Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Merge branch 'dolibarrdevelop' into WIP_Employee_management_improvement

Browse Source
This commit is contained in:
Steve
2022-03-02 14:51:46 +01:00
parent 9900e5dd31 a7cb3fa492
commit 8f07c22d70
51 changed files with 225 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/boxes/box_scheduled_jobs.php
View File

@@ -102,7 +102,7 @@ class box_scheduled_jobs extends ModeleBoxes
while ($i < $num) {
$objp = $this->db->fetch_object($result);
if (dol_eval($objp->test, 1, 1)) {
if (dol_eval($objp->test, 1, 1, '')) {
$nextrun = $this->db->jdate($objp->datenextrun);
if (empty($nextrun)) {
$nextrun = $this->db->jdate($objp->datestart);

18
htdocs/core/class/commonobject.class.php
View File

@@ -5693,12 +5693,12 @@ abstract class CommonObject
$enabled = 1;
if (isset($this->fields[$key]['enabled'])) {
$enabled = dol_eval($this->fields[$key]['enabled'], 1);
$enabled = dol_eval($this->fields[$key]['enabled'], 1, 1, '1');
}
/*$perms = 1;
if (isset($this->fields[$key]['perms']))
{
$perms = dol_eval($this->fields[$key]['perms'], 1);
$perms = dol_eval($this->fields[$key]['perms'], 1, 1, '1');
}*/
if (empty($enabled)) {
continue;
@@ -5854,7 +5854,7 @@ abstract class CommonObject
if (!empty($extrafields) && !empty($extrafields->attributes[$this->table_element]['computed'][$key])) {
//var_dump($conf->disable_compute);
if (empty($conf->disable_compute)) {
$this->array_options["options_".$key] = dol_eval($extrafields->attributes[$this->table_element]['computed'][$key], 1, 0);
$this->array_options["options_".$key] = dol_eval($extrafields->attributes[$this->table_element]['computed'][$key], 1, 0, '');
}
}
}
@@ -5985,7 +5985,7 @@ abstract class CommonObject
if (!empty($attrfieldcomputed)) {
if (!empty($conf->global->MAIN_STORE_COMPUTED_EXTRAFIELDS)) {
$value = dol_eval($attrfieldcomputed, 1, 0);
$value = dol_eval($attrfieldcomputed, 1, 0, '');
dol_syslog($langs->trans("Extrafieldcomputed")." sur ".$attributeLabel."(".$value.")", LOG_DEBUG);
$new_array_options[$key] = $value;
} else {
@@ -6352,7 +6352,7 @@ abstract class CommonObject
if (!empty($attrfieldcomputed)) {
if (!empty($conf->global->MAIN_STORE_COMPUTED_EXTRAFIELDS)) {
$value = dol_eval($attrfieldcomputed, 1, 0);
$value = dol_eval($attrfieldcomputed, 1, 0, '');
dol_syslog($langs->trans("Extrafieldcomputed")." sur ".$attributeLabel."(".$value.")", LOG_DEBUG);
$this->array_options["options_".$key] = $value;
} else {
@@ -7206,7 +7206,7 @@ abstract class CommonObject
if ($computed) {
// Make the eval of compute string
//var_dump($computed);
$value = dol_eval($computed, 1, 0);
$value = dol_eval($computed, 1, 0, '');
}
if (empty($morecss)) {
@@ -7731,7 +7731,7 @@ abstract class CommonObject
// Test on 'enabled' ('enabled' is different than 'list' = 'visibility')
$enabled = 1;
if ($enabled && isset($extrafields->attributes[$this->table_element]['enabled'][$key])) {
$enabled = dol_eval($extrafields->attributes[$this->table_element]['enabled'][$key], 1);
$enabled = dol_eval($extrafields->attributes[$this->table_element]['enabled'][$key], 1, 1, '1');
}
if (empty($enabled)) {
continue;
@@ -7739,12 +7739,12 @@ abstract class CommonObject
$visibility = 1;
if ($visibility && isset($extrafields->attributes[$this->table_element]['list'][$key])) {
$visibility = dol_eval($extrafields->attributes[$this->table_element]['list'][$key], 1);
$visibility = dol_eval($extrafields->attributes[$this->table_element]['list'][$key], 1, 1, '1');
}
$perms = 1;
if ($perms && isset($extrafields->attributes[$this->table_element]['perms'][$key])) {
$perms = dol_eval($extrafields->attributes[$this->table_element]['perms'][$key], 1);
$perms = dol_eval($extrafields->attributes[$this->table_element]['perms'][$key], 1, 1, '1');
}
if (($mode == 'create') && abs($visibility) != 1 && abs($visibility) != 3) {

