diff --git a/htdocs/adherents/cartes/carte.php b/htdocs/adherents/cartes/carte.php index 2c1db41ed00..be3a13d8771 100644 --- a/htdocs/adherents/cartes/carte.php +++ b/htdocs/adherents/cartes/carte.php @@ -29,19 +29,18 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/modules/member/modules_cards.php'; require_once DOL_DOCUMENT_ROOT.'/core/modules/printsheet/modules_labels.php'; -$langs->load("members"); -$langs->load("errors"); +$langs->loadLangs(array("members","errors")); // Choix de l'annee d'impression ou annee courante. $now = dol_now(); $year=dol_print_date($now,'%Y'); $month=dol_print_date($now,'%m'); $day=dol_print_date($now,'%d'); -$foruserid=GETPOST('foruserid'); -$foruserlogin=GETPOST('foruserlogin'); -$mode=GETPOST('mode'); -$model=GETPOST("model"); // Doc template to use for business cards -$modellabel=GETPOST("modellabel"); // Doc template to use for address sheet +$foruserid=GETPOST('foruserid','alphanohtml'); +$foruserlogin=GETPOST('foruserlogin','alphanohtml'); +$mode=GETPOST('mode','aZ09'); +$model=GETPOST("model",'aZ09'); // Doc template to use for business cards +$modellabel=GETPOST("modellabel",'aZ09'); // Doc template to use for address sheet $mesg=''; $adherentstatic=new Adherent($db); diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 7f4b0a92c1e..aa6763654e3 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -43,7 +43,7 @@ $toselect = GETPOST('toselect', 'array'); $result=restrictedArea($user,'adherent'); $filter=GETPOST("filter",'alpha'); -$statut=GETPOST("statut",'alpha'); +$statut=GETPOST("statut",'intcomma'); $search=GETPOST("search",'alpha'); $search_ref=GETPOST("search_ref",'alpha'); $search_lastname=GETPOST("search_lastname",'alpha'); diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php index 2c90c0ed99b..748fc7a0309 100644 --- a/htdocs/admin/agenda.php +++ b/htdocs/admin/agenda.php @@ -75,6 +75,12 @@ else if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') ||GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers { $search_event = ''; + $action = ''; +} + +if (GETPOST('button_search_x','alpha') || GETPOST('button_search.x','alpha') ||GETPOST('button_search','alpha')) // To avoid the save when we click on search +{ + $action = ''; } if ($action == "save" && empty($cancel)) @@ -106,34 +112,6 @@ if ($action == "save" && empty($cancel)) } } -if (preg_match('/set_(.*)/',$action,$reg)) -{ - $code=$reg[1]; - $value=(GETPOST($code) ? GETPOST($code) : 1); - if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) - { - Header("Location: ".$_SERVER["PHP_SELF"]); - exit; - } - else - { - dol_print_error($db); - } -} - -if (preg_match('/del_(.*)/',$action,$reg)) -{ - $code=$reg[1]; - if (dolibarr_del_const($db, $code, $conf->entity) > 0) - { - Header("Location: ".$_SERVER["PHP_SELF"]); - exit; - } - else - { - dol_print_error($db); - } -} /** diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php index 54414e094d3..b6b332a4b99 100644 --- a/htdocs/admin/agenda_other.php +++ b/htdocs/admin/agenda_other.php @@ -52,10 +52,10 @@ $type = 'action'; include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php'; -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; - $value=(GETPOST($code) ? GETPOST($code) : 1); + $value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1); if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) { Header("Location: ".$_SERVER["PHP_SELF"]); @@ -67,7 +67,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -if (preg_match('/del_(.*)/',$action,$reg)) +if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/admin/agenda_reminder.php b/htdocs/admin/agenda_reminder.php index 3e946dd8e60..fac49dcfcde 100644 --- a/htdocs/admin/agenda_reminder.php +++ b/htdocs/admin/agenda_reminder.php @@ -47,10 +47,10 @@ $type = 'action'; include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php'; -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; - $value=(GETPOST($code) ? GETPOST($code) : 1); + $value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1); if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) { Header("Location: ".