Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-10 18:02:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into 14a39

Browse Source
This commit is contained in:
Alexandre SPANGARO
2021-04-26 13:53:16 +02:00
parent d27030df3f 87393cee98
commit d95be3e08b
205 changed files with 9058 additions and 20864 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
COPYRIGHT
View File

@@ -54,7 +54,7 @@ jQuery TableDnD 0.6 GPL and MIT License Yes
jQuery Timepicker 1.1.0 GPL and MIT License Yes JS library Timepicker addon for Datepicker
jsGanttImproved 2.7.3 BSD License Yes JS library (to build Gantt reports)
JsTimezoneDetect 1.0.6 MIT License Yes JS library to detect user timezone
SwaggerUI 2.0.24 GPL-2+ Yes JS library to offer the REST API explorer
SwaggerUI 2.2.10 GPL-2+ Yes JS library to offer the REST API explorer
Image libraries:
Octicons 8.1 MIT Yes

10
dev/dolibarr_changes.txt
View File

@@ -225,9 +225,6 @@ JQUERYFILETREE:
RESTLER:
--------
Change content of file htdocs/includes/restler/framework/Luracast/Restler/explorer/index.html
+With swagger 2:
* Add line into Util.php to complete function
@@ -249,6 +246,13 @@ Change content of file htdocs/includes/restler/framework/Luracast/Restler/explor
if (!is_string($haystack)) return false;
+With swagger 2 provided into /explorer:
----------------------------------------
Change content of file htdocs/includes/restler/framework/Luracast/Restler/explorer/index.html
PARSEDOWN
---------

2
htdocs/accountancy/admin/accountmodel.php
View File

@@ -442,7 +442,7 @@ if ($id) {
} else {
$sql .= " WHERE ";
}
$sql .= " c.rowid = ".$search_country_id;
$sql .= " c.rowid = ".((int) $search_country_id);
}
// If sort order is "country", we use country_code instead

2
htdocs/accountancy/bookkeeping/card.php
View File

@@ -563,7 +563,7 @@ if ($action == 'create') {
{
$sqlmid = 'SELECT rowid as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."facture as fac";
$sqlmid .= " WHERE fac.rowid=" . $object->fk_doc;
$sqlmid .= " WHERE fac.rowid=" . ((int) $object->fk_doc);
dol_syslog("accountancy/bookkeeping/card.php::sqlmid=" . $sqlmid, LOG_DEBUG);
$resultmid = $db->query($sqlmid);
if ($resultmid) {

10
htdocs/accountancy/class/accountancycategory.class.php
View File

@@ -473,7 +473,7 @@ class AccountancyCategory // extends CommonObject
$sql .= " SELECT DISTINCT aa.account_number";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
$sql .= " AND asy.rowid = ".$conf->global->CHARTOFACCOUNTS;
$sql .= " AND asy.rowid = ".((int) $conf->global->CHARTOFACCOUNTS);
$sql .= " AND aa.active = 1";
$sql .= " AND aa.entity = ".$conf->entity.")";
$sql .= " GROUP BY t.numero_compte, t.label_operation, t.doc_ref";
@@ -562,7 +562,7 @@ class AccountancyCategory // extends CommonObject
$sql = "SELECT aa.rowid, aa.account_number";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
$sql .= " AND asy.rowid = ".$conf->global->CHARTOFACCOUNTS;
$sql .= " AND asy.rowid = ".((int) $conf->global->CHARTOFACCOUNTS);
$sql .= " AND aa.active = 1";
$sql .= " AND aa.entity = ".$conf->entity;
$sql .= " ORDER BY LENGTH(aa.account_number) DESC;"; // LENGTH is ok with mysql and postgresql
@@ -589,8 +589,8 @@ class AccountancyCategory // extends CommonObject
$accountincptsadded[$account_number_formated] = 1;
// We found an account number that is in list $cpts of account to add
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account";
$sql .= " SET fk_accounting_category=".$id_cat;
$sql .= " WHERE rowid=".$obj->rowid;
$sql .= " SET fk_accounting_category=".((int) $id_cat);
$sql .= " WHERE rowid=".((int) $obj->rowid);
dol_syslog(__METHOD__, LOG_DEBUG);
$resqlupdate = $this->db->query($sql);
if (!$resqlupdate) {
@@ -629,7 +629,7 @@ class AccountancyCategory // extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account as aa";
$sql .= " SET fk_accounting_category= 0";
$sql .= " WHERE aa.rowid= ".$cpt_id;
$sql .= " WHERE aa.rowid = ".((int) $cpt_id);
$this->db->begin();
dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG);

