forked from Wavyzz/dolibarr
Merge branch '6.0' of git@github.com:Dolibarr/dolibarr.git into develop
Conflicts: htdocs/contact/list.php htdocs/societe/list.php
This commit is contained in:
Laurent Destailleur
@@ -107,7 +107,7 @@ class AccountancySystem
|
|||||||
|
|
||||||
$sql = "INSERT INTO " . MAIN_DB_PREFIX . "accounting_system";
|
$sql = "INSERT INTO " . MAIN_DB_PREFIX . "accounting_system";
|
||||||
$sql .= " (date_creation, fk_user_author, numero, label)";
|
$sql .= " (date_creation, fk_user_author, numero, label)";
|
||||||
$sql .= " VALUES (" . $this->db->idate($now) . "," . $user->id . ",'" . $this->numero . "','" . $this->label . "')";
|
$sql .= " VALUES ('" . $this->db->idate($now) . "'," . $user->id . ",'" . $this->numero . "','" . $this->label . "')";
|
||||||
|
|
||||||
dol_syslog(get_class($this) . "::create sql=" . $sql, LOG_DEBUG);
|
dol_syslog(get_class($this) . "::create sql=" . $sql, LOG_DEBUG);
|
||||||
$resql = $this->db->query($sql);
|
$resql = $this->db->query($sql);
|
||||||
|
|||||||
@@ -124,7 +124,7 @@ class AdvanceTargetingMailing extends CommonObject
|
|||||||
$sql.= " ".(! isset($this->fk_mailing)?'NULL':"'".$this->fk_mailing."'").",";
|
$sql.= " ".(! isset($this->fk_mailing)?'NULL':"'".$this->fk_mailing."'").",";
|
||||||
$sql.= " ".(! isset($this->filtervalue)?'NULL':"'".$this->db->escape($this->filtervalue)."'").",";
|
$sql.= " ".(! isset($this->filtervalue)?'NULL':"'".$this->db->escape($this->filtervalue)."'").",";
|
||||||
$sql.= " ".$user->id.",";
|
$sql.= " ".$user->id.",";
|
||||||
$sql.= " ".$this->db->idate(dol_now()).",";
|
$sql.= " '".$this->db->idate(dol_now())."',";
|
||||||
$sql.= " ".$user->id;
|
$sql.= " ".$user->id;
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -86,9 +86,9 @@ class PaymentVarious extends CommonObject
|
|||||||
// Update request
|
// Update request
|
||||||
$sql = "UPDATE ".MAIN_DB_PREFIX."payment_various SET";
|
$sql = "UPDATE ".MAIN_DB_PREFIX."payment_various SET";
|
||||||
|
|
||||||
$sql.= " tms=".$this->db->idate($this->tms).",";
|
$sql.= " tms='".$this->db->idate($this->tms)."',";
|
||||||
$sql.= " datep=".$this->db->idate($this->datep).",";
|
$sql.= " datep='".$this->db->idate($this->datep)."',";
|
||||||
$sql.= " datev=".$this->db->idate($this->datev).",";
|
$sql.= " datev='".$this->db->idate($this->datev)."',";
|
||||||
$sql.= " sens=".$this->sens.",";
|
$sql.= " sens=".$this->sens.",";
|
||||||
$sql.= " amount=".price2num($this->amount).",";
|
$sql.= " amount=".price2num($this->amount).",";
|
||||||
$sql.= " fk_typepayment=".$this->fk_typepayment."',";
|
$sql.= " fk_typepayment=".$this->fk_typepayment."',";
|
||||||
|
|||||||
@@ -151,9 +151,9 @@ class Localtax extends CommonObject
|
|||||||
// Update request
|
// Update request
|
||||||
$sql = "UPDATE ".MAIN_DB_PREFIX."localtax SET";
|
$sql = "UPDATE ".MAIN_DB_PREFIX."localtax SET";
|
||||||
$sql.= " localtaxtype=".$this->ltt.",";
|
$sql.= " localtaxtype=".$this->ltt.",";
|
||||||
$sql.= " tms=".$this->db->idate($this->tms).",";
|
$sql.= " tms='".$this->db->idate($this->tms)."',";
|
||||||
$sql.= " datep=".$this->db->idate($this->datep).",";
|
$sql.= " datep='".$this->db->idate($this->datep)."',";
|
||||||
$sql.= " datev=".$this->db->idate($this->datev).",";
|
$sql.= " datev='".$this->db->idate($this->datev)."',";
|
||||||
$sql.= " amount=".price2num($this->amount).",";
|
$sql.= " amount=".price2num($this->amount).",";
|
||||||
$sql.= " label='".$this->db->escape($this->label)."',";
|
