diff --git a/htdocs/api/class/api_access.class.php b/htdocs/api/class/api_access.class.php index f885677225e..7839cf14efc 100644 --- a/htdocs/api/class/api_access.class.php +++ b/htdocs/api/class/api_access.class.php @@ -1,6 +1,7 @@ * Copyright (C) 2016 Laurent Destailleur + * Copyright (C) 2023 Ferran Marcet * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -147,6 +148,9 @@ class DolibarrApiAccess implements iAuthenticate if ($result <= 0) { throw new RestException(503, 'Error when fetching user :'.$fuser->error.' (conf->entity='.$conf->entity.')'); } + if ($fuser->statut == 0) { + throw new RestException(503, 'Error when fetching user. This user has been locked or disabled'); + } $fuser->getrights(); diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index cc43d0fb818..eae7136ac88 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -742,6 +742,8 @@ class ActionComm extends CommonObject $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 7f1585f72a0..d70f11106c6 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -606,6 +606,7 @@ if (empty($reshook)) { $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); // Note that $action and $object may have been // modified by hook if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); $error++; } } else { diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 1b3df25c7d2..c9dff023034 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1491,6 +1491,8 @@ class Propal extends CommonObject $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index bd70e57e319..0a69e485adf 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -475,6 +475,7 @@ if (empty($reshook)) { // Note that $action and $object may be modified by hook $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); $error++; } } else { diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index d6fcb3b548f..a09fa8bdf5e 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -1272,6 +1272,8 @@ class Commande extends CommonOrder $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } @@ -1427,6 +1429,8 @@ class Commande extends CommonOrder $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index e177ff9aae8..0d9ed8423cb 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -9,7 +9,7 @@ * Copyright (C) 2015-2018 Frédéric France * Copyright (C) 2015 Marcos García * Copyright (C) 2015 Jean-François Ferry - * Copyright (C) 2016-2021 Ferran Marcet + * Copyright (C) 2016-2023 Ferran Marcet * Copyright (C) 2018 Charlene Benke * Copyright (C) 2021 Anthony Berton * @@ -413,7 +413,7 @@ if (empty($reshook)) { $desc = dol_concatdesc($desc, $langs->trans("Order").' '.$cmd->ref.' - '.dol_print_date($cmd->date, 'day')); } - if ($lines[$i]->subprice < 0) { + if ($lines[$i]->subprice < 0 && empty($conf->global->INVOICE_KEEP_DISCOUNT_LINES_AS_IN_ORIGIN)) { // Negative line, we create a discount line $discount = new DiscountAbsolute($db); $discount->fk_soc = $objecttmp->socid; diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 833f8fb6b76..9b93721ca6a 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1330,6 +1330,8 @@ class Facture extends CommonInvoice $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } @@ -1463,6 +1465,8 @@ class Facture extends CommonInvoice $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } diff --git a/htdocs/contrat/agenda.php b/htdocs/contrat/agenda.php index f57d8012832..a7ede441be1 100644 --- a/htdocs/contrat/agenda.php +++ b/htdocs/contrat/agenda.php @@ -54,7 +54,11 @@ $ref = GETPOST('ref', 'alpha'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'contrat', $id, ''); + +// Security check +$fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : '')); +$fieldtype = (!empty($id) ? 'rowid' : 'ref'); +$result = restrictedArea($user, 'contrat', $fieldvalue, '', '', '', $fieldtype); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -73,6 +77,13 @@ if (!$sortorder) { $sortorder = 'DESC,DESC'; } + +$object = new Contrat($db); + +if ($id > 0 || !empty($ref)) { + $result = $object->fetch($id, $ref); +} + // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('agendacontract', 'globalcard')); @@ -83,7 +94,7 @@ $permissiontoadd = $user->rights->contrat->creer; // Used by the include * Actions */ -$parameters = array('id'=>$id); +$parameters = array('id' => $id, 'ref' => $ref); $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); @@ -104,8 +115,6 @@ if (empty($reshook)) { } - - /* * View */ @@ -116,7 +125,7 @@ if (isModEnabled('project')) { $formproject = new FormProjets($db); } -if ($id > 0) { +if ($object->id > 0) { // Load object modContract $module = (!empty($conf->global->CONTRACT_ADDON) ? $conf->global->CONTRACT_ADDON : 'mod_contract_serpis'); if (substr($module, 0, 13) == 'mod_contract_' && substr($module, -3) == 'php') { @@ -130,8 +139,6 @@ if ($id > 0) { require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php'; - $object = new Contrat($db); - $result = $object->fetch($id); $object->fetch_thirdparty(); $title = $langs->trans("Agenda"); @@ -195,13 +202,13 @@ if ($id > 0) { } $morehtmlref .= ''; - dol_banner_tab($object, 'id', $linkback, 1, 'ref', 'none', $morehtmlref); + dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'none', $morehtmlref); print '
'; print '
'; - $object->info($id); + $object->info($object->id); dol_print_object_info($object, 1); print '
'; @@ -244,7 +251,7 @@ if ($id > 0) { if (isModEnabled('agenda') && (!empty($user->rights->agenda->myactions->read) || !empty($user->rights->agenda->allactions->read))) { print '
'; - $param = '&id='.$id; + $param = '&id='.$object->id; if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) { $param .= '&contextpage='.$contextpage; } diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 818550d344c..db501e113fb 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -374,6 +374,7 @@ if (empty($reshook)) { $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); // Note that $action and $object may have been // modified by hook if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); $error++; } } else { diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 4352364452b..486a647fb68 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -2602,6 +2602,8 @@ class Contrat extends CommonObject $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $clonedObj, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index e4152d31189..8ac336f84f8 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1494,15 +1494,15 @@ class ExtraFields $labeltoshow = dol_trunc($labeltoshow, 45); if (is_array($value_arr) && in_array($obj->rowid, $value_arr)) { + $labeltoshow = ''; foreach ($fields_label as $field_toshow) { $translabel = $langs->trans($obj->$field_toshow); if ($translabel != $obj->$field_toshow) { - $labeltoshow = dol_trunc($translabel, 18).' '; + $labeltoshow .= ' '.dol_trunc($translabel, 18).' '; } else { - $labeltoshow = dol_trunc($obj->$field_toshow, 18).' '; + $labeltoshow .= ' '.dol_trunc($obj->$field_toshow, 18).' '; } } - $data[$obj->rowid] = $labeltoshow; } else { if (!$notrans) { @@ -1823,17 +1823,20 @@ class ExtraFields $fields_label = explode('|', $InfoFieldList[1]); if (is_array($value_arr) && in_array($obj->rowid, $value_arr)) { if (is_array($fields_label) && count($fields_label) > 1) { + $label = '
  • '; foreach ($fields_label as $field_toshow) { $translabel = ''; if (!empty($obj->$field_toshow)) { $translabel = $langs->trans($obj->$field_toshow); } if ($translabel != $field_toshow) { - $toprint[] = '
  • '.dol_trunc($translabel, 18).'
    • '; + $label .= ' '.dol_trunc($translabel, 18); } else { - $toprint[] = '
  • '.$obj->$field_toshow.'
    • '; + $label .= ' '.$obj->$field_toshow; } } + $label .= ''; + $toprint[] = $label; } else { $translabel = ''; if (!empty($obj->{$InfoFieldList[1]})) { diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index ef954794964..23659cd769b 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -349,6 +349,7 @@ function completeFileArrayWithDatabaseInfo(&$filearray, $relativedir) $filearray[$key]['position_name'] = ($filearrayindatabase[$key2]['position'] ? $filearrayindatabase[$key2]['position'] : '0').'_'.$filearrayindatabase[$key2]['name']; $filearray[$key]['position'] = $filearrayindatabase[$key2]['position']; $filearray[$key]['cover'] = $filearrayindatabase[$key2]['cover']; + $filearray[$key]['keywords'] = $filearrayindatabase[$key2]['keywords']; $filearray[$key]['acl'] = $filearrayindatabase[$key2]['acl']; $filearray[$key]['rowid'] = $filearrayindatabase[$key2]['rowid']; $filearray[$key]['label'] = $filearrayindatabase[$key2]['label']; diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index ecb1cf3d65b..2c4b4bec855 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -462,6 +462,8 @@ class ExpenseReport extends CommonObject $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index e36598d04bc..376e14c277f 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -1228,6 +1228,8 @@ class Fichinter extends CommonObject $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 00c6e25f572..feb2466078d 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -1704,6 +1704,8 @@ class CommandeFournisseur extends CommonOrder $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } } diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index ba39616da94..3bdf969c24c 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1390,6 +1390,7 @@ if (empty($reshook)) { $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); // Note that $action and $object may have been if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); $error++; } } else { diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 4405f379888..3887060d8a9 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -443,6 +443,7 @@ if (empty($reshook)) { $reshook = $hookmanager->executeHooks('createFrom', $parameters, $object, $action); // Note that $action and $object may have been // modified by hook if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); $error++; } } else { diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 16211e7a027..27d1b871863 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1175,6 +1175,8 @@ class SupplierProposal extends CommonObject $action = ''; $reshook = $hookmanager->executeHooks('createFrom', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { + $this->errors += $hookmanager->errors; + $this->error = $hookmanager->error; $error++; } }