Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-13 19:25:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix #yogosha5756

Browse Source
This commit is contained in:
Laurent Destailleur
2021-03-29 21:30:26 +02:00
parent d93fbcd00b
commit 1d87f060dc
3 changed files with 14 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
htdocs/expensereport/ajax/ajaxik.php
View File

@@ -17,7 +17,7 @@
*/
/**
* \file htdocs/expensereport/ajax/ajaxprojet.php
* \file htdocs/expensereport/ajax/ajaxik.php
* \ingroup expensereport
* \brief File to return Ajax response on third parties request
*/
@@ -49,6 +49,12 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport_ik.class.php'
// Load translation files required by the page
$langs->loadlangs(array('errors', 'trips'));
$fk_expense = GETPOST('fk_expense', 'int');
$fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int');
// Security check
$result = restrictedArea($user, 'expensereport', $fk_expense, 'expensereport');
/*
* View
@@ -56,9 +62,6 @@ $langs->loadlangs(array('errors', 'trips'));
top_httphead();
$fk_expense = GETPOST('fk_expense', 'int');
$fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int');
if (empty($fk_expense) || $fk_expense < 0) {
echo json_encode(array('error' => $langs->transnoentitiesnoconv('ErrorBadValueForParameter', $fk_expense, 'fk_expense')));
} elseif (empty($fk_c_exp_tax_cat) || $fk_c_exp_tax_cat < 0) {

95
htdocs/expensereport/ajax/ajaxprojet.php
View File

@@ -1,95 +0,0 @@
<?php
/* Copyright (C) 2006 Andre Cianfarani <acianfa@free.fr>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2007-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2010 Cyrille de Lambert <info@auguria.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/expensereport/ajax/ajaxprojet.php
* \ingroup expensereport
* \brief File to return Ajax response on third parties request
*/
if (!defined('NOTOKENRENEWAL')) {
define('NOTOKENRENEWAL', 1); // Disables token renewal
}
if (!defined('NOREQUIREMENU')) {
define('NOREQUIREMENU', '1');
}
if (!defined('NOREQUIREHTML')) {
define('NOREQUIREHTML', '1');
}
if (!defined('NOREQUIREAJAX')) {
define('NOREQUIREAJAX', '1');
}
if (!defined('NOREQUIRESOC')) {
define('NOREQUIRESOC', '1');
}
if (!defined('NOCSRFCHECK')) {
define('NOCSRFCHECK', '1');
}
$res = 0;
require '../../main.inc.php';
/*
* View
*/
// Ajout directives pour resoudre bug IE
//header('Cache-Control: Public, must-revalidate');
//header('Pragma: public');
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog(join(',', $_GET));
// Generation liste des projets
if (GETPOST('fk_projet') != '') {
$return_arr = array();
$sql = "SELECT p.rowid, p.ref, p.title, s.nom";
$sql .= " FROM ".MAIN_DB_PREFIX."projet as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid";
if (!empty($_GET["fk_projet"])) {
$sql .= " WHERE p.ref LIKE '%".$db->escape($_GET["fk_projet"])."%' OR p.title LIKE '%".$db->escape($_GET["fk_projet"])."%' OR s.nom LIKE '%".$db->escape($_GET["fk_projet"])."%'"; // Add other filters
}
$sql .= " ORDER BY p.ref ASC";
$resql = $db->query($sql);
if ($resql) {
while ($row = $db->fetch_array($resql)) {
$label = $row['ref'].' - '.$row['title'];
$row_array['label'] = $label;
$row_array['value'] = $label;
$row_array['key'] = $row['rowid'];
array_push($return_arr, $row_array);
}
echo json_encode($return_arr);
} else {
echo json_encode(array('nom'=>'Error', 'label'=>'Error', 'key'=>'Error', 'value'=>'Error'));
}
} else {
echo json_encode(array('nom'=>'ErrorBadParameter', 'label'=>'ErrorBadParameter', 'key'=>'ErrorBadParameter', 'value'=>'ErrorBadParameter'));
}

17
htdocs/expensereport/card.php
View File

@@ -67,14 +67,6 @@ $socid = GETPOST('socid', 'int') ?GETPOST('socid', 'int') : GETPOST('socid_id',
$childids = $user->getAllChildIds(1);
// Security check
$id = GETPOST("id", 'int');
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'expensereport', $id, 'expensereport');
// Hack to use expensereport dir
$rootfordata = DOL_DATA_ROOT;
$rootforuser = DOL_DATA_ROOT;
@@ -111,10 +103,8 @@ $permissionnote = $user->rights->expensereport->creer; // Used by the include of
$permissiondellink = $user->rights->expensereport->creer; // Used by the include of actions_dellink.inc.php
$permissiontoadd = $user->rights->expensereport->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
$upload_dir = $conf->expensereport->dir_output.'/'.dol_sanitizeFileName($object->ref);
if ($object->id > 0) {
// Check current user can read this expense report
$canread = 0;
@@ -129,6 +119,13 @@ if ($object->id > 0) {
}
}
// Security check
$id = GETPOST("id", 'int');
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'expensereport', $object->id, 'expensereport');
/*
* Actions