$sql.= " label='".$this->db->escape($this->label)."',";
|
||||||
$sql.= " note='".$this->db->escape($this->note)."',";
|
$sql.= " note='".$this->db->escape($this->note)."',";
|
||||||
|
|||||||
@@ -97,16 +97,16 @@ class PaymentSalary extends CommonObject
|
|||||||
// Update request
|
// Update request
|
||||||
$sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET";
|
$sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET";
|
||||||
|
|
||||||
$sql.= " tms=".$this->db->idate($this->tms).",";
|
$sql.= " tms='".$this->db->idate($this->tms)."',";
|
||||||
$sql.= " fk_user=".$this->fk_user.",";
|
$sql.= " fk_user=".$this->fk_user.",";
|
||||||
$sql.= " datep=".$this->db->idate($this->datep).",";
|
$sql.= " datep='".$this->db->idate($this->datep)."',";
|
||||||
$sql.= " datev=".$this->db->idate($this->datev).",";
|
$sql.= " datev='".$this->db->idate($this->datev)."',";
|
||||||
$sql.= " amount=".price2num($this->amount).",";
|
$sql.= " amount=".price2num($this->amount).",";
|
||||||
$sql.= " fk_typepayment=".$this->fk_typepayment."',";
|
$sql.= " fk_typepayment=".$this->fk_typepayment."',";
|
||||||
$sql.= " num_payment='".$this->db->escape($this->num_payment)."',";
|
$sql.= " num_payment='".$this->db->escape($this->num_payment)."',";
|
||||||
$sql.= " label='".$this->db->escape($this->label)."',";
|
$sql.= " label='".$this->db->escape($this->label)."',";
|
||||||
$sql.= " datesp=".$this->db->idate($this->datesp).",";
|
$sql.= " datesp='".$this->db->idate($this->datesp)."',";
|
||||||
$sql.= " dateep=".$this->db->idate($this->dateep).",";
|
$sql.= " dateep='".$this->db->idate($this->dateep)."',";
|
||||||
$sql.= " note='".$this->db->escape($this->note)."',";
|
$sql.= " note='".$this->db->escape($this->note)."',";
|
||||||
$sql.= " fk_bank=".($this->fk_bank > 0 ? "'".$this->fk_bank."'":"null").",";
|
$sql.= " fk_bank=".($this->fk_bank > 0 ? "'".$this->fk_bank."'":"null").",";
|
||||||
$sql.= " fk_user_author=".$this->fk_user_author.",";
|
$sql.= " fk_user_author=".$this->fk_user_author.",";
|
||||||
|
|||||||
@@ -173,9 +173,9 @@ class Tva extends CommonObject
|
|||||||
|
|
||||||
// Update request
|
// Update request
|
||||||
$sql = "UPDATE ".MAIN_DB_PREFIX."tva SET";
|
$sql = "UPDATE ".MAIN_DB_PREFIX."tva SET";
|
||||||
$sql.= " tms=".$this->db->idate($this->tms).",";
|
$sql.= " tms='".$this->db->idate($this->tms)."',";
|
||||||
$sql.= " datep=".$this->db->idate($this->datep).",";
|
$sql.= " datep='".$this->db->idate($this->datep)."',";
|
||||||
$sql.= " datev=".$this->db->idate($this->datev).",";
|
$sql.= " datev='".$this->db->idate($this->datev)."',";
|
||||||
$sql.= " amount=".price2num($this->amount).",";
|
$sql.= " amount=".price2num($this->amount).",";
|
||||||
$sql.= " label='".$this->db->escape($this->label)."',";
|
$sql.= " label='".$this->db->escape($this->label)."',";
|
||||||
$sql.= " note='".$this->db->escape($this->note)."',";
|
$sql.= " note='".$this->db->escape($this->note)."',";
|
||||||
|
|||||||
@@ -48,13 +48,15 @@ if ($user->societe_id) $socid=$user->societe_id;
|
|||||||
$result = restrictedArea($user, 'contact', $contactid,'');
|
$result = restrictedArea($user, 'contact', $contactid,'');
|
||||||
|
|
||||||
$sall=GETPOST('sall', 'alphanohtml');
|
$sall=GETPOST('sall', 'alphanohtml');
|
||||||
|
$search_cti=preg_replace('/^0+/', '', preg_replace('/[^0-9]/', '', GETPOST('search_cti', 'alphanohtml'))); // Phone number without any special chars
|
||||||
|
$search_phone=GETPOST("search_phone");
|
||||||
|
|
||||||
$search_id=trim(GETPOST("search_id","int"));
