diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index a984ef485c7..b21ee86a328 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -274,6 +274,9 @@ function getEntity($element, $shared = 1, $currentobject = null) // fix different element names (France to English) switch ($element) { + case 'projet': + $element = 'project'; + break; case 'contrat': $element = 'contract'; break; // "/contrat/class/contrat.class.php" diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 9d38e7fdb3d..7818b9d2e7e 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -389,6 +389,10 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '', if ($features == 'facturerec') { $features = 'facture'; } + if ($features == 'supplier_invoicerec') { + $features = 'fournisseur'; + $feature2 = 'facture'; + } if ($features == 'mo') { $features = 'mrp'; } diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php index 0fd313e4cd1..7f01c1f3902 100644 --- a/htdocs/core/lib/website.lib.php +++ b/htdocs/core/lib/website.lib.php @@ -76,6 +76,9 @@ function dolStripPhpCode($str, $replacewith = '') function dolKeepOnlyPhpCode($str) { $str = str_replace('formconfirm($_SERVER["PHP_SELF"], $langs->trans("ConfirmMassDraftDeletion"), $langs->trans("ConfirmMassDeletionQuestion", count($toselect)), "delete", null, '', 0, 200, 500, 1); } @@ -94,7 +93,7 @@ if ($massaction == 'preaffecttag' && isModEnabled('category')) { } } -if ($massaction == 'preupdateprice' && isModEnabled('category')) { +if ($massaction == 'preupdateprice') { $formquestion = array(); $valuefield = '
'; diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index cec7cba23b7..17a3a16485f 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -366,7 +366,7 @@ $num = $db->num_rows($resql); if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $search_all && !$page) { $obj = $db->fetch_object($resql); $id = $obj->rowid; - header("Location: ".dol_buildpath('/mymodule/myobject_card.php', 1).'?id='.$id); + header("Location: ".dol_buildpath('/fichinter/card.php', 1).'?id='.$id); exit; } diff --git a/htdocs/fourn/facture/card-rec.php b/htdocs/fourn/facture/card-rec.php index 126a11e1ec5..3d8bdf23d36 100644 --- a/htdocs/fourn/facture/card-rec.php +++ b/htdocs/fourn/facture/card-rec.php @@ -126,7 +126,8 @@ $now = dol_now(); $error = 0; -$result = restrictedArea($user, 'facture', $object->id, $objecttype); +$result = restrictedArea($user, 'supplier_invoicerec', $object->id, $objecttype); + /* diff --git a/htdocs/fourn/facture/list-rec.php b/htdocs/fourn/facture/list-rec.php index f699765e2dd..e90aca5a576 100644 --- a/htdocs/fourn/facture/list-rec.php +++ b/htdocs/fourn/facture/list-rec.php @@ -66,7 +66,6 @@ $objecttype = 'facture_fourn_rec'; if ($action == "create" || $action == "add") { $objecttype = ''; } -$result = restrictedArea($user, 'facture', $id, $objecttype); $search_ref = GETPOST('search_ref'); $search_societe = GETPOST('search_societe'); @@ -169,7 +168,7 @@ if ($socid > 0) { } $objecttype = 'facture_fourn_rec'; -$result = restrictedArea($user, 'facture', $object->id, $objecttype); +$result = restrictedArea($user, 'supplier_invoicerec', $object->id, $objecttype); /* diff --git a/htdocs/index.php b/htdocs/index.php index b1ef9a66d0a..40f3fa7e9ea 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -455,7 +455,7 @@ if (empty($conf->global->MAIN_DISABLE_GLOBAL_WORKBOARD)) { // We calculate $totallate. Must be defined before start of next loop because it is show in first fetch on next loop foreach ($valid_dashboardlines as $board) { - if ($board->nbtodolate > 0) { + if (is_numeric($board->nbtodo) && is_numeric($board->nbtodolate) && $board->nbtodolate > 0) { $totaltodo += $board->nbtodo; $totallate += $board->nbtodolate; } diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index 12f8d2e21f5..af66817c339 