diff --git a/dev/tools/apstats.php b/dev/tools/apstats.php index 400cefa5558..eb737b9690e 100755 --- a/dev/tools/apstats.php +++ b/dev/tools/apstats.php @@ -650,7 +650,8 @@ $html .= ''; $html .= ''."\n"; -$tmp = ''; + +$tmpstan = ''; $nblines = 0; if (!empty($output_arrtd)) { foreach ($output_arrtd as $line) { @@ -659,16 +660,16 @@ if (!empty($output_arrtd)) { preg_match('/^::error file=(.*),line=(\d+),col=(\d+)::(.*)$/', $line, $reg); if (!empty($reg[1])) { if ($nblines < 20) { - $tmp .= ''; + $tmpstan .= ''; } else { - $tmp .= ''; + $tmpstan .= ''; } - $tmp .= ''.dolPrintLabel($reg[1]).''; - $tmp .= ''; - $tmp .= ''.dolPrintLabel($reg[2]).''; - $tmp .= ''; - $tmp .= ''.dolPrintLabel($reg[4]).''; - $tmp .= ''."\n"; + $tmpstan .= ''.dolPrintLabel($reg[1]).''; + $tmpstan .= ''; + $tmpstan .= ''.dolPrintLabel($reg[2]).''; + $tmpstan .= ''; + $tmpstan .= ''.dolPrintLabel($reg[4]).''; + $tmpstan .= ''."\n"; $nblines++; } @@ -773,7 +774,8 @@ $html .= ''; // Technical debt PHPstan -if ($nblines != 0) { + +if ($dirphpstan != 'disabled') { $datatable_script .= ' if (typeof(DataTable)==="function") {jQuery(".sourcephpstan").toggle(true);} let phpstantable = new DataTable("#technicaldebt table", { @@ -789,7 +791,7 @@ if ($nblines != 0) { $html .= '
'."\n"; $html .= ''."\n"; $html .= ''."\n"; - $html .= $tmp; + $html .= $tmpstan; $html .= '
FileLineType
'; // Disabled, no more required as list is managed with datatable //$html .= '
Show all...
'; @@ -801,7 +803,7 @@ if ($nblines != 0) { // Technical debt Phan -if ($phan_nblines != 0) { +if ($dir_phan != 'disabled') { $datatable_script .= ' if (typeof(DataTable)==="function") {jQuery(".sourcephan").toggle(true);} let phantable = new DataTable("#technicaldebtphan table", { diff --git a/htdocs/accountancy/class/accountingjournal.class.php b/htdocs/accountancy/class/accountingjournal.class.php index 76b6cdba5a8..df8cf265d83 100644 --- a/htdocs/accountancy/class/accountingjournal.class.php +++ b/htdocs/accountancy/class/accountingjournal.class.php @@ -161,33 +161,47 @@ class AccountingJournal extends CommonObject /** * Load object in memory from the database * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset offset limit - * @param array $filter filter array - * @param string $filtermode filter mode (AND or OR) - * @return int Return integer <0 if KO, >0 if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit limit + * @param int $offset offset limit + * @param string|array $filter filter array + * @param string $filtermode filter mode (AND or OR) + * @return int Return integer <0 if KO, >0 if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { $sql = "SELECT rowid, code, label, nature, active"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.code' || $key == 't.label' || $key == 't.nature') { - $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; - } elseif ($key == 't.rowid' || $key == 't.active') { - $sqlwhere[] = $key.'='.((int) $value); - } - } - } $sql .= ' WHERE 1 = 1'; $sql .= " AND entity IN (".getEntity('accountancy').")"; - if (count($sqlwhere) > 0) { - $sql .= " AND ".implode(" ".$this->db->sanitize($filtermode)." ", $sqlwhere); + + // Manage filter + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.code' || $key == 't.label' || $key == 't.nature') { + $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; + } elseif ($key == 't.rowid' || $key == 't.active') { + $sqlwhere[] = $key.'='.((int) $value); + } + } + } + if (count($sqlwhere) > 0) { + $sql .= " AND ".implode(" ".$this->db->sanitize($filtermode)." ", $sqlwhere); + } + + $filter = ''; + } + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } if (!empty($sortfield)) { diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 909bfded02a..1f526e323e0 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -908,22 +908,38 @@ class BookKeeping extends CommonObject $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { - if ($key == 't.doc_date') { - $sqlwhere[] = $key.'=\''.$this->db->idate($value).'\''; - } elseif ($key == 't.doc_date>=' || $key == 't.doc_date<=') { - $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; - } elseif ($key == 't.numero_compte>=' || $key == 't.numero_compte<=' || $key == 't.subledger_account>=' || $key == 't.subledger_account<=') { - $sqlwhere[] = $key.'\''.$this->db->escape($value).'\''; + if ($key == 't.doc_date>=') { + $sqlwhere[] = "t.doc_date >= '".$this->db->idate($value)."'"; + } elseif ($key == 't.doc_date<=') { + $sqlwhere[] = "t.doc_date <= '".$this->db->idate($value)."'"; + } elseif ($key == 't.doc_date>') { + $sqlwhere[] = "t.doc_date > '".$this->db->idate($value)."'"; + } elseif ($key == 't.doc_date<') { + $sqlwhere[] = "t.doc_date < '".$this->db->idate($value)."'"; + } elseif ($key == 't.numero_compte>=') { + $sqlwhere[] = "t.numero_compte >= '".$this->db->escape($value)."'"; + } elseif ($key == 't.numero_compte<=') { + $sqlwhere[] = "t.numero_compte <= '".$this->db->escape($value)."'"; + } elseif ($key == 't.subledger_account>=') { + $sqlwhere[] = "t.subledger_account >= '".$this->db->escape($value)."'"; + } elseif ($key == 't.subledger_account<=') { + $sqlwhere[] = "t.subledger_account <= '".$this->db->escape($value)."'"; } elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') { - $sqlwhere[] = $key.' = '.((int) $value); + $sqlwhere[] = $this->db->sanitize($key).' = '.((int) $value); } elseif ($key == 't.subledger_account' || $key == 't.numero_compte') { - $sqlwhere[] = $key.' LIKE \''.$this->db->escape($this->db->escapeforlike($value)).'%\''; - } elseif ($key == 't.date_creation>=' || $key == 't.date_creation<=') { - $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; - } elseif ($key == 't.date_export>=' || $key == 't.date_export<=') { - $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; - } elseif ($key == 't.date_validated>=' || $key == 't.date_validated<=') { - $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; + $sqlwhere[] = $this->db->sanitize($key).' LIKE \''.$this->db->escape($this->db->escapeforlike($value)).'%\''; + } elseif ($key == 't.date_creation>=') { + $sqlwhere[] = 't.date_creation >= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.date_creation<=') { + $sqlwhere[] = 't.date_creation <= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.date_export>=') { + $sqlwhere[] = 't.date_export >= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.date_export<=') { + $sqlwhere[] = 't.date_export <= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.date_validated>=') { + $sqlwhere[] = 't;date_validate >= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.date_validated>=') { + $sqlwhere[] = 't;date_validate <= \''.$this->db->idate($value).'\''; } elseif ($key == 't.credit' || $key == 't.debit') { $sqlwhere[] = natural_search($key, $value, 1, 1); } elseif ($key == 't.reconciled_option') { @@ -1031,14 +1047,14 @@ class BookKeeping extends CommonObject * * @param string $sortorder Sort Order * @param string $sortfield Sort field - * @param int $limit Offset limit + * @param int $limit Limit * @param int $offset Offset limit - * @param array $filter Filter array + * @param string|array $filter Filter array * @param string $filtermode Filter mode (AND or OR) * @param int $showAlreadyExportMovements Show movements when field 'date_export' is not empty (0:No / 1:Yes (Default)) * @return int Return integer <0 if KO, >0 if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND', $showAlreadyExportMovements = 1) + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND', $showAlreadyExportMovements = 1) { global $conf; @@ -1074,48 +1090,84 @@ class BookKeeping extends CommonObject $sql .= " t.date_export,"; $sql .= " t.date_validated as date_validation"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.doc_date') { - $sqlwhere[] = $key.'=\''.$this->db->idate($value).'\''; - } elseif ($key == 't.doc_date>=' || $key == 't.doc_date<=') { - $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; - } elseif ($key == 't.numero_compte>=' || $key == 't.numero_compte<=' || $key == 't.subledger_account>=' || $key == 't.subledger_account<=') { - $sqlwhere[] = $key.'