diff --git a/ChangeLog b/ChangeLog index 0dd8fde43d7..3b7763daebe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,7 +35,7 @@ NEW: Font param Look and Feel THEME_FONT_FAMILY (#29302) NEW: Param to show main menu logo in color (#29305) NEW: #27048 add form to globally set "VARIANT_ALLOW_STOCK_MOVEMENT_ON_VARIANT_PARENT" variable (#27049) NEW: #29274 Add possibility to have different mail for autocopy for holiday (#29275) -NEW: WebPortal module +NEW: Module WebPortal experimental NEW: Module Bookcal is now experimental (TimeZone not yet supported) NEW: #24031 add option MAIN_GRANDTOTAL_LIST_SHOW to always show grand total to lists (#27247) NEW: #28070 Adding mobile phone to thirdparty diff --git a/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php b/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php index 6a6e00b65ed..01957c93456 100644 --- a/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php +++ b/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php @@ -316,7 +316,7 @@ class FormAdvTargetEmailing extends Form // We have to join on extrafield table if (strpos($InfoFieldList[3], 'extra') !== false) { $sql .= ' as main, '.$this->db->sanitize(MAIN_DB_PREFIX.$InfoFieldList[0]).'_extrafields as extra'; - $sql .= " WHERE extra.fk_object=main.".$this->db->sanitize(empty($InfoFieldList[2]) ? 'rowid' : $InfoFieldList[2]); + $sql .= " WHERE extra.fk_object = main.".$this->db->sanitize(empty($InfoFieldList[2]) ? 'rowid' : $InfoFieldList[2]); $sql .= " AND ".forgeSQLFromUniversalSearchCriteria($InfoFieldList[3], $errorstr, 1); } else { $sql .= " WHERE ".forgeSQLFromUniversalSearchCriteria($InfoFieldList[3], $errorstr, 1); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 666cdcb884b..169c863a5cd 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7669,6 +7669,14 @@ abstract class CommonObject $InfoFieldList = array_merge($InfoFieldList, explode(':', $tmpafter)); } //var_dump($InfoFieldList); + + // Fix better compatibility with some old extrafield syntax filter "(field=123)" + $reg = array(); + if (preg_match('/^\(?([a-z0-9]+)([=<>]+)(\d+)\)?$/i', $InfoFieldList[4], $reg)) { + $InfoFieldList[4] = '('.$reg[1].':'.$reg[2].':'.$reg[3].')'; + } + + //var_dump($InfoFieldList); } //$Usf = empty($paramoptions[1]) ? '' :$paramoptions[1]; @@ -7724,8 +7732,8 @@ abstract class CommonObject // We have to join on extrafield table $errstr = ''; if (strpos($InfoFieldList[4], 'extra') !== false) { - $sql .= " as main, " . $this->db->prefix() . $InfoFieldList[0] . "_extrafields as extra"; - $sqlwhere .= " WHERE extra.fk_object = main." . $InfoFieldList[2]; + $sql .= " as main, " . $this->db->sanitize($this->db->prefix() . $InfoFieldList[0]) . "_extrafields as extra"; + $sqlwhere .= " WHERE extra.fk_object = main." . $this->db->sanitize($InfoFieldList[2]); $sqlwhere .= " AND " . forgeSQLFromUniversalSearchCriteria($InfoFieldList[4], $errstr, 1); } else { $sqlwhere .= " WHERE " . forgeSQLFromUniversalSearchCriteria($InfoFieldList[4], $errstr, 1); @@ -7734,7 +7742,7 @@ abstract class CommonObject $sqlwhere .= ' WHERE 1=1'; } - // Add Usf filter + // Add Usf filter on second line /* if ($Usf) { $errorstr = ''; @@ -7893,6 +7901,13 @@ abstract class CommonObject if ($tmpafter !== '') { $InfoFieldList = array_merge($InfoFieldList, explode(':', $tmpafter)); } + + // Fix better compatibility with some old extrafield syntax filter "(field=123)" + $reg = array(); + if (preg_match('/^\(?([a-z0-9]+)([=<>]+)(\d+)\)?$/i', $InfoFieldList[4], $reg)) { + $InfoFieldList[4] = '('.$reg[1].':'.$reg[2].':'.$reg[3].')'; + } + //var_dump($InfoFieldList); } @@ -7950,9 +7965,11 @@ abstract class CommonObject } // We have to join on extrafield table + $errstr = ''; if (strpos($InfoFieldList[4], 'extra') !== false) { - $sql .= ' as main, ' . $this->db->prefix() . $InfoFieldList[0] . '_extrafields as extra'; - $sqlwhere .= " WHERE extra.fk_object = main." . $InfoFieldList[2] . " AND " . $InfoFieldList[4]; + $sql .= ' as main, ' . $this->db->sanitize($this->db->prefix() . $InfoFieldList[0]) . '_extrafields as extra'; + $sqlwhere .= " WHERE extra.fk_object = main." . $this->db->sanitize($InfoFieldList[2]); + $sqlwhere .= " AND " . $InfoFieldList[4]; } else { $sqlwhere .= " WHERE " . $InfoFieldList[4]; } diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index a7e3abf00f2..9a4234b7220 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1347,7 +1347,7 @@ class ExtraFields // If there is a filter, we extract it by taking all content inside parenthesis. if (! empty($InfoFieldList[4])) { - $pos = 0; + $pos = 0; // $pos will be position of ending filter $parenthesisopen = 0; while (substr($InfoFieldList[4], $pos, 1) !