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -4100,6 +4100,7 @@ function migrate_delete_old_files($db, $langs, $conf) // List of files to delete $filetodeletearray = array( + '/core/ajax/ajaxcompanies.php', '/core/triggers/interface_demo.class.php', '/core/menus/barre_left/default.php', '/core/menus/barre_top/default.php', diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php index 50a03e6fdb3..70c35008c8d 100644 --- a/htdocs/master.inc.php +++ b/htdocs/master.inc.php @@ -191,9 +191,9 @@ if (session_id() && !empty($_SESSION["dol_entity"])) { } elseif (!empty($_ENV["dol_entity"])) { // Entity inside a CLI script $conf->entity = $_ENV["dol_entity"]; -} elseif (GETPOSTISSET("loginfunction") && GETPOST("entity", 'int')) { +} elseif (GETPOSTISSET("loginfunction") && (GETPOST("entity", 'int') || GETPOST("switchentity", 'int'))) { // Just after a login page - $conf->entity = GETPOST("entity", 'int'); + $conf->entity = (GETPOSTISSET("entity") ? GETPOST("entity", 'int') : GETPOST("switchentity", 'int')); } elseif (defined('DOLENTITY') && is_numeric(constant('DOLENTITY'))) { // For public page with MultiCompany module $conf->entity = constant('DOLENTITY'); diff --git a/htdocs/modulebuilder/template/admin/setup.php b/htdocs/modulebuilder/template/admin/setup.php index d4023d4840d..b27f77d2ef9 100644 --- a/htdocs/modulebuilder/template/admin/setup.php +++ b/htdocs/modulebuilder/template/admin/setup.php @@ -257,7 +257,7 @@ if ($action == 'updateMask') { if (dolibarr_set_const($db, $constforval, $value, 'chaine', 0, '', $conf->entity)) { // The constant that was read before the new set // We therefore requires a variable to have a coherent view - $conf->global->$constforval = $value; + $conf->global->{$constforval} = $value; } // We disable/enable the document template (into llx_document_model table) diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index dd6d02993b1..5b3be07105c 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -85,7 +85,7 @@ class MyObject extends CommonObject * Note: Filter must be a Dolibarr Universal Filter syntax string. Example: "(t.ref:like:'SO-%') or (t.date_creation:<:'20160101') or (t.status:!=:0) or (t.nature:is:NULL)" * 'label' the translation key. * 'picto' is code of a picto to show before value in forms - * 'enabled' is a condition when the field must be managed (Example: 1 or 'getDolGlobalInt('MY_SETUP_PARAM') or 'isModEnabled("multicurrency")' ...) + * 'enabled' is a condition when the field must be managed (Example: 1 or 'getDolGlobalInt("MY_SETUP_PARAM")' or 'isModEnabled("multicurrency")' ...) * 'position' is the sort order of field. * 'notnull' is set to 1 if not null in database. Set to -1 if we must set data to null if empty ('' or 0). * 'visible' says if field is visible in list (Examples: 0=Not visible, 1=Visible on list and create/update/view forms, 2=Visible on list only, 3=Visible on create/update/view form only (not list), 4=Visible on list and update/view form only (not create). 5=Visible on list and view only (not create/not update). Using a negative value means field is not shown by default on list but can be selected for viewing) @@ -575,7 +575,7 @@ class MyObject extends CommonObject return 0; } - /*if (! ((!getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && !empty($user->rights->mymodule->myobject->write)) + /* if (! ((!getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('mymodule','write')) || (getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && !empty($user->rights->mymodule->myobject->myobject_advance->validate)))) { $this->error='NotEnoughPermissions'; @@ -693,8 +693,8 @@ class MyObject extends CommonObject return 0; } - /*if (! ((!getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && !empty($user->rights->mymodule->write)) - || (getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && !empty($user->rights->mymodule->mymodule_advance->validate)))) + /* if (! ((!getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('mymodule','write')) + || (getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('mymodule','mymodule_advance','validate')))) { $this->error='Permission denied'; return -1; @@ -717,8 +717,8 @@ class MyObject extends CommonObject return 0; } - /*if (! ((!getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && !empty($user->rights->mymodule->write)) - || (getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && !empty($user->rights->mymodule->mymodule_advance->validate)))) + /* if (! ((!getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('mymodule','write')) + || (getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('mymodule','mymodule_advance','validate')))) { $this->error='Permission denied'; return -1; @@ -741,13 +741,14 @@ class MyObject extends CommonObject return 0; } - /*if (! ((!getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && !empty($user->rights->mymodule->write)) - || (getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && !empty($user->rights->mymodule->mymodule_advance->validate)))) + /*if (! ((!getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('mymodule','write')) + || (getDolGlobalInt('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('mymodule','mymodule_advance','validate')))) { $this->error='Permission denied'; return -1; }*/ + return $this->setStatusCommon($user, self::STATUS_VALIDATED, $notrigger, 'MYOBJECT_REOPEN'); } @@ -865,7 +866,7 @@ class MyObject extends CommonObject $pospoint = strpos($filearray[0]['name'], '.'); $pathtophoto = $class.'/'.$this->ref.'/thumbs/'.substr($filename, 0, $pospoint).'_mini'.substr($filename, $pospoint); - if (!getDolGlobalInt(strtoupper($module.'_'.$class).'_FORMATLISTPHOTOSASUSERS')) { + if (!getDolGlobalString(strtoupper($module.'_'.$class).'_FORMATLISTPHOTOSASUSERS')) { $result .= '
No photo
'; } else { $result .= '
No photo
'; diff --git a/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php b/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php index a0b27ba3684..5014b764832 100644 --- a/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php +++ b/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php @@ -279,8 +279,8 @@ class doc_generic_myobject_odt extends ModelePDFMyObject // Get extension (ods or odt) $newfileformat = substr($newfile, strrpos($newfile, '.') + 1); - if (getDolGlobalInt('MAIN_DOC_USE_TIMING')) { - $format = getDolGlobalInt('MAIN_DOC_USE_TIMING'); + if (getDolGlobalString('MAIN_DOC_USE_TIMING')) { + $format = getDolGlobalString('MAIN_DOC_USE_TIMING'); if ($format == '1') { $format = '%Y%m%d%H%M%S'; } diff --git a/htdocs/modulebuilder/template/core/modules/mymodule/doc/pdf_standard_myobject.modules.php b/htdocs/modulebuilder/template/core/modules/mymodule/doc/pdf_standard_myobject.modules.php index f24067f7547..9826936f8ab 100644 --- a/htdocs/modulebuilder/template/core/modules/mymodule/doc/pdf_standard_myobject.modules.php +++ b/htdocs/modulebuilder/template/core/modules/mymodule/doc/pdf_standard_myobject.modules.php @@ -197,8 +197,7 @@ class pdf_standard_myobject extends ModelePDFMyObject $realpatharray = array(); $this->atleastonephoto = false; /* - if (getDolGlobalInt('MAIN_GENERATE_MYOBJECT_WITH_PICTURE'))) - { + if (getDolGlobalInt('MAIN_GENERATE_MYOBJECT_WITH_PICTURE'))) { $objphoto = new Product($this->db); for ($i = 0; $i < $nblines; $i++) @@ -284,7 +283,7 @@ class pdf_standard_myobject extends ModelePDFMyObject $pdf->SetAutoPageBreak(1, 0); $heightforinfotot = 50; // Height reserved to output the info and total part and payment part - $heightforfreetext = (isset($conf->global->MAIN_PDF_FREETEXT_HEIGHT) ? $conf->global->MAIN_PDF_FREETEXT_HEIGHT : 5); // Height reserved to output the free text on last page + $heightforfreetext = getDolGlobalInt('MAIN_PDF_FREETEXT_HEIGHT', 5); // Height reserved to output the free text on last page $heightforfooter = $this->marge_basse + (getDolGlobalInt('MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS') ? 