\''.$this->db->escape($value).'\''; - } elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') { - $sqlwhere[] = $key.'='.((int) $value); - } elseif ($key == 't.subledger_account' || $key == 't.numero_compte') { - $sqlwhere[] = $key.' LIKE \''.$this->db->escape($value).'%\''; - } elseif ($key == 't.date_creation>=' || $key == 't.date_creation<=') { - $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; - } elseif ($key == 't.tms>=' || $key == 't.tms<=') { - $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; - } elseif ($key == 't.date_export>=' || $key == 't.date_export<=') { - $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; - } elseif ($key == 't.date_validated>=' || $key == 't.date_validated<=') { - $sqlwhere[] = $key.'\''.$this->db->idate($value).'\''; - } elseif ($key == 't.credit' || $key == 't.debit') { - $sqlwhere[] = natural_search($key, $value, 1, 1); - } elseif ($key == 't.code_journal' && !empty($value)) { - if (is_array($value)) { - $sqlwhere[] = natural_search("t.code_journal", implode(',', $value), 3, 1); - } else { - $sqlwhere[] = natural_search("t.code_journal", $value, 3, 1); - } - } else { - $sqlwhere[] = natural_search($key, $value, 0, 1); - } - } - } + $sql .= ' WHERE t.entity = ' . ((int) $conf->entity); // Do not use getEntity for accounting features if ($showAlreadyExportMovements == 0) { $sql .= " AND t.date_export IS NULL"; } - if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(" ".$this->db->sanitize($filtermode)." ", $sqlwhere); + + // Manage filter + if (is_array($filter)) { // deprecated, use $filter = USF syntax + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.doc_date') { + $sqlwhere[] = $this->db->sanitize($key).' = \''.$this->db->idate($value).'\''; + } elseif ($key == 't.doc_date>=') { + $sqlwhere[] = "t.doc_date >= '".$this->db->idate($value)."'"; + } elseif ($key == 't.doc_date<=') { + $sqlwhere[] = "t.doc_date <= '".$this->db->idate($value)."'"; + } elseif ($key == 't.doc_date>') { + $sqlwhere[] = "t.doc_date > '".$this->db->idate($value)."'"; + } elseif ($key == 't.doc_date<') { + $sqlwhere[] = "t.doc_date < '".$this->db->idate($value)."'"; + } elseif ($key == 't.numero_compte>=') { + $sqlwhere[] = "t.numero_compte >= '".$this->db->escape($value)."'"; + } elseif ($key == 't.numero_compte<=') { + $sqlwhere[] = "t.numero_compte <= '".$this->db->escape($value)."'"; + } elseif ($key == 't.subledger_account>=') { + $sqlwhere[] = "t.subledger_account >= '".$this->db->escape($value)."'"; + } elseif ($key == 't.subledger_account<=') { + $sqlwhere[] = "t.subledger_account <= '".$this->db->escape($value)."'"; + } elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') { + $sqlwhere[] = $this->db->sanitize($key).' = '.((int) $value); + } elseif ($key == 't.subledger_account' || $key == 't.numero_compte') { + $sqlwhere[] = $this->db->sanitize($key).' LIKE \''.$this->db->escape($value).'%\''; + } elseif ($key == 't.date_creation>=') { + $sqlwhere[] = 't.date_creation >= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.date_creation<=') { + $sqlwhere[] = 't.date_creation <= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.tms>=') { + $sqlwhere[] = 't.tms >= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.tms<=') { + $sqlwhere[] = 't.tms <= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.date_export>=') { + $sqlwhere[] = 't.date_export >= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.date_export<=') { + $sqlwhere[] = 't.date_export <= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.date_validated>=') { + $sqlwhere[] = 't.date_validated >= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.date_validated<=') { + $sqlwhere[] = 't.date_validated <= \''.$this->db->idate($value).'\''; + } elseif ($key == 't.credit' || $key == 't.debit') { + $sqlwhere[] = natural_search($key, $value, 1, 1); + } elseif ($key == 't.code_journal' && !empty($value)) { + if (is_array($value)) { + $sqlwhere[] = natural_search("t.code_journal", implode(',', $value), 3, 1); + } else { + $sqlwhere[] = natural_search("t.code_journal", $value, 3, 1); + } + } else { + $sqlwhere[] = natural_search($key, $value, 0, 1); + } + } + } + if (count($sqlwhere) > 0) { + $sql .= ' AND '.implode(" ".$this->db->sanitize($filtermode)." ", $sqlwhere); + } + + $filter = ''; } + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; + } + if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } @@ -1180,16 +1232,16 @@ class BookKeeping extends CommonObject /** * Load object in memory from the database * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit offset limit - * @param int $offset offset limit - * @param array $filter filter array - * @param string $filtermode filter mode (AND or OR) - * @param int $option option (0: aggregate by general account or 1: aggreegate by subaccount) - * @return int Return integer <0 if KO, >0 if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset limit + * @param string|array $filter Filter + * @param string $filtermode Filter mode (AND or OR) + * @param int $option option (0: aggregate by general account or 1: aggreegate by subaccount) + * @return int Return integer <0 if KO, >0 if OK */ - public function fetchAllBalance($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND', $option = 0) + public function fetchAllBalance($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND', $option = 0) { global $conf; @@ -1206,52 +1258,64 @@ class BookKeeping extends CommonObject $sql .= " SUM(t.debit) as debit,"; $sql .= " SUM(t.credit) as credit"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - - // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.doc_date') { - $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; - } elseif ($key == 't.doc_date>=') { - $sqlwhere[] = "t.doc_date >= '".$this->db->idate($value)."'"; - } elseif ($key == 't.doc_date<=') { - $sqlwhere[] = "t.doc_date <= '".$this->db->idate($value)."'"; - } elseif ($key == 't.doc_date>') { - $sqlwhere[] = "t.doc_date > '".$this->db->idate($value)."'"; - } elseif ($key == 't.doc_date<') { - $sqlwhere[] = "t.doc_date < '".$this->db->idate($value)."'"; - } elseif ($key == 't.numero_compte>=') { - $sqlwhere[] = "t.numero_compte >= '".$this->db->escape($value)."'"; - } elseif ($key == 't.numero_compte<=') { - $sqlwhere[] = "t.numero_compte <= '".$this->db->escape($value)."'"; - } elseif ($key == 't.subledger_account>=') { - $sqlwhere[] = "t.subledger_account >= '".$this->db->escape($value)."'"; - } elseif ($key == 't.subledger_account<=') { - $sqlwhere[] = "t.subledger_account <= '".$this->db->escape($value)."'"; - } elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') { - $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); - } elseif ($key == 't.subledger_account' || $key == 't.numero_compte') { - $sqlwhere[] = $this->db->sanitize($key)." LIKE '".$this->db->escape($value)."%'"; - } elseif ($key == 't.subledger_label') { - $sqlwhere[] = $this->db->sanitize($key)." LIKE '".$this->db->escape($value)."%'"; - } elseif ($key == 't.code_journal' && !empty($value)) { - if (is_array($value)) { - $sqlwhere[] = natural_search("t.code_journal", implode(',', $value), 3, 1); - } else { - $sqlwhere[] = natural_search("t.code_journal", $value, 3, 1); - } - } elseif ($key == 't.reconciled_option') { - $sqlwhere[] = 't.lettering_code IS NULL'; - } else { - $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; - } - } - } $sql .= ' WHERE entity = ' . ((int) $conf->entity); // Do not use getEntity for accounting features - if (count($sqlwhere) > 0) { - $sql .= " AND ".implode(" ".$this->db->sanitize($filtermode)." ", $sqlwhere); + // Manage filter + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.doc_date') { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; + } elseif ($key == 't.doc_date>=') { + $sqlwhere[] = "t.doc_date >= '".