diff --git a/ChangeLog b/ChangeLog index 56c0d1fd06b..fadc6d705bb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,21 @@ English Dolibarr ChangeLog -------------------------------------------------------------- +***** ChangeLog for 6.0.5 compared to 6.0.4 ***** +FIX: security vulnerability reported by ADLab of Venustech + CVE-2017-17897, CVE-2017-17898, CVE-2017-17899, CVE-2017-17900 +FIX: #7379: Compatibility with PRODUCT_USE_OLD_PATH_FOR_PHOTO variable +FIX: #7903 +FIX: #7933 +FIX: #8029 Unable to make leave request in holyday module +FIX: Edit accountancy account and warning message on loan +FIX: $accounts[$bid] is a label ! +FIX: $oldvatrateclean & $newvatrateclean must be set if preg_match === false +FIX: product best price on product list +FIX: search on contact list +FIX: stats trad for customerinvoice +FIX: translate unactivate on contractline + ***** ChangeLog for 6.0.4 compared to 6.0.3 ***** FIX: #7737 FIX: #7751 diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 1cd545c409c..c7b2d394a4b 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1721,9 +1721,16 @@ class ExtraFields $error_field_required[] = $value; } - if (in_array($key_type,array('date','datetime'))) + if (in_array($key_type,array('date'))) { // Clean parameters + // TODO GMT date in memory must be GMT so we should add gm=true in parameters + $value_key=dol_mktime(0, 0, 0, $_POST["options_".$key."month"], $_POST["options_".$key."day"], $_POST["options_".$key."year"]); + } + elseif (in_array($key_type,array('datetime'))) + { + // Clean parameters + // TODO GMT date in memory must be GMT so we should add gm=true in parameters $value_key=dol_mktime($_POST["options_".$key."hour"], $_POST["options_".$key."min"], 0, $_POST["options_".$key."month"], $_POST["options_".$key."day"], $_POST["options_".$key."year"]); } else if (in_array($key_type,array('checkbox','chkbxlst'))) @@ -1762,12 +1769,12 @@ class ExtraFields } /** - * return array_options array for object by extrafields value (using for data send by forms) + * return array_options array of data of extrafields value of object sent by a search form * * @param array $extralabels $array of extrafields * @param string $keyprefix Prefix string to add into name and id of field (can be used to avoid duplicate names) * @param string $keysuffix Suffix string to add into name and id of field (can be used to avoid duplicate names) - * @return int 1 if array_options set / 0 if no value + * @return array|int array_options set or 0 if no value */ function getOptionalsFromPost($extralabels,$keyprefix='',$keysuffix='') { diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php index cf6b9001422..c349d35a16d 100644 --- a/htdocs/core/db/DoliDB.class.php +++ b/htdocs/core/db/DoliDB.class.php @@ -89,6 +89,7 @@ abstract class DoliDB implements Database */ function idate($param) { + // TODO GMT $param should be gmt, so we should add tzouptut to 'gmt' return dol_print_date($param,"%Y-%m-%d %H:%M:%S"); } @@ -279,6 +280,7 @@ abstract class DoliDB implements Database */ function jdate($string, $gm=false) { + // TODO GMT must set param gm to true by default if ($string==0 || $string=="0000-00-00 00:00:00") return ''; $string=preg_replace('/([^0-9])/i','',$string); $tmp=$string.'000000'; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 713086013e4..0776a649fc8 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1939,11 +1939,13 @@ function dol_mktime($hour,$minute,$second,$month,$day,$year,$gm=false,$check=1) if (empty($localtz)) { $localtz = new DateTimeZone('UTC'); } - + //var_dump($localtz); + //var_dump($year.'-'.$month.'-'.$day.'-'.$hour.'-'.$minute); $dt = new DateTime(null,$localtz); $dt->setDate($year,$month,$day); $dt->setTime((int) $hour, (int) $minute, (int) $second); $date=$dt->getTimestamp(); // should include daylight saving time + //var_dump($date); return $date; } else