3
htdocs/core/class/doleditor.class.php
View File

@@ -330,7 +330,7 @@ class DolEditor
var aceEditor = window.ace.edit("'.$this->htmlname.'aceeditorid");
if (aceEditor) {
var cursorPos = aceEditor.getCursorPosition();
console.log(cursorPos);
//console.log(cursorPos);
if (cursorPos) {
jQuery("#'.$this->htmlname.'_x").val(cursorPos.column);
jQuery("#'.$this->htmlname.'_y").val(cursorPos.row);
@@ -340,6 +340,7 @@ class DolEditor
jQuery("#'.$this->htmlname.'").val(aceEditor.getSession().getValue());
/*if (jQuery("#'.$this->htmlname.'").html().length > 0) return true;
else return false;*/
return true;
} else {
console.log("Failed to retrieve js object ACE from its name");
return false;

14
htdocs/core/class/extrafields.class.php
View File

@@ -921,9 +921,9 @@ class ExtraFields
$unique = $this->attributes[$extrafieldsobjectkey]['unique'][$key];
$required = $this->attributes[$extrafieldsobjectkey]['required'][$key];
$param = $this->attributes[$extrafieldsobjectkey]['param'][$key];
$perms = dol_eval($this->attributes[$extrafieldsobjectkey]['perms'][$key], 1);
$perms = dol_eval($this->attributes[$extrafieldsobjectkey]['perms'][$key], 1, 1, '1');
$langfile = $this->attributes[$extrafieldsobjectkey]['langfile'][$key];
$list = dol_eval($this->attributes[$extrafieldsobjectkey]['list'][$key], 1);
$list = dol_eval($this->attributes[$extrafieldsobjectkey]['list'][$key], 1, 1, '1');
$totalizable = $this->attributes[$extrafieldsobjectkey]['totalizable'][$key];
$help = $this->attributes[$extrafieldsobjectkey]['help'][$key];
$hidden = (empty($list) ? 1 : 0); // If empty, we are sure it is hidden, otherwise we show. If it depends on mode (view/create/edit form or list, this must be filtered by caller)
@@ -1511,9 +1511,9 @@ class ExtraFields
$unique = $this->attributes[$extrafieldsobjectkey]['unique'][$key];
$required = $this->attributes[$extrafieldsobjectkey]['required'][$key];
$param = $this->attributes[$extrafieldsobjectkey]['param'][$key];
$perms = dol_eval($this->attributes[$extrafieldsobjectkey]['perms'][$key], 1);
$perms = dol_eval($this->attributes[$extrafieldsobjectkey]['perms'][$key], 1, 1, '1');
$langfile = $this->attributes[$extrafieldsobjectkey]['langfile'][$key];
$list = dol_eval($this->attributes[$extrafieldsobjectkey]['list'][$key], 1);
$list = dol_eval($this->attributes[$extrafieldsobjectkey]['list'][$key], 1, 1, '1');
$help = $this->attributes[$extrafieldsobjectkey]['help'][$key];
$hidden = (empty($list) ? 1 : 0); // If $list empty, we are sure it is hidden, otherwise we show. If it depends on mode (view/create/edit form or list, this must be filtered by caller)
} else {
@@ -1972,17 +1972,17 @@ class ExtraFields
$enabled = 1;
if (isset($this->attributes[$object->table_element]['enabled'][$key])) { // 'enabled' is often a condition on module enabled or not
$enabled = dol_eval($this->attributes[$object->table_element]['enabled'][$key], 1);
$enabled = dol_eval($this->attributes[$object->table_element]['enabled'][$key], 1, 1, '1');
}
$visibility = 1;
if (isset($this->attributes[$object->table_element]['list'][$key])) { // 'list' is option for visibility
$visibility = dol_eval($this->attributes[$object->table_element]['list'][$key], 1);
$visibility = dol_eval($this->attributes[$object->table_element]['list'][$key], 1, 1, '1');
}
$perms = 1;
if (isset($this->attributes[$object->table_element]['perms'][$key])) {
$perms = dol_eval($this->attributes[$object->table_element]['perms'][$key], 1);
$perms = dol_eval($this->attributes[$object->table_element]['perms'][$key], 1, 1, '1');
}
if (empty($enabled)) {
continue;

2
htdocs/core/class/html.form.class.php
View File

@@ -7523,7 +7523,7 @@ class Form
if (!empty($objecttmp->fields)) { // For object that declare it, it is better to use declared fields (like societe, contact, ...)
$tmpfieldstoshow = '';
foreach ($objecttmp->fields as $key => $val) {
if (!dol_eval($val['enabled'], 1, 1)) {
if (!dol_eval($val['enabled'], 1, 1, 1, '1')) {
continue;
}
if (!empty($val['showoncombobox'])) {

