mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-12-06 17:48:25 +01:00
Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into
develop
This commit is contained in:
Laurent Destailleur (aka Eldy)
@@ -2001,9 +2001,14 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
|
||||
$nextindextouse++; // Prepare to use next color
|
||||
}
|
||||
}
|
||||
//print '|'.($color).'='.($idusertouse?$idusertouse:0).'='.$colorindex.'<br>';
|
||||
// Define color // @suppress-next-line PhanPluginPrintfIncompatibleArgumentType
|
||||
$color = sprintf("%02x%02x%02x", $theme_datacolor[$colorindex][0], $theme_datacolor[$colorindex][1], $theme_datacolor[$colorindex][2]);
|
||||
if (isset($theme_datacolor[$colorindex])) {
|
||||
$color = sprintf("%02x%02x%02x", $theme_datacolor[$colorindex][0], $theme_datacolor[$colorindex][1], $theme_datacolor[$colorindex][2]);
|
||||
} elseif (getDolGlobalString('THEME_ELDY_BACKBODY')) {
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
|
||||
$color = colorArrayToHex(explode(',', getDolGlobalString('THEME_ELDY_BACKBODY')));
|
||||
} else {
|
||||
$color = "ffffff";
|
||||
}
|
||||
}
|
||||
$cssclass = $cssclass.' eventday_'.$ymd;
|
||||
|
||||
@@ -2377,7 +2382,7 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
|
||||
function dol_color_minus($color, $minus, $minusunit = 16)
|
||||
{
|
||||
$newcolor = $color;
|
||||
if ($minusunit == 16) {
|
||||
if ($minusunit == 16 && is_array($newcolor)) {
|
||||
$newcolor[0] = dechex(max(min(hexdec($newcolor[0]) - $minus, 15), 0));
|
||||
$newcolor[2] = dechex(max(min(hexdec($newcolor[2]) - $minus, 15), 0));
|
||||
$newcolor[4] = dechex(max(min(hexdec($newcolor[4]) - $minus, 15), 0));
|
||||
|
||||
@@ -834,6 +834,7 @@ class PaymentVarious extends CommonObject
|
||||
|
||||
$selected = (empty($arraydata['selected']) ? 0 : $arraydata['selected']);
|
||||
$bankline = ((empty($arraydata['bankline']) || empty($arraydata['bankline']->id)) ? 0 : $arraydata['bankline']);
|
||||
$formatedaccountancycode = (empty($arraydata['formatedaccountancycode']) ? '' : $arraydata['formatedaccountancycode']);
|
||||
|
||||
$return = '<div class="box-flex-item box-flex-grow-zero">';
|
||||
$return .= '<div class="info-box info-box-sm">';
|
||||
@@ -854,9 +855,14 @@ class PaymentVarious extends CommonObject
|
||||
$return .= ' - <span class="info-box-label">'.$this->type_payment.'</span>';
|
||||
}
|
||||
}
|
||||
if (property_exists($this, 'accountancy_code')) {
|
||||
if (!empty($formatedaccountancycode)) {
|
||||
$return .= '<br><span class="opacitymedium">'.$langs->trans("Account").'</span> : <span class="info-box-label" title="'.$this->accountancy_code.'">';
|
||||
$return .= $formatedaccountancycode;
|
||||
$return .= '</span>';
|
||||
} elseif (property_exists($this, 'accountancy_code')) {
|
||||
$return .= '<br><span class="opacitymedium">'.$langs->trans("Account").'</span> : <span class="info-box-label" title="'.$this->accountancy_code.'">'.$this->accountancy_code.'</span>';
|
||||
}
|
||||
|
||||
if (property_exists($this, 'amount')) {
|
||||
$return .= '<br><span class="opacitymedium">'.$langs->trans("Debit").'</span> : <span class="info-box-label amount">'.price($this->amount).'</span>';
|
||||
}
|
||||
|
||||
@@ -33,7 +33,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingjournal.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
|
||||
if (isModEnabled('project')) {
|
||||
require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
|
||||
}
|
||||
|
||||
/**
|
||||
* @var Conf $conf
|
||||
@@ -253,7 +255,7 @@ if ($arrayfields['bank']['checked'] && isModEnabled('accounting')) {
