From d3cbcedce302e2845d0be253c659948e324f288a Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Fri, 15 Jan 2021 09:55:42 +0100 Subject: [PATCH 1/5] FIX 12.0 (ticket) - the "openall" filter on the ticket list does not include tickets with status READ --- htdocs/ticket/list.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 90cd1fd1ec9..def67225f6a 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -346,11 +346,12 @@ foreach ($search as $key => $val) $newarrayofstatus[] = $val2; } if ($search['fk_statut'] == 'openall' || in_array('openall', $search['fk_statut'])) { - $newarrayofstatus[] = Ticket::STATUS_NOT_READ; - $newarrayofstatus[] = Ticket::STATUS_ASSIGNED; - $newarrayofstatus[] = Ticket::STATUS_IN_PROGRESS; - $newarrayofstatus[] = Ticket::STATUS_NEED_MORE_INFO; - $newarrayofstatus[] = Ticket::STATUS_WAITING; + $newarrayofstatus[] = Ticket::STATUS_NOT_READ; + $newarrayofstatus[] = Ticket::STATUS_READ; + $newarrayofstatus[] = Ticket::STATUS_ASSIGNED; + $newarrayofstatus[] = Ticket::STATUS_IN_PROGRESS; + $newarrayofstatus[] = Ticket::STATUS_NEED_MORE_INFO; + $newarrayofstatus[] = Ticket::STATUS_WAITING; } if ($search['fk_statut'] == 'closeall' || in_array('closeall', $search['fk_statut'])) { $newarrayofstatus[] = Ticket::STATUS_CLOSED; From ea266c1f2d5513ff8a51e25fea3e71c3d9526f1d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 15 Jan 2021 17:59:08 +0100 Subject: [PATCH 2/5] Fix missing alias --- htdocs/core/boxes/box_factures_fourn.php | 2 +- htdocs/core/boxes/box_factures_fourn_imp.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/boxes/box_factures_fourn.php b/htdocs/core/boxes/box_factures_fourn.php index d3c1ccd9017..26f24d41ab3 100644 --- a/htdocs/core/boxes/box_factures_fourn.php +++ b/htdocs/core/boxes/box_factures_fourn.php @@ -133,7 +133,7 @@ class box_factures_fourn extends ModeleBoxes $thirdpartystatic->id = $objp->socid; $thirdpartystatic->name = $objp->name; - //$thirdpartystatic->name_alias = $objp->name_alias; + $thirdpartystatic->name_alias = $objp->name_alias; $thirdpartystatic->code_fournisseur = $objp->code_fournisseur; $thirdpartystatic->code_compta_fournisseur = $objp->code_compta_fournisseur; $thirdpartystatic->fournisseur = $objp->fournisseur; diff --git a/htdocs/core/boxes/box_factures_fourn_imp.php b/htdocs/core/boxes/box_factures_fourn_imp.php index b957e5bf0c1..d345f3d33b0 100644 --- a/htdocs/core/boxes/box_factures_fourn_imp.php +++ b/htdocs/core/boxes/box_factures_fourn_imp.php @@ -130,7 +130,7 @@ class box_factures_fourn_imp extends ModeleBoxes $thirdpartystatic->id = $objp->socid; $thirdpartystatic->name = $objp->name; - //$thirdpartystatic->name_alias = $objp->name_alias; + $thirdpartystatic->name_alias = $objp->name_alias; $thirdpartystatic->code_fournisseur = $objp->code_fournisseur; $thirdpartystatic->code_compta_fournisseur = $objp->code_compta_fournisseur; $thirdpartystatic->fournisseur = $objp->fournisseur; From 80ed651c5ef2196277ff2e2031bbf27ace416347 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 15 Jan 2021 19:23:56 +0100 Subject: [PATCH 3/5] Fix GETPOST --- htdocs/core/lib/functions.lib.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index b1c1cfb59f5..11dad21f25e 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -672,15 +672,15 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = if (preg_match('/[^a-z0-9_\-\.,]+/i', $out)) $out = ''; } break; - case 'nohtml': + case 'nohtml': // No html $out = dol_string_nohtmltag($out, 0); break; - case 'alpha': // No html and no ../ and " replaced with '' + case 'alpha': // No html and no ../ and " case 'alphanohtml': // Recommended for most scalar parameters and search parameters if (!is_array($out)) { // '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '../' is dangerous because it allows dir transversals - $out = str_replace(array('"', '"'), "''", trim($out)); + $out = str_replace(array('"', '"'), '', trim($out)); $out = str_replace(array('../'), '', $out); // keep lines