|
$search_id=trim(GETPOST("search_id","int"));
|
||||||
$search_firstlast_only=GETPOST("search_firstlast_only");
|
$search_firstlast_only=GETPOST("search_firstlast_only");
|
||||||
$search_lastname=GETPOST("search_lastname");
|
$search_lastname=GETPOST("search_lastname");
|
||||||
$search_firstname=GETPOST("search_firstname");
|
$search_firstname=GETPOST("search_firstname");
|
||||||
$search_societe=GETPOST("search_societe");
|
$search_societe=GETPOST("search_societe");
|
||||||
$search_poste=GETPOST("search_poste");
|
$search_poste=GETPOST("search_poste");
|
||||||
$search_phone=GETPOST("search_phone");
|
|
||||||
$search_phone_perso=GETPOST("search_phone_perso");
|
$search_phone_perso=GETPOST("search_phone_perso");
|
||||||
$search_phone_pro=GETPOST("search_phone_pro");
|
$search_phone_pro=GETPOST("search_phone_pro");
|
||||||
$search_phone_mobile=GETPOST("search_phone_mobile");
|
$search_phone_mobile=GETPOST("search_phone_mobile");
|
||||||
@@ -281,52 +283,24 @@ if ($search_categ_thirdparty == -2) $sql.= " AND cs.fk_categorie IS NULL";
|
|||||||
if ($search_categ_supplier > 0) $sql.= " AND cs2.fk_categorie = ".$db->escape($search_categ_supplier);
|
if ($search_categ_supplier > 0) $sql.= " AND cs2.fk_categorie = ".$db->escape($search_categ_supplier);
|
||||||
if ($search_categ_supplier == -2) $sql.= " AND cs2.fk_categorie IS NULL";
|
if ($search_categ_supplier == -2) $sql.= " AND cs2.fk_categorie IS NULL";
|
||||||
|
|
||||||
if ($search_id > 0) $sql.= natural_search("s.rowid",$search_id,1);
|
if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall);
|
||||||
if ($search_import_key) $sql.= natural_search("s.import_key",$search_import_key);
|
if (strlen($search_phone)) $sql.= natural_search(array('p.phone', 'p.phone_perso', 'p.phone_mobile'), $search_phone);
|
||||||
if ($search_firstlast_only) {
|
if (strlen($search_cti)) $sql.= natural_search(array('p.phone', 'p.phone_perso', 'p.phone_mobile'), $search_cti);
|
||||||
$sql .= natural_search(array('p.lastname','p.firstname'), $search_firstlast_only);
|
if (strlen($search_firstlast_only)) $sql.= natural_search(array('p.lastname', 'p.firstname'), $search_firstlast_only);
|
||||||
}
|
|
||||||
if ($search_lastname) { // filter on lastname
|
if ($search_id > 0) $sql.= natural_search("p.rowid",$search_id,1);
|
||||||
$sql .= natural_search('p.lastname', $search_lastname);
|
if ($search_lastname) $sql.= natural_search('p.lastname', $search_lastname);
|
||||||
}
|
if ($search_firstname) $sql.= natural_search('p.firstname', $search_firstname);
|
||||||
if ($search_firstname) { // filter on firstname
|
if ($search_societe) $sql.= natural_search('s.nom', $search_societe);
|
||||||
$sql .= natural_search('p.firstname', $search_firstname);
|
if (strlen($search_poste)) $sql.= natural_search('p.poste', $search_poste);
|
||||||
}
|
if (strlen($search_phone_perso)) $sql.= natural_search('p.phone_perso', $search_phone_perso);
|
||||||
if ($search_societe) { // filtre sur la societe
|
if (strlen($search_phone_pro)) $sql.= natural_search('p.phone', $search_phone);
|
||||||
$sql .= natural_search('s.nom', $search_societe);
|
if (strlen($search_phone_mobile)) $sql.= natural_search('p.phone_mobile', $search_phone_mobile);
|
||||||
}
|
if (strlen($search_fax)) $sql.= natural_search('p.phone_fax', $search_fax);
|
||||||
if (strlen($search_poste)) { // filtre sur la societe
|
if (strlen($search_skype)) $sql.= natural_search('p.skype', $search_skype);
|
||||||
$sql .= natural_search('p.poste', $search_poste);
