diff --git a/htdocs/accountancy/admin/subaccount.php b/htdocs/accountancy/admin/subaccount.php
index 086652a568c..fd6e33b6d00 100644
--- a/htdocs/accountancy/admin/subaccount.php
+++ b/htdocs/accountancy/admin/subaccount.php
@@ -20,7 +20,7 @@
/**
* \file htdocs/accountancy/admin/subaccount.php
* \ingroup Accountancy (Double entries)
- * \brief List accounting sub-account
+ * \brief List of accounting sub-account (auxiliary accounts)
*/
require '../../main.inc.php';
@@ -184,7 +184,7 @@ if (strlen(trim($search_subaccount))) {
}
}
if (strlen(trim($search_label))) $sql .= natural_search("sa.nom", $search_label);
-if (!empty($search_type) && $search_type >= 0) $sql .= " HAVING type LIKE '".$search_type."'";
+if (!empty($search_type) && $search_type >= 0) $sql .= " HAVING type LIKE '".$db->escape($search_type)."'";
// User
$sql .= " UNION ";
@@ -226,7 +226,7 @@ if (strlen(trim($search_subaccount))) {
}
}
if (strlen(trim($search_label))) $sql .= natural_search("u.lastname", $search_label);
-if (!empty($search_type) && $search_type >= 0) $sql .= " HAVING type LIKE '".$search_type."'";
+if (!empty($search_type) && $search_type >= 0) $sql .= " HAVING type LIKE '".$db->escape($search_type)."'";
$sql .= $db->order($sortfield, $sortorder);
diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php
index cfd2d67ea4e..1e09d3f0beb 100644
--- a/htdocs/comm/index.php
+++ b/htdocs/comm/index.php
@@ -179,8 +179,8 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$companystatic->code_compta = $obj->code_compta;
print '';
- print '| '.$propalstatic->getNomUrl(1).' | ';
- print ''.$companystatic->getNomUrl(1, 'customer', 16).' | ';
+ print ''.$propalstatic->getNomUrl(1).' | ';
+ print ''.$companystatic->getNomUrl(1, 'customer').' | ';
print ''.price((!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc)).' | ';
print '
';
@@ -243,8 +243,8 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
$companystatic->email = $obj->email;
print '';
- print '| '.$supplierproposalstatic->getNomUrl(1).' | ';
- print ''.$companystatic->getNomUrl(1, 'supplier', 16).' | ';
+ print ''.$supplierproposalstatic->getNomUrl(1).' | ';
+ print ''.$companystatic->getNomUrl(1, 'supplier').' | ';
print ''.price(!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc).' | ';
print '
';
@@ -308,8 +308,8 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$companystatic->entity = $obj->entity;
print '';
- print '| '.$orderstatic->getNomUrl(1).' | ';
- print ''.$companystatic->getNomUrl(1, 'customer', 16).' | ';
+ print ''.$orderstatic->getNomUrl(1).' | ';
+ print ''.$companystatic->getNomUrl(1, 'customer').' | ';
print ''.price(!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc).' | ';
print '
';
@@ -373,8 +373,8 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$companystatic->email = $obj->email;
print '';
- print '| '.$supplierorderstatic->getNomUrl(1).' | ';
- print ''.$companystatic->getNomUrl(1, 'supplier', 16).' | ';
+ print ''.$supplierorderstatic->getNomUrl(1).' | ';
+ print ''.$companystatic->getNomUrl(1, 'supplier').' | ';
print ''.price(!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc).' | ';
print '
';
@@ -441,7 +441,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) {
$companystatic->email = $objp->email;
print '';
- print '| '.$companystatic->getNomUrl(1, 'customer', 48).' | ';
+ print ''.$companystatic->getNomUrl(1, 'customer').' | ';
print ''.$companystatic->getLibCustProspStatut().' | ';
print ''.dol_print_date($db->jdate($objp->tms), 'day').' | ';