2
htdocs/core/class/menu.class.php
View File

@@ -119,7 +119,7 @@ class Menu
{
$nb = 0;
foreach ($this->liste as $val) {
//if (dol_eval($val['enabled'], 1)) $nb++;
//if (dol_eval($val['enabled'], 1, 1, '1')) $nb++;
if (!empty($val['enabled'])) {
$nb++; // $val['enabled'] is already evaluated to 0 or 1, no need for dol_eval()
}

4
htdocs/core/class/translate.class.php
View File

@@ -656,7 +656,7 @@ class Translate
return $str;
} else { // Translation is not available
//if ($key[0] == '$') { return dol_eval($key,1); }
//if ($key[0] == '$') { return dol_eval($key, 1, 1, '1'); }
return $this->getTradFromKey($key);
}
}
@@ -722,7 +722,7 @@ class Translate
return $str;
} else {
if ($key[0] == '$') {
return dol_eval($key, 1);
return dol_eval($key, 1, 1, '1');
}
return $this->getTradFromKey($key);
}

18
htdocs/core/customreports.php
View File

@@ -382,7 +382,7 @@ print '<div class="divadvancedsearchfield center floatnone">';
print '<div class="inline-block"><span class="opacitymedium">'.$langs->trans("StatisticsOn").'</span></div> ';
$newarrayoftype = array();
foreach ($arrayoftype as $key => $val) {
if (dol_eval($val['enabled'], 1)) {
if (dol_eval($val['enabled'], 1, 1, '1')) {
$newarrayoftype[$key] = $arrayoftype[$key];
}
if ($val['langs']) {
@@ -443,7 +443,7 @@ if ($mode == 'grid') {
// YAxis
print '<div class="divadvancedsearchfield">';
foreach ($object->fields as $key => $val) {
if (empty($val['measure']) && (!isset($val['enabled']) || dol_eval($val['enabled'], 1))) {
if (empty($val['measure']) && (!isset($val['enabled']) || dol_eval($val['enabled'], 1, 1, '1'))) {
if (in_array($key, array('id', 'rowid', 'entity', 'last_main_doc', 'extraparams'))) {
continue;
}
@@ -464,7 +464,7 @@ if ($mode == 'grid') {
// Add measure from extrafields
if ($object->isextrafieldmanaged) {
foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
if (!empty($extrafields->attributes[$object->table_element]['totalizable'][$key]) && (!isset($extrafields->attributes[$object->table_element]['enabled'][$key]) || dol_eval($extrafields->attributes[$object->table_element]['enabled'][$key], 1))) {
if (!empty($extrafields->attributes[$object->table_element]['totalizable'][$key]) && (!isset($extrafields->attributes[$object->table_element]['enabled'][$key]) || dol_eval($extrafields->attributes[$object->table_element]['enabled'][$key], 1, 1, '1'))) {
$arrayofyaxis['te.'.$key] = array('label' => $extrafields->attributes[$object->table_element]['label'][$key], 'position' => (int) $extrafields->attributes[$object->table_element]['pos'][$key]);
}
}
@@ -866,7 +866,7 @@ function fillArrayOfMeasures($object, $tablealias, $labelofobject, &$arrayofmesu
// Add main fields of object
foreach ($object->fields as $key => $val) {
if (!empty($val['isameasure']) && (!isset($val['enabled']) || dol_eval($val['enabled'], 1))) {
if (!empty($val['isameasure']) && (!isset($val['enabled']) || dol_eval($val['enabled'], 1, 1, '1'))) {
$arrayofmesures[$tablealias.'.'.$key.'-sum'] = img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' <span class="opacitymedium">('.$langs->trans("Sum").')</span>';
$arrayofmesures[$tablealias.'.'.$key.'-average'] = img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' <span class="opacitymedium">('.$langs->trans("Average").')</span>';
$arrayofmesures[$tablealias.'.'.$key.'-min'] = img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($val['label']).' <span class="opacitymedium">('.$langs->trans("Minimum").')</span>';
@@ -876,7 +876,7 @@ function fillArrayOfMeasures($object, $tablealias, $labelofobject, &$arrayofmesu
// Add extrafields to Measures
if ($object->isextrafieldmanaged) {
foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
if (!empty($extrafields->attributes[$object->table_element]['totalizable'][$key]) && (!isset($extrafields->attributes[$object->table_element]['enabled'][$key]) || dol_eval($extrafields->attributes[$object->table_element]['enabled'][$key], 1))) {
if (!empty($extrafields->attributes[$object->table_element]['totalizable'][$key]) && (!isset($extrafields->attributes[$object->table_element]['enabled'][$key]) || dol_eval($extrafields->attributes[$object->table_element]['enabled'][$key], 1, 1, '1'))) {
$arrayofmesures[$tablealias.'e.'.$key.'-sum'] = img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($extrafields->attributes[$object->table_element]['label'][$key]).' <span class="opacitymedium">('.$langs->trans("Sum").')</span>';
$arrayofmesures[$tablealias.'e.'.$key.'-average'] = img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($extrafields->attributes[$object->table_element]['label'][$key]).' <span class="opacitymedium">('.$langs->trans("Average").')</span>';
$arrayofmesures[$tablealias.'e.'.$key.'-min'] = img_picto('', $object->picto, 'class="pictofixedwidth"').' '.$labelofobject.': '.$langs->trans($extrafields->attributes[$object->table_element]['label'][$key]).' <span class="opacitymedium">('.$langs->trans("Minimum").')</span>';
@@ -948,10 +948,10 @@ function fillArrayOfXAxis($object, $tablealias, $labelofobject, &$arrayofxaxis,
'parent', 'photo', 'socialnetworks', 'webservices_url', 'webservices_key'))) {
continue;
}
if (isset($val['enabled']) && !dol_eval($val['enabled'], 1)) {
if (isset($val['enabled']) && !dol_eval($val['enabled'], 1, 1, '1')) {
continue;
}
if (isset($val['visible']) && !dol_eval($val['visible'], 1)) {
if (isset($val['visible']) && !dol_eval($val['visible'], 1, 1, '1')) {
continue;
}
if (preg_match('/^fk_/', $key) && !preg_match('/^fk_statu/', $key)) {
@@ -1048,10 +1048,10 @@ function fillArrayOfGroupBy($object, $tablealias, $labelofobject, &$arrayofgroup
'parent', 'photo', 'socialnetworks', 'webservices_url', 'webservices_key'))) {
continue;
}
if (isset($val['enabled']) && !dol_eval($val['enabled'], 1)) {
if (isset($val['enabled']) && !dol_eval($val['enabled'], 1, 1, '1')) {
continue;
}
if (isset($val['visible']) && !dol_eval($val['visible'], 1)) {
if (isset($val['visible']) && !dol_eval($val['visible'], 1, 1, '1')) {
continue;
}
if (preg_match('/^fk_/', $key) && !preg_match('/^fk_statu/', $key)) {

