From 8c1902be1bc667b85898d48c817ea6300aac22e6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 22 Feb 2021 18:40:15 +0100 Subject: [PATCH 01/16] Missing space --- htdocs/compta/facture/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 44097c84f49..c871304905f 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -3596,7 +3596,7 @@ if ($action == 'create') if (is_array($objectsrc->linkedObjects['facture']) && count($objectsrc->linkedObjects['facture']) >= 1) { setEventMessages('WarningBillExist', null, 'warnings'); - echo ' ('.$langs->trans('LatestRelatedBill').end($objectsrc->linkedObjects['facture'])->getNomUrl(1).')'; + echo ' ('.$langs->trans('LatestRelatedBill').' '.end($objectsrc->linkedObjects['facture'])->getNomUrl(1).')'; } echo ''; print ''.$langs->trans('AmountHT').''.price($objectsrc->total_ht).''; From 34dcebea78186b91d2d57d50b0bf90f523a829fe Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 23 Feb 2021 11:03:34 +0100 Subject: [PATCH 02/16] Code comment --- htdocs/core/js/lib_head.js.php | 7 ++++--- htdocs/core/lib/ajax.lib.php | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/htdocs/core/js/lib_head.js.php b/htdocs/core/js/lib_head.js.php index 391a5359846..f03be3711f9 100644 --- a/htdocs/core/js/lib_head.js.php +++ b/htdocs/core/js/lib_head.js.php @@ -536,7 +536,7 @@ function setConstant(url, code, input, entity, strict, forcereload, userid, toke entity: entity, token: token }, - function() { + function() { /* handler for success of post */ console.log("url request success forcereload="+forcereload); $("#set_" + code).hide(); $("#del_" + code).show(); @@ -659,12 +659,13 @@ function delConstant(url, code, input, entity, strict, forcereload, userid, toke } /* - * Used by button to set on/off + * Call the setConstant or delConstant but with a confirmation before. + * Used by button to set on/off. * * @param string action Action * @param string url Url * @param string code Code - * @param string intput Input + * @param string intput Array of complementary actions to do if success * @param string box Box * @param int entity Entity * @param int yesButton yesButton diff --git a/htdocs/core/lib/ajax.lib.php b/htdocs/core/lib/ajax.lib.php index 8a364359e9d..c9f64129e65 100644 --- a/htdocs/core/lib/ajax.lib.php +++ b/htdocs/core/lib/ajax.lib.php @@ -491,13 +491,13 @@ function ajax_combobox($htmlname, $events = array(), $minLengthToAutocomplete = * On/off button for constant * * @param string $code Name of constant - * @param array $input Array of options. ("disabled"|"enabled'|'set'|'del') => CSS element to switch, 'alert' => message to show, ... Example: array('disabled'=>array(0=>'cssid')) - * @param int $entity Entity to set. Use current entity if null. + * @param array $input Array of complementary actions to do if success ("disabled"|"enabled'|'set'|'del') => CSS element to switch, 'alert' => message to show, ... Example: array('disabled'=>array(0=>'cssid')) + * @param int $entity Entity. Current entity is used if null. * @param int $revertonoff Revert on/off * @param int $strict Use only "disabled" with delConstant and "enabled" with setConstant * @param int $forcereload Force to reload page if we click/change value (this is supported only when there is no 'alert' option in input) * @param string $marginleftonlyshort 1 = Add a short left margin on picto, 2 = Add a larger left margin on picto, 0 = No left margin. Works for fontawesome picto only. - * @param int $forcenoajax 1=Force to use a ahref link instead of ajax code. + * @param int $forcenoajax 1 = Force to use a ahref link instead of ajax code. * @return string */ function ajax_constantonoff($code, $input = array(), $entity = null, $revertonoff = 0, $strict = 0, $forcereload = 0, $marginleftonlyshort = 2, $forcenoajax = 0) From d2e1f9fce9d2245d42f21e21a1056645d490c658 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 23 Feb 2021 11:13:57 +0100 Subject: [PATCH 03/16] FIX #16096 #16085 Any call of ajax pages must provide the token --- htdocs/core/js/lib_head.js.php | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/htdocs/core/js/lib_head.js.php