Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 09:38:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '22.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
ldestailleur
2025-07-17 02:07:45 +02:00
parent 1832675c96 43b05c56b6
commit d8a07f6fd6
6 changed files with 90 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
htdocs/admin/company.php
View File

@@ -74,6 +74,8 @@ $quality = $tmparraysize['quality'];
// Initialize a technical object to manage hooks of page. Note that conf->hooks_modules contains an array of hook context // Initialize a technical object to manage hooks of page. Note that conf->hooks_modules contains an array of hook context
$hookmanager->initHooks(array('admincompany', 'globaladmin')); $hookmanager->initHooks(array('admincompany', 'globaladmin'));
$object = new Societe($db);
/* /*
* Actions * Actions
@@ -451,11 +453,11 @@ print '<input type="hidden" name="action" value="update">';
print '<input type="hidden" name="page_y" value="">'; print '<input type="hidden" name="page_y" value="">';
print '<table class="noborder centpercent editmode">'; print '<table class="noborder centpercent editmode">';
print '<tr class="liste_titre"><th class="titlefieldcreate wordbreak">'.$langs->trans("CompanyInfo").'</th><th></th></tr>'."\n"; print '<tr class="liste_titre"><th class="titlefieldcreate wordbreak" colspan="2">'.$langs->trans("CompanyInfo").'</th></tr>'."\n";
// Company name // Company name
print '<tr class="oddeven"><td class="fieldrequired wordbreak"><label for="name">'.$langs->trans("CompanyName").'</label></td><td>'; print '<tr class="oddeven"><td class="fieldrequired wordbreak"><label for="name">'.$langs->trans("CompanyName").'</label></td><td>';
print '<input name="name" id="name" maxlength="'.$mysoc->fields['nom']['length'].'" class="minwidth250" value="'.dol_escape_htmltag((GETPOSTISSET('name') ? GETPOST('name', 'alphanohtml') : (getDolGlobalString('MAIN_INFO_SOCIETE_NOM')))).'"'.(!getDolGlobalString('MAIN_INFO_SOCIETE_NOM') ? ' autofocus="autofocus"' : '').'></td></tr>'."\n"; print '<input name="name" id="name" maxlength="'.$mysoc->fields['nom']['length'].'" class="minwidth250" value="'.dolPrintHTMLForAttribute((GETPOSTISSET('name') ? GETPOST('name', 'alphanohtml') : getDolGlobalString('MAIN_INFO_SOCIETE_NOM'))).'"'.(getDolGlobalString('MAIN_INFO_SOCIETE_NOM') ? '' : ' autofocus="autofocus"').'></td></tr>'."\n";
// Main currency // Main currency
print '<tr class="oddeven"><td class="fieldrequired"><label for="currency">'.$langs->trans("CompanyCurrency").'</label></td><td>'; print '<tr class="oddeven"><td class="fieldrequired"><label for="currency">'.$langs->trans("CompanyCurrency").'</label></td><td>';
@@ -472,14 +474,14 @@ print '</td></tr>'."\n";
// Address // Address
print '<tr class="oddeven"><td><label for="MAIN_INFO_SOCIETE_ADDRESS">'.$langs->trans("CompanyAddress").'</label></td><td>'; print '<tr class="oddeven"><td><label for="MAIN_INFO_SOCIETE_ADDRESS">'.$langs->trans("CompanyAddress").'</label></td><td>';
print '<textarea name="MAIN_INFO_SOCIETE_ADDRESS" id="MAIN_INFO_SOCIETE_ADDRESS" class="quatrevingtpercent" rows="'.ROWS_3.'">'.(GETPOSTISSET('MAIN_INFO_SOCIETE_ADDRESS') ? GETPOST('MAIN_INFO_SOCIETE_ADDRESS', 'alphanohtml') : (getDolGlobalString('MAIN_INFO_SOCIETE_ADDRESS'))).'</textarea></td></tr>'."\n"; print '<textarea name="MAIN_INFO_SOCIETE_ADDRESS" id="MAIN_INFO_SOCIETE_ADDRESS" class="quatrevingtpercent" rows="'.ROWS_3.'">'.(GETPOSTISSET('MAIN_INFO_SOCIETE_ADDRESS') ? GETPOST('MAIN_INFO_SOCIETE_ADDRESS', 'alphanohtml') : getDolGlobalString('MAIN_INFO_SOCIETE_ADDRESS')).'</textarea></td></tr>'."\n";
// Zip // Zip
print '<tr class="oddeven"><td><label for="MAIN_INFO_SOCIETE_ZIP">'.$langs->trans("CompanyZip").'</label></td><td>'; print '<tr class="oddeven"><td><label for="MAIN_INFO_SOCIETE_ZIP">'.$langs->trans("CompanyZip").'</label></td><td>';
print '<input class="width100" name="MAIN_INFO_SOCIETE_ZIP" id="MAIN_INFO_SOCIETE_ZIP" value="'.dol_escape_htmltag((GETPOSTISSET('MAIN_INFO_SOCIETE_ZIP') ? GETPOST('MAIN_INFO_SOCIETE_ZIP', 'alphanohtml') : (getDolGlobalString('MAIN_INFO_SOCIETE_ZIP')))).'"></td></tr>'."\n"; print '<input class="width100" name="MAIN_INFO_SOCIETE_ZIP" id="MAIN_INFO_SOCIETE_ZIP" value="'.dolPrintHTMLForAttribute((GETPOSTISSET('MAIN_INFO_SOCIETE_ZIP') ? GETPOST('MAIN_INFO_SOCIETE_ZIP', 'alphanohtml') : getDolGlobalString('MAIN_INFO_SOCIETE_ZIP'))).'"></td></tr>'."\n";
print '<tr class="oddeven"><td><label for="MAIN_INFO_SOCIETE_TOWN">'.$langs->trans("CompanyTown").'</label></td><td>'; print '<tr class="oddeven"><td><label for="MAIN_INFO_SOCIETE_TOWN">'.$langs->trans("CompanyTown").'</label></td><td>';
