Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-07 10:08:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source 
Conflicts:
	htdocs/comm/propal/list.php
	htdocs/core/lib/files.lib.php
	htdocs/don/card.php
This commit is contained in:
Laurent Destailleur
2017-06-18 22:16:34 +02:00
parent 819656bd89 317ab64d7c
commit 996ec4926b
6 changed files with 84 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
htdocs/comm/propal/document.php
View File

@@ -1,6 +1,6 @@
<?php <?php
/* Copyright (C) 2003-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org> /* Copyright (C) 2003-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005 Marc Barilley / Ocebo <marc@ocebo.com> * Copyright (C) 2005 Marc Barilley / Ocebo <marc@ocebo.com>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com> * Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2013 Cédric Salvador <csalvador@gpcsolutions.fr> * Copyright (C) 2013 Cédric Salvador <csalvador@gpcsolutions.fr>
@@ -63,17 +63,18 @@ if (! $sortfield) $sortfield="name";
$object = new Propal($db); $object = new Propal($db);
$object->fetch($id,$ref); $object->fetch($id,$ref);
if ($object->id > 0)
{
$object->fetch_thirdparty();
$upload_dir = $conf->propal->dir_output.'/'.dol_sanitizeFileName($object->ref);
include_once DOL_DOCUMENT_ROOT . '/core/actions_linkedfiles.inc.php';
}
/* /*
* Actions * Actions
*/ */
if ($object->id > 0)
{
$object->fetch_thirdparty();
$upload_dir = $conf->propal->dir_output.'/'.dol_sanitizeFileName($object->ref);
include_once DOL_DOCUMENT_ROOT . '/core/actions_linkedfiles.inc.php';
}
/* /*
@@ -101,10 +102,10 @@ if ($object->id > 0)
// Proposal card // Proposal card
$linkback = '<a href="' . DOL_URL_ROOT . '/comm/propal/list.php' . (! empty($socid) ? '?socid=' . $socid : '') . '">' . $langs->trans("BackToList") . '</a>'; $linkback = '<a href="' . DOL_URL_ROOT . '/comm/propal/list.php' . (! empty($socid) ? '?socid=' . $socid : '') . '">' . $langs->trans("BackToList") . '</a>';
$morehtmlref='<div class="refidno">'; $morehtmlref='<div class="refidno">';
// Ref customer // Ref customer
$morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); $morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1);
@@ -145,24 +146,24 @@ if ($object->id > 0)
} }
} }
$morehtmlref.='</div>'; $morehtmlref.='</div>';
dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
print '<div class="fichecenter">'; print '<div class="fichecenter">';
print '<div class="underbanner clearboth"></div>'; print '<div class="underbanner clearboth"></div>';
print '<table class="border" width="100%">'; print '<table class="border" width="100%">';
// Files infos // Files infos
print '<tr><td class="titlefield">'.$langs->trans("NbOfAttachedFiles").'</td><td>'.count($filearray).'</td></tr>'; print '<tr><td class="titlefield">'.$langs->trans("NbOfAttachedFiles").'</td><td>'.count($filearray).'</td></tr>';
print '<tr><td>'.$langs->trans("TotalSizeOfAttachedFiles").'</td><td>'.$totalsize.' '.$langs->trans("bytes").'</td></tr>'; print '<tr><td>'.$langs->trans("TotalSizeOfAttachedFiles").'</td><td>'.$totalsize.' '.$langs->trans("bytes").'</td></tr>';
print "</table>\n"; print "</table>\n";
print '</div>'; print '</div>';
dol_fiche_end(); dol_fiche_end();
$modulepart = 'propal'; $modulepart = 'propal';