$_SERVER["PHP_SELF"]); @@ -62,7 +62,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -if (preg_match('/del_(.*)/',$action,$reg)) +if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/admin/ecm.php b/htdocs/admin/ecm.php index dd9e748de02..2d8bd936b50 100644 --- a/htdocs/admin/ecm.php +++ b/htdocs/admin/ecm.php @@ -33,7 +33,7 @@ if (! $user->admin) accessforbidden(); /* * Action */ -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0) @@ -47,7 +47,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -if (preg_match('/del_(.*)/',$action,$reg)) +if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/admin/multicurrency.php b/htdocs/admin/multicurrency.php index 25feceda0d1..467ffffeb41 100644 --- a/htdocs/admin/multicurrency.php +++ b/htdocs/admin/multicurrency.php @@ -48,10 +48,11 @@ $action = GETPOST('action', 'alpha'); */ -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; - if (dolibarr_set_const($db, $code, GETPOST($code), 'chaine', 0, '', $conf->entity) > 0) + $value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1); + if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) { header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -62,7 +63,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -if (preg_match('/del_(.*)/',$action,$reg)) +if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, 0) > 0) diff --git a/htdocs/admin/security_file.php b/htdocs/admin/security_file.php index 1053658b191..7ce087ead6f 100644 --- a/htdocs/admin/security_file.php +++ b/htdocs/admin/security_file.php @@ -51,41 +51,17 @@ if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC)) dol_add_file_process($upload_dir, 0, 0, 'userfile'); } -if (preg_match('/set_(.*)/',$action,$reg)) +if ($action == 'updateform') { - $code=$reg[1]; - $value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1); - if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) - { - Header("Location: ".$_SERVER["PHP_SELF"]); - exit; - } - else - { - dol_print_error($db); - } -} + $antivircommand = GETPOST('MAIN_ANTIVIRUS_COMMAND','none'); // Use GETPOST none because we must accept ". Example c:\Progra~1\ClamWin\bin\clamscan.exe + $antivirparam = GETPOST('MAIN_ANTIVIRUS_PARAM','none'); // Use GETPOST none because we must accept ". Example --database="C:\Program Files (x86)\ClamWin\lib" + $antivircommand = dol_string_nospecial($antivircommand, '', array("|", ";", "<", ">", "&")); // Sanitize command + $antivirparam = dol_string_nospecial($antivirparam, '', array("|", ";", "<", ">", "&")); // Sanitize params -else if (preg_match('/del_(.*)/',$action,$reg)) -{ - $code=$reg[1]; - if (dolibarr_del_const($db, $code, $conf->entity) > 0) - { - Header("Location: ".$_SERVER["PHP_SELF"]); - exit; - } - else - { - dol_print_error($db); - } -} - -else if ($action == 'updateform') -{ $res3=dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',GETPOST('MAIN_UPLOAD_DOC','alpha'),'chaine',0,'',$conf->entity); $res4=dolibarr_set_const($db, "MAIN_UMASK", GETPOST('MAIN_UMASK','alpha'),'chaine',0,'',$conf->entity); - $res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", trim(GETPOST('MAIN_ANTIVIRUS_COMMAND','none')),'chaine',0,'',$conf->entity); // Use GETPOST none because we must accept " - $res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", trim(GETPOST('MAIN_ANTIVIRUS_PARAM','none')),'chaine',0,'',$conf->entity); // Use GETPOST none because we must accept " + $res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", trim($antivircommand),'chaine',0,'',$conf->entity); + $res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", trim($antivirparam),'chaine',0,'',$conf->entity); if ($res3 && $res4 && $res5 && $res6) setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } @@ -95,10 +71,10 @@ else if ($action == 'updateform') else if ($action == 'delete') { $langs->load("other"); - $file = $conf->admin->dir_temp . '/' . GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). + $file = $conf->admin->dir_temp . '/' . GETPOST('urlfile','alpha'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). $ret=dol_delete_file($file); - if ($ret) setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs'); - else setEventMessages($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), null, 'errors'); + if ($ret) setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile','alpha')), null, 'mesgs'); + else setEventMessages($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile','alpha')), null, 'errors'); Header('Location: '.$_SERVER["PHP_SELF"]); exit; } diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index e5c66d9e24b..60d0888ed91 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -43,10 +43,10 @@ $action=GETPOST('action','alpha'); * Actions */ -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; - $value=(GETPOST($code) ? GETPOST($code) : 1); + $value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1); if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) { Header("Location: ".$_SERVER["PHP_SELF"]); @@ -58,7 +58,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -else if (preg_match('/del_(.*)/',$action,$reg)) +else if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/admin/ticketsup.php b/htdocs/admin/ticketsup.php index 7a3ddf7826b..4040964d2fe 100644 --- a/htdocs/admin/ticketsup.php +++ b/htdocs/admin/ticketsup.php @@ -71,7 +71,7 @@ if ($action == 'updateMask') { if (!empty($notification_email)) { $res = dolibarr_set_const($db, 'TICKETS_NOTIFICATION_EMAIL_FROM', $notification_email, 'chaine', 0, '', $conf->entity); } else { - $res = dolibarr_set_const($db, 'TICKETS_NOTIFICATION_EMAIL_FROM', '000000', 'chaine', 0, '', $conf->entity); + $res = dolibarr_set_const($db, 'TICKETS_NOTIFICATION_EMAIL_FROM', '', 'chaine', 0, '', $conf->entity); } if (!$res > 0) { $error++; @@ -82,7 +82,7 @@ if ($action == 'updateMask') { if (!empty($notification_email_to)) { $res = dolibarr_set_const($db, 'TICKETS_NOTIFICATION_EMAIL_TO', $notification_email_to, 'chaine', 0, '', $conf->entity); } else { - $res = dolibarr_set_const($db, 'TICKETS_NOTIFICATION_EMAIL_TO', '000000', 'chaine', 0, '', $conf->entity); + $res = dolibarr_set_const($db, 'TICKETS_NOTIFICATION_EMAIL_TO', '', 'chaine', 0, '', $conf->entity); } if (!$res > 0) { $error++; @@ -184,16 +184,22 @@ if ($action == 'setvarother') { $error++; } - $param_show_module_logo = GETPOST('TICKETS_SHOW_MODULE_LOGO', 'alpha'); - $res = dolibarr_set_const($db, 'TICKETS_SHOW_MODULE_LOGO', $param_show_module_logo, 'chaine', 0, '', $conf->entity); - if (!$res > 0) { - $error++; + if ($conf->global->MAIN_FEATURES_LEVEL >= 2) + { + $param_show_module_logo = GETPOST('TICKETS_SHOW_MODULE_LOGO', 'alpha'); + $res = dolibarr_set_const($db, 'TICKETS_SHOW_MODULE_LOGO', $param_show_module_logo, 'chaine', 0, '', $conf->entity); + if (!$res > 0) { + $error++; + } } - $param_notification_also_main_addressemail = GETPOST('TICKETS_NOTIFICATION_ALSO_MAIN_ADDRESS', 'alpha'); - $res = dolibarr_set_const($db, 'TICKETS_NOTIFICATION_ALSO_MAIN_ADDRESS', $param_notification_also_main_addressemail, 'chaine', 0, '', $conf->entity); - if (!$res > 0) { - $error++; + if ($conf->global->MAIN_FEATURES_LEVEL >= 2) + { + $param_notification_also_main_addressemail = GETPOST('TICKETS_NOTIFICATION_ALSO_MAIN_ADDRESS', 'alpha'); + $res = dolibarr_set_const($db, 'TICKETS_NOTIFICATION_ALSO_MAIN_ADDRESS', $param_notification_also_main_addressemail, 'chaine', 0, '', $conf->entity); + if (!