$this->db->idate($value)."'"; + } elseif ($key == 't.doc_date<=') { + $sqlwhere[] = "t.doc_date <= '".$this->db->idate($value)."'"; + } elseif ($key == 't.doc_date>') { + $sqlwhere[] = "t.doc_date > '".$this->db->idate($value)."'"; + } elseif ($key == 't.doc_date<') { + $sqlwhere[] = "t.doc_date < '".$this->db->idate($value)."'"; + } elseif ($key == 't.numero_compte>=') { + $sqlwhere[] = "t.numero_compte >= '".$this->db->escape($value)."'"; + } elseif ($key == 't.numero_compte<=') { + $sqlwhere[] = "t.numero_compte <= '".$this->db->escape($value)."'"; + } elseif ($key == 't.subledger_account>=') { + $sqlwhere[] = "t.subledger_account >= '".$this->db->escape($value)."'"; + } elseif ($key == 't.subledger_account<=') { + $sqlwhere[] = "t.subledger_account <= '".$this->db->escape($value)."'"; + } elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } elseif ($key == 't.subledger_account' || $key == 't.numero_compte') { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '".$this->db->escape($value)."%'"; + } elseif ($key == 't.subledger_label') { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '".$this->db->escape($value)."%'"; + } elseif ($key == 't.code_journal' && !empty($value)) { + if (is_array($value)) { + $sqlwhere[] = natural_search("t.code_journal", implode(',', $value), 3, 1); + } else { + $sqlwhere[] = natural_search("t.code_journal", $value, 3, 1); + } + } elseif ($key == 't.reconciled_option') { + $sqlwhere[] = 't.lettering_code IS NULL'; + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } + } + } + if (count($sqlwhere) > 0) { + $sql .= " AND ".implode(" ".$this->db->sanitize($filtermode)." ", $sqlwhere); + } + + $filter = ''; + } + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } if (!empty($option)) { diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index 738ee68c23b..e8bf0d5f45d 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -918,7 +918,7 @@ if ($rowid > 0) { } if ($i == 0) { - print ''.$langs->trans("None").''; + print ''.$langs->trans("None").''; } print "\n"; diff --git a/htdocs/admin/facture.php b/htdocs/admin/invoice.php similarity index 99% rename from htdocs/admin/facture.php rename to htdocs/admin/invoice.php index 3721646d950..fe290ea6f80 100644 --- a/htdocs/admin/facture.php +++ b/htdocs/admin/invoice.php @@ -23,7 +23,7 @@ */ /** - * \file htdocs/admin/facture.php + * \file htdocs/admin/invoice.php * \ingroup facture * \brief Page to setup invoice module */ @@ -50,6 +50,8 @@ $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); $type = 'invoice'; +$error = 0; + /* * Actions diff --git a/htdocs/admin/facture_situation.php b/htdocs/admin/invoice_situation.php similarity index 99% rename from htdocs/admin/facture_situation.php rename to htdocs/admin/invoice_situation.php index b514ef81721..d1a557f183d 100644 --- a/htdocs/admin/facture_situation.php +++ b/htdocs/admin/invoice_situation.php @@ -22,7 +22,7 @@ */ /** - * \file htdocs/admin/facture.php + * \file htdocs/admin/invoice_situation.php * \ingroup facture * \brief Page to setup invoice module */ diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php index fb65a08dd92..b44581098bc 100644 --- a/htdocs/admin/tools/dolibarr_export.php +++ b/htdocs/admin/tools/dolibarr_export.php @@ -191,7 +191,7 @@ if (in_array($type, array('mysql', 'mysqli'))) { print ''; print '
'; } else { - print 'No method available with database '.$label; + print 'No method available with database '.dol_escape_htmltag($label); } print ''; print ''; diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index a2199a42f97..451926a030c 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -485,18 +485,16 @@ class BOM extends CommonObject /** * Load list of objects in memory from the database. * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset Offset - * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) - * @param string $filtermode Filter mode (AND or OR) - * @return array|int int <0 if KO, array of pages if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset + * @param string $filter Filter USF + * @param string $filtermode Filter mode (AND or OR) + * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { - global $conf; - dol_syslog(__METHOD__, LOG_DEBUG); $records = array(); @@ -510,6 +508,7 @@ class BOM extends CommonObject $sql .= ' WHERE 1 = 1'; } + // Manage filter $errormessage = ''; $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); if ($errormessage) { diff --git a/htdocs/compta/facture/admin/facture_cust_extrafields.php b/htdocs/compta/facture/admin/invoice_cust_extrafields.php similarity index 97% rename from htdocs/compta/facture/admin/facture_cust_extrafields.php rename to htdocs/compta/facture/admin/invoice_cust_extrafields.php index 67f3becb6b5..6b8581c9399 100644 --- a/htdocs/compta/facture/admin/facture_cust_extrafields.php +++ b/htdocs/compta/facture/admin/invoice_cust_extrafields.php @@ -20,7 +20,7 @@ */ /** -* \file htdocs/compta/facture/admin/facture_cust_extrafields.php +* \file htdocs/compta/facture/admin/invoice_cust_extrafields.php * \ingroup invoice * \brief Page to setup extra fields of customer invoice */ diff --git a/htdocs/compta/facture/admin/facture_rec_cust_extrafields.php b/htdocs/compta/facture/admin/invoice_rec_cust_extrafields.php similarity index 97% rename from htdocs/compta/facture/admin/facture_rec_cust_extrafields.php rename to htdocs/compta/facture/admin/invoice_rec_cust_extrafields.php index fb5282352fc..00fb625271c 100644 --- a/htdocs/compta/facture/admin/facture_rec_cust_extrafields.php +++ b/htdocs/compta/facture/admin/invoice_rec_cust_extrafields.php @@ -21,7 +21,7 @@ */ /** -* \file htdocs/compta/facture/admin/facture_cust_extrafields.php +* \file htdocs/compta/facture/admin/invoice_cust_extrafields.php * \ingroup invoice * \brief Page to setup extra fields of customer invoice */ diff --git a/htdocs/compta/facture/admin/facturedet_cust_extrafields.php b/htdocs/compta/facture/admin/invoicedet_cust_extrafields.php similarity index 97% rename from htdocs/compta/facture/admin/facturedet_cust_extrafields.php rename to htdocs/compta/facture/admin/invoicedet_cust_extrafields.php index 5bd66c4f0f7..61eabbac825 100644 --- a/htdocs/compta/facture/admin/facturedet_cust_extrafields.php +++ b/htdocs/compta/facture/admin/invoicedet_cust_extrafields.php @@ -21,7 +21,7 @@ */ /** -* \file htdocs/compta/facture/admin/facture_cust_extrafields.php +* \file htdocs/compta/facture/admin/invoice_cust_extrafields.php * \ingroup invoice * \brief Page to setup extra fields of customer invoice */ diff --git a/htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php b/htdocs/compta/facture/admin/invoicedet_rec_cust_extrafields.php similarity index 97% rename from htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php rename to htdocs/compta/facture/admin/invoicedet_rec_cust_extrafields.php index 01c6abc310a..ed9a8d5d280 100644 --- a/htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php +++ b/htdocs/compta/facture/admin/invoicedet_rec_cust_extrafields.php @@ -21,7 +21,7 @@ */ /** -* \file htdocs/compta/facture/admin/facture_cust_extrafields.php +* \file htdocs/compta/facture/admin/invoice_cust_extrafields.php * \ingroup invoice * \brief Page to setup extra fields of customer invoice */ diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 66afe9fcb73..89a8fe99d84 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -5954,23 +5954,24 @@ if ($action == 'create') { // Delete $isErasable = $object->is_erasable(); + $htmltooltip = ''; + if ($isErasable == -4) { + $htmltooltip = $langs->trans('DisabledBecausePayments'); + } elseif ($isErasable == -3) { + $htmltooltip = $langs->trans('DisabledBecauseNotLastSituationInvoice'); + } elseif ($isErasable == -2) { + $htmltooltip = $langs->trans('DisabledBecauseNotLastInvoice'); + } elseif ($isErasable == -1) { + $htmltooltip = $langs->trans('DisabledBecauseDispatchedInBookkeeping'); + } elseif ($isErasable <= 0) { // Any other cases + $htmltooltip = $langs->trans('DisabledBecauseNotErasable'); + } elseif ($objectidnext) { + $htmltooltip = $langs->trans('DisabledBecauseReplacedInvoice'); + } if ($usercandelete || ($usercancreate && $isErasable == 1)) { // isErasable = 1 means draft with temporary ref (draft can always be deleted with no need of permissions) $enableDelete = false; $deleteHref = '#'; - $htmltooltip = ''; - if ($isErasable == -4) { - $htmltooltip = $langs->trans('DisabledBecausePayments'); - } elseif ($isErasable == -3) { - $htmltooltip = $langs->trans('DisabledBecauseNotLastSituationInvoice'); - } elseif ($isErasable == -2) { - $htmltooltip = $langs->trans('DisabledBecauseNotLastInvoice'); - } elseif ($isErasable == -1) { - $htmltooltip = $langs->trans('DisabledBecauseDispatchedInBookkeeping'); - } elseif ($isErasable <= 0) { // Any other cases - $htmltooltip = $langs->trans('DisabledBecauseNotErasable'); - } elseif ($objectidnext) { - $htmltooltip = $langs->trans('DisabledBecauseReplacedInvoice'); - } else { + if ($isErasable > 0 && ! $objectidnext) { $deleteHref = $_SERVER["PHP_SELF"].'