From 444fce0bd9ccecef83a3dbbb8ed2704efcbd264d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 11 Mar 2016 18:34:05 +0100 Subject: [PATCH 1/5] Prepare 3.7.4 --- ChangeLog | 17 +++++++++++++++++ htdocs/filefunc.inc.php | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ce76d999605..b28b5a4be64 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,23 @@ Upgrading to any other version or database system is abolutely required BEFORE t make a Dolibarr upgrade. +***** ChangeLog for 3.7.4 compared to 3.7.3 ***** +FIX: #3694 +FIX: #4239 +FIX: #4291 Correctly filter external calendar GETPOSTs +FIX: #4341 +FIX: #4414 Supplier invoices use FAC_FORCE_DATE_VALIDATION client invoices property +FIX: #4440 Wrong price is filled by Product::fetch into multiprices arrays +FIX: add missing global def for ttc column +FIX: Contrat card don't consider user permissions to show active/unactive service button +FIX: CVE CVE-2015-8685 +FIX: Email templates not compatible with Multicompany +Fix: for avoid division by 0 +FIX: ISSUE #4506 : make working the PROPAL_CLONE_ON_CREATE_PAGE hidden constant +FIX: $outputlangs is not defined (dolibarr 3.7, 3.8, 3.9) +FIX: sql injection even when code is on several lines +FIX: The third dashboard don't consider user permissions + ***** ChangeLog for 3.7.3 compared to 3.7.2 ***** FIX: #3734 Do not show empty links of deleted source objects in stock movement list FIX: #3890 Expected transactions bank account page, shows negative numbers diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index fc909577415..66b0582b17b 100644 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -29,7 +29,7 @@ * \brief File that include conf.php file and commons lib like functions.lib.php */ -if (! defined('DOL_VERSION')) define('DOL_VERSION','3.7.3'); +if (! defined('DOL_VERSION')) define('DOL_VERSION','3.7.4'); if (! defined('EURO')) define('EURO',chr(128)); // Define syslog constants From 52d88db5c3e9565fa4a3074ef9353916c81bb293 Mon Sep 17 00:00:00 2001 From: fmarcet Date: Tue, 29 Dec 2015 10:35:10 +0100 Subject: [PATCH 2/5] FIX: Email templates not compatible with Multicompany Conflicts: htdocs/admin/dict.php --- htdocs/admin/dict.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 8c751f42980..501e1d242bf 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -165,7 +165,7 @@ $tabsql[21]= "SELECT c.rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX $tabsql[22]= "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_input_reason"; $tabsql[23]= "SELECT t.rowid as rowid, t.taux, c.label as country, c.code as country_code, t.fk_pays as country_id, t.note, t.active, t.accountancy_code_sell, t.accountancy_code_buy FROM ".MAIN_DB_PREFIX."c_revenuestamp as t, ".MAIN_DB_PREFIX."c_country as c WHERE t.fk_pays=c.rowid"; $tabsql[24]= "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_type_resource"; -$tabsql[25]= "SELECT rowid as rowid, label, type_template, private, position, topic, content, active FROM ".MAIN_DB_PREFIX."c_email_templates"; +$tabsql[25]= "SELECT rowid as rowid, label, type_template, private, position, topic, content, active FROM ".MAIN_DB_PREFIX."c_email_templates WHERE entity = ".$conf->entity; $tabsql[26]= "SELECT rowid as rowid, code, label, short_label, active FROM ".MAIN_DB_PREFIX."c_units"; $tabsql[27]= "SELECT id as rowid, code, libelle, active FROM ".MAIN_DB_PREFIX."c_stcomm"; $tabsql[28]= "SELECT h.rowid as rowid, h.code, h.label, h.delay, h.newByMonth, h.fk_country as country_id, c.code as country_code, c.label as country, h.active FROM ".MAIN_DB_PREFIX."c_holiday_types as h LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON h.fk_country=c.rowid"; @@ -293,7 +293,7 @@ $tabfieldinsert[21]= "code,label"; $tabfieldinsert[22]= "code,label"; $tabfieldinsert[23]= "fk_pays,taux,accountancy_code_sell,accountancy_code_buy,note"; $tabfieldinsert[24]= "code,label"; -$tabfieldinsert[25]= "label,type_template,position,topic,content"; +$tabfieldinsert[25]= "label,type_template,private,position,topic,content,entity"; $tabfieldinsert[26]= "code,label,short_label"; $tabfieldinsert[27]= "code,libelle"; $tabfieldinsert[28]= "code,label,delay,newByMonth,fk_country"; From e2b4d39292de9daf9f65489faa6d951e7239acb0 Mon Sep 17 00:00:00 2001 From: fmarcet Date: Tue, 29 Dec 2015 11:22:18 +0100 Subject: [PATCH 3/5] FIX: Email templates not compatible with Multicompany Conflicts: htdocs/admin/dict.php --- htdocs/admin/dict.