Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source 
Conflicts:
	htdocs/exports/class/export.class.php
This commit is contained in:
Laurent Destailleur
2020-02-17 12:35:34 +01:00
parent a02f5cde92 504a67daee
commit a6b0fec90b
13 changed files with 48 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/accountancy/class/bookkeeping.class.php
View File

@@ -1554,7 +1554,7 @@ class BookKeeping extends CommonObject
$sql .= " WHERE piece_num = ".$piecenum; $sql .= " WHERE piece_num = ".$piecenum;
$sql .= " AND entity IN (".getEntity('accountancy').")"; $sql .= " AND entity IN (".getEntity('accountancy').")";
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$result = $this->db->query($sql); $result = $this->db->query($sql);
if ($result) { if ($result) {
$obj = $this->db->fetch_object($result); $obj = $this->db->fetch_object($result);
@@ -1568,7 +1568,7 @@ class BookKeeping extends CommonObject
$this->date_creation = $obj->date_creation; $this->date_creation = $obj->date_creation;
} else { } else {
$this->error = "Error ".$this->db->lasterror(); $this->error = "Error ".$this->db->lasterror();
dol_syslog(get_class($this)."::".__METHOD__.$this->error, LOG_ERR); dol_syslog(__METHOD__.$this->error, LOG_ERR);
return -1; return -1;
} }
@@ -1622,7 +1622,7 @@ class BookKeeping extends CommonObject
$sql .= " WHERE piece_num = ".$piecenum; $sql .= " WHERE piece_num = ".$piecenum;
$sql .= " AND entity IN (".getEntity('accountancy').")"; $sql .= " AND entity IN (".getEntity('accountancy').")";
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$result = $this->db->query($sql); $result = $this->db->query($sql);
if ($result) { if ($result) {
while ($obj = $this->db->fetch_object($result)) { while ($obj = $this->db->fetch_object($result)) {
@@ -1654,7 +1654,7 @@ class BookKeeping extends CommonObject
} }
} else { } else {
$this->error = "Error ".$this->db->lasterror(); $this->error = "Error ".$this->db->lasterror();
dol_syslog(get_class($this)."::".__METHOD__.$this->error, LOG_ERR); dol_syslog(__METHOD__.$this->error, LOG_ERR);
return -1; return -1;
} }

6
htdocs/comm/mailing/class/html.formadvtargetemailing.class.php
View File

@@ -297,7 +297,7 @@ class FormAdvTargetEmailing extends Form
$sql = "SELECT rowid, code, label as civilite, active FROM ".MAIN_DB_PREFIX."c_civility"; $sql = "SELECT rowid, code, label as civilite, active FROM ".MAIN_DB_PREFIX."c_civility";
$sql .= " WHERE active = 1"; $sql .= " WHERE active = 1";
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if ($resql) if ($resql)
{ {
@@ -385,7 +385,7 @@ class FormAdvTargetEmailing extends Form
$sql = "SELECT rowid, label FROM ".MAIN_DB_PREFIX."categorie"; $sql = "SELECT rowid, label FROM ".MAIN_DB_PREFIX."categorie";
$sql .= " WHERE type=".$type; $sql .= " WHERE type=".$type;
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if ($resql) if ($resql)
{ {
@@ -432,7 +432,7 @@ class FormAdvTargetEmailing extends Form
$sql .= " WHERE type_element='$type_element'"; $sql .= " WHERE type_element='$type_element'";
$sql .= " ORDER BY c.name"; $sql .= " ORDER BY c.name";
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if ($resql) { if ($resql) {
$out .= '<select id="'.$htmlname.'" class="flat'.($morecss?' '.$morecss:'').'" name="'.$htmlname.'">'; $out .= '<select id="'.$htmlname.'" class="flat'.($morecss?' '.$morecss:'').'" name="'.$htmlname.'">';

8
htdocs/contact/class/contact.class.php
View File

@@ -1606,7 +1606,7 @@ class Contact extends CommonObject
$sql .= " AND tc.source = 'external' AND tc.active=1"; $sql .= " AND tc.source = 'external' AND tc.active=1";
$sql .= " AND sc.entity IN (".getEntity('societe').')'; $sql .= " AND sc.entity IN (".getEntity('societe').')';
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$this->roles = array(); $this->roles = array();
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
@@ -1655,7 +1655,7 @@ class Contact extends CommonObject
$sql .= " AND tc.element='".$element."'"; $sql .= " AND tc.element='".$element."'";
$sql .= " AND tc.active=1"; $sql .= " AND tc.active=1";
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if ($resql) if ($resql)
{ {
@@ -1695,7 +1695,7 @@ class Contact extends CommonObject
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".$this->socid." AND fk_socpeople=".$this->id; ; $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".$this->socid." AND fk_socpeople=".$this->id; ;
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$result = $this->db->query($sql); $result = $this->db->query($sql);
if (!$result) { if (!$result) {
$this->errors[] = $this->db->lasterror().' sql='.$sql; $this->errors[] = $this->db->lasterror().' sql='.$sql;
@@ -1715,7 +1715,7 @@ class Contact extends CommonObject
$sql .= $valRoles." , "; $sql .= $valRoles." , ";
$sql .= $this->id; $sql .= $this->id;
$sql .= ")"; $sql .= ")";
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$result = $this->db->query($sql); $result = $this->db->query($sql);
if (!$result) if (!$result)

