diff --git a/ChangeLog b/ChangeLog index 1d516dba1f1..58513986a1e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,7 @@ FIX: Warning if no bank account defined FIX: We need to see unit line on PDF even though it's an option FIX: wrong element var for fetch_name_optionals_label function with expeditions FIX: wrong link to third invoice templates +FIX: Disable svg as supported image by default (can contains javascript). Set MAIN_ALLOW_SVG_FILES_AS_IMAGES to 1 to have svg accepted FIX: #14076 FIX: #14146 FIX: #14209 diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index 1138eb44ddc..f2e69f81707 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -109,6 +109,12 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha')) foreach ($arrayofimages as $varforimage) { + if ($_FILES[$varforimage]["name"] && ! preg_match('/(\.jpeg|\.jpg|\.png)$/i', $_FILES[$varforimage]["name"])) { // Logo can be used on a lot of different places. Only jpg and png can be supported. + $langs->load("errors"); + setEventMessages($langs->trans("ErrorBadImageFormat"), null, 'errors'); + break; + } + if ($_FILES[$varforimage]["tmp_name"]) { $reg = array(); @@ -473,10 +479,17 @@ if (!empty($mysoc->logo_mini)) { print ''; } print '
'.img_delete($langs->trans("Delete"), '', 'marginleftonly').'
'; -} else { - print '
'; - print ''; - print '
'; +} elseif (!empty($mysoc->logo)) { + if (file_exists($conf->mycompany->dir_output.'/logos/'.$mysoc->logo)) { + print '
'; + print ''; + print '
'; + print '
'.img_delete($langs->trans("Delete"), '', 'marginleftonly').'
'; + } else { + print '
'; + print ''; + print '
'; + } } print ''; print ''; @@ -493,10 +506,18 @@ if (!empty($mysoc->logo_squarred_mini)) { print ''; } print '
'.img_delete($langs->trans("Delete"), '', 'marginleftonly').'
'; -} else { - print '
'; - print ''; - print '
'; +} elseif (!empty($mysoc->logo_squarred)) { + if (file_exists($conf->mycompany->dir_output.'/logos/'.$mysoc->logo_squarred)) { + print '
'; + print ''; + print '
'; + print '
'.img_delete($langs->trans("Delete"), '', 'marginleftonly').'
'; + } + else { + print '
'; + print ''; + print '
'; + } } print ''; print ''; diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php index 69c7207a817..bd6d1fc2cf3 100644 --- a/htdocs/bookmarks/card.php +++ b/htdocs/bookmarks/card.php @@ -145,6 +145,7 @@ if ($action == 'create') print '
'."\n"; print ''; print ''; + print ''; print load_fiche_titre($langs->trans("NewBookmark")); diff --git a/htdocs/bookmarks/list.php b/htdocs/bookmarks/list.php index a132b708c20..a4f0939c054 100644 --- a/htdocs/bookmarks/list.php +++ b/htdocs/bookmarks/list.php @@ -154,7 +154,7 @@ print ''; print ''; $newcardbutton = ''; -$newcardbutton .= dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/bookmarks/card.php?action=create', '', !empty($user->rights->bookmark->creer)); +$newcardbutton .= dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/bookmarks/card.php?action=create&backtopage='.urlencode(DOL_URL_ROOT.'/bookmarks/list.php'), '', !empty($user->rights->bookmark->creer)); print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'bookmark', 0, $newcardbutton, '', $limit, 0, 0, 1); diff --git a/htdocs/core/class/CMailFile.class.php b/htdocs/core/class/CMailFile.class.php index 9ec895926a0..48a2b503eca 100644 --- a/htdocs/core/class/CMailFile.class.php +++ b/htdocs/core/class/CMailFile.class.php @@ -268,6 +268,28 @@ class CMailFile } } + $this->addr_to = $to; + $this->addr_cc = $addr_cc; + $this->addr_bcc = $addr_bcc; + $this->reply_to = $replyto; + $this->addr_from = $from; + $this->subject = $subject; + $this->errors_to = $errors_to; + $this->deliveryreceipt = $deliveryreceipt; + $this->trackid = $trackid; + + if (!empty($conf->global->MAIN_MAIL_FORCE_SENDTO)) + { + $this->addr_to = $conf->global->MAIN_MAIL_FORCE_SENDTO; + $this->addr_cc = ''; + $this->addr_bcc = ''; + } + + // Add autocopy to (Note: Adding bcc for specific modules are also done from pages) + if (!empty($conf->global->MAIN_MAIL_AUTOCOPY_TO)) { + $addr_bcc.=($addr_bcc?', ':'').