print '<input name="MAIN_INFO_SOCIETE_TOWN" class="minwidth200" id="MAIN_INFO_SOCIETE_TOWN" value="'.dol_escape_htmltag((GETPOSTISSET('MAIN_INFO_SOCIETE_TOWN') ? GETPOST('MAIN_INFO_SOCIETE_TOWN', 'alphanohtml') : (getDolGlobalString('MAIN_INFO_SOCIETE_TOWN')))).'"></td></tr>'."\n"; print '<input name="MAIN_INFO_SOCIETE_TOWN" class="minwidth200" id="MAIN_INFO_SOCIETE_TOWN" value="'.dolPrintHTMLForAttribute((GETPOSTISSET('MAIN_INFO_SOCIETE_TOWN') ? GETPOST('MAIN_INFO_SOCIETE_TOWN', 'alphanohtml') : getDolGlobalString('MAIN_INFO_SOCIETE_TOWN'))).'"></td></tr>'."\n";
// State // State
print '<tr class="oddeven"><td class="wordbreak"><label for="state_id">'.$langs->trans("State").'</label></td><td>'; print '<tr class="oddeven"><td class="wordbreak"><label for="state_id">'.$langs->trans("State").'</label></td><td>';
@@ -495,31 +497,31 @@ print '</td></tr>'."\n";
// Phone // Phone
print '<tr class="oddeven"><td><label for="phone">'.$langs->trans("Phone").'</label></td><td>'; print '<tr class="oddeven"><td><label for="phone">'.$langs->trans("Phone").'</label></td><td>';
print img_picto('', 'object_phoning', '', 0, 0, 0, '', 'pictofixedwidth'); print img_picto('', 'object_phoning', '', 0, 0, 0, '', 'pictofixedwidth');
print '<input class="maxwidth150 widthcentpercentminusx" name="phone" id="phone" value="'.dol_escape_htmltag((GETPOSTISSET('phone') ? GETPOST('phone', 'alphanohtml') : (getDolGlobalString('MAIN_INFO_SOCIETE_TEL')))).'"></td></tr>'; print '<input class="maxwidth150 widthcentpercentminusx" name="phone" id="phone" value="'.dolPrintHTMLForAttribute((GETPOSTISSET('phone') ? GETPOST('phone', 'alphanohtml') : getDolGlobalString('MAIN_INFO_SOCIETE_TEL'))).'"></td></tr>';
print '</td></tr>'."\n"; print '</td></tr>'."\n";
// Phone mobile // Phone mobile
print '<tr class="oddeven"><td><label for="phone">'.$langs->trans("PhoneMobile").'</label></td><td>'; print '<tr class="oddeven"><td><label for="phone">'.$langs->trans("PhoneMobile").'</label></td><td>';
print img_picto('', 'object_phoning_mobile', '', 0, 0, 0, '', 'pictofixedwidth'); print img_picto('', 'object_phoning_mobile', '', 0, 0, 0, '', 'pictofixedwidth');
print '<input class="maxwidth150 widthcentpercentminusx" name="phone_mobile" id="phone_mobile" value="'.dol_escape_htmltag((GETPOSTISSET('phone_mobile') ? GETPOST('phone_mobile', 'alphanohtml') : (getDolGlobalString('MAIN_INFO_SOCIETE_MOBILE')))).'"></td></tr>'; print '<input class="maxwidth150 widthcentpercentminusx" name="phone_mobile" id="phone_mobile" value="'.dolPrintHTMLForAttribute((GETPOSTISSET('phone_mobile') ? GETPOST('phone_mobile', 'alphanohtml') : getDolGlobalString('MAIN_INFO_SOCIETE_MOBILE'))).'"></td></tr>';
print '</td></tr>'."\n"; print '</td></tr>'."\n";
// Fax // Fax
print '<tr class="oddeven"><td><label for="fax">'.$langs->trans("Fax").'</label></td><td>'; print '<tr class="oddeven"><td><label for="fax">'.$langs->trans("Fax").'</label></td><td>';
print img_picto('', 'object_phoning_fax', '', 0, 0, 0, '', 'pictofixedwidth'); print img_picto('', 'object_phoning_fax', '', 0, 0, 0, '', 'pictofixedwidth');
print '<input class="maxwidth150" name="fax" id="fax" value="'.dol_escape_htmltag((GETPOSTISSET('fax') ? GETPOST('fax', 'alphanohtml') : (getDolGlobalString('MAIN_INFO_SOCIETE_FAX')))).'"></td></tr>'; print '<input class="maxwidth150" name="fax" id="fax" value="'.dolPrintHTMLForAttribute((GETPOSTISSET('fax') ? GETPOST('fax', 'alphanohtml') : getDolGlobalString('MAIN_INFO_SOCIETE_FAX'))).'"></td></tr>';
print '</td></tr>'."\n"; print '</td></tr>'."\n";
// Email // Email
print '<tr class="oddeven"><td><label for="email">'.$langs->trans("EMail").'</label></td><td>'; print '<tr class="oddeven"><td><label for="email">'.$langs->trans("EMail").'</label></td><td>';
print img_picto('', 'object_email', '', 0, 0, 0, '', 'pictofixedwidth'); print img_picto('', 'object_email', '', 0, 0, 0, '', 'pictofixedwidth');
print '<input class="minwidth300 maxwidth500 widthcentpercentminusx" name="mail" id="email" value="'.dol_escape_htmltag((GETPOSTISSET('mail') ? GETPOST('mail', 'alphanohtml') : (getDolGlobalString('MAIN_INFO_SOCIETE_MAIL') ? $conf->global->MAIN_INFO_SOCIETE_MAIL : ''))).'"></td></tr>'; print '<input class="minwidth300 maxwidth500 widthcentpercentminusx" name="mail" id="email" value="'.dolPrintHTMLForAttribute((GETPOSTISSET('mail') ? GETPOST('mail', 'alphanohtml') : getDolGlobalString('MAIN_INFO_SOCIETE_MAIL'))).'"></td></tr>';
print '</td></tr>'."\n"; print '</td></tr>'."\n";
// Web // Web
print '<tr class="oddeven"><td><label for="web">'.$langs->trans("Web").'</label></td><td>'; print '<tr class="oddeven"><td><label for="web">'.$langs->trans("Web").'</label></td><td>';
