Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 17:48:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into

Browse Source 
develop
This commit is contained in:
Laurent Destailleur (aka Eldy)
2024-12-28 18:07:00 +01:00
parent d84a7cf4a0 324636f1c6
commit 86d41a8a23
6 changed files with 50 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
htdocs/comm/action/index.php
View File

@@ -2001,9 +2001,14 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
$nextindextouse++; // Prepare to use next color $nextindextouse++; // Prepare to use next color
} }
} }
//print '|'.($color).'='.($idusertouse?$idusertouse:0).'='.$colorindex.'<br>'; if (isset($theme_datacolor[$colorindex])) {
// Define color // @suppress-next-line PhanPluginPrintfIncompatibleArgumentType $color = sprintf("%02x%02x%02x", $theme_datacolor[$colorindex][0], $theme_datacolor[$colorindex][1], $theme_datacolor[$colorindex][2]);
$color = sprintf("%02x%02x%02x", $theme_datacolor[$colorindex][0], $theme_datacolor[$colorindex][1], $theme_datacolor[$colorindex][2]); } elseif (getDolGlobalString('THEME_ELDY_BACKBODY')) {
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
$color = colorArrayToHex(explode(',', getDolGlobalString('THEME_ELDY_BACKBODY')));
} else {
$color = "ffffff";
}
} }
$cssclass = $cssclass.' eventday_'.$ymd; $cssclass = $cssclass.' eventday_'.$ymd;
@@ -2377,7 +2382,7 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
function dol_color_minus($color, $minus, $minusunit = 16) function dol_color_minus($color, $minus, $minusunit = 16)
{ {
$newcolor = $color; $newcolor = $color;
if ($minusunit == 16) { if ($minusunit == 16 && is_array($newcolor)) {
$newcolor[0] = dechex(max(min(hexdec($newcolor[0]) - $minus, 15), 0)); $newcolor[0] = dechex(max(min(hexdec($newcolor[0]) - $minus, 15), 0));
$newcolor[2] = dechex(max(min(hexdec($newcolor[2]) - $minus, 15), 0)); $newcolor[2] = dechex(max(min(hexdec($newcolor[2]) - $minus, 15), 0));
$newcolor[4] = dechex(max(min(hexdec($newcolor[4]) - $minus, 15), 0)); $newcolor[4] = dechex(max(min(hexdec($newcolor[4]) - $minus, 15), 0));

8
htdocs/compta/bank/class/paymentvarious.class.php
View File

@@ -834,6 +834,7 @@ class PaymentVarious extends CommonObject
$selected = (empty($arraydata['selected']) ? 0 : $arraydata['selected']); $selected = (empty($arraydata['selected']) ? 0 : $arraydata['selected']);
$bankline = ((empty($arraydata['bankline']) || empty($arraydata['bankline']->id)) ? 0 : $arraydata['bankline']); $bankline = ((empty($arraydata['bankline']) || empty($arraydata['bankline']->id)) ? 0 : $arraydata['bankline']);
$formatedaccountancycode = (empty($arraydata['formatedaccountancycode']) ? '' : $arraydata['formatedaccountancycode']);
$return = '<div class="box-flex-item box-flex-grow-zero">'; $return = '<div class="box-flex-item box-flex-grow-zero">';
$return .= '<div class="info-box info-box-sm">'; $return .= '<div class="info-box info-box-sm">';
@@ -854,9 +855,14 @@ class PaymentVarious extends CommonObject
$return .= ' - <span class="info-box-label">'.$this->type_payment.'</span>'; $return .= ' - <span class="info-box-label">'.$this->type_payment.'</span>';
} }
} }
if (property_exists($this, 'accountancy_code')) { if (!empty($formatedaccountancycode)) {
$return .= '<br><span class="opacitymedium">'.$langs->trans("Account").'</span> : <span class="info-box-label" title="'.$this->accountancy_code.'">';
$return .= $formatedaccountancycode;
$return .= '</span>';
} elseif (property_exists($this, 'accountancy_code')) {
$return .= '<br><span class="opacitymedium">'.$langs->trans("Account").'</span> : <span class="info-box-label" title="'.$this->accountancy_code.'">'.$this->accountancy_code.'</span>'; $return .= '<br><span class="opacitymedium">'.$langs->trans("Account").'</span> : <span class="info-box-label" title="'.$this->accountancy_code.'">'.$this->accountancy_code.'</span>';
} }
if (property_exists($this, 'amount')) { if (property_exists($this, 'amount')) {
$return .= '<br><span class="opacitymedium">'.$langs->trans("Debit").'</span> : <span class="info-box-label amount">'.price($this->amount).'</span>'; $return .= '<br><span class="opacitymedium">'.$langs->trans("Debit").'</span> : <span class="info-box-label amount">'.price($this->amount).'</span>';
} }

20
htdocs/compta/bank/various_payment/list.php
View File

@@ -33,7 +33,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php'; require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php';
require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingjournal.class.php'; require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingjournal.class.php';
require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; if (isModEnabled('project')) {
require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
}
/** /**
* @var Conf $conf * @var Conf $conf
@@ -253,7 +255,7 @@ if ($arrayfields['bank']['checked'] && isModEnabled('accounting')) {
if ($arrayfields['bank']['checked']) { if ($arrayfields['bank']['checked']) {
$accountstatic = new Account($db); $accountstatic = new Account($db);
} }
if ($arrayfields['project']['checked']) { if (isModEnabled('project') && $arrayfields['project']['checked']) {
$proj = new Project($db); $proj = new Project($db);
} }
@@ -548,7 +550,7 @@ if ($arrayfields['type']['checked']) {
} }
// Project // Project
if ($arrayfields['project']['checked']) { if (isModEnabled('project') && $arrayfields['project']['checked']) {
print '<td class="liste_titre">'; print '<td class="liste_titre">';
// TODO // TODO
print '</td>'; print '</td>';
@@ -653,7 +655,7 @@ if ($arrayfields['type']['checked']) {
print_liste_field_titre($arrayfields['type']['label'], $_SERVER["PHP_SELF"], 'type', '', $param, '', $sortfield, $sortorder, 'center '); print_liste_field_titre($arrayfields['type']['label'], $_SERVER["PHP_SELF"], 'type', '', $param, '', $sortfield, $sortorder, 'center ');
$totalarray['nbfield']++; $totalarray['nbfield']++;
} }
if ($arrayfields['project']['checked']) { if (isModEnabled('project') && $arrayfields['project']['checked']) {
print_liste_field_titre($arrayfields['project']['label'], $_SERVER["PHP_SELF"], 'fk_project', '', $param, '', $sortfield, $sortorder); print_liste_field_titre($arrayfields['project']['label'], $_SERVER["PHP_SELF"], 'fk_project', '', $param, '', $sortfield, $sortorder);
$totalarray['nbfield']++; $totalarray['nbfield']++;
} }
@@ -716,25 +718,23 @@ while ($i < $imaxinloop) {
$variousstatic->label = $obj->label; $variousstatic->label = $obj->label;
$variousstatic->datep = $obj->datep; $variousstatic->datep = $obj->datep;
$variousstatic->type_payment = $obj->payment_code; $variousstatic->type_payment = $obj->payment_code;
$variousstatic->accountancy_code = $obj->accountancy_code;
$variousstatic->amount = $obj->amount; $variousstatic->amount = $obj->amount;
$accountingaccount->fetch(0, $obj->accountancy_code, 1);
$variousstatic->accountancy_code = $accountingaccount->getNomUrl(0, 0, 1, $obj->accountingaccount, 1);
if ($mode == 'kanban') { if ($mode == 'kanban') {
if ($obj->fk_bank > 0) { if ($obj->fk_bank > 0) {
$bankline->fetch($obj->fk_bank); $bankline->fetch($obj->fk_bank);
} else { } else {
$bankline->id = 0; $bankline->id = 0;
} }
$accountingaccount->fetch(0, $obj->accountancy_code, 1);
if ($i == 0) { if ($i == 0) {
print '<tr class="trkanban"><td colspan="'.$savnbfield.'">'; print '<tr class="trkanban"><td colspan="'.$savnbfield.'">';
print '<div class="box-flex-container kanban">'; print '<div class="box-flex-container kanban">';
} }
// Output Kanban // Output Kanban
print $variousstatic->getKanbanView('', array('selected' => in_array($object->id, $arrayofselected), 'bankline' => $bankline)); print $variousstatic->getKanbanView('', array('selected' => in_array($object->id, $arrayofselected), 'bankline' => $bankline, 'formatedaccountancycode' => $accountingaccount->getNomUrl(0, 0, 1, $obj->accountancy_code, 1)));
if ($i == ($imaxinloop) - 1) { if ($i == ($imaxinloop) - 1) {
print '</div>'; print '</div>';
print '</td></tr>'; print '</td></tr>';
@@ -805,7 +805,7 @@ while ($i < $imaxinloop) {
} }
// Project // Project
if ($arrayfields['project']['checked']) { if (isModEnabled('project') && $arrayfields['project']['checked']) {
print '<td class="nowraponall">'; print '<td class="nowraponall">';
if ($obj->fk_project > 0 && is_object($proj)) { if ($obj->fk_project > 0 && is_object($proj)) {
$proj->fetch($obj->fk_project); $proj->fetch($obj->fk_project);