== '' && ($parenthesisopen || $pos == 0 || substr($InfoFieldList[4], $pos, 1) != ':')) { if (substr($InfoFieldList[4], $pos, 1) == '(') { @@ -1365,6 +1365,13 @@ class ExtraFields if ($tmpafter !== '') { $InfoFieldList = array_merge($InfoFieldList, explode(':', $tmpafter)); } + + // Fix better compatibility with some old extrafield syntax filter "(field=123)" + $reg = array(); + if (preg_match('/^\(?([a-z0-9]+)([=<>]+)(\d+)\)?$/i', $InfoFieldList[4], $reg)) { + $InfoFieldList[4] = '('.$reg[1].':'.$reg[2].':'.$reg[3].')'; + } + //var_dump($InfoFieldList); } @@ -1421,14 +1428,15 @@ class ExtraFields } else { $InfoFieldList[4] = str_replace('$ID$', '0', $InfoFieldList[4]); } - //We have to join on extrafield table + + // We have to join on extrafield table $errstr = ''; if (strpos($InfoFieldList[4], 'extra.') !== false) { - $sql .= ' as main, '.$this->db->prefix().$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= " WHERE extra.fk_object = main.".$InfoFieldList[2]." AND ".$InfoFieldList[4]; + $sql .= ' as main, '.$this->db->sanitize($this->db->prefix().$InfoFieldList[0]).'_extrafields as extra'; + $sqlwhere .= " WHERE extra.fk_object = main.".$this->db->sanitize($InfoFieldList[2]); $sqlwhere .= " AND " . forgeSQLFromUniversalSearchCriteria($InfoFieldList[4], $errstr, 1); } else { - $sqlwhere .= " AND " . forgeSQLFromUniversalSearchCriteria($InfoFieldList[4], $errstr, 1); + $sqlwhere .= " WHERE " . forgeSQLFromUniversalSearchCriteria($InfoFieldList[4], $errstr, 1); } } else { $sqlwhere .= ' WHERE 1=1'; @@ -1582,6 +1590,13 @@ class ExtraFields if ($tmpafter !== '') { $InfoFieldList = array_merge($InfoFieldList, explode(':', $tmpafter)); } + + // Fix better compatibility with some old extrafield syntax filter "(field=123)" + $reg = array(); + if (preg_match('/^\(?([a-z0-9]+)([=<>]+)(\d+)\)?$/i', $InfoFieldList[4], $reg)) { + $InfoFieldList[4] = '('.$reg[1].':'.$reg[2].':'.$reg[3].')'; + } + //var_dump($InfoFieldList); } @@ -1690,8 +1705,8 @@ class ExtraFields // We have to join on extrafield table $errstr = ''; if (strpos($InfoFieldList[4], 'extra.') !== false) { - $sql .= ' as main, '.$this->db->prefix().$InfoFieldList[0].'_extrafields as extra'; - $sqlwhere .= " WHERE extra.fk_object = main.".$InfoFieldList[2]; + $sql .= ' as main, '.$this->db->sanitize($this->db->prefix().$InfoFieldList[0]).'_extrafields as extra'; + $sqlwhere .= " WHERE extra.fk_object = main.".$this->db->sanitize($InfoFieldList[2]); $sqlwhere .= " AND " . forgeSQLFromUniversalSearchCriteria($InfoFieldList[4], $errstr, 1); } else { $sqlwhere .= " WHERE " . forgeSQLFromUniversalSearchCriteria($InfoFieldList[4], $errstr, 1); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index bc80a8f1ddc..8de311f1134 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -10272,7 +10272,7 @@ function dol_osencode($str) * Store also Code-Id into a cache to speed up next request on same table and key. * * @param DoliDB $db Database handler - * @param string $key Code or Id to get Id or Code + * @param string|int $key Code (string) or Id (int) to get Id or Code * @param string $tablename Table name without prefix * @param string $fieldkey Field to search the key into * @param string $fieldid Field to get @@ -13522,6 +13522,7 @@ function forgeSQLFromUniversalSearchCriteria($filter, &$errorstr = '', $noand = if ($noerror) { return '1 = 2'; } else { + dol_syslog("forgeSQLFromUniversalSearchCriteria Filter error - ".$errorstr, LOG_WARNING); return 'Filter error - '.$tmperrorstr; // Bad syntax of the search string, we return an error message or force a SQL not found } } diff --git a/htdocs/public/webportal/webportal.main.inc.php b/htdocs/public/webportal/webportal.main.inc.php index 1f625f03e7b..8a0b647a34c 100644 --- a/htdocs/public/webportal/webportal.main.inc.php +++ b/htdocs/public/webportal/webportal.main.inc.php @@ -255,7 +255,7 @@ if (!defined('WEBPORTAL_NOLOGIN') && !empty($context->controllerInstance->access $context->setEventMessage($error_msg, 'errors'); } - if (!$error) { + if (!$error && $logged_member->id > 0) { // get partnership $logged_partnership = new WebPortalPartnership($db); // @phan-suppress-next-line PhanPluginSuspiciousParamPosition diff --git a/htdocs/societe/website.php b/htdocs/societe/website.php index c8d531fd811..2c11655ae1c 100644 --- a/htdocs/societe/website.php +++ b/htdocs/societe/website.php @@ -329,7 +329,7 @@ llxHeader('', $title); $arrayofselected = is_array($toselect) ? $toselect : array(); -$param = ''; +$param = 'id='.$object->id; if (!empty($mode)) { $param .= '&mode='.urlencode($mode); }