b/htdocs/core/js/lib_head.js.php index f03be3711f9..f40f84c7b2c 100644 --- a/htdocs/core/js/lib_head.js.php +++ b/htdocs/core/js/lib_head.js.php @@ -520,9 +520,9 @@ function hideMessage(fieldId,message) { * Used by button to set on/off. * Call url then make complementary action (like show/hide, enable/disable or set another option). * - * @param string url Url + * @param string url Url (warning: as any url called in ajax mode, the url called here must not renew the token) * @param string code Code - * @param string intput Input + * @param string intput Array of complementary actions to do if success * @param int entity Entity * @param int strict Strict * @param int forcereload Force reload @@ -574,11 +574,12 @@ function setConstant(url, code, input, entity, strict, forcereload, userid, toke $.each(data, function(key, value) { $("#set_" + key).hide(); $("#del_" + key).show(); - $.get( url, { + $.post( url, { action: "set", name: key, value: value, - entity: entity + entity: entity, + token: token }); }); } @@ -593,9 +594,9 @@ function setConstant(url, code, input, entity, strict, forcereload, userid, toke * Used by button to set on/off * Call url then make complementary action (like show/hide, enable/disable or set another option). * - * @param string url Url + * @param string url Url (warning: as any url called in ajax mode, the url called here must not renew the token) * @param string code Code - * @param string intput Input + * @param string intput Array of complementary actions to do if success * @param int entity Entity * @param int strict Strict * @param int forcereload Force reload @@ -644,10 +645,11 @@ function delConstant(url, code, input, entity, strict, forcereload, userid, toke $.each(data, function(key, value) { $("#del_" + value).hide(); $("#set_" + value).show(); - $.get( url, { + $.post( url, { action: "del", name: value, - entity: entity + entity: entity, + token: token }); }); } From b7e2c7d87a2a33fbe18cde005951931484ca121b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 23 Feb 2021 12:58:43 +0100 Subject: [PATCH 04/16] FIX #16393 Do not sanitize --- htdocs/core/lib/functions.lib.php | 4 ++++ test/phpunit/SecurityTest.php | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 92c519c5a66..e2889c4d6d3 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -5833,6 +5833,8 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $allowed_tags_string = join("><", $allowed_tags); $allowed_tags_string = '<'.$allowed_tags_string.'>'; + $stringtoclean = str_replace('', '__!DOCTYPE_HTML__', $stringtoclean); // Replace DOCTYPE to avoid to have it removed by the strip_tags + $stringtoclean = dol_string_nounprintableascii($stringtoclean, 0); $stringtoclean = preg_replace('/:/i', ':', $stringtoclean); @@ -5855,6 +5857,8 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $temp = preg_replace('/javascript\s*:/i', '', $temp); } + $temp = str_replace('__!DOCTYPE_HTML__', '', $temp); // Restore the DOCTYPE + return $temp; } diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 78fdb0b1419..bca1aace56a 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -300,6 +300,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_POST["param9"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'objnotdefined\''; $_POST["param10"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'objnotdefined\''; $_POST["param11"]=' Name '; + $_POST["param12"]='aaa'; $result=GETPOST('id', 'int'); // Must return nothing print __METHOD__." result=".$result."\n"; @@ -397,6 +398,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase print __METHOD__." result=".$result."\n"; $this->assertEquals(trim($_POST["param11"]), $result, 'Test an email string with alphawithlgt'); + $result=GETPOST("param12", 'restricthtml'); + print __METHOD__." result=".$result."\n"; + $this->assertEquals(trim($_POST["param12"]), $result, 'Test a string with DOCTYPE and restricthtml'); + return $result; } From d59ee064382ca2d4a7a89516e3bc806cc1edb0a0 Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Thu, 25 Feb 2021 14:51:57 +0100 Subject: [PATCH 05/16] FIX 11.0 - $this->socid injected in query without checking for empty value --- htdocs/contact/class/contact.