?facid='.$object->id.'&action=delete&token='.newToken(); $enableDelete = true; } diff --git a/htdocs/compta/sociales/class/cchargesociales.class.php b/htdocs/compta/sociales/class/cchargesociales.class.php index 5141708f815..b532bf42095 100644 --- a/htdocs/compta/sociales/class/cchargesociales.class.php +++ b/htdocs/compta/sociales/class/cchargesociales.class.php @@ -389,7 +389,7 @@ class Cchargesociales if ($result < 0) { $error++; $this->errors = $object->errors; - dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); } unset($this->context['createfromclone']); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index 20345dd7d50..a8704ff8da3 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -67,7 +67,7 @@ $search_ref_supplier = GETPOST('search_ref_supplier', 'alpha'); $search_all = (GETPOST('search_all', 'alphanohtml') != '') ? GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml'); $search_status = GETPOST('search_status', 'alpha'); $socid = GETPOSTINT('socid'); -$search_user = GETPOSTINT('search_user'); +$search_user = GETPOST('search_user', 'intcomma'); $search_sale = GETPOSTINT('search_sale'); $search_product_category = GETPOSTINT('search_product_category'); $search_dfmonth = GETPOSTINT('search_dfmonth'); @@ -128,7 +128,7 @@ if (!$sortorder) { // Security check $id = GETPOSTINT('id'); -if ($user->socid) { +if ($user->socid > 0) { $socid = $user->socid; } $result = restrictedArea($user, 'contrat', $id); diff --git a/htdocs/core/actions_addupdatedelete.inc.php b/htdocs/core/actions_addupdatedelete.inc.php index 5c37dacedbe..ab0186f9e2f 100644 --- a/htdocs/core/actions_addupdatedelete.inc.php +++ b/htdocs/core/actions_addupdatedelete.inc.php @@ -587,7 +587,7 @@ if ($action == 'confirm_reopen' && $confirm == 'yes' && $permissiontoadd) { if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang) && GETPOST('lang_id', 'aZ09')) { $newlang = GETPOST('lang_id', 'aZ09'); } - if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang)) { + if (getDolGlobalInt('MAIN_MULTILANGS') && empty($newlang) && is_object($object->thirdparty)) { $newlang = $object->thirdparty->default_lang; } if (!empty($newlang)) { diff --git a/htdocs/core/class/cgenericdic.class.php b/htdocs/core/class/cgenericdic.class.php index 9c617d9c78d..80cd29208db 100644 --- a/htdocs/core/class/cgenericdic.class.php +++ b/htdocs/core/class/cgenericdic.class.php @@ -220,16 +220,15 @@ class CGenericDic extends CommonDict /** * Load object in memory from the database * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit offset limit - * @param int $offset offset limit - * @param array $filter filter array - * @param string $filtermode filter mode (AND or OR) - * - * @return int Return integer <0 if KO, >0 if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset offset limit + * @param string|array $filter filter USF + * @param string $filtermode filter mode (AND or OR) + * @return int Return integer <0 if KO, >0 if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -243,23 +242,36 @@ class CGenericDic extends CommonDict } $sql = "SELECT"; - $sql .= " t.".$fieldrowid.","; + $sql .= " t.".$this->db->sanitize($fieldrowid).","; $sql .= " t.code,"; - $sql .= " t.".$fieldlabel." as label,"; + $sql .= " t.".$this->db->sanitize($fieldlabel)." as label,"; $sql .= " t.active"; $sql .= " FROM ".$this->db->prefix().$this->table_element." as t"; // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($value)."%'"; + } } + if (count($sqlwhere) > 0) { + $sql .= " WHERE ".implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= " WHERE ".implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } + if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index 708e198ac98..a32425ceef4 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -551,7 +551,6 @@ abstract class CommonInvoice extends CommonObject public function is_erasable() { // phpcs:enable - global $conf; // We check if invoice is a temporary number (PROVxxxx) $tmppart = substr($this->ref, 1, 4); diff --git a/htdocs/core/class/cproductnature.class.php b/htdocs/core/class/cproductnature.class.php index b395bf8983f..8cdf2c3999e 100644 --- a/htdocs/core/class/cproductnature.class.php +++ b/htdocs/core/class/cproductnature.class.php @@ -153,13 +153,13 @@ class CProductNature extends CommonDict * * @param string $sortorder Sort Order * @param string $sortfield Sort field - * @param int $limit limit + * @param int $limit Limit * @param int $offset Offset - * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) + * @param string $filter Filter USF * @param string $filtermode Filter mode (AND or OR) * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -169,23 +169,38 @@ class CProductNature extends CommonDict $sql .= " t.label,"; $sql .= " t.active"; $sql .= " FROM ".$this->db->prefix().$this->table_element." as t"; + $sql .= " WHERE 1 = 1"; + // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.rowid' || $key == 't.active' || $key == 't.code') { - $sqlwhere[] = $key." = ".((int) $value); - } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; - } elseif ($key == 't.label') { - $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; - } else { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid' || $key == 't.active' || $key == 't.code') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } elseif (strpos($key, 'date') !== false) { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; + } elseif ($key == 't.label') { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->escape($value)."'"; + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($value)."%'"; + } } } + if (count($sqlwhere) > 0) { + $sql .= " AND ".implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' WHERE ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } if (!empty($sortfield)) { diff --git a/htdocs/core/class/ctyperesource.class.php b/htdocs/core/class/ctyperesource.class.php index 5d839fb0f26..f1f0558a444 100644 --- a/htdocs/core/class/ctyperesource.class.php +++ b/htdocs/core/class/ctyperesource.class.php @@ -194,16 +194,15 @@ class Ctyperesource extends CommonDict /** * Load object in memory from the database * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit offset limit - * @param int $offset offset limit - * @param array $filter filter array - * @param string $filtermode filter mode (AND or OR) - * - * @return int Return integer <0 if KO, >0 if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset limit + * @param string|array $filter filter array + * @param string $filtermode filter mode (AND or OR) + * @return int Return integer <0 if KO, >0 if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -213,18 +212,40 @@ class Ctyperesource extends CommonDict $sql .= " t.label,"; $sql .= " t.active"; $sql .= " FROM ".$this->db->prefix().$this->table_element." as t"; + $sql .= " WHERE 1 = 1"; // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid' || $key == 't.active' || $key == 't.code') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } elseif (strpos($key, 'date') !