Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Merge branch '6.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source 
Conflicts:
	htdocs/contact/list.php
	htdocs/societe/list.php
This commit is contained in:
Laurent Destailleur
2017-07-27 02:09:40 +02:00
parent 537a6ae622 bdfb0b7561
commit ec27eb5b1e
11 changed files with 113 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
htdocs/accountancy/class/accountancysystem.class.php
View File

@@ -37,7 +37,7 @@ class AccountancySystem
var $label; var $label;
var $account_number; var $account_number;
var $account_parent; var $account_parent;
/** /**
* Constructor * Constructor
* *
@@ -46,8 +46,8 @@ class AccountancySystem
function __construct($db) { function __construct($db) {
$this->db = $db; $this->db = $db;
} }
/** /**
* Load record in memory * Load record in memory
* *
@@ -55,11 +55,11 @@ class AccountancySystem
* @param string $ref ref * @param string $ref ref
* @return int <0 if KO, Id of record if OK and found * @return int <0 if KO, Id of record if OK and found
*/ */
function fetch($rowid = 0, $ref = '') function fetch($rowid = 0, $ref = '')
{ {
global $conf; global $conf;
if ($rowid > 0 || $ref) if ($rowid > 0 || $ref)
{ {
$sql = "SELECT a.pcg_version, a.label, a.active"; $sql = "SELECT a.pcg_version, a.label, a.active";
$sql .= " FROM " . MAIN_DB_PREFIX . "accounting_system as a"; $sql .= " FROM " . MAIN_DB_PREFIX . "accounting_system as a";
@@ -69,12 +69,12 @@ class AccountancySystem
} elseif ($ref) { } elseif ($ref) {
$sql .= " a.pcg_version = '" . $ref . "'"; $sql .= " a.pcg_version = '" . $ref . "'";
} }
dol_syslog(get_class($this) . "::fetch sql=" . $sql, LOG_DEBUG); dol_syslog(get_class($this) . "::fetch sql=" . $sql, LOG_DEBUG);
$result = $this->db->query($sql); $result = $this->db->query($sql);
if ($result) { if ($result) {
$obj = $this->db->fetch_object($result); $obj = $this->db->fetch_object($result);
if ($obj) { if ($obj) {
$this->id = $obj->rowid; $this->id = $obj->rowid;
$this->rowid = $obj->rowid; $this->rowid = $obj->rowid;
@@ -82,7 +82,7 @@ class AccountancySystem
$this->ref = $obj->pcg_version; $this->ref = $obj->pcg_version;
$this->label = $obj->label; $this->label = $obj->label;
$this->active = $obj->active; $this->active = $obj->active;
return $this->id; return $this->id;
} else { } else {
return 0; return 0;
@@ -94,8 +94,8 @@ class AccountancySystem
} }
return - 1; return - 1;
} }
/** /**
* Insert accountancy system name into database * Insert accountancy system name into database
* *
@@ -104,16 +104,16 @@ class AccountancySystem
*/ */
function create($user) { function create($user) {
$now = dol_now(); $now = dol_now();
$sql = "INSERT INTO " . MAIN_DB_PREFIX . "accounting_system"; $sql = "INSERT INTO " . MAIN_DB_PREFIX . "accounting_system";
$sql .= " (date_creation, fk_user_author, numero, label)"; $sql .= " (date_creation, fk_user_author, numero, label)";
$sql .= " VALUES (" . $this->db->idate($now) . "," . $user->id . ",'" . $this->numero . "','" . $this->label . "')"; $sql .= " VALUES ('" . $this->db->idate($now) . "'," . $user->id . ",'" . $this->numero . "','" . $this->label . "')";
dol_syslog(get_class($this) . "::create sql=" . $sql, LOG_DEBUG); dol_syslog(get_class($this) . "::create sql=" . $sql, LOG_DEBUG);
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if ($resql) { if ($resql) {
$id = $this->db->last_insert_id(MAIN_DB_PREFIX . "accounting_system"); $id = $this->db->last_insert_id(MAIN_DB_PREFIX . "accounting_system");
if ($id > 0) { if ($id > 0) {
$this->rowid = $id; $this->rowid = $id;
$result = $this->rowid; $result = $this->rowid;
@@ -127,7 +127,7 @@ class AccountancySystem
$this->error = "AccountancySystem::Create Erreur $result"; $this->error = "AccountancySystem::Create Erreur $result";
dol_syslog($this->error, LOG_ERR); dol_syslog($this->error, LOG_ERR);
} }
return $result; return $result;
} }
} }