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index dadb41179ca..030d2417853 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1686,7 +1686,7 @@ class Contact extends CommonObject $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".$this->socid." AND fk_socpeople=".$this->id; ; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".intval($this->socid)." AND fk_socpeople=".$this->id; ; dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); From e08bfab537ebd52bc6f3ec86350b0d9edf8f3361 Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Thu, 25 Feb 2021 16:29:26 +0100 Subject: [PATCH 06/16] FIX: Bad project filter in ticket list --- htdocs/ticket/list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 0c6db4a4a2d..565d1279037 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -352,7 +352,7 @@ foreach ($search as $key => $val) if (count($newarrayofstatus)) $sql .= natural_search($key, join(',', $newarrayofstatus), 2); continue; } - if ($key == 'fk_user_assign' || $key == 'fk_user_create') + if ($key == 'fk_user_assign' || $key == 'fk_user_create' || $key = 'fk_project') { if ($search[$key] > 0) $sql .= natural_search($key, $search[$key], 2); continue; @@ -362,7 +362,7 @@ foreach ($search as $key => $val) } if ($search_all) $sql .= natural_search(array_keys($fieldstosearchall), $search_all); if ($search_societe) $sql .= natural_search('s.nom', $search_societe); -if ($search_fk_project) $sql .= natural_search('fk_project', $search_fk_project, 2); +//if ($search_fk_project) $sql .= natural_search('fk_project', $search_fk_project, 2); if ($search_date_start) $sql .= " AND t.datec >= '".$db->idate($search_date_start)."'"; if ($search_date_end) $sql .= " AND t.datec <= '".$db->idate($search_date_end)."'"; if ($search_dateread_start) $sql .= " AND t.date_read >= '".$db->idate($search_dateread_start)."'"; From 5d31a93bf0b4215e4b8009b63bf87bdf83915dbc Mon Sep 17 00:00:00 2001 From: daraelmin Date: Fri, 26 Feb 2021 08:20:51 +0100 Subject: [PATCH 07/16] Fix #16420 - undefined $model_mail_selected_id Set $model_mail_selected_id to 0 when it is undefined --- htdocs/core/class/html.formmail.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 2b551ed14d1..729be941d51 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -455,7 +455,7 @@ class FormMail extends Form // Zone to select email template if (count($modelmail_array) > 0) { - $model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : $arraydefaultmessage->id; + $model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : ( ($arraydefaultmessage->id) ? $arraydefaultmessage->id : 0 ); // If list of template is filled $out .= '
'."\n"; From 8e8efce7d173346fe52c8374500b49190a83da6c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 10:23:53 +0100 Subject: [PATCH 08/16] Fix sql syntax --- htdocs/contact/class/contact.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 030d2417853..e0239da6142 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1686,7 +1686,7 @@ class Contact extends CommonObject $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".intval($this->socid)." AND fk_socpeople=".$this->id; ; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".((int) $this->socid)." AND fk_socpeople=".$this->id; dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); From 99a17cadb7377f82ecb409ee0304785c0fcc4675 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 10:25:08 +0100 Subject: [PATCH 09/16] Fix sql syntax --- htdocs/contact/class/contact.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index e0239da6142..06b436fc0c8 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1704,7 +1704,7 @@ class Contact extends CommonObject $sql .= "fk_socpeople) "; $sql .= " VALUES (".$conf->entity.","; $sql .= "'".$this->db->idate(dol_now())."',"; - $sql .= $this->socid.", "; + $sql .= ((int) $this->socid).", "; $sql .= $valRoles." , "; $sql .= $this->id; $sql .