print img_picto('', 'globe', '', 0, 0, 0, '', 'pictofixedwidth'); print img_picto('', 'globe', '', 0, 0, 0, '', 'pictofixedwidth');
print '<input class="maxwidth300 widthcentpercentminusx" name="web" id="web" value="'.dol_escape_htmltag((GETPOSTISSET('web') ? GETPOST('web', 'alphanohtml') : (getDolGlobalString('MAIN_INFO_SOCIETE_WEB') ? $conf->global->MAIN_INFO_SOCIETE_WEB : ''))).'"></td></tr>'; print '<input class="maxwidth300 widthcentpercentminusx" name="web" id="web" value="'.dol_escape_htmltag((GETPOSTISSET('web') ? GETPOST('web', 'alphanohtml') : getDolGlobalString('MAIN_INFO_SOCIETE_WEB'))).'"></td></tr>';
print '</td></tr>'."\n"; print '</td></tr>'."\n";
// Barcode // Barcode
@@ -527,7 +529,7 @@ if (isModEnabled('barcode')) {
print '<tr class="oddeven"><td>'; print '<tr class="oddeven"><td>';
print '<label for="barcode">'.$langs->trans("Gencod").'</label></td><td>'; print '<label for="barcode">'.$langs->trans("Gencod").'</label></td><td>';
print '<span class="fa fa-barcode pictofixedwidth"></span>'; print '<span class="fa fa-barcode pictofixedwidth"></span>';
print '<input name="barcode" id="barcode" class="minwidth150 widthcentpercentminusx maxwidth300" value="'.dol_escape_htmltag(GETPOSTISSET('barcode') ? GETPOST('barcode', 'alphanohtml') : getDolGlobalString('MAIN_INFO_SOCIETE_GENCOD', '')).'"></td></tr>'; print '<input name="barcode" id="barcode" class="minwidth150 widthcentpercentminusx maxwidth300" value="'.dolPrintHTMLForAttribute(GETPOSTISSET('barcode') ? GETPOST('barcode', 'alphanohtml') : getDolGlobalString('MAIN_INFO_SOCIETE_GENCOD')).'"></td></tr>';
print '</td></tr>'; print '</td></tr>';
} }
@@ -563,7 +565,7 @@ print '</td></tr>';
// Note // Note
print '<tr class="oddeven"><td class="tdtop"><label for="note">'.$langs->trans("Note").'</label></td><td>'; print '<tr class="oddeven"><td class="tdtop"><label for="note">'.$langs->trans("Note").'</label></td><td>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOSTISSET('note') ? GETPOST('note', 'restricthtml') : (getDolGlobalString('MAIN_INFO_SOCIETE_NOTE') ? $conf->global->MAIN_INFO_SOCIETE_NOTE : '')).'</textarea></td></tr>'; print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOSTISSET('note') ? GETPOST('note', 'restricthtml') : getDolGlobalString('MAIN_INFO_SOCIETE_NOTE')).'</textarea></td></tr>';
print '</td></tr>'; print '</td></tr>';
print '</table>'; print '</table>';
@@ -576,23 +578,23 @@ print '<br><br>';
// IDs of the company (country-specific) // IDs of the company (country-specific)
print '<div class="div-table-responsive-no-min">'; print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent editmode">'; print '<table class="noborder centpercent editmode">';
print '<tr class="liste_titre"><td class="titlefieldcreate wordbreak">'.$langs->trans("CompanyIds").'</td><td></td></tr>'; print '<tr class="liste_titre"><td class="titlefieldcreate wordbreak" colspan="2">'.$langs->trans("CompanyIds").'</td></tr>';
$langs->load("companies"); $langs->load("companies");
// Managing Director(s) // Managing Director(s)
print '<tr class="oddeven"><td><label for="director">'.$langs->trans("ManagingDirectors").'</label></td><td>'; print '<tr class="oddeven"><td><label for="director">'.$langs->trans("ManagingDirectors").'</label></td><td>';
print '<input name="MAIN_INFO_SOCIETE_MANAGERS" id="directors" class="minwidth300" value="'.dol_escape_htmltag((GETPOSTISSET('MAIN_INFO_SOCIETE_MANAGERS') ? GETPOST('MAIN_INFO_SOCIETE_MANAGERS', 'alphanohtml') : (getDolGlobalString('MAIN_INFO_SOCIETE_MANAGERS') ? $conf->global->MAIN_INFO_SOCIETE_MANAGERS : ''))).'"></td></tr>'; print '<input name="MAIN_INFO_SOCIETE_MANAGERS" id="directors" class="minwidth300" value="'.dolPrintHTMLForAttribute((GETPOSTISSET('MAIN_INFO_SOCIETE_MANAGERS') ? GETPOST('MAIN_INFO_SOCIETE_MANAGERS', 'alphanohtml') : getDolGlobalString('MAIN_INFO_SOCIETE_MANAGERS'))).'"></td></tr>';
// GDPR contact // GDPR contact
print '<tr class="oddeven"><td>'; print '<tr class="oddeven"><td>';
print $form->textwithpicto($langs->trans("GDPRContact"), $langs->trans("GDPRContactDesc")); print $form->textwithpicto($langs->trans("GDPRContact"), $langs->trans("GDPRContactDesc"));
print '</td><td>'; print '</td><td>';
print '<input name="MAIN_INFO_GDPR" id="infodirector" class="minwidth300" value="'.dol_escape_htmltag((GETPOSTISSET("MAIN_INFO_GDPR") ? GETPOST("MAIN_INFO_GDPR", 'alphanohtml') : (getDolGlobalString('MAIN_INFO_GDPR') ? $conf->global->MAIN_INFO_GDPR : ''))).'"></td></tr>'; print '<input name="MAIN_INFO_GDPR" id="infodirector" class="minwidth300" value="'.dolPrintHTMLForAttribute((GETPOSTISSET("MAIN_INFO_GDPR") ? GETPOST("MAIN_INFO_GDPR", 'alphanohtml') : getDolGlobalString('MAIN_INFO_GDPR'))).'"></td></tr>';