print '
';
@@ -493,7 +493,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$companystatic->email = $objp->email;
print '';
- print '| '.$companystatic->getNomUrl(1, 'supplier', 44).' | ';
+ print ''.$companystatic->getNomUrl(1, 'supplier').' | ';
print ''.dol_print_date($db->jdate($objp->dm), 'day').' | ';
print '
';
diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php
index 8c144f6bd71..3b40addde9d 100644
--- a/htdocs/compta/index.php
+++ b/htdocs/compta/index.php
@@ -213,11 +213,11 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire)
$companystatic->code_compta = $obj->code_compta;
$companystatic->code_compta_fournisseur = $obj->code_compta_fournisseur;
- print '| ';
+ print ' |
| ';
print $facturestatic->getNomUrl(1, '');
print ' | ';
- print '';
- print $companystatic->getNomUrl(1, 'customer', 16);
+ print ' | ';
+ print $companystatic->getNomUrl(1, 'customer');
print ' | ';
print ''.price($obj->total_ttc).' | ';
print '
';
@@ -305,11 +305,11 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$companystatic->code_compta = $obj->code_compta;
$companystatic->code_compta_fournisseur = $obj->code_compta_fournisseur;
- print '| ';
- print $facturesupplierstatic->getNomUrl(1, '', 16);
+ print ' |
| ';
+ print $facturesupplierstatic->getNomUrl(1, '');
print ' | ';
- print '';
- print $companystatic->getNomUrl(1, 'supplier', 16);
+ print ' | ';
+ print $companystatic->getNomUrl(1, 'supplier');
print ' | ';
print ''.price($obj->total_ttc).' | ';
print '
';
@@ -550,11 +550,11 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$thirdpartystatic->code_compta = '';
$thirdpartystatic->code_compta_fournisseur = $obj->code_compta_fournisseur;
- print '| ';
+ print ' |
| ';
print $facstatic->getNomUrl(1, '');
print ' | ';
- print '';
- print $thirdpartystatic->getNomUrl(1, 'supplier', 44);
+ print ' | ';
+ print $thirdpartystatic->getNomUrl(1, 'supplier');
print ' | ';
if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) print ''.price($obj->total_ht).' | ';
print ''.price($obj->total_ttc).' | ';
@@ -647,7 +647,7 @@ if (!empty($conf->don->enabled) && $user->rights->don->lire)
$label = $donationstatic->getFullName($langs);
if ($objp->societe) $label .= ($label ? ' - ' : '').$objp->societe;
- print '
';
+ print '
';
print '| '.$donationstatic->getNomUrl(1).' | ';
print ''.$label.' | ';
print ''.price($objp->amount).' | ';
@@ -734,7 +734,7 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire)
$chargestatic->paye = $obj->paye;
print '
';
- print '| '.$chargestatic->getNomUrl(1).' | ';
+ print ''.$chargestatic->getNomUrl(1).' | ';
print ''.dol_print_date($db->jdate($obj->date_ech), 'day').' | ';
print ''.price($obj->amount).' | ';
print ''.price($obj->sumpaid).' | ';
@@ -875,8 +875,8 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user
print '';
- print '';
- print $societestatic->getNomUrl(1, 'customer', 44);
+ print ' | ';
+ print $societestatic->getNomUrl(1, 'customer');
print ' | ';
if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) print ''.price($obj->total_ht).' | ';
print ''.price($obj->total_ttc).' | ';
@@ -1022,8 +1022,8 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire)
print '
';
print '';
- print '';
- print $societestatic->getNomUrl(1, 'customer', 44);
+ print ' | ';
+ print $societestatic->getNomUrl(1, 'customer');
print ' | ';
print ''.dol_print_date($db->jdate($obj->datelimite), 'day').' | ';
if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) print ''.price($obj->total_ht).' | ';
