diff --git a/ChangeLog b/ChangeLog
index 1235a85e097..7823d4cefb1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,8 +17,48 @@ Following changes may create regressions for some external modules, but were nec
__PROPALREF__, ...)
+***** ChangeLog for 6.0.1 compared to 6.0.* *****
+FIX: #7000 Dashboard link for late pending payment supplier invoices do not work
+FIX: #7325 Default VAT rate when editing template invoices is 0%
+FIX: #7330
+FIX: #7359
+FIX: #7367
+FIX: #7368
+FIX: #7391
+FIX: #7420
+FIX: Add some missing attributes in Adherent:makeSubstitution (type, phone…
+FIX: Bad const name
+FIX: Bad link to unpayed suppliers invoices
+FIX: Better protection to no send email when we change limit
+FIX: Calculation in the activity box
+FIX: Clean bad parameters when inserting line of template invoice
+FIX: dateSelector was not taken into account
+FIX: hidden option MAIN_PROPAGATE_CONTACTS_FROM_ORIGIN
+FIX: journalization for bank journal should not rely on a label.
+FIX: menu enty when url is external link
+FIX: missing supplier qty and supplier discount in available fields for product export.
+FIX: multicompany better accuracy in rounding and with revenue stamp.
+FIX: Must use pdf format page as default for merging PDF.
+FIX: PDF output was sharing 2 different currencies in same total
+FIX: Position of signature on strato template
+FIX: Protection to avoid to apply credit note discount > remain to pay
+FIX: Remove warning when using log into syslog
+FIX: Responsive
+FIX: Security fixes (filter onload js, less verbose error message in
+FIX: SEPA recording payment must save one payment in bank per customer
+FIX: Several problem with the last event box on project/tasks
+FIX: Sign of amount in origin currency on credit note created from lines
+FIX: Some page of admin were not responsive
+FIX: SQL injection
+FIX: time.php crashed without project id in param
+FIX: transfer of line extrafields from order to invoice
+FIX: Upgrade missing on field
+FIX: View of timespent for another user
+FIX: ODT generation
+FIX: CVE-2017-9840, CVE-2017-14238, CVE-2017-14239, CVE-2017-14240, CVE-2017-14241,
+ CVE-2017-14242
+
***** ChangeLog for 6.0.0 compared to 5.0.* *****
-
NEW: Add experimental BlockeLog module (to log business events in a non reversible log file).
NEW: Add a payment module for Stripe.
NEW: Add module "Product variant" (like red, blue for the product shoes)
diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php
index 40e00d01ffd..dcda8255e7c 100644
--- a/htdocs/api/class/api.class.php
+++ b/htdocs/api/class/api.class.php
@@ -48,7 +48,7 @@ class DolibarrApi
*/
function __construct($db, $cachedir='', $refreshCache=false)
{
- global $conf;
+ global $conf, $dolibarr_main_url_root;
if (empty($cachedir)) $cachedir = $conf->api->dir_temp;
Defaults::$cacheDirectory = $cachedir;
@@ -56,7 +56,9 @@ class DolibarrApi
$this->db = $db;
$production_mode = ( empty($conf->global->API_PRODUCTION_MODE) ? false : true );
$this->r = new Restler($production_mode, $refreshCache);
-
+ $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
+ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
+ $this->r->setBaseUrls(DOL_MAIN_URL_ROOT, $urlwithroot);
$this->r->setAPIVersion(1);
}
diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php
index b491c9007cb..02a16af3c17 100644
--- a/htdocs/comm/action/card.php
+++ b/htdocs/comm/action/card.php
@@ -824,7 +824,7 @@ if ($action == 'create')
// Description
print '
';
print "";
}
diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php
index eb510b53333..53082499a9a 100644
--- a/htdocs/commande/card.php
+++ b/htdocs/commande/card.php
@@ -256,8 +256,8 @@ if (empty($reshook))
$db->begin();
$object->date_commande = $datecommande;
- $object->note_private = GETPOST('note_private');