2
htdocs/comm/mailing/class/advtargetemailing.class.php
View File

@@ -124,7 +124,7 @@ class AdvanceTargetingMailing extends CommonObject
$sql.= " ".(! isset($this->fk_mailing)?'NULL':"'".$this->fk_mailing."'").","; $sql.= " ".(! isset($this->fk_mailing)?'NULL':"'".$this->fk_mailing."'").",";
$sql.= " ".(! isset($this->filtervalue)?'NULL':"'".$this->db->escape($this->filtervalue)."'").","; $sql.= " ".(! isset($this->filtervalue)?'NULL':"'".$this->db->escape($this->filtervalue)."'").",";
$sql.= " ".$user->id.","; $sql.= " ".$user->id.",";
$sql.= " ".$this->db->idate(dol_now()).","; $sql.= " '".$this->db->idate(dol_now())."',";
$sql.= " ".$user->id; $sql.= " ".$user->id;

6
htdocs/compta/bank/class/paymentvarious.class.php
View File

@@ -86,9 +86,9 @@ class PaymentVarious extends CommonObject
// Update request // Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."payment_various SET"; $sql = "UPDATE ".MAIN_DB_PREFIX."payment_various SET";
$sql.= " tms=".$this->db->idate($this->tms).","; $sql.= " tms='".$this->db->idate($this->tms)."',";
$sql.= " datep=".$this->db->idate($this->datep).","; $sql.= " datep='".$this->db->idate($this->datep)."',";
$sql.= " datev=".$this->db->idate($this->datev).","; $sql.= " datev='".$this->db->idate($this->datev)."',";
$sql.= " sens=".$this->sens.","; $sql.= " sens=".$this->sens.",";
$sql.= " amount=".price2num($this->amount).","; $sql.= " amount=".price2num($this->amount).",";
$sql.= " fk_typepayment=".$this->fk_typepayment."',"; $sql.= " fk_typepayment=".$this->fk_typepayment."',";

6
htdocs/compta/localtax/class/localtax.class.php
View File

@@ -151,9 +151,9 @@ class Localtax extends CommonObject
// Update request // Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."localtax SET"; $sql = "UPDATE ".MAIN_DB_PREFIX."localtax SET";
$sql.= " localtaxtype=".$this->ltt.","; $sql.= " localtaxtype=".$this->ltt.",";
$sql.= " tms=".$this->db->idate($this->tms).","; $sql.= " tms='".$this->db->idate($this->tms)."',";
$sql.= " datep=".$this->db->idate($this->datep).","; $sql.= " datep='".$this->db->idate($this->datep)."',";
$sql.= " datev=".$this->db->idate($this->datev).","; $sql.= " datev='".$this->db->idate($this->datev)."',";
$sql.= " amount=".price2num($this->amount).","; $sql.= " amount=".price2num($this->amount).",";
$sql.= " label='".$this->db->escape($this->label)."',"; $sql.= " label='".$this->db->escape($this->label)."',";
$sql.= " note='".$this->db->escape($this->note)."',"; $sql.= " note='".$this->db->escape($this->note)."',";