54
htdocs/core/lib/functions.lib.php
View File

@@ -8297,7 +8297,7 @@ function dol_getIdFromCode($db, $key, $tablename, $fieldkey = 'code', $fieldid =
* Verify if condition in string is ok or not
*
* @param string $strToEvaluate String with condition to check
* @return boolean True or False. Note: It returns True if $strToEvaluate is ''
* @return boolean True or False. Note: It returns also True if $strToEvaluate is ''
*/
function verifCond($strToEvaluate)
{
@@ -8308,8 +8308,10 @@ function verifCond($strToEvaluate)
//print $strToEvaluate."<br>\n";
$rights = true;
if (isset($strToEvaluate) && $strToEvaluate !== '') {
$str = 'if(!('.$strToEvaluate.')) { $rights = false; }';
dol_eval($str); // The dol_eval must contains all the global $xxx used into a condition
//$str = 'if(!('.$strToEvaluate.')) $rights = false;';
//dol_eval($str, 0, 1, '2'); // The dol_eval must contains all the global $xxx used into a condition
$rep = dol_eval($strToEvaluate, 1, 1, '1'); // The dol_eval must contains all the global $xxx used into a condition
$rights = ($rep ? true : false);
}
return $rights;
}
@@ -8318,12 +8320,13 @@ function verifCond($strToEvaluate)
* Replace eval function to add more security.
* This function is called by verifCond() or trans() and transnoentitiesnoconv().
*
* @param string $s String to evaluate
* @param int $returnvalue 0=No return (used to execute eval($a=something)). 1=Value of eval is returned (used to eval($something)).
* @param int $hideerrors 1=Hide errors
* @return mixed Nothing or return result of eval
* @param string $s String to evaluate
* @param int $returnvalue 0=No return (used to execute eval($a=something)). 1=Value of eval is returned (used to eval($something)).
* @param int $hideerrors 1=Hide errors
* @param string $onlysimplestring 0=Accept all chars, 1=Accept only simple string with char 'a-z0-9\s$_->&|=';, 2=Accept also '!?():";'
* @return mixed Nothing or return result of eval
*/
function dol_eval($s, $returnvalue = 0, $hideerrors = 1)
function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1')
{
// Only global variables can be changed by eval function and returned to caller
global $db, $langs, $user, $conf, $website, $websitepage;
@@ -8335,9 +8338,38 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1)
global $obj; // To get $obj used into list when dol_eval is used for computed fields and $obj is not yet $object
global $soc; // For backward compatibility
// Replace dangerous char (used for RCE), we allow only PHP variable testing.
// Test on dangerous char (used for RCE), we allow only characters to make PHP variable testing.
if ($onlysimplestring == '1') {
//print preg_quote('$_->&|', '/');
if (preg_match('/[^a-z0-9\s'.preg_quote('$_->&|=!?():"', '/').']/i', $s)) {
if ($returnvalue) {
return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s;
} else {
dol_syslog('Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s);
return '';
}
// TODO We can exclude all () that is not ...($db) and getDolGlobalInt( and getDolGlobalString(
// ...
}
} elseif ($onlysimplestring == '2') {
//print preg_quote('$_->&|', '/');
if (preg_match('/[^a-z0-9\s'.preg_quote('$_->&|=!?():";', '/').']/i', $s)) {
if ($returnvalue) {
return 'Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s;
} else {
dol_syslog('Bad string syntax to evaluate (found chars that are not chars for simplestring): '.$s);
return '';
}
}
}
if (strpos($s, '::') !== false) {
return 'Bad string syntax to evaluate (double : char is forbidden): '.$s;
}
if (strpos($s, '`') !== false) {
return 'Bad string syntax to evaluate: '.$s;
return 'Bad string syntax to evaluate (backtick char is forbidden): '.$s;
}
if (strpos($s, '.') !== false) {
return 'Bad string syntax to evaluate (dot char is forbidden): '.$s;
}
// We block use of php exec or php file functions
@@ -8345,7 +8377,7 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1)
$forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST'));
$forbiddenphpfunctions = array("exec", "passthru", "shell_exec", "system", "proc_open", "popen", "eval", "dol_eval", "executeCLI");
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "unlink", "mkdir", "rmdir", "symlink", "touch", "umask"));
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "require", "include", "mkdir", "rmdir", "symlink", "touch", "unlink", "umask"));
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("function", "call_user_func"));
$forbiddenphpregex = 'global\s+\$|\b('.implode('|', $forbiddenphpfunctions).')\b';

33
htdocs/core/lib/security.lib.php
View File

@@ -216,19 +216,19 @@ function dolGetLdapPasswordHash($password, $type = 'md5')
* If GETPOST('action','aZ09') defined, we also check write and delete permission.
* This method check permission on module then call checkUserAccessToObject() for permission on object (according to entity and socid of user).
*
* @param User $user User to check
* @param string $features Features to check (it must be module $object->element. Can be a 'or' check with 'levela|levelb'.
* Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
* This is used to check permission $user->rights->features->...
* @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany module. Param not used if objectid is null (optional).
* @param string $feature2 Feature to check, second level of permission (optional). Can be a 'or' check with 'sublevela|sublevelb'.
* This is used to check permission $user->rights->features->feature2...
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
* @param int $isdraft 1=The object with id=$objectid is a draft
* @param int $mode Mode (0=default, 1=return with not die)
* @return int If mode = 0 (default): Always 1, die process if not allowed. If mode = 1: Return 0 if access not allowed.
* @param User $user User to check
* @param string $features Features to check (it must be module $object->element. Can be a 'or' check with 'levela|levelb'.
* Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
* This is used to check permission $user->rights->features->...
* @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany module. Param not used if objectid is null (optional).
* @param string $feature2 Feature to check, second level of permission (optional). Can be a 'or' check with 'sublevela|sublevelb'.
* This is used to check permission $user->rights->features->feature2...
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
* @param int $isdraft 1=The object with id=$objectid is a draft
* @param int $mode Mode (0=default, 1=return with not die)
* @return int If mode = 0 (default): Always 1, die process if not allowed. If mode = 1: Return 0 if access not allowed.
* @see dol_check_secure_access_document(), checkUserAccessToObject()
*/
function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0)
@@ -236,6 +236,8 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
global $db, $conf;
global $hookmanager;
$objectid = ((int) $objectid); // For the case value is coming from a non sanitized user input
//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
//print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
//print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
@@ -270,7 +272,6 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
$features = 'produit';
}
// Get more permissions checks from hooks
$parameters = array('features'=>$features, 'originalfeatures'=>$originalfeatures, 'objectid'=>$objectid, 'dbt_select'=>$dbt_select, 'idtype'=>$dbt_select, 'isdraft'=>$isdraft);
$reshook = $hookmanager->executeHooks('restrictedArea', $parameters);
@@ -288,10 +289,6 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
return 1;
}
if ($dbt_select != 'rowid' && $dbt_select != 'id') {
$objectid = "'".$objectid."'";
}
// Features/modules to check
$featuresarray = array($features);
if (preg_match('/&/', $features)) {

