diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php
index ef3da905990..2826d2fe4e3 100644
--- a/htdocs/product/fournisseurs.php
+++ b/htdocs/product/fournisseurs.php
@@ -300,9 +300,9 @@ if (empty($reshook))
$multicurrency_price = price2num(GETPOST("multicurrency_price", 'alpha'));
$multicurrency_code = GETPOST("multicurrency_code", 'alpha');
- $ret = $object->update_buyprice($quantity, $newprice, $user, $_POST["price_base_type"], $supplier, $_POST["oselDispo"], $ref_fourn, $tva_tx, $_POST["charges"], $remise_percent, 0, $npr, $delivery_time_days, $supplier_reputation, array(), '', $multicurrency_price, $_POST["multicurrency_price_base_type"], $multicurrency_tx, $multicurrency_code, $supplier_description, $barcode, $fk_barcode_type);
+ $ret = $object->update_buyprice($quantity, $newprice, $user, GETPOST("price_base_type"), $supplier, GETPOST("oselDispo"), $ref_fourn, $tva_tx, GETPOST("charges"), $remise_percent, 0, $npr, $delivery_time_days, $supplier_reputation, array(), '', $multicurrency_price, GETPOST("multicurrency_price_base_type"), $multicurrency_tx, $multicurrency_code, $supplier_description, $barcode, $fk_barcode_type);
} else {
- $ret = $object->update_buyprice($quantity, $newprice, $user, $_POST["price_base_type"], $supplier, $_POST["oselDispo"], $ref_fourn, $tva_tx, $_POST["charges"], $remise_percent, 0, $npr, $delivery_time_days, $supplier_reputation, array(), '', 0, 'HT', 1, '', $supplier_description, $barcode, $fk_barcode_type);
+ $ret = $object->update_buyprice($quantity, $newprice, $user, GETPOST("price_base_type"), $supplier, GETPOST("oselDispo"), $ref_fourn, $tva_tx, GETPOST("charges"), $remise_percent, 0, $npr, $delivery_time_days, $supplier_reputation, array(), '', 0, 'HT', 1, '', $supplier_description, $barcode, $fk_barcode_type);
}
if ($ret < 0)
{
@@ -655,7 +655,7 @@ if ($id > 0 || $ref)
}
$currencies = json_encode($currencies);
- print <<
-SCRIPT;
+END;
} else {
// Price qty min
print '| '.$langs->trans("PriceQtyMin").' | ';
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index e0f2369ded3..e375e05ffc1 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -642,31 +642,36 @@ class User extends CommonObject
$this->db->begin();
if (!empty($rid)) {
+ $module = $perms = $subperms = '';
+
// Si on a demande ajout d'un droit en particulier, on recupere
// les caracteristiques (module, perms et subperms) de ce droit.
$sql = "SELECT module, perms, subperms";
$sql .= " FROM ".MAIN_DB_PREFIX."rights_def";
- $sql .= " WHERE id = '".$this->db->escape($rid)."'";
- $sql .= " AND entity = ".$entity;
+ $sql .= " WHERE id = ".((int) $rid);
+ $sql .= " AND entity = ".((int) $entity);
$result = $this->db->query($sql);
if ($result) {
$obj = $this->db->fetch_object($result);
- $module = $obj->module;
- $perms = $obj->perms;
- $subperms = $obj->subperms;
+
+ if ($obj) {
+ $module = $obj->module;
+ $perms = $obj->perms;
+ $subperms = $obj->subperms;
+ }
} else {
$error++;
dol_print_error($this->db);
}
// Where pour la liste des droits a ajouter
- $whereforadd = "id=".$this->db->escape($rid);
+ $whereforadd = "id=".((int) $rid);
// Ajout des droits induits
if (!empty($subperms)) {
- $whereforadd .= " OR (module='$module' AND perms='$perms' AND (subperms='lire' OR subperms='read'))";
+ $whereforadd .= " OR (module='".$this->db->escape($module)."' AND perms='".$this->db->escape($perms)."' AND (subperms='lire' OR subperms='read'))";
} elseif (!empty($perms)) {
- $whereforadd .= " OR (module='$module' AND (perms='lire' OR perms='read') AND subperms IS NULL)";
+ $whereforadd .= " OR (module='".$this->db->escape($module)."' AND (perms='lire' OR perms='read') AND subperms IS NULL)";
}
} else {
// On a pas demande un droit en particulier mais une liste de droits
@@ -763,6 +768,8 @@ class User extends CommonObject
$this->db->begin();
if (!empty($rid)) {
+ $module = $perms = $subperms = '';
+
// Si on a demande supression d'un droit en particulier, on recupere
// les caracteristiques module, perms et subperms de ce droit.