= ")"; From 549136efebebdb1e33fbfe224c53b19a15afe6ed Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 10:25:30 +0100 Subject: [PATCH 10/16] Removed useless log --- htdocs/contact/class/contact.class.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 06b436fc0c8..ac415afce6c 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1708,7 +1708,6 @@ class Contact extends CommonObject $sql .= $valRoles." , "; $sql .= $this->id; $sql .= ")"; - dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); if (!$result) From 69c974800cf9b20e88a9ff0f175f4e52c4d9d543 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 10:30:30 +0100 Subject: [PATCH 11/16] Update html.formmail.class.php --- htdocs/core/class/html.formmail.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 729be941d51..d505bd1fada 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -455,7 +455,7 @@ class FormMail extends Form // Zone to select email template if (count($modelmail_array) > 0) { - $model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : ( ($arraydefaultmessage->id) ? $arraydefaultmessage->id : 0 ); + $model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : (($arraydefaultmessage->id) ? $arraydefaultmessage->id : 0); // If list of template is filled $out .= '
'."\n"; From e0785ac5ef316cf737c6d5d7fcf200059646d52c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 10:31:02 +0100 Subject: [PATCH 12/16] Update html.formmail.class.php --- htdocs/core/class/html.formmail.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index d505bd1fada..46fcd5e331b 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -455,7 +455,7 @@ class FormMail extends Form // Zone to select email template if (count($modelmail_array) > 0) { - $model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : (($arraydefaultmessage->id) ? $arraydefaultmessage->id : 0); + $model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : ($arraydefaultmessage->id > 0 ? $arraydefaultmessage->id : 0); // If list of template is filled $out .= '
'."\n"; From adc03135437dc19f6ed3c71f3c3a059990c65ebf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 11:09:15 +0100 Subject: [PATCH 13/16] Fix lang --- htdocs/core/lib/product.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/product.lib.php b/htdocs/core/lib/product.lib.php index 9ce8d84d7e3..21ed3790418 100644 --- a/htdocs/core/lib/product.lib.php +++ b/htdocs/core/lib/product.lib.php @@ -381,7 +381,7 @@ function show_stats_for_company($product, $socid) $nblines++; $ret = $product->load_stats_proposal_supplier($socid); if ($ret < 0) dol_print_error($db); - $langs->load("propal"); + $langs->load("supplier_proposal"); print ''; print ''.img_object('', 'supplier_proposal').' '.$langs->trans("SupplierProposals").''; print ''; From 0f44bdb90fabecf66220ca9c2f41d0de2396b99c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 11:27:03 +0100 Subject: [PATCH 14/16] Fix sql error --- htdocs/core/lib/product.lib.php | 24 ++++++++++++------------ htdocs/product/class/product.class.php | 2 +- htdocs/product/stats/bom.php | 4 ++-- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/htdocs/core/lib/product.lib.php b/htdocs/core/lib/product.lib.php index 21ed3790418..7012b6bff07 100644 --- a/htdocs/core/lib/product.lib.php +++ b/htdocs/core/lib/product.lib.php @@ -365,7 +365,7 @@ function show_stats_for_company($product, $socid) if ($ret < 0) dol_print_error($db); $langs->load("propal"); print ''; - print ''.img_object('', 'propal').' '.$langs->trans("Proposals").''; + print ''.img_object('', 'propal', 'class="paddingright"').$langs->trans("Proposals").''; print ''; print $product->stats_propale['customers']; print ''; @@ -383,7 +383,7 @@ function show_stats_for_company($product, $socid) if ($ret < 0) dol_print_error($db); $langs->load("supplier_proposal"); print ''; - print ''.img_object('', 'supplier_proposal').' '.$langs->trans("SupplierProposals").''; + print ''.img_object('', 'supplier_proposal', 'class="paddingright"').$langs->trans("SupplierProposals").''; print ''; print $product->stats_proposal_supplier['suppliers']; print ''; @@ -401,7 +401,7 @@ function show_stats_for_company($product, $socid) if ($ret < 0) dol_print_error($db); $langs->load("orders"); print ''; - print ''.img_object('', 'order').' '.