// Capital // Capital
print '<tr class="oddeven"><td><label for="capital">'.$langs->trans("Capital").'</label></td><td>'; print '<tr class="oddeven"><td><label for="capital">'.$langs->trans("Capital").'</label></td><td>';
print '<input name="capital" id="capital" class="maxwidth100" value="'.dol_escape_htmltag((GETPOSTISSET('capital') ? GETPOST('capital', 'alphanohtml') : (getDolGlobalString('MAIN_INFO_CAPITAL') ? $conf->global->MAIN_INFO_CAPITAL : ''))).'"></td></tr>'; print '<input name="capital" id="capital" class="maxwidth100" value="'.dolPrintHTMLForAttribute((GETPOSTISSET('capital') ? GETPOST('capital', 'alphanohtml') : getDolGlobalString('MAIN_INFO_CAPITAL'))).'"></td></tr>';
// Juridical Status // Juridical Status
print '<tr class="oddeven"><td><label for="forme_juridique_code">'.$langs->trans("JuridicalStatus").'</label></td><td>'; print '<tr class="oddeven"><td><label for="forme_juridique_code">'.$langs->trans("JuridicalStatus").'</label></td><td>';
@@ -605,19 +607,19 @@ print '</td></tr>';
// Object of the company // Object of the company
print '<tr class="oddeven"><td><label for="socialobject">'.$langs->trans("CompanyObject").'</label></td><td>'; print '<tr class="oddeven"><td><label for="socialobject">'.$langs->trans("CompanyObject").'</label></td><td>';
print '<textarea class="flat quatrevingtpercent" name="socialobject" id="socialobject" rows="'.ROWS_3.'">'.(getDolGlobalString('MAIN_INFO_SOCIETE_OBJECT')).'</textarea></td></tr>'; print '<textarea class="flat quatrevingtpercent" name="socialobject" id="socialobject" rows="'.ROWS_3.'">'.getDolGlobalString('MAIN_INFO_SOCIETE_OBJECT').'</textarea></td></tr>';
print '</td></tr>'; print '</td></tr>';
// Tax ID Intra-community VAT number // Tax ID Intra-community VAT number
print '<tr class="oddeven"><td><label for="intra_vat">'.$langs->trans("VATIntra").'</label></td><td>'; print '<tr class="oddeven"><td><label for="intra_vat">'.$langs->trans("VATIntra").'</label></td><td>';
print '<input name="tva" id="intra_vat" class="minwidth200" value="'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_TVAINTRA')).'">'; print '<input name="tva" id="intra_vat" class="minwidth200" value="'.dolPrintHTMLForAttribute(getDolGlobalString('MAIN_INFO_TVAINTRA')).'">';
print '</td></tr>'; print '</td></tr>';
// ProfId1 // ProfId1
if ($langs->transcountry("ProfId1", $mysoc->country_code) != '-') { if ($langs->transcountry("ProfId1", $mysoc->country_code) != '-') {
print '<tr class="oddeven"><td><label for="profid1">'.$langs->transcountry("ProfId1", $mysoc->country_code).'</label></td><td>'; print '<tr class="oddeven"><td><label for="profid1">'.$langs->transcountry("ProfId1", $mysoc->country_code).'</label></td><td>';
if (!empty($mysoc->country_code)) { if (!empty($mysoc->country_code)) {
print '<input name="siren" id="profid1" class="minwidth200" value="'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SIREN')).'">'; print '<input name="siren" id="profid1" class="minwidth200" value="'.dolPrintHTMLForAttribute(getDolGlobalString('MAIN_INFO_SIREN')).'">';
} else { } else {
print $countrynotdefined; print $countrynotdefined;
} }
@@ -628,7 +630,7 @@ if ($langs->transcountry("ProfId1", $mysoc->country_code) != '-') {
if ($langs->transcountry("ProfId2", $mysoc->country_code) != '-') { if ($langs->transcountry("ProfId2", $mysoc->country_code) != '-') {
print '<tr class="oddeven"><td><label for="profid2">'.$langs->transcountry("ProfId2", $mysoc->country_code).'</label></td><td>'; print '<tr class="oddeven"><td><label for="profid2">'.$langs->transcountry("ProfId2", $mysoc->country_code).'</label></td><td>';
if (!empty($mysoc->country_code)) { if (!empty($mysoc->country_code)) {
print '<input name="siret" id="profid2" class="minwidth200" value="'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_SIRET')).'">'; print '<input name="siret" id="profid2" class="minwidth200" value="'.dolPrintHTMLForAttribute(getDolGlobalString('MAIN_INFO_SIRET')).'">';
} else { } else {
print $countrynotdefined; print $countrynotdefined;
} }
@@ -639,7 +641,7 @@ if ($langs->transcountry("ProfId2", $mysoc->country_code) != '-') {
if ($langs->transcountry("ProfId3", $mysoc->country_code) != '-') { if ($langs->transcountry("ProfId3", $mysoc->country_code) != '-') {
print '<tr class="oddeven"><td><label for="profid3">'.$langs->transcountry("ProfId3", $mysoc->country_code).'</label></td><td>'; print '<tr class="oddeven"><td><label for="profid3">'.$langs->transcountry("ProfId3", $mysoc->country_code).'</label></td><td>';
if (!empty($mysoc->country_code)) { if (!empty($mysoc->country_code)) {