8
htdocs/core/class/commonobject.class.php
View File

@@ -1103,7 +1103,7 @@ abstract class CommonObject
* Get array of all contacts for an object * Get array of all contacts for an object
* *
* @param int $status Status of links to get (-1=all) * @param int $status Status of links to get (-1=all)
* @param string $source Source of contact: external or thirdparty (llx_socpeople) or internal (llx_user) * @param string $source Source of contact: 'external' or 'thirdparty' (llx_socpeople) or 'internal' (llx_user)
* @param int $list 0:Return array contains all properties, 1:Return array contains just id * @param int $list 0:Return array contains all properties, 1:Return array contains just id
* @param string $code Filter on this code of contact type ('SHIPPING', 'BILLING', ...) * @param string $code Filter on this code of contact type ('SHIPPING', 'BILLING', ...)
* @return array|int Array of contacts, -1 if error * @return array|int Array of contacts, -1 if error
@@ -1306,7 +1306,7 @@ abstract class CommonObject
$sql .= $this->db->order('tc.element, tc.position', 'ASC'); $sql .= $this->db->order('tc.element, tc.position', 'ASC');
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if ($resql) { if ($resql) {
$num = $this->db->num_rows($resql); $num = $this->db->num_rows($resql);
@@ -1730,7 +1730,7 @@ abstract class CommonObject
$sql .= " WHERE ".$id_field." = ".$id; $sql .= " WHERE ".$id_field." = ".$id;
dol_syslog(get_class($this)."::".__FUNCTION__."", LOG_DEBUG); dol_syslog(__METHOD__."", LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if ($resql) if ($resql)
{ {
@@ -5587,7 +5587,7 @@ abstract class CommonObject
if ($error) if ($error)
{ {
dol_syslog(get_class($this)."::".__METHOD__.$this->error, LOG_ERR); dol_syslog(__METHOD__.$this->error, LOG_ERR);
$this->db->rollback(); $this->db->rollback();
return -1; return -1;
} }

4
htdocs/core/class/html.formaccounting.class.php
View File

@@ -461,12 +461,12 @@ class FormAccounting extends Form
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping";
$sql .= " WHERE entity IN (".getEntity('accountancy').")"; $sql .= " WHERE entity IN (".getEntity('accountancy').")";
$sql .= " ORDER BY date_format(doc_date, '%Y')"; $sql .= " ORDER BY date_format(doc_date, '%Y')";
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if (!$resql) { if (!$resql) {
$this->error = "Error ".$this->db->lasterror(); $this->error = "Error ".$this->db->lasterror();
dol_syslog(get_class($this)."::".__METHOD__.$this->error, LOG_ERR); dol_syslog(__METHOD__.$this->error, LOG_ERR);
return -1; return -1;
} }
while ($obj = $this->db->fetch_object($resql)) { while ($obj = $this->db->fetch_object($resql)) {

2
htdocs/core/lib/functions.lib.php
View File

@@ -818,7 +818,7 @@ function dol_buildpath($path, $type = 0, $returnemptyifnotfound = 0)
* With native = 1: Use PHP clone. Property that are reference are same pointer. This means $this->db of new object is still valid but point to same this->db than original object. * With native = 1: Use PHP clone. Property that are reference are same pointer. This means $this->db of new object is still valid but point to same this->db than original object.
* *
* @param object $object Object to clone * @param object $object Object to clone
* @param int $native Native method or full isolation method * @param int $native 0=Full isolation method, 1=Native PHP method
* @return object Clone object * @return object Clone object
* @see https://php.net/manual/language.oop5.cloning.php * @see https://php.net/manual/language.oop5.cloning.php
*/ */