20
htdocs/compta/salaries/class/paymentsalary.class.php
View File

@@ -34,7 +34,7 @@ class PaymentSalary extends CommonObject
//public $element='payment_salary'; //!< Id that identify managed objects //public $element='payment_salary'; //!< Id that identify managed objects
//public $table_element='payment_salary'; //!< Name of table without prefix where object is stored //public $table_element='payment_salary'; //!< Name of table without prefix where object is stored
public $picto='payment'; public $picto='payment';
public $tms; public $tms;
public $fk_user; public $fk_user;
public $datep; public $datep;
@@ -97,16 +97,16 @@ class PaymentSalary extends CommonObject
// Update request // Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET"; $sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET";
$sql.= " tms=".$this->db->idate($this->tms).","; $sql.= " tms='".$this->db->idate($this->tms)."',";
$sql.= " fk_user=".$this->fk_user.","; $sql.= " fk_user=".$this->fk_user.",";
$sql.= " datep=".$this->db->idate($this->datep).","; $sql.= " datep='".$this->db->idate($this->datep)."',";
$sql.= " datev=".$this->db->idate($this->datev).","; $sql.= " datev='".$this->db->idate($this->datev)."',";
$sql.= " amount=".price2num($this->amount).","; $sql.= " amount=".price2num($this->amount).",";
$sql.= " fk_typepayment=".$this->fk_typepayment."',"; $sql.= " fk_typepayment=".$this->fk_typepayment."',";
$sql.= " num_payment='".$this->db->escape($this->num_payment)."',"; $sql.= " num_payment='".$this->db->escape($this->num_payment)."',";
$sql.= " label='".$this->db->escape($this->label)."',"; $sql.= " label='".$this->db->escape($this->label)."',";
$sql.= " datesp=".$this->db->idate($this->datesp).","; $sql.= " datesp='".$this->db->idate($this->datesp)."',";
$sql.= " dateep=".$this->db->idate($this->dateep).","; $sql.= " dateep='".$this->db->idate($this->dateep)."',";
$sql.= " note='".$this->db->escape($this->note)."',"; $sql.= " note='".$this->db->escape($this->note)."',";
$sql.= " fk_bank=".($this->fk_bank > 0 ? "'".$this->fk_bank."'":"null").","; $sql.= " fk_bank=".($this->fk_bank > 0 ? "'".$this->fk_bank."'":"null").",";
$sql.= " fk_user_author=".$this->fk_user_author.","; $sql.= " fk_user_author=".$this->fk_user_author.",";
@@ -548,7 +548,7 @@ class PaymentSalary extends CommonObject
} }
} }
/** /**
* Retourne le libelle du statut d'une facture (brouillon, validee, abandonnee, payee) * Retourne le libelle du statut d'une facture (brouillon, validee, abandonnee, payee)
* *
@@ -559,7 +559,7 @@ class PaymentSalary extends CommonObject
{ {
return $this->LibStatut($this->statut,$mode); return $this->LibStatut($this->statut,$mode);
} }
/** /**
* Renvoi le libelle d'un statut donne * Renvoi le libelle d'un statut donne
* *
@@ -570,7 +570,7 @@ class PaymentSalary extends CommonObject
function LibStatut($status,$mode=0) function LibStatut($status,$mode=0)
{ {
global $langs; // TODO Renvoyer le libelle anglais et faire traduction a affichage global $langs; // TODO Renvoyer le libelle anglais et faire traduction a affichage
$langs->load('compta'); $langs->load('compta');
/*if ($mode == 0) /*if ($mode == 0)
{ {
@@ -609,5 +609,5 @@ class PaymentSalary extends CommonObject
}*/ }*/
return ''; return '';
} }
} }

6
htdocs/compta/tva/class/tva.class.php
View File

@@ -173,9 +173,9 @@ class Tva extends CommonObject
// Update request // Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."tva SET"; $sql = "UPDATE ".MAIN_DB_PREFIX."tva SET";
$sql.= " tms=".$this->db->idate($this->tms).","; $sql.= " tms='".$this->db->idate($this->tms)."',";
$sql.= " datep=".$this->db->idate($this->datep).","; $sql.= " datep='".$this->db->idate($this->datep)."',";
$sql.= " datev=".$this->db->idate($this->datev).","; $sql.= " datev='".$this->db->idate($this->datev)."',";
$sql.= " amount=".price2num($this->amount).","; $sql.= " amount=".price2num($this->amount).",";
$sql.= " label='".$this->db->escape($this->label)."',"; $sql.= " label='".$this->db->escape($this->label)."',";
$sql.= " note='".$this->db->escape($this->note)."',"; $sql.= " note='".$this->db->escape($this->note)."',";

