diff --git a/htdocs/admin/supplier_order.php b/htdocs/admin/supplier_order.php index 9482a06be41..d4944ba0d74 100644 --- a/htdocs/admin/supplier_order.php +++ b/htdocs/admin/supplier_order.php @@ -385,7 +385,7 @@ foreach ($dirmodels as $reldir) { if (in_array($name, $def)) { print ''."\n"; if ($conf->global->COMMANDE_SUPPLIER_ADDON_PDF != "$name") { - print 'scandir).'&label='.urlencode($module->name).'&type=order_supplier">'; + print 'scandir).'&label='.urlencode($module->name).'&type=order_supplier">'; print img_picto($langs->trans("Enabled"), 'switch_on'); print ''; } else { @@ -401,8 +401,7 @@ foreach ($dirmodels as $reldir) { // Default print ''; if ($conf->global->COMMANDE_SUPPLIER_ADDON_PDF == "$name") { - // print img_picto($langs->trans("Default"), 'on'); - print 'scandir.'&label='.urlencode($module->name).'&type=order_supplier"" alt="'.$langs->trans("Disable").'">'.img_picto($langs->trans("Enabled"), 'on').''; + print 'scandir).'&label='.urlencode($module->name).'&type=order_supplier" alt="'.$langs->trans("Disable").'">'.img_picto($langs->trans("Enabled"), 'on').''; } else { print 'scandir).'&label='.urlencode($module->name).'&type=order_supplier" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"), 'off').''; } diff --git a/htdocs/api/class/api_access.class.php b/htdocs/api/class/api_access.class.php index f885677225e..7839cf14efc 100644 --- a/htdocs/api/class/api_access.class.php +++ b/htdocs/api/class/api_access.class.php @@ -1,6 +1,7 @@ * Copyright (C) 2016 Laurent Destailleur + * Copyright (C) 2023 Ferran Marcet * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -147,6 +148,9 @@ class DolibarrApiAccess implements iAuthenticate if ($result <= 0) { throw new RestException(503, 'Error when fetching user :'.$fuser->error.' (conf->entity='.$conf->entity.')'); } + if ($fuser->statut == 0) { + throw new RestException(503, 'Error when fetching user. This user has been locked or disabled'); + } $fuser->getrights(); diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 7947afa71ab..cf45a7d70d0 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -731,6 +731,8 @@ class ActionComm extends CommonObject $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 084f312c836..eb8ac018979 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -605,6 +605,7 @@ if (empty($reshook)) { $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); // Note that $action and $object may have been // modified by hook if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); $error++; } } else { diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 3717ed361b8..d71e4a93c2f 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1487,6 +1487,8 @@ class Propal extends CommonObject $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 586cf98d606..8281aa0e6d6 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -464,6 +464,7 @@ if (empty($reshook)) { // Note that $action and $object may be modified by hook $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); $error++; } } else { diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index bc867516d22..2cca732e374 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -1280,6 +1280,8 @@ class Commande extends CommonOrder $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } @@ -1435,6 +1437,8 @@ class Commande extends CommonOrder $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 9a8dd9d1c1c..c1e5856ab87 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1336,6 +1336,8 @@ class Facture extends CommonInvoice $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } @@ -1469,6 +1471,8 @@ class Facture extends CommonInvoice $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } diff --git a/htdocs/contrat/agenda.php b/htdocs/contrat/agenda.php index a8dc5e7ee3b..0841e5702d2 100644 --- a/htdocs/contrat/agenda.php +++ b/htdocs/contrat/agenda.php @@ -54,7 +54,11 @@ $ref = GETPOST('ref', 'alpha'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'contrat', $id, ''); + +// Security check +$fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : '')); +$fieldtype = (!empty($id) ? 'rowid' : 'ref'); +$result = restrictedArea($user, 'contrat', $fieldvalue, '', '', '', $fieldtype); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -73,6 +77,13 @@ if (!