== false) { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; + } elseif ($key == 't.label') { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->escape($value)."'"; + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($value)."%'"; + } + } } + if (count($sqlwhere) > 0) { + $sql .= " AND ".implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' WHERE '.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } + if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } diff --git a/htdocs/core/class/cunits.class.php b/htdocs/core/class/cunits.class.php index 7db6859f82b..e8e8c36cc39 100644 --- a/htdocs/core/class/cunits.class.php +++ b/htdocs/core/class/cunits.class.php @@ -207,15 +207,15 @@ class CUnits extends CommonDict /** * Load list of objects in memory from the database. * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset Offset - * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) - * @param string $filtermode Filter mode (AND or OR) - * @return array|int int <0 if KO, array of pages if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset + * @param string|array $filter Filter USF + * @param string $filtermode Filter mode (AND or OR) + * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -229,24 +229,38 @@ class CUnits extends CommonDict $sql .= " t.scale,"; $sql .= " t.active"; $sql .= " FROM ".$this->db->prefix()."c_units as t"; + $sql .= " WHERE 1 = 1"; // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.rowid' || $key == 't.active' || $key == 't.scale') { - $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); - } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; - } elseif ($key == 't.unit_type' || $key == 't.code' || $key == 't.short_label') { - $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->escape($value)."'"; - } else { - $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid' || $key == 't.active' || $key == 't.scale') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } elseif (strpos($key, 'date') !== false) { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; + } elseif ($key == 't.unit_type' || $key == 't.code' || $key == 't.short_label') { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->escape($value)."'"; + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } } + if (count($sqlwhere) > 0) { + $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' WHERE ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } if (!empty($sortfield)) { diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index fb7f4a0ea4d..14d8680faec 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1990,7 +1990,7 @@ class Form /** * Return select list of users * - * @param string $selected User id or user object of user preselected. If 0 or < -2, we use id of current user. If -1, keep unselected (if empty is allowed) + * @param string|int $selected User id or user object of user preselected. If 0 or < -2, we use id of current user. If -1 or '', keep unselected (if empty is allowed) * @param string $htmlname Field name in form * @param int|string $show_empty 0=list with no empty value, 1=add also an empty value into list * @param array|null $exclude Array list of users id to exclude @@ -5374,7 +5374,7 @@ class Form $h = isset($input['hours']) ? $input['hours'] : 1; $m = isset($input['minutes']) ? $input['minutes'] : 1; } - $more .= $this->selectDate($input['value'], $input['name'], $h, $m, 0, '', 1, $addnowlink); + $more .= $this->selectDate(isset($input['value']) ? $input['value'] : -1, $input['name'], $h, $m, 0, '', 1, $addnowlink); $more .= ''."\n"; $formquestion[] = array('name' => $input['name'].'day'); $formquestion[] = array('name' => $input['name'].'month'); @@ -10706,7 +10706,7 @@ class Form $ret .= '
'; // Show select fields as tags. - $ret .= '
'; + $ret .= '
'; if ($search_component_params_hidden) { // Split the criteria on each AND @@ -10804,6 +10804,27 @@ class Form // We repost the form $(this).closest(\'form\').submit(); }); + + jQuery("#search_component_params_input").keydown(function(e) { + console.log("We press a key on the filter field that is "+jQuery("#search_component_params_input").val()); + console.log(e.which); + if (jQuery("#search_component_params_input").val() == "" && e.which == 8) { + /* We click on back when the input field is already empty */ + event.preventDefault(); + jQuery("#divsearch_component_params .tagsearch").last().remove(); + /* Regenerate content of search_component_params_hidden from remaining .tagsearch */ + var s = ""; + jQuery("#divsearch_component_params .tagsearch").each(function( index ) { + if (s != "") { + s = s + " AND "; + } + s = s + $(this).attr("data-ufilter"); + }); + console.log("New value for search_component_params_hidden = "+s); + jQuery("#search_component_params_hidden").val(s); + } + }); + '; diff --git a/htdocs/core/class/link.class.php b/htdocs/core/class/link.class.php index b8a54ec53c7..34f05db4c11 100644 --- a/htdocs/core/class/link.class.php +++ b/htdocs/core/class/link.class.php @@ -237,7 +237,7 @@ class Link extends CommonObject $sql = "SELECT rowid, entity, datea, url, label, objecttype, objectid FROM ".$this->db->prefix()."links"; $sql .= " WHERE objecttype = '".$this->db->escape($objecttype)."' AND objectid = ".((int) $objectid); if ($conf->entity != 0) { - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); } if ($sortfield) { if (empty($sortorder)) { diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 9d7b2222040..d07f1960e15 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1840,6 +1840,7 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess // var_dump($result);exit; if ($result >= 0) { $TFile = $_FILES[$varfiles]; + // Convert value of $TFile if (!is_array($TFile['name'])) { foreach ($TFile as $key => &$val) { $val = array($val); @@ -1854,13 +1855,13 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess } // Define $destfull (path to file including filename) and $destfile (only filename) - $destfull = $upload_dir."/".$TFile['name'][$i]; - $destfile = $TFile['name'][$i]; + $destfile = trim($TFile['name'][$i]); + $destfull = $upload_dir."/".$destfile; $destfilewithoutext = preg_replace('/\.[^\.]+$/', '', $destfile); if ($savingdocmask && strpos($savingdocmask, $destfilewithoutext) !== 0) { - $destfull = $upload_dir."/".preg_replace('/__file__/', $TFile['name'][$i], $savingdocmask); - $destfile = preg_replace('/__file__/', $TFile['name'][$i], $savingdocmask); + $destfile = trim(preg_replace('/__file__/', $TFile['name'][$i], $savingdocmask)); + $destfull = $upload_dir."/".$destfile; } $filenameto = basename($destfile); @@ -1869,7 +1870,6 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess setEventMessages($langs->trans("ErrorFilenameCantStartWithDot", $filenameto), null, 'errors'); break; } - // dol_sanitizeFileName the file name and lowercase extension $info = pathinfo($destfull); $destfull = $info['dirname'].'/'.dol_sanitizeFileName($info['filename'].($info['extension'] != '' ? ('.'.strtolower($info['extension'])) : '')); @@ -2307,7 +2307,7 @@ function dol_compress_file($inputfile, $outputfile, $mode = "gz", &$errorstring // Zip archive will be created only after closing object $zip->close(); - dol_syslog("dol_compress_file success - ".count($zip->numFiles)." files"); + dol_syslog("dol_compress_file success - ".$zip->numFiles." files"); return 1; } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 57f785261ea..556917bc2a0 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -4369,7 +4369,7 @@ function dol_substr($string, $start, $length = null, $stringencoding = '', $trun global $langs; if (empty($stringencoding)) { - $stringencoding = $langs->charset_output; + $stringencoding = (empty($langs) ? 'UTF-8' : $langs->charset_output); } $ret = ''; diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index 9e6a39c63f9..faf5068d403 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -177,7 +177,7 @@ function invoice_admin_prepare_head() $h = 0; $head = array(); - $head[$h][0] = DOL_URL_ROOT.'