$conf->global->MAIN_MAIL_AUTOCOPY_TO; + } + // We set all data according to choosed sending method. // We also set a value for ->msgid if ($this->sendmode == 'mail') @@ -327,16 +349,16 @@ class CMailFile $smtps->setCharSet($conf->file->character_set_client); // Encode subject if required. - $subjecttouse = $subject; + $subjecttouse = $this->subject; if (!ascii_check($subjecttouse)) { $subjecttouse = $this->encodetorfc2822($subjecttouse); } $smtps->setSubject($subjecttouse); - $smtps->setTO($this->getValidAddress($to, 0, 1)); - $smtps->setFrom($this->getValidAddress($from, 0, 1)); - $smtps->setTrackId($trackid); - $smtps->setReplyTo($this->getValidAddress($replyto, 0, 1)); + $smtps->setTO($this->getValidAddress($this->to, 0, 1)); + $smtps->setFrom($this->getValidAddress($this->from, 0, 1)); + $smtps->setTrackId($this->trackid); + $smtps->setReplyTo($this->getValidAddress($this->replyto, 0, 1)); if (!empty($moreinheader)) $smtps->setMoreInHeader($moreinheader); @@ -374,17 +396,16 @@ class CMailFile } } - $smtps->setCC($addr_cc); - $smtps->setBCC($addr_bcc); - $smtps->setErrorsTo($errors_to); - $smtps->setDeliveryReceipt($deliveryreceipt); + $smtps->setCC($this->addr_cc); + $smtps->setBCC($this->addr_bcc); + $smtps->setErrorsTo($this->errors_to); + $smtps->setDeliveryReceipt($this->deliveryreceipt); $host = dol_getprefix('email'); $this->msgid = time().'.SMTPs-dolibarr-'.$trackid.'@'.$host; $this->smtps = $smtps; - } elseif ($this->sendmode == 'swiftmailer') - { + } elseif ($this->sendmode == 'swiftmailer') { // Use Swift Mailer library $host = dol_getprefix('email'); @@ -401,8 +422,8 @@ class CMailFile //$this->message = new Swift_SignedMessage(); // Adding a trackid header to a message $headers = $this->message->getHeaders(); - $headers->addTextHeader('X-Dolibarr-TRACKID', $trackid.'@'.$host); - $this->msgid = time().'.swiftmailer-dolibarr-'.$trackid.'@'.$host; + $headers->addTextHeader('X-Dolibarr-TRACKID', $this->trackid.'@'.$host); + $this->msgid = time().'.swiftmailer-dolibarr-'.$this->trackid.'@'.$host; $headerID = $this->msgid; $msgid = $headers->get('Message-ID'); $msgid->setId($headerID); @@ -411,14 +432,14 @@ class CMailFile // Give the message a subject try { - $result = $this->message->setSubject($subject); + $result = $this->message->setSubject($this->subject); } catch (Exception $e) { $this->errors[] = $e->getMessage(); } // Set the From address with an associative array //$this->message->setFrom(array('john@doe.com' => 'John Doe')); - if (!empty($from)) { + if (! empty($this->addr_from)) { try { if (! empty($conf->global->MAIN_FORCE_DISABLE_MAIL_SPOOFING)) { // Prevent email spoofing for smtp server with a strict configuration @@ -429,10 +450,10 @@ class CMailFile { $result = $this->message->setFrom($conf->global->MAIN_MAIL_SMTPS_ID); } else { - $result = $this->message->setFrom($this->getArrayAddress($from)); + $result = $this->message->setFrom($this->getArrayAddress($this->addr_from)); } } else { - $result = $this->message->setFrom($this->getArrayAddress($from)); + $result = $this->message->setFrom($this->getArrayAddress($this->addr_from)); } } catch (Exception $e) { $this->errors[] = $e->getMessage(); @@ -440,17 +461,17 @@ class CMailFile } // Set the To addresses with an associative array - if (!empty($to)) { + if (! empty($this->addr_to)) { try { - $result = $this->message->setTo($this->getArrayAddress($to)); + $result = $this->message->setTo($this->getArrayAddress($this->addr_to)); } catch (Exception $e) { $this->errors[] = $e->getMessage(); } } - if (!empty($replyto)) { + if (! empty($this->reply_to)) { try { - $result = $this->message->SetReplyTo($this->getArrayAddress($replyto)); + $result = $this->message->SetReplyTo($this->getArrayAddress($this->reply_to)); } catch (Exception $e) { $this->errors[] = $e->getMessage(); } @@ -504,10 +525,10 @@ class CMailFile } } - if (!empty($addr_cc)) $this->message->setCc($this->getArrayAddress($addr_cc)); - if (!empty($addr_bcc)) $this->message->setBcc($this->getArrayAddress($addr_bcc)); + if (! empty($this->addr_cc)) $this->message->setCc($this->getArrayAddress($this->addr_cc)); + if (! empty($this->addr_bcc)) $this->message->setBcc($this->getArrayAddress($this->addr_bcc)); //if (! empty($errors_to)) $this->message->setErrorsTo($this->getArrayAddress($errors_to); - if (isset($deliveryreceipt) && $deliveryreceipt == 1) $this->message->setReadReceiptTo($this->getArrayAddress($from)); + if (isset($this->deliveryreceipt) && $this->deliveryreceipt == 1) $this->message->setReadReceiptTo($this->getArrayAddress($this->addr_from)); } else { // Send mail method not correctly defined // -------------------------------------- @@ -624,13 +645,6 @@ class CMailFile $keyforstarttls = 'MAIN_MAIL_EMAIL_STARTTLS_EMAILING'; } - if (!empty($conf->global->MAIN_MAIL_FORCE_SENDTO)) - { - $this->addr_to = $conf->global->MAIN_MAIL_FORCE_SENDTO; - $this->addr_cc = ''; - $this->addr_bcc = ''; - } - // Action according to choosed sending method if ($this->sendmode == 'mail') { diff --git a/htdocs/core/lib/functionsnumtoword.lib.php b/htdocs/core/lib/functionsnumtoword.lib.php index 4a096f1120b..36d0fb0c80d 100644 --- a/htdocs/core/lib/functionsnumtoword.lib.php +++ b/htdocs/core/lib/functionsnumtoword.lib.php @@ -236,7 +236,7 @@ function dolNumberToWord($numero, $langs, $numorcurrency = 'number') $entexto .= hundreds2text($c, $d, $u); if (!$cdm && !$ddm && !$udm && !$c && !$d && !$u && $number > 1000000) $entexto .= " DE"; - $entexto .= " PESOS ".$parte_decimal." / 100 M.N."; + $entexto .= " PESOS ".$parte_decimal." / 100 M.N."; } return $entexto; } diff --git a/htdocs/core/lib/images.lib.php b/htdocs/core/lib/images.lib.php index 80bbeed9d4a..4cca58d5c2a 100644 --- a/htdocs/core/lib/images.lib.php +++ b/htdocs/core/lib/images.lib.php @@ -33,11 +33,17 @@ $quality = 80; * Return if a filename is file name of a supported image format * * @param string $file Filename + * @param int $acceptsvg 0=Default (depends on setup), 1=Always accept SVG as image files * @return int -1=Not image filename, 0=Image filename but format not supported for conversion by PHP, 1=Image filename with format supported by this PHP */ -function image_format_supported($file) +function image_format_supported($file, $acceptsvg = 0) { - $regeximgext = '\.gif|\.jpg|\.jpeg|\.png|\.bmp|\.webp|\.xpm|\.xbm|\.svg'; // See also into product.class.php + global $conf; + + $regeximgext = '\.gif|\.jpg|\.jpeg|\.png|\.bmp|\.webp|\.xpm|\.xbm'; // See also into product.class.php + if ($acceptsvg || ! empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)) { + $regeximgext .= '|\.svg'; // Not allowed by default. SVG can contains javascript + } // Case filename is not a format image $reg = array(); diff --git a/htdocs/fourn/class/api_supplier_invoices.class.php b/htdocs/fourn/class/api_supplier_invoices.class.php index 5ec2b6f49a6..f32b5a2bab4 100644 --- a/htdocs/fourn/class/api_supplier_invoices.class.php +++ b/htdocs/fourn/class/api_supplier_invoices.class.php @@ -454,6 +454,7 @@ class SupplierInvoices extends DolibarrApi $paiement->multicurrency_amounts = $multicurrency_amounts; // Array with all payments dispatching $paiement->paiementid = $paiementid; $paiement->paiementcode = dol_getIdFromCode($this->db, $paiementid, 'c_paiement', 'id', 'code', 1); + $paiement->oper = $paiement->paiementcode; // For backward compatibility $paiement->num_payment = $num_payment; $paiement->note_public = $comment; diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index 96608ed4fdf..ee304b7438e 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -642,7 +642,7 @@ function TakeposPrintingTemp(){ } function OpenDrawer(){ - console.log("OpenDrawer"); + console.log("OpenDrawer call ajax url http://global->TAKEPOS_PRINT_SERVER; ?>:8111/print"); $.ajax({ type: "POST", url: 'http://global->TAKEPOS_PRINT_SERVER; ?>:8111/print', @@ -651,7 +651,7 @@ function OpenDrawer(){ } function DolibarrOpenDrawer() { - console.log("DolibarrOpenDrawer"); + console.log("DolibarrOpenDrawer call ajax url /takepos/ajax/ajax.php?action=opendrawer&term="); $.ajax({ type: "GET", url: "", diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index aee36f9ddfc..cfde72c9fd3 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -348,6 +348,7 @@ if ($action == "addline") } } if ($idoflineadded <= 0) { + $invoice->fetch_thirdparty(); $idoflineadded = $invoice->addline($prod->description, $price, 1, $tva_tx, $localtax1_tx, $localtax2_tx, $idproduct, $customer->remise_percent, '', 0, 0, 0, '', $price_base_type, $price_ttc, $prod->type, -1, 0, '', 0, $parent_line, null, '', '', 0, 100, '', null, 0); } @@ -721,6 +722,7 @@ function TakeposPrinting(id){ } function TakeposConnector(id){ + console.log("TakeposConnector" + id); var invoice='" + id,