From 2306f4bb8df6302119ab7995eeadb5753a03f33c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 15 Mar 2025 15:27:44 +0100 Subject: [PATCH 1/4] PHPStan > Update baseline (#33477) Co-authored-by: Dolibot --- dev/build/phpstan/phpstan-baseline.neon | 66 ------------------------- 1 file changed, 66 deletions(-) diff --git a/dev/build/phpstan/phpstan-baseline.neon b/dev/build/phpstan/phpstan-baseline.neon index 79de2d3da3a..8acad6a75bb 100644 --- a/dev/build/phpstan/phpstan-baseline.neon +++ b/dev/build/phpstan/phpstan-baseline.neon @@ -2190,18 +2190,6 @@ parameters: count: 1 path: ../../../htdocs/asset/class/asset.class.php - - - message: '#^Parameter \#4 \$depreciation_ht of method Asset\:\:addDepreciationLine\(\) expects float, string given\.$#' - identifier: argument.type - count: 1 - path: ../../../htdocs/asset/class/asset.class.php - - - - message: '#^Parameter \#5 \$cumulative_depreciation_ht of method Asset\:\:addDepreciationLine\(\) expects float, string given\.$#' - identifier: argument.type - count: 1 - path: ../../../htdocs/asset/class/asset.class.php - - message: '#^Property Asset\:\:\$date_start \(int\|string\) in isset\(\) is not nullable\.$#' identifier: isset.property @@ -9048,12 +9036,6 @@ parameters: count: 1 path: ../../../htdocs/core/class/html.formcompany.class.php - - - message: '#^Parameter \#1 \$selected of method FormCompany\:\:select_state\(\) expects int, string given\.$#' - identifier: argument.type - count: 1 - path: ../../../htdocs/core/class/html.formcompany.class.php - - message: '#^Parameter \#3 \$selected of method Form\:\:multiselectarray\(\) expects array\, array\\|int\> given\.$#' identifier: argument.type @@ -13692,12 +13674,6 @@ parameters: count: 1 path: ../../../htdocs/eventorganization/conferenceorbooth_card.php - - - message: '#^Variable \$text might not be defined\.$#' - identifier: variable.undefined - count: 1 - path: ../../../htdocs/eventorganization/conferenceorbooth_card.php - - message: '#^Call to function method_exists\(\) with Project and ''fetchComments'' will always evaluate to true\.$#' identifier: function.alreadyNarrowedType @@ -13794,12 +13770,6 @@ parameters: count: 1 path: ../../../htdocs/eventorganization/conferenceorboothattendee_card.php - - - message: '#^Variable \$text might not be defined\.$#' - identifier: variable.undefined - count: 1 - path: ../../../htdocs/eventorganization/conferenceorboothattendee_card.php - - message: '#^Variable \$withproject in empty\(\) always exists and is not falsy\.$#' identifier: empty.variable @@ -16452,12 +16422,6 @@ parameters: count: 1 path: ../../../htdocs/hrm/job_card.php - - - message: '#^Variable \$text might not be defined\.$#' - identifier: variable.undefined - count: 1 - path: ../../../htdocs/hrm/job_card.php - - message: '#^Variable \$upload_dir might not be defined\.$#' identifier: variable.undefined @@ -16566,12 +16530,6 @@ parameters: count: 1 path: ../../../htdocs/hrm/skill_card.php - - - message: '#^Variable \$text might not be defined\.$#' - identifier: variable.undefined - count: 1 - path: ../../../htdocs/hrm/skill_card.php - - message: '#^Variable \$upload_dir might not be defined\.$#' identifier: variable.undefined @@ -18168,12 +18126,6 @@ parameters: count: 1 path: ../../../htdocs/mrp/mo_movements.php - - - message: '#^Variable \$text might not be defined\.$#' - identifier: variable.undefined - count: 1 - path: ../../../htdocs/mrp/mo_movements.php - - message: '#^If condition is always false\.$#' identifier: if.alwaysFalse @@ -20046,12 +19998,6 @@ parameters: count: 1 path: ../../../htdocs/product/stock/stocktransfer/stocktransfer_card.php - - - message: '#^Variable \$text might not be defined\.$#' - identifier: variable.undefined - count: 1 - path: ../../../htdocs/product/stock/stocktransfer/stocktransfer_card.php - - message: '#^Property CommonObject\:\:\$entity \(int\) in isset\(\) is not nullable\.$#' identifier: isset.property @@ -22668,12 +22614,6 @@ parameters: count: 1 path: ../../../htdocs/recruitment/recruitmentcandidature_list.php - - - message: '#^Variable \$text might not be defined\.