78
htdocs/contact/list.php
View File

@@ -48,13 +48,15 @@ if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'contact', $contactid,''); $result = restrictedArea($user, 'contact', $contactid,'');
$sall=GETPOST('sall', 'alphanohtml'); $sall=GETPOST('sall', 'alphanohtml');
$search_cti=preg_replace('/^0+/', '', preg_replace('/[^0-9]/', '', GETPOST('search_cti', 'alphanohtml'))); // Phone number without any special chars
$search_phone=GETPOST("search_phone");
$search_id=trim(GETPOST("search_id","int")); $search_id=trim(GETPOST("search_id","int"));
$search_firstlast_only=GETPOST("search_firstlast_only"); $search_firstlast_only=GETPOST("search_firstlast_only");
$search_lastname=GETPOST("search_lastname"); $search_lastname=GETPOST("search_lastname");
$search_firstname=GETPOST("search_firstname"); $search_firstname=GETPOST("search_firstname");
$search_societe=GETPOST("search_societe"); $search_societe=GETPOST("search_societe");
$search_poste=GETPOST("search_poste"); $search_poste=GETPOST("search_poste");
$search_phone=GETPOST("search_phone");
$search_phone_perso=GETPOST("search_phone_perso"); $search_phone_perso=GETPOST("search_phone_perso");
$search_phone_pro=GETPOST("search_phone_pro"); $search_phone_pro=GETPOST("search_phone_pro");
$search_phone_mobile=GETPOST("search_phone_mobile"); $search_phone_mobile=GETPOST("search_phone_mobile");
@@ -278,55 +280,27 @@ if ($search_categ > 0) $sql.= " AND cc.fk_categorie = ".$db->escape($search_ca
if ($search_categ == -2) $sql.= " AND cc.fk_categorie IS NULL"; if ($search_categ == -2) $sql.= " AND cc.fk_categorie IS NULL";
if ($search_categ_thirdparty > 0) $sql.= " AND cs.fk_categorie = ".$db->escape($search_categ_thirdparty); if ($search_categ_thirdparty > 0) $sql.= " AND cs.fk_categorie = ".$db->escape($search_categ_thirdparty);
if ($search_categ_thirdparty == -2) $sql.= " AND cs.fk_categorie IS NULL"; if ($search_categ_thirdparty == -2) $sql.= " AND cs.fk_categorie IS NULL";
if ($search_categ_supplier > 0) $sql.= " AND cs2.fk_categorie = ".$db->escape($search_categ_supplier); if ($search_categ_supplier > 0) $sql.= " AND cs2.fk_categorie = ".$db->escape($search_categ_supplier);
if ($search_categ_supplier == -2) $sql.= " AND cs2.fk_categorie IS NULL"; if ($search_categ_supplier == -2) $sql.= " AND cs2.fk_categorie IS NULL";
if ($search_id > 0) $sql.= natural_search("s.rowid",$search_id,1); if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall);
if ($search_import_key) $sql.= natural_search("s.import_key",$search_import_key); if (strlen($search_phone)) $sql.= natural_search(array('p.phone', 'p.phone_perso', 'p.phone_mobile'), $search_phone);
if ($search_firstlast_only) { if (strlen($search_cti)) $sql.= natural_search(array('p.phone', 'p.phone_perso', 'p.phone_mobile'), $search_cti);
$sql .= natural_search(array('p.lastname','p.firstname'), $search_firstlast_only); if (strlen($search_firstlast_only)) $sql.= natural_search(array('p.lastname', 'p.firstname'), $search_firstlast_only);
}
if ($search_lastname) { // filter on lastname if ($search_id > 0) $sql.= natural_search("p.rowid",$search_id,1);
$sql .= natural_search('p.lastname', $search_lastname); if ($search_lastname) $sql.= natural_search('p.lastname', $search_lastname);