4
htdocs/accountancy/class/accountingaccount.class.php
View File

@@ -347,10 +347,10 @@ class AccountingAccount extends CommonObject
$sql .= " , label = ".($this->label ? "'".$this->db->escape($this->label)."'" : "''");
$sql .= " , labelshort = ".($this->labelshort ? "'".$this->db->escape($this->labelshort)."'" : "''");
$sql .= " , fk_accounting_category = ".(empty($this->account_category) ? 0 : (int) $this->account_category);
$sql .= " , fk_user_modif = ".$user->id;
$sql .= " , fk_user_modif = ".((int) $user->id);
$sql .= " , active = ".(int) $this->active;
$sql .= " , reconcilable = ".(int) $this->reconcilable;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG);
$result = $this->db->query($sql);

12
htdocs/accountancy/class/bookkeeping.class.php
View File

@@ -371,8 +371,8 @@ class BookKeeping extends CommonObject
$sql .= ", ".(!isset($this->date_lim_reglement) || dol_strlen($this->date_lim_reglement) == 0 ? 'NULL' : "'".$this->db->idate($this->date_lim_reglement)."'");
$sql .= ", '".$this->db->escape($this->doc_type)."'";
$sql .= ", '".$this->db->escape($this->doc_ref)."'";
$sql .= ", ".$this->fk_doc;
$sql .= ", ".$this->fk_docdet;
$sql .= ", ".((int) $this->fk_doc);
$sql .= ", ".((int) $this->fk_docdet);
$sql .= ", ".(!empty($this->thirdparty_code) ? ("'".$this->db->escape($this->thirdparty_code)."'") : "NULL");
$sql .= ", ".(!empty($this->subledger_account) ? ("'".$this->db->escape($this->subledger_account)."'") : "NULL");
$sql .= ", ".(!empty($this->subledger_label) ? ("'".$this->db->escape($this->subledger_label)."'") : "NULL");
@@ -632,8 +632,8 @@ class BookKeeping extends CommonObject
$sql .= ' '.(!isset($this->date_lim_reglement) || dol_strlen($this->date_lim_reglement) == 0 ? 'NULL' : "'".$this->db->idate($this->date_lim_reglement)."'").',';
$sql .= ' '.(!isset($this->doc_type) ? 'NULL' : "'".$this->db->escape($this->doc_type)."'").',';
$sql .= ' '.(!isset($this->doc_ref) ? 'NULL' : "'".$this->db->escape($this->doc_ref)."'").',';
$sql .= ' '.(empty($this->fk_doc) ? '0' : $this->fk_doc).',';
$sql .= ' '.(empty($this->fk_docdet) ? '0' : $this->fk_docdet).',';
$sql .= ' '.(empty($this->fk_doc) ? '0' : (int) $this->fk_doc).',';
$sql .= ' '.(empty($this->fk_docdet) ? '0' : (int) $this->fk_docdet).',';
$sql .= ' '.(!isset($this->thirdparty_code) ? 'NULL' : "'".$this->db->escape($this->thirdparty_code)."'").',';
$sql .= ' '.(!isset($this->subledger_account) ? 'NULL' : "'".$this->db->escape($this->subledger_account)."'").',';
$sql .= ' '.(!isset($this->subledger_label) ? 'NULL' : "'".$this->db->escape($this->subledger_label)."'").',';
@@ -1860,7 +1860,7 @@ class BookKeeping extends CommonObject
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.account_number = ab.numero_compte";
$sql .= " AND aa.active = 1";
$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
$sql .= " AND asy.rowid = " . $pcgver;
$sql .= " AND asy.rowid = " . ((int) $pcgver);
$sql .= " AND ab.entity IN (" . getEntity('accountancy') . ")";
$sql .= " ORDER BY account_number ASC";
*/
@@ -1893,7 +1893,7 @@ class BookKeeping extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON aa.account_number = ab.numero_compte";
$sql .= " AND aa.active = 1";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
$sql .= " AND asy.rowid = ".$pcgver;
$sql .= " AND asy.rowid = ".((int) $pcgver);
$sql .= " AND ab.entity IN (".getEntity('accountancy').")";
$sql .= " ORDER BY account_number ASC";

