2
htdocs/don/info.php
View File

@@ -67,7 +67,7 @@ $object->info($id);
$head = donation_prepare_head($object);
dol_fiche_head($head, 'info', $langs->trans("Donation"), 0, 'generic');
dol_fiche_head($head, 'info', $langs->trans("Donation"), -1, 'generic');
$linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';

20
htdocs/don/list.php
View File

@@ -42,7 +42,7 @@ $pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="d.datedon";
$statut=isset($_GET["statut"])?$_GET["statut"]:"-1";
$statut=(GETPOST("statut",'intcomma')!='')?GETPOST("statut",'intcomma'):"-1";
$search_all=GETPOST('sall', 'alphanohtml');
$search_ref=GETPOST('search_ref','alpha');
$search_company=GETPOST('search_company','alpha');
@@ -90,13 +90,13 @@ $sql.= " d.amount, d.fk_statut as statut, ";
$sql.= " p.rowid as pid, p.ref, p.title, p.public";
$sql.= " FROM ".MAIN_DB_PREFIX."don as d LEFT JOIN ".MAIN_DB_PREFIX."projet AS p";
$sql.= " ON p.rowid = d.fk_projet WHERE 1 = 1";
if ($statut >= 0)
if ($statut != '' && $statut != '-1')
{
$sql .= " AND d.fk_statut = ".$statut;
$sql .= " AND d.fk_statut IN (".$statut.")";
}
if (trim($search_ref) != '')
{
$sql.= ' AND d.rowid LIKE \'%'.$db->escape(trim($search_ref)) . '%\'';
$sql.= natural_search('d.ref',$search_ref);
}
if (trim($search_all) != '')
{
@@ -110,7 +110,7 @@ if (trim($search_name) != '')
{
$sql .= natural_search(array('d.lastname', 'd.firstname'), $search_name);
}
if ($search_amount) $sql.= natural_search(array('d.amount'), price2num(trim($search_amount)), 1);
if ($search_amount) $sql.= natural_search('d.amount', $search_amount, 1);
$sql.= $db->order($sortfield,$sortorder);
$nbtotalofrecords = '';
@@ -131,17 +131,7 @@ if ($resql)
//if ($page > 0) $param.= '&page='.$page;
if ($optioncss != '') $param.='&optioncss='.$optioncss;
if ($statut >= 0)
{
$donationstatic->statut=$statut;
$label=$donationstatic->getLibStatut(0);
print_barre_liste($langs->trans("Donations"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num,$nbtotalofrecords);
}
else
{
print_barre_liste($langs->trans("Donations"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num,$nbtotalofrecords);
}
print '<form method="get" action="'.$_SERVER["PHP_SELF"].'">'."\n";
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';

2
htdocs/don/note.php
View File

@@ -84,7 +84,7 @@ if ($id > 0 || ! empty($ref))
$head = donation_prepare_head($object);
dol_fiche_head($head, 'note', $langs->trans("Donation"), 0, 'generic');
dol_fiche_head($head, 'note', $langs->trans("Donation"), -1, 'generic');
$linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';

3
htdocs/install/mysql/migration/5.0.0-6.0.0.sql
View File

@@ -24,6 +24,8 @@
-- -- VPGSQL8.2 DELETE FROM llx_usergroup_user WHERE fk_user NOT IN (SELECT rowid from llx_user);
-- -- VMYSQL4.1 DELETE FROM llx_usergroup_user WHERE fk_usergroup NOT IN (SELECT rowid from llx_usergroup);
ALTER TABLE llx_holiday_config MODIFY COLUMN name varchar(128);
ALTER TABLE llx_supplier_proposaldet CHANGE COLUMN fk_askpricesupplier fk_supplier_proposal integer NOT NULL;
@@ -327,6 +329,7 @@ ALTER TABLE llx_expensereport_det ADD COLUMN vat_src_code varchar(10) DEFAULT '
DELETE FROM llx_const WHERE name = __ENCRYPT('ADHERENT_BANK_USE_AUTO')__;
UPDATE llx_const SET value = __ENCRYPT('moono-lisa')__ WHERE value = __ENCRYPT('moono')__ AND name = __ENCRYPT('FCKEDITOR_SKIN')__;
DELETE FROM llx_document_model where nom = 'fsfe.fr.php' and type='donation';
ALTER TABLE llx_product_price ADD COLUMN default_vat_code varchar(10) AFTER tva_tx;
ALTER TABLE llx_product_fournisseur_price ADD COLUMN default_vat_code varchar(10) AFTER tva_tx;