} if ($search_firstname) $sql.= natural_search('p.firstname', $search_firstname);
if ($search_firstname) { // filter on firstname if ($search_societe) $sql.= natural_search('s.nom', $search_societe);
$sql .= natural_search('p.firstname', $search_firstname); if (strlen($search_poste)) $sql.= natural_search('p.poste', $search_poste);
} if (strlen($search_phone_perso)) $sql.= natural_search('p.phone_perso', $search_phone_perso);
if ($search_societe) { // filtre sur la societe if (strlen($search_phone_pro)) $sql.= natural_search('p.phone', $search_phone);
$sql .= natural_search('s.nom', $search_societe); if (strlen($search_phone_mobile)) $sql.= natural_search('p.phone_mobile', $search_phone_mobile);
} if (strlen($search_fax)) $sql.= natural_search('p.phone_fax', $search_fax);
if (strlen($search_poste)) { // filtre sur la societe if (strlen($search_skype)) $sql.= natural_search('p.skype', $search_skype);
$sql .= natural_search('p.poste', $search_poste); if (strlen($search_email)) $sql.= natural_search('p.email', $search_email);
} if ($search_status != '' && $search_status >= 0) $sql.= " AND p.statut = ".$db->escape($search_status);
if (strlen($search_phone)) if ($search_import_key) $sql.= natural_search("p.import_key",$search_import_key);
{
$sql .= " AND (p.phone LIKE '%".$db->escape($search_phone)."%' OR p.phone_perso LIKE '%".$db->escape($search_phone)."%' OR p.phone_mobile LIKE '%".$db->escape($search_phone)."%')";
}
if (strlen($search_phone_perso))
{
$sql .= " AND p.phone_perso LIKE '%".$db->escape($search_phone_perso)."%'";
}
if (strlen($search_phone_pro))
{
$sql .= " AND p.phone LIKE '%".$db->escape($search_phone_pro)."%'";
}
if (strlen($search_phone_mobile))
{
$sql .= " AND p.phone_mobile LIKE '%".$db->escape($search_phone_mobile)."%'";
}
if (strlen($search_fax))
{
$sql .= " AND p.fax LIKE '%".$db->escape($search_fax)."%'";
}
if (strlen($search_email)) // filtre sur l'email
{
$sql .= " AND p.email LIKE '%".$db->escape($search_email)."%'";
}
if (strlen($search_skype)) // filtre sur skype
{
$sql .= " AND p.skype LIKE '%".$db->escape($search_skype)."%'";
}
if ($search_status != '' && $search_status >= 0) $sql .= " AND p.statut = ".$db->escape($search_status);
if ($type == "o") // filtre sur type if ($type == "o") // filtre sur type
{ {
$sql .= " AND p.fk_soc IS NULL"; $sql .= " AND p.fk_soc IS NULL";
@@ -343,10 +317,6 @@ else if ($type == "p") // filtre sur type
{ {
$sql .= " AND s.client IN (2, 3)"; $sql .= " AND s.client IN (2, 3)";
} }
if ($sall)
{
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
}
if (! empty($socid)) if (! empty($socid))
{ {
$sql .= " AND s.rowid = ".$socid; $sql .= " AND s.rowid = ".$socid;
@@ -399,7 +369,7 @@ $num = $db->num_rows($result);
$arrayofselected=is_array($toselect)?$toselect:array(); $arrayofselected=is_array($toselect)?$toselect:array();
if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $sall) if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && ($sall != '' || $seearch_cti != ''))
{ {
$obj = $db->fetch_object($resql); $obj = $db->fetch_object($resql);
$id = $obj->rowid; $id = $obj->rowid;