16
htdocs/core/modules/modFournisseur.class.php
View File

@@ -312,7 +312,8 @@ class modFournisseur extends DolibarrModules
'f.rowid'=>"InvoiceId", 'f.ref'=>"InvoiceRef", 'f.ref_supplier'=>"RefSupplier", 'f.datec'=>"InvoiceDateCreation", 'f.datef'=>"DateInvoice", 'f.date_lim_reglement'=>'DateMaxPayment',
'f.total_ht'=>"TotalHT", 'f.total_ttc'=>"TotalTTC", 'f.total_tva'=>"TotalVAT", 'f.paye'=>"InvoicePaid", 'f.fk_statut'=>'InvoiceStatus', 'f.note_public'=>"InvoiceNote",
'fd.rowid'=>'LineId', 'fd.description'=>"LineDescription", 'fd.tva_tx'=>"LineVATRate", 'fd.qty'=>"LineQty", 'fd.remise_percent'=>"Discount", 'fd.total_ht'=>"LineTotalHT",
'fd.total_ttc'=>"LineTotalTTC", 'fd.tva'=>"LineTotalVAT", 'fd.product_type'=>'TypeOfLineServiceOrProduct', 'fd.fk_product'=>'ProductId',
'fd.total_ttc'=>"LineTotalTTC", 'fd.tva'=>"LineTotalVAT", 'fd.date_start'=>"DateStart", 'fd.date_end'=>"DateEnd", 'fd.special_code'=>'SpecialCode',
'fd.product_type'=>'TypeOfLineServiceOrProduct', 'fd.fk_product'=>'ProductId',
'p.ref'=>'ProductRef', 'p.label'=>'ProductLabel', 'p.accountancy_code_buy'=>'ProductAccountancyBuyCode', 'project.rowid'=>'ProjectId',
'project.ref'=>'ProjectRef', 'project.title'=>'ProjectLabel'
);
@@ -333,7 +334,8 @@ class modFournisseur extends DolibarrModules
's.nom'=>'Text', 'ps.nom'=>'Text', 's.address'=>'Text', 's.zip'=>'Text', 's.town'=>'Text', 'c.code'=>'Text', 's.phone'=>'Text', 's.siren'=>'Text', 's.siret'=>'Text', 's.ape'=>'Text', 's.idprof4'=>'Text', 's.idprof5'=>'Text', 's.idprof6'=>'Text',
's.code_compta'=>'Text', 's.code_compta_fournisseur'=>'Text', 's.tva_intra'=>'Text', 'f.ref'=>"Text", 'f.ref_supplier'=>"Text", 'f.datec'=>"Date", 'f.datef'=>"Date", 'f.date_lim_reglement'=>'Date',
'f.total_ht'=>"Numeric", 'f.total_ttc'=>"Numeric", 'f.total_tva'=>"Numeric", 'f.paye'=>"Boolean", 'f.fk_statut'=>'Status', 'f.note_public'=>"Text", 'fd.description'=>"Text", 'fd.tva_tx'=>"Text",
'fd.qty'=>"Numeric", 'fd.total_ht'=>"Numeric", 'fd.total_ttc'=>"Numeric", 'fd.tva'=>"Numeric", 'fd.product_type'=>'Numeric', 'fd.fk_product'=>'List:product:label',
'fd.qty'=>"Numeric", 'fd.total_ht'=>"Numeric", 'fd.total_ttc'=>"Numeric", 'fd.tva'=>"Numeric", 'fd.date_start'=>"Date", 'fd.date_end'=>"Date", 'fd.special_code'=>"Numeric",
'fd.product_type'=>'Numeric', 'fd.fk_product'=>'List:product:label',
'p.ref'=>'Text', 'p.label'=>'Text', 'project.ref'=>'Text', 'project.title'=>'Text'
);
$this->export_entities_array[$r] = array(
@@ -341,7 +343,8 @@ class modFournisseur extends DolibarrModules
's.ape'=>'company', 's.idprof4'=>'company', 's.idprof5'=>'company', 's.idprof6'=>'company', 's.code_compta'=>'company', 's.code_compta_fournisseur'=>'company', 's.tva_intra'=>'company', 'f.rowid'=>"invoice",
'f.ref'=>"invoice", 'f.ref_supplier'=>"invoice", 'f.datec'=>"invoice", 'f.datef'=>"invoice", 'f.date_lim_reglement'=>'invoice', 'f.total_ht'=>"invoice", 'f.total_ttc'=>"invoice", 'f.total_tva'=>"invoice",
'f.paye'=>"invoice", 'f.fk_statut'=>'invoice', 'f.note_public'=>"invoice", 'fd.rowid'=>'invoice_line', 'fd.description'=>"invoice_line", 'fd.tva_tx'=>"invoice_line", 'fd.qty'=>"invoice_line",
'fd.remise_percent'=>"invoice_line", 'fd.total_ht'=>"invoice_line", 'fd.total_ttc'=>"invoice_line", 'fd.tva'=>"invoice_line", 'fd.product_type'=>'invoice_line', 'fd.fk_product'=>'product',
'fd.remise_percent'=>"invoice_line", 'fd.total_ht'=>"invoice_line", 'fd.total_ttc'=>"invoice_line", 'fd.tva'=>"invoice_line", 'fd.date_start'=>"invoice_line", 'fd.date_end'=>"invoice_line", 'fd.special_code'=>"invoice_line",
'fd.product_type'=>'invoice_line', 'fd.fk_product'=>'product',