print '<input name="ape" id="profid3" class="minwidth200" value="'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_APE')).'">'; print '<input name="ape" id="profid3" class="minwidth200" value="'.dolPrintHTMLForAttribute(getDolGlobalString('MAIN_INFO_APE')).'">';
} else { } else {
print $countrynotdefined; print $countrynotdefined;
} }
@@ -650,7 +652,7 @@ if ($langs->transcountry("ProfId3", $mysoc->country_code) != '-') {
if ($langs->transcountry("ProfId4", $mysoc->country_code) != '-') { if ($langs->transcountry("ProfId4", $mysoc->country_code) != '-') {
print '<tr class="oddeven"><td><label for="profid4">'.$langs->transcountry("ProfId4", $mysoc->country_code).'</label></td><td>'; print '<tr class="oddeven"><td><label for="profid4">'.$langs->transcountry("ProfId4", $mysoc->country_code).'</label></td><td>';
if (!empty($mysoc->country_code)) { if (!empty($mysoc->country_code)) {
print '<input name="rcs" id="profid4" class="minwidth200" value="'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_RCS')).'">'; print '<input name="rcs" id="profid4" class="minwidth200" value="'.dolPrintHTMLForAttribute(getDolGlobalString('MAIN_INFO_RCS')).'">';
} else { } else {
print $countrynotdefined; print $countrynotdefined;
} }
@@ -661,7 +663,7 @@ if ($langs->transcountry("ProfId4", $mysoc->country_code) != '-') {
if ($langs->transcountry("ProfId5", $mysoc->country_code) != '-') { if ($langs->transcountry("ProfId5", $mysoc->country_code) != '-') {
print '<tr class="oddeven"><td><label for="profid5">'.$langs->transcountry("ProfId5", $mysoc->country_code).'</label></td><td>'; print '<tr class="oddeven"><td><label for="profid5">'.$langs->transcountry("ProfId5", $mysoc->country_code).'</label></td><td>';
if (!empty($mysoc->country_code)) { if (!empty($mysoc->country_code)) {
print '<input name="MAIN_INFO_PROFID5" id="profid5" class="minwidth200" value="'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_PROFID5')).'">'; print '<input name="MAIN_INFO_PROFID5" id="profid5" class="minwidth200" value="'.dolPrintHTMLForAttribute(getDolGlobalString('MAIN_INFO_PROFID5')).'">';
} else { } else {
print $countrynotdefined; print $countrynotdefined;
} }
@@ -672,7 +674,7 @@ if ($langs->transcountry("ProfId5", $mysoc->country_code) != '-') {
if ($langs->transcountry("ProfId6", $mysoc->country_code) != '-') { if ($langs->transcountry("ProfId6", $mysoc->country_code) != '-') {
print '<tr class="oddeven"><td><label for="profid6">'.$langs->transcountry("ProfId6", $mysoc->country_code).'</label></td><td>'; print '<tr class="oddeven"><td><label for="profid6">'.$langs->transcountry("ProfId6", $mysoc->country_code).'</label></td><td>';
if (!empty($mysoc->country_code)) { if (!empty($mysoc->country_code)) {
print '<input name="MAIN_INFO_PROFID6" id="profid6" class="minwidth200" value="'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_PROFID6')).'">'; print '<input name="MAIN_INFO_PROFID6" id="profid6" class="minwidth200" value="'.dolPrintHTMLForAttribute(getDolGlobalString('MAIN_INFO_PROFID6')).'">';
} else { } else {
print $countrynotdefined; print $countrynotdefined;
} }
@@ -683,7 +685,7 @@ if ($langs->transcountry("ProfId6", $mysoc->country_code) != '-') {
if ($langs->transcountry("ProfId7", $mysoc->country_code) != '-') { if ($langs->transcountry("ProfId7", $mysoc->country_code) != '-') {
print '<tr class="oddeven"><td><label for="profid7">'.$langs->transcountry("ProfId7", $mysoc->country_code).'</label></td><td>'; print '<tr class="oddeven"><td><label for="profid7">'.$langs->transcountry("ProfId7", $mysoc->country_code).'</label></td><td>';
if (!empty($mysoc->country_code)) { if (!empty($mysoc->country_code)) {
print '<input name="MAIN_INFO_PROFID7" id="profid7" class="minwidth200" value="'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_PROFID7')).'">'; print '<input name="MAIN_INFO_PROFID7" id="profid7" class="minwidth200" value="'.dolPrintHTMLForAttribute(getDolGlobalString('MAIN_INFO_PROFID7')).'">';
} else { } else {
print $countrynotdefined; print $countrynotdefined;
} }
@@ -694,7 +696,7 @@ if ($langs->transcountry("ProfId7", $mysoc->country_code) != '-') {
if ($langs->transcountry("ProfId8", $mysoc->country_code) != '-') { if ($langs->transcountry("ProfId8", $mysoc->country_code) != '-') {
print '<tr class="oddeven"><td><label for="profid8">'.$langs->transcountry("ProfId8", $mysoc->country_code).'</label></td><td>'; print '<tr class="oddeven"><td><label for="profid8">'.$langs->transcountry("ProfId8", $mysoc->country_code).'</label></td><td>';
if (!empty($mysoc->country_code)) { if (!empty($mysoc->country_code)) {