$res > 0) { + $error++; + } } $param_limit_view = GETPOST('TICKETS_LIMIT_VIEW_ASSIGNED_ONLY', 'alpha'); @@ -380,20 +386,23 @@ print $form->textwithpicto('', $langs->trans("TicketsEmailMustExistHelp"), 1, 'h print ''; print ''; -// Show logo for module -print '' . $langs->trans("TicketsShowModuleLogo") . ''; -print ''; -if ($conf->use_javascript_ajax) { - print ajax_constantonoff('TICKETS_SHOW_MODULE_LOGO'); -} else { - $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); - print $form->selectarray("TICKETS_SHOW_MODULE_LOGO", $arrval, $conf->global->TICKETS_SHOW_MODULE_LOGO); +if ($conf->global->MAIN_FEATURES_LEVEL >= 2) +{ + // Show logo for module + print '' . $langs->trans("TicketsShowModuleLogo") . ''; + print ''; + if ($conf->use_javascript_ajax) { + print ajax_constantonoff('TICKETS_SHOW_MODULE_LOGO'); + } else { + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $form->selectarray("TICKETS_SHOW_MODULE_LOGO", $arrval, $conf->global->TICKETS_SHOW_MODULE_LOGO); + } + print ''; + print ''; + print $form->textwithpicto('', $langs->trans("TicketsShowModuleLogoHelp"), 1, 'help'); + print ''; + print ''; } -print ''; -print ''; -print $form->textwithpicto('', $langs->trans("TicketsShowModuleLogoHelp"), 1, 'help'); -print ''; -print ''; // Show logo for company print '' . $langs->trans("TicketsShowCompanyLogo") . ''; @@ -446,19 +455,22 @@ print ''; print ''; // Also send to main email address -print '' . $langs->trans("TicketsEmailAlsoSendToMainAddress") . ''; -print ''; -if ($conf->use_javascript_ajax) { - print ajax_constantonoff('TICKETS_NOTIFICATION_ALSO_MAIN_ADDRESS'); -} else { - $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); - print $form->selectarray("TICKETS_NOTIFICATION_ALSO_MAIN_ADDRESS", $arrval, $conf->global->TICKETS_NOTIFICATION_ALSO_MAIN_ADDRESS); +if ($conf->global->MAIN_FEATURES_LEVEL >= 2) +{ + print '' . $langs->trans("TicketsEmailAlsoSendToMainAddress") . ''; + print ''; + if ($conf->use_javascript_ajax) { + print ajax_constantonoff('TICKETS_NOTIFICATION_ALSO_MAIN_ADDRESS'); + } else { + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $form->selectarray("TICKETS_NOTIFICATION_ALSO_MAIN_ADDRESS", $arrval, $conf->global->TICKETS_NOTIFICATION_ALSO_MAIN_ADDRESS); + } + print ''; + print ''; + print $form->textwithpicto('', $langs->trans("TicketsEmailAlsoSendToMainAddressHelp"), 1, 'help'); + print ''; + print ''; } -print ''; -print ''; -print $form->textwithpicto('', $langs->trans("TicketsEmailAlsoSendToMainAddressHelp"), 1, 'help'); -print ''; -print ''; // Limiter la vue des tickets à ceux assignés à l'utilisateur print '' . $langs->trans("TicketsLimitViewAssignedOnly") . ''; diff --git a/htdocs/admin/user.php b/htdocs/admin/user.php index ee5faefeaee..a7b1c5b9373 100644 --- a/htdocs/admin/user.php +++ b/htdocs/admin/user.php @@ -86,7 +86,7 @@ elseif ($action == 'setdoc') } $res = true; } -elseif (preg_match('/set_(.*)/',$action,$reg)) +elseif (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0) @@ -100,7 +100,7 @@ elseif (preg_match('/set_(.*)/',$action,$reg)) } } -elseif (preg_match('/del_(.*)/',$action,$reg)) +elseif (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/admin/usergroup.php b/htdocs/admin/usergroup.php index 5a1cf94e59f..75497e9d19d 100644 --- a/htdocs/admin/usergroup.php +++ b/htdocs/admin/usergroup.php @@ -83,7 +83,7 @@ elseif ($action == 'setdoc') } $res = true; } -elseif (preg_match('/set_(.*)/',$action,$reg)) +elseif (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0) @@ -97,7 +97,7 @@ elseif (preg_match('/set_(.*)/',$action,$reg)) } } -elseif (preg_match('/del_(.*)/',$action,$reg)) +elseif (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/categories/admin/categorie.php b/htdocs/categories/admin/categorie.php index c1564e1b892..518d8903edd 100644 --- a/htdocs/categories/admin/categorie.php +++ b/htdocs/categories/admin/categorie.php @@ -38,7 +38,7 @@ $action=GETPOST('action','aZ09'); * Actions */ -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0) @@ -52,7 +52,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -if (preg_match('/del_(.*)/',$action,$reg)) +if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/core/boxes/box_graph_invoices_permonth.php b/htdocs/core/boxes/box_graph_invoices_permonth.php index d665d70da56..abbdc7b7c71 100644 --- a/htdocs/core/boxes/box_graph_invoices_permonth.php +++ b/htdocs/core/boxes/box_graph_invoices_permonth.php @@ -222,13 +222,14 @@ class box_graph_invoices_permonth extends ModeleBoxes $stringtoshow.='