|
if (strlen($search_email)) $sql.= natural_search('p.email', $search_email);
|
||||||
}
|
if ($search_status != '' && $search_status >= 0) $sql.= " AND p.statut = ".$db->escape($search_status);
|
||||||
if (strlen($search_phone))
|
if ($search_import_key) $sql.= natural_search("p.import_key",$search_import_key);
|
||||||
{
|
|
||||||
$sql .= " AND (p.phone LIKE '%".$db->escape($search_phone)."%' OR p.phone_perso LIKE '%".$db->escape($search_phone)."%' OR p.phone_mobile LIKE '%".$db->escape($search_phone)."%')";
|
|
||||||
}
|
|
||||||
if (strlen($search_phone_perso))
|
|
||||||
{
|
|
||||||
$sql .= " AND p.phone_perso LIKE '%".$db->escape($search_phone_perso)."%'";
|
|
||||||
}
|
|
||||||
if (strlen($search_phone_pro))
|
|
||||||
{
|
|
||||||
$sql .= " AND p.phone LIKE '%".$db->escape($search_phone_pro)."%'";
|
|
||||||
}
|
|
||||||
if (strlen($search_phone_mobile))
|
|
||||||
{
|
|
||||||
$sql .= " AND p.phone_mobile LIKE '%".$db->escape($search_phone_mobile)."%'";
|
|
||||||
}
|
|
||||||
if (strlen($search_fax))
|
|
||||||
{
|
|
||||||
$sql .= " AND p.fax LIKE '%".$db->escape($search_fax)."%'";
|
|
||||||
}
|
|
||||||
if (strlen($search_email)) // filtre sur l'email
|
|
||||||
{
|
|
||||||
$sql .= " AND p.email LIKE '%".$db->escape($search_email)."%'";
|
|
||||||
}
|
|
||||||
if (strlen($search_skype)) // filtre sur skype
|
|
||||||
{
|
|
||||||
$sql .= " AND p.skype LIKE '%".$db->escape($search_skype)."%'";
|
|
||||||
}
|
|
||||||
if ($search_status != '' && $search_status >= 0) $sql .= " AND p.statut = ".$db->escape($search_status);
|
|
||||||
if ($type == "o") // filtre sur type
|
if ($type == "o") // filtre sur type
|
||||||
{
|
{
|
||||||
$sql .= " AND p.fk_soc IS NULL";
|
$sql .= " AND p.fk_soc IS NULL";
|
||||||
@@ -343,10 +317,6 @@ else if ($type == "p") // filtre sur type
|
|||||||
{
|
{
|
||||||
$sql .= " AND s.client IN (2, 3)";
|
$sql .= " AND s.client IN (2, 3)";
|
||||||
}
|
}
|
||||||
if ($sall)
|
|
||||||
{
|
|
||||||
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
|
|
||||||
}
|
|
||||||
if (! empty($socid))
|
if (! empty($socid))
|
||||||
{
|
{
|
||||||
$sql .= " AND s.rowid = ".$socid;
|
$sql .= " AND s.rowid = ".$socid;
|
||||||
@@ -399,7 +369,7 @@ $num = $db->num_rows($result);
|
|||||||
|
|
||||||
$arrayofselected=is_array($toselect)?$toselect:array();
|
$arrayofselected=is_array($toselect)?$toselect:array();
|
||||||
|
|
||||||
if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $sall)
|
if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && ($sall != '' || $seearch_cti != ''))
|
||||||
{
|
{
|
||||||
$obj = $db->fetch_object($resql);
|
$obj = $db->fetch_object($resql);
|
||||||
$id = $obj->rowid;
|
$id = $obj->rowid;
|
||||||
|
|||||||
@@ -172,7 +172,7 @@ class Events // extends CommonObject
|
|||||||
// Update request
|
// Update request
|
||||||
$sql = "UPDATE ".MAIN_DB_PREFIX."events SET";
|
$sql = "UPDATE ".MAIN_DB_PREFIX."events SET";
|
||||||
$sql.= " type='".$this->db->escape($this->type)."',";
|
$sql.= " type='".$this->db->escape($this->type)."',";
|
||||||
$sql.= " dateevent=".$this->db->idate($this->dateevent).",";
|
$sql.= " dateevent='".$this->db->idate($this->dateevent)."',";
|
||||||
$sql.= " description='".$this->db->escape($this->description)."'";
|
$sql.= " description='".$this->db->escape($this->description)."'";
|
||||||
$sql.= " WHERE rowid=".$this->id;
|
$sql.= " WHERE rowid=".$this->id;
|
||||||
|
|
||||||
|
|||||||
@@ -6174,7 +6174,7 @@ function dol_getmypid()