@@ -1157,10 +1157,10 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$societestatic->code_compta = $obj->code_compta;
$societestatic->code_compta_fournisseur = $obj->code_compta_fournisseur;
- print '| ';
+ print ' |
| ';
print $facstatic->getNomUrl(1, '');
print ' | ';
- print ''.$societestatic->getNomUrl(1, 'supplier', 44).' | ';
+ print ''.$societestatic->getNomUrl(1, 'supplier').' | ';
print ''.dol_print_date($db->jdate($obj->date_lim_reglement), 'day').' | ';
if (!empty($conf->global->MAIN_SHOW_HT_ON_SUMMARY)) print ''.price($obj->total_ht).' | ';
print ''.price($obj->total_ttc).' | ';
diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php
index cb290a49c07..12a39c1384a 100644
--- a/htdocs/core/db/DoliDB.class.php
+++ b/htdocs/core/db/DoliDB.class.php
@@ -106,12 +106,17 @@ abstract class DoliDB implements Database
/**
* Sanitize a string for SQL forging
*
- * @param string $stringtosanitize String to escape
+ * @param string $stringtosanitize String to escape
+ * @param int $allowsimplequote Allow simple quote
* @return string String escaped
*/
- public function sanitize($stringtosanitize)
+ public function sanitize($stringtosanitize, $allowsimplequote = 0)
{
- return preg_replace('/[^a-z0-9_\-\.,]/i', '', $stringtosanitize);
+ if ($allowsimplequote) {
+ return preg_replace('/[^a-z0-9_\-\.,\']/i', '', $stringtosanitize);
+ } else {
+ return preg_replace('/[^a-z0-9_\-\.,]/i', '', $stringtosanitize);
+ }
}
/**
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index bdd6b0c976d..7538c69465b 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -7828,7 +7828,7 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
$listofcodes .= "'".$db->escape($val)."'";
}
}
- $newres .= ($i2 > 0 ? ' OR ' : '').$field." ".($mode == -3 ? 'NOT ' : '')."IN (".$db->sanitize($listofcodes).")";
+ $newres .= ($i2 > 0 ? ' OR ' : '').$field." ".($mode == -3 ? 'NOT ' : '')."IN (".$db->sanitize($listofcodes, 1).")";
$i2++; // a criteria was added to string
}
if ($mode == -3) $newres .= ' OR '.$field.' IS NULL';
diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php
index 96bf875bf3b..2b6fe278b65 100644
--- a/htdocs/theme/eldy/global.inc.php
+++ b/htdocs/theme/eldy/global.inc.php
@@ -1811,8 +1811,8 @@ td.nobordernopadding.widthpictotitle.col-picto {
color: #999;
}
+/*
span.widthpictotitle.pictotitle {
- /* background: rgba(70, 3, 62, 0.5); */
background: var(--colortexttitlenotab);
opacity: 0.8;
color: #fff !important;
@@ -1821,10 +1821,12 @@ span.widthpictotitle.pictotitle {
min-width: 30px;
text-align: center;
}
+*/
.pictotitle {
margin-: 8px;
/* margin-bottom: 4px; */
}
+
.pictoobjectwidth {
width: 14px;
}
diff --git a/htdocs/theme/eldy/info-box.inc.php b/htdocs/theme/eldy/info-box.inc.php
index 8f189326ab3..0d3ee436bf4 100644
--- a/htdocs/theme/eldy/info-box.inc.php
+++ b/htdocs/theme/eldy/info-box.inc.php
@@ -315,14 +315,14 @@ if (GETPOSTISSET('THEME_SATURATE_RATIO')) $conf->global->THEME_SATURATE_RATIO =
.infobox-action{
color: #b06080 !important;
}
-.infobox-propal,
-.infobox-facture,
-.infobox-commande{
+.infobox-propal:not(.pictotitle),
+.infobox-facture:not(.pictotitle),
+.infobox-commande:not(.pictotitle) {
color: #65955d !important;
}
-.infobox-supplier_proposal,
-.infobox-invoice_supplier,
-.infobox-order_supplier{
+.infobox-supplier_proposal:not(.pictotitle),
+.infobox-invoice_supplier:not(.pictotitle),
+.infobox-order_supplier:not(.pictotitle){
color: #599caf !important;
}
.infobox-contrat, .infobox-ticket{