- $object->note_public = GETPOST('note_public');
+ $object->note_private = GETPOST('note_private','none');
+ $object->note_public = GETPOST('note_public','none');
$object->source = GETPOST('source_id');
$object->fk_project = GETPOST('projectid');
$object->ref_client = GETPOST('ref_client');
@@ -927,7 +927,7 @@ if (empty($reshook))
$date_end='';
$date_start=dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear'));
$date_end=dol_mktime(GETPOST('date_endhour'), GETPOST('date_endmin'), GETPOST('date_endsec'), GETPOST('date_endmonth'), GETPOST('date_endday'), GETPOST('date_endyear'));
- $description=dol_htmlcleanlastbr(GETPOST('product_desc'));
+ $description=dol_htmlcleanlastbr(GETPOST('product_desc','none'));
$pu_ht=GETPOST('price_ht');
$vat_rate=(GETPOST('tva_tx')?GETPOST('tva_tx'):0);
$pu_ht_devise = GETPOST('multicurrency_subprice');
diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php
index 8006a120996..2535d8e7442 100644
--- a/htdocs/compta/facture/card.php
+++ b/htdocs/compta/facture/card.php
@@ -1414,6 +1414,7 @@ if (empty($reshook))
{
$line->origin = $object->origin;
$line->origin_id = $line->id;
+ $line->fetch_optionals($line->id);
}
}
@@ -1435,7 +1436,21 @@ if (empty($reshook))
$object->situation_counter = $object->situation_counter + 1;
$id = $object->createFromCurrent($user);
- if ($id <= 0) $mesg = $object->error;
+ if ($id <= 0)
+ {
+ $mesg = $object->error;
+ }
+ else
+ {
+ $nextSituationInvoice = new Facture($db);
+ $nextSituationInvoice->fetch($id);
+ // create extrafields with data from create form
+ $extralabels = $extrafields->fetch_name_optionals_label($nextSituationInvoice->table_element);
+ $ret = $extrafields->setOptionalsFromPost($extralabels, $nextSituationInvoice);
+ if ($ret > 0) {
+ $nextSituationInvoice->insertExtraFields();
+ }
+ }
}
}
@@ -1801,7 +1816,7 @@ if (empty($reshook))
$date_end = '';
$date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear'));
$date_end = dol_mktime(GETPOST('date_endhour'), GETPOST('date_endmin'), GETPOST('date_endsec'), GETPOST('date_endmonth'), GETPOST('date_endday'), GETPOST('date_endyear'));
- $description = dol_htmlcleanlastbr(GETPOST('product_desc') ? GETPOST('product_desc') : GETPOST('desc'));
+ $description = dol_htmlcleanlastbr(GETPOST('product_desc','none') ? GETPOST('product_desc','none') : GETPOST('desc','none'));
$pu_ht = GETPOST('price_ht');
$vat_rate = (GETPOST('tva_tx') ? GETPOST('tva_tx') : 0);
$qty = GETPOST('qty');
diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php
index f841fc80050..e28d19b95b2 100644
--- a/htdocs/compta/facture/class/api_invoices.class.php
+++ b/htdocs/compta/facture/class/api_invoices.class.php
@@ -192,7 +192,7 @@ class Invoices extends DolibarrApi
foreach($request_data as $field => $value) {
$this->invoice->$field = $value;
}
- if(! array_keys($request_data,'date')) {
+ if(! array_key_exists('date', $request_data)) {
$this->invoice->date = dol_now();
}
/* We keep lines as an array
@@ -276,6 +276,107 @@ class Invoices extends DolibarrApi
);
}
+ /**
+ * Get lines of a given invoice
+ *
+ * @param int $id Id of invoice
+ *
+ * @url GET {id}/lines
+ *
+ * @return array
+ */
+ function getLines($id) {
+ if(! DolibarrApiAccess::$user->rights->facture->lire) {
+ throw new RestException(401);
+ }
+
+ $result = $this->invoice->fetch($id);
+ if( ! $result ) {
+ throw new RestException(404, 'Invoice not found');
+ }
+
+ if( ! DolibarrApi::_checkAccessToResource('facture',$this->invoice->id)) {
+ throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+ }
+ $this->invoice->getLinesArray();
+ $result = array();
+ foreach ($this->invoice->lines as $line) {
+ array_push($result,$this->_cleanObjectDatas($line));
+ }
+ return $result;
+ }
+
+ /**
+ * Add a line to a given invoice
+ *