|
||||
if ($arrayfields['bank']['checked']) {
|
||||
$accountstatic = new Account($db);
|
||||
}
|
||||
if ($arrayfields['project']['checked']) {
|
||||
if (isModEnabled('project') && $arrayfields['project']['checked']) {
|
||||
$proj = new Project($db);
|
||||
}
|
||||
|
||||
@@ -548,7 +550,7 @@ if ($arrayfields['type']['checked']) {
|
||||
}
|
||||
|
||||
// Project
|
||||
if ($arrayfields['project']['checked']) {
|
||||
if (isModEnabled('project') && $arrayfields['project']['checked']) {
|
||||
print '<td class="liste_titre">';
|
||||
// TODO
|
||||
print '</td>';
|
||||
@@ -653,7 +655,7 @@ if ($arrayfields['type']['checked']) {
|
||||
print_liste_field_titre($arrayfields['type']['label'], $_SERVER["PHP_SELF"], 'type', '', $param, '', $sortfield, $sortorder, 'center ');
|
||||
$totalarray['nbfield']++;
|
||||
}
|
||||
if ($arrayfields['project']['checked']) {
|
||||
if (isModEnabled('project') && $arrayfields['project']['checked']) {
|
||||
print_liste_field_titre($arrayfields['project']['label'], $_SERVER["PHP_SELF"], 'fk_project', '', $param, '', $sortfield, $sortorder);
|
||||
$totalarray['nbfield']++;
|
||||
}
|
||||
@@ -716,25 +718,23 @@ while ($i < $imaxinloop) {
|
||||
$variousstatic->label = $obj->label;
|
||||
$variousstatic->datep = $obj->datep;
|
||||
$variousstatic->type_payment = $obj->payment_code;
|
||||
|
||||
$variousstatic->accountancy_code = $obj->accountancy_code;
|
||||
$variousstatic->amount = $obj->amount;
|
||||
|
||||
$accountingaccount->fetch(0, $obj->accountancy_code, 1);
|
||||
$variousstatic->accountancy_code = $accountingaccount->getNomUrl(0, 0, 1, $obj->accountingaccount, 1);
|
||||
|
||||
if ($mode == 'kanban') {
|
||||
if ($obj->fk_bank > 0) {
|
||||
$bankline->fetch($obj->fk_bank);
|
||||
} else {
|
||||
$bankline->id = 0;
|
||||
}
|
||||
$accountingaccount->fetch(0, $obj->accountancy_code, 1);
|
||||
|
||||
if ($i == 0) {
|
||||
print '<tr class="trkanban"><td colspan="'.$savnbfield.'">';
|
||||
print '<div class="box-flex-container kanban">';
|
||||
}
|
||||
// Output Kanban
|
||||
print $variousstatic->getKanbanView('', array('selected' => in_array($object->id, $arrayofselected), 'bankline' => $bankline));
|
||||
print $variousstatic->getKanbanView('', array('selected' => in_array($object->id, $arrayofselected), 'bankline' => $bankline, 'formatedaccountancycode' => $accountingaccount->getNomUrl(0, 0, 1, $obj->accountancy_code, 1)));
|
||||
if ($i == ($imaxinloop) - 1) {
|
||||
print '</div>';
|
||||
print '</td></tr>';
|
||||
@@ -805,7 +805,7 @@ while ($i < $imaxinloop) {
|
||||
}
|
||||
|
||||
// Project
|
||||
if ($arrayfields['project']['checked']) {
|
||||
if (isModEnabled('project') && $arrayfields['project']['checked']) {
|
||||
print '<td class="nowraponall">';
|
||||
if ($obj->fk_project > 0 && is_object($proj)) {
|
||||
$proj->fetch($obj->fk_project);
|
||||
|
||||
@@ -205,6 +205,8 @@ class DolEditor
|
||||
$found = 0;
|
||||
$out = '';
|
||||
|
||||
$this->content = ($this->content ?? ''); // to avoid htmlspecialchars(): Passing null to parameter #1 ($string) of type string is deprecated
|
||||
|
||||
if (in_array($this->tool, array('textarea', 'ckeditor'))) {
|
||||
$found = 1;
|
||||
//$out.= '<textarea id="'.$this->htmlname.'" name="'.$this->htmlname.'" '.($this->readonly?' disabled':'').' rows="'.$this->rows.'"'.(preg_match('/%/',$this->cols)?' style="margin-top: 5px; width: '.$this->cols.'"':' cols="'.$this->cols.'"').' class="flat">';
|
||||
|
||||
@@ -1069,11 +1069,11 @@ function document_preview(file, type, title)
|
||||
|
||||
};
|
||||
img.src = file;
|
||||
|
||||
}
|
||||
|
||||
/* This function is local to document_preview. Variables like file, type, title, object_width and object_height are global inside this function */
|
||||
function show_preview(mode) {
|
||||
/* console.log("mode="+mode+" file="+file+" type="+type+" width="+width+" height="+height); */
|
||||
/* console.log("mode="+mode+" file="+file+" type="+type+" title=title+" width="+width+" height="+height); */
|
||||
var newElem = '<object name="objectpreview" data="'+file+'" type="'+type+'" width="'+object_width+'" height="'+object_height+'" param="noparam"></object>';
|
||||
|
||||
optionsbuttons = {}
|
||||
|
||||
@@ -1903,6 +1903,20 @@ function dol_escape_js($stringtoescape, $mode = 0, $noescapebackslashn = 0)
|
||||
return strtr($stringtoescape, $substitjs);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns text escaped by RFC 3986 for inclusion into a clicable link.
|
||||
* This method can be used on the ...in links like href="javascript:..." because when clicking on such links, the browserfirst decode the strind
|
||||
* and then interpret content that can be javascript.
|
||||
* Usage of this escapement should be limited to links href="javascript:...". For common URL, use urlencode instead.
|
||||
*
|
||||
* @param string $stringtoescape String to escape
|
||||
* @return string Escaped string.
|
||||
*/
|
||||
function dol_escape_uri($stringtoescape)
|
||||
{
|
||||
return rawurlencode($stringtoescape);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns text escaped for inclusion into javascript code
|
||||
*
|
||||
@@ -11853,12 +11867,13 @@ function getAdvancedPreviewUrl($modulepart, $relativepath, $alldata = 0, $param
|
||||
if ($isAllowedForPreview) {
|
||||
$tmpurl = DOL_URL_ROOT.'/document.php?modulepart='.urlencode($modulepart).'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : '');
|
||||
$title = $langs->transnoentities("Preview");
|
||||
//$title = '%27-alert(document.domain)-%27';
|
||||
//$tmpurl = 'file='.urlencode("'-alert(document.domain)-'_small.jpg");
|
||||
//$title = '%27-alert(document.domain)-%27'; // An example of js injection into a corrupted title string, that should be blocked by the dol_escape_uri().
|
||||
//$tmpurl = 'file='.urlencode("'-alert(document.domain)-'_small.jpg"); // An example of tmpurl that should be blocked by the dol_escape_uri()
|
||||
|
||||
// We need to urlencode the parameter after the dol_escape_js($tmpurl) because $tmpurl may contain n url with param file=abc%27def if file has a ' inside.
|
||||
// and when we click on href with this javascript string, a urlcode is done by browser, converted the %27 of file param
|
||||
return 'javascript:document_preview(\''.urlencode(dol_escape_js($tmpurl)).'\', \''.urlencode(dol_mimetype($relativepath)).'\', \''.urlencode(dol_escape_js($title)).'\')';
|
||||
// We need to do a dol_escape_uri() on the full string after the javascript: because such parts are the URI and when we click on such links, a RFC3986 decode is done,
|
||||
// by the browser, converting the %27 (like when having param file=abc%27def), or when having a corrupted title), into a ', BEFORE interpreting the content that can be a js code.
|
||||
// Using the dol_escape_uri guarantee that we encode for URI so decode retrieve original expected value.
|
||||
return 'javascript:'.dol_escape_uri('document_preview(\''.dol_escape_js($tmpurl).'\', \''.dol_escape_js(dol_mimetype($relativepath)).'\', \''.dol_escape_js($title).'\')');
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user