'; // hideobject is to start hidden $stringtoshow.='
'; $stringtoshow.=''; + $stringtoshow.=''; $stringtoshow.=''; $stringtoshow.=' '.$langs->trans("NumberOfBillsByMonth"); $stringtoshow.='   '; $stringtoshow.=' '.$langs->trans("AmountOfBillsByMonthHT"); $stringtoshow.='
'; $stringtoshow.=$langs->trans("Year").' '; - $stringtoshow.=''; + $stringtoshow.=''; $stringtoshow.='
'; $stringtoshow.='
'; if ($shownb && $showtot) diff --git a/htdocs/core/boxes/box_graph_invoices_supplier_permonth.php b/htdocs/core/boxes/box_graph_invoices_supplier_permonth.php index efd7de41e5a..53d9ce08059 100644 --- a/htdocs/core/boxes/box_graph_invoices_supplier_permonth.php +++ b/htdocs/core/boxes/box_graph_invoices_supplier_permonth.php @@ -219,13 +219,14 @@ class box_graph_invoices_supplier_permonth extends ModeleBoxes $stringtoshow.='
'; // hideobject is to start hidden $stringtoshow.='
'; $stringtoshow.=''; + $stringtoshow.=''; $stringtoshow.=''; $stringtoshow.=' '.$langs->trans("NumberOfBillsByMonth"); $stringtoshow.='   '; $stringtoshow.=' '.$langs->trans("AmountOfBillsByMonthHT"); $stringtoshow.='
'; $stringtoshow.=$langs->trans("Year").' '; - $stringtoshow.=''; + $stringtoshow.=''; $stringtoshow.='
'; $stringtoshow.='
'; if ($shownb && $showtot) diff --git a/htdocs/core/boxes/box_graph_orders_permonth.php b/htdocs/core/boxes/box_graph_orders_permonth.php index 699f2db902b..05a0ff498ec 100644 --- a/htdocs/core/boxes/box_graph_orders_permonth.php +++ b/htdocs/core/boxes/box_graph_orders_permonth.php @@ -218,13 +218,14 @@ class box_graph_orders_permonth extends ModeleBoxes $stringtoshow.='
'; // hideobject is to start hidden $stringtoshow.='
'; $stringtoshow.=''; + $stringtoshow.=''; $stringtoshow.=''; $stringtoshow.=' '.$langs->trans("NumberOfOrdersByMonth"); $stringtoshow.='   '; $stringtoshow.=' '.$langs->trans("AmountOfOrdersByMonthHT"); $stringtoshow.='
'; $stringtoshow.=$langs->trans("Year").' '; - $stringtoshow.=''; + $stringtoshow.=''; $stringtoshow.='
'; $stringtoshow.='
'; if ($shownb && $showtot) diff --git a/htdocs/core/boxes/box_graph_orders_supplier_permonth.php b/htdocs/core/boxes/box_graph_orders_supplier_permonth.php index f49f38c1228..e88ed46be72 100644 --- a/htdocs/core/boxes/box_graph_orders_supplier_permonth.php +++ b/htdocs/core/boxes/box_graph_orders_supplier_permonth.php @@ -217,13 +217,14 @@ class box_graph_orders_supplier_permonth extends ModeleBoxes $stringtoshow.='
'; // hideobject is to start hidden $stringtoshow.='
'; $stringtoshow.=''; + $stringtoshow.=''; $stringtoshow.=''; $stringtoshow.=' '.$langs->trans("NumberOfOrdersByMonth"); $stringtoshow.='   '; $stringtoshow.=' '.$langs->trans("AmountOfOrdersByMonthHT"); $stringtoshow.='
'; $stringtoshow.=$langs->trans("Year").' '; - $stringtoshow.=''; + $stringtoshow.=''; $stringtoshow.='
'; $stringtoshow.='
'; if ($shownb && $showtot) diff --git a/htdocs/core/boxes/box_graph_product_distribution.php b/htdocs/core/boxes/box_graph_product_distribution.php index 69a09e8aad2..39a7a3984d2 100644 --- a/htdocs/core/boxes/box_graph_product_distribution.php +++ b/htdocs/core/boxes/box_graph_product_distribution.php @@ -338,6 +338,7 @@ class box_graph_product_distribution extends ModeleBoxes $stringtoshow.='
'; // hideobject is to start hidden $stringtoshow.='
'; $stringtoshow.=''; + $stringtoshow.=''; $stringtoshow.=''; if (! empty($conf->facture->enabled) || ! empty($user->rights->facture->lire)) { @@ -355,7 +356,7 @@ class box_graph_product_distribution extends ModeleBoxes } $stringtoshow.='
'; $stringtoshow.=$langs->trans("Year").' '; - $stringtoshow.=''; + $stringtoshow.=''; $stringtoshow.='
'; $stringtoshow.='
'; diff --git a/htdocs/core/boxes/box_graph_propales_permonth.php b/htdocs/core/boxes/box_graph_propales_permonth.php index 50e3cbe9bf8..bddf4a27e64 100644 --- a/htdocs/core/boxes/box_graph_propales_permonth.php +++ b/htdocs/core/boxes/box_graph_propales_permonth.php @@ -219,13 +219,14 @@ class box_graph_propales_permonth extends ModeleBoxes $stringtoshow.='