$#' - identifier: variable.undefined - count: 1 - path: ../../../htdocs/recruitment/recruitmentcandidature_list.php - - message: '#^Property RecruitmentJobPosition\:\:\$entity \(int\) in isset\(\) is not nullable\.$#' identifier: isset.property @@ -22698,12 +22638,6 @@ parameters: count: 1 path: ../../../htdocs/recruitment/recruitmentjobposition_applications.php - - - message: '#^Variable \$text might not be defined\.$#' - identifier: variable.undefined - count: 1 - path: ../../../htdocs/recruitment/recruitmentjobposition_applications.php - - message: '#^If condition is always true\.$#' identifier: if.alwaysTrue From 749ac40fa2b9bbde4d21dbea7456a95df1893725 Mon Sep 17 00:00:00 2001 From: Lenin Rivas <53640168+leninrivas@users.noreply.github.com> Date: Sat, 15 Mar 2025 09:28:30 -0500 Subject: [PATCH 2/4] FIX Search date facture (#33476) --- htdocs/compta/facture/list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 1572c859f3a..30ae1be9eba 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -137,8 +137,8 @@ $search_date_startyear = GETPOSTINT('search_date_startyear'); $search_date_endday = GETPOSTINT('search_date_endday'); $search_date_endmonth = GETPOSTINT('search_date_endmonth'); $search_date_endyear = GETPOSTINT('search_date_endyear'); -$search_date_start = GETPOSTDATE('search_date_valid_start', 'getpost'); // Use tzserver because date invoice is a date without hour -$search_date_end = GETPOSTDATE('search_date_valid_end', 'getpostend'); +$search_date_start = GETPOSTDATE('search_date_start', 'getpost'); // Use tzserver because date invoice is a date without hour +$search_date_end = GETPOSTDATE('search_date_end', 'getpostend'); $search_date_valid_startday = GETPOSTINT('search_date_valid_startday'); $search_date_valid_startmonth = GETPOSTINT('search_date_valid_startmonth'); From bf2a2b5eb3ff968e258c4f2ef57061a533cc4c0c Mon Sep 17 00:00:00 2001 From: atm-lena <52402938+atm-lena@users.noreply.github.com> Date: Sat, 15 Mar 2025 15:30:09 +0100 Subject: [PATCH 3/4] Add hidden conf : NB_REC_FACT_GEN_BY_CALL (#33473) * Add hidden conf : NB_REC_FACT_GEN_BY_CALL * Update fournisseur.facture-rec.class.php --------- Co-authored-by: atm-lena Co-authored-by: Laurent Destailleur --- htdocs/fourn/class/fournisseur.facture-rec.class.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/fourn/class/fournisseur.facture-rec.class.php b/htdocs/fourn/class/fournisseur.facture-rec.class.php index ca8000c2dc9..19476de135f 100644 --- a/htdocs/fourn/class/fournisseur.facture-rec.class.php +++ b/htdocs/fourn/class/fournisseur.facture-rec.class.php @@ -1374,6 +1374,9 @@ class FactureFournisseurRec extends CommonInvoice $sql .= ' AND rowid = '. (int) $restrictioninvoiceid; } $sql .= $this->db->order('entity', 'ASC'); + if (getDolGlobalInt('NB_REC_FACT_GEN_BY_CALL')) { + $sql .= $this->db->plimit(getDolGlobalInt('NB_REC_FACT_GEN_BY_CALL')); + } //print $sql;exit; $parameters = array( 'restrictioninvoiceid' => $restrictioninvoiceid, From 4461a9c6856035123668f92d9b02220da6db7768 Mon Sep 17 00:00:00 2001 From: MDW Date: Sat, 15 Mar 2025 15:33:42 +0100 Subject: [PATCH 4/4] FIX ci: Replace compromised tj-actions/changed-files (#33478) * FIX: Replace compromised tj-actions/changed-files # FIX: Replace compromised tj-actions/changed-files See https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised . * Add changed php file for test --- .github/scripts/get_changed_php.sh | 86 +++++++++++++++++++++++++ .github/workflows/pre-commit.yml | 12 ++-- htdocs/accountancy/admin/account.php | 52 +++++++-------- htdocs/accountancy/admin/categories.php | 8 +-- 4 files changed, 122 insertions(+), 36 deletions(-) create mode 100755 .github/scripts/get_changed_php.sh diff --git a/.github/scripts/get_changed_php.sh b/.github/scripts/get_changed_php.sh new file mode 100755 index 00000000000..60d01874f35 --- /dev/null +++ b/.github/scripts/get_changed_php.sh @@ -0,0 +1,86 @@ +#!