4
htdocs/accountancy/customer/index.php
View File

@@ -110,13 +110,13 @@ if ($action == 'validatehistory') {
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet";
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
$sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number";
$sql1 .= " AND " . MAIN_DB_PREFIX . "facturedet.fk_code_ventilation = 0";
} else {
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet as fd, " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number";
$sql1 .= " AND fd.fk_code_ventilation = 0";
}*/

4
htdocs/accountancy/expensereport/index.php
View File

@@ -103,13 +103,13 @@ if ($action == 'validatehistory') {
$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det";
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
$sql1 .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst";
$sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=".$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
$sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
$sql1 .= " AND accnt.active = 1 AND t.accountancy_code = accnt.account_number";
$sql1 .= " AND ".MAIN_DB_PREFIX."expensereport_det.fk_code_ventilation = 0";
} else {
$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd, ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst";
$sql1 .= " SET erd.fk_code_ventilation = accnt.rowid";
$sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=".$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
$sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
$sql1 .= " AND accnt.active = 1 AND t.accountancy_code=accnt.account_number";
$sql1 .= " AND erd.fk_code_ventilation = 0";
}

18
htdocs/accountancy/journal/bankjournal.php
View File

@@ -130,7 +130,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu3 ON bu3.fk_bank = b.rowid A
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu4 ON bu4.fk_bank = b.rowid AND bu4.type='payment_supplier'";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as soc on bu1.url_id=soc.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u on bu2.url_id=u.rowid";
$sql .= " WHERE ba.fk_accountancy_journal=".$id_journal;
$sql .= " WHERE ba.fk_accountancy_journal=".((int) $id_journal);
$sql .= ' AND b.amount != 0 AND ba.entity IN ('.getEntity('bank_account', 0).')'; // We don't share object for accountancy
if ($date_start && $date_end) {
$sql .= " AND b.dateo >= '".$db->idate($date_start)."' AND b.dateo <= '".$db->idate($date_end)."'";
@@ -1323,42 +1323,42 @@ function getSourceDocRef($val, $typerecord)
} elseif ($typerecord == 'payment_supplier') {
$sqlmid = 'SELECT payfac.fk_facturefourn as id, f.ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."paiementfourn_facturefourn as payfac, ".MAIN_DB_PREFIX."facture_fourn as f";
$sqlmid .= " WHERE payfac.fk_facturefourn = f.rowid AND payfac.fk_paiementfourn=".$val["paymentsupplierid"];
$sqlmid .= " WHERE payfac.fk_facturefourn = f.rowid AND payfac.fk_paiementfourn=".((int) $val["paymentsupplierid"]);
$ref = $langs->transnoentitiesnoconv("SupplierInvoice");
} elseif ($typerecord == 'payment_expensereport') {
$sqlmid = 'SELECT e.rowid as id, e.ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_expensereport as pe, ".MAIN_DB_PREFIX."expensereport as e";
$sqlmid .= " WHERE pe.rowid=".$val["paymentexpensereport"]." AND pe.fk_expensereport = e.rowid";
$sqlmid .= " WHERE pe.rowid=".((int) $val["paymentexpensereport"])." AND pe.fk_expensereport = e.rowid";
$ref = $langs->transnoentitiesnoconv("ExpenseReport");
} elseif ($typerecord == 'payment_salary') {
$sqlmid = 'SELECT s.rowid as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_salary as s";
