From 0846a1de2e7801b860b5917f6ee0d96d341ad983 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Thu, 20 Feb 2025 12:42:53 +0100 Subject: [PATCH 1/5] FIX Corna PDF : error break page --- .../supplier_order/doc/pdf_cornas.modules.php | 43 ++++++++++--------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/htdocs/core/modules/supplier_order/doc/pdf_cornas.modules.php b/htdocs/core/modules/supplier_order/doc/pdf_cornas.modules.php index 885a25b84b5..8951e69b861 100644 --- a/htdocs/core/modules/supplier_order/doc/pdf_cornas.modules.php +++ b/htdocs/core/modules/supplier_order/doc/pdf_cornas.modules.php @@ -269,13 +269,14 @@ class pdf_cornas extends ModelePDFSuppliersOrders $pdf = pdf_getInstance($this->format); $default_font_size = pdf_getPDFFontSize($outputlangs); // Must be after pdf_getInstance - $heightforinfotot = 50; // Height reserved to output the info and total part + $pdf->SetAutoPageBreak(1, 0); + + $heightforinfotot = 40; // Height reserved to output the info and total part $heightforfreetext = (isset($conf->global->MAIN_PDF_FREETEXT_HEIGHT) ? $conf->global->MAIN_PDF_FREETEXT_HEIGHT : 5); // Height reserved to output the free text on last page $heightforfooter = $this->marge_basse + 8; // Height reserved to output the footer (value include bottom margin) if (getDolGlobalString('MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS')) { $heightforfooter += 6; } - $pdf->SetAutoPageBreak(1, 0); if (class_exists('TCPDF')) { $pdf->setPrintHeader(false); @@ -328,6 +329,8 @@ class pdf_cornas extends ModelePDFSuppliersOrders $tab_height = $this->page_hauteur - $tab_top - $heightforfooter - $heightforfreetext; + $nexY = $tab_top - 1; + // Incoterm $height_incoterms = 0; if (isModEnabled('incoterm')) { @@ -337,7 +340,7 @@ class pdf_cornas extends ModelePDFSuppliersOrders $pdf->SetFont('', '', $default_font_size - 1); $pdf->writeHTMLCell(190, 3, $this->posxdesc - 1, $tab_top - 1, dol_htmlentitiesbr($desc_incoterms), 0, 1); - $nexY = $pdf->GetY(); + $nexY = max($pdf->GetY(), $nexY); $height_incoterms = $nexY - $tab_top; // Rect takes a length in 3rd parameter @@ -360,6 +363,8 @@ class pdf_cornas extends ModelePDFSuppliersOrders $pagenb = $pdf->getPage(); if (!empty($notetoshow)) { + $tab_top -= 2; + $tab_width = $this->page_largeur - $this->marge_gauche - $this->marge_droite; $pageposbeforenote = $pagenb; @@ -368,8 +373,6 @@ class pdf_cornas extends ModelePDFSuppliersOrders $notetoshow = make_substitutions($notetoshow, $substitutionarray, $outputlangs); $notetoshow = convertBackOfficeMediasLinksToPublicLinks($notetoshow); - $tab_top -= 2; - $pdf->startTransaction(); $pdf->SetFont('', '', $default_font_size - 1); @@ -484,21 +487,11 @@ class pdf_cornas extends ModelePDFSuppliersOrders // Use new auto column system $this->prepareArrayColumnField($object, $outputlangs, $hidedetails, $hidedesc, $hideref); + $nexY = $tab_top + $this->tabTitleHeight; $pageposbeforeprintlines = $pdf->getPage(); $pagenb = $pageposbeforeprintlines; - // Show square - if ($pagenb == $pageposbeforeprintlines) { - $this->_tableau($pdf, $tab_top, $this->page_hauteur - $tab_top - $heightforinfotot - $heightforfreetext - $heightforfooter, 0, $outputlangs, $hidetop, 0, $object->multicurrency_code); - $bottomlasttab = $this->page_hauteur - $heightforinfotot - $heightforfreetext - $heightforfooter + 1; - } else { - $this->_tableau($pdf, $tab_top_newpage, $this->page_hauteur - $tab_top_newpage - $heightforinfotot - $heightforfreetext - $heightforfooter, 0, $outputlangs, 1, 0, $object->multicurrency_code); - $bottomlasttab = $this->page_hauteur - $heightforinfotot - $heightforfreetext - $heightforfooter + 1; - } - - $nexY = $tab_top + $this->tabTitleHeight; - // Loop on each lines for ($i = 0; $i < $nblines; $i++) { $curY = $nexY; @@ -547,20 +540,20 @@ class pdf_cornas extends ModelePDFSuppliersOrders } // Description of product line - $curX = $this->posxdesc - 1; $showpricebeforepagebreak = 1; if ($this->getColumnStatus('desc')) { $pdf->startTransaction(); $this->printColDescContent($pdf, $curY, 'desc', $object, $i, $outputlangs, $hideref, $hidedesc, 1); - $pageposafter = $pdf->getPage(); + if ($pageposafter > $pageposbefore) { // There is a pagebreak $pdf->rollbackTransaction(true); + $pageposafter = $pageposbefore; + $pdf->setPageOrientation('', 1, $heightforfooter); // The only function to edit the bottom margin of current page to set it. $this->printColDescContent($pdf, $curY, 