|
|||||||
* or like "keyword1|keyword2" = We want record field like keyword1 OR field like keyword2
|
* or like "keyword1|keyword2" = We want record field like keyword1 OR field like keyword2
|
||||||
* If param $mode is 1, can contains an operator <, > or = like "<10" or ">=100.5 < 1000"
|
* If param $mode is 1, can contains an operator <, > or = like "<10" or ">=100.5 < 1000"
|
||||||
* If param $mode is 2, can contains a list of id separated by comma like "1,3,4"
|
* If param $mode is 2, can contains a list of id separated by comma like "1,3,4"
|
||||||
* @param integer $mode 0=value is list of keywords, 1=value is a numeric test (Example ">5.5 <10"), 2=value is a list of id separated with comma (Example '1,3,4')
|
* @param integer $mode 0=value is list of keyword strings, 1=value is a numeric test (Example ">5.5 <10"), 2=value is a list of id separated with comma (Example '1,3,4')
|
||||||
* @param integer $nofirstand 1=Do not output the first 'AND'
|
* @param integer $nofirstand 1=Do not output the first 'AND'
|
||||||
* @return string $res The statement to append to the SQL query
|
* @return string $res The statement to append to the SQL query
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -49,6 +49,8 @@ if ($user->societe_id) $socid=$user->societe_id;
|
|||||||
$result = restrictedArea($user,'societe',$socid,'');
|
$result = restrictedArea($user,'societe',$socid,'');
|
||||||
|
|
||||||
$search_all=trim(GETPOST('sall', 'alphanohtml'));
|
$search_all=trim(GETPOST('sall', 'alphanohtml'));
|
||||||
|
$search_cti=preg_replace('/^0+/', '', preg_replace('/[^0-9]/', '', GETPOST('search_cti', 'alphanohtml'))); // Phone number without any special chars
|
||||||
|
|
||||||
$search_id=trim(GETPOST("search_id","int"));
|
$search_id=trim(GETPOST("search_id","int"));
|
||||||
$search_nom=trim(GETPOST("search_nom"));
|
$search_nom=trim(GETPOST("search_nom"));
|
||||||
$search_alias=trim(GETPOST("search_alias"));
|
$search_alias=trim(GETPOST("search_alias"));
|
||||||
@@ -413,9 +415,11 @@ if (! $user->rights->fournisseur->lire) $sql.=" AND (s.fournisseur <> 1 OR s.cli
|
|||||||
if ($search_sale) $sql.= " AND sc.fk_user = ".$db->escape($search_sale);
|
if ($search_sale) $sql.= " AND sc.fk_user = ".$db->escape($search_sale);
|
||||||
if ($search_categ > 0) $sql.= " AND cs.fk_categorie = ".$db->escape($search_categ);
|
if ($search_categ > 0) $sql.= " AND cs.fk_categorie = ".$db->escape($search_categ);
|
||||||
if ($search_categ == -2) $sql.= " AND cs.fk_categorie IS NULL";
|
if ($search_categ == -2) $sql.= " AND cs.fk_categorie IS NULL";
|
||||||
|
|
||||||
if ($search_all) $sql.= natural_search(array_keys($fieldstosearchall), $search_all);
|
if ($search_all) $sql.= natural_search(array_keys($fieldstosearchall), $search_all);
|
||||||
|
if (strlen($search_cti)) $sql.= natural_search('s.phone', $search_cti);
|
||||||
|
|
||||||
if ($search_id > 0) $sql.= natural_search("s.rowid",$search_id,1);
|
if ($search_id > 0) $sql.= natural_search("s.rowid",$search_id,1);
|
||||||
if ($search_import_key) $sql.= natural_search("s.import_key",$search_import_key);
|
|
||||||
if ($search_nom) $sql.= natural_search("s.nom",$search_nom);
|
if ($search_nom) $sql.= natural_search("s.nom",$search_nom);
|
||||||
if ($search_alias) $sql.= natural_search("s.name_alias",$search_alias);
|
if ($search_alias) $sql.= natural_search("s.name_alias",$search_alias);
|
||||||
if ($search_nom_only) $sql.= natural_search("s.nom",$search_nom_only);
|