$sqlmid .= " WHERE s.rowid=".$val["paymentsalid"];
$sqlmid .= " WHERE s.rowid=".((int) $val["paymentsalid"]);
$ref = $langs->transnoentitiesnoconv("SalaryPayment");
} elseif ($typerecord == 'sc') {
$sqlmid = 'SELECT sc.rowid as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."paiementcharge as sc";
$sqlmid .= " WHERE sc.rowid=".$val["paymentscid"];
$sqlmid .= " WHERE sc.rowid=".((int) $val["paymentscid"]);
$ref = $langs->transnoentitiesnoconv("SocialContribution");
} elseif ($typerecord == 'payment_vat') {
$sqlmid = 'SELECT v.rowid as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."tva as v";
$sqlmid .= " WHERE v.rowid=".$val["paymentvatid"];
$sqlmid .= " WHERE v.rowid=".((int) $val["paymentvatid"]);
$ref = $langs->transnoentitiesnoconv("PaymentVat");
} elseif ($typerecord == 'payment_donation') {
$sqlmid = 'SELECT payd.fk_donation as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_donation as payd";
$sqlmid .= " WHERE payd.fk_donation=".$val["paymentdonationid"];
$sqlmid .= " WHERE payd.fk_donation=".((int) $val["paymentdonationid"]);
$ref = $langs->transnoentitiesnoconv("Donation");
} elseif ($typerecord == 'payment_loan') {
$sqlmid = 'SELECT l.rowid as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_loan as l";
$sqlmid .= " WHERE l.rowid=".$val["paymentloanid"];
$sqlmid .= " WHERE l.rowid=".((int) $val["paymentloanid"]);
$ref = $langs->transnoentitiesnoconv("LoanPayment");
} elseif ($typerecord == 'payment_various') {
$sqlmid = 'SELECT v.rowid as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_various as v";
$sqlmid .= " WHERE v.rowid=".$val["paymentvariousid"];
$sqlmid .= " WHERE v.rowid=".((int) $val["paymentvariousid"]);
$ref = $langs->transnoentitiesnoconv("VariousPayment");
}
// Add warning

4
htdocs/accountancy/supplier/index.php
View File

@@ -118,13 +118,13 @@ if ($action == 'validatehistory') {
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facture_fourn_det";
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
$sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facture_fourn_det.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facture_fourn_det.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_buy=accnt.account_number";
$sql1 .= " AND " . MAIN_DB_PREFIX . "facture_fourn_det.fk_code_ventilation = 0";
} else {
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facture_fourn_det as fd, " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_buy=accnt.account_number";
$sql1 .= " AND fd.fk_code_ventilation = 0";
}*/

4
htdocs/adherents/class/adherent.class.php
View File

@@ -1597,8 +1597,8 @@ class Adherent extends CommonObject
$inserturlid = $acct->add_url_line($insertid, $this->id, DOL_URL_ROOT.'/adherents/card.php?rowid=', $this->getFullname($langs), 'member');
if ($inserturlid > 0) {
// Update table subscription
$sql = "UPDATE ".MAIN_DB_PREFIX."subscription SET fk_bank=".$insertid;
$sql .= " WHERE rowid=".$subscriptionid;
$sql = "UPDATE ".MAIN_DB_PREFIX."subscription SET fk_bank=".((int) $insertid);
$sql .= " WHERE rowid=".((int) $subscriptionid);
dol_syslog("subscription::subscription", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/adherents/class/adherent_type.class.php
View File

@@ -365,7 +365,7 @@ class AdherentType extends CommonObject
$sql .= "note = '".$this->db->escape($this->note)."',";
$sql .= "vote = ".(integer) $this->db->escape($this->vote).",";
$sql .= "mail_valid = '".$this->db->escape($this->mail_valid)."'";
$sql .= " WHERE rowid =".$this->id;
$sql .= " WHERE rowid =".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {

4
htdocs/adherents/class/subscription.class.php
View File

@@ -165,7 +165,7 @@ class Subscription extends CommonObject
} else {
$type = $this->fk_type;
}
$sql .= " VALUES (".$this->fk_adherent.", '".$this->db->escape($type)."', '".$this->db->idate($now)."',";
$sql .= " VALUES (".((int) $this->fk_adherent).", '".$this->db->escape($type)."', '".$this->db->idate($now)."',";
$sql .= " '".$this->db->idate($this->dateh)."',";
$sql .= " '".$this->db->idate($this->datef)."',";
$sql .= " ".$this->amount.",";
@@ -217,7 +217,7 @@ class Subscription extends CommonObject
$sql .= " datef,";
$sql .= " subscription, note, fk_bank";
$sql .= " FROM ".MAIN_DB_PREFIX."subscription";
$sql .= " WHERE rowid=".$rowid;
$sql .= " WHERE rowid=".((int) $rowid);
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/adherents/list.php
View File

@@ -318,7 +318,7 @@ if ($sall) {
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
}
if ($search_type > 0) {
$sql .= " AND t.rowid=".$db->escape($search_type);
$sql .= " AND t.rowid=".((int) $search_type);
}
if ($search_filter == 'withoutsubscription') {
$sql .= " AND (datefin IS NULL OR t.subscription = 0)";

2
htdocs/adherents/subscription.php
View File

@@ -677,7 +677,7 @@ if ($rowid > 0) {
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."subscription as c";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON c.fk_bank = b.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.rowid";
$sql .= " WHERE d.rowid = c.fk_adherent AND d.rowid=".$rowid;
$sql .= " WHERE d.rowid = c.fk_adherent AND d.rowid=".((int) $rowid);
$sql .= $db->order($sortfield, $sortorder);
$result = $db->query($sql);

2
htdocs/adherents/subscription/list.php
View File

@@ -170,7 +170,7 @@ if (isset($date_select) && $date_select != '') {
}
if ($search_ref) {
if (is_numeric($search_ref)) {
$sql .= " AND (c.rowid = ".$db->escape($search_ref).")";
$sql .= " AND c.rowid = ".((int) $search_ref);
} else {
$sql .= " AND 1 = 2"; // Always wrong
}

2
htdocs/adherents/type.php
View File

@@ -500,7 +500,7 @@ if ($rowid > 0) {
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."adherent_type as t";
$sql .= " WHERE d.fk_adherent_type = t.rowid ";
$sql .= " AND d.entity IN (".getEntity('adherent').")";
$sql .= " AND t.rowid = ".$object->id;
$sql .= " AND t.rowid = ".((int) $object->id);
if ($sall) {
$sql .= natural_search(array("f.firstname", "d.lastname", "d.societe", "d.email", "d.login", "d.address", "d.town", "d.note_public", "d.note_private"), $sall);
}

2
htdocs/admin/accountant.php
View File

@@ -17,7 +17,7 @@
/**
* \file htdocs/admin/accountant.php
* \ingroup accountant
* \ingroup core
* \brief Setup page to configure accountant / auditor
*/

68
htdocs/admin/accounting.php Normal file
View File

@@ -0,0 +1,68 @@
<?php
/* Copyright (C) 2018 Alexandre Spangaro <aspangaro@open-dsi.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/admin/accounting.php
* \ingroup accounting
* \brief Setup page to configure accountanting module
*/
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
$action = GETPOST('action', 'aZ09');
$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'adminaccoutant'; // To manage different context of search
// Load translation files required by the page
$langs->loadLangs(array('admin', 'companies'));
if (!$user->admin) {
accessforbidden();
}
$error = 0;
/*
* Actions
*/
// Nothing
/*
* View
*/
$help_url = '';
llxHeader('', $langs->trans("ConfigAccountingExpert"), $help_url);
$linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
print load_fiche_titre($langs->trans("ConfigAccountingExpert"), $linkback, 'title_setup');
print "<br>\n";
print '<span class="opacitymedium">'.$langs->trans("AccountancySetupDoneFromAccountancyMenu", $langs->transnoentitiesnoconv("Accounting").' - '.$langs->transnoentitiesnoconv("Setup"))."</span><br>\n";
print "<br>\n";
llxFooter();
$db->close();