2
htdocs/core/class/events.class.php
View File

@@ -172,7 +172,7 @@ class Events // extends CommonObject
// Update request // Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."events SET"; $sql = "UPDATE ".MAIN_DB_PREFIX."events SET";
$sql.= " type='".$this->db->escape($this->type)."',"; $sql.= " type='".$this->db->escape($this->type)."',";
$sql.= " dateevent=".$this->db->idate($this->dateevent).","; $sql.= " dateevent='".$this->db->idate($this->dateevent)."',";
$sql.= " description='".$this->db->escape($this->description)."'"; $sql.= " description='".$this->db->escape($this->description)."'";
$sql.= " WHERE rowid=".$this->id; $sql.= " WHERE rowid=".$this->id;

2
htdocs/core/lib/functions.lib.php
View File

@@ -6174,7 +6174,7 @@ function dol_getmypid()
* or like "keyword1|keyword2" = We want record field like keyword1 OR field like keyword2 * or like "keyword1|keyword2" = We want record field like keyword1 OR field like keyword2
* If param $mode is 1, can contains an operator <, > or = like "<10" or ">=100.5 < 1000" * If param $mode is 1, can contains an operator <, > or = like "<10" or ">=100.5 < 1000"
* If param $mode is 2, can contains a list of id separated by comma like "1,3,4" * If param $mode is 2, can contains a list of id separated by comma like "1,3,4"
* @param integer $mode 0=value is list of keywords, 1=value is a numeric test (Example ">5.5 <10"), 2=value is a list of id separated with comma (Example '1,3,4') * @param integer $mode 0=value is list of keyword strings, 1=value is a numeric test (Example ">5.5 <10"), 2=value is a list of id separated with comma (Example '1,3,4')
* @param integer $nofirstand 1=Do not output the first 'AND' * @param integer $nofirstand 1=Do not output the first 'AND'
* @return string $res The statement to append to the SQL query * @return string $res The statement to append to the SQL query
*/ */