2
htdocs/install/mysql/migration/repair.sql
View File

@@ -41,6 +41,8 @@
-- VMYSQLUTF8UNICODECI ALTER TABLE llx_product MODIFY accountancy_code_sell VARCHAR(32) COLLATE utf8_unicode_ci;
-- VMYSQLUTF8UNICODECI ALTER TABLE llx_product MODIFY accountancy_code_buy VARCHAR(32) CHARACTER SET utf8;
-- VMYSQLUTF8UNICODECI ALTER TABLE llx_product MODIFY accountancy_code_buy VARCHAR(32) COLLATE utf8_unicode_ci;
-- VMYSQLUTF8UNICODECI ALTER TABLE llx_c_type_fees MODIFY accountancy_code VARCHAR(32) CHARACTER SET utf8;
-- VMYSQLUTF8UNICODECI ALTER TABLE llx_c_type_fees MODIFY accountancy_code VARCHAR(32) COLLATE utf8_unicode_ci;
-- VMYSQL4.1 SET sql_mode = 'ALLOW_INVALID_DATES';

3
htdocs/langs/en_US/main.lang
View File

@@ -103,7 +103,8 @@ RequestLastAccessInError=Latest database access request error
ReturnCodeLastAccessInError=Return code for latest database access request error
InformationLastAccessInError=Information for latest database access request error
DolibarrHasDetectedError=Dolibarr has detected a technical error
InformationToHelpDiagnose=This information can be useful for diagnostic purposes
YouCanSetOptionDolibarrMainProdToZero=You can read log file or set option $dolibarr_main_prod to '0' in your config file to get more information.
InformationToHelpDiagnose=This information can be useful for diagnostic purposes (you can set option $dolibarr_main_prod to '1' to remove such notices)
MoreInformation=More information
TechnicalInformation=Technical information
TechnicalID=Technical ID

41
htdocs/main.inc.php
View File

@@ -77,38 +77,39 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* deprecated in PHP
*/
function test_sql_and_script_inject($val, $type)
{
$sql_inj = 0;
$inj = 0;
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
if ($type != 2)
{
$sql_inj += preg_match('/delete\s+from/i', $val);
$sql_inj += preg_match('/create\s+table/i', $val);
$sql_inj += preg_match('/update.+set.+=/i', $val);
$sql_inj += preg_match('/insert\s+into/i', $val);
$sql_inj += preg_match('/select.+from/i', $val);
$sql_inj += preg_match('/union.+select/i', $val);
$sql_inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
$inj += preg_match('/delete\s+from/i', $val);
$inj += preg_match('/create\s+table/i', $val);
$inj += preg_match('/update.+set.+=/i', $val);
$inj += preg_match('/insert\s+into/i', $val);
$inj += preg_match('/select.+from/i', $val);
$inj += preg_match('/union.+select/i', $val);
$inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
$inj += preg_match('/(\.\.%2f)+/i', $val);
}
// For XSS Injection done by adding javascript with script
// This is all cases a browser consider text is javascript:
// When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers
// All examples on page: http://ha.ckers.org/xss.html#XSScalc
$sql_inj += preg_match('/<script/i', $val);
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
$sql_inj += preg_match('/base[\s]+href/si', $val);
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$sql_inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
$sql_inj += preg_match('/onfocus\s*=/i', $val); // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
$inj += preg_match('/<script/i', $val);
if (! defined('NOSTYLECHECK')) $inj += preg_match('/<style/i', $val);
$inj += preg_match('/base[\s]+href/si', $val);
$inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
$inj += preg_match('/onfocus\s*=/i', $val); // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
$inj += preg_match('/onload\s*=/i', $val); // onload can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
if ($type == 1)
{
$sql_inj += preg_match('/javascript:/i', $val);
$sql_inj += preg_match('/vbscript:/i', $val);
$inj += preg_match('/javascript:/i', $val);
$inj += preg_match('/vbscript:/i', $val);
}
// For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
if ($type == 1) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value
if ($type == 2) $sql_inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.
return $sql_inj;
if ($type == 1) $inj += preg_match('/"/i', $val); // We refused " in GET parameters value
if ($type == 2) $inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.
return $inj;
}
/**