$langs->trans("CustomersOrders").''; + print ''.img_object('', 'order', 'class="paddingright"').$langs->trans("CustomersOrders").''; print ''; print $product->stats_commande['customers']; print ''; @@ -419,7 +419,7 @@ function show_stats_for_company($product, $socid) if ($ret < 0) dol_print_error($db); $langs->load("orders"); print ''; - print ''.img_object('', 'supplier_order').' '.$langs->trans("SuppliersOrders").''; + print ''.img_object('', 'supplier_order', 'class="paddingright"').$langs->trans("SuppliersOrders").''; print ''; print $product->stats_commande_fournisseur['suppliers']; print ''; @@ -455,7 +455,7 @@ function show_stats_for_company($product, $socid) if ($ret < 0) dol_print_error($db); $langs->load("bills"); print ''; - print ''.img_object('', 'supplier_invoice').' '.$langs->trans("SuppliersInvoices").''; + print ''.img_object('', 'supplier_invoice', 'class="paddingright"').$langs->trans("SuppliersInvoices").''; print ''; print $product->stats_facture_fournisseur['suppliers']; print ''; @@ -474,7 +474,7 @@ function show_stats_for_company($product, $socid) if ($ret < 0) dol_print_error($db); $langs->load("contracts"); print ''; - print ''.img_object('', 'contract').' '.$langs->trans("Contracts").''; + print ''.img_object('', 'contract', 'class="paddingright"').$langs->trans("Contracts").''; print ''; print $product->stats_contrat['customers']; print ''; @@ -496,15 +496,15 @@ function show_stats_for_company($product, $socid) $langs->load("mrp"); print ''; - print ''.img_object('', 'mrp').' '.$langs->trans("BOM").''; + print ''.img_object('', 'bom', 'class="paddingright"').$langs->trans("BOM").''; print ''; print ''; - print $form->textwithpicto($product->stats_bom['nb_toproduce'], $langs->trans("QtyToProduce")); - print $form->textwithpicto($product->stats_bom['nb_toconsume'], $langs->trans("ToConsume")); + print $form->textwithpicto($product->stats_bom['nb_toconsume'], $langs->trans("RowMaterial")); + print $form->textwithpicto($product->stats_bom['nb_toproduce'], $langs->trans("Finished")); print ''; - print $form->textwithpicto($product->stats_bom['qty_toproduce'], $langs->trans("QtyToProduce")); - print $form->textwithpicto($product->stats_bom['qty_toconsume'], $langs->trans("ToConsume")); + print $form->textwithpicto($product->stats_bom['qty_toconsume'], $langs->trans("RowMaterial")); + print $form->textwithpicto($product->stats_bom['qty_toproduce'], $langs->trans("Finished")); print ''; print ''; } @@ -519,7 +519,7 @@ function show_stats_for_company($product, $socid) } $langs->load("mrp"); print ''; - print ''.img_object('', 'mrp').' '.$langs->trans("MO").''; + print ''.img_object('', 'mrp', 'class="paddingright"').$langs->trans("MO").''; print ''; print $form->textwithpicto($product->stats_mo['customers_toconsume'], $langs->trans("ToConsume")); print $form->textwithpicto($product->stats_mo['customers_consumed'], $langs->trans("QtyAlreadyConsumed")); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index f8286216e57..3be810a2e8e 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -2464,7 +2464,7 @@ class Product extends CommonObject $this->stats_bom['qty_toconsume'] = 0; $sql = "SELECT COUNT(DISTINCT b.rowid) as nb_toproduce,"; - $sql .= " b.qty as qty_toproduce"; + $sql .= " SUM(b.qty) as qty_toproduce"; $sql .= " FROM ".MAIN_DB_PREFIX."bom_bom as b"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."bom_bomline as bl ON bl.fk_bom=b.rowid"; $sql .= " WHERE "; diff --git a/htdocs/product/stats/bom.php b/htdocs/product/stats/bom.php index 1582646cd8a..d1254a65b1e 100644 --- a/htdocs/product/stats/bom.php +++ b/htdocs/product/stats/bom.php @@ -244,8 +244,8 @@ if ($id > 0 || !empty($ref)) print ''; print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "b.rowid", "", "&id=".$product->id, '', $sortfield, $sortorder); print_liste_field_titre("Date", $_SERVER["PHP_SELF"], "b.date_valid", "", "&id=".$product->id, 'align="center"', $sortfield, $sortorder); - print_liste_field_titre("ToConsume", $_SERVER["PHP_SELF"], "", "", "&id=".