59
htdocs/comm/propal/list.php
View File

@@ -275,25 +275,25 @@ if (! $user->rights->societe->client->voir && ! $socid) //restriction
$sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
} }
if ($search_town) $sql.= natural_search('s.town', $search_town); if ($search_town) $sql.= natural_search('s.town', $search_town);
if ($search_zip) $sql.= natural_search("s.zip",$search_zip); if ($search_zip) $sql.= natural_search("s.zip", $search_zip);
if ($search_state) $sql.= natural_search("state.nom",$search_state); if ($search_state) $sql.= natural_search("state.nom", $search_state);
if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')'; if ($search_country) $sql .= " AND s.fk_pays IN (".$db->escape($search_country).')';
if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')'; if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$db->escape($search_type_thirdparty).')';
if ($search_ref) $sql .= natural_search('p.ref', $search_ref); if ($search_ref) $sql .= natural_search('p.ref', $search_ref);
if ($search_refcustomer) $sql .= natural_search('p.ref_client', $search_refcustomer); if ($search_refcustomer) $sql .= natural_search('p.ref_client', $search_refcustomer);
if ($search_societe) $sql .= natural_search('s.nom', $search_societe); if ($search_societe) $sql .= natural_search('s.nom', $search_societe);
if ($search_login) $sql.= " AND u.login LIKE '%".$db->escape(trim($search_login))."%'"; if ($search_login) $sql .= natural_search("u.login", $search_login);
if ($search_montant_ht != '') $sql.= natural_search("p.total_ht", $search_montant_ht, 1); if ($search_montant_ht != '') $sql.= natural_search("p.total_ht", $search_montant_ht, 1);
if ($search_montant_vat != '') $sql.= natural_search("p.tva", $search_montant_vat, 1); if ($search_montant_vat != '') $sql.= natural_search("p.tva", $search_montant_vat, 1);
if ($search_montant_ttc != '') $sql.= natural_search("p.total", $search_montant_ttc, 1); if ($search_montant_ttc != '') $sql.= natural_search("p.total", $search_montant_ttc, 1);
if ($sall) { if ($sall) {
$sql .= natural_search(array_keys($fieldstosearchall), $sall); $sql .= natural_search(array_keys($fieldstosearchall), $sall);
} }
if ($search_product_category > 0) $sql.=" AND cp.fk_categorie = ".$search_product_category; if ($search_product_category > 0) $sql.=" AND cp.fk_categorie = ".$db->escape($search_product_category);
if ($socid > 0) $sql.= ' AND s.rowid = '.$socid; if ($socid > 0) $sql.= ' AND s.rowid = '.$socid;
if ($viewstatut != '' && $viewstatut != '-1') if ($viewstatut != '' && $viewstatut != '-1')
{ {
$sql.= ' AND p.fk_statut IN ('.$viewstatut.')'; $sql.= ' AND p.fk_statut IN ('.$db->escape($viewstatut).')';
} }
if ($month > 0) if ($month > 0)
{ {
@@ -302,16 +302,16 @@ if ($month > 0)
else if ($year > 0 && ! empty($day)) else if ($year > 0 && ! empty($day))
$sql.= " AND p.datep BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $month, $day, $year))."' AND '".$db->idate(dol_mktime(23, 59, 59, $month, $day, $year))."'"; $sql.= " AND p.datep BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $month, $day, $year))."' AND '".$db->idate(dol_mktime(23, 59, 59, $month, $day, $year))."'";
else else
$sql.= " AND date_format(p.datep, '%m') = '".$month."'"; $sql.= " AND date_format(p.datep, '%m') = '".$db->escape($month)."'";
} }
else if ($year > 0) else if ($year > 0)
{ {
$sql.= " AND p.datep BETWEEN '".$db->idate(dol_get_first_day($year,1,false))."' AND '".$db->idate(dol_get_last_day($year,12,false))."'"; $sql.= " AND p.datep BETWEEN '".$db->idate(dol_get_first_day($year,1,false))."' AND '".$db->idate(dol_get_last_day($year,12,false))."'";
} }
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$search_sale; if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$db->escape($search_sale);
if ($search_user > 0) if ($search_user > 0)
{ {
$sql.= " AND c.fk_c_type_contact = tc.rowid AND tc.element='propal' AND tc.source='internal' AND c.element_id = p.rowid AND c.fk_socpeople = ".$search_user; $sql.= " AND c.fk_c_type_contact = tc.rowid AND tc.element='propal' AND tc.source='internal' AND c.element_id = p.rowid AND c.fk_socpeople = ".$db->escape($search_user);
} }
// Add where from extra fields // Add where from extra fields
foreach ($search_array_options as $key => $val) foreach ($search_array_options as $key => $val)
@@ -365,23 +365,24 @@ if ($resql)
$arrayofselected=is_array($toselect)?$toselect:array(); $arrayofselected=is_array($toselect)?$toselect:array();
$param='&viewstatut='.$viewstatut; $param='&viewstatut='.urlencode($viewstatut);
if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage; if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit; if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
if ($sall) $param.='&sall='.$sall; if ($sall) $param.='&sall='.urlencode($sall);
if ($month) $param.='&month='.$month; if ($month) $param.='&month='.urlencode($month);
if ($year) $param.='&year='.$year; if ($year) $param.='&year='.urlencode($year);
if ($search_ref) $param.='&search_ref=' .$search_ref; if ($search_ref) $param.='&search_ref='.urlencode($search_ref);
if ($search_refcustomer) $param.='&search_refcustomer=' .$search_refcustomer; if ($search_refcustomer) $param.='&search_refcustomer='.urlencode($search_refcustomer);
if ($search_societe) $param.='&search_societe=' .$search_societe; if ($search_societe) $param.='&search_societe='.urlencode($search_societe);
if ($search_user > 0) $param.='&search_user='.$search_user; if ($search_user > 0) $param.='&search_user='.urlencode($search_user);
if ($search_sale > 0) $param.='&search_sale='.$search_sale; if ($search_sale > 0) $param.='&search_sale='.urlencode($search_sale);
if ($search_montant_ht) $param.='&search_montant_ht='.$search_montant_ht; if ($search_montant_ht) $param.='&search_montant_ht='.urlencode($search_montant_ht);
if ($search_login) $param.='&search_login='.$search_login; if ($search_login) $param.='&search_login='.urlencode($search_login);
if ($search_town) $param.='&search_town='.$search_town; if ($search_town) $param.='&search_town='.urlencode($search_town);
if ($search_zip) $param.='&search_zip='.$search_zip; if ($search_zip) $param.='&search_zip='.urlencode($search_zip);
if ($socid > 0) $param.='&socid='.$socid; if ($socid > 0) $param.='&socid='.urlencode($socid);
if ($optioncss != '') $param.='&optioncss='.$optioncss; if ($optioncss != '') $param.='&optioncss='.urlencode($optioncss);
// Add $param from extra fields // Add $param from extra fields
foreach ($search_array_options as $key => $val) foreach ($search_array_options as $key => $val)
{ {