3
htdocs/projet/activity/perday.php
View File

@@ -341,6 +341,9 @@ $param='';
$param.=($mode?'&mode='.$mode:'');
$param.=($search_project_ref?'&search_project_ref='.$search_project_ref:'');
$param.=($search_userassignedid > 0?'&search_userassignedid='.$search_usertoprocessid:'');
$param.=($search_thirdparty?'&search_thirdparty='.$search_thirdparty:'');
$param.=($search_task_ref?'&search_task_ref='.$search_task_ref:'');
$param.=($search_task_label?'&search_task_label='.$search_task_label:'');
// Show navigation bar
$nav ='<a class="inline-block valignmiddle" href="?year='.$prev_year."&amp;month=".$prev_month."&amp;day=".$prev_day.$param.'">'.img_previous($langs->trans("Previous"))."</a>\n";

3
htdocs/projet/activity/perweek.php
View File

@@ -337,6 +337,9 @@ $param='';
$param.=($mode?'&mode='.$mode:'');
$param.=($search_project_ref?'&search_project_ref='.$search_project_ref:'');
$param.=($search_usertoprocessid > 0?'&search_usertoprocessid='.$search_usertoprocessid:'');
$param.=($search_thirdparty?'&search_thirdparty='.$search_thirdparty:'');
$param.=($search_task_ref?'&search_task_ref='.$search_task_ref:'');
$param.=($search_task_label?'&search_task_label='.$search_task_label:'');
// Show navigation bar
$nav ='<a class="inline-block valignmiddle" href="?year='.$prev_year."&month=".$prev_month."&day=".$prev_day.$param.'">'.img_previous($langs->trans("Previous"))."</a>\n";

27
htdocs/viewimage.php
View File

@@ -113,7 +113,7 @@ if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
$check_access = dol_check_secure_access_document($modulepart,$original_file,$entity,$refname);
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$original_file = $check_access['original_file'];
$fullpath_original_file = $check_access['original_file'];
// Security:
// Limit access if permissions are wrong
@@ -124,11 +124,10 @@ if (! $accessallowed)
// Security:
// On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
if (preg_match('/\.\./',$fullpath_original_file) || preg_match('/[<>|]/',$fullpath_original_file))
{
dol_syslog("Refused to deliver file ".$original_file, LOG_WARNING);
// Do no show plain path in shown error message
dol_print_error(0,'Error: File '.$_GET["file"].' does not exists');
dol_syslog("Refused to deliver file ".$fullpath_original_file);
print "ErrorFileNameInvalid: ".$original_file;
exit;
}
@@ -143,7 +142,7 @@ if ($modulepart == 'barcode')
if (empty($generator) || empty($encoding))
{
dol_print_error(0,'Error, parameter "generator" or "encoding" not defined');
print 'Error: Parameter "generator" or "encoding" not defined';
exit;
}
@@ -176,14 +175,13 @@ else // Open and return file
clearstatcache();
// Output files on browser
dol_syslog("viewimage.php return file $original_file content-type=$type");
dol_syslog("viewimage.php return file $fullpath_original_file content-type=$type");
// This test is to avoid error images when image is not available (for example thumbs).
if (! dol_is_file($original_file) && empty($_GET["noalt"]))
if (! dol_is_file($fullpath_original_file) && empty($_GET["noalt"]))
{
$original_file=DOL_DOCUMENT_ROOT.'/public/theme/common/nophoto.png';
$fullpath_original_file=DOL_DOCUMENT_ROOT.'/public/theme/common/nophoto.png';
/*$error='Error: File '.$_GET["file"].' does not exists or filesystems permissions are not allowed';
dol_print_error(0,$error);
print $error;
exit;*/
}
@@ -192,16 +190,17 @@ else // Open and return file
if ($type)
{
top_httphead($type);
header('Content-Disposition: inline; filename="'.basename($original_file).'"');
header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"');
}
else
{
top_httphead('image/png');
header('Content-Disposition: inline; filename="'.basename($original_file).'"');
header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"');
}
$original_file_osencoded=dol_osencode($original_file);
readfile($original_file_osencoded);
$fullpath_original_file_osencoded=dol_osencode($fullpath_original_file);
readfile($fullpath_original_file_osencoded);
}