From 5a04b2393df0f549f57fca0d957c21291685e627 Mon Sep 17 00:00:00 2001 From: Eric Seigne Date: Mon, 15 Jan 2024 18:43:17 +0100 Subject: [PATCH 1/3] end fix #10417 : custom payment number for supplier invoices --- htdocs/core/lib/functions2.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index 066027aa24a..4c20f648932 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -973,7 +973,7 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ if (!is_object($objsoc)) { $valueforccc = $objsoc; - } elseif ($table == "commande_fournisseur" || $table == "facture_fourn") { + } elseif ($table == "commande_fournisseur" || $table == "facture_fourn" || $table == "paiementfourn") { $valueforccc = dol_string_unaccent($objsoc->code_fournisseur); } else { $valueforccc = dol_string_unaccent($objsoc->code_client); From 4c5d9f2742cc46bd064b51e68337662c486777a3 Mon Sep 17 00:00:00 2001 From: Thomas905 Date: Thu, 18 Jan 2024 13:56:46 +0100 Subject: [PATCH 2/3] add action update_extras to don card --- htdocs/don/card.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/htdocs/don/card.php b/htdocs/don/card.php index ae0e510d135..af3ea6525f2 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -308,6 +308,30 @@ if (empty($reshook)) { $object->setProject($projectid); } + if ($action == 'update_extras') { + $object->fetch($id); + + $object->oldcopy = dol_clone($object); + + // Fill array 'array_options' with data from update form + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); + + if ($ret < 0) { + $error++; + } + + if (!$error) { + $result = $object->insertExtraFields('DON_MODIFY'); + if ($result < 0) { + setEventMessages($object->error, $object->errors, 'errors'); + $error++; + } + } + + if ($error) { + $action = 'edit_extras'; + } + } // Actions to build doc include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; From bc14550dedc49d34e9209b6953dc00d374f705c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alo=C3=AFs=20Micard?= Date: Thu, 18 Jan 2024 14:55:45 +0100 Subject: [PATCH 3/3] FIX: Fix supplier invoice security check --- .../class/api_supplier_invoices.class.php | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/htdocs/fourn/class/api_supplier_invoices.class.php b/htdocs/fourn/class/api_supplier_invoices.class.php index 17146eecd35..39f2b09b372 100644 --- a/htdocs/fourn/class/api_supplier_invoices.class.php +++ b/htdocs/fourn/class/api_supplier_invoices.class.php @@ -380,15 +380,15 @@ class SupplierInvoices extends DolibarrApi throw new RestException(400, 'Invoice ID is mandatory'); } - if (!DolibarrApi::_checkAccessToResource('fournisseur', $this->invoice->id, 'facture_fourn', 'facture')) { - throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); - } - $result = $this->invoice->fetch($id); if (!$result) { throw new RestException(404, 'Invoice not found'); } + if (!DolibarrApi::_checkAccessToResource('fournisseur', $this->invoice->id, 'facture_fourn', 'facture')) { + throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); + } + $result = $this->invoice->getListOfPayments(); if ($result < 0) { throw new RestException(405, $this->invoice->error); @@ -429,6 +429,11 @@ class SupplierInvoices extends DolibarrApi throw new RestException(400, 'Invoice ID is mandatory'); } + $result = $this->invoice->fetch($id); + if (!$result) { + throw new RestException(404, 'Invoice not found'); + } + if (!DolibarrApi::_checkAccessToResource('fournisseur', $this->invoice->id, 'facture_fourn', 'facture')) { throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } @@ -443,12 +448,6 @@ class SupplierInvoices extends DolibarrApi throw new RestException(400, 'Payment mode ID is mandatory'); } - - $result = $this->invoice->fetch($id); - if (!$result) { - throw new RestException(404, 'Invoice not found'); - } - // Calculate amount to pay $totalpaid = $this->invoice->getSommePaiement(); $totaldeposits = $this->invoice->getSumDepositsUsed();