8
htdocs/admin/boxes.php
View File

@@ -114,8 +114,8 @@ if ($action == 'add') {
if (empty($arrayofexistingboxid[$boxid['value']])) {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."boxes (";
$sql .= "box_id, position, box_order, fk_user, entity";
$sql .= ") values (";
$sql .= $boxid['value'].", ".$pos.", '".(($nbboxonleft > $nbboxonright) ? 'B01' : 'A01')."', ".$fk_user.", ".$conf->entity;
$sql .= ") VALUES (";
$sql .= $boxid['value'].", ".((int) $pos).", '".(($nbboxonleft > $nbboxonright) ? 'B01' : 'A01')."', ".$fk_user.", ".$conf->entity;
$sql .= ")";
dol_syslog("boxes.php activate box", LOG_DEBUG);
@@ -156,7 +156,7 @@ if ($action == 'delete') {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes";
$sql .= " WHERE entity = ".$conf->entity;
$sql .= " AND box_id=".$obj->box_id;
$sql .= " AND box_id=".((int) $obj->box_id);
$resql = $db->query($sql);
@@ -255,7 +255,7 @@ if ($resql) {
// We renumber the order of the boxes if one of them is in ''
// This occurs just after an insert.
if ($decalage) {
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($decalage)."' WHERE rowid=".$obj->rowid;
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($decalage)."' WHERE rowid=".((int) $obj->rowid);
$db->query($sql);
}
}

2
htdocs/admin/dict.php
View File

@@ -1151,7 +1151,7 @@ if ($id) {
$sql .= " WHERE 1 = 1";
}
if ($search_country_id > 0) {
$sql .= " AND c.rowid = ".$search_country_id;
$sql .= " AND c.rowid = ".((int) $search_country_id);
}
if ($search_code != '' && $id == 9) {
$sql .= natural_search("code_iso", $search_code);

2
htdocs/admin/external_rss.php
View File

@@ -136,7 +136,7 @@ if (GETPOST("delete")) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes";
$sql .= " WHERE entity = ".$conf->entity;
$sql .= " AND box_id = ".$obj->rowid;
$sql .= " AND box_id = ".((int) $obj->rowid);
$resql = $db->query($sql);
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def";