19
htdocs/core/actions_linkedfiles.inc.php
View File

@@ -73,7 +73,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes')
$ret = dol_delete_file($file, 0, 0, 0, $object); $ret = dol_delete_file($file, 0, 0, 0, $object);
if (! empty($fileold)) dol_delete_file($fileold, 0, 0, 0, $object); // Delete file using old path if (! empty($fileold)) dol_delete_file($fileold, 0, 0, 0, $object); // Delete file using old path
// Si elle existe, on efface la vignette // Si elle existe, on efface la vignette
if (preg_match('/(\.jpg|\.jpeg|\.bmp|\.gif|\.png|\.tiff)$/i',$file,$regs)) if (preg_match('/(\.jpg|\.jpeg|\.bmp|\.gif|\.png|\.tiff)$/i',$file,$regs))
{ {
@@ -152,19 +152,28 @@ elseif ($action == 'renamefile' && GETPOST('renamefilesave'))
{ {
$filenamefrom=dol_sanitizeFileName(GETPOST('renamefilefrom')); $filenamefrom=dol_sanitizeFileName(GETPOST('renamefilefrom'));
$filenameto=dol_sanitizeFileName(GETPOST('renamefileto')); $filenameto=dol_sanitizeFileName(GETPOST('renamefileto'));
// Security:
// Disallow file with some extensions. We rename them.
// Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$filenameto) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED))
{
$filenameto.= '.noexe';
}
if ($filenamefrom && $filenameto) if ($filenamefrom && $filenameto)
{ {
$srcpath = $upload_dir.'/'.$filenamefrom; $srcpath = $upload_dir.'/'.$filenamefrom;
$destpath = $upload_dir.'/'.$filenameto; $destpath = $upload_dir.'/'.$filenameto;
$result = dol_move($srcpath, $destpath); $result = dol_move($srcpath, $destpath);
if ($result) if ($result)
{ {
$object->addThumbs($destpath); $object->addThumbs($destpath);
// TODO Add revert function of addThumbs // TODO Add revert function of addThumbs
//$object->delThumbs($srcpath); //$object->delThumbs($srcpath);
setEventMessages($langs->trans("FileRenamed"), null); setEventMessages($langs->trans("FileRenamed"), null);
} }
else else