'; // hideobject is to start hidden $stringtoshow.='
'; $stringtoshow.=''; + $stringtoshow.=''; $stringtoshow.=''; $stringtoshow.=' '.$langs->trans("NumberOfProposalsByMonth"); $stringtoshow.='   '; $stringtoshow.=' '.$langs->trans("AmountOfProposalsByMonthHT"); $stringtoshow.='
'; $stringtoshow.=$langs->trans("Year").' '; - $stringtoshow.=''; + $stringtoshow.=''; $stringtoshow.='
'; $stringtoshow.='
'; if ($shownb && $showtot) diff --git a/htdocs/core/class/cookie.class.php b/htdocs/core/class/cookie.class.php deleted file mode 100644 index c41077f76fb..00000000000 --- a/htdocs/core/class/cookie.class.php +++ /dev/null @@ -1,142 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/core/class/cookie.class.php - * \ingroup core - * \brief File of class to manage cookies - */ - - -/** - * Class to manage cookies. - * This class is used by external module multicompany but will be removed soon only and must not be used by - * - * @deprecated PHP already provide function to read/store a cookie. No need to use a dedicated class. Also storing sensitive information into cookie is forbidden, so encryption is useless. - * If a data is sensitive, it must be stored into database (if we need a long term retention) or into session. - */ -class DolCookie -{ - private $_myKey; - private $_iv; - - var $myCookie; - var $myValue; - var $myExpire; - var $myPath; - var $myDomain; - var $mySecure; - var $cookie; - - /** - * Constructor - * - * @param string $key Personnal key - * @deprecated - */ - function __construct($key = '') - { - $this->_myKey = hash('sha256', $key, true); - $this->_iv = md5(md5($this->_myKey)); - $this->cookie = ""; - $this->myCookie = ""; - $this->myValue = ""; - } - - - /** - * Encrypt en create the cookie - * - * @return void - */ - private function _cryptCookie() - { - if (!empty($this->_myKey) && !empty($this->_iv)) - { - $valuecrypt = base64_encode($this->myValue); - $this->cookie = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->_myKey, $valuecrypt, MCRYPT_MODE_CBC, $this->_iv)); - } - else - { - $this->cookie = $this->myValue; - } - - setcookie($this->myCookie, $this->cookie, $this->myExpire, $this->myPath, $this->myDomain, $this->mySecure); - } - - /** - * Decrypt the cookie - * - * @return string - */ - private function _decryptCookie() - { - if (!empty($this->_myKey) && !empty($this->_iv)) - { - $this->cookie = $_COOKIE[$this->myCookie]; - $this->myValue = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->_myKey, base64_decode($this->cookie), MCRYPT_MODE_CBC, $this->_iv)); - - return(base64_decode($this->myValue)); - } - else - { - return($_COOKIE[$this->myCookie]); - } - } - - /** - * Set and create the cookie - * - * @param string $cookie Cookie name - * @param string $value Cookie value - * @param integer $expire Expiration - * @param string $path Path of cookie - * @param string $domain Domain name - * @param int $secure 0 or 1 - * @return void - */ - public function setCookie($cookie, $value, $expire=0, $path="/", $domain="", $secure=0) - { - $this->myCookie = $cookie; - $this->myValue = $value; - $this->myExpire = $expire; - $this->myPath = $path; - $this->myDomain = $domain; - $this->mySecure = $secure; - - //print 'key='.$this->myKey.' name='.$this->myCookie.' value='.$this->myValue.' expire='.$this->myExpire; - - $this->_cryptCookie(); - } - - /** - * Get the cookie - * - * @param string $cookie Cookie name - * @return string Decrypted value - */ - public function getCookie($cookie) - { - $this->myCookie = $cookie; - - $decryptValue = $this->_decryptCookie(); - - return $decryptValue; - } - -} - diff --git a/htdocs/core/class/html.formticketsup.class.php b/htdocs/core/class/html.formticketsup.class.php index a7f1b7a8d34..b076a0923eb 100644 --- a/htdocs/core/class/html.formticketsup.class.php +++ b/htdocs/core/class/html.formticketsup.class.php @@ -113,10 +113,10 @@ class FormTicketsup /** * Show the form to input ticket * - * @param string $width Width of form + * @param int $withdolfichehead With dol_fiche_head * @return void */ - public function showForm($width = '100%') + public function showForm($withdolfichehead=0) { global $conf, $langs, $user, $hookmanager; @@ -140,7 +140,9 @@ class FormTicketsup print "\n\n"; - print '