print '<input name="MAIN_INFO_PROFID8" id="profid8" class="minwidth200" value="'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_PROFID8')).'">'; print '<input name="MAIN_INFO_PROFID8" id="profid8" class="minwidth200" value="'.dolPrintHTMLForAttribute(getDolGlobalString('MAIN_INFO_PROFID8')).'">';
} else { } else {
print $countrynotdefined; print $countrynotdefined;
} }
@@ -705,7 +707,7 @@ if ($langs->transcountry("ProfId8", $mysoc->country_code) != '-') {
if ($langs->transcountry("ProfId9", $mysoc->country_code) != '-') { if ($langs->transcountry("ProfId9", $mysoc->country_code) != '-') {
print '<tr class="oddeven"><td><label for="profid9">'.$langs->transcountry("ProfId9", $mysoc->country_code).'</label></td><td>'; print '<tr class="oddeven"><td><label for="profid9">'.$langs->transcountry("ProfId9", $mysoc->country_code).'</label></td><td>';
if (!empty($mysoc->country_code)) { if (!empty($mysoc->country_code)) {
print '<input name="MAIN_INFO_PROFID9" id="profid9" class="minwidth200" value="'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_PROFID9')).'">'; print '<input name="MAIN_INFO_PROFID9" id="profid9" class="minwidth200" value="'.dolPrintHTMLForAttribute(getDolGlobalString('MAIN_INFO_PROFID9')).'">';
} else { } else {
print $countrynotdefined; print $countrynotdefined;
} }
@@ -716,7 +718,7 @@ if ($langs->transcountry("ProfId9", $mysoc->country_code) != '-') {
if ($langs->transcountry("ProfId10", $mysoc->country_code) != '-') { if ($langs->transcountry("ProfId10", $mysoc->country_code) != '-') {
print '<tr class="oddeven"><td><label for="profid10">'.$langs->transcountry("ProfId10", $mysoc->country_code).'</label></td><td>'; print '<tr class="oddeven"><td><label for="profid10">'.$langs->transcountry("ProfId10", $mysoc->country_code).'</label></td><td>';
if (!empty($mysoc->country_code)) { if (!empty($mysoc->country_code)) {
print '<input name="MAIN_INFO_PROFID10" id="profid10" class="minwidth200" value="'.dol_escape_htmltag(getDolGlobalString('MAIN_INFO_PROFID10')).'">'; print '<input name="MAIN_INFO_PROFID10" id="profid10" class="minwidth200" value="'.dolPrintHTMLForAttribute(getDolGlobalString('MAIN_INFO_PROFID10')).'">';
} else { } else {
print $countrynotdefined; print $countrynotdefined;
} }
@@ -735,7 +737,7 @@ print '<td class="titlefieldcreate">'.$langs->trans("FiscalYearInformation").'</
print "</tr>\n"; print "</tr>\n";
print '<tr class="oddeven"><td><label for="SOCIETE_FISCAL_MONTH_START">'.$langs->trans("FiscalMonthStart").'</label></td><td>'; print '<tr class="oddeven"><td><label for="SOCIETE_FISCAL_MONTH_START">'.$langs->trans("FiscalMonthStart").'</label></td><td>';
print $formother->select_month(getDolGlobalInt('SOCIETE_FISCAL_MONTH_START') ? $conf->global->SOCIETE_FISCAL_MONTH_START : '', 'SOCIETE_FISCAL_MONTH_START', 0, 1, 'maxwidth100').'</td></tr>'; print $formother->select_month(getDolGlobalString('SOCIETE_FISCAL_MONTH_START'), 'SOCIETE_FISCAL_MONTH_START', 0, 1, 'maxwidth100').'</td></tr>';
print "</table>"; print "</table>";

8
htdocs/compta/facture/class/api_invoices.class.php
View File

@@ -1694,14 +1694,14 @@ class Invoices extends DolibarrApi
$totalpaid = $this->invoice->getSommePaiement($is_multicurrency); $totalpaid = $this->invoice->getSommePaiement($is_multicurrency);
$totalcreditnotes = $this->invoice->getSumCreditNotesUsed($is_multicurrency); $totalcreditnotes = $this->invoice->getSumCreditNotesUsed($is_multicurrency);
$totaldeposits = $this->invoice->getSumDepositsUsed($is_multicurrency); $totaldeposits = $this->invoice->getSumDepositsUsed($is_multicurrency);
$remainstopay = $amount = price2num($total_ttc - $totalpaid - $totalcreditnotes - $totaldeposits, 'MT'); $remainstopay = $amount = (float) price2num($total_ttc - $totalpaid - $totalcreditnotes - $totaldeposits, 'MT');
if (!$is_multicurrency && $amountarray["amount"] != 'remain') { if (!$is_multicurrency && $amountarray["amount"] != 'remain') {
$amount = price2num($amountarray["amount"], 'MT'); $amount = (float) price2num($amountarray["amount"], 'MT');
} }
if ($is_multicurrency && $amountarray["multicurrency_amount"] != 'remain') { if ($is_multicurrency && $amountarray["multicurrency_amount"] != 'remain') {
$amount = price2num($amountarray["multicurrency_amount"], 'MT'); $amount = (float) price2num($amountarray["multicurrency_amount"], 'MT');
} }
if (abs($amount) > abs($remainstopay) && !$accepthigherpayment) { if (abs($amount) > abs($remainstopay) && !$accepthigherpayment) {
@@ -1710,7 +1710,7 @@ class Invoices extends DolibarrApi
} }
if ($this->invoice->type == Facture::TYPE_CREDIT_NOTE) { if ($this->invoice->type == Facture::TYPE_CREDIT_NOTE) {
$amount = price2num(-1 * abs((float) $amount), 'MT'); $amount = (float) price2num(-1 * abs((float) $amount), 'MT');
} }
if ($is_multicurrency) { if ($is_multicurrency) {

37
htdocs/core/lib/functions.lib.php
View File

@@ -8530,14 +8530,21 @@ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes
{ {
if (is_null($allowed_attributes)) { if (is_null($allowed_attributes)) {
$allowed_attributes = array( $allowed_attributes = array(
"allow", "allowfullscreen", "alt", "async", "class", "content", "contenteditable", "crossorigin", "data-html", "frameborder", "height", "href", "id", "name", "property", "rel", "src", "style", "target", "title", "type", "width", "allow", "allowfullscreen", "alt", "async", "class", "contenteditable", "crossorigin", "data-html", "frameborder", "height", "href", "id", "name", "property", "rel", "src", "style", "target", "title", "type", "width",
// HTML5 // HTML5
"header", "footer", "nav", "section", "menu", "menuitem" "header", "footer", "nav", "section", "menu", "menuitem"
); );
} }
// Always add content and http-equiv for meta tags, required to force encoding and keep html content in utf8 by load/saveHTML functions.
if (!in_array("content", $allowed_attributes)) {
$allowed_attributes[] = "content";
}
if (!in_array("http-equiv", $allowed_attributes)) {
$allowed_attributes[] = "http-equiv";
}
if (class_exists('DOMDocument') && !empty($stringtoclean)) { if (class_exists('DOMDocument') && !empty($stringtoclean)) {
$stringtoclean = '<?xml encoding="UTF-8"><html><body>'.$stringtoclean.'</body></html>'; $stringtoclean = '<?xml encoding="UTF-8"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body>'.$stringtoclean.'</body></html>';
// Warning: loadHTML does not support HTML5 on old libxml versions. // Warning: loadHTML does not support HTML5 on old libxml versions.
$dom = new DOMDocument('', 'UTF-8'); $dom = new DOMDocument('', 'UTF-8');
@@ -8588,12 +8595,15 @@ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes
} }
} }
$dom->encoding = 'UTF-8';
$return = $dom->saveHTML(); // This may add a LF at end of lines, so we will trim later $return = $dom->saveHTML(); // This may add a LF at end of lines, so we will trim later
//$return = '<html><body>aaaa</p>bb<p>ssdd</p>'."\n<p>aaa</p>aa<p>bb</p>"; //$return = '<html><body>aaaa</p>bb<p>ssdd</p>'."\n<p>aaa</p>aa<p>bb</p>";
$return = preg_replace('/^'.preg_quote('<?xml encoding="UTF-8">', '/').'/', '', $return); $return = preg_replace('/^'.preg_quote('<?xml encoding="UTF-8">', '/').'/', '', $return);
$return = preg_replace('/^'.preg_quote('<html><body>', '/').'/', '', $return); $return = preg_replace('/^'.preg_quote('<html><head><', '/').'[^<>]*'.preg_quote('></head><body>', '/').'/', '', $return);
$return = preg_replace('/'.preg_quote('</body></html>', '/').'$/', '', $return); $return = preg_replace('/'.preg_quote('</body></html>', '/').'$/', '', trim($return));
return trim($return); return trim($return);
} else { } else {
return $stringtoclean; return $stringtoclean;
@@ -8765,17 +8775,24 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = '
// like 'abc' that wrongly ends up, without the trick, with '<p>abc</p>' // like 'abc' that wrongly ends up, without the trick, with '<p>abc</p>'
if (dol_textishtml($out)) { if (dol_textishtml($out)) {
$out = '<?xml encoding="UTF-8"><div class="tricktoremove">'.$out.'</div>'; $out = '<?xml encoding="UTF-8"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body><div class="tricktoremove">'.$out.'</div></body></html>';
} else { } else {
$out = '<?xml encoding="UTF-8"><div class="tricktoremove">'.dol_nl2br($out).'</div>'; $out = '<?xml encoding="UTF-8"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body><div class="tricktoremove">'.dol_nl2br($out).'</div></body></html>';
} }
$dom->loadHTML($out, LIBXML_HTML_NODEFDTD | LIBXML_ERR_NONE | LIBXML_HTML_NOIMPLIED | LIBXML_NONET | LIBXML_NOWARNING | LIBXML_NOERROR | LIBXML_NOXMLDECL); $dom->loadHTML($out, LIBXML_HTML_NODEFDTD | LIBXML_ERR_NONE | LIBXML_HTML_NOIMPLIED | LIBXML_NONET | LIBXML_NOWARNING | LIBXML_NOERROR | LIBXML_NOXMLDECL);
$dom->encoding = 'UTF-8';
$out = trim($dom->saveHTML()); $out = trim($dom->saveHTML());
// Remove the trick added to solve pb with text without parent tag // Remove the trick added to solve pb with text in utf8 and text without parent tag
$out = preg_replace('/^<\?xml encoding="UTF-8"><div class="tricktoremove">/', '', $out); $out = preg_replace('/^'.preg_quote('<?xml encoding="UTF-8">', '/').'/', '', $out);
$out = preg_replace('/<\/div>$/', '', $out); $out = preg_replace('/^'.preg_quote('<html><head><', '/').'[^<>]+'.preg_quote('></head><body><div class="tricktoremove">', '/').'/', '', $out);
$out = preg_replace('/'.preg_quote('</div></body></html>', '/').'$/', '', trim($out));
// $out = preg_replace('/^<\?xml encoding="UTF-8"><div class="tricktoremove">/', '', $out);
// $out = preg_replace('/<\/div>$/', '', $out);
// var_dump('rrrrrrrrrrrrrrrrrrrrrrrrrrrrr'.$out);
} catch (Exception $e) { } catch (Exception $e) {
// If error, invalid HTML string with no way to clean it // If error, invalid HTML string with no way to clean it
//print $e->getMessage(); //print $e->getMessage();
@@ -8890,7 +8907,7 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = '
$out = preg_replace('/on(repeat|begin|finish|beforeinput)[a-z]*\s*=/i', '', $out); $out = preg_replace('/on(repeat|begin|finish|beforeinput)[a-z]*\s*=/i', '', $out);
} while ($oldstringtoclean != $out); } while ($oldstringtoclean != $out);
// Check the limit of external links that are automatically executed in a Rich text content. We count: // Check the limit of external links that are automatically executed in a Rich text content. We count:
// '<img' to avoid <img src="http...">, we can only accept "<img src="data:..." // '<img' to avoid <img src="http...">, we can only accept "<img src="data:..."
// 'url(' to avoid inline style like background: url(http... // 'url(' to avoid inline style like background: url(http...
// '<link' to avoid <link href="http..."> // '<link' to avoid <link href="http...">

2
htdocs/langs/en_US/admin.lang
View File

@@ -2008,7 +2008,7 @@ ConfirmDeleteFiscalYear=Are you sure to delete this accounting period?
ShowFiscalYear=Show accounting period ShowFiscalYear=Show accounting period
##### Assets ##### ##### Assets #####
AssetNumberingModules=Assets numbering module AssetNumberingModules=Assets numbering module
AlwaysEditable=Can be edited for all object status AlwaysEditable=Editable for any status
PermissionOnField=Permission on field PermissionOnField=Permission on field
MAIN_APPLICATION_TITLE=Force visible name of application (warning: setting your own name here may break autofill login feature when using DoliDroid mobile application) MAIN_APPLICATION_TITLE=Force visible name of application (warning: setting your own name here may break autofill login feature when using DoliDroid mobile application)
NbMajMin=Minimum number of uppercase characters NbMajMin=Minimum number of uppercase characters

1
test/phpunit/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
/DemoTest.php

27
test/phpunit/SecurityTest.php
View File

@@ -387,7 +387,8 @@ class SecurityTest extends CommonClassTest
{ {
$stringtotest = 'eée'; $stringtotest = 'eée';
$decodedstring = dol_string_onlythesehtmlattributes($stringtotest); $decodedstring = dol_string_onlythesehtmlattributes($stringtotest);
$this->assertEquals('e&eacute;e', $decodedstring, 'Function did not sanitize correctly with test 1'); //$this->assertEquals('e&eacute;e', $decodedstring, 'Function did not sanitize correctly with test 1');
$this->assertEquals('eée', $decodedstring, 'Function did not sanitize correctly with test 1');
$stringtotest = '<div onload="ee"><a href="123"><span class="abc">abc</span></a></div>'; $stringtotest = '<div onload="ee"><a href="123"><span class="abc">abc</span></a></div>';
$decodedstring = dol_string_onlythesehtmlattributes($stringtotest); $decodedstring = dol_string_onlythesehtmlattributes($stringtotest);
@@ -1296,6 +1297,30 @@ class SecurityTest extends CommonClassTest
{ {
global $conf; global $conf;
// Test on a string in hindi with MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES because
// in past this case was losing the UTF8.
$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 0;
$result = dol_htmlwithnojs('String in Hindi लेखाकर्म', 0, 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('String in Hindi लेखाकर्म', $result, 'Test js sanitizing a Hindi string is ko');
$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 1;
$result = dol_htmlwithnojs('String in Hindi लेखाकर्म', 0, 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('String in Hindi लेखाकर्म', $result, 'Test js sanitizing a Hindi string is ko');
$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 1;
$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML = 1;
$conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY = 1;
$result = dol_htmlwithnojs('String in Hindi लेखाकर्म', 0, 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('String in Hindi लेखाकर्म', $result, 'Test js sanitizing a Hindi string is ko');
$conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 0; $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = 0;
// If we set this to 1, it will also convert emoticon in htmlentities, so tests must be modified. // If we set this to 1, it will also convert emoticon in htmlentities, so tests must be modified.