Merge pull request #706 from atm-maxime/develop

Bug on contact list
2025-12-05 17:18:13 +01:00 · 2013-03-02 07:04:41 -08:00
parent 4a5f2e62e7 da87828200
commit 6b3b2ea1c7
4 changed files with 12 additions and 11 deletions
--- a/htdocs/contact/fiche.php
+++ b/htdocs/contact/fiche.php
@@ -605,11 +605,11 @@ else
 							});
 							$("#copyaddressfromsoc").click(function() {
-								$(\'textarea[name="address"]\').text("'.addslashes($objsoc->address).'");
+								$(\'textarea[name="address"]\').text("'.dol_escape_js($objsoc->address).'");
-								$(\'input[name="zipcode"]\').val("'.addslashes($objsoc->zip).'");
+								$(\'input[name="zipcode"]\').val("'.dol_escape_js($objsoc->zip).'");
-								$(\'input[name="town"]\').val("'.addslashes($objsoc->town).'");
+								$(\'input[name="town"]\').val("'.dol_escape_js($objsoc->town).'");
-								$(\'select[name="country_id"]\').val("'.addslashes($objsoc->country_id).'");
+								$(\'select[name="country_id"]\').val("'.dol_escape_js($objsoc->country_id).'");
-								$(\'select[name="state_id"]\').val("'.addslashes($objsoc->state_id).'");
+								$(\'select[name="state_id"]\').val("'.dol_escape_js($objsoc->state_id).'");
            				});
 						})'."\n";
 				print '</script>'."\n";
--- a/htdocs/contact/list.php
+++ b/htdocs/contact/list.php
@@ -58,7 +58,7 @@ $userid=GETPOST('userid','int');
 $begin=GETPOST('begin');
 if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="p.name";
+if (! $sortfield) $sortfield="p.lastname";
 if ($page < 0) { $page = 0; }
 $limit = $conf->liste_limit;
 $offset = $limit * $page;
@@ -114,7 +114,7 @@ llxHeader('',$title,'EN:Module_Third_Parties|FR:Module_Tiers|ES:M&oacute;dulo_Em
 $form=new Form($db);
 $sql = "SELECT s.rowid as socid, s.nom as name,";
-$sql.= " p.rowid as cidp, p.name as lastname, p.firstname, p.poste, p.email,";
+$sql.= " p.rowid as cidp, p.lastname as lastname, p.firstname, p.poste, p.email,";
 $sql.= " p.phone, p.phone_mobile, p.fax, p.fk_pays, p.priv, p.tms,";
 $sql.= " cp.code as country_code";
 $sql.= " FROM ".MAIN_DB_PREFIX."socpeople as p";
@@ -144,7 +144,7 @@ else
 if ($search_lastname)        // filtre sur le nom
 {
-    $sql .= " AND p.name LIKE '%".$db->escape($search_lastname)."%'";
+    $sql .= " AND p.lastname LIKE '%".$db->escape($search_lastname)."%'";
 }
 if ($search_firstname)     // filtre sur le prenom
 {
@@ -200,7 +200,7 @@ else if ($type == "p")        // filtre sur type
 }
 if ($sall)
 {
-    $sql .= " AND (p.name LIKE '%".$db->escape($sall)."%' OR p.firstname LIKE '%".$db->escape($sall)."%' OR p.email LIKE '%".$db->escape($sall)."%')";
+    $sql .= " AND (p.lastname LIKE '%".$db->escape($sall)."%' OR p.firstname LIKE '%".$db->escape($sall)."%' OR p.email LIKE '%".$db->escape($sall)."%')";
 }
 if (! empty($socid))
 {
@@ -256,7 +256,7 @@ if ($result)
    // Ligne des titres
    print '<tr class="liste_titre">';
-    print_liste_field_titre($langs->trans("Lastname"),$_SERVER["PHP_SELF"],"p.name", $begin, $param, '', $sortfield,$sortorder);
+    print_liste_field_titre($langs->trans("Lastname"),$_SERVER["PHP_SELF"],"p.lastname", $begin, $param, '', $sortfield,$sortorder);
    print_liste_field_titre($langs->trans("Firstname"),$_SERVER["PHP_SELF"],"p.firstname", $begin, $param, '', $sortfield,$sortorder);
    print_liste_field_titre($langs->trans("PostOrFunction"),$_SERVER["PHP_SELF"],"p.poste", $begin, $param, '', $sortfield,$sortorder);
    if (empty($conf->global->SOCIETE_DISABLE_CONTACTS)) print_liste_field_titre($langs->trans("Company"),$_SERVER["PHP_SELF"],"s.nom", $begin, $param, '', $sortfield,$sortorder);
--- a/htdocs/societe/soc.php
+++ b/htdocs/societe/soc.php
@@ -1253,7 +1253,7 @@ else
            print '</td></tr>';
            // Address
-            print '<tr><td valign="top">'.$langs->trans('Address').'</td><td colspan="3"><textarea name="adresse" cols="40" rows="3" wrap="soft">';
+            print '<tr><td valign="top">'.$langs->trans('Address').'</td><td colspan="3"><textarea name="address" cols="40" rows="3" wrap="soft">';
            print $object->address;
            print '</textarea></td></tr>';
--- a/htdocs/societe/societe.php
+++ b/htdocs/societe/societe.php
@@ -85,6 +85,7 @@ if ($mode == 'search')
 	$sql.= " OR s.code_client LIKE '%".$db->escape($socname)."%'";
 	$sql.= " OR s.email LIKE '%".$db->escape($socname)."%'";
 	$sql.= " OR s.url LIKE '%".$db->escape($socname)."%'";
 	$sql.= " OR s.siren LIKE '%".$db->escape($socname)."%'";
 	if (!empty($conf->barcode->enabled))
 	{