'p.ref'=>'product', 'p.label'=>'product', 'p.accountancy_code_buy'=>'product', 'project.rowid'=>'project', 'project.ref'=>'project', 'project.title'=>'project'
);
$this->export_dependencies_array[$r] = array('invoice_line'=>'fd.rowid', 'product'=>'fd.rowid'); // To add unique key if we ask a field of a child to avoid the DISTINCT to discard them
@@ -451,7 +454,8 @@ class modFournisseur extends DolibarrModules
'f.total_ht'=>"TotalHT", 'f.total_ttc'=>"TotalTTC", 'f.total_tva'=>"TotalVAT", 'f.fk_statut'=>'Status', 'f.date_valid'=>'DateValidation', 'f.date_approve'=>'DateApprove', 'f.date_approve2'=>'DateApprove2',
'f.note_public'=>"NotePublic", 'f.note_private'=>"NotePrivate", 'uv.login'=>'UserValidation', 'ua1.login'=>'ApprovedBy', 'ua2.login'=>'ApprovedBy2', 'fd.rowid'=>'LineId', 'fd.description'=>"LineDescription",
'fd.tva_tx'=>"LineVATRate", 'fd.qty'=>"LineQty", 'fd.remise_percent'=>"Discount", 'fd.total_ht'=>"LineTotalHT", 'fd.total_ttc'=>"LineTotalTTC",
'fd.total_tva'=>"LineTotalVAT", 'fd.product_type'=>'TypeOfLineServiceOrProduct', 'fd.ref'=>'RefSupplier', 'fd.fk_product'=>'ProductId',
'fd.total_tva'=>"LineTotalVAT", 'fd.date_start'=>"DateStart", 'fd.date_end'=>"DateEnd", 'fd.special_code'=>'SpecialCode',
'fd.product_type'=>'TypeOfLineServiceOrProduct', 'fd.ref'=>'RefSupplier', 'fd.fk_product'=>'ProductId',
'p.ref'=>'ProductRef', 'p.label'=>'ProductLabel', 'project.rowid'=>'ProjectId', 'project.ref'=>'ProjectRef', 'project.title'=>'ProjectLabel'
);
if (!empty($conf->multicurrency->enabled)) {
@@ -471,13 +475,15 @@ class modFournisseur extends DolibarrModules
'f.date_creation'=>"Date", 'f.date_commande'=>"Date", 'f.date_livraison'=>"Date", 'f.total_ht'=>"Numeric", 'f.total_ttc'=>"Numeric", 'f.total_tva'=>"Numeric",
'f.fk_statut'=>'Status', 'f.date_valid'=>'Date', 'f.date_approve'=>'Date', 'f.date_approve2'=>'Date', 'f.note_public'=>"Text", 'f.note_private'=>"Text", 'fd.description'=>"Text",
'fd.tva_tx'=>"Numeric", 'fd.qty'=>"Numeric", 'fd.remise_percent'=>"Numeric", 'fd.total_ht'=>"Numeric", 'fd.total_ttc'=>"Numeric", 'fd.total_tva'=>"Numeric",
'fd.date_start'=>"Date", 'fd.date_end'=>"Date", 'fd.special_code'=>"Numeric",
'fd.product_type'=>'Numeric', 'fd.ref'=>'Text', 'fd.fk_product'=>'List:product:label', 'p.ref'=>'Text', 'p.label'=>'Text', 'project.ref'=>'Text', 'project.title'=>'Text'
);
$this->export_entities_array[$r] = array(
's.rowid'=>"company", 's.nom'=>'company', 'ps.nom'=>'company', 's.address'=>'company', 's.zip'=>'company', 's.town'=>'company', 'c.code'=>'company', 's.phone'=>'company', 's.siren'=>'company',
's.siret'=>'company', 's.ape'=>'company', 's.idprof4'=>'company', 's.idprof5'=>'company', 's.idprof6'=>'company', 's.tva_intra'=>'company', 'uv.login'=>'user', 'ua1.login'=>'user',
'ua2.login'=>'user', 'fd.rowid'=>'order_line', 'fd.description'=>"order_line", 'fd.tva_tx'=>"order_line", 'fd.qty'=>"order_line", 'fd.remise_percent'=>"order_line",
'fd.total_ht'=>"order_line", 'fd.total_ttc'=>"order_line", 'fd.total_tva'=>"order_line", 'fd.product_type'=>'order_line', 'fd.ref'=>'order_line', 'fd.fk_product'=>'product',
'fd.total_ht'=>"order_line", 'fd.total_ttc'=>"order_line", 'fd.total_tva'=>"order_line", 'fd.date_start'=>"order_line", 'fd.date_end'=>"order_line", 'fd.special_code'=>"order_line",
'fd.product_type'=>'order_line', 'fd.ref'=>'order_line', 'fd.fk_product'=>'product',
'p.ref'=>'product', 'p.label'=>'product', 'project.rowid'=>'project', 'project.ref'=>'project', 'project.title'=>'project'
);
$this->export_dependencies_array[$r] = array('order_line'=>'fd.rowid', 'product'=>'fd.rowid'); // To add unique key if we ask a field of a child to avoid the DISTINCT to discard them