12 : 22); // Height reserved to output the footer (value include bottom margin) if (class_exists('TCPDF')) { @@ -316,7 +315,7 @@ class pdf_standard_myobject extends ModelePDFMyObject $cert = empty($user->conf->CERTIFICATE_CRT) ? '' : $user->conf->CERTIFICATE_CRT; // If user has no certificate, we try to take the company one if (!$cert) { - $cert = getDolGlobalString('CERTIFICATE_CRT') ? '' : getDolGlobalString('CERTIFICATE_CRT'); + $cert = getDolGlobalString('CERTIFICATE_CRT'); } // If a certificate is found if ($cert) { @@ -1080,7 +1079,7 @@ class pdf_standard_myobject extends ModelePDFMyObject } // Recipient name - if ($object->contact->socid != $object->thirdparty->id && (!isset($conf->global->MAIN_USE_COMPANY_NAME_OF_CONTACT) || !empty($conf->global->MAIN_USE_COMPANY_NAME_OF_CONTACT))) { + if ($object->contact->socid != $object->thirdparty->id && getDolGlobalInt('MAIN_USE_COMPANY_NAME_OF_CONTACT')) { $thirdparty = $object->contact; } else { $thirdparty = $object->thirdparty; @@ -1239,7 +1238,7 @@ class pdf_standard_myobject extends ModelePDFMyObject 'border-left' => true, // add left line separator ); - if (getDolGlobalInt('MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT') && !getDolGlobalInt('MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT_COLUMN')) { + if (!getDolGlobalInt('MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT') && !getDolGlobalInt('MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT_COLUMN')) { $this->cols['vat']['status'] = true; } @@ -1290,7 +1289,7 @@ class pdf_standard_myobject extends ModelePDFMyObject ), 'border-left' => true, // add left line separator ); - if (!empty($conf->global->PRODUCT_USE_UNITS)) { + if (getDolGlobalInt('PRODUCT_USE_UNITS')) { $this->cols['unit']['status'] = true; } diff --git a/htdocs/modulebuilder/template/myobject_agenda.php b/htdocs/modulebuilder/template/myobject_agenda.php index 57409ab097c..00c5b9d1bc7 100644 --- a/htdocs/modulebuilder/template/myobject_agenda.php +++ b/htdocs/modulebuilder/template/myobject_agenda.php @@ -189,6 +189,7 @@ if ($object->id > 0) { $title = $langs->trans("MyObject")." - ".$langs->trans('Agenda'); //$title = $object->ref." - ".$langs->trans("Agenda"); $help_url = 'EN:Module_Agenda_En|DE:Modul_Terminplanung'; + llxHeader('', $title, $help_url); if (isModEnabled('notification')) { diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index f3d39a829a5..56430cf1dbc 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -405,10 +405,10 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea /* // Ref customer $morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, $usercancreate, 'string', '', 0, 1); - $morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, $usercancreate, 'string'.(isset($conf->global->THIRDPARTY_REF_INPUT_SIZE) ? ':'.$conf->global->THIRDPARTY_REF_INPUT_SIZE : ''), '', null, null, '', 1); + $morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, $usercancreate, 'string'.(getDolGlobalInt('THIRDPARTY_REF_INPUT_SIZE') ? ':'.getDolGlobalInt('THIRDPARTY_REF_INPUT_SIZE') : ''), '', null, null, '', 1); // Thirdparty $morehtmlref .= '