$product->id, '', $sortfield, $sortorder, 'center '); - print_liste_field_titre("QtyToProduce", $_SERVER["PHP_SELF"], "", "", "&id=".$product->id, '', $sortfield, $sortorder, 'center '); + print_liste_field_titre("RowMaterial", $_SERVER["PHP_SELF"], "", "", "&id=".$product->id, '', $sortfield, $sortorder, 'center '); + print_liste_field_titre("Finished", $_SERVER["PHP_SELF"], "", "", "&id=".$product->id, '', $sortfield, $sortorder, 'center '); print_liste_field_titre("Status", $_SERVER["PHP_SELF"], "b.status", "", "&id=".$product->id, '', $sortfield, $sortorder, 'center '); print "\n"; From badd46e2897b49ac777695e3dbf43a842c964781 Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Fri, 26 Feb 2021 11:53:23 +0100 Subject: [PATCH 15/16] FIX: Bad project filter in ticket list --- htdocs/ticket/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 565d1279037..1a276c75f5f 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -352,7 +352,7 @@ foreach ($search as $key => $val) if (count($newarrayofstatus)) $sql .= natural_search($key, join(',', $newarrayofstatus), 2); continue; } - if ($key == 'fk_user_assign' || $key == 'fk_user_create' || $key = 'fk_project') + if ($key == 'fk_user_assign' || $key == 'fk_user_create' || $key == 'fk_project') { if ($search[$key] > 0) $sql .= natural_search($key, $search[$key], 2); continue; From 16906abc097f27e538038b97781caf7f4e351004 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 12:47:57 +0100 Subject: [PATCH 16/16] FIX File attachment on lots --- htdocs/core/class/conf.class.php | 4 ++-- htdocs/product/stock/productlot_card.php | 2 +- htdocs/product/stock/productlot_document.php | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index 3191e5edd47..39600605414 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -437,8 +437,8 @@ class Conf $this->service->dir_temp = $rootfortemp."/produit/temp"; // Module productbatch - $this->productbatch->multidir_output = array($this->entity => $rootfordata."/produitlot"); - $this->productbatch->multidir_temp = array($this->entity => $rootfortemp."/produitlot/temp"); + $this->productbatch->multidir_output = array($this->entity => $rootfordata."/productlot"); + $this->productbatch->multidir_temp = array($this->entity => $rootfortemp."/productlot/temp"); // Module contrat $this->contrat->multidir_output = array($this->entity => $rootfordata."/contract"); diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php index 8601ce25ebc..0968e2ea7ce 100644 --- a/htdocs/product/stock/productlot_card.php +++ b/htdocs/product/stock/productlot_card.php @@ -397,7 +397,7 @@ if (empty($action)) print ''; // ancre // Documents - $filedir = $conf->productbatch->multidir_output[$object->entity].'/'.get_exdir(0, 0, 0, 0, $object, 'product_batch').dol_sanitizeFileName($object->ref); + $filedir = $conf->productbatch->multidir_output[$object->entity].'/'.get_exdir(0, 0, 0, 0, $object, 'product_batch'); $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; $genallowed = $usercanread; $delallowed = $usercancreate; diff --git a/htdocs/product/stock/productlot_document.php b/htdocs/product/stock/productlot_document.php index 535486f8c62..2882bbf1c9f 100644 --- a/htdocs/product/stock/productlot_document.php +++ b/htdocs/product/stock/productlot_document.php @@ -26,7 +26,7 @@ /** * \file htdocs/product/stock/productlot_document.php * \ingroup product - * \brief Page des documents joints sur les lots produits + * \brief Page of attached documents for porudct lots */ require '../../main.inc.php'; @@ -79,7 +79,7 @@ if ($id || $ref) $object->fetch($id, $productid, $batch); $object->ref = $object->batch; // For document management ( it use $object->ref) - if (!empty($conf->productbatch->enabled)) $upload_dir = $conf->productbatch->multidir_output[$object->entity].'/'.get_exdir(0, 0, 0, 0, $object, $modulepart).dol_sanitizeFileName($object->ref); + if (!empty($conf->productbatch->enabled)) $upload_dir = $conf->productbatch->multidir_output[$object->entity].'/'.get_exdir(0, 0, 0, 1, $object, $modulepart); }