4
htdocs/core/lib/files.lib.php
View File

@@ -910,8 +910,8 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable
} }
// Security: // Security:
// Disallow file with some extensions. We renamed them. // Disallow file with some extensions. We rename them.
// Car si on a mis le rep documents dans un rep de la racine web (pas bien), cela permet d'executer du code a la demande. // Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$dest_file) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED)) if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$dest_file) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED))
{ {
$file_name.= '.noexe'; $file_name.= '.noexe';

75
htdocs/don/card.php
View File

@@ -316,17 +316,17 @@ if ($action == 'create')
print '</td>'; print '</td>';
// Amount // Amount
print "<tr>".'<td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input type="text" name="amount" value="'.GETPOST("amount").'" size="10"> '.$langs->trans("Currency".$conf->currency).'</td></tr>'; print "<tr>".'<td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input type="text" name="amount" value="'.dol_escape_htmltag(GETPOST("amount")).'" size="10"> '.$langs->trans("Currency".$conf->currency).'</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans("PublicDonation")."</td><td>"; print '<tr><td class="fieldrequired">'.$langs->trans("PublicDonation")."</td><td>";
print $form->selectyesno("public",isset($_POST["public"])?$_POST["public"]:1,1); print $form->selectyesno("public",isset($_POST["public"])?$_POST["public"]:1,1);
print "</td></tr>\n"; print "</td></tr>\n";
print "<tr>".'<td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" value="'.GETPOST("societe").'" size="40"></td></tr>'; print "<tr>".'<td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" value="'.dol_escape_htmltag(GETPOST("societe")).'" class="maxwidth200"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" value="'.GETPOST("lastname").'" size="40"></td></tr>'; print "<tr>".'<td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" value="'.dol_escape_htmltag(GETPOST("lastname")).'" class="maxwidth200"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" value="'.GETPOST("firstname").'" size="40"></td></tr>'; print "<tr>".'<td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" value="'.dol_escape_htmltag(GETPOST("firstname")).'" class="maxwidth200"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Address").'</td><td>'; print "<tr>".'<td>'.$langs->trans("Address").'</td><td>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="3">'.GETPOST("address").'</textarea></td></tr>'; print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="3">'.dol_escape_htmltag(GETPOST("address")).'</textarea></td></tr>';
// Zip / Town // Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>'; print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
@@ -341,7 +341,7 @@ if ($action == 'create')
if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1); if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1);
print '</td></tr>'; print '</td></tr>';
print "<tr>".'<td>'.$langs->trans("EMail").'</td><td><input type="text" name="email" value="'.GETPOST("email").'" size="40"></td></tr>'; print "<tr>".'<td>'.$langs->trans("EMail").'</td><td><input type="text" name="email" value="'.dol_escape_htmltag(GETPOST("email")).'" class="maxwidth200"></td></tr>';
// Public note // Public note
print '<tr>'; print '<tr>';
@@ -385,9 +385,9 @@ if ($action == 'create')
dol_fiche_end(); dol_fiche_end();
print '<div class="center">'; print '<div class="center">';
print '<input type="submit" class="button" name="save" value="'.$langs->trans("Save").'">'; print '<input type="submit" class="button" name="save" value="'.dol_escape_htmltag($langs->trans("Save")).'">';
print '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'; print '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
print '<input type="button" class="button" value="' . $langs->trans("Cancel") . '" onClick="javascript:history.go(-1)">'; print '<input type="button" class="button" value="'.dol_escape_htmltag($langs->trans("Cancel")).'" onClick="javascript:history.go(-1)">';
print '</div>'; print '</div>';
print "</form>\n"; print "</form>\n";
@@ -439,7 +439,7 @@ if (! empty($id) && $action == 'edit')
// Amount // Amount
if ($object->statut == 0) if ($object->statut == 0)
{ {
print "<tr>".'<td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input type="text" name="amount" size="10" value="'.$object->amount.'"> '.$langs->trans("Currency".$conf->currency).'</td></tr>'; print "<tr>".'<td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input type="text" name="amount" size="10" value="'.dol_escape_htmltag($object->amount).'"> '.$langs->trans("Currency".$conf->currency).'</td></tr>';
} }
else else
{ {
@@ -454,11 +454,11 @@ if (! empty($id) && $action == 'edit')