$sortorder) { $sortorder = 'DESC,DESC'; } + +$object = new Contrat($db); + +if ($id > 0 || !empty($ref)) { + $result = $object->fetch($id, $ref); +} + // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('agendacontract', 'globalcard')); @@ -81,7 +92,7 @@ $hookmanager->initHooks(array('agendacontract', 'globalcard')); * Actions */ -$parameters = array('id'=>$id); +$parameters = array('id' => $id, 'ref' => $ref); $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); @@ -102,8 +113,6 @@ if (empty($reshook)) { } - - /* * View */ @@ -114,7 +123,7 @@ if (!empty($conf->project->enabled)) { $formproject = new FormProjets($db); } -if ($id > 0) { +if ($object->id > 0) { // Load object modContract $module = (!empty($conf->global->CONTRACT_ADDON) ? $conf->global->CONTRACT_ADDON : 'mod_contract_serpis'); if (substr($module, 0, 13) == 'mod_contract_' && substr($module, -3) == 'php') { @@ -128,8 +137,6 @@ if ($id > 0) { require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php'; - $object = new Contrat($db); - $result = $object->fetch($id); $object->fetch_thirdparty(); $title = $langs->trans("Agenda"); @@ -205,13 +212,13 @@ if ($id > 0) { } $morehtmlref .= ''; - dol_banner_tab($object, 'id', $linkback, 1, 'ref', 'none', $morehtmlref); + dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'none', $morehtmlref); print '
'; print '
'; - $object->info($id); + $object->info($object->id); dol_print_object_info($object, 1); print '
'; @@ -254,7 +261,7 @@ if ($id > 0) { if (isModEnabled('agenda') && (!empty($user->rights->agenda->myactions->read) || !empty($user->rights->agenda->allactions->read))) { print '
'; - $param = '&id='.$id; + $param = '&id='.$object->id; if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) { $param .= '&contextpage='.$contextpage; } diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index bd202e62343..6e5e32570f4 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -369,6 +369,7 @@ if (empty($reshook)) { $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); // Note that $action and $object may have been // modified by hook if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); $error++; } } else { diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index f8ffa809a86..2ec708f9adf 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -2580,6 +2580,8 @@ class Contrat extends CommonObject $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $clonedObj, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 0a45e7c6446..264c12ffb65 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -345,6 +345,7 @@ function completeFileArrayWithDatabaseInfo(&$filearray, $relativedir) $filearray[$key]['position_name'] = ($filearrayindatabase[$key2]['position'] ? $filearrayindatabase[$key2]['position'] : '0').'_'.$filearrayindatabase[$key2]['name']; $filearray[$key]['position'] = $filearrayindatabase[$key2]['position']; $filearray[$key]['cover'] = $filearrayindatabase[$key2]['cover']; + $filearray[$key]['keywords'] = $filearrayindatabase[$key2]['keywords']; $filearray[$key]['acl'] = $filearrayindatabase[$key2]['acl']; $filearray[$key]['rowid'] = $filearrayindatabase[$key2]['rowid']; $filearray[$key]['label'] = $filearrayindatabase[$key2]['label']; diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index e0799a46f73..bc7e0f36baa 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -462,6 +462,8 @@ class ExpenseReport extends CommonObject $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index b1f99d40456..cd16e3d900e 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -1228,6 +1228,8 @@ class Fichinter extends CommonObject $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 92cfed778e4..7efcb5bf9a8 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -1702,6 +1702,8 @@ class CommandeFournisseur extends CommonOrder $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index cfe4a43d05e..8f5a4a7ac33 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1373,6 +1373,7 @@ if (empty($reshook)) { $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); // Note that $action and $object may have been if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); $error++; } } else { diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index d4bb56b3304..91e2ce9260d 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -425,6 +425,7 @@ if (empty($reshook)) { $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); // Note that $action and $object may have been // modified by hook if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); $error++; } } else { diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 018676dec0d..447988c5aab 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1173,6 +1173,8 @@ class SupplierProposal extends CommonObject $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } }