diff --git a/ChangeLog b/ChangeLog index 80696a3d7a6..cc36bf92412 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,7 +21,16 @@ Fix: When disabled, all fields to add time into task line must be disabled. Fix: Missing include files.lib.php in some pages to use dol_delete_recursive. Fix: [ bug #1558 ] Product/service edit page title shows new Ref instead of old ref. Fix: [ bug #1553 ] Saving User displays setup removes menu. -Fix: [ bug #1544 ] Can remove date from invoice +Fix: [ bug #1544 ] Can remove date from invoice. +Fix: list event view lost type event filter. +Fix: Add code save on create event. +Fix: SQL injection. +Fix: [ bug #1589 ] Menu type in "Edit menu" page is not translated +Fix: [ bug #1591 ] Linked object block shows Total HT/TTC even if not having permission to read them +Fix: [ bug #1577 ] When creating new Private individual third, selected third type is ignored +Fix: [ bug #1555 ] Update accountancy code of products does not throw PRODUCT_MODIFY trigger +Fix: [ bug #1548 ] Supplier payment card shows type in French +Fix: [ bug #1546 ] Incorrect page number when searching in the list of bank transactions ***** ChangeLog for 3.5.4 compared to 3.5.3 ***** Fix: Hide title of event when agenda module disabled. diff --git a/build/debian/control b/build/debian/control index f573f64b812..f4f9e12aa58 100755 --- a/build/debian/control +++ b/build/debian/control @@ -39,10 +39,10 @@ Description: Web based software to manage a company or foundation It's a web software you can install as a standalone program or on any web hosting provider to use it from anywhere with any web browser. . - Dolibarr was designed to be easy to use. Only the features that you need are - visible, depending on which modules were activated. + Dolibarr was designed to be easy to use. Only the features that you need + are visible, depending on which modules were activated. . - Most common used modules are: + This is an example of most common used modules: . Customers, Suppliers or Prospects directory, Contacts directory, @@ -66,6 +66,6 @@ Description: Web based software to manage a company or foundation Wizards to export and import data, LDAP connectivity, PDF exports, - And a lot of more modules... + And a lot more modules... . You can also add third parties external modules or develop yours. diff --git a/build/debian/copyright b/build/debian/copyright index d75283b535a..73109152034 100644 --- a/build/debian/copyright +++ b/build/debian/copyright @@ -61,7 +61,7 @@ License: GPL-3+ Files: htdocs/includes/adodbtime/* Copyright: 2003-2005, John Lim unknown, jackbbs -License: BSD +License: BSD-3-Clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -272,7 +272,7 @@ Comment: Files: htdocs/includes/jquery/plugins/flot/* Copyright: Flot team -License: Public Domain +License: Public-Domain This work is not subject to copyright in any jurisdiction Comment: Those files are not shipped in the binary package because we configure diff --git a/build/debian/get-orig-source.sh b/build/debian/get-orig-source.sh index 57f87ab1999..418bbbc2199 100755 --- a/build/debian/get-orig-source.sh +++ b/build/debian/get-orig-source.sh @@ -8,16 +8,20 @@ echo "tmpdir = $tmpdir" if [ -n "$1" ]; then uscan_opts="--download-version=$1" fi -uscan --noconf --force-download --no-symlink --verbose --destdir=$tmpdir $uscan_opts +#uscan --noconf --force-download --no-symlink --verbose --destdir=$tmpdir $uscan_opts cd $tmpdir +# Other method to download (comment uscan if you use this) +wget http://www.dolibarr.org/files/stable/standard/dolibarr-3.5.4.tgz + +# Rename file to add +dfsg tgzfile=$(echo *.tgz) version=$(echo "$tgzfile" | perl -pi -e 's/^dolibarr-//; s/\.tgz$//; s/_/./g; s/\+nmu1//; ') cd - >/dev/null mv $tmpdir/dolibarr-${version}.tgz ../ -echo "File ../dolibarr-${version}.tgz is ready for git-import" +echo "File ../dolibarr-${version}.tgz is ready for git-import-orig" rm -rf $tmpdir diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index f82f3005514..bf0360c11ce 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1072,7 +1072,7 @@ class Adherent extends CommonObject if ($rowid) $sql.= " AND d.rowid=".$rowid; elseif ($ref || $fk_soc) { $sql.= " AND d.entity IN (".getEntity().")"; - if ($ref) $sql.= " AND d.rowid='".$ref."'"; + if ($ref) $sql.= " AND d.rowid='".$this->db->escape($ref)."'"; elseif ($fk_soc) $sql.= " AND d.fk_soc='".$fk_soc."'"; } elseif ($ref_ext) diff --git a/htdocs/adherents/liste.php b/htdocs/adherents/liste.php index 3a34403425f..1d80c82a713 100644 --- a/htdocs/adherents/liste.php +++ b/htdocs/adherents/liste.php @@ -118,24 +118,24 @@ if ($type > 0) } if (isset($_GET["statut"]) || isset($_POST["statut"])) { - $sql.=" AND d.statut in (".$statut.")"; // Peut valoir un nombre ou liste de nombre separes par virgules + $sql.=" AND d.statut in (".$db->escape($statut).")"; // Peut valoir un nombre ou liste de nombre separes par virgules } if ($search_ref) { - if (is_numeric($search_ref)) $sql.= " AND (d.rowid = ".$search_ref.")"; + if (is_numeric($search_ref)) $sql.= " AND (d.rowid = ".$db->escape($search_ref).")"; else $sql.=" AND 1 = 2"; // Always wrong } if ($search_lastname) { - $sql.= " AND (d.firstname LIKE '%".$search_lastname."%' OR d.lastname LIKE '%".$search_lastname."%')"; + $sql.= " AND (d.firstname LIKE '%".$db->escape($search_lastname)."%' OR d.lastname LIKE '%".$db->escape($search_lastname)."%')"; } if ($search_login) { - $sql.= " AND d.login LIKE '%".$search_login."%'"; + $sql.= " AND d.login LIKE '%".$db->escape($search_logi)."%'"; } if ($search_email) { - $sql.= " AND (d.email LIKE '%".$search_email."%')"; + $sql.= " AND (d.email LIKE '%".$db->escape($search_email)."%')"; } if ($filter == 'uptodate') { diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index bf382be58ed..5c7d336c4a0 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -317,7 +317,7 @@ if ($action == 'create') print ''.$langs->trans('Type').''; if ($parent_rowid) { - print 'Left'; + print $langs->trans('Left'); print ''; } else diff --git a/htdocs/cashdesk/index.php b/htdocs/cashdesk/index.php index fe4171de72e..25aa73211d2 100644 --- a/htdocs/cashdesk/index.php +++ b/htdocs/cashdesk/index.php @@ -39,6 +39,7 @@ if ( $_SESSION['uid'] > 0 ) } $usertxt=GETPOST('user','',1); +$err=GETPOST("err"); /* @@ -64,7 +65,7 @@ top_htmlhead('','',0,0,'',$arrayofcss);
-
\n"; ?> +
\n"; ?>
trans("Identification"); ?>
diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index b7e2ed030ab..60b738ea8ba 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -1122,12 +1122,29 @@ class Categorie { $cats = array(); - $table=''; $type=''; - if ($typeid == 0 || $typeid == 'product') { $typeid=0; $table='product'; $type='product'; } - else if ($typeid == 1 || $typeid == 'supplier') { $typeid=1; $table='societe'; $type='fournisseur'; } - else if ($typeid == 2 || $typeid == 'customer') { $typeid=2; $table='societe'; $type='societe'; } - else if ($typeid == 3 || $typeid == 'member') { $typeid=3; $table='member'; $type='member'; } - else if ($typeid == 4 || $typeid == 'contact') { $typeid=4; $table='socpeople'; $type='contact'; } + $table = ''; + $type = ''; + if ($typeid === 0 || $typeid === '0' || $typeid == 'product') { + $typeid = 0; + $table = 'product'; + $type = 'product'; + } else if ($typeid === 1 || $typeid === '1' || $typeid == 'supplier') { + $typeid = 1; + $table = 'societe'; + $type = 'fournisseur'; + } else if ($typeid === 2 || $typeid === '2' || $typeid == 'customer') { + $typeid = 2; + $table = 'societe'; + $type = 'societe'; + } else if ($typeid === 3 || $typeid === '3' || $typeid == 'member') { + $typeid = 3; + $table = 'member'; + $type = 'member'; + } else if ($typeid === 4 || $typeid === '4' || $typeid == 'contact') { + $typeid = 4; + $table = 'socpeople'; + $type = 'contact'; + } $sql = "SELECT ct.fk_categorie, c.label"; $sql.= " FROM ".MAIN_DB_PREFIX."categorie_".$type." as ct, ".MAIN_DB_PREFIX."categorie as c"; diff --git a/htdocs/categories/fiche.php b/htdocs/categories/fiche.php index d43c4df9a3d..58b4696c305 100644 --- a/htdocs/categories/fiche.php +++ b/htdocs/categories/fiche.php @@ -132,7 +132,7 @@ if ($action == 'add' && $user->rights->categorie->creer) // Create category in database if (! $error) { - $result = $object->create(); + $result = $object->create($user); if ($result > 0) { $action = 'confirmed'; diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 10082062d06..b51b33e5b66 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -140,6 +140,7 @@ class ActionComm extends CommonObject if ($result > 0) { $this->type_id=$cactioncomm->id; + $this->code=$cactioncomm->code; } else if ($result == 0) { diff --git a/htdocs/comm/action/listactions.php b/htdocs/comm/action/listactions.php index ebe68fa3328..8b945a16670 100644 --- a/htdocs/comm/action/listactions.php +++ b/htdocs/comm/action/listactions.php @@ -211,7 +211,7 @@ if ($resql) $head = calendars_prepare_head(''); dol_fiche_head($head, 'card', $langs->trans('Events'), 0, 'list'); - print_actions_filter($form,$canedit,$status,$year,$month,$day,$showbirthday,$filtera,$filtert,$filterd,$pid,$socid,-1); + print_actions_filter($form,$canedit,$status,$year,$month,$day,$showbirthday,$filtera,$filtert,$filterd,$pid,$socid,-1,$actioncode); dol_fiche_end(); // Add link to show birthdays diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 244333a9a93..1c2fe54cc71 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1046,7 +1046,7 @@ class Propal extends CommonObject $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_input_reason as dr ON p.fk_input_reason = dr.rowid'; $sql.= " WHERE p.fk_statut = c.id"; $sql.= " AND p.entity = ".$conf->entity; - if ($ref) $sql.= " AND p.ref='".$ref."'"; + if ($ref) $sql.= " AND p.ref='".$this->db->escape($ref)."'"; else $sql.= " AND p.rowid=".$rowid; dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); diff --git a/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php b/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php index 632dee63965..cb920afd5fc 100644 --- a/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php +++ b/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php @@ -1,6 +1,7 @@ - * Copyright (C) 2013 Juanjo Menent + * Copyright (C) 2013 Juanjo Menent + * Copyright (C) 2014 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,6 +28,8 @@ id ?>">trans("ShowPropal"),"propal").' '.$object->ref; ?> ref_client; ?> date,'day'); ?> - total_ht); ?> + rights->propale->lire) { + $total = $total + $object->total_ht; + echo price($object->total_ht); + } ?> getLibStatut(3); ?> total_ht; } ?> trans('TotalHT'); ?> - + rights->propale->lire) { + echo price($total); + } ?>   diff --git a/htdocs/commande/info.php b/htdocs/commande/info.php index c874ec049b8..fba4a600031 100644 --- a/htdocs/commande/info.php +++ b/htdocs/commande/info.php @@ -34,7 +34,7 @@ $langs->load("sendings"); // Security check $socid=0; -$comid = isset($_GET["id"])?$_GET["id"]:''; +$comid = GETPOST("id",'int'); if ($user->societe_id) $socid=$user->societe_id; $result=restrictedArea($user,'commande',$comid,''); @@ -47,8 +47,8 @@ $result=restrictedArea($user,'commande',$comid,''); llxHeader('',$langs->trans('Order'),'EN:Customers_Orders|FR:Commandes_Clients|ES:Pedidos de clientes'); $commande = new Commande($db); -$commande->fetch($_GET["id"]); -$commande->info($_GET["id"]); +$commande->fetch($comid); +$commande->info($comid); $soc = new Societe($db); $soc->fetch($commande->socid); diff --git a/htdocs/commande/orderstoinvoice.php b/htdocs/commande/orderstoinvoice.php index 7411d3a9368..a2a1974944b 100644 --- a/htdocs/commande/orderstoinvoice.php +++ b/htdocs/commande/orderstoinvoice.php @@ -45,7 +45,7 @@ $langs->load('companies'); if (! $user->rights->facture->creer) accessforbidden(); -$id = (GETPOST('id')?GETPOST("id"):GETPOST("facid")); // For backward compatibility +$id = (GETPOST('id')?GETPOST('id','int'):GETPOST("facid")); // For backward compatibility $ref = GETPOST('ref','alpha'); $action = GETPOST('action','alpha'); $confirm = GETPOST('confirm','alpha'); @@ -97,7 +97,7 @@ if (($action == 'create' || $action == 'add') && empty($mesgs)) require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/invoice.lib.php'; if (! empty($conf->projet->enabled)) require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; - + $langs->load('bills'); $langs->load('products'); $langs->load('main'); @@ -213,7 +213,7 @@ if (($action == 'create' || $action == 'add') && empty($mesgs)) $result=$objectsrc->fetch($orders_id[$ii]); if ($result > 0) { - if ($closeOrders) + if ($closeOrders) { $objectsrc->classifyBilled(); $objectsrc->setStatut(3); diff --git a/htdocs/commande/tpl/linkedobjectblock.tpl.php b/htdocs/commande/tpl/linkedobjectblock.tpl.php index c7d073501a3..d2fe19c5b6f 100644 --- a/htdocs/commande/tpl/linkedobjectblock.tpl.php +++ b/htdocs/commande/tpl/linkedobjectblock.tpl.php @@ -1,6 +1,7 @@ * Copyright (C) 2013 Juanjo Menent + * Copyright (C) 2014 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -22,6 +23,8 @@ > trans("ShowOrder"),"order").' '.$object->ref; ?> date,'day'); ?> - total_ht); ?> + rights->commande->lire) { + $total = $total + $object->total_ht; + echo price($object->total_ht); + } ?> getLibStatut(3); ?> total_ht; } ?> trans('TotalHT'); ?> - + rights->commande->lire) { + echo price($total); + } ?>   diff --git a/htdocs/compta/bank/account.php b/htdocs/compta/bank/account.php index 2cdda511bdb..e1d595aefcc 100644 --- a/htdocs/compta/bank/account.php +++ b/htdocs/compta/bank/account.php @@ -5,7 +5,7 @@ * Copyright (C) 2004 Christophe Combelles * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2010-2011 Juanjo Menent - * Copyright (C) 2012 Marcos García + * Copyright (C) 2012-2014 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -253,17 +253,22 @@ if ($id > 0 || ! empty($ref)) //Total pages $totalPages = ceil($total_lines/$viewline); - if ($page > 0) - { - $limitsql = ($totalPages - $page) * $viewline; - if ($limitsql < $viewline) $limitsql = $viewline; - $nbline = $limitsql; - } - else - { + if ($totalPages == 0) { $page = 0; - $limitsql = $nbline; + } else { + + if ($page > 0) { + $limitsql = ($totalPages - $page) * $viewline; + if ($limitsql < $viewline) { + $limitsql = $viewline; + } + $nbline = $limitsql; + } else { + $page = 0; + $limitsql = $nbline; + } } + //print $limitsql.'-'.$page.'-'.$viewline; // Onglets diff --git a/htdocs/compta/bank/bankid_fr.php b/htdocs/compta/bank/bankid_fr.php index d193ff83b59..152a3466db1 100644 --- a/htdocs/compta/bank/bankid_fr.php +++ b/htdocs/compta/bank/bankid_fr.php @@ -34,7 +34,7 @@ $langs->load("categories"); $langs->load("bills"); $action=GETPOST('action'); -$id=GETPOST('id'); +$id=GETPOST('id','int'); // Security check if (isset($_GET["id"]) || isset($_GET["ref"])) diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index e0590d422fd..b17b59cf704 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -2352,7 +2352,7 @@ if ($action == 'create') // Payment mode print ''.$langs->trans('PaymentMode').''; - $form->select_types_paiements(isset($_POST['mode_reglement_id'])?$_POST['mode_reglement_id']:$mode_reglement_id,'mode_reglement_id'); + $form->select_types_paiements(isset($_POST['mode_reglement_id'])?$_POST['mode_reglement_id']:$mode_reglement_id, 'mode_reglement_id', 'CRDT'); print ''; // Project @@ -3356,11 +3356,11 @@ else if ($id > 0 || ! empty($ref)) print ''; if ($action == 'editmode') { - $form->form_modes_reglement($_SERVER['PHP_SELF'].'?facid='.$object->id,$object->mode_reglement_id,'mode_reglement_id'); + $form->form_modes_reglement($_SERVER['PHP_SELF'].'?facid='.$object->id, $object->mode_reglement_id, 'mode_reglement_id', 'CRDT'); } else { - $form->form_modes_reglement($_SERVER['PHP_SELF'].'?facid='.$object->id,$object->mode_reglement_id,'none'); + $form->form_modes_reglement($_SERVER['PHP_SELF'].'?facid='.$object->id, $object->mode_reglement_id, 'none', 'CRDT'); } print ''; diff --git a/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php b/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php index f0fca0b90ff..ae3038a6021 100644 --- a/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php +++ b/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php @@ -1,6 +1,7 @@ * Copyright (C) 2013 Juanjo Menent + * Copyright (C) 2014 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -22,6 +23,8 @@ > trans("ShowBill"),"bill").' '.$object->ref; ?> date,'day'); ?> - total_ht); ?> + rights->facture->lire) { + $total = $total + $object->total_ht; + echo price($object->total_ht); + } ?> getLibStatut(3); ?> total_ht; } ?> trans("TotalHT"); ?> - + rights->facture->lire) { + echo price($total); + } ?>   diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 740d92ac0d8..aa2ff1564b6 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -907,7 +907,7 @@ class BonPrelevement extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."prelevement_bons ("; $sql.= " ref, entity, datec"; $sql.= ") VALUES ("; - $sql.= "'".$ref."'"; + $sql.= "'".$this->db->escape($ref)."'"; $sql.= ", ".$conf->entity; $sql.= ", '".$this->db->idate($now)."'"; $sql.= ")"; diff --git a/htdocs/compta/prelevement/liste.php b/htdocs/compta/prelevement/liste.php index 2cd859969a9..2767d456d22 100644 --- a/htdocs/compta/prelevement/liste.php +++ b/htdocs/compta/prelevement/liste.php @@ -78,19 +78,19 @@ $sql.= " AND f.entity = ".$conf->entity; if ($socid) $sql.= " AND s.rowid = ".$socid; if ($search_line) { - $sql.= " AND pl.rowid = '".$search_line."'"; + $sql.= " AND pl.rowid = '".$db->escape($search_line)."'"; } if ($search_bon) { - $sql.= " AND p.ref LIKE '%".$search_bon."%'"; + $sql.= " AND p.ref LIKE '%".$db->escape($search_bon)."%'"; } if ($search_code) { - $sql.= " AND s.code_client LIKE '%".$search_code."%'"; + $sql.= " AND s.code_client LIKE '%".$db->escape($search_code)."%'"; } if ($search_societe) { - $sql .= " AND s.nom LIKE '%".$search_societe."%'"; + $sql .= " AND s.nom LIKE '%".$db->escape($search_societe)."%'"; } $sql.=$db->order($sortfield,$sortorder); $sql.=$db->plimit($conf->liste_limit+1, $offset); @@ -104,7 +104,7 @@ if ($result) $urladd = "&statut=".$statut; $urladd .= "&search_bon=".$search_bon; - print_barre_liste($langs->trans("WithdrawalsLines"), $page, "liste.php", $urladd, $sortfield, $sortorder, '', $num); + print_barre_liste($langs->trans("WithdrawalsLines"), $page, $_SERVER["PHP_SELF"], $urladd, $sortfield, $sortorder, '', $num); print"\n\n"; print ''; diff --git a/htdocs/compta/prelevement/rejets.php b/htdocs/compta/prelevement/rejets.php index b307717e4b3..b511f79cdd7 100644 --- a/htdocs/compta/prelevement/rejets.php +++ b/htdocs/compta/prelevement/rejets.php @@ -76,7 +76,8 @@ $sql.= " AND pl.fk_prelevement_bons = p.rowid"; $sql.= " AND pl.fk_soc = s.rowid"; $sql.= " AND p.entity = ".$conf->entity; if ($socid) $sql.= " AND s.rowid = ".$socid; -$sql .= " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit+1, $offset); +$sql.= " ".$db->order($sortfield, $sortorder); +$sql.= " ".$db->plimit($conf->liste_limit+1, $offset); $result = $db->query($sql); if ($result) diff --git a/htdocs/compta/recap-compta.php b/htdocs/compta/recap-compta.php index 609a624adce..e0b9dd5cf45 100644 --- a/htdocs/compta/recap-compta.php +++ b/htdocs/compta/recap-compta.php @@ -30,7 +30,7 @@ $langs->load("companies"); if (! empty($conf->facture->enabled)) $langs->load("bills"); // Security check -$socid = $_GET["socid"]; +$socid = GETPOST("socid",'int'); if ($user->societe_id > 0) { $action = ''; diff --git a/htdocs/contact/info.php b/htdocs/contact/info.php index 939b0252623..3ac6747bb6b 100644 --- a/htdocs/contact/info.php +++ b/htdocs/contact/info.php @@ -31,22 +31,22 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/contact.lib.php'; $langs->load("companies"); // Security check -$contactid = isset($_GET["id"])?$_GET["id"]:''; +$contactid = GETPOST("id",'int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe'); /* -* View -*/ + * View + */ llxHeader('',$langs->trans("ContactsAddresses"),'EN:Module_Third_Parties|FR:Module_Tiers|ES:Módulo_Empresas'); $contact = new Contact($db); -$contact->fetch($_GET["id"], $user); -$contact->info($_GET["id"]); +$contact->fetch($contactid, $user); +$contact->info($contactid); $head = contact_prepare_head($contact); diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 7da3e5aaf7e..dbe3778629e 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -410,7 +410,7 @@ class Contrat extends CommonObject $sql.= " FROM ".MAIN_DB_PREFIX."contrat"; if ($ref) { - $sql.= " WHERE ref='".$ref."'"; + $sql.= " WHERE ref='".$this->db->escape($ref)."'"; $sql.= " AND entity IN (".getEntity('contract').")"; } else $sql.= " WHERE rowid=".$id; @@ -1942,7 +1942,7 @@ class ContratLigne $sql.= " t.commentaire"; $sql.= " FROM ".MAIN_DB_PREFIX."contratdet as t"; if ($id) $sql.= " WHERE t.rowid = ".$id; - if ($ref) $sql.= " WHERE t.rowid = '".$ref."'"; + if ($ref) $sql.= " WHERE t.rowid = '".$this->db->escape($ref)."'"; dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); $resql=$this->db->query($sql); diff --git a/htdocs/contrat/info.php b/htdocs/contrat/info.php index 8764c53eea5..aab25122885 100644 --- a/htdocs/contrat/info.php +++ b/htdocs/contrat/info.php @@ -29,7 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php'; $langs->load("contracts"); // Security check -$contratid = isset($_GET["id"])?$_GET["id"]:''; +$contratid = GETPOST("id",'int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contrat',$contratid,''); @@ -41,8 +41,8 @@ $result = restrictedArea($user, 'contrat',$contratid,''); llxHeader(); $contrat = new Contrat($db); -$contrat->fetch($_GET["id"]); -$contrat->info($_GET["id"]); +$contrat->fetch($contratid); +$contrat->info($contratid); $head = contract_prepare_head($contrat); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index bdffb1fc708..6439e3e003e 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1053,7 +1053,6 @@ abstract class CommonObject } } - /** * Save a new position (field rang) for details lines. * You can choose to set position for lines with already a position or lines without any position defined. @@ -2002,7 +2001,7 @@ abstract class CommonObject $sql.= " FROM ".MAIN_DB_PREFIX.$this->table_element; $sql.= " WHERE entity IN (".getEntity($this->element, 1).")"; if (! empty($id)) $sql.= " AND rowid = ".$id; - if (! empty($ref)) $sql.= " AND ref = '".$ref."'"; + if (! empty($ref)) $sql.= " AND ref = '".$this->db->escape($ref)."'"; $resql = $this->db->query($sql); if ($resql) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index b596ba911ae..f55eb81cdcc 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -2275,8 +2275,8 @@ class Form dol_syslog(get_class($this)."::select_type_paiements ".$selected.", ".$htmlname.", ".$filtertype.", ".$format,LOG_DEBUG); $filterarray=array(); - if ($filtertype == 'CRDT') $filterarray=array(0,2); - elseif ($filtertype == 'DBIT') $filterarray=array(1,2); + if ($filtertype == 'CRDT') $filterarray=array(0,2,3); + elseif ($filtertype == 'DBIT') $filterarray=array(1,2,3); elseif ($filtertype != '' && $filtertype != '-1') $filterarray=explode(',',$filtertype); $this->load_cache_types_paiements(); @@ -3000,12 +3000,13 @@ class Form /** * Affiche formulaire de selection des modes de reglement * - * @param string $page Page - * @param int $selected Id mode pre-selectionne - * @param string $htmlname Name of select html field + * @param string $page Page + * @param int $selected Id mode pre-selectionne + * @param string $htmlname Name of select html field + * @param string $filtertype To filter on field type in llx_c_paiement (array('code'=>xx,'label'=>zz)) * @return void */ - function form_modes_reglement($page, $selected='', $htmlname='mode_reglement_id') + function form_modes_reglement($page, $selected='', $htmlname='mode_reglement_id', $filtertype='') { global $langs; if ($htmlname != "none") @@ -3015,7 +3016,7 @@ class Form print ''; print '
'; print ''; print ''; print '
'; - $this->select_types_paiements($selected,$htmlname); + $this->select_types_paiements($selected,$htmlname,$filtertype); print '
'; diff --git a/htdocs/expedition/tpl/linkedobjectblock.tpl.php b/htdocs/expedition/tpl/linkedobjectblock.tpl.php index fd723650561..364afb92177 100644 --- a/htdocs/expedition/tpl/linkedobjectblock.tpl.php +++ b/htdocs/expedition/tpl/linkedobjectblock.tpl.php @@ -1,5 +1,6 @@ + * Copyright (C) 2014 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,6 +22,8 @@ id ?>">trans("ShowShipping"),"sending").' '.$object->ref; ?> date_creation,'day'); ?> date_delivery,'day'); ?> - total_ht); ?> + rights->expedition->lire) { + $total = $total + $object->total_ht; + echo price($object->total_ht); + } ?> getLibStatut(3); ?> total_ht; } ?> trans('TotalHT'); ?> - + rights->expedition->lire) { + echo price($total); + } ?>   diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 6d0edce5a65..abcf8755991 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -132,7 +132,7 @@ class CommandeFournisseur extends CommonOrder $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as p ON (c.fk_mode_reglement = p.id)"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_input_method as cm ON cm.rowid = c.fk_input_method"; $sql.= " WHERE c.entity = ".$conf->entity; - if ($ref) $sql.= " AND c.ref='".$ref."'"; + if ($ref) $sql.= " AND c.ref='".$this->db->escape($ref)."'"; else $sql.= " AND c.rowid=".$id; dol_syslog(get_class($this)."::fetch sql=".$sql,LOG_DEBUG); diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php index 380a16bd129..b8e9266cb37 100644 --- a/htdocs/fourn/class/paiementfourn.class.php +++ b/htdocs/fourn/class/paiementfourn.class.php @@ -4,6 +4,7 @@ * Copyright (C) 2005 Marc Barilley / Ocebo * Copyright (C) 2005-2009 Regis Houssin * Copyright (C) 2010-2011 Juanjo Menent + * Copyright (C) 2014 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -55,6 +56,18 @@ class PaiementFourn extends Paiement // fk_paiement dans llx_paiement est l'id du type de paiement (7 pour CHQ, ...) // fk_paiement dans llx_paiement_facture est le rowid du paiement + /** + * Label of payment type + * @var string + */ + public $type_libelle; + + /** + * Code of Payment type + * @var string + */ + public $type_code; + /** * Constructor * @@ -74,7 +87,7 @@ class PaiementFourn extends Paiement function fetch($id) { $sql = 'SELECT p.rowid, p.datep as dp, p.amount, p.statut, p.fk_bank,'; - $sql.= ' c.libelle as paiement_type,'; + $sql.= ' c.code as paiement_code, c.libelle as paiement_type,'; $sql.= ' p.num_paiement, p.note, b.fk_account'; $sql.= ' FROM '.MAIN_DB_PREFIX.'c_paiement as c, '.MAIN_DB_PREFIX.'paiementfourn as p'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid '; @@ -95,6 +108,7 @@ class PaiementFourn extends Paiement $this->bank_line = $obj->fk_bank; $this->montant = $obj->amount; $this->note = $obj->note; + $this->type_code = $obj->paiement_code; $this->type_libelle = $obj->paiement_type; $this->statut = $obj->statut; $error = 1; diff --git a/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php b/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php index d1e209eb54b..fc1942e0f61 100644 --- a/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php +++ b/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php @@ -1,5 +1,6 @@ + * Copyright (C) 2014 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,6 +22,8 @@ > trans("ShowOrder"),"order").' '.$object->ref; ?> date,'day'); ?> - total_ht); ?> + rights->fournisseur->commande->lire) { + $total = $total + $object->total_ht; + echo price($object->total_ht); + } ?> getLibStatut(3); ?> total_ht; } ?> trans('TotalHT'); ?> - + rights->fournisseur->commande->lire) { + echo price($total); + } ?>   diff --git a/htdocs/fourn/facture/fiche.php b/htdocs/fourn/facture/fiche.php index 086d44254c8..1c86cfa6d7f 100644 --- a/htdocs/fourn/facture/fiche.php +++ b/htdocs/fourn/facture/fiche.php @@ -1279,12 +1279,12 @@ if ($action == 'create') // Payment term print ''.$langs->trans('PaymentConditionsShort').''; - $form->select_conditions_paiements(isset($_POST['cond_reglement_id'])?$_POST['cond_reglement_id']:$cond_reglement_id,'cond_reglement_id'); + $form->select_conditions_paiements(isset($_POST['cond_reglement_id'])?$_POST['cond_reglement_id']:$cond_reglement_id, 'cond_reglement_id'); print ''; // Payment mode print ''.$langs->trans('PaymentMode').''; - $form->select_types_paiements(isset($_POST['mode_reglement_id'])?$_POST['mode_reglement_id']:$mode_reglement_id,'mode_reglement_id'); + $form->select_types_paiements(isset($_POST['mode_reglement_id'])?$_POST['mode_reglement_id']:$mode_reglement_id, 'mode_reglement_id', 'DBIT'); print ''; // Public note @@ -1732,11 +1732,11 @@ else print ''; if ($action == 'editmode') { - $form->form_modes_reglement($_SERVER['PHP_SELF'].'?id='.$object->id,$object->mode_reglement_id,'mode_reglement_id'); + $form->form_modes_reglement($_SERVER['PHP_SELF'].'?id='.$object->id, $object->mode_reglement_id, 'mode_reglement_id', 'DBIT'); } else { - $form->form_modes_reglement($_SERVER['PHP_SELF'].'?id='.$object->id,$object->mode_reglement_id,'none'); + $form->form_modes_reglement($_SERVER['PHP_SELF'].'?id='.$object->id, $object->mode_reglement_id, 'none', 'DBIT'); } print ''; diff --git a/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php b/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php index ab585cc4b1f..c10fea8bb8a 100644 --- a/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php +++ b/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php @@ -1,5 +1,6 @@ + * Copyright (C) 2014 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,6 +22,8 @@ > trans("ShowBill"),"bill").' '.$object->ref; ?> date,'day'); ?> - total_ht); ?> + rights->fournisseur->facture->lire) { + $total = $total + $object->total_ht; + echo price($object->total_ht); + } ?> getLibStatut(3); ?> total_ht; } ?> trans("TotalHT"); ?> - + rights->fournisseur->facture->lire) { + echo price($total); + } ?>   diff --git a/htdocs/fourn/paiement/fiche.php b/htdocs/fourn/paiement/fiche.php index 0cbceb917a0..97f8b331e65 100644 --- a/htdocs/fourn/paiement/fiche.php +++ b/htdocs/fourn/paiement/fiche.php @@ -2,6 +2,7 @@ /* Copyright (C) 2005 Rodolphe Quiedeville * Copyright (C) 2005 Marc Barilley / Ocebo * Copyright (C) 2006-2010 Laurent Destailleur + * Copyright (C) 2014 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -187,7 +188,8 @@ if ($result > 0) print ''; // Payment mode - print ''.$langs->trans('PaymentMode').''.$object->type_libelle.''; + $labeltype=$langs->trans("PaymentType".$object->type_code)!=("PaymentType".$object->type_code)?$langs->trans("PaymentType".$object->type_code):$object->type_libelle; + print ''.$langs->trans('PaymentMode').''.$labeltype.''; // Payment numero print ''.$form->editfieldkey("Numero",'num_paiement',$object->numero,$object,$object->statut == 0 && $user->rights->fournisseur->facture->creer).''; diff --git a/htdocs/holiday/index.php b/htdocs/holiday/index.php index e7c4b0a3d50..5f6c509902f 100644 --- a/htdocs/holiday/index.php +++ b/htdocs/holiday/index.php @@ -51,7 +51,7 @@ $offset = $conf->liste_limit * $page ; $pageprev = $page - 1; $pagenext = $page + 1; -$id = GETPOST('id'); +$id = GETPOST('id','int'); $search_ref = GETPOST('search_ref'); $month_create = GETPOST('month_create'); @@ -249,7 +249,7 @@ if ($id > 0) } else { print '
'; -} +} print '
'."\n"; print ''; @@ -299,7 +299,7 @@ if($user->rights->holiday->lire_tous) $form->select_users($search_valideur,"search_valideur",1,"",0,$valideurarray,''); print ''; } -else +else { print ''; } diff --git a/htdocs/includes/jquery/plugins/tablednd/jquery.tablednd.0.6.js b/htdocs/includes/jquery/plugins/tablednd/jquery.tablednd.0.6.js new file mode 100644 index 00000000000..34f3c88232b --- /dev/null +++ b/htdocs/includes/jquery/plugins/tablednd/jquery.tablednd.0.6.js @@ -0,0 +1,400 @@ +/** + * TableDnD plug-in for JQuery, allows you to drag and drop table rows + * You can set up various options to control how the system will work + * Copyright (c) Denis Howlett + * Licensed like jQuery, see http://docs.jquery.com/License. + * + * Configuration options: + * + * onDragStyle + * This is the style that is assigned to the row during drag. There are limitations to the styles that can be + * associated with a row (such as you can't assign a border--well you can, but it won't be + * displayed). (So instead consider using onDragClass.) The CSS style to apply is specified as + * a map (as used in the jQuery css(...) function). + * onDropStyle + * This is the style that is assigned to the row when it is dropped. As for onDragStyle, there are limitations + * to what you can do. Also this replaces the original style, so again consider using onDragClass which + * is simply added and then removed on drop. + * onDragClass + * This class is added for the duration of the drag and then removed when the row is dropped. It is more + * flexible than using onDragStyle since it can be inherited by the row cells and other content. The default + * is class is tDnD_whileDrag. So to use the default, simply customise this CSS class in your + * stylesheet. + * onDrop + * Pass a function that will be called when the row is dropped. The function takes 2 parameters: the table + * and the row that was dropped. You can work out the new order of the rows by using + * table.rows. + * onDragStart + * Pass a function that will be called when the user starts dragging. The function takes 2 parameters: the + * table and the row which the user has started to drag. + * onAllowDrop + * Pass a function that will be called as a row is over another row. If the function returns true, allow + * dropping on that row, otherwise not. The function takes 2 parameters: the dragged row and the row under + * the cursor. It returns a boolean: true allows the drop, false doesn't allow it. + * scrollAmount + * This is the number of pixels to scroll if the user moves the mouse cursor to the top or bottom of the + * window. The page should automatically scroll up or down as appropriate (tested in IE6, IE7, Safari, FF2, + * FF3 beta + * dragHandle + * This is the name of a class that you assign to one or more cells in each row that is draggable. If you + * specify this class, then you are responsible for setting cursor: move in the CSS and only these cells + * will have the drag behaviour. If you do not specify a dragHandle, then you get the old behaviour where + * the whole row is draggable. + * + * Other ways to control behaviour: + * + * Add class="nodrop" to any rows for which you don't want to allow dropping, and class="nodrag" to any rows + * that you don't want to be draggable. + * + * Inside the onDrop method you can also call $.tableDnD.serialize() this returns a string of the form + * []=&[]= so that you can send this back to the server. The table must have + * an ID as must all the rows. + * + * Other methods: + * + * $("...").tableDnDUpdate() + * Will update all the matching tables, that is it will reapply the mousedown method to the rows (or handle cells). + * This is useful if you have updated the table rows using Ajax and you want to make the table draggable again. + * The table maintains the original configuration (so you don't have to specify it again). + * + * $("...").tableDnDSerialize() + * Will serialize and return the serialized string as above, but for each of the matching tables--so it can be + * called from anywhere and isn't dependent on the currentTable being set up correctly before calling + * + * Known problems: + * - Auto-scoll has some problems with IE7 (it scrolls even when it shouldn't), work-around: set scrollAmount to 0 + * + * Version 0.2: 2008-02-20 First public version + * Version 0.3: 2008-02-07 Added onDragStart option + * Made the scroll amount configurable (default is 5 as before) + * Version 0.4: 2008-03-15 Changed the noDrag/noDrop attributes to nodrag/nodrop classes + * Added onAllowDrop to control dropping + * Fixed a bug which meant that you couldn't set the scroll amount in both directions + * Added serialize method + * Version 0.5: 2008-05-16 Changed so that if you specify a dragHandle class it doesn't make the whole row + * draggable + * Improved the serialize method to use a default (and settable) regular expression. + * Added tableDnDupate() and tableDnDSerialize() to be called when you are outside the table + * Version 0.6: 2011-12-02 Added support for touch devices + */ +// Determine if this is a touch device +var hasTouch = 'ontouchstart' in document.documentElement, + startEvent = hasTouch ? 'touchstart' : 'mousedown', + moveEvent = hasTouch ? 'touchmove' : 'mousemove', + endEvent = hasTouch ? 'touchend' : 'mouseup'; + +jQuery.tableDnD = { + /** Keep hold of the current table being dragged */ + currentTable : null, + /** Keep hold of the current drag object if any */ + dragObject: null, + /** The current mouse offset */ + mouseOffset: null, + /** Remember the old value of Y so that we don't do too much processing */ + oldY: 0, + + + /** Actually build the structure */ + build: function(options) { + // Set up the defaults if any + + this.each(function() { + // This is bound to each matching table, set up the defaults and override with user options + this.tableDnDConfig = jQuery.extend({ + onDragStyle: null, + onDropStyle: null, + // Add in the default class for whileDragging + onDragClass: "tDnD_whileDrag", + onDrop: null, + onDragStart: null, + scrollAmount: 5, + + serializeRegexp: /[^\-]*$/, // The regular expression to use to trim row IDs + serializeParamName: null, // If you want to specify another parameter name instead of the table ID + dragHandle: null // If you give the name of a class here, then only Cells with this class will be draggable + }, options || {}); + // Now make the rows draggable + jQuery.tableDnD.makeDraggable(this); + }); + + // Don't break the chain + return this; + }, + + /** This function makes all the rows on the table draggable apart from those marked as "NoDrag" */ + makeDraggable: function(table) { + + var config = table.tableDnDConfig; + if (config.dragHandle) { + // We only need to add the event to the specified cells + var cells = jQuery("td."+table.tableDnDConfig.dragHandle, table); + cells.each(function() { + // The cell is bound to "this" + jQuery(this).bind(startEvent, function(ev) { + jQuery.tableDnD.initialiseDrag(this.parentNode, table, this, ev, config); + return false; + }); + }) + } else { + // For backwards compatibility, we add the event to the whole row + var rows = jQuery("tr", table); // get all the rows as a wrapped set + rows.each(function() { + // Iterate through each row, the row is bound to "this" + var row = jQuery(this); + if (! row.hasClass("nodrag")) { + row.bind(startEvent, function(ev) { + if (ev.target.tagName == "TD") { + jQuery.tableDnD.initialiseDrag(this, table, this, ev, config); + return false; + } + }).css("cursor", "move"); // Store the tableDnD object + } + }); + } + }, + + initialiseDrag: function(dragObject, table, target, evnt, config) { + jQuery.tableDnD.dragObject = dragObject; + jQuery.tableDnD.currentTable = table; + jQuery.tableDnD.mouseOffset = jQuery.tableDnD.getMouseOffset(target, evnt); + jQuery.tableDnD.originalOrder = jQuery.tableDnD.serialize(); + // Now we need to capture the mouse up and mouse move event + // We can use bind so that we don't interfere with other event handlers + jQuery(document) + .bind(moveEvent, jQuery.tableDnD.mousemove) + .bind(endEvent, jQuery.tableDnD.mouseup); + if (config.onDragStart) { + // Call the onDragStart method if there is one + config.onDragStart(table, target); + } + }, + + updateTables: function() { + this.each(function() { + // this is now bound to each matching table + if (this.tableDnDConfig) { + jQuery.tableDnD.makeDraggable(this); + } + }) + }, + + /** Get the mouse coordinates from the event (allowing for browser differences) */ + mouseCoords: function(ev){ + if(ev.pageX || ev.pageY){ + return {x:ev.pageX, y:ev.pageY}; + } + return { + x:ev.clientX + document.body.scrollLeft - document.body.clientLeft, + y:ev.clientY + document.body.scrollTop - document.body.clientTop + }; + }, + + /** Given a target element and a mouse event, get the mouse offset from that element. + To do this we need the element's position and the mouse position */ + getMouseOffset: function(target, ev) { + ev = ev || window.event; + + var docPos = this.getPosition(target); + var mousePos = this.mouseCoords(ev); + return {x:mousePos.x - docPos.x, y:mousePos.y - docPos.y}; + }, + + /** Get the position of an element by going up the DOM tree and adding up all the offsets */ + getPosition: function(e){ + var left = 0; + var top = 0; + /** Safari fix -- thanks to Luis Chato for this! */ + if (e.offsetHeight == 0) { + /** Safari 2 doesn't correctly grab the offsetTop of a table row + this is detailed here: + http://jacob.peargrove.com/blog/2006/technical/table-row-offsettop-bug-in-safari/ + the solution is likewise noted there, grab the offset of a table cell in the row - the firstChild. + note that firefox will return a text node as a first child, so designing a more thorough + solution may need to take that into account, for now this seems to work in firefox, safari, ie */ + e = e.firstChild; // a table cell + } + + while (e.offsetParent){ + left += e.offsetLeft; + top += e.offsetTop; + e = e.offsetParent; + } + + left += e.offsetLeft; + top += e.offsetTop; + + return {x:left, y:top}; + }, + + mousemove: function(ev) { + if (jQuery.tableDnD.dragObject == null) { + return; + } + if (ev.type == 'touchmove') { + // prevent touch device screen scrolling + event.preventDefault(); + } + + var dragObj = jQuery(jQuery.tableDnD.dragObject); + var config = jQuery.tableDnD.currentTable.tableDnDConfig; + var mousePos = jQuery.tableDnD.mouseCoords(ev); + var y = mousePos.y - jQuery.tableDnD.mouseOffset.y; + //auto scroll the window + var yOffset = window.pageYOffset; + if (document.all) { + // Windows version + //yOffset=document.body.scrollTop; + if (typeof document.compatMode != 'undefined' && + document.compatMode != 'BackCompat') { + yOffset = document.documentElement.scrollTop; + } + else if (typeof document.body != 'undefined') { + yOffset=document.body.scrollTop; + } + + } + + if (mousePos.y-yOffset < config.scrollAmount) { + window.scrollBy(0, -config.scrollAmount); + } else { + var windowHeight = window.innerHeight ? window.innerHeight + : document.documentElement.clientHeight ? document.documentElement.clientHeight : document.body.clientHeight; + if (windowHeight-(mousePos.y-yOffset) < config.scrollAmount) { + window.scrollBy(0, config.scrollAmount); + } + } + + + if (y != jQuery.tableDnD.oldY) { + // work out if we're going up or down... + var movingDown = y > jQuery.tableDnD.oldY; + // update the old value + jQuery.tableDnD.oldY = y; + // update the style to show we're dragging + if (config.onDragClass) { + dragObj.addClass(config.onDragClass); + } else { + dragObj.css(config.onDragStyle); + } + // If we're over a row then move the dragged row to there so that the user sees the + // effect dynamically + var currentRow = jQuery.tableDnD.findDropTargetRow(dragObj, y); + if (currentRow) { + // TODO worry about what happens when there are multiple TBODIES + if (movingDown && jQuery.tableDnD.dragObject != currentRow) { + jQuery.tableDnD.dragObject.parentNode.insertBefore(jQuery.tableDnD.dragObject, currentRow.nextSibling); + } else if (! movingDown && jQuery.tableDnD.dragObject != currentRow) { + jQuery.tableDnD.dragObject.parentNode.insertBefore(jQuery.tableDnD.dragObject, currentRow); + } + } + } + + return false; + }, + + /** We're only worried about the y position really, because we can only move rows up and down */ + findDropTargetRow: function(draggedRow, y) { + var rows = jQuery.tableDnD.currentTable.rows; + for (var i=0; i rowY - rowHeight) && (y < (rowY + rowHeight))) { + // that's the row we're over + // If it's the same as the current row, ignore it + if (row == draggedRow) {return null;} + var config = jQuery.tableDnD.currentTable.tableDnDConfig; + if (config.onAllowDrop) { + if (config.onAllowDrop(draggedRow, row)) { + return row; + } else { + return null; + } + } else { + // If a row has nodrop class, then don't allow dropping (inspired by John Tarr and Famic) + var nodrop = jQuery(row).hasClass("nodrop"); + if (! nodrop) { + return row; + } else { + return null; + } + } + return row; + } + } + return null; + }, + + mouseup: function(e) { + if (jQuery.tableDnD.currentTable && jQuery.tableDnD.dragObject) { + // Unbind the event handlers + jQuery(document) + .unbind(moveEvent, jQuery.tableDnD.mousemove) + .unbind(endEvent, jQuery.tableDnD.mouseup); + var droppedRow = jQuery.tableDnD.dragObject; + var config = jQuery.tableDnD.currentTable.tableDnDConfig; + // If we have a dragObject, then we need to release it, + // The row will already have been moved to the right place so we just reset stuff + if (config.onDragClass) { + jQuery(droppedRow).removeClass(config.onDragClass); + } else { + jQuery(droppedRow).css(config.onDropStyle); + } + jQuery.tableDnD.dragObject = null; + var newOrder = jQuery.tableDnD.serialize(); + if (config.onDrop && (jQuery.tableDnD.originalOrder != newOrder)) { + // Call the onDrop method if there is one + config.onDrop(jQuery.tableDnD.currentTable, droppedRow); + } + jQuery.tableDnD.currentTable = null; // let go of the table too + } + }, + + serialize: function() { + if (jQuery.tableDnD.currentTable) { + return jQuery.tableDnD.serializeTable(jQuery.tableDnD.currentTable); + } else { + return "Error: No Table id set, you need to set an id on your table and every row"; + } + }, + + serializeTable: function(table) { + var result = ""; + var tableId = table.id; + var rows = table.rows; + for (var i=0; i 0) result += "&"; + var rowId = rows[i].id; + if (rowId && rowId && table.tableDnDConfig && table.tableDnDConfig.serializeRegexp) { + rowId = rowId.match(table.tableDnDConfig.serializeRegexp)[0]; + } + + result += tableId + '[]=' + rowId; + } + return result; + }, + + serializeTables: function() { + var result = ""; + this.each(function() { + // this is now bound to each matching table + result += jQuery.tableDnD.serializeTable(this); + }); + return result; + } + +}; + + +jQuery.fn.extend( + { + tableDnD : jQuery.tableDnD.build, + tableDnDUpdate : jQuery.tableDnD.updateTables, + tableDnDSerialize: jQuery.tableDnD.serializeTables + } +); \ No newline at end of file diff --git a/htdocs/opensurvey/list.php b/htdocs/opensurvey/list.php index 908a01db8fd..cad3ffdf568 100644 --- a/htdocs/opensurvey/list.php +++ b/htdocs/opensurvey/list.php @@ -26,7 +26,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php"); require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"); $action=GETPOST('action'); -$id=GETPOST('id'); +$id=GETPOST('id','alpha'); $numsondage=substr($id, 0, 16); if (! $sortorder) $sortorder="ASC"; @@ -47,9 +47,9 @@ if ($action == 'delete_confirm') $db->begin(); $object=new Opensurveysondage($db); - + $result=$object->delete($user,'',$numsondageadmin); - + $db->commit(); } diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 52ad1a7f323..e6695b75bc6 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -6,7 +6,7 @@ * Copyright (C) 2007-2011 Jean Heimburger * Copyright (C) 2010-2011 Juanjo Menent * Copyright (C) 2013 Cedric GROSS - * Copyright (C) 2013 Marcos García + * Copyright (C) 2013-2014 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -796,6 +796,59 @@ class Product extends CommonObject return 1; } + /** + * Sets an accountancy code for a product. + * Also calls PRODUCT_MODIFY trigger when modified + * + * @param string $type It can be 'buy' or 'sell' + * @param string $value Accountancy code + * @return int <0 KO >0 OK + */ + public function setAccountancyCode($type, $value) + { + $this->db->begin(); + + if ($type == 'buy') { + $field = 'accountancy_code_buy'; + } elseif ($type == 'sell') { + $field = 'accountancy_code_sell'; + } else { + return -1; + } + + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET "; + $sql.= "$field = '".$this->db->escape($value)."'"; + $sql.= " WHERE rowid = ".$this->id; + + dol_syslog(get_class($this)."::".__FUNCTION__." sql=".$sql, LOG_DEBUG); + $resql = $this->db->query($sql); + + if ($resql) { + global $user, $langs, $conf; + + // Call triggers + include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php'; + $interface=new Interfaces($this->db); + $result=$interface->run_triggers('PRODUCT_MODIFY',$this,$user,$langs,$conf); + if ($result < 0) { + $this->errors=$interface->errors; + $this->db->rollback(); + return -1; + } + // End call triggers + + $this->$field = $value; + + $this->db->commit(); + return 1; + } + else + { + $this->error=$this->db->lasterror(); + $this->db->rollback(); + return -1; + } + } /** * Load array this->multilangs @@ -1153,6 +1206,7 @@ class Product extends CommonObject $sql.= " weight, weight_units, length, length_units, surface, surface_units, volume, volume_units, barcode, fk_barcode_type, finished,"; $sql.= " accountancy_code_buy, accountancy_code_sell, stock, pmp,"; $sql.= " datec, tms, import_key, entity, desiredstock"; + $sql.= " ,ref_ext"; $sql.= " FROM ".MAIN_DB_PREFIX."product"; if ($id) $sql.= " WHERE rowid = ".$this->db->escape($id); else @@ -1224,6 +1278,7 @@ class Product extends CommonObject $this->date_modification = $obj->tms; $this->import_key = $obj->import_key; $this->entity = $obj->entity; + $this->ref_ext = $obj->ref_ext; $this->db->free($resql); diff --git a/htdocs/product/fiche.php b/htdocs/product/fiche.php index d96aac8fc33..3c3d7ad8206 100644 --- a/htdocs/product/fiche.php +++ b/htdocs/product/fiche.php @@ -6,7 +6,7 @@ * Copyright (C) 2006 Andre Cianfarani * Copyright (C) 2006 Auguria SARL * Copyright (C) 2010-2011 Juanjo Menent - * Copyright (C) 2013 Marcos García + * Copyright (C) 2013-2014 Marcos García * Copyright (C) 2013 Cédric Salvador * * This program is free software; you can redistribute it and/or modify @@ -122,20 +122,18 @@ if (empty($reshook)) exit; } - if ($action == 'setaccountancy_code_buy') - { - $result = $object->setValueFrom('accountancy_code_buy', GETPOST('accountancy_code_buy')); + if ($action == 'setaccountancy_code_buy') { + + $result = $object->setAccountancyCode('buy', GETPOST('accountancy_code_buy')); if ($result < 0) setEventMessage(join(',',$object->errors), 'errors'); - else $object->accountancy_code_buy=GETPOST('accountancy_code_buy'); $action=""; } if ($action == 'setaccountancy_code_sell') { - $result = $object->setValueFrom('accountancy_code_sell', GETPOST('accountancy_code_sell')); - if ($result < 0) setEventMessage(join(',',$object->errors), 'errors'); - else $object->accountancy_code_sell=GETPOST('accountancy_code_sell'); - $action=""; + $result = $object->setAccountancyCode('sell', GETPOST('accountancy_code_sell')); + if ($result < 0) setEventMessage(join(',',$object->errors), 'errors'); + $action=""; } // Add a product or service diff --git a/htdocs/product/index.php b/htdocs/product/index.php index 906bba70e5b..6c93c85da9f 100644 --- a/htdocs/product/index.php +++ b/htdocs/product/index.php @@ -27,7 +27,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; -$type=isset($_GET["type"])?$_GET["type"]:(isset($_POST["type"])?$_POST["type"]:''); +$type=GETPOST("type",'int'); if ($type =='' && !$user->rights->produit->lire) $type='1'; // Force global page on service page only if ($type =='' && !$user->rights->service->lire) $type='0'; // Force global page on product page only @@ -261,7 +261,7 @@ else // TODO Move this into a page that should be available into menu "accountancy - report - turnover - per quarter" -// Also method used for counting must provide the 2 possible methods like done by all other reports into menu "accountancy - report - turnover": +// Also method used for counting must provide the 2 possible methods like done by all other reports into menu "accountancy - report - turnover": // "commitment engagment" method and "cash accounting" method if ($conf->global->MAIN_FEATURES_LEVEL) { @@ -283,8 +283,8 @@ $db->close(); function activitytrim($product_type) { global $conf,$langs,$db; - - // We display the last 3 years + + // We display the last 3 years $yearofbegindate=date('Y',dol_time_plus_duree(time(), -3, "y")); // breakdown by quarter @@ -311,7 +311,7 @@ function activitytrim($product_type) $trim4=0; $lgn = 0; $num = $db->num_rows($result); - + if ($num > 0 ) { print '
'; @@ -353,7 +353,7 @@ function activitytrim($product_type) $trim3=0; $trim4=0; } - + if ($objp->mois == "01" || $objp->mois == "02" || $objp->mois == "03") $trim1 += $objp->Mnttot; diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php index 8c5a76e1ac9..982d8d4287e 100644 --- a/htdocs/product/stats/contrat.php +++ b/htdocs/product/stats/contrat.php @@ -70,7 +70,7 @@ if ($id > 0 || ! empty($ref)) { $product = new Product($db); $result = $product->fetch($id, $ref); - + $parameters=array('id'=>$id); $reshook=$hookmanager->executeHooks('doActions',$parameters,$product,$action); // Note that $action and $object may have been modified by some hooks $error=$hookmanager->error; $errors=$hookmanager->errors; @@ -83,7 +83,7 @@ if ($id > 0 || ! empty($ref)) $titre=$langs->trans("CardProduct".$product->type); $picto=($product->type==1?'service':'product'); dol_fiche_head($head, 'referers', $titre, 0, $picto); - + $reshook=$hookmanager->executeHooks('formObjectOptions',$parameters,$product,$action); // Note that $action and $object may have been modified by hook print '
 
'; @@ -135,7 +135,7 @@ if ($id > 0 || ! empty($ref)) if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = ".$socid; $sql.= " GROUP BY c.rowid, c.date_contrat, c.statut, s.nom, s.rowid, s.code_client"; - $sql.= " ORDER BY $sortfield $sortorder"; + $sql.= $db->order($sortfield, $sortorder); $sql.= $db->plimit($conf->liste_limit +1, $offset); $result = $db->query($sql); diff --git a/htdocs/product/stock/liste.php b/htdocs/product/stock/liste.php index 55e6f858124..04b866b0544 100644 --- a/htdocs/product/stock/liste.php +++ b/htdocs/product/stock/liste.php @@ -31,12 +31,12 @@ $langs->load("stocks"); // Security check $result=restrictedArea($user,'stock'); -$sref=isset($_GET["sref"])?$_GET["sref"]:$_POST["sref"]; -$snom=isset($_GET["snom"])?$_GET["snom"]:$_POST["snom"]; -$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"]; +$sref=GETPOST("sref");; +$snom=GETPOST("snom"); +$sall=GETPOST("sall"); -$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"]; -$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"]; +$sortfield = GETPOST("sortfield"); +$sortorder = GETPOST("sortorder"); if (! $sortfield) $sortfield="e.label"; if (! $sortorder) $sortorder="ASC"; $page = $_GET["page"]; @@ -50,13 +50,13 @@ $sql.= " FROM ".MAIN_DB_PREFIX."entrepot as e"; $sql.= " WHERE e.entity = ".$conf->entity; if ($sref) { - $sql.= " AND e.label like '%".$sref."%'"; + $sql.= " AND e.label like '%".$db->escape($sref)."%'"; } if ($sall) { - $sql.= " AND (e.description like '%".$sall."%' OR e.lieu like '%".$sall."%' OR e.address like '%".$sall."%' OR e.town like '%".$sall."%')"; + $sql.= " AND (e.description like '%".$db->escape($sall)."%' OR e.lieu like '%".$db->escape($sall)."%' OR e.address like '%".$db->escape($sall)."%' OR e.town like '%".$db->escape($sall)."%')"; } -$sql.= " ORDER BY $sortfield $sortorder"; +$sql.= $db->order($sortfield,$sortorder); $sql.= $db->plimit($limit+1, $offset); $result = $db->query($sql); diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index 6159a4362e9..481adbd848b 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -44,9 +44,9 @@ $result=restrictedArea($user,'produit|service'); //checks if a product has been ordered $action = GETPOST('action','alpha'); -$id_product = GETPOST('productid', 'productid'); -$id_sw = GETPOST('id_sw', 'id_sw'); -$id_tw = GETPOST('id_tw', 'id_tw'); +$id_product = GETPOST('productid', 'int'); +$id_sw = GETPOST('id_sw', 'int'); +$id_tw = GETPOST('id_tw', 'int'); $qty = GETPOST('qty'); $idline = GETPOST('idline'); diff --git a/htdocs/product/stock/replenishorders.php b/htdocs/product/stock/replenishorders.php index b1d2ec5c69d..7b64151c3dd 100644 --- a/htdocs/product/stock/replenishorders.php +++ b/htdocs/product/stock/replenishorders.php @@ -72,13 +72,8 @@ $sproduct = GETPOST('sproduct', 'int'); $sortorder = GETPOST('sortorder', 'alpha'); $sortfield = GETPOST('sortfield', 'alpha'); -if (!$sortorder) { - $sortorder = 'DESC'; -} - -if (!$sortfield) { - $sortfield = 'cf.date_creation'; -} +if (!$sortorder) $sortorder = 'DESC'; +if (!$sortfield) $sortfield = 'cf.date_creation'; $offset = $conf->liste_limit * $page ; @@ -146,7 +141,7 @@ if (GETPOST('statut', 'int')) { } $sql .= ' GROUP BY cf.rowid, cf.ref, cf.date_creation, cf.fk_statut'; $sql .= ', cf.total_ttc, cf.fk_user_author, u.login, s.rowid, s.nom'; -$sql .= ' ORDER BY ' . $sortfield . ' ' . $sortorder . ' '; +$sql .= $db->order($sortfield, $sortorder); $sql .= $db->plimit($conf->liste_limit+1, $offset); $resql = $db->query($sql); if ($resql) @@ -317,7 +312,7 @@ if ($resql) ''; $db->free($resql); - + dol_fiche_end(); } else diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index d42262ffe4f..edfbdb38b2a 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -297,7 +297,7 @@ class Project extends CommonObject } else if (! empty($ref)) { - $sql.= " WHERE ref='".$ref."'"; + $sql.= " WHERE ref='".$this->db->escape($ref)."'"; $sql.= " AND entity IN (".getEntity('project').")"; } diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 57b1ecc695e..4f883e1b743 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -207,7 +207,7 @@ class Task extends CommonObject $sql.= " FROM ".MAIN_DB_PREFIX."projet_task as t"; $sql.= " WHERE "; if (!empty($ref)) { - $sql.="t.ref = '".$ref."'"; + $sql.="t.ref = '".$this->db->escape($ref)."'"; }else { $sql.="t.rowid = ".$id; } diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php index 3e44f9a0ed9..3da43cd5b81 100644 --- a/htdocs/projet/contact.php +++ b/htdocs/projet/contact.php @@ -93,7 +93,7 @@ if ($action == 'swapstatut' && $user->rights->projet->creer) { if ($object->fetch($id)) { - $result=$object->swapContactStatus(GETPOST('ligne')); + $result=$object->swapContactStatus(GETPOST('ligne','int')); } else { @@ -105,7 +105,7 @@ if ($action == 'swapstatut' && $user->rights->projet->creer) if (($action == 'deleteline' || $action == 'deletecontact') && $user->rights->projet->creer) { $object->fetch($id); - $result = $object->delete_contact($_GET["lineid"]); + $result = $object->delete_contact(GETPOST("lineid")); if ($result >= 0) { diff --git a/htdocs/projet/tasks/index.php b/htdocs/projet/tasks/index.php index 5483c41e411..a798157dd11 100644 --- a/htdocs/projet/tasks/index.php +++ b/htdocs/projet/tasks/index.php @@ -41,9 +41,9 @@ $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; if (!$user->rights->projet->lire) accessforbidden(); -$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"]; -$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"]; -$page = isset($_GET["page"])? $_GET["page"]:$_POST["page"]; +$sortfield = GETPOST("sortfield"); +$sortorder = GETPOST("sortorder"); +$page = GETPOST("page"); $page = is_numeric($page) ? $page : 0; $page = $page == -1 ? 0 : $page; diff --git a/htdocs/societe/soc.php b/htdocs/societe/soc.php index 0e2e58f73e8..b24179328fc 100644 --- a/htdocs/societe/soc.php +++ b/htdocs/societe/soc.php @@ -159,14 +159,7 @@ if (empty($reshook)) $object->forme_juridique_code = GETPOST('forme_juridique_code'); $object->effectif_id = GETPOST('effectif_id'); - if (GETPOST("private") == 1) - { - $object->typent_id = dol_getIdFromCode($db,'TE_PRIVATE','c_typent'); - } - else - { - $object->typent_id = GETPOST('typent_id'); - } + $object->typent_id = GETPOST('typent_id'); $object->client = GETPOST('client'); $object->fournisseur = GETPOST('fournisseur'); diff --git a/htdocs/theme/amarok/img/object_address.png b/htdocs/theme/amarok/img/object_address.png new file mode 100644 index 00000000000..b20734da69a Binary files /dev/null and b/htdocs/theme/amarok/img/object_address.png differ