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 501e1d242bf..6bb26854e14 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -165,7 +165,7 @@ $tabsql[21]= "SELECT c.rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX $tabsql[22]= "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_input_reason"; $tabsql[23]= "SELECT t.rowid as rowid, t.taux, c.label as country, c.code as country_code, t.fk_pays as country_id, t.note, t.active, t.accountancy_code_sell, t.accountancy_code_buy FROM ".MAIN_DB_PREFIX."c_revenuestamp as t, ".MAIN_DB_PREFIX."c_country as c WHERE t.fk_pays=c.rowid"; $tabsql[24]= "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_type_resource"; -$tabsql[25]= "SELECT rowid as rowid, label, type_template, private, position, topic, content, active FROM ".MAIN_DB_PREFIX."c_email_templates WHERE entity = ".$conf->entity; +$tabsql[25]= "SELECT rowid as rowid, label, type_template, private, position, topic, content, active FROM ".MAIN_DB_PREFIX."c_email_templates WHERE entity = ".getEntity('email_template',1); $tabsql[26]= "SELECT rowid as rowid, code, label, short_label, active FROM ".MAIN_DB_PREFIX."c_units"; $tabsql[27]= "SELECT id as rowid, code, libelle, active FROM ".MAIN_DB_PREFIX."c_stcomm"; $tabsql[28]= "SELECT h.rowid as rowid, h.code, h.label, h.delay, h.newByMonth, h.fk_country as country_id, c.code as country_code, c.label as country, h.active FROM ".MAIN_DB_PREFIX."c_holiday_types as h LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON h.fk_country=c.rowid"; From 84e5c8b437ebeee7afea8f9c609eb457ba4b876f Mon Sep 17 00:00:00 2001 From: fmarcet Date: Mon, 4 Jan 2016 09:12:27 +0100 Subject: [PATCH 4/5] FIX: Email templates not compatible with Multicompany Conflicts: htdocs/admin/dict.php --- htdocs/admin/dict.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 6bb26854e14..0357bd02b6d 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -165,7 +165,7 @@ $tabsql[21]= "SELECT c.rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX $tabsql[22]= "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_input_reason"; $tabsql[23]= "SELECT t.rowid as rowid, t.taux, c.label as country, c.code as country_code, t.fk_pays as country_id, t.note, t.active, t.accountancy_code_sell, t.accountancy_code_buy FROM ".MAIN_DB_PREFIX."c_revenuestamp as t, ".MAIN_DB_PREFIX."c_country as c WHERE t.fk_pays=c.rowid"; $tabsql[24]= "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_type_resource"; -$tabsql[25]= "SELECT rowid as rowid, label, type_template, private, position, topic, content, active FROM ".MAIN_DB_PREFIX."c_email_templates WHERE entity = ".getEntity('email_template',1); +$tabsql[25]= "SELECT rowid as rowid, label, type_template, private, position, topic, content, active FROM ".MAIN_DB_PREFIX."c_email_templates WHERE entity IN ".getEntity('email_template',1); $tabsql[26]= "SELECT rowid as rowid, code, label, short_label, active FROM ".MAIN_DB_PREFIX."c_units"; $tabsql[27]= "SELECT id as rowid, code, libelle, active FROM ".MAIN_DB_PREFIX."c_stcomm"; $tabsql[28]= "SELECT h.rowid as rowid, h.code, h.label, h.delay, h.newByMonth, h.fk_country as country_id, c.code as country_code, c.label as country, h.active FROM ".MAIN_DB_PREFIX."c_holiday_types as h LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON h.fk_country=c.rowid"; From b8bc881e5af2a40702901fa42905de07a16ef808 Mon Sep 17 00:00:00 2001 From: fmarcet Date: Thu, 7 Jan 2016 08:18:36 +0100 Subject: [PATCH 5/5] FIX: Email templates not compatible with Multicompany Conflicts: htdocs/admin/dict.php --- htdocs/admin/dict.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 0357bd02b6d..9af2b3fe0af 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -165,7 +165,7 @@ $tabsql[21]= "SELECT c.rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX $tabsql[22]= "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_input_reason"; $tabsql[23]= "SELECT t.rowid as rowid, t.taux, c.label as country, c.code as country_code, t.fk_pays as country_id, t.note, t.active, t.accountancy_code_sell, t.accountancy_code_buy FROM ".MAIN_DB_PREFIX."c_revenuestamp as t, ".MAIN_DB_PREFIX."c_country as c WHERE t.fk_pays=c.rowid"; $tabsql[24]= "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_type_resource"; -$tabsql[25]= "SELECT rowid as rowid, label, type_template, private, position, topic, content, active FROM ".MAIN_DB_PREFIX."c_email_templates WHERE entity IN ".getEntity('email_template',1); +$tabsql[25]= "SELECT rowid as rowid, label, type_template, private, position, topic, content, active FROM ".MAIN_DB_PREFIX."c_email_templates WHERE entity IN (".getEntity('email_template',1).")"; $tabsql[26]= "SELECT rowid as rowid, code, label, short_label, active FROM ".MAIN_DB_PREFIX."c_units"; $tabsql[27]= "SELECT id as rowid, code, libelle, active FROM ".MAIN_DB_PREFIX."c_stcomm"; $tabsql[28]= "SELECT h.rowid as rowid, h.code, h.label, h.delay, h.newByMonth, h.fk_country as country_id, c.code as country_code, c.label as country, h.active FROM ".MAIN_DB_PREFIX."c_holiday_types as h LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON h.fk_country=c.rowid";