feed $out = dol_string_nohtmltag($out, 0); @@ -690,7 +690,7 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = if (!is_array($out)) { // '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '../' is dangerous because it allows dir transversals - $out = str_replace(array('"', '"'), "", trim($out)); + $out = str_replace(array('"', '"'), '', trim($out)); $out = str_replace(array('../'), '', $out); } break; From d36c406074b93d3fb6fe48aabdd7e15d956cb620 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 15 Jan 2021 19:24:53 +0100 Subject: [PATCH 4/5] Code comment --- htdocs/core/lib/functions.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 11dad21f25e..efdadbe94ec 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -686,7 +686,7 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = $out = dol_string_nohtmltag($out, 0); } break; - case 'alphawithlgt': // No " and no ../ but we keep < > tags + case 'alphawithlgt': // No " and no ../ but we keep < > tags. Can be used for email string like "Name " if (!is_array($out)) { // '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '../' is dangerous because it allows dir transversals From 7d37183f2167500d7d0d6ab64aad8ea5233b95fe Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 15 Jan 2021 19:43:02 +0100 Subject: [PATCH 5/5] FIX Pb with VAT code when VAT code contains a number --- htdocs/fourn/facture/card.php | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index ae708da80d5..00e0e33ea1e 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -656,10 +656,10 @@ if (empty($reshook)) if ($ret < 0) $error++; $datefacture = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); - $datedue = dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']); + $datedue = dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int')); // Replacement invoice - if ($_POST['type'] == FactureFournisseur::TYPE_REPLACEMENT) + if (GETPOST('type') == FactureFournisseur::TYPE_REPLACEMENT) { if ($datefacture == '') { @@ -709,7 +709,7 @@ if (empty($reshook)) } // Credit note invoice - if ($_POST['type'] == FactureFournisseur::TYPE_CREDIT_NOTE) + if (GETPOST('type') == FactureFournisseur::TYPE_CREDIT_NOTE) { $sourceinvoice = GETPOST('fac_avoir', 'int'); if (!($sourceinvoice > 0) && empty($conf->global->INVOICE_CREDIT_NOTE_STANDALONE)) @@ -828,7 +828,7 @@ if (empty($reshook)) } // Standard or deposit - if ($_POST['type'] == FactureFournisseur::TYPE_STANDARD || $_POST['type'] == FactureFournisseur::TYPE_DEPOSIT) + if (GETPOST('type') == FactureFournisseur::TYPE_STANDARD || GETPOST('type') == FactureFournisseur::TYPE_DEPOSIT) { if (GETPOST('socid', 'int') < 1) { @@ -857,10 +857,10 @@ if (empty($reshook)) $tmpproject = GETPOST('projectid', 'int'); // Creation facture - $object->ref = $_POST['ref']; - $object->ref_supplier = $_POST['ref_supplier']; - $object->socid = $_POST['socid']; - $object->libelle = $_POST['label']; + $object->ref = GETPOST('ref', 'nohtml'); + $object->ref_supplier = GETPOST('ref_supplier', 'nohtml'); + $object->socid = GETPOST('socid', 'int'); + $object->libelle = GETPOST('label', 'nohtml'); $object->date = $datefacture; $object->date_echeance = $datedue; $object->note_public = GETPOST('note_public', 'restricthtml'); @@ -881,7 +881,7 @@ if (empty($reshook)) $object->fetch_thirdparty(); // If creation from another object of another module - if (!$error && $_POST['origin'] && $_POST['originid']) + if (!$error && GETPOST('origin', 'alpha') && GETPOST('originid')) { // Parse element/subelement (ex: project_task) $element = $subelement = GETPOST('origin', 'alpha'); @@ -1367,7 +1367,9 @@ if (empty($reshook)) $fk_unit = GETPOST('units', 'alpha'); - $tva_tx = price2num($tva_tx); // When vat is text input field + if (!preg_match('/\((.*)\)/', $tva_tx)) { + $tva_tx = price2num($tva_tx); // $txtva can have format '5,1' or '5.1' or '5.1(XXX)', we must clean only if '5,1' + } // Local Taxes $localtax1_tx = get_localtax($tva_tx, 1, $mysoc, $object->thirdparty);