2
htdocs/core/class/doleditor.class.php
View File

@@ -205,6 +205,8 @@ class DolEditor
$found = 0; $found = 0;
$out = ''; $out = '';
$this->content = ($this->content ?? ''); // to avoid htmlspecialchars(): Passing null to parameter #1 ($string) of type string is deprecated
if (in_array($this->tool, array('textarea', 'ckeditor'))) { if (in_array($this->tool, array('textarea', 'ckeditor'))) {
$found = 1; $found = 1;
//$out.= '<textarea id="'.$this->htmlname.'" name="'.$this->htmlname.'" '.($this->readonly?' disabled':'').' rows="'.$this->rows.'"'.(preg_match('/%/',$this->cols)?' style="margin-top: 5px; width: '.$this->cols.'"':' cols="'.$this->cols.'"').' class="flat">'; //$out.= '<textarea id="'.$this->htmlname.'" name="'.$this->htmlname.'" '.($this->readonly?' disabled':'').' rows="'.$this->rows.'"'.(preg_match('/%/',$this->cols)?' style="margin-top: 5px; width: '.$this->cols.'"':' cols="'.$this->cols.'"').' class="flat">';

4
htdocs/core/js/lib_head.js.php
View File

@@ -1069,11 +1069,11 @@ function document_preview(file, type, title)
}; };
img.src = file; img.src = file;
} }
/* This function is local to document_preview. Variables like file, type, title, object_width and object_height are global inside this function */
function show_preview(mode) { function show_preview(mode) {
/* console.log("mode="+mode+" file="+file+" type="+type+" width="+width+" height="+height); */ /* console.log("mode="+mode+" file="+file+" type="+type+" title=title+" width="+width+" height="+height); */
var newElem = '<object name="objectpreview" data="'+file+'" type="'+type+'" width="'+object_width+'" height="'+object_height+'" param="noparam"></object>'; var newElem = '<object name="objectpreview" data="'+file+'" type="'+type+'" width="'+object_width+'" height="'+object_height+'" param="noparam"></object>';
optionsbuttons = {} optionsbuttons = {}

25
htdocs/core/lib/functions.lib.php
View File

@@ -1903,6 +1903,20 @@ function dol_escape_js($stringtoescape, $mode = 0, $noescapebackslashn = 0)
return strtr($stringtoescape, $substitjs); return strtr($stringtoescape, $substitjs);
} }
/**
* Returns text escaped by RFC 3986 for inclusion into a clicable link.
* This method can be used on the ...in links like href="javascript:..." because when clicking on such links, the browserfirst decode the strind
* and then interpret content that can be javascript.
* Usage of this escapement should be limited to links href="javascript:...". For common URL, use urlencode instead.
*
* @param string $stringtoescape String to escape
* @return string Escaped string.
*/
function dol_escape_uri($stringtoescape)
{
return rawurlencode($stringtoescape);
}
/** /**
* Returns text escaped for inclusion into javascript code * Returns text escaped for inclusion into javascript code
* *
@@ -11853,12 +11867,13 @@ function getAdvancedPreviewUrl($modulepart, $relativepath, $alldata = 0, $param
if ($isAllowedForPreview) { if ($isAllowedForPreview) {
$tmpurl = DOL_URL_ROOT.'/document.php?modulepart='.urlencode($modulepart).'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : ''); $tmpurl = DOL_URL_ROOT.'/document.php?modulepart='.urlencode($modulepart).'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : '');
$title = $langs->transnoentities("Preview"); $title = $langs->transnoentities("Preview");
//$title = '%27-alert(document.domain)-%27'; //$title = '%27-alert(document.domain)-%27'; // An example of js injection into a corrupted title string, that should be blocked by the dol_escape_uri().
//$tmpurl = 'file='.urlencode("'-alert(document.domain)-'_small.jpg"); //$tmpurl = 'file='.urlencode("'-alert(document.domain)-'_small.jpg"); // An example of tmpurl that should be blocked by the dol_escape_uri()
// We need to urlencode the parameter after the dol_escape_js($tmpurl) because $tmpurl may contain n url with param file=abc%27def if file has a ' inside. // We need to do a dol_escape_uri() on the full string after the javascript: because such parts are the URI and when we click on such links, a RFC3986 decode is done,
// and when we click on href with this javascript string, a urlcode is done by browser, converted the %27 of file param // by the browser, converting the %27 (like when having param file=abc%27def), or when having a corrupted title), into a ', BEFORE interpreting the content that can be a js code.
return 'javascript:document_preview(\''.urlencode(dol_escape_js($tmpurl)).'\', \''.urlencode(dol_mimetype($relativepath)).'\', \''.urlencode(dol_escape_js($title)).'\')'; // Using the dol_escape_uri guarantee that we encode for URI so decode retrieve original expected value.
return 'javascript:'.dol_escape_uri('document_preview(\''.dol_escape_js($tmpurl).'\', \''.dol_escape_js(dol_mimetype($relativepath)).'\', \''.dol_escape_js($title).'\')');
} else { } else {
return ''; return '';
} }