'.$object->thirdparty->getNomUrl(1, 'customer'); - if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { + if (!getDolGlobalInt('MAIN_DISABLE_OTHER_LINK') && $object->thirdparty->id > 0) { $morehtmlref .= ' ('.$langs->trans("OtherOrders").')'; } // Project diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index a174dc9ffad..9fc46541bf7 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -412,7 +412,7 @@ $num = $db->num_rows($resql); // Direct jump if only one record found -if ($num == 1 && !getDolGlobalInt('MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE') && $search_all && !$page) { +if ($num == 1 && getDolGlobalInt('MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE') && $search_all && !$page) { $obj = $db->fetch_object($resql); $id = $obj->rowid; header("Location: ".dol_buildpath('/mymodule/myobject_card.php', 1).'?id='.((int) $id)); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 7f54948216a..ff3115ee40b 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -5056,7 +5056,7 @@ class Product extends CommonObject { global $conf, $langs; - $langs->load('products', 'other'); + $langs->loadLangs(array('products', 'other')); $datas = array(); $nofetch = !empty($params['nofetch']); diff --git a/htdocs/projet/ajax/projects.php b/htdocs/projet/ajax/projects.php index 03d118dc9b9..fbb02a60a48 100644 --- a/htdocs/projet/ajax/projects.php +++ b/htdocs/projet/ajax/projects.php @@ -53,7 +53,6 @@ $discard_closed = GETPOST('discardclosed', 'int'); // Security check restrictedArea($user, 'projet', 0, 'projet&project'); - /* * View */ @@ -62,29 +61,32 @@ dol_syslog("Call ajax projet/ajax/projects.php"); require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; -top_httphead('application/json'); - -if (empty($htmlname) && !GETPOST('mode', 'aZ09')) { - return; -} - // Mode to get list of projects if (empty($mode) || $mode != 'gettasks') { + top_httphead('application/json'); + // When used from jQuery, the search term is added as GET param "term". $searchkey = (GETPOSTISSET($htmlname) ? GETPOST($htmlname, 'aZ09') : ''); $formproject = new FormProjets($db); - $arrayresult = $formproject->select_projects_list($socid, '', $htmlname, 0, 0, 1, $discard_closed, 0, 0, 1, $searchkey); -} + $arrayresult = $formproject->select_projects_list($socid, '', '', 0, 0, 1, $discard_closed, 0, 0, 1, $searchkey); + + $db->close(); + + print json_encode($arrayresult); -// Mode to get list of tasks -if ($mode == 'gettasks') { - $formproject = new FormProjets($db); - $formproject->selectTasks((!empty($socid) ? $socid : -1), 0, 'taskid', 24, 1, '1', 1, 0, 0, 'maxwidth500', GETPOST('projectid', 'int'), ''); return; } +// Mode to get list of tasks +// THIS MODE RETURNS HTML NOT JSON - THE CALL SHOULD BE UPDATE IN THE FUTURE +if ($mode == 'gettasks') { + top_httphead(); -$db->close(); + $formproject = new FormProjets($db); + $formproject->selectTasks((!empty($socid) ? $socid : -1), 0, 'taskid', 24, 1, '1', 1, 0, 0, 'maxwidth500', GETPOST('projectid', 'int'), ''); -print json_encode($arrayresult); + $db->close(); + + return; +} diff --git a/test/phpunit/WebsiteTest.php b/test/phpunit/WebsiteTest.php index a0cbc5084c7..86d510ce8c8 100644 --- a/test/phpunit/WebsiteTest.php +++ b/test/phpunit/WebsiteTest.php @@ -226,4 +226,27 @@ class WebsiteTest extends PHPUnit\Framework\TestCase print __METHOD__." result checkPHPCode=".$result."\n"; $this->assertEquals($result, 1, 'checkPHPCode did not detect the string was dangerous'); } + + /** + * testDolKeepOnlyPhpCode + * + * @return void + */ + public function testDolKeepOnlyPhpCode() + { + $s = 'HTML content and more HTML content'; + $result = dolKeepOnlyPhpCode($s); + print __METHOD__." result dolKeepOnlyPhpCode=".$result."\n"; + $this->assertEquals('', $result, 'dolKeepOnlyPhpCode did extract the correct string'); + + $s = 'HTML content and more HTML content'; + $result = dolKeepOnlyPhpCode($s); + print __METHOD__." result dolKeepOnlyPhpCode=".$result."\n"; + $this->assertEquals('', $result, 'dolKeepOnlyPhpCode did extract the correct string'); + + $s = 'HTML content and more HTML content'; + $result = dolKeepOnlyPhpCode($s); + print __METHOD__." result dolKeepOnlyPhpCode=".$result."\n"; + $this->assertEquals('', $result, 'dolKeepOnlyPhpCode did extract the correct string'); + } }