print "</tr>\n"; print "</tr>\n";
$langs->load("companies"); $langs->load("companies");
print '<tr><td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" size="40" value="'.$object->societe.'"></td></tr>'; print '<tr><td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" class="maxwidth200" value="'.dol_escape_htmltag($object->societe).'"></td></tr>';
print '<tr><td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" size="40" value="'.$object->lastname.'"></td></tr>'; print '<tr><td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" class="maxwidth200" value="'.dol_escape_htmltag($object->lastname).'"></td></tr>';
print '<tr><td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" size="40" value="'.$object->firstname.'"></td></tr>'; print '<tr><td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" class="maxwidth200" value="'.dol_escape_htmltag($object->firstname).'"></td></tr>';
print '<tr><td>'.$langs->trans("Address").'</td><td>'; print '<tr><td>'.$langs->trans("Address").'</td><td>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.$object->address.'</textarea></td></tr>'; print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag($object->address).'</textarea></td></tr>';
// Zip / Town // Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>'; print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
@@ -473,7 +473,7 @@ if (! empty($id) && $action == 'edit')
if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1); if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1);
print '</td></tr>'; print '</td></tr>';
print "<tr>".'<td>'.$langs->trans("EMail").'</td><td><input type="text" name="email" size="40" value="'.$object->email.'"></td></tr>'; print "<tr>".'<td>'.$langs->trans("EMail").'</td><td><input type="text" name="email" class="maxwidth200" value="'.dol_escape_htmltag($object->email).'"></td></tr>';
print "<tr><td>".$langs->trans("PaymentMode")."</td><td>\n"; print "<tr><td>".$langs->trans("PaymentMode")."</td><td>\n";
@@ -594,13 +594,6 @@ if (! empty($id) && $action != 'edit')
print '<table class="border" width="100%">'; print '<table class="border" width="100%">';
// Ref
/*
print '<tr><td class="titlefield">'.$langs->trans("Ref").'</td><td colspan="2">';
print $form->showrefnav($object, 'rowid', $linkback, 1, 'rowid', 'ref', '');
print '</td>';
print '</tr>';
*/
// Date // Date
print '<tr><td class="titlefield">'.$langs->trans("Date").'</td><td colspan="2">'; print '<tr><td class="titlefield">'.$langs->trans("Date").'</td><td colspan="2">';
print dol_print_date($object->date,"day"); print dol_print_date($object->date,"day");
@@ -617,52 +610,12 @@ if (! empty($id) && $action != 'edit')
print '<tr><td>'.$langs->trans("Company").'</td><td colspan="2">'.$object->societe.'</td></tr>'; print '<tr><td>'.$langs->trans("Company").'</td><td colspan="2">'.$object->societe.'</td></tr>';
print '<tr><td>'.$langs->trans("Lastname").'</td><td colspan="2">'.$object->lastname.'</td></tr>'; print '<tr><td>'.$langs->trans("Lastname").'</td><td colspan="2">'.$object->lastname.'</td></tr>';
print '<tr><td>'.$langs->trans("Firstname").'</td><td colspan="2">'.$object->firstname.'</td></tr>'; print '<tr><td>'.$langs->trans("Firstname").'</td><td colspan="2">'.$object->firstname.'</td></tr>';
/*print '<tr><td>'.$langs->trans("Address").'</td><td>'.dol_nl2br($object->address).'</td>';
// Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
print $object->zip.($object->zip && $object->town?' / ':'').$object->town.'</td></tr>';
// Country
print '<tr><td>'.$langs->trans('Country').'</td><td>';
if (! empty($object->country_code))
{
$img=picto_from_langcode($object->country_code);
print ($img?$img.' ':'');
print $object->country;
}
else
{
print $object->country_olddata;
}
print '</td></tr>';
// EMail
print "<tr>".'<td>'.$langs->trans("EMail").'</td><td>'.dol_print_email($object->email).'</td></tr>';
*/
// Payment mode // Payment mode
print "<tr><td>".$langs->trans("PaymentMode")."</td><td>"; print "<tr><td>".$langs->trans("PaymentMode")."</td><td>";
$form->form_modes_reglement(null, $object->modepaymentid,'none'); $form->form_modes_reglement(null, $object->modepaymentid,'none');
print "</td></tr>\n"; print "</td></tr>\n";
//print "<tr>".'<td>'.$langs->trans("Status").'</td><td>'.$object->getLibStatut(4).'</td></tr>';
// Project
/*
if (! empty($conf->projet->enabled))
{
print '<tr>';
print '<td>'.$langs->trans("Project").'</td>';
print '<td>';
$projettmp=new Project($db);
$projettmp->id=$object->fk_projet;
$projettmp->ref=$object->project;
if(! empty($object->fk_projet)) print $projettmp->getNomUrl(1);
print '</td>';
print '</tr>';
}*/
// Other attributes // Other attributes
$cols = 2; $cols = 2;
include DOL_DOCUMENT_ROOT . '/core/tpl/extrafields_view.tpl.php'; include DOL_DOCUMENT_ROOT . '/core/tpl/extrafields_view.tpl.php';

8
htdocs/holiday/list.php
View File

@@ -138,7 +138,7 @@ if($year_start > 0) {
} }
} else { } else {
if($month_start > 0) { if($month_start > 0) {
$filter.= " AND date_format(cp.date_debut, '%m') = '$month_start'"; $filter.= " AND date_format(cp.date_debut, '%m') = '".$db->escape($month_start)."'";
} }
} }
@@ -153,7 +153,7 @@ if($year_end > 0) {
} }
} else { } else {
if($month_end > 0) { if($month_end > 0) {
$filter.= " AND date_format(cp.date_fin, '%m') = '$month_end'"; $filter.= " AND date_format(cp.date_fin, '%m') = '".$db->escape($month_end)."'";
} }
} }
@@ -357,13 +357,13 @@ print '<td class="liste_titre">&nbsp;</td>';
// DATE DEBUT // DATE DEBUT
print '<td class="liste_titre" align="center">'; print '<td class="liste_titre" align="center">';
print '<input class="flat" type="text" size="1" maxlength="2" name="month_start" value="'.$month_start.'">'; print '<input class="flat" type="text" size="1" maxlength="2" name="month_start" value="'.dol_escape_htmltag($month_start).'">';
$formother->select_year($year_start,'year_start',1, $min_year, $max_year); $formother->select_year($year_start,'year_start',1, $min_year, $max_year);
print '</td>'; print '</td>';
// DATE FIN // DATE FIN
print '<td class="liste_titre" align="center">'; print '<td class="liste_titre" align="center">';
print '<input class="flat" type="text" size="1" maxlength="2" name="month_end" value="'.$month_end.'">'; print '<input class="flat" type="text" size="1" maxlength="2" name="month_end" value="'.dol_escape_htmltag($month_end).'">';
$formother->select_year($year_end,'year_end',1, $min_year, $max_year); $formother->select_year($year_end,'year_end',1, $min_year, $max_year);
print '</td>'; print '</td>';