57
htdocs/societe/list.php
View File

@@ -49,6 +49,8 @@ if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user,'societe',$socid,''); $result = restrictedArea($user,'societe',$socid,'');
$search_all=trim(GETPOST('sall', 'alphanohtml')); $search_all=trim(GETPOST('sall', 'alphanohtml'));
$search_cti=preg_replace('/^0+/', '', preg_replace('/[^0-9]/', '', GETPOST('search_cti', 'alphanohtml'))); // Phone number without any special chars
$search_id=trim(GETPOST("search_id","int")); $search_id=trim(GETPOST("search_id","int"));
$search_nom=trim(GETPOST("search_nom")); $search_nom=trim(GETPOST("search_nom"));
$search_alias=trim(GETPOST("search_alias")); $search_alias=trim(GETPOST("search_alias"));
@@ -407,44 +409,47 @@ if ($search_sale || (!$user->rights->societe->client->voir && !$socid)) $sql.= "
$sql.= " WHERE s.fk_stcomm = st.id"; $sql.= " WHERE s.fk_stcomm = st.id";
$sql.= " AND s.entity IN (".getEntity('societe').")"; $sql.= " AND s.entity IN (".getEntity('societe').")";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if ($socid) $sql.= " AND s.rowid = ".$socid; if ($socid) $sql.= " AND s.rowid = ".$socid;
if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
if (! $user->rights->fournisseur->lire) $sql.=" AND (s.fournisseur <> 1 OR s.client <> 0)"; // client=0, fournisseur=0 must be visible if (! $user->rights->fournisseur->lire) $sql.=" AND (s.fournisseur <> 1 OR s.client <> 0)"; // client=0, fournisseur=0 must be visible
if ($search_sale) $sql.= " AND sc.fk_user = ".$db->escape($search_sale); if ($search_sale) $sql.= " AND sc.fk_user = ".$db->escape($search_sale);
if ($search_categ > 0) $sql.= " AND cs.fk_categorie = ".$db->escape($search_categ); if ($search_categ > 0) $sql.= " AND cs.fk_categorie = ".$db->escape($search_categ);
if ($search_categ == -2) $sql.= " AND cs.fk_categorie IS NULL"; if ($search_categ == -2) $sql.= " AND cs.fk_categorie IS NULL";
if ($search_all) $sql.= natural_search(array_keys($fieldstosearchall), $search_all);
if ($search_id > 0) $sql.= natural_search("s.rowid",$search_id,1); if ($search_all) $sql.= natural_search(array_keys($fieldstosearchall), $search_all);
if ($search_import_key) $sql.= natural_search("s.import_key",$search_import_key); if (strlen($search_cti)) $sql.= natural_search('s.phone', $search_cti);
if ($search_nom) $sql.= natural_search("s.nom",$search_nom);
if ($search_alias) $sql.= natural_search("s.name_alias",$search_alias); if ($search_id > 0) $sql.= natural_search("s.rowid",$search_id,1);
if ($search_nom_only) $sql.= natural_search("s.nom",$search_nom_only); if ($search_nom) $sql.= natural_search("s.nom",$search_nom);
if ($search_alias) $sql.= natural_search("s.name_alias",$search_alias);
if ($search_nom_only) $sql.= natural_search("s.nom",$search_nom_only);
if ($search_customer_code) $sql.= natural_search("s.code_client",$search_customer_code); if ($search_customer_code) $sql.= natural_search("s.code_client",$search_customer_code);
if ($search_supplier_code) $sql.= natural_search("s.code_fournisseur",$search_supplier_code); if ($search_supplier_code) $sql.= natural_search("s.code_fournisseur",$search_supplier_code);
if ($search_account_customer_code) $sql.= natural_search("s.code_compta",$search_account_customer_code); if ($search_account_customer_code) $sql.= natural_search("s.code_compta",$search_account_customer_code);
if ($search_account_supplier_code) $sql.= natural_search("s.code_compta_fournisseur",$search_account_supplier_code); if ($search_account_supplier_code) $sql.= natural_search("s.code_compta_fournisseur",$search_account_supplier_code);
if ($search_town) $sql.= natural_search("s.town",$search_town); if ($search_town) $sql.= natural_search("s.town",$search_town);
if ($search_zip) $sql.= natural_search("s.zip",$search_zip); if (strlen($search_zip)) $sql.= natural_search("s.zip",$search_zip);
if ($search_state) $sql.= natural_search("state.nom",$search_state); if ($search_state) $sql.= natural_search("state.nom",$search_state);
if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')'; if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')';
if ($search_email) $sql.= natural_search("s.email",$search_email); if ($search_email) $sql.= natural_search("s.email",$search_email);
if ($search_phone) $sql.= natural_search("s.phone",$search_phone); if (strlen($search_phone)) $sql.= natural_search("s.phone", $search_phone);
if ($search_url) $sql.= natural_search("s.url",$search_url); if ($search_url) $sql.= natural_search("s.url",$search_url);