/bin/bash +# Copyright (C) 2025 MDW + +set -euo pipefail + +# This script retrieves the list of changed PHP files for a pull request +# using the GitHub API and sets two outputs: +# - any_changed: "true" if at least one PHP file changed, "false" otherwise +# - all_changed_files: space-separated list of changed PHP file paths +# +# Required environment variables: +# GITHUB_TOKEN - GitHub token with repo access +# GITHUB_REPOSITORY - "owner/repo" +# GITHUB_EVENT_PATH - Path to the event JSON payload + +# Verify required environment variables are set +if [[ -z "${GITHUB_TOKEN:-}" ]]; then + echo "GITHUB_TOKEN is not set" >&2 + exit 1 +fi +if [[ -z "${GITHUB_REPOSITORY:-}" ]]; then + echo "GITHUB_REPOSITORY is not set" >&2 + exit 1 +fi +if [[ -z "${GITHUB_EVENT_PATH:-}" ]]; then + echo "GITHUB_EVENT_PATH is not set" >&2 + exit 1 +fi + +# Extract the pull request number from the event payload +pr_number=$(jq --raw-output '.pull_request.number' "$GITHUB_EVENT_PATH") +if [[ "$pr_number" == "null" ]]; then + echo "Not a pull request event" + exit 0 +fi + +# Split repository into owner and repo name +# Split repository into owner and repo name using Bash parameter expansion +owner="${GITHUB_REPOSITORY%%/*}" # Extract text before the first '/' +repo="${GITHUB_REPOSITORY##*/}" # Extract text after the last '/' + +page=1 +per_page=100 +changed_php_files=() + +# Loop through all pages to gather changed files +while true; do + response=$(curl -s -H "Authorization: token ${GITHUB_TOKEN}" \ + "https://api.github.com/repos/${owner}/${repo}/pulls/${pr_number}/files?per_page=${per_page}&page=${page}") + + # Filter for files ending with .php and add them to the list + mapfile -t files < <(echo "$response" | jq -r '.[] | select(.filename | test("\\.php$")) | .filename') + changed_php_files+=("${files[@]}") + + # Check if we have reached the last page (less than per_page results) + count=$(echo "$response" | jq 'length') + if (( count < per_page )); then + break + fi + ((page++)) +done + + +# Build a space-separated string of changed PHP files +# This does not cope with files that have spaces. +# But such files do not exist in the project (at least not for the +# files we are filtering). +all_changed_files=$(IFS=" " ; echo "${changed_php_files[*]}") + + +# Determine changed files flag +if [ -z "$all_changed_files" ]; then + any_changed="false" +else + any_changed="true" +fi + +# Set outputs for GitHub Actions if GITHUB_OUTPUT is available +if [ -n "${GITHUB_OUTPUT:-}" ]; then + echo "any_changed=${any_changed}" >> "$GITHUB_OUTPUT" + echo "all_changed_files=${all_changed_files}" >> "$GITHUB_OUTPUT" +else + # Otherwise, print the outputs + echo "any_changed=${any_changed}" + echo "all_changed_files=${all_changed_files}" +fi diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 26d49f0b1f4..d8ccef00492 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -27,19 +27,19 @@ jobs: run: sudo apt-get update && sudo apt-get install cppcheck if: false + # Checkout git sources to analyze + - uses: actions/checkout@v4 + # The next uses the git API because there is no clone yet. # It sets the variable steps.changed-php.outputs.all_changed_files for other steps # This is faster for a big repo. - name: Get all changed php files (if PR) id: changed-php - uses: tj-actions/changed-files@v45 if: env.gh_event == 'pull_request' - with: - files: | - **.php + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: ./.github/scripts/get_changed_php.sh - # Checkout git sources to analyze - - uses: actions/checkout@v4 # Action setup-python needs a requirements.txt or pyproject.toml # This ensures one of them exists. - name: Create requirements.txt if no requirements.txt or pyproject.toml diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index b29a76c0d1d..141556354b1 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -2,7 +2,7 @@ /* Copyright (C) 2013-2016 Olivier Geffroy * Copyright (C) 2013-2024 Alexandre Spangaro * Copyright (C) 2016-2018 Laurent Destailleur - * Copyright (C) 2024 MDW + * Copyright (C) 2024-2025 MDW * Copyright (C) 2024 Frédéric France * * This program is free software; you can redistribute it and/or modify @@ -96,15 +96,15 @@ if (!