10
htdocs/core/modules/mailings/modules_mailings.php
View File

@@ -187,7 +187,7 @@ class MailingTargets // This can't be abstract as it is used for some method
$sql.= (empty($targetarray['source_id']) ? 'null' : "'".$this->db->escape($targetarray['source_id'])."'").","; $sql.= (empty($targetarray['source_id']) ? 'null' : "'".$this->db->escape($targetarray['source_id'])."'").",";
$sql .= "'".$this->db->escape(dol_hash($targetarray['email'].';'.$targetarray['lastname'].';'.$mailing_id.';'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY))."',"; $sql .= "'".$this->db->escape(dol_hash($targetarray['email'].';'.$targetarray['lastname'].';'.$mailing_id.';'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY))."',";
$sql .= "'".$this->db->escape($targetarray['source_type'])."')"; $sql .= "'".$this->db->escape($targetarray['source_type'])."')";
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$result=$this->db->query($sql); $result=$this->db->query($sql);
if ($result) if ($result)
{ {
@@ -207,7 +207,7 @@ class MailingTargets // This can't be abstract as it is used for some method
} }
} }
dol_syslog(get_class($this)."::".__METHOD__.": mailing ".$j." targets added"); dol_syslog(__METHOD__.": mailing ".$j." targets added");
/* /*
//Update the status to show thirdparty mail that don't want to be contacted anymore' //Update the status to show thirdparty mail that don't want to be contacted anymore'
@@ -215,7 +215,7 @@ class MailingTargets // This can't be abstract as it is used for some method
$sql .= " SET statut=3"; $sql .= " SET statut=3";
$sql .= " WHERE fk_mailing=".$mailing_id." AND email in (SELECT email FROM ".MAIN_DB_PREFIX."societe where fk_stcomm=-1)"; $sql .= " WHERE fk_mailing=".$mailing_id." AND email in (SELECT email FROM ".MAIN_DB_PREFIX."societe where fk_stcomm=-1)";
$sql .= " AND source_type='thirdparty'"; $sql .= " AND source_type='thirdparty'";
dol_syslog(get_class($this)."::".__METHOD__.": mailing update status to display thirdparty mail that do not want to be contacted"); dol_syslog(__METHOD__.": mailing update status to display thirdparty mail that do not want to be contacted");
$result=$this->db->query($sql); $result=$this->db->query($sql);
//Update the status to show contact mail that don't want to be contacted anymore' //Update the status to show contact mail that don't want to be contacted anymore'
@@ -223,7 +223,7 @@ class MailingTargets // This can't be abstract as it is used for some method
$sql .= " SET statut=3"; $sql .= " SET statut=3";
$sql .= " WHERE fk_mailing=".$mailing_id." AND source_type='contact' AND (email in (SELECT sc.email FROM ".MAIN_DB_PREFIX."socpeople AS sc "; $sql .= " WHERE fk_mailing=".$mailing_id." AND source_type='contact' AND (email in (SELECT sc.email FROM ".MAIN_DB_PREFIX."socpeople AS sc ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe s ON s.rowid=sc.fk_soc WHERE s.fk_stcomm=-1 OR no_email=1))"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe s ON s.rowid=sc.fk_soc WHERE s.fk_stcomm=-1 OR no_email=1))";
dol_syslog(get_class($this)."::".__METHOD__.": mailing update status to display contact mail that do not want to be contacted",LOG_DEBUG); dol_syslog(__METHOD__.": mailing update status to display contact mail that do not want to be contacted",LOG_DEBUG);
$result=$this->db->query($sql); $result=$this->db->query($sql);
*/ */
@@ -231,7 +231,7 @@ class MailingTargets // This can't be abstract as it is used for some method
$sql .= " SET statut=3"; $sql .= " SET statut=3";
$sql .= " WHERE fk_mailing=".$mailing_id." AND email IN (SELECT mu.email FROM ".MAIN_DB_PREFIX."mailing_unsubscribe AS mu WHERE mu.entity IN ('".getEntity('mailing')."'))"; $sql .= " WHERE fk_mailing=".$mailing_id." AND email IN (SELECT mu.email FROM ".MAIN_DB_PREFIX."mailing_unsubscribe AS mu WHERE mu.entity IN ('".getEntity('mailing')."'))";
dol_syslog(get_class($this)."::".__METHOD__.":mailing update status to display emails that do not want to be contacted anymore", LOG_DEBUG); dol_syslog(__METHOD__.":mailing update status to display emails that do not want to be contacted anymore", LOG_DEBUG);
$result=$this->db->query($sql); $result=$this->db->query($sql);
if (! $result) if (! $result)
{ {