if ($search_idprof1) $sql.= natural_search("s.siren",$search_idprof1); if (strlen($search_idprof1)) $sql.= natural_search("s.siren",$search_idprof1);
if ($search_idprof2) $sql.= natural_search("s.siret",$search_idprof2); if (strlen($search_idprof2)) $sql.= natural_search("s.siret",$search_idprof2);
if ($search_idprof3) $sql.= natural_search("s.ape",$search_idprof3); if (strlen($search_idprof3)) $sql.= natural_search("s.ape",$search_idprof3);
if ($search_idprof4) $sql.= natural_search("s.idprof4",$search_idprof4); if (strlen($search_idprof4)) $sql.= natural_search("s.idprof4",$search_idprof4);
if ($search_idprof5) $sql.= natural_search("s.idprof5",$search_idprof5); if (strlen($search_idprof5)) $sql.= natural_search("s.idprof5",$search_idprof5);
if ($search_idprof6) $sql.= natural_search("s.idprof6",$search_idprof6); if (strlen($search_idprof6)) $sql.= natural_search("s.idprof6",$search_idprof6);
// Filter on type of thirdparty // Filter on type of thirdparty
if ($search_type > 0 && in_array($search_type,array('1,3','2,3'))) $sql .= " AND s.client IN (".$db->escape($search_type).")"; if ($search_type > 0 && in_array($search_type,array('1,3','2,3'))) $sql .= " AND s.client IN (".$db->escape($search_type).")";
if ($search_type > 0 && in_array($search_type,array('4'))) $sql .= " AND s.fournisseur = 1"; if ($search_type > 0 && in_array($search_type,array('4'))) $sql .= " AND s.fournisseur = 1";
if ($search_type == '0') $sql .= " AND s.client = 0 AND s.fournisseur = 0"; if ($search_type == '0') $sql .= " AND s.client = 0 AND s.fournisseur = 0";
if ($search_status!='' && $search_status >= 0) $sql .= " AND s.status = ".$db->escape($search_status); if ($search_status!='' && $search_status >= 0) $sql .= " AND s.status = ".$db->escape($search_status);
if (!empty($conf->barcode->enabled) && $search_barcode) $sql.= " AND s.barcode LIKE '%".$db->escape($search_barcode)."%'"; if (!empty($conf->barcode->enabled) && $search_barcode) $sql.= natural_search("s.barcode", $search_barcode);
if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')'; if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')';
if ($search_levels) $sql .= " AND s.fk_prospectlevel IN (".$search_levels.')'; if ($search_levels) $sql .= " AND s.fk_prospectlevel IN (".$search_levels.')';
if ($search_stcomm != '' && $search_stcomm != -2) $sql.= natural_search("s.fk_stcomm",$search_stcomm,2); if ($search_stcomm != '' && $search_stcomm != -2) $sql.= natural_search("s.fk_stcomm",$search_stcomm,2);
if ($search_import_key) $sql.= natural_search("s.import_key",$search_import_key);
// Add where from extra fields // Add where from extra fields
foreach ($search_array_options as $key => $val) foreach ($search_array_options as $key => $val)
{ {
@@ -486,7 +491,7 @@ $num = $db->num_rows($resql);
$arrayofselected=is_array($toselect)?$toselect:array(); $arrayofselected=is_array($toselect)?$toselect:array();
if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $search_all && $action != 'list') if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && ($search_all != '' || $search_cti != '') && $action != 'list')
{ {
$obj = $db->fetch_object($resql); $obj = $db->fetch_object($resql);
$id = $obj->rowid; $id = $obj->rowid;

20
test/phpunit/CodingPhpTest.php
View File

@@ -155,6 +155,25 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase
print 'Check php file '.$file['fullname']."\n"; print 'Check php file '.$file['fullname']."\n";
$filecontent=file_get_contents($file['fullname']); $filecontent=file_get_contents($file['fullname']);
$ok=true;
$matches=array();
// Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
preg_match_all('/(..)\s*\.\s*\$this->db->idate\(/', $filecontent, $matches, PREG_SET_ORDER);
foreach($matches as $key => $val)
{
if ($val[1] != '\'"' && $val[1] != '\'\'')
{
$ok=false;
break;
}
//if ($reg[0] != 'db') $ok=false;
}
//print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
$this->assertTrue($ok, 'Found a $this->db->idate to forge a sql request without quotes around this date field '.$file['fullname'].' :: '.$val[0]);
//exit;
$ok=true; $ok=true;
$matches=array(); $matches=array();
// Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
@@ -172,6 +191,7 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase
$this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['fullname'].' ('.$val[0].'). Bad.'); $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['fullname'].' ('.$val[0].'). Bad.');
//exit; //exit;
// Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped. // Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped.
$ok=true; $ok=true;
$matches=array(); $matches=array();