/admin/facture.php'; + $head[$h][0] = DOL_URL_ROOT.'/admin/invoice.php'; $head[$h][1] = $langs->trans("Miscellaneous"); $head[$h][2] = 'general'; $h++; @@ -193,7 +193,7 @@ function invoice_admin_prepare_head() // $this->tabs = array('entity:-tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to remove a tab complete_head_from_modules($conf, $langs, null, $head, $h, 'invoice_admin'); - $head[$h][0] = DOL_URL_ROOT.'/compta/facture/admin/facture_cust_extrafields.php'; + $head[$h][0] = DOL_URL_ROOT.'/compta/facture/admin/invoice_cust_extrafields.php'; $head[$h][1] = $langs->trans("ExtraFieldsCustomerInvoices"); $nbExtrafields = $extrafields->attributes['facture']['count']; if ($nbExtrafields > 0) { @@ -202,7 +202,7 @@ function invoice_admin_prepare_head() $head[$h][2] = 'attributes'; $h++; - $head[$h][0] = DOL_URL_ROOT.'/compta/facture/admin/facturedet_cust_extrafields.php'; + $head[$h][0] = DOL_URL_ROOT.'/compta/facture/admin/invoicedet_cust_extrafields.php'; $head[$h][1] = $langs->trans("ExtraFieldsLines"); $nbExtrafields = $extrafields->attributes['facturedet']['count']; if ($nbExtrafields > 0) { @@ -211,7 +211,7 @@ function invoice_admin_prepare_head() $head[$h][2] = 'attributeslines'; $h++; - $head[$h][0] = DOL_URL_ROOT.'/compta/facture/admin/facture_rec_cust_extrafields.php'; + $head[$h][0] = DOL_URL_ROOT.'/compta/facture/admin/invoice_rec_cust_extrafields.php'; $head[$h][1] = $langs->trans("ExtraFieldsCustomerInvoicesRec"); $nbExtrafields = $extrafields->attributes['facture_rec']['count']; if ($nbExtrafields > 0) { @@ -220,7 +220,7 @@ function invoice_admin_prepare_head() $head[$h][2] = 'attributesrec'; $h++; - $head[$h][0] = DOL_URL_ROOT.'/compta/facture/admin/facturedet_rec_cust_extrafields.php'; + $head[$h][0] = DOL_URL_ROOT.'/compta/facture/admin/invoicedet_rec_cust_extrafields.php'; $head[$h][1] = $langs->trans("ExtraFieldsLinesRec"); $nbExtrafields = $extrafields->attributes['facturedet_rec']['count']; if ($nbExtrafields > 0) { @@ -230,7 +230,7 @@ function invoice_admin_prepare_head() $h++; if (getDolGlobalInt('INVOICE_USE_SITUATION') > 0) { // Warning, implementation with value 1 is seriously bugged and a new one not compatible is expected to become stable - $head[$h][0] = DOL_URL_ROOT.'/admin/facture_situation.php'; + $head[$h][0] = DOL_URL_ROOT.'/admin/invoice_situation.php'; $head[$h][1] = $langs->trans("InvoiceSituation"); $head[$h][2] = 'situation'; $h++; diff --git a/htdocs/core/modules/modFacture.class.php b/htdocs/core/modules/modFacture.class.php index 4d90ba8252b..7cd9dacaefa 100644 --- a/htdocs/core/modules/modFacture.class.php +++ b/htdocs/core/modules/modFacture.class.php @@ -73,7 +73,7 @@ class modFacture extends DolibarrModules $this->warnings_activation_ext = array(); // Warning to show when we activate an external module. array('always'='text') or array('FR'='text') // Config pages - $this->config_page_url = array("facture.php"); + $this->config_page_url = array("invoice.php"); // Constants $this->const = array(); diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index b9fef39837f..b3b8177be87 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -513,16 +513,16 @@ class Cronjob extends CommonObject /** * Load list of cron jobs in a memory array from the database * - * @param string $sortorder sort order - * @param string $sortfield sort field - * @param int $limit limit page - * @param int $offset page - * @param int $status display active or not - * @param array $filter filter output - * @param int $processing Processing or not - * @return int if KO: <0 || if OK: >0 + * @param string $sortorder Sort order + * @param string $sortfield Sort field + * @param int $limit Limit page + * @param int $offset Offset ppage + * @param int $status Display active or not + * @param string|array $filter Filter USF. + * @param int $processing Processing or not + * @return int if KO: <0 || if OK: >0 */ - public function fetchAll(string $sortorder = 'DESC', string $sortfield = 't.rowid', int $limit = 0, int $offset = 0, int $status = 1, array $filter = [], int $processing = -1) + public function fetchAll(string $sortorder = 'DESC', string $sortfield = 't.rowid', int $limit = 0, int $offset = 0, int $status = 1, $filter = '', int $processing = -1) { $this->lines = array(); @@ -573,14 +573,27 @@ class Cronjob extends CommonObject } // Manage filter - if (is_array($filter) && count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.rowid') { - $sql .= " AND ".$this->db->sanitize($key)." = ".((int) $value); - } else { - $sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid') { + $sql .= " AND ".$this->db->sanitize($key)." = ".((int) $value); + } else { + $sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } } + + $filter = ''; + } + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } $sql .= $this->db->order($sortfield, $sortorder); diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index 0f622d01370..de254170431 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -530,15 +530,15 @@ class EcmFiles extends CommonObject /** * Load object in memory from the database * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset offset limit - * @param array $filter filter array - * @param string $filtermode filter mode (AND or OR) - * @return int Return integer <0 if KO, >0 if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset limit + * @param string|array $filter filter array + * @param string $filtermode filter mode (AND or OR) + * @return int Return integer <0 if KO, >0 if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -564,27 +564,40 @@ class EcmFiles extends CommonObject $sql .= " t.src_object_type,"; $sql .= " t.src_object_id"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; + $sql .= ' WHERE 1 = 1'; // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.src_object_id') { - $sqlwhere[] = $key." = ".((int) $value); - } else { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.src_object_id') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } } + if (count($sqlwhere) > 0) { + $sql .= ' AND '.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + } + + $filter = ''; + } + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } - $sql .= ' WHERE 1 = 1'; /* Fetching this table depends on filepath+filename, it must not depends on entity if (isModEnabled('multicompany')) { $sql .= " AND entity IN (" . getEntity('ecmfiles') . ")"; }*/ - if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); - } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } diff --git a/htdocs/knowledgemanagement/class/knowledgerecord.class.php b/htdocs/knowledgemanagement/class/knowledgerecord.class.php index 5e6ed1b5ebb..530395f5bf6 100644 --- a/htdocs/knowledgemanagement/class/knowledgerecord.class.php +++ b/htdocs/knowledgemanagement/class/knowledgerecord.class.php @@ -369,18 +369,16 @@ class KnowledgeRecord extends CommonObject /** * Load list of objects in memory from the database. * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset Offset - * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) - * @param string $filtermode Filter mode (AND or OR) - * @return array|int int <0 if KO, array of pages if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset + * @param string|array $filter Filter USF. + * @param string $filtermode Filter mode (AND or OR) + * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { - global $conf; - dol_syslog(__METHOD__, LOG_DEBUG); $records = array(); @@ -393,23 +391,37 @@ class KnowledgeRecord extends CommonObject } else { $sql .= ' WHERE 1 = 1'; } + // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.rowid') { - $sqlwhere[] = $key." = ".((int) $value); - } elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; - } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; - } else { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; + } elseif (strpos($value, '%') === false) { + $sqlwhere[] = $this->db->sanitize($key).' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } } + if (count($sqlwhere) > 0) { + $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } if (!empty($sortfield)) { diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index 13e7e3d46d0..906cdc3d0e2 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -468,7 +468,7 @@ class MyObject extends CommonObject $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); if ($errormessage) { $this->errors[] = $errormessage; - dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); return -1; } @@ -502,7 +502,7 @@ class MyObject extends CommonObject return $records; } else { $this->errors[] = 'Error '.$this->db->lasterror(); - dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); return -1; } diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index 4b91802fd5a..6af9a6941d9 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -474,15 +474,15 @@ class Mo extends CommonObject /** * Load list of objects in memory from the database. * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset Offset - * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) - * @param string $filtermode Filter mode (AND or OR) - * @return array|int int <0 if KO, array of pages if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset + * @param string|array $filter Filter USF. + * @param string $filtermode Filter mode (AND or OR) + * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -496,21 +496,35 @@ class Mo extends CommonObject } else { $sql .= ' WHERE 1 = 1'; } + // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.rowid') { - $sqlwhere[] = $key." = ".((int) $value); - } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; - } else { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } elseif (strpos($key, 'date') !== false) { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } } + if (count($sqlwhere) > 0) { + $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } if (!empty($sortfield)) { diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index 1b47c556e7f..525214a4398 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -424,15 +424,15 @@ class Partnership extends CommonObject /** * Load list of objects in memory from the database. * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset Offset - * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) - * @param string $filtermode Filter mode (AND or OR) - * @return array|int int <0 if KO, array of pages if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset page + * @param string|array $filter Filter USF. + * @param string $filtermode Filter mode (AND or OR) + * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -446,23 +446,37 @@ class Partnership extends CommonObject } else { $sql .= ' WHERE 1 = 1'; } + // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.rowid') { - $sqlwhere[] = $key." = ".((int) $value); - } elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; - } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; - } else { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; + } elseif (strpos($value, '%') === false) { + $sqlwhere[] = $this->db->sanitize($key)." IN (".$this->db->sanitize($this->db->escape($value)).")"; + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } } + if (count($sqlwhere) > 0) { + $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } if (!empty($sortfield)) { diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 39dda63688f..224de17eb28 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -368,15 +368,15 @@ class ProductCustomerPrice extends CommonObject /** * Load all customer prices in memory from database * - * @param string $sortorder order - * @param string $sortfield field - * @param int $limit page - * @param int $offset offset - * @param array $filter Filter for select - * @return int Return integer <0 if KO, >0 if OK + * @param string $sortorder Sort order + * @param string $sortfield Sort field + * @param int $limit Limit page + * @param int $offset offset + * @param string|array $filter Filter USF. + * @return int Return integer <0 if KO, >0 if OK * @since dolibarr v17 */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = array()) + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '') { if (empty($sortfield)) { $sortfield = "t.rowid"; @@ -418,21 +418,35 @@ class ProductCustomerPrice extends CommonObject $sql .= " AND t.entity IN (".getEntity('productprice').")"; // Manage filter - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year - $sql .= " AND ".$this->db->sanitize($key)." = '".$this->db->escape($value)."'"; - } elseif ($key == 'soc.nom') { - $sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; - } elseif ($key == 'prod.ref' || $key == 'prod.label') { - $sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; - } elseif ($key == 't.price' || $key == 't.price_ttc') { - $sql .= " AND ".$this->db->sanitize($key)." = ".((float) price2num($value)); - } else { - $sql .= " AND ".$this->db->sanitize($key)." = ".((int) $value); + if (is_array($filter)) { + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year + $sql .= " AND ".$this->db->sanitize($key)." = '".$this->db->escape($value)."'"; + } elseif ($key == 'soc.nom') { + $sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } elseif ($key == 'prod.ref' || $key == 'prod.label') { + $sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } elseif ($key == 't.price' || $key == 't.price_ttc') { + $sql .= " AND ".$this->db->sanitize($key)." = ".((float) price2num($value)); + } else { + $sql .= " AND ".$this->db->sanitize($key)." = ".((int) $value); + } } } + + $filter = ''; } + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; + } + $sql .= $this->db->order($sortfield, $sortorder); if (!empty($limit)) { $sql .= $this->db->plimit($limit + 1, $offset); diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php index b0a30b3d41a..dae70705c88 100644 --- a/htdocs/product/class/productfournisseurprice.class.php +++ b/htdocs/product/class/productfournisseurprice.class.php @@ -318,18 +318,16 @@ class ProductFournisseurPrice extends CommonObject /** * Load list of objects in memory from the database. * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset Offset - * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) - * @param string $filtermode Filter mode (AND or OR) - * @return array|int int <0 if KO, array of pages if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset + * @param string|array $filter Filter USF. + * @param string $filtermode Filter mode (AND or OR) + * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { - global $conf; - dol_syslog(__METHOD__, LOG_DEBUG); $records = array(); @@ -342,23 +340,37 @@ class ProductFournisseurPrice extends CommonObject } else { $sql .= " WHERE 1 = 1"; } + // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.rowid') { - $sqlwhere[] = $key." = ".((int) $value); - } elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; - } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; - } else { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid') { + $sqlwhere[] = $key." = ".((int) $value); + } elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; + } elseif (strpos($value, '%') === false) { + $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + } else { + $sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } } + if (count($sqlwhere) > 0) { + $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } if (!empty($sortfield)) { diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index a8937fced52..87b8ba077d1 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -232,15 +232,15 @@ class ProductStockEntrepot extends CommonObject * * @param int $fk_product Product from which we want to get limit and desired stock by warehouse * @param int $fk_entrepot Warehouse in which we want to get products limit and desired stock - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset offset limit - * @param array $filter filter array - * @param string $filtermode filter mode (AND or OR) - * @return int|array Return integer <0 if KO, array if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset limit + * @param string|array $filter Filter USF. + * @param string $filtermode Filter mode (AND or OR) + * @return int|array Return integer <0 if KO, array if OK */ - public function fetchAll($fk_product = 0, $fk_entrepot = 0, $sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($fk_product = 0, $fk_entrepot = 0, $sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -256,14 +256,27 @@ class ProductStockEntrepot extends CommonObject $sql .