$sortorder) { } $arrayfields = array( - 'aa.account_number' => array('label' => "AccountNumber", 'checked' => 1), - 'aa.label' => array('label' => "Label", 'checked' => 1), - 'aa.labelshort' => array('label' => "LabelToShow", 'checked' => 1), - 'aa.account_parent' => array('label' => "Accountparent", 'checked' => 1), - 'aa.pcg_type' => array('label' => "Pcgtype", 'checked' => 1, 'help' => 'PcgtypeDesc'), - 'categories' => array('label' => "AccountingCategories", 'checked' => -1, 'help' => 'AccountingCategoriesDesc'), - 'aa.reconcilable' => array('label' => "Reconcilable", 'checked' => 1), - 'aa.import_key' => array('label' => "ImportId", 'checked' => -1, 'help' => ''), - 'aa.active' => array('label' => "Activated", 'checked' => 1) + 'aa.account_number' => array('label' => "AccountNumber", 'checked' => '1'), + 'aa.label' => array('label' => "Label", 'checked' => '1'), + 'aa.labelshort' => array('label' => "LabelToShow", 'checked' => '1'), + 'aa.account_parent' => array('label' => "Accountparent", 'checked' => '1'), + 'aa.pcg_type' => array('label' => "Pcgtype", 'checked' => '1', 'help' => 'PcgtypeDesc'), + 'categories' => array('label' => "AccountingCategories", 'checked' => '-1', 'help' => 'AccountingCategoriesDesc'), + 'aa.reconcilable' => array('label' => "Reconcilable", 'checked' => '1'), + 'aa.import_key' => array('label' => "ImportId", 'checked' => '-1', 'help' => ''), + 'aa.active' => array('label' => "Activated", 'checked' => '1') ); if (getDolGlobalInt('MAIN_FEATURES_LEVEL') < 2) { @@ -631,14 +631,14 @@ if ($resql) { if (getDolGlobalString('MAIN_CHECKBOX_LEFT_COLUMN')) { print ''; // if ($permissiontoadd) { // test is always true - print ''; - print img_edit(); - print ''; - print ' '; - print ''; - print img_delete(); - print ''; - print ' '; + print ''; + print img_edit(); + print ''; + print ' '; + print ''; + print img_delete(); + print ''; + print ' '; if ($massactionbutton || $massaction) { // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined $selected = 0; if (in_array($obj->rowid, $arrayofselected)) { @@ -787,14 +787,14 @@ if ($resql) { if (!getDolGlobalString('MAIN_CHECKBOX_LEFT_COLUMN')) { print ''; // if ($permissiontoadd) { // test is always true - print ''; - print img_edit(); - print ''; - print ' '; - print ''; - print img_delete(); - print ''; - print ' '; + print ''; + print img_edit(); + print ''; + print ' '; + print ''; + print img_delete(); + print ''; + print ' '; if ($massactionbutton || $massaction) { // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined $selected = 0; if (in_array($obj->rowid, $arrayofselected)) { diff --git a/htdocs/accountancy/admin/categories.php b/htdocs/accountancy/admin/categories.php index 3686555dd76..1de47c4756c 100644 --- a/htdocs/accountancy/admin/categories.php +++ b/htdocs/accountancy/admin/categories.php @@ -3,7 +3,7 @@ * Copyright (C) 2017-2024 Alexandre Spangaro * Copyright (C) 2022 Laurent Destailleur * Copyright (C) 2024 Frédéric France - * Copyright (C) 2024 MDW + * Copyright (C) 2024-2025 MDW * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -96,7 +96,7 @@ if (!empty($selectcpt)) { } } - $return = $accountingcategory->updateAccAcc($cat_id, $cpts); + $return = $accountingcategory->updateAccAcc((int) $cat_id, $cpts); if ($return < 0) { setEventMessages($langs->trans('errors'), $accountingcategory->errors, 'errors'); @@ -123,7 +123,7 @@ if ($action == 'delete') { $form = new Form($db); $formaccounting = new FormAccounting($db); -$title= $langs->trans('AccountingCategory'); +$title = $langs->trans('AccountingCategory'); $help_url = 'EN:Module_Double_Entry_Accounting#Setup|FR:Module_Comptabilité_en_Partie_Double#Configuration'; llxHeader('', $title, $help_url, '', 0, 0, '', '', '', 'mod-accountancy page-admin_categories'); @@ -144,7 +144,7 @@ print ''; // Select the category print ''; print '
'.$langs->trans("AccountingCategory").''; -$s = $formaccounting->select_accounting_category($cat_id, 'account_category', 1, 0, 0, 0); +$s = $formaccounting->select_accounting_category((int) $cat_id, 'account_category', 1, 0, 0, 0); if ($formaccounting->nbaccounts_category <= 0) { print ''.$s.''; } else {