if ($search_nom_only) $sql.= natural_search("s.nom",$search_nom_only);
|
||||||
@@ -424,27 +428,28 @@ if ($search_supplier_code) $sql.= natural_search("s.code_fournisseur",$search_su
|
|||||||
if ($search_account_customer_code) $sql.= natural_search("s.code_compta",$search_account_customer_code);
|
if ($search_account_customer_code) $sql.= natural_search("s.code_compta",$search_account_customer_code);
|
||||||
if ($search_account_supplier_code) $sql.= natural_search("s.code_compta_fournisseur",$search_account_supplier_code);
|
if ($search_account_supplier_code) $sql.= natural_search("s.code_compta_fournisseur",$search_account_supplier_code);
|
||||||
if ($search_town) $sql.= natural_search("s.town",$search_town);
|
if ($search_town) $sql.= natural_search("s.town",$search_town);
|
||||||
if ($search_zip) $sql.= natural_search("s.zip",$search_zip);
|
if (strlen($search_zip)) $sql.= natural_search("s.zip",$search_zip);
|
||||||
if ($search_state) $sql.= natural_search("state.nom",$search_state);
|
if ($search_state) $sql.= natural_search("state.nom",$search_state);
|
||||||
if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')';
|
if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')';
|
||||||
if ($search_email) $sql.= natural_search("s.email",$search_email);
|
if ($search_email) $sql.= natural_search("s.email",$search_email);
|
||||||
if ($search_phone) $sql.= natural_search("s.phone",$search_phone);
|
if (strlen($search_phone)) $sql.= natural_search("s.phone", $search_phone);
|
||||||
if ($search_url) $sql.= natural_search("s.url",$search_url);
|
if ($search_url) $sql.= natural_search("s.url",$search_url);
|
||||||
if ($search_idprof1) $sql.= natural_search("s.siren",$search_idprof1);
|
if (strlen($search_idprof1)) $sql.= natural_search("s.siren",$search_idprof1);
|
||||||
if ($search_idprof2) $sql.= natural_search("s.siret",$search_idprof2);
|
if (strlen($search_idprof2)) $sql.= natural_search("s.siret",$search_idprof2);
|
||||||
if ($search_idprof3) $sql.= natural_search("s.ape",$search_idprof3);
|
if (strlen($search_idprof3)) $sql.= natural_search("s.ape",$search_idprof3);
|
||||||
if ($search_idprof4) $sql.= natural_search("s.idprof4",$search_idprof4);
|
if (strlen($search_idprof4)) $sql.= natural_search("s.idprof4",$search_idprof4);
|
||||||
if ($search_idprof5) $sql.= natural_search("s.idprof5",$search_idprof5);
|
if (strlen($search_idprof5)) $sql.= natural_search("s.idprof5",$search_idprof5);
|
||||||
if ($search_idprof6) $sql.= natural_search("s.idprof6",$search_idprof6);
|
if (strlen($search_idprof6)) $sql.= natural_search("s.idprof6",$search_idprof6);
|
||||||
// Filter on type of thirdparty
|
// Filter on type of thirdparty
|
||||||
if ($search_type > 0 && in_array($search_type,array('1,3','2,3'))) $sql .= " AND s.client IN (".$db->escape($search_type).")";
|
if ($search_type > 0 && in_array($search_type,array('1,3','2,3'))) $sql .= " AND s.client IN (".$db->escape($search_type).")";
|
||||||
if ($search_type > 0 && in_array($search_type,array('4'))) $sql .= " AND s.fournisseur = 1";
|
if ($search_type > 0 && in_array($search_type,array('4'))) $sql .= " AND s.fournisseur = 1";
|
||||||
if ($search_type == '0') $sql .= " AND s.client = 0 AND s.fournisseur = 0";
|
if ($search_type == '0') $sql .= " AND s.client = 0 AND s.fournisseur = 0";
|
||||||
if ($search_status!='' && $search_status >= 0) $sql .= " AND s.status = ".$db->escape($search_status);
|
if ($search_status!='' && $search_status >= 0) $sql .= " AND s.status = ".$db->escape($search_status);