'; + if ($withdolfichehead) dol_fiche_head(null, 'card', '', 0, ''); + + print ''; print ''; print ''; foreach ($this->param as $key => $value) { @@ -149,8 +151,7 @@ class FormTicketsup print ''; dol_fiche_head(''); - - print ''; + print '
'; if ($this->withref) { @@ -271,7 +272,7 @@ class FormTicketsup dol_include_once('/' . $element . '/class/' . $subelement . '.class.php'); $classname = ucfirst($subelement); $objectsrc = new $classname($this->db); - $objectsrc->fetch(GETPOST('originid')); + $objectsrc->fetch(GETPOST('originid','int')); if (empty($objectsrc->lines) && method_exists($objectsrc, 'fetch_lines')) { $objectsrc->fetch_lines(); @@ -298,9 +299,12 @@ class FormTicketsup print ''; // Notify thirdparty at creation - print ''; + if (empty($this->ispublic)) + { + print ''; + } // TITLE if ($this->withtitletopic) { @@ -395,6 +399,8 @@ class FormTicketsup print '
'; - print 'withnotifytiersatcreate?' checked="checked"':'')).'>'; - print '
'; + print 'withnotifytiersatcreate?' checked="checked"':'').'>'; + print '
'; print ''; + if ($withdolfichehead) dol_fiche_end(); + print '
'; print ''; diff --git a/htdocs/core/js/lib_foot.js.php b/htdocs/core/js/lib_foot.js.php index a303f78eb15..a0bbad11518 100644 --- a/htdocs/core/js/lib_foot.js.php +++ b/htdocs/core/js/lib_foot.js.php @@ -131,16 +131,29 @@ if ($conf->browser->layout != 'phone') ' . "\n"; } +// Code to manage reposition print "\n/* JS CODE TO ENABLE reposition management (does not work if a redirect is done after action of submission) */\n"; print ' jQuery(document).ready(function() { /* If page_y set, we set scollbar with it */ - page_y=getParameterByName(\'page_y\', 0); if (page_y > 0) $(\'html, body\').scrollTop(page_y); - /* Set handler to add page_y param on some a href links */ + page_y=getParameterByName(\'page_y\', 0); /* search in GET parameter */ + if (page_y == 0) page_y = jQuery("#page_y").text(); /* search in POST parameter that is filed at bottom of page */ + console.log("page_y found is "+page_y); + if (page_y > 0) $(\'html, body\').scrollTop(page_y); + + /* Set handler to add page_y param on output (click on href links or submit button) */ jQuery(".reposition").click(function() { var page_y = $(document).scrollTop(); - this.href=this.href+\'&page_y=\'+page_y; - console.log("We click on tag with .reposition class. this.ref is now "+this.href) + if (this.ref) + { + this.href=this.href+\'&page_y=\'+page_y; + console.log("We click on tag with .reposition class. this.ref is now "+this.href); + } + else + { + console.log("We click on tag with .reposition class but element is not an html tag, so we try to update form field page_y with value "+page_y); + jQuery("input[type=hidden][name=page_y]").val(page_y); + } }); });'."\n"; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 5033b6ba24c..2faf8082056 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -3906,16 +3906,20 @@ function dol_print_error($db='',$error='',$errors=null) * @param string $errormessage Complete error message * @param array $errormessages Array of error messages * @param string $morecss More css + * @param string $email Email * @return void */ -function dol_print_error_email($prefixcode, $errormessage='', $errormessages=array(), $morecss='error') +function dol_print_error_email($prefixcode, $errormessage='', $errormessages=array(), $morecss='error', $email='') { global $langs,$conf; + if (empty($email)) $email=$conf->global->MAIN_INFO_SOCIETE_MAIL; + $langs->load("errors"); $now=dol_now(); + print '