+ * Exemple of POST query : { "desc": "Desc", "subprice": "1.00000000", "qty": "1", "tva_tx": "20.000", "localtax1_tx": "0.000", "localtax2_tx": "0.000", "fk_product": "1", "remise_percent": "0", "date_start": "", "date_end": "", "fk_code_ventilation": 0, "info_bits": "0", "fk_remise_except": null, "product_type": "1", "rang": "-1", "special_code": "0", "fk_parent_line": null, "fk_fournprice": null, "pa_ht": "0.00000000", "label": "", "array_options": [], "situation_percent": "100", "fk_prev_id": null, "fk_unit": null }
+ *
+ * @param int $id Id of invoice
+ * @param array $request_data Invoiceline data
+ *
+ * @url POST {id}/lines
+ *
+ * @return int
+ */
+ function postLine($id, $request_data = NULL) {
+ if(! DolibarrApiAccess::$user->rights->facture->creer) {
+ throw new RestException(401);
+ }
+
+ $result = $this->invoice->fetch($id);
+ if( ! $result ) {
+ throw new RestException(404, 'Invoice not found');
+ }
+
+ if( ! DolibarrApi::_checkAccessToResource('facture',$this->invoice->id)) {
+ throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+ }
+
+ $request_data = (object) $request_data;
+
+ // Reset fk_parent_line for no child products and special product
+ if (($request_data->product_type != 9 && empty($request_data->fk_parent_line)) || $request_data->product_type == 9) {
+ $request_data->fk_parent_line = 0;
+ }
+
+ $updateRes = $this->invoice->addline(
+ $request_data->desc,
+ $request_data->subprice,
+ $request_data->qty,
+ $request_data->tva_tx,
+ $request_data->localtax1_tx,
+ $request_data->localtax2_tx,
+ $request_data->fk_product,
+ $request_data->remise_percent,
+ $request_data->date_start,
+ $request_data->date_end,
+ $request_data->fk_code_ventilation,
+ $request_data->info_bits,
+ $request_data->fk_remise_except,
+ 'HT',
+ 0,
+ $request_data->product_type,
+ $request_data->rang,
+ $request_data->special_code,
+ 'facture',
+ $id,
+ $request_data->fk_parent_line,
+ $request_data->fk_fournprice,
+ $request_data->pa_ht,
+ $request_data->label,
+ $request_data->array_options,
+ $request_data->situation_percent,
+ $request_data->fk_prev_id,
+ $request_data->fk_unit
+ );
+
+ if ($updateRes > 0) {
+ return $this->get($id)->line->rowid;
+
+ }
+ throw new RestException(400, 'Unable to insert the new line. Check your inputs.');
+ }
+
/**
* Validate an order
*
diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php
index 41cc8042144..b6d294c6e18 100644
--- a/htdocs/compta/facture/class/facture.class.php
+++ b/htdocs/compta/facture/class/facture.class.php
@@ -293,8 +293,8 @@ class Facture extends CommonInvoice
// Fields coming from GUI (priority on template). TODO Value of template should be used as default value on GUI so we can use here always value from GUI
$this->fk_project = GETPOST('projectid','int') > 0 ? GETPOST('projectid','int') : $_facrec->fk_project;
- $this->note_public = GETPOST('note_public') ? GETPOST('note_public') : $_facrec->note_public;
- $this->note_private = GETPOST('note_private') ? GETPOST('note_private') : $_facrec->note_private;
+ $this->note_public = GETPOST('note_public','none') ? GETPOST('note_public','none') : $_facrec->note_public;
+ $this->note_private = GETPOST('note_private','none') ? GETPOST('note_private','none') : $_facrec->note_private;
$this->modelpdf = GETPOST('model') ? GETPOST('model') : $_facrec->modelpdf;
$this->cond_reglement_id = GETPOST('cond_reglement_id') > 0 ? GETPOST('cond_reglement_id') : $_facrec->cond_reglement_id;
$this->mode_reglement_id = GETPOST('mode_reglement_id') > 0 ? GETPOST('mode_reglement_id') : $_facrec->mode_reglement_id;
diff --git a/htdocs/compta/facture/fiche-rec.php b/htdocs/compta/facture/fiche-rec.php
index 58fed19d103..80912bffbad 100644
--- a/htdocs/compta/facture/fiche-rec.php
+++ b/htdocs/compta/facture/fiche-rec.php
@@ -209,8 +209,8 @@ if (empty($reshook))