2
htdocs/core/tpl/admin_extrafields_view.tpl.php
View File

@@ -73,7 +73,7 @@ print "</tr>\n";
if (isset($extrafields->attributes[$elementtype]['type']) && is_array($extrafields->attributes[$elementtype]['type']) && count($extrafields->attributes[$elementtype]['type'])) {
foreach ($extrafields->attributes[$elementtype]['type'] as $key => $value) {
/*if (! dol_eval($extrafields->attributes[$elementtype]['enabled'][$key], 1)) {
/*if (! dol_eval($extrafields->attributes[$elementtype]['enabled'][$key], 1, 1, '1')) {
// TODO Uncomment this to exclude extrafields of modules not enabled. Add a link to "Show extrafields disabled"
// continue;
}*/

4
htdocs/core/tpl/extrafields_list_array_fields.tpl.php
View File

@@ -23,9 +23,9 @@ if (!empty($extrafieldsobjectkey)) { // $extrafieldsobject is the $object->table
$arrayfields[$extrafieldsobjectprefix.$key] = array(
'label' => $extrafields->attributes[$extrafieldsobjectkey]['label'][$key],
'type' => $extrafields->attributes[$extrafieldsobjectkey]['type'][$key],
'checked' => ((dol_eval($extrafields->attributes[$extrafieldsobjectkey]['list'][$key], 1) <= 0) ? 0 : 1),
'checked' => ((dol_eval($extrafields->attributes[$extrafieldsobjectkey]['list'][$key], 1, 1, '1') <= 0) ? 0 : 1),
'position' => $extrafields->attributes[$extrafieldsobjectkey]['pos'][$key],
'enabled' => (abs((int) $extrafields->attributes[$extrafieldsobjectkey]['list'][$key]) != 3 && dol_eval($extrafields->attributes[$extrafieldsobjectkey]['perms'][$key], 1)),
'enabled' => (abs((int) $extrafields->attributes[$extrafieldsobjectkey]['list'][$key]) != 3 && dol_eval($extrafields->attributes[$extrafieldsobjectkey]['perms'][$key], 1, 1, '1')),
'langfile' => $extrafields->attributes[$extrafieldsobjectkey]['langfile'][$key],
'help' => $extrafields->attributes[$extrafieldsobjectkey]['help'][$key],
);

2
htdocs/core/tpl/extrafields_list_print_fields.tpl.php
View File

@@ -38,7 +38,7 @@ if (!empty($extrafieldsobjectkey) && !empty($extrafields->attributes[$extrafield
//var_dump($extrafields->attributes[$extrafieldsobjectkey]['computed'][$key]);
//var_dump($obj);
//var_dump($extrafields->attributes[$extrafieldsobjectkey]['computed'][$key]);
$value = dol_eval($extrafields->attributes[$extrafieldsobjectkey]['computed'][$key], 1);
$value = dol_eval($extrafields->attributes[$extrafieldsobjectkey]['computed'][$key], 1, 1, '0');
//var_dump($value);
}