4
htdocs/exports/class/export.class.php
View File

@@ -547,7 +547,7 @@ class Export
$indice = 0; $indice = 0;
asort($array_selected); asort($array_selected);
dol_syslog(get_class($this)."::".__FUNCTION__." ".$model.", ".$datatoexport.", ".implode(",", $array_selected)); dol_syslog(__METHOD__." ".$model.", ".$datatoexport.", ".implode(",", $array_selected));
// Check parameters or context properties // Check parameters or context properties
if (empty($this->array_export_fields) || !is_array($this->array_export_fields)) if (empty($this->array_export_fields) || !is_array($this->array_export_fields))
@@ -588,7 +588,7 @@ class Export
// Run the sql // Run the sql
$this->sqlusedforexport = $sql; $this->sqlusedforexport = $sql;
dol_syslog(get_class($this)."::".__FUNCTION__."", LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if ($resql) if ($resql)
{ {

2
htdocs/product/class/product.class.php
View File

@@ -1457,7 +1457,7 @@ class Product extends CommonObject
$sql .= "$field = '".$this->db->escape($value)."'"; $sql .= "$field = '".$this->db->escape($value)."'";
$sql .= " WHERE rowid = ".$this->id; $sql .= " WHERE rowid = ".$this->id;
dol_syslog(get_class($this)."::".__FUNCTION__." sql=".$sql, LOG_DEBUG); dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if ($resql) { if ($resql) {

14
htdocs/product/class/propalmergepdfproduct.class.php
View File

@@ -120,7 +120,7 @@ class Propalmergepdfproduct extends CommonObject
$this->db->begin(); $this->db->begin();
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql=$this->db->query($sql); $resql=$this->db->query($sql);
if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); } if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); }
@@ -187,7 +187,7 @@ class Propalmergepdfproduct extends CommonObject
$sql.= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t"; $sql.= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t";
$sql.= " WHERE t.rowid = ".$id; $sql.= " WHERE t.rowid = ".$id;
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql=$this->db->query($sql); $resql=$this->db->query($sql);
if ($resql) if ($resql)
{ {
@@ -252,7 +252,7 @@ class Propalmergepdfproduct extends CommonObject
$sql.= " AND t.lang = '".$lang."'"; $sql.= " AND t.lang = '".$lang."'";
} }
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql=$this->db->query($sql); $resql=$this->db->query($sql);
if ($resql) if ($resql)
{ {
@@ -332,7 +332,7 @@ class Propalmergepdfproduct extends CommonObject
$this->db->begin(); $this->db->begin();
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); } if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); }
@@ -406,7 +406,7 @@ class Propalmergepdfproduct extends CommonObject
$sql = "DELETE FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product"; $sql = "DELETE FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product";
$sql.= " WHERE rowid=".$this->id; $sql.= " WHERE rowid=".$this->id;
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); } if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); }
} }
@@ -472,7 +472,7 @@ class Propalmergepdfproduct extends CommonObject
$sql.= " AND lang='".$lang_id."'"; $sql.= " AND lang='".$lang_id."'";
} }
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); } if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); }
} }
@@ -531,7 +531,7 @@ class Propalmergepdfproduct extends CommonObject
$sql = "DELETE FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product"; $sql = "DELETE FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product";
$sql.= " WHERE fk_product=".$this->fk_product." AND file_name='".$this->db->escape($this->file_name)."'"; $sql.= " WHERE fk_product=".$this->fk_product." AND file_name='".$this->db->escape($this->file_name)."'";
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); } if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); }
} }

2
htdocs/supplier_proposal/class/supplier_proposal.class.php
View File

@@ -2834,7 +2834,7 @@ class SupplierProposalLine extends CommonObjectLine
// From llx_product // From llx_product
/** /**
* @deprecated * @deprecated
* @see product_ref * @see $product_ref
*/ */
public $ref; public $ref;

2
htdocs/user/class/user.class.php
View File

@@ -3362,7 +3362,7 @@ class User extends CommonObject
$sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->order($sortfield, $sortorder);
if ($limit) $sql .= $this->db->plimit($limit + 1, $offset); if ($limit) $sql .= $this->db->plimit($limit + 1, $offset);
dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if ($resql) if ($resql)

13
test/phpunit/CodingPhpTest.php
View File

@@ -158,6 +158,19 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
$filecontent=file_get_contents($file['fullname']); $filecontent=file_get_contents($file['fullname']);
$ok=true;
$matches=array();
// Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
preg_match_all('/'.preg_quote('get_class($this)."::".__METHOD__', '/').'/', $filecontent, $matches, PREG_SET_ORDER);
foreach($matches as $key => $val)
{
$ok=false;
break;
}
//print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
$this->assertTrue($ok, 'Found string get_class($this)."::".__METHOD__ that must be replaced with __METHOD__ only in '.$file['fullname']);
//exit;
$ok=true; $ok=true;
$matches=array(); $matches=array();
// Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.