14
htdocs/admin/modules.php
View File

@@ -521,8 +521,8 @@ if ($mode == 'common' || $mode == 'commonkanban') {
$moreforfilter = '<div class="valignmiddle">';
$moreforfilter .= '<div class="floatright right pagination --module-list"><ul><li>';
$moreforfilter .= dolGetButtonTitle($langs->trans('CheckForModuleUpdate'), $langs->trans('CheckForModuleUpdateHelp'), 'fa fa-check-double ', $_SERVER["PHP_SELF"].'?action=checklastversion&token='.newToken().'&mode='.$mode.$param, '', 1, array('morecss'=>'reposition'));
$moreforfilter .= '</li><li>'.dolGetButtonTitleSeparator();
$moreforfilter .= dolGetButtonTitle($langs->trans('CheckForModuleUpdate'), $langs->trans('CheckForModuleUpdate').'<br>'.$langs->trans('CheckForModuleUpdateHelp'), 'fa fa-sync', $_SERVER["PHP_SELF"].'?action=checklastversion&token='.newToken().'&mode='.$mode.$param, '', 1, array('morecss'=>'reposition'));
$moreforfilter .= dolGetButtonTitleSeparator();
$moreforfilter .= dolGetButtonTitle($langs->trans('ViewKanban'), '', 'fa fa-th-list imgforviewmode', $_SERVER["PHP_SELF"].'?mode=commonkanban'.$param, '', ($mode == 'commonkanban' ? 2 : 1), array('morecss'=>'reposition'));
$moreforfilter .= dolGetButtonTitle($langs->trans('ViewList'), '', 'fa fa-list-alt imgforviewmode', $_SERVER["PHP_SELF"].'?mode=common'.$param, '', ($mode == 'common' ? 2 : 1), array('morecss'=>'reposition'));
$moreforfilter .= '</li></ul></div>';
@@ -584,6 +584,7 @@ if ($mode == 'common' || $mode == 'commonkanban') {
// Show list of modules
$oldfamily = '';
$foundoneexternalmodulewithupdate = 0;
$linenum = 0;
foreach ($orders as $key => $value) {
$linenum++;
@@ -915,6 +916,7 @@ if ($mode == 'common' || $mode == 'commonkanban') {
if ($objMod->needUpdate) {
$versionTitle = $langs->trans('ModuleUpdateAvailable').' : '.$objMod->lastVersion;
print '<span class="badge badge-warning classfortooltip" title="'.dol_escape_htmltag($versionTitle).'">'.$versiontrans.'</span>';
$foundoneexternalmodulewithupdate++;
} else {
print $versiontrans;
}
@@ -934,6 +936,14 @@ if ($mode == 'common' || $mode == 'commonkanban') {
}
}
if ($action == 'checklastversion') {
if ($foundoneexternalmodulewithupdate) {
setEventMessages($langs->trans("ModuleUpdateAvailable"), null, 'mesgs');
} else {
setEventMessages($langs->trans("NoExternalModuleWithUpdate"), null, 'mesgs');
}
}
if ($oldfamily) {
if ($mode == 'commonkanban') {
print '</div>';

2
htdocs/admin/security.php
View File

@@ -71,7 +71,7 @@ if ($action == 'activate_encrypt') {
if (dol_hash($obj->pass)) {
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
$sql .= " SET pass_crypted = '".dol_hash($obj->pass)."', pass = NULL";
$sql .= " WHERE rowid=".$obj->rowid;
$sql .= " WHERE rowid=".((int) $obj->rowid);
//print $sql;
$resql2 = $db->query($sql);

8
htdocs/admin/translation.php
View File

@@ -289,7 +289,7 @@ if ($mode == 'overwrite') {
print "\n";
print '<tr class="oddeven"><td>';
print $formadmin->select_language(GETPOST('langcode'), 'langcode', 0, null, 1, 0, $disablededit ? 1 : 0, 'maxwidthonsmartphone', 1);
print $formadmin->select_language(GETPOST('langcode'), 'langcode', 0, null, 1, 0, $disablededit ? 1 : 0, 'maxwidth250', 1);
print '</td>'."\n";
print '<td>';
print '<input type="text" class="flat maxwidthonsmartphone"'.$disablededit.' name="transkey" id="transkey" value="'.(!empty($transkey) ? $transkey : "").'">';
@@ -338,7 +338,7 @@ if ($mode == 'overwrite') {
print '<td>'.$obj->transkey.'</td>'."\n";
// Value
print '<td>';
print '<td class="small">';
/*print '<input type="hidden" name="const['.$i.'][rowid]" value="'.$obj->rowid.'">';
print '<input type="hidden" name="const['.$i.'][lang]" value="'.$obj->lang.'">';
print '<input type="hidden" name="const['.$i.'][name]" value="'.$obj->transkey.'">';
@@ -482,7 +482,7 @@ if ($mode == 'searchkey') {
print '<tr class="oddeven"><td>';
//print $formadmin->select_language($langcode,'langcode',0,null,$langs->trans("All"),0,0,'',1);
print $formadmin->select_language($langcode, 'langcode', 0, null, 0, 0, 0, 'maxwidthonsmartphone', 1);
print $formadmin->select_language($langcode, 'langcode', 0, null, 0, 0, 0, 'maxwidth250', 1);
print '</td>'."\n";
print '<td>';
print '<input type="text" class="flat maxwidthonsmartphone" name="transkey" value="'.$transkey.'">';
@@ -529,7 +529,7 @@ if ($mode == 'searchkey') {
if ($i > ($offset + $limit)) {
break;
}
print '<tr class="oddeven"><td>'.$langcode.'</td><td>'.$key.'</td><td>';
print '<tr class="oddeven"><td>'.$langcode.'</td><td>'.$key.'</td><td class="small">';
print dol_escape_htmltag($val);
print '</td><td class="right nowraponall">';
if (!empty($newlangfileonly->tab_translate[$key])) {

