diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php index 3604d56edc1..431190327da 100644 --- a/htdocs/comm/propal.php +++ b/htdocs/comm/propal.php @@ -157,7 +157,7 @@ else if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights-> $result = $object->deleteline($lineid); // reorder lines if ($result) $object->line_order(true); - + // Define output language $outputlangs = $langs; $newlang=''; @@ -173,7 +173,7 @@ else if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights-> $ret=$object->fetch($id); // Reload to get new records propale_pdf_create($db, $object, $object->modelpdf, $outputlangs, GETPOST('hidedetails'), GETPOST('hidedesc'), GETPOST('hideref'), $hookmanager); } - + Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id); exit; } @@ -249,14 +249,14 @@ else if ($action == 'set_ref_client' && $user->rights->propale->creer) else if ($action == 'setnote_public' && $user->rights->propale->creer) { $object->fetch($id); - $result=$object->update_note_public(GETPOST('note_public','alpha')); + $result=$object->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } else if ($action == 'setnote' && $user->rights->propale->creer) { $object->fetch($id); - $result=$object->update_note(GETPOST('note','alpha')); + $result=$object->update_note(dol_html_entity_decode(GETPOST('note'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } @@ -1049,12 +1049,12 @@ if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) if ($action == 'addcontact' && $user->rights->propale->creer) { $result = $object->fetch($id); - + if ($result > 0 && $id > 0) { $result = $object->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]); } - + if ($result >= 0) { Header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); @@ -1073,7 +1073,7 @@ if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) } } } - + // Bascule du statut d'un contact else if ($action == 'swapstatut' && $user->rights->propale->creer) { @@ -1086,13 +1086,13 @@ if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) dol_print_error($db); } } - + // Efface un contact else if ($action == 'deletecontact' && $user->rights->propale->creer) { $object->fetch($id); $result = $object->delete_contact($lineid); - + if ($result >= 0) { Header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); @@ -1537,19 +1537,19 @@ if ($id > 0 || ! empty($ref)) // Statut print ''.$langs->trans('Status').''.$object->getLibStatut(4).''; - + print '
'; if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) { require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'); $formcompany= new FormCompany($db); - + $blocname = 'contacts'; $title = $langs->trans('ContactsAddresses'); include(DOL_DOCUMENT_ROOT.'/core/tpl/bloc_showhide.tpl.php'); } - + if (! empty($conf->global->MAIN_DISABLE_NOTES_TAB)) { $blocname = 'notes'; diff --git a/htdocs/comm/propal/note.php b/htdocs/comm/propal/note.php index 410ce6c8c09..da7e036fbab 100644 --- a/htdocs/comm/propal/note.php +++ b/htdocs/comm/propal/note.php @@ -50,14 +50,14 @@ $object = new Propal($db); if ($action == 'setnote_public' && $user->rights->propale->creer) { $object->fetch($id); - $result=$object->update_note_public(GETPOST('note_public','alpha')); + $result=$object->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } else if ($action == 'setnote' && $user->rights->propale->creer) { $object->fetch($id); - $result=$object->update_note(GETPOST('note','alpha')); + $result=$object->update_note(dol_html_entity_decode(GETPOST('note'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } @@ -142,11 +142,11 @@ if ($id > 0 || ! empty($ref)) } print ''; print ''; - + print ""; - + print '
'; - + include(DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'); print ''; diff --git a/htdocs/commande/fiche.php b/htdocs/commande/fiche.php index 2175e262a9e..976b62d9fb4 100644 --- a/htdocs/commande/fiche.php +++ b/htdocs/commande/fiche.php @@ -482,14 +482,14 @@ else if ($action == 'setremiseabsolue' && $user->rights->commande->creer) else if ($action == 'setnote_public' && $user->rights->commande->creer) { $object->fetch($id); - $result=$object->update_note_public(GETPOST('note_public','alpha')); + $result=$object->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } else if ($action == 'setnote' && $user->rights->commande->creer) { $object->fetch($id); - $result=$object->update_note(GETPOST('note','alpha')); + $result=$object->update_note(dol_html_entity_decode(GETPOST('note'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } @@ -1196,12 +1196,12 @@ if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) if ($action == 'addcontact' && $user->rights->commande->creer) { $result = $object->fetch($id); - + if ($result > 0 && $id > 0) { $result = $object->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]); } - + if ($result >= 0) { Header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); @@ -1220,7 +1220,7 @@ if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) } } } - + // bascule du statut d'un contact else if ($action == 'swapstatut' && $user->rights->commande->creer) { @@ -1233,13 +1233,13 @@ if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) dol_print_error($db); } } - + // Efface un contact else if ($action == 'deletecontact' && $user->rights->commande->creer) { $object->fetch($id); $result = $object->delete_contact($lineid); - + if ($result >= 0) { Header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); @@ -2007,20 +2007,20 @@ else print ''.$langs->trans('Status').''; print ''.$object->getLibStatut(4).''; print ''; - + print '
'; print "\n"; - + if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) { require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'); $formcompany= new FormCompany($db); - + $blocname = 'contacts'; $title = $langs->trans('ContactsAddresses'); include(DOL_DOCUMENT_ROOT.'/core/tpl/bloc_showhide.tpl.php'); } - + if (! empty($conf->global->MAIN_DISABLE_NOTES_TAB)) { $blocname = 'notes'; diff --git a/htdocs/commande/note.php b/htdocs/commande/note.php index d2bc4fafd33..614c28421a2 100644 --- a/htdocs/commande/note.php +++ b/htdocs/commande/note.php @@ -57,14 +57,14 @@ if (! $object->fetch($id, $ref) > 0) if ($action == 'setnote_public' && $user->rights->commande->creer) { $object->fetch($id); - $result=$object->update_note_public(GETPOST('note_public','alpha')); + $result=$object->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } else if ($action == 'setnote' && $user->rights->commande->creer) { $object->fetch($id); - $result=$object->update_note(GETPOST('note','alpha')); + $result=$object->update_note(dol_html_entity_decode(GETPOST('note'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } @@ -106,11 +106,11 @@ if ($id > 0 || ! empty($ref)) // Customer print "".$langs->trans("Company").""; print ''.$soc->getNomUrl(1).''; - + print ""; - + print '
'; - + include(DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'); print ''; diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index c09b02e05ba..439062a6517 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -161,7 +161,7 @@ else if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights-> { $object->fetch($id); $object->fetch_thirdparty(); - + $result = $object->deleteline($_GET['lineid'], $user); if ($result > 0) { @@ -313,14 +313,14 @@ else if ($action == 'set_ref_client' && $user->rights->facture->creer) else if ($action == 'setnote_public' && $user->rights->facture->creer) { $object->fetch($id); - $result=$object->update_note_public(GETPOST('note_public','alpha')); + $result=$object->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } else if ($action == 'setnote' && $user->rights->facture->creer) { $object->fetch($id); - $result=$object->update_note(GETPOST('note','alpha')); + $result=$object->update_note(dol_html_entity_decode(GETPOST('note'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } @@ -1511,12 +1511,12 @@ if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) if ($action == 'addcontact' && $user->rights->facture->creer) { $result = $object->fetch($id); - + if ($result > 0 && $id > 0) { $result = $object->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]); } - + if ($result >= 0) { Header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); @@ -1535,7 +1535,7 @@ if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) } } } - + // bascule du statut d'un contact else if ($action == 'swapstatut' && $user->rights->facture->creer) { @@ -1548,13 +1548,13 @@ if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) dol_print_error($db); } } - + // Efface un contact else if ($action == 'deletecontact' && $user->rights->facture->creer) { $object->fetch($id); $result = $object->delete_contact($lineid); - + if ($result >= 0) { Header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); @@ -2796,18 +2796,18 @@ else } print '
'; - + if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) { require_once(DOL_DOCUMENT_ROOT."/contact/class/contact.class.php"); require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'); $formcompany= new FormCompany($db); - + $blocname = 'contacts'; $title = $langs->trans('ContactsAddresses'); include(DOL_DOCUMENT_ROOT.'/core/tpl/bloc_showhide.tpl.php'); } - + if (! empty($conf->global->MAIN_DISABLE_NOTES_TAB)) { $blocname = 'notes'; diff --git a/htdocs/compta/facture/note.php b/htdocs/compta/facture/note.php index 5af401b11e8..80d6bf6ca53 100644 --- a/htdocs/compta/facture/note.php +++ b/htdocs/compta/facture/note.php @@ -52,14 +52,14 @@ $object->fetch($id); if ($action == 'setnote_public' && $user->rights->facture->creer) { $object->fetch($id); - $result=$object->update_note_public(GETPOST('note_public','alpha')); + $result=$object->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } else if ($action == 'setnote' && $user->rights->facture->creer) { $object->fetch($id); - $result=$object->update_note(GETPOST('note','alpha')); + $result=$object->update_note(dol_html_entity_decode(GETPOST('note'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } diff --git a/htdocs/contrat/note.php b/htdocs/contrat/note.php index 4f758b4c327..fb8c8caccb4 100644 --- a/htdocs/contrat/note.php +++ b/htdocs/contrat/note.php @@ -52,7 +52,7 @@ if ($_POST["action"] == 'update_public' && $user->rights->contrat->creer) { $db->begin(); - $res=$contrat->update_note_public($_POST["note_public"],$user); + $res=$contrat->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); if ($res < 0) { $mesg='
'.$contrat->error.'
'; @@ -68,7 +68,7 @@ if ($_POST["action"] == 'update' && $user->rights->contrat->creer) { $db->begin(); - $res=$contrat->update_note($_POST["note"],$user); + $res=$contrat->update_note(dol_html_entity_decode(GETPOST('note'), ENT_QUOTES)); if ($res < 0) { $mesg='
'.$contrat->error.'
'; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index c6c1fdfa79b..ddab9fb1e21 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -861,7 +861,7 @@ abstract class CommonObject return -1; } } - + /** * Change the payments methods * @@ -876,11 +876,11 @@ abstract class CommonObject // TODO uniformize field name $fieldname = 'fk_mode_reglement'; if ($this->element == 'societe') $fieldname = 'mode_reglement'; - + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.$id; $sql .= ' WHERE rowid='.$this->id; - + if ($this->db->query($sql)) { $this->mode_reglement_id = $id; @@ -901,7 +901,7 @@ abstract class CommonObject return -2; } } - + /** * Change the payments terms * @@ -916,11 +916,11 @@ abstract class CommonObject // TODO uniformize field name $fieldname = 'fk_cond_reglement'; if ($this->element == 'societe') $fieldname = 'cond_reglement'; - + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.$id; $sql .= ' WHERE rowid='.$this->id; - + if ($this->db->query($sql)) { $this->cond_reglement_id = $id; @@ -941,7 +941,7 @@ abstract class CommonObject return -2; } } - + /** * Define delivery address * @@ -952,10 +952,10 @@ abstract class CommonObject { $fieldname = 'fk_adresse_livraison'; if ($this->element == 'delivery' || $this->element == 'shipping') $fieldname = 'fk_address'; - + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ".$fieldname." = ".$id; $sql.= " WHERE rowid = ".$this->id." AND fk_statut = 0"; - + if ($this->db->query($sql)) { $this->fk_delivery_address = $id; @@ -968,7 +968,7 @@ abstract class CommonObject return -1; } } - + /** * Set last model used by doc generator * @@ -1390,7 +1390,8 @@ abstract class CommonObject dol_syslog(get_class($this)."::update_note sql=".$sql, LOG_DEBUG); if ($this->db->query($sql)) { - $this->note = $note; + $this->note = $note; // deprecated + $this->note_private = $note; return 1; } else @@ -1574,7 +1575,7 @@ abstract class CommonObject { $origin = (! empty($origin) ? $origin : $this->origin); $origin_id = (! empty($origin_id) ? $origin_id : $this->origin_id); - + $this->db->begin(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."element_element ("; @@ -1826,7 +1827,7 @@ abstract class CommonObject { $elementId = (!empty($elementId)?$elementId:$this->id); $elementTable = (!empty($elementType)?$elementType:$this->table_element); - + $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX.$elementTable; @@ -2127,7 +2128,7 @@ abstract class CommonObject dol_syslog(get_class($this).'::hasProductsOrServices we found '.$nb.' qualified lines of products/servcies'); return $nb; } - + /** * Set extra parameters * @@ -2136,11 +2137,11 @@ abstract class CommonObject function setExtraParameters() { $this->db->begin(); - + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql.= ' SET extraparams = "'.$this->db->escape(dol_json_encode($this->extraparams)).'"'; $sql.= ' WHERE rowid = '.$this->id; - + dol_syslog(get_class($this)."::setExtraParameters sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); if (! $resql) @@ -2156,7 +2157,7 @@ abstract class CommonObject return 1; } } - + // -------------------- // TODO: All functions here must be redesigned and moved as they are not business functions but output functions diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 666a3233374..38abb60ee7c 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -3178,7 +3178,7 @@ function picto_required() function dol_string_nohtmltag($StringHtml,$removelinefeed=1,$pagecodeto='UTF-8') { $pattern = "/<[^>]+>/"; - $temp = dol_entity_decode($StringHtml,$pagecodeto); + $temp = dol_html_entity_decode($StringHtml,ENT_COMPAT,$pagecodeto); $temp = preg_replace($pattern,"",$temp); // Supprime aussi les retours @@ -3283,19 +3283,6 @@ function dol_htmlcleanlastbr($stringtodecode) return $ret; } -/** - * This function is called to decode a string with HTML entities (it decodes entities tags) - * - * @param string $stringhtml stringhtml - * @param string $pagecodeto Encoding of input string - * @return string decodestring - */ -function dol_entity_decode($stringhtml,$pagecodeto='UTF-8') -{ - $ret=dol_html_entity_decode($stringhtml,ENT_COMPAT,$pagecodeto); - return $ret; -} - /** * Replace html_entity_decode functions to manage errors * @@ -3304,7 +3291,7 @@ function dol_entity_decode($stringhtml,$pagecodeto='UTF-8') * @param string $c Operand c * @return string String decoded */ -function dol_html_entity_decode($a,$b,$c) +function dol_html_entity_decode($a,$b,$c='UTF-8') { // We use @ to avoid warning on PHP4 that does not support entity decoding to UTF8; $ret=@html_entity_decode($a,$b,$c); @@ -3319,7 +3306,7 @@ function dol_html_entity_decode($a,$b,$c) * @param string $c Operand c * @return string String encoded */ -function dol_htmlentities($a,$b,$c) +function dol_htmlentities($a,$b,$c='UTF-8') { // We use @ to avoid warning on PHP4 that does not support entity decoding to UTF8; $ret=@htmlentities($a,$b,$c); diff --git a/htdocs/core/tpl/notes.tpl.php b/htdocs/core/tpl/notes.tpl.php index d0a10435c9f..7a5673950f8 100644 --- a/htdocs/core/tpl/notes.tpl.php +++ b/htdocs/core/tpl/notes.tpl.php @@ -19,8 +19,14 @@ $module = $object->element; $note_public = 'note_public'; $note_private = 'note'; -if ($module == 'propal') $module = 'propale'; -else if ($module == 'fichinter') { $module = 'ficheinter'; $note_private = 'note_private'; } +$colwidth=(empty($colwidth)?25:$colwidth); +$permission=$user->rights->$module->creer; + +// Special cases +if ($module == 'propal') { $module = 'propale'; } +elseif ($module == 'fichinter') { $module = 'ficheinter'; $note_private = 'note_private'; } +elseif ($module == 'invoice_supplier') { $permission=$user->rights->fournisseur->facture->creer; } +elseif ($module == 'order_supplier') { $permission=$user->rights->fournisseur->commande->creer; } if (! empty($conf->global->FCKEDITOR_ENABLE_SOCIETE)) $typeofdata='ckeditor:dolibarr_notes:100%:200:1:12:100'; else $typeofdata='textarea:12:100'; @@ -29,13 +35,13 @@ else $typeofdata='textarea:12:100';
-
editfieldkey("NotePublic",$note_public,$object->note_public,$object,$user->rights->$module->creer,$typeofdata); ?>
-
editfieldval("NotePublic",$note_public,$object->note_public,$object,$user->rights->$module->creer,$typeofdata); ?>
+
>editfieldkey("NotePublic",$note_public,$object->note_public,$object,$permission,$typeofdata); ?>
+
editfieldval("NotePublic",$note_public,$object->note_public,$object,$permission,$typeofdata); ?>
societe_id) { ?>
-
editfieldkey("NotePrivate",$note_private,$object->note_private,$object,$user->rights->$module->creer,$typeofdata); ?>
-
editfieldval("NotePrivate",$note_private,$object->note_private,$object,$user->rights->$module->creer,$typeofdata); ?>
+
>editfieldkey("NotePrivate",$note_private,$object->note_private,$object,$permission,$typeofdata); ?>
+
editfieldval("NotePrivate",$note_private,$object->note_private,$object,$permission,$typeofdata); ?>
diff --git a/htdocs/fichinter/fiche.php b/htdocs/fichinter/fiche.php index 06b899644c4..0d6806e6db3 100644 --- a/htdocs/fichinter/fiche.php +++ b/htdocs/fichinter/fiche.php @@ -207,7 +207,7 @@ else if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->fich { $object->fetch($id); $object->delete($user); - + Header('Location: '.DOL_URL_ROOT.'/fichinter/list.php?leftmenu=ficheinter'); exit; } @@ -221,13 +221,13 @@ else if ($action == 'setdescription' && $user->rights->ficheinter->creer) else if ($action == 'setnote_public' && $user->rights->ficheinter->creer) { $object->fetch($id); - $result=$object->update_note_public(GETPOST('note_public','alpha')); + $result=$object->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } else if ($action == 'setnote_private' && $user->rights->ficheinter->creer) { $object->fetch($id); - $result=$object->update_note(GETPOST('note_private','alpha')); + $result=$object->update_note(dol_html_entity_decode(GETPOST('note'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } @@ -366,13 +366,13 @@ else if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights-> exit; } $result=$objectline->deleteline(); - + if ($object->fetch($objectline->fk_fichinter) <= 0) { dol_print_error($db); exit; } - + // Define output language $outputlangs = $langs; $newlang=''; @@ -626,12 +626,12 @@ if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) if ($action == 'addcontact' && $user->rights->ficheinter->creer) { $result = $object->fetch($id); - + if ($result > 0 && $id > 0) { $result = $object->add_contact(GETPOST('contactid','int'), GETPOST('type','int'), GETPOST('source','alpha')); } - + if ($result >= 0) { Header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); @@ -650,7 +650,7 @@ if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) } } } - + // bascule du statut d'un contact else if ($action == 'swapstatut' && $user->rights->ficheinter->creer) { @@ -663,13 +663,13 @@ if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) dol_print_error($db); } } - + // Efface un contact else if ($action == 'deletecontact' && $user->rights->ficheinter->creer) { $object->fetch($id); $result = $object->delete_contact(GETPOST('lineid','int')); - + if ($result >= 0) { Header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); @@ -914,15 +914,15 @@ else if ($id > 0 || ! empty($ref)) // Statut print ''.$langs->trans("Status").''.$object->getLibStatut(4).''; - + print "
"; - + if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) { require_once(DOL_DOCUMENT_ROOT."/contact/class/contact.class.php"); require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'); $formcompany= new FormCompany($db); - + $blocname = 'contacts'; $title = $langs->trans('ContactsAddresses'); include(DOL_DOCUMENT_ROOT.'/core/tpl/bloc_showhide.tpl.php'); diff --git a/htdocs/fichinter/note.php b/htdocs/fichinter/note.php index a150e69573c..21559824223 100644 --- a/htdocs/fichinter/note.php +++ b/htdocs/fichinter/note.php @@ -46,14 +46,14 @@ $object = new Fichinter($db); if ($action == 'setnote_public' && $user->rights->ficheinter->creer) { $object->fetch($id); - $result=$object->update_note_public(GETPOST('note_public','alpha')); + $result=$object->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } else if ($action == 'setnote' && $user->rights->ficheinter->creer) { $object->fetch($id); - $result=$object->update_note(GETPOST('note','alpha')); + $result=$object->update_note(dol_html_entity_decode(GETPOST('note'), ENT_QUOTES)); if ($result < 0) dol_print_error($db,$object->error); } @@ -84,13 +84,13 @@ if ($id > 0) // Company print ''.$langs->trans('Company').''.$societe->getNomUrl(1).''; - + print ""; - + print '
'; - + include(DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'); - + print ''; } } diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index a3493d142f4..70d42add086 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -111,7 +111,7 @@ class CommandeFournisseur extends Commande $sql = "SELECT c.rowid, c.ref, c.date_creation, c.fk_soc, c.fk_user_author, c.fk_statut, c.amount_ht, c.total_ht, c.total_ttc, c.tva,"; $sql.= " c.localtax1, c.localtax2, "; $sql.= " c.date_commande as date_commande, c.fk_cond_reglement, c.fk_mode_reglement, c.fk_projet as fk_project, c.remise_percent, c.source, c.fk_methode_commande,"; - $sql.= " c.note, c.note_public, c.model_pdf,"; + $sql.= " c.note as note_private, c.note_public, c.model_pdf,"; $sql.= " cm.libelle as methode_commande,"; $sql.= " cr.code as cond_reglement_code, cr.libelle as cond_reglement_libelle,"; $sql.= " p.code as mode_reglement_code, p.libelle as mode_reglement_libelle"; @@ -162,7 +162,8 @@ class CommandeFournisseur extends Commande $this->mode_reglement_id = $obj->fk_mode_reglement; $this->mode_reglement_code = $obj->mode_reglement_code; $this->mode_reglement = $obj->mode_reglement_libelle; - $this->note = $obj->note; + $this->note = $obj->note_private; // deprecated + $this->note_private = $obj->note_private; $this->note_public = $obj->note_public; $this->modelpdf = $obj->model_pdf; @@ -271,7 +272,7 @@ class CommandeFournisseur extends Commande else { $this->error=$this->db->lasterror(); - dol_syslog("FournisseurCommande::log ".$this->error, LOG_ERR); + dol_syslog(get_class($this)."::log ".$this->error, LOG_ERR); return -1; } } @@ -1404,46 +1405,6 @@ class CommandeFournisseur extends Commande return 1; } - - /** - * Update notes - * - * @param User $user Object user - * @param string $note Private note - * @param string $note_public Public note - * @return int <0 if KO, >=0 if OK - * - * TODO Use instead update_note_public and update_note - */ - function UpdateNote($user, $note, $note_public) - { - // Clean parameters - $note=trim($note); - $note_public=trim($note_public); - - $result = 0; - - $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; - $sql.= " SET note ='".$this->db->escape($note)."',"; - $sql.= " note_public ='".$this->db->escape($note_public)."'"; - $sql.= " WHERE rowid = ".$this->id; - - dol_syslog(get_class($this)."::UpdateNote sql=".$sql); - $resql=$this->db->query($sql); - if ($resql) - { - $result = 0; - } - else - { - $this->error=$this->db->error(); - dol_syslog(get_class($this)."::UpdateNote ".$this->error, LOG_ERR); - $result = -1; - } - - return $result ; - } - /** * Tag order with a particular status * @@ -1462,7 +1423,7 @@ class CommandeFournisseur extends Commande $sql.= ' SET fk_statut='.$status; $sql.= ' WHERE rowid = '.$this->id; - dol_syslog("CommandeFournisseur::setStatus sql=".$sql); + dol_syslog(get_class($this)."::setStatus sql=".$sql); $resql = $this->db->query($sql); if ($resql) { @@ -1472,7 +1433,7 @@ class CommandeFournisseur extends Commande { $error++; $this->error=$this->db->lasterror(); - dol_syslog("CommandeFournisseur::setStatus ".$this->error); + dol_syslog(get_class($this)."::setStatus ".$this->error); } if (! $error) @@ -1505,7 +1466,7 @@ class CommandeFournisseur extends Commande */ function updateline($rowid, $desc, $pu, $qty, $remise_percent, $txtva, $txlocaltax1=0, $txlocaltax2=0, $price_base_type='HT', $info_bits=0, $type=0) { - dol_syslog("CommandeFournisseur::UpdateLine $rowid, $desc, $pu, $qty, $remise_percent, $txtva, $price_base_type, $info_bits, $type"); + dol_syslog(get_class($this)."::updateline $rowid, $desc, $pu, $qty, $remise_percent, $txtva, $price_base_type, $info_bits, $type"); include_once(DOL_DOCUMENT_ROOT.'/core/lib/price.lib.php'); if ($this->brouillon) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 73626bd389e..7aed32ad3b6 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -283,7 +283,7 @@ class FactureFournisseur extends Facture $sql.= " t.fk_projet,"; $sql.= " t.fk_cond_reglement,"; $sql.= " t.date_lim_reglement,"; - $sql.= " t.note,"; + $sql.= " t.note as note_private,"; $sql.= " t.note_public,"; $sql.= " t.model_pdf,"; $sql.= " t.import_key,"; @@ -336,7 +336,8 @@ class FactureFournisseur extends Facture $this->fk_project = $obj->fk_projet; $this->fk_cond_reglement = $obj->fk_cond_reglement; $this->date_echeance = $this->db->jdate($obj->date_lim_reglement); - $this->note = $obj->note; + $this->note = $obj->note_private; + $this->note_private = $obj->note_private; $this->note_public = $obj->note_public; $this->model_pdf = $obj->model_pdf; $this->import_key = $obj->import_key; diff --git a/htdocs/fourn/commande/note.php b/htdocs/fourn/commande/note.php index 9fa487512ee..a1cd6119a57 100644 --- a/htdocs/fourn/commande/note.php +++ b/htdocs/fourn/commande/note.php @@ -32,27 +32,31 @@ $langs->load("suppliers"); $langs->load("companies"); $langs->load('stocks'); +$id = GETPOST('facid','int')?GETPOST('facid','int'):GETPOST('id','int'); +$ref = GETPOST('ref'); +$action = GETPOST('action'); + // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'commande_fournisseur', $id,''); +$object = new CommandeFournisseur($db); +$object->fetch($id, $ref); + /* * Actions */ -if ($_POST["action"] == 'updatenote' && $user->rights->fournisseur->commande->creer) +if ($action == 'setnote_public' && $user->rights->fournisseur->commande->creer) { - $commande = new CommandeFournisseur($db); - $commande->fetch($_GET["id"]); - - $result = $commande->UpdateNote($user, $_POST["note"], $_POST["note_public"]); - if ($result >= 0) - { - Header("Location: note.php?id=".$_GET["id"]); - exit; - } + $result=$object->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); + if ($result < 0) dol_print_error($db,$object->error); +} +elseif ($action == 'setnote' && $user->rights->fournisseur->commande->creer) +{ + $result=$object->update_note(dol_html_entity_decode(GETPOST('note'), ENT_QUOTES)); + if ($result < 0) dol_print_error($db,$object->error); } @@ -72,21 +76,17 @@ $form = new Form($db); $now=dol_now(); -$id = $_GET['id']; -$ref= $_GET['ref']; if ($id > 0 || ! empty($ref)) { - $commande = new CommandeFournisseur($db); - $result=$commande->fetch($_GET["id"],$_GET['ref']); if ($result >= 0) { $soc = new Societe($db); - $soc->fetch($commande->socid); + $soc->fetch($object->socid); $author = new User($db); - $author->fetch($commande->user_author_id); + $author->fetch($object->user_author_id); - $head = ordersupplier_prepare_head($commande); + $head = ordersupplier_prepare_head($object); $title=$langs->trans("SupplierOrder"); dol_fiche_head($head, 'note', $title, 0, 'order'); @@ -95,16 +95,12 @@ if ($id > 0 || ! empty($ref)) /* * Commande */ - print '
'; - print ''; - print ''; - print ''; // Ref print ''; print ''; print ''; @@ -117,55 +113,36 @@ if ($id > 0 || ! empty($ref)) print ''; print ''; print '"; // Date - if ($commande->methode_commande_id > 0) + if ($object->methode_commande_id > 0) { print '"; - if ($commande->methode_commande) + if ($object->methode_commande) { - print ''; + print ''; } } - // Auteur + // Author print ''; print ''; print ''; - print ''; - print ''; - - if (! $user->societe_id) - { - print ''; - print ''; - } - print "
'.$langs->trans("Ref").''; - print $form->showrefnav($commande,'ref','',1,'ref','ref'); + print $form->showrefnav($object,'ref','',1,'ref','ref'); print '
'.$langs->trans("Status").''; - print $commande->getLibStatut(4); + print $object->getLibStatut(4); print "
'.$langs->trans("Date").''; - if ($commande->date_commande) + if ($object->date_commande) { - print dol_print_date($commande->date_commande,"dayhourtext")."\n"; + print dol_print_date($object->date_commande,"dayhourtext")."\n"; } print "
'.$langs->trans("Method").''.$commande->methode_commande.'
'.$langs->trans("Method").''.$object->methode_commande.'
'.$langs->trans("AuthorRequest").''.$author->getNomUrl(1).'
'.$langs->trans("NotePublic").''; - if ($user->rights->fournisseur->commande->creer) print ''; - print '
'.$langs->trans("NotePrivate").''; - if ($user->rights->fournisseur->commande->creer) print ''; - print '
"; - if ($user->rights->fournisseur->commande->creer) - { - print '

'; - } + print '
'; - print "
"; + $colwidth=20; + include(DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'); dol_fiche_end(); } @@ -178,7 +155,7 @@ if ($id > 0 || ! empty($ref)) } -$db->close(); - llxFooter(); + +$db->close(); ?> diff --git a/htdocs/fourn/facture/note.php b/htdocs/fourn/facture/note.php index 7522b527fdb..15cf608b99a 100644 --- a/htdocs/fourn/facture/note.php +++ b/htdocs/fourn/facture/note.php @@ -31,15 +31,16 @@ require_once(DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php'); $langs->load('bills'); $langs->load("companies"); -$facid = GETPOST('facid','int')?GETPOST('facid','int'):GETPOST('id','int'); +$id = GETPOST('facid','int')?GETPOST('facid','int'):GETPOST('id','int'); +$ref = GETPOST('ref'); $action = GETPOST('action'); // Security check if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'fournisseur', $facid, 'facture_fourn', 'facture'); +$result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture'); $object = new FactureFournisseur($db); -$object->fetch($facid); +$object->fetch($id,$ref); @@ -47,42 +48,20 @@ $object->fetch($facid); /* Actions */ /******************************************************************************/ -if ($action == 'update_public' && $user->rights->facture->creer) +if ($action == 'setnote_public' && $user->rights->fournisseur->facture->creer) { - $db->begin(); - - $res=$object->update_note_public($_POST["note_public"],$user); - if ($res < 0) - { - $mesg='
'.$object->error.'
'; - $db->rollback(); - } - else - { - $db->commit(); - } + $result=$object->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); + if ($result < 0) dol_print_error($db,$object->error); } - -if ($action == 'update' && $user->rights->fournisseur->facture->creer) +elseif ($action == 'setnote' && $user->rights->fournisseur->facture->creer) { - $db->begin(); - - $res=$object->update_note($_POST["note"],$user); - if ($res < 0) - { - $mesg='
'.$object->error.'
'; - $db->rollback(); - } - else - { - $db->commit(); - } + $result=$object->update_note(dol_html_entity_decode(GETPOST('note'), ENT_QUOTES)); + if ($result < 0) dol_print_error($db,$object->error); } // Set label if ($action == 'setlabel' && $user->rights->fournisseur->facture->creer) { - $object->fetch($facid); $object->label=$_POST['label']; $result=$object->update($user); if ($result < 0) dol_print_error($db); @@ -97,7 +76,7 @@ $form = new Form($db); llxHeader(); -if ($facid) +if ($id) { $object->fetch_thirdparty(); @@ -142,12 +121,12 @@ if ($facid) { print ' ('.$langs->transnoentities("InvoiceHasAvoir"); $i=0; - foreach($facidavoir as $id) + foreach($facidavoir as $fid) { if ($i==0) print ' '; else print ','; $facavoir=new FactureFournisseur($db); - $facavoir->fetch($id); + $facavoir->fetch($fid); print $facavoir->getNomUrl(1); } print ')'; @@ -165,65 +144,18 @@ if ($facid) print $form->editfieldval("Label",'label',$object->label,$object,0); print ''; - // Note public - print ''.$langs->trans("NotePublic").' :'; - print ''; - if ($_GET["action"] == 'edit') - { - print '
'; - print ''; - print ''; - print '
"; - print ''; - print '
'; - } - else - { - print ($object->note_public?nl2br($object->note_public):" "); - } - print ""; - - // Note private - if (! $user->societe_id) - { - print ''.$langs->trans("NotePrivate").' :'; - print ''; - if ($_GET["action"] == 'edit') - { - print '
'; - print ''; - print ''; - print '
"; - print ''; - print '
'; - } - else - { - print ($object->note?nl2br($object->note):" "); - } - print ""; - } - print ""; + print '
'; + + $colwidth=20; + include(DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'); + dol_fiche_end(); - - /* - * Buttons - */ - print '
'; - - if ($user->rights->fournisseur->facture->creer && $_GET["action"] <> 'edit') - { - print "id&action=edit\">".$langs->trans('Modify').""; - } - - print "
"; - - } -$db->close(); llxFooter(); + +$db->close(); ?> diff --git a/htdocs/projet/note.php b/htdocs/projet/note.php index 51493df8346..3e3807971d6 100644 --- a/htdocs/projet/note.php +++ b/htdocs/projet/note.php @@ -52,7 +52,7 @@ if ($action == 'update_public' && $user->rights->projet->creer) $db->begin(); - $res=$project->update_note_public($_POST["note_public"],$user); + $res=$project->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); if ($res < 0) { $mesg='
'.$project->error.'
'; @@ -71,7 +71,7 @@ if ($action == 'update_private' && $user->rights->projet->creer) $db->begin(); - $res=$project->update_note($_POST["note_private"],$user); + $res=$project->update_note(dol_html_entity_decode(GETPOST('note_private'), ENT_QUOTES)); if ($res < 0) { $mesg='
'.$project->error.'
'; diff --git a/htdocs/projet/tasks/note.php b/htdocs/projet/tasks/note.php index b22351ac2bd..4fbb5371599 100644 --- a/htdocs/projet/tasks/note.php +++ b/htdocs/projet/tasks/note.php @@ -54,7 +54,7 @@ if ($action == 'update_public' && $user->rights->projet->creer) $db->begin(); - $res=$task->update_note_public($_POST["note_public"],$user); + $res=$task->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); if ($res < 0) { $mesg='
'.$task->error.'
'; @@ -73,7 +73,7 @@ if ($action == 'update_private' && $user->rights->projet->creer) $db->begin(); - $res=$task->update_note($_POST["note_private"],$user); + $res=$task->update_note(dol_html_entity_decode(GETPOST('note_private'), ENT_QUOTES)); if ($res < 0) { $mesg='
'.$task->error.'
';