'desc', $object, $i, $outputlangs, $hideref, $hidedesc, 1); - $pageposafter = $pdf->getPage(); $posyafter = $pdf->GetY(); if ($posyafter > ($this->page_hauteur - ($heightforfooter + $heightforfreetext + $heightforinfotot))) { // There is no space left for total+free text @@ -587,8 +580,10 @@ class pdf_cornas extends ModelePDFSuppliersOrders $posYAfterDescription = $pdf->GetY(); } - $nexY = $pdf->GetY(); + $nexY = max($pdf->GetY(), $posYAfterImage); + $pageposafter = $pdf->getPage(); + $pdf->setPage($pageposbefore); $pdf->setTopMargin($this->marge_haute); $pdf->setPageOrientation('', 1, 0); // The only function to edit the bottom margin of current page to set it. @@ -790,6 +785,14 @@ class pdf_cornas extends ModelePDFSuppliersOrders } } + // Show square + if ($pagenb == $pageposbeforeprintlines) { + $this->_tableau($pdf, $tab_top, $this->page_hauteur - $tab_top - $heightforinfotot - $heightforfreetext - $heightforfooter, 0, $outputlangs, $hidetop, 0, $object->multicurrency_code, $outputlangsbis); + } else { + $this->_tableau($pdf, $tab_top_newpage, $this->page_hauteur - $tab_top_newpage - $heightforinfotot - $heightforfreetext - $heightforfooter, 0, $outputlangs, 1, 0, $object->multicurrency_code, $outputlangsbis); + } + $bottomlasttab = $this->page_hauteur - $heightforinfotot - $heightforfreetext - $heightforfooter + 1; + // Affiche zone infos $posy = $this->_tableau_info($pdf, $object, $bottomlasttab, $outputlangs); From b21a596cf2545ae0e7d144534ff20ebfe6a37aaf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 22 Feb 2025 20:08:17 +0100 Subject: [PATCH 2/5] Fix bad constant name PDF_ERATOSTHENE_ADD_POSITION --- htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php index 23ef65337e3..a5247729624 100644 --- a/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_eratosthene.modules.php @@ -1786,7 +1786,7 @@ class pdf_eratosthene extends ModelePDFCommandes $this->cols['position'] = array( 'rank' => $rank, 'width' => 10, - 'status' => getDolGlobalInt('PDF_ERATOSHTENE_ADD_POSITION') ? true : (getDolGlobalInt('PDF_ADD_POSITION') ? true : false), + 'status' => (getDolGlobalInt('PDF_ERATOSTHENE_ADD_POSITION') || getDolGlobalInt('PDF_ERATOSHTENE_ADD_POSITION')) ? true : (getDolGlobalInt('PDF_ADD_POSITION') ? true : false), 'title' => array( 'textkey' => '#', // use lang key is useful in somme case with module 'align' => 'C', From 950d7259f0da0035400ed186e44e3fd5507249f6 Mon Sep 17 00:00:00 2001 From: Eric Seigne Date: Tue, 25 Feb 2025 15:20:25 +0100 Subject: [PATCH 3/5] Fix Situation Percent with USE_INVOICE_SITUATION = 2 --- htdocs/compta/facture/card.php | 2 +- htdocs/compta/facture/class/facture.class.php | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index cc0460ffead..2df00a8f637 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -2006,7 +2006,7 @@ if (empty($reshook)) { $line->fk_prev_id = $line->id; $line->fetch_optionals(); if (getDolGlobalInt('INVOICE_USE_SITUATION') == 2) { - $line->situation_percent = $line->get_allprev_progress($object->id);; // get good progress including credit note + $line->situation_percent = 0; // New situation percent must be 0 (No cumulative) } else { $line->situation_percent = $line->get_prev_progress($object->id); // get good progress including credit note } diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 5c2ae3b38af..9772c590d85 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -3874,7 +3874,12 @@ class Facture extends CommonInvoice $fk_prev_id = 'null'; } if (!isset($situation_percent) || $situation_percent > 100 || (string) $situation_percent == '' || $situation_percent == null) { - $situation_percent = 100; + // INVOICE_USE_SITUATION = 2 - Lines situation percent on new lines must be 0 (No cumulative) + if ($this->type == Facture::TYPE_SITUATION && getDolGlobalInt('INVOICE_USE_SITUATION') == 2 && (int) $situation_percent < 100) { + $situation_percent = 0; + } else { + $situation_percent = 100; + } } if (empty($ref_ext)) { $ref_ext = ''; From 4f0b90950845abd13bc7b73175f4777c6d294280 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 26 Feb 2025 09:30:37 +0100 Subject: [PATCH 4/5] FIX Stats Supplier turnover by thirdparty - Problem on search --- .../stats/supplier_turnover_by_thirdparty.php | 60 ++++++++++++------- 1 file changed, 40 insertions(+), 20 deletions(-) diff --git a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php index 367666b0692..1c21c1e2303 100644 --- a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php +++ b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php @@ -1,6 +1,7 @@ - * Copyright (C) 2023 Ferran Marcet +/* Copyright (C) 2020 Maxime Kohlhaas + * Copyright (C) 2023 Ferran Marcet + * Copyright (C) 2025 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -56,11 +57,25 @@ $socid = GETPOSTINT('socid'); // Category $selected_cat = GETPOSTINT('search_categ'); +if ($selected_cat == -1) { + $selected_cat = 0; +} $subcat = false; if (GETPOST('subcat', 'alpha') === 'yes') { $subcat = true; } +// Security check +if ($user->socid > 0) { + $socid = $user->socid; +} +if (isModEnabled('comptabilite')) { + $result = restrictedArea($user, 'compta', '', '', 'resultat'); +} +if (isModEnabled('accounting')) { + $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); +} + // Hook $hookmanager->initHooks(array('supplierturnoverbythirdpartylist')); @@ -148,12 +163,24 @@ $commonparams['sortorder'] = $sortorder; $commonparams['sortfield'] = $sortfield; $headerparams = array(); -$headerparams['date_startyear'] = $date_startyear; -$headerparams['date_startmonth'] = $date_startmonth; -$headerparams['date_startday'] = $date_startday; -$headerparams['date_endyear'] = $date_endyear; -$headerparams['date_endmonth'] = $date_endmonth; -$headerparams['date_endday'] = $date_endday; +if (!empty($date_startyear)) { + $headerparams['date_startyear'] = $date_startyear; +} +if (!empty($date_startmonth)) { + $headerparams['date_startmonth'] = $date_startmonth; +} +if (!empty($date_startday)) { + $headerparams['date_startday'] = $date_startday; +} +if (!empty($date_endyear)) { + $headerparams['date_endyear'] = $date_endyear; +} +if (!empty($date_endmonth)) { + $headerparams['date_endmonth'] = $date_endmonth; +} +if (!empty($date_endday)) { + $headerparams['date_endday'] = $date_endday; +} $tableparams = array(); $tableparams['search_categ'] = $selected_cat; @@ -173,16 +200,7 @@ foreach ($allparams as $key => $value) { $paramslink .= '&'.$key.'='.$value; } -// Security check -if ($user->socid > 0) { - $socid = $user->socid; -} -if (isModEnabled('comptabilite')) { - $result = restrictedArea($user, 'compta', '', '', 'resultat'); -} -if (isModEnabled('accounting')) { - $result = restrictedArea($user, 'accounting', '', '', 'comptarapport'); -} + /* @@ -203,6 +221,9 @@ if ($modecompta == "BOOKKEEPINGCOLLECTED") { $modecompta = "RECETTES-DEPENSES"; } +$namelink = ''; +$builddate = dol_now(); + // Show report header if ($modecompta == "CREANCES-DETTES") { $name = $langs->trans("PurchaseTurnover").', '.$langs->trans("ByThirdParties"); @@ -223,7 +244,6 @@ if ($modecompta == "CREANCES-DETTES") { // TODO } -$builddate = dol_now(); $period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); $period .= ' - '; $period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); @@ -235,7 +255,7 @@ if ($date_end == dol_time_plus_duree($date_start, 1, 'y') - 1) { $exportlink = ''; -report_header($name, '', $period, $periodlink, $description, $builddate, $exportlink, $tableparams, $calcmode); +report_header($name, $namelink, $period, $periodlink, $description, $builddate, $exportlink, $tableparams, $calcmode); if (isModEnabled('accounting')) { if ($modecompta != 'BOOKKEEPING') { From c583211cb06a45e4b09dc96b25380436ec1c3311 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 Feb 2025 00:07:27 +0100 Subject: [PATCH 5/5] FIX Security path transversal with modulepart=medias --- htdocs/core/lib/files.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 6f1fe961852..7aa51b29c3b 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2808,7 +2808,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $entity = 1; } $accessallowed = 1; - $original_file = (empty($conf->medias->multidir_output[$entity]) ? $conf->medias->dir_output : $conf->medias->multidir_output[$entity]).'/'.$original_file; + $original_file = (empty($conf->medias->multidir_output[$entity]) ? (empty($conf->medias->dir_output) ? DOL_DATA_ROOT.'/medias' : $conf->medias->dir_output) : $conf->medias->multidir_output[$entity]).'/'.$original_file; } elseif ($modulepart == 'logs' && !empty($dolibarr_main_data_root)) { // Wrapping for *.log files, like when used with url http://.../document.php?modulepart=logs&file=dolibarr.log $accessallowed = ($user->admin && basename($original_file) == $original_file && preg_match('/^dolibarr.*\.(log|json)$/', basename($original_file)));