|
||||||
if (!empty($conf->barcode->enabled) && $search_barcode) $sql.= " AND s.barcode LIKE '%".$db->escape($search_barcode)."%'";
|
if (!empty($conf->barcode->enabled) && $search_barcode) $sql.= natural_search("s.barcode", $search_barcode);
|
||||||
if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')';
|
if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')';
|
||||||
if ($search_levels) $sql .= " AND s.fk_prospectlevel IN (".$search_levels.')';
|
if ($search_levels) $sql .= " AND s.fk_prospectlevel IN (".$search_levels.')';
|
||||||
if ($search_stcomm != '' && $search_stcomm != -2) $sql.= natural_search("s.fk_stcomm",$search_stcomm,2);
|
if ($search_stcomm != '' && $search_stcomm != -2) $sql.= natural_search("s.fk_stcomm",$search_stcomm,2);
|
||||||
|
if ($search_import_key) $sql.= natural_search("s.import_key",$search_import_key);
|
||||||
// Add where from extra fields
|
// Add where from extra fields
|
||||||
foreach ($search_array_options as $key => $val)
|
foreach ($search_array_options as $key => $val)
|
||||||
{
|
{
|
||||||
@@ -486,7 +491,7 @@ $num = $db->num_rows($resql);
|
|||||||
|
|
||||||
$arrayofselected=is_array($toselect)?$toselect:array();
|
$arrayofselected=is_array($toselect)?$toselect:array();
|
||||||
|
|
||||||
if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $search_all && $action != 'list')
|
if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && ($search_all != '' || $search_cti != '') && $action != 'list')
|
||||||
{
|
{
|
||||||
$obj = $db->fetch_object($resql);
|
$obj = $db->fetch_object($resql);
|
||||||
$id = $obj->rowid;
|
$id = $obj->rowid;
|
||||||
|
|||||||
@@ -155,6 +155,25 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase
|
|||||||
print 'Check php file '.$file['fullname']."\n";
|
print 'Check php file '.$file['fullname']."\n";
|
||||||
$filecontent=file_get_contents($file['fullname']);
|
$filecontent=file_get_contents($file['fullname']);
|
||||||
|
|
||||||
|
|
||||||
|
$ok=true;
|
||||||
|
$matches=array();
|
||||||
|
// Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
|
||||||
|
preg_match_all('/(..)\s*\.\s*\$this->db->idate\(/', $filecontent, $matches, PREG_SET_ORDER);
|
||||||
|
foreach($matches as $key => $val)
|
||||||
|
{
|
||||||
|
if ($val[1] != '\'"' && $val[1] != '\'\'')
|
||||||
|
{
|
||||||
|
$ok=false;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
//if ($reg[0] != 'db') $ok=false;
|
||||||
|
}
|
||||||
|
//print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
|
||||||
|
$this->assertTrue($ok, 'Found a $this->db->idate to forge a sql request without quotes around this date field '.$file['fullname'].' :: '.$val[0]);
|
||||||
|
//exit;
|
||||||
|
|
||||||
|
|
||||||
$ok=true;
|
$ok=true;
|
||||||
$matches=array();
|
$matches=array();
|
||||||
// Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
|
// Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
|
||||||
@@ -172,6 +191,7 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase
|
|||||||
$this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['fullname'].' ('.$val[0].'). Bad.');
|
$this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['fullname'].' ('.$val[0].'). Bad.');
|
||||||
//exit;
|
//exit;
|
||||||
|
|
||||||
|
|
||||||
// Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped.
|
// Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped.
|
||||||
$ok=true;
|
$ok=true;
|
||||||
$matches=array();
|
$matches=array();
|
||||||
|
|||||||
Reference in New Issue
Block a user