= " WHERE 1=1"; // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } + if (count($sqlwhere) > 0) { + $sql .= " AND ".implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= " AND ".implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } if (!empty($fk_product) && $fk_product > 0) { diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index e679a3e180f..d4d8f9135d7 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -1258,7 +1258,7 @@ if ($source == 'invoice') { // Tag print ''.$langs->trans("PaymentCode"); print ''.$fulltag.''; - print ''; + print ''; print ''; print ''."\n"; diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index cce2244df42..2e15cc1ad18 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -599,14 +599,14 @@ class Dolresource extends CommonObject /** * Load resource objects into $this->lines * - * @param string $sortorder sort order - * @param string $sortfield sort field - * @param int $limit limit page - * @param int $offset page - * @param array $filter filter output - * @return int if KO: <0 || if OK number of lines loaded + * @param string $sortorder Sort order + * @param string $sortfield Sort field + * @param int $limit Limit page + * @param int $offset Offset page + * @param string|array $filter Filter USF. + * @return int If KO: <0 || if OK number of lines loaded */ - public function fetchAll(string $sortorder, string $sortfield, int $limit, int $offset, array $filter = []) + public function fetchAll(string $sortorder, string $sortfield, int $limit, int $offset, $filter = '') { require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; $extrafields = new ExtraFields($this->db); @@ -641,16 +641,27 @@ class Dolresource extends CommonObject $sql .= " WHERE t.entity IN (".getEntity('resource').")"; // Manage filter - if (!empty($filter)) { + if (is_array($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { $sql .= " AND ".$this->db->sanitize($key)." = '".$this->db->idate($value)."'"; } elseif (strpos($key, 'ef.') !== false) { - $sql .= ((float) $value); + $sql .= " AND ".$this->db->sanitize($key)." = ".((float) $value); } else { $sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; } } + + $filter = ''; + } + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } $sql .= $this->db->order($sortfield, $sortorder); diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 5b29d73fefb..7b85ba94863 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -1748,7 +1748,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($canvasdisplayactio print ''; $userlist = $form->select_dolusers('', '', 0, null, 0, '', '', '0', 0, 0, 'AND u.statut = 1', 0, '', '', 0, 2); // Note: If user has no right to "see all thirdparties", we force selection of sale representative to him, so after creation he can see the record. - $selected = (count(GETPOSTINT('commercial')) > 0 ? GETPOSTINT('commercial') : (GETPOSTINT('commercial') > 0 ? array(GETPOSTINT('commercial')) : (!$user->hasRight('societe', 'client', 'voir') ? array($user->id) : array()))); + $selected = (GETPOSTISARRAY('commercial') ? GETPOST('commercial', 'array:int') : (GETPOSTINT('commercial') > 0 ? array(GETPOSTINT('commercial')) : (!$user->hasRight('societe', 'client', 'voir') ? array($user->id) : array()))); print img_picto('', 'user').$form->multiselectarray('commercial', $userlist, $selected, null, null, 'quatrevingtpercent widthcentpercentminusx', 0, 0); print ''; diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 4980565b264..c4435e13cae 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -782,16 +782,16 @@ class Ticket extends CommonObject /** * Load all objects in memory from database * - * @param User $user User for action - * @param string $sortorder Sort order - * @param string $sortfield Sort field - * @param int $limit page number - * @param int $offset Offset for query - * @param int $arch archive or not (not used) - * @param array $filter Filter for query - * @return int Return integer <0 if KO, >0 if OK + * @param User $user User for action + * @param string $sortorder Sort order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset page + * @param int $arch Archive or not (not used) + * @param string|array $filter Filter for query + * @return int Return integer <0 if KO, >0 if OK */ - public function fetchAll($user, $sortorder = 'ASC', $sortfield = 't.datec', $limit = 0, $offset = 0, $arch = 0, $filter = []) + public function fetchAll($user, $sortorder = 'ASC', $sortfield = 't.datec', $limit = 0, $offset = 0, $arch = 0, $filter = '') { global $langs, $extrafields; @@ -845,7 +845,7 @@ class Ticket extends CommonObject $sql .= " WHERE t.entity IN (".getEntity('ticket').")"; // Manage filter - if (!empty($filter)) { + if (is_array($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year $sql .= " AND ".$this->db->sanitize($key)." = '".$this->db->escape($value)."'"; @@ -863,6 +863,17 @@ class Ticket extends CommonObject $sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; } } + + $filter = ''; + } + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } // Case of external user diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index a4b80193d02..47d572654be 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -403,15 +403,15 @@ class Website extends CommonObject /** * Load all object in memory ($this->records) from the database * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit offset limit - * @param int $offset offset limit - * @param array $filter filter array - * @param string $filtermode filter mode (AND or OR) - * @return array|int int <0 if KO, array of pages if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit limit + * @param int $offset offset limit + * @param string|array $filter filter array + * @param string $filtermode filter mode (AND or OR) + * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -433,15 +433,29 @@ class Website extends CommonObject $sql .= " t.tms as date_modification"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; $sql .= " WHERE t.entity IN (".getEntity('website').")"; + // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; + } } + if (count($sqlwhere) > 0) { + $sql .= ' AND '.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.implode(',', $this->errors), LOG_ERR); + return -1; } if (!empty($sortfield)) { diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index fd684229dd1..7a0a42a0f9f 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -515,6 +515,7 @@ class WebsitePage extends CommonObject $sql = 'SELECT COUNT(t.rowid) as nb'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; $sql .= ' WHERE t.fk_website = '.((int) $websiteid); + // Manage filter (same than into fetchAll) $sqlwhere = array(); if (count($filter) > 0) { diff --git a/test/phpunit/AllTests.php b/test/phpunit/AllTests.php index 9848ac2185e..633b0b61216 100644 --- a/test/phpunit/AllTests.php +++ b/test/phpunit/AllTests.php @@ -27,8 +27,10 @@ print "PHP Version: ".phpversion()."\n"; print "Memory limit: ". ini_get('memory_limit')."\n"; -// Workaround for false security issue with main.inc.php in tests: -$_SERVER['PHP_SELF'] = "phpunit"; +// Workaround for false security issue with main.inc.php on Windows in tests: +if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { + $_SERVER['PHP_SELF'] = "phpunit"; +} global $conf,$user,$langs,$db; //define('TEST_DB_FORCE_TYPE','mysql'); // This is to force using mysql driver