7
htdocs/api/class/api_login.class.php
View File

@@ -31,8 +31,13 @@ class Login
*/
public function __construct()
{
global $db;
global $conf, $db;
$this->db = $db;
//$conf->global->MAIN_MODULE_API_LOGIN_DISABLED = 1;
if (!empty($conf->global->MAIN_MODULE_API_LOGIN_DISABLED)) {
throw new RestException(403, "Error login APIs are disabled. You must get the token from backoffice to be able to use APIs");
}
}
/**

8
htdocs/api/class/api_setup.class.php
View File

@@ -1631,8 +1631,8 @@ class Setup extends DolibarrApi
global $langs, $conf;
if (!DolibarrApiAccess::$user->admin
&& (empty($conf->global->API_LOGIN_ALLOWED_FOR_INTEGRITY_CHECK) || DolibarrApiAccess::$user->login != $conf->global->API_LOGIN_ALLOWED_FOR_INTEGRITY_CHECK)) {
throw new RestException(403, 'Error API open to admin users only or to the users with logins defined into constant API_LOGIN_ALLOWED_FOR_INTEGRITY_CHECK');
&& (empty($conf->global->API_LOGINS_ALLOWED_FOR_INTEGRITY_CHECK) || DolibarrApiAccess::$user->login != $conf->global->API_LOGINS_ALLOWED_FOR_INTEGRITY_CHECK)) {
throw new RestException(403, 'Error API open to admin users only or to the users with logins defined into constant API_LOGINS_ALLOWED_FOR_INTEGRITY_CHECK');
}
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@@ -1937,8 +1937,8 @@ class Setup extends DolibarrApi
global $conf;
if (!DolibarrApiAccess::$user->admin
&& (empty($conf->global->API_LOGIN_ALLOWED_FOR_GET_MODULES) || DolibarrApiAccess::$user->login != $conf->global->API_LOGIN_ALLOWED_FOR_GET_MODULES)) {
throw new RestException(403, 'Error API open to admin users only or to the users with logins defined into constant API_LOGIN_ALLOWED_FOR_GET_MODULES');
&& (empty($conf->global->API_LOGINS_ALLOWED_FOR_GET_MODULES) || DolibarrApiAccess::$user->login != $conf->global->API_LOGINS_ALLOWED_FOR_GET_MODULES)) {
throw new RestException(403, 'Error API open to admin users only or to the users with logins defined into constant API_LOGINS_ALLOWED_FOR_GET_MODULES');
}
sort($conf->modules);

30
htdocs/api/index.php
View File

@@ -218,6 +218,11 @@ if (!empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/swagger.json' || $
continue;
}
//$conf->global->MAIN_MODULE_API_LOGIN_DISABLED = 1;
if ($file_searched == 'api_login.class.php' && !empty($conf->global->MAIN_MODULE_API_LOGIN_DISABLED)) {
continue;
}
$regapi = array();
if (is_readable($dir_part.$file_searched) && preg_match("/^api_(.*)\.class\.php$/i", $file_searched, $regapi)) {
$classname = ucwords($regapi[1]);
@@ -291,6 +296,29 @@ if (!empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' &&
$classname = ucwords($moduleobject);
// Test rules on endpoints. For example:
// $conf->global->API_ENDPOINT_RULES = 'endpoint1:1,endpoint2:1,...'
if (!empty($conf->global->API_ENDPOINT_RULES)) {
$listofendpoints = explode(',', $conf->global->API_ENDPOINT_RULES);
$endpointisