diff --git a/htdocs/core/boxes/box_factures_fourn.php b/htdocs/core/boxes/box_factures_fourn.php index 0be9d7bbd6f..1858a308756 100644 --- a/htdocs/core/boxes/box_factures_fourn.php +++ b/htdocs/core/boxes/box_factures_fourn.php @@ -133,7 +133,7 @@ class box_factures_fourn extends ModeleBoxes $thirdpartystatic->id = $objp->socid; $thirdpartystatic->name = $objp->name; - //$thirdpartystatic->name_alias = $objp->name_alias; + $thirdpartystatic->name_alias = $objp->name_alias; $thirdpartystatic->code_fournisseur = $objp->code_fournisseur; $thirdpartystatic->code_compta_fournisseur = $objp->code_compta_fournisseur; $thirdpartystatic->fournisseur = $objp->fournisseur; diff --git a/htdocs/core/boxes/box_factures_fourn_imp.php b/htdocs/core/boxes/box_factures_fourn_imp.php index b957e5bf0c1..d345f3d33b0 100644 --- a/htdocs/core/boxes/box_factures_fourn_imp.php +++ b/htdocs/core/boxes/box_factures_fourn_imp.php @@ -130,7 +130,7 @@ class box_factures_fourn_imp extends ModeleBoxes $thirdpartystatic->id = $objp->socid; $thirdpartystatic->name = $objp->name; - //$thirdpartystatic->name_alias = $objp->name_alias; + $thirdpartystatic->name_alias = $objp->name_alias; $thirdpartystatic->code_fournisseur = $objp->code_fournisseur; $thirdpartystatic->code_compta_fournisseur = $objp->code_compta_fournisseur; $thirdpartystatic->fournisseur = $objp->fournisseur; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 892c612428f..6a549c6e95b 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -672,25 +672,25 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = if (preg_match('/[^a-z0-9_\-\.,]+/i', $out)) $out = ''; } break; - case 'nohtml': + case 'nohtml': // No html $out = dol_string_nohtmltag($out, 0); break; - case 'alpha': // No html and no ../ and " replaced with '' + case 'alpha': // No html and no ../ and " case 'alphanohtml': // Recommended for most scalar parameters and search parameters if (!is_array($out)) { // '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '../' is dangerous because it allows dir transversals - $out = str_replace(array('"', '"'), "''", trim($out)); + $out = str_replace(array('"', '"'), '', trim($out)); $out = str_replace(array('../'), '', $out); // keep lines feed $out = dol_string_nohtmltag($out, 0); } break; - case 'alphawithlgt': // No " and no ../ but we keep < > tags + case 'alphawithlgt': // No " and no ../ but we keep < > tags. Can be used for email string like "Name " if (!is_array($out)) { // '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '../' is dangerous because it allows dir transversals - $out = str_replace(array('"', '"'), "", trim($out)); + $out = str_replace(array('"', '"'), '', trim($out)); $out = str_replace(array('../'), '', $out); } break; diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 198e814c0a6..24b35896498 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -656,10 +656,10 @@ if (empty($reshook)) if ($ret < 0) $error++; $dateinvoice = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); - $datedue = dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']); + $datedue = dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int')); // Replacement invoice - if ($_POST['type'] == FactureFournisseur::TYPE_REPLACEMENT) + if (GETPOST('type') == FactureFournisseur::TYPE_REPLACEMENT) { if (empty($dateinvoice)) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('DateInvoice')), null, 'errors'); @@ -713,7 +713,7 @@ if (empty($reshook)) } // Credit note invoice - if ($_POST['type'] == FactureFournisseur::TYPE_CREDIT_NOTE) + if (GETPOST('type') == FactureFournisseur::TYPE_CREDIT_NOTE) { $sourceinvoice = GETPOST('fac_avoir', 'int'); if (!($sourceinvoice > 0) && empty($conf->global->INVOICE_CREDIT_NOTE_STANDALONE)) @@ -837,7 +837,7 @@ if (empty($reshook)) } // Standard or deposit - if ($_POST['type'] == FactureFournisseur::TYPE_STANDARD || $_POST['type'] == FactureFournisseur::TYPE_DEPOSIT) + if (GETPOST('type') == FactureFournisseur::TYPE_STANDARD || GETPOST('type') == FactureFournisseur::TYPE_DEPOSIT) { if (GETPOST('socid', 'int') < 1) { @@ -869,11 +869,12 @@ if (empty($reshook)) { $tmpproject = GETPOST('projectid', 'int'); - // Creation facture - $object->ref = $_POST['ref']; - $object->ref_supplier = $_POST['ref_supplier']; - $object->socid = $_POST['socid']; - $object->libelle = $_POST['label']; + // Creation invoice + $object->ref = GETPOST('ref', 'nohtml'); + $object->ref_supplier = GETPOST('ref_supplier', 'nohtml'); + $object->socid = GETPOST('socid', 'int'); + $object->libelle = GETPOST('label', 'nohtml'); // deprecated + $object->label = GETPOST('label', 'nohtml'); $object->date = $dateinvoice; $object->date_echeance = $datedue; $object->note_public = GETPOST('note_public', 'restricthtml'); @@ -894,7 +895,7 @@ if (empty($reshook)) $object->fetch_thirdparty(); // If creation from another object of another module - if (!$error && $_POST['origin'] && $_POST['originid']) + if (!$error && GETPOST('origin', 'alpha') && GETPOST('originid')) { // Parse element/subelement (ex: project_task) $element = $subelement = GETPOST('origin', 'alpha'); @@ -1385,7 +1386,9 @@ if (empty($reshook)) $fk_unit = GETPOST('units', 'alpha'); - $tva_tx = price2num($tva_tx); // When vat is text input field + if (!preg_match('/\((.*)\)/', $tva_tx)) { + $tva_tx = price2num($tva_tx); // $txtva can have format '5,1' or '5.1' or '5.1(XXX)', we must clean only if '5,1' + } // Local Taxes $localtax1_tx = get_localtax($tva_tx, 1, $mysoc, $object->thirdparty); diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 4d3aaafc4e5..8db50076bbf 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -339,6 +339,7 @@ foreach ($search as $key => $val) } if ($search['fk_statut'] == 'openall' || in_array('openall', $search['fk_statut'])) { $newarrayofstatus[] = Ticket::STATUS_NOT_READ; + $newarrayofstatus[] = Ticket::STATUS_READ; $newarrayofstatus[] = Ticket::STATUS_ASSIGNED; $newarrayofstatus[] = Ticket::STATUS_IN_PROGRESS; $newarrayofstatus[] = Ticket::STATUS_NEED_MORE_INFO;