$sql = "SELECT module, perms, subperms";
@@ -773,22 +780,25 @@ class User extends CommonObject
$result = $this->db->query($sql);
if ($result) {
$obj = $this->db->fetch_object($result);
- $module = $obj->module;
- $perms = $obj->perms;
- $subperms = $obj->subperms;
+
+ if ($obj) {
+ $module = $obj->module;
+ $perms = $obj->perms;
+ $subperms = $obj->subperms;
+ }
} else {
$error++;
dol_print_error($this->db);
}
// Where pour la liste des droits a supprimer
- $wherefordel = "id=".$this->db->escape($rid);
+ $wherefordel = "id=".((int) $rid);
// Suppression des droits induits
if ($subperms == 'lire' || $subperms == 'read') {
- $wherefordel .= " OR (module='$module' AND perms='$perms' AND subperms IS NOT NULL)";
+ $wherefordel .= " OR (module='".$this->db->escape($module)."' AND perms='".$this->db->escape($perms)."' AND subperms IS NOT NULL)";
}
if ($perms == 'lire' || $perms == 'read') {
- $wherefordel .= " OR (module='$module')";
+ $wherefordel .= " OR (module='".$this->db->escape($module)."')";
}
} else {
// On a demande suppression d'un droit sur la base d'un nom de module ou perms
@@ -877,7 +887,7 @@ class User extends CommonObject
public function clearrights()
{
dol_syslog(get_class($this)."::clearrights reset user->rights");
- $this->rights = '';
+ $this->rights = null;
$this->nb_rights = 0;
$this->all_permissions_are_loaded = 0;
$this->_tab_loaded = array();
@@ -930,34 +940,37 @@ class User extends CommonObject
if ($resql) {
$num = $this->db->num_rows($resql);
$i = 0;
+
while ($i < $num) {
$obj = $this->db->fetch_object($resql);
- $module = $obj->module;
- $perms = $obj->perms;
- $subperms = $obj->subperms;
+ if ($obj) {
+ $module = $obj->module;
+ $perms = $obj->perms;
+ $subperms = $obj->subperms;
- if ($perms) {
- if (!isset($this->rights) || !is_object($this->rights)) {
- $this->rights = new stdClass(); // For avoid error
- }
- if ($module) {
- if (!isset($this->rights->$module) || !is_object($this->rights->$module)) {
- $this->rights->$module = new stdClass();
+ if (! empty($perms)) {
+ if (!isset($this->rights) || !is_object($this->rights)) {
+ $this->rights = new stdClass(); // For avoid error
}
- if ($subperms) {
- if (!isset($this->rights->$module->$perms) || !is_object($this->rights->$module->$perms)) {
- $this->rights->$module->$perms = new stdClass();
+ if (! empty($module)) {
+ if (!isset($this->rights->$module) || !is_object($this->rights->$module)) {
+ $this->rights->$module = new stdClass();
}
- if (empty($this->rights->$module->$perms->$subperms)) {
- $this->nb_rights++;
+ if (! empty($subperms)) {
+ if (!isset($this->rights->$module->$perms) || !is_object($this->rights->$module->$perms)) {
+ $this->rights->$module->$perms = new stdClass();
+ }
+ if (empty($this->rights->$module->$perms->$subperms)) {
+ $this->nb_rights++;
+ }
+ $this->rights->$module->$perms->$subperms = 1;
+ } else {
+ if (empty($this->rights->$module->$perms)) {
+ $this->nb_rights++;
+ }
+ $this->rights->$module->$perms = 1;
}
- $this->rights->$module->$perms->$subperms = 1;
- } else {
- if (empty($this->rights->$module->$perms)) {
- $this->nb_rights++;
- }
- $this->rights->$module->$perms = 1;
}
}
}
@@ -997,32 +1010,36 @@ class User extends CommonObject
while ($i < $num) {
$obj = $this->db->fetch_object($resql);
- $module = $obj->module;
- $perms = $obj->perms;
- $subperms = $obj->subperms;
+ if ($obj) {
+ $module = $obj->module;
+ $perms = $obj->perms;
+ $subperms = $obj->subperms;
- if ($perms) {
- if (!isset($this->rights) || !is_object($this->rights)) {
- $this->rights = new stdClass(); // For avoid error
- }
- if (!isset($this->rights->$module) || !is_object($this->rights->$module)) {
- $this->rights->$module = new stdClass();
- }
- if ($subperms) {
- if (!isset($this->rights->$module->$perms) || !is_object($this->rights->$module->$perms)) {
- $this->rights->$module->$perms = new stdClass();