if (! $error)
{
$object->titre = GETPOST('titre', 'alpha');
- $object->note_private = GETPOST('note_private');
- $object->note_public = GETPOST('note_public');
+ $object->note_private = GETPOST('note_private','none');
+ $object->note_public = GETPOST('note_public','none');
$object->usenewprice = GETPOST('usenewprice');
$object->frequency = $frequency;
@@ -360,7 +360,7 @@ if (empty($reshook))
// For triggers
$line->id = $lineid;
- if ($line->delete() > 0)
+ if ($line->delete($user) > 0)
{
$result=$object->update_price(1);
@@ -723,7 +723,7 @@ if (empty($reshook))
$date_end = '';
//$date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear'));
//$date_end = dol_mktime(GETPOST('date_endhour'), GETPOST('date_endmin'), GETPOST('date_endsec'), GETPOST('date_endmonth'), GETPOST('date_endday'), GETPOST('date_endyear'));
- $description = dol_htmlcleanlastbr(GETPOST('product_desc') ? GETPOST('product_desc') : GETPOST('desc'));
+ $description = dol_htmlcleanlastbr(GETPOST('product_desc','none') ? GETPOST('product_desc','none') : GETPOST('desc','none'));
$pu_ht = GETPOST('price_ht');
$vat_rate = (GETPOST('tva_tx') ? GETPOST('tva_tx') : 0);
$qty = GETPOST('qty');
@@ -965,8 +965,8 @@ if ($action == 'create')
print '
'.$langs->trans("Customer").'
'.$object->thirdparty->getNomUrl(1,'customer').'
';
print '
';
- $note_public=GETPOST('note_public')?GETPOST('note_public'):$object->note_public;
- $note_private=GETPOST('note_private')?GETPOST('note_private'):$object->note_private;
+ $note_public=GETPOST('note_public','none')?GETPOST('note_public','none'):$object->note_public;
+ $note_private=GETPOST('note_private','none')?GETPOST('note_private','none'):$object->note_private;
// Help of substitution key
$substitutionarray=array(
diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php
index 523d5256816..da38e9fb47a 100644
--- a/htdocs/compta/paiement/card.php
+++ b/htdocs/compta/paiement/card.php
@@ -60,7 +60,7 @@ if ($action == 'setnote' && $user->rights->facture->paiement)
$db->begin();
$object->fetch($id);
- $result = $object->update_note(GETPOST('note'));
+ $result = $object->update_note(GETPOST('note','none'));
if ($result > 0)
{
$db->commit();
diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php
index 6d2181886a0..46fa2b3ca87 100644
--- a/htdocs/contrat/card.php
+++ b/htdocs/contrat/card.php
@@ -676,7 +676,7 @@ if (empty($reshook))
$fk_unit = GETPOST('unit', 'alpha');
- $objectline->description=GETPOST('product_desc');
+ $objectline->description=GETPOST('product_desc','none');
$objectline->price_ht=GETPOST('elprice');
$objectline->subprice=GETPOST('elprice');
$objectline->qty=GETPOST('elqty');
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index f2427056fb5..9ebcb295792 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -2987,12 +2987,12 @@ class Form
* Constant MAIN_DEFAULT_PAYMENT_TERM_ID can used to set default value but scope is all application, probably not what you want.
* See instead to force the default value by the caller.
*
- * @param int $selected Id of payment term to preselect by default
- * @param string $htmlname Nom de la zone select
- * @param int $filtertype Not used
+ * @param int $selected Id of payment term to preselect by default
+ * @param string $htmlname Nom de la zone select
+ * @param int $filtertype Not used
* @param int $addempty Add an empty entry
- * @param int $noadmininfo 0=Add admin info, 1=Disable admin info
- * @param string $morecss Add more CSS on select tag
+ * @param int $noinfoadmin 0=Add admin info, 1=Disable admin info
+ * @param string $morecss Add more CSS on select tag
* @return void
*/
function select_conditions_paiements($selected=0, $htmlname='condid', $filtertype=-1, $addempty=0, $noinfoadmin=0, $morecss='')
@@ -3277,7 +3277,7 @@ class Form
$return= '