+ if (! empty($perms)) {
+ if (!isset($this->rights) || !is_object($this->rights)) {
+ $this->rights = new stdClass(); // For avoid error
}
- if (empty($this->rights->$module->$perms->$subperms)) {
- $this->nb_rights++;
- }
- $this->rights->$module->$perms->$subperms = 1;
- } else {
- if (empty($this->rights->$module->$perms)) {
- $this->nb_rights++;
- }
- // if we have already define a subperm like this $this->rights->$module->level1->level2 with llx_user_rights, we don't want override level1 because the level2 can be not define on user group
- if (!isset($this->rights->$module->$perms) || !is_object($this->rights->$module->$perms)) {
- $this->rights->$module->$perms = 1;
+ if (! empty($module)) {
+ if (!isset($this->rights->$module) || !is_object($this->rights->$module)) {
+ $this->rights->$module = new stdClass();
+ }
+ if (! empty($subperms)) {
+ if (!isset($this->rights->$module->$perms) || !is_object($this->rights->$module->$perms)) {
+ $this->rights->$module->$perms = new stdClass();
+ }
+ if (empty($this->rights->$module->$perms->$subperms)) {
+ $this->nb_rights++;
+ }
+ $this->rights->$module->$perms->$subperms = 1;
+ } else {
+ if (empty($this->rights->$module->$perms)) {
+ $this->nb_rights++;
+ }
+ // if we have already define a subperm like this $this->rights->$module->level1->level2 with llx_user_rights, we don't want override level1 because the level2 can be not define on user group
+ if (!isset($this->rights->$module->$perms) || !is_object($this->rights->$module->$perms)) {
+ $this->rights->$module->$perms = 1;
+ }
+ }
}
}
}
diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php
index b2faedb6554..882d33bd562 100644
--- a/htdocs/user/class/usergroup.class.php
+++ b/htdocs/user/class/usergroup.class.php
@@ -425,6 +425,8 @@ class UserGroup extends CommonObject
if (!empty($rid))
{
+ $module = $perms = $subperms = '';
+
// Si on a demande supression d'un droit en particulier, on recupere
// les caracteristiques module, perms et subperms de ce droit.
$sql = "SELECT module, perms, subperms";
@@ -486,8 +488,12 @@ class UserGroup extends CommonObject
$i = 0;
while ($i < $num)
{
+ $nid = 0;
+
$obj = $this->db->fetch_object($result);
- $nid = $obj->id;
+ if ($obj) {
+ $nid = $obj->id;
+ }
$sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights";
$sql .= " WHERE fk_usergroup = $this->id AND fk_id=".$nid;
@@ -567,22 +573,24 @@ class UserGroup extends CommonObject
{
$obj = $this->db->fetch_object($resql);
- $module = $obj->module;
- $perms = $obj->perms;
- $subperms = $obj->subperms;
+ if ($obj) {
+ $module = $obj->module;
+ $perms = $obj->perms;
+ $subperms = $obj->subperms;
- if ($perms)
- {
- if (!isset($this->rights)) $this->rights = new stdClass(); // For avoid error
- if (!isset($this->rights->$module) || !is_object($this->rights->$module)) $this->rights->$module = new stdClass();
- if ($subperms)
+ if ($perms)
{
- if (!isset($this->rights->$module->$perms) || !is_object($this->rights->$module->$perms)) $this->rights->$module->$perms = new stdClass();
- if (empty($this->rights->$module->$perms->$subperms)) $this->nb_rights++;
- $this->rights->$module->$perms->$subperms = 1;
- } else {
- if (empty($this->rights->$module->$perms)) $this->nb_rights++;
- $this->rights->$module->$perms = 1;
+ if (!isset($this->rights)) $this->rights = new stdClass(); // For avoid error
+ if (!isset($this->rights->$module) || !is_object($this->rights->$module)) $this->rights->$module = new stdClass();
+ if ($subperms)
+ {
+ if (!isset($this->rights->$module->$perms) || !is_object($this->rights->$module->$perms)) $this->rights->$module->$perms = new stdClass();
+ if (empty($this->rights->$module->$perms->$subperms)) $this->nb_rights++;
+ $this->rights->$module->$perms->$subperms = 1;
+ } else {
+ if (empty($this->rights->$module->$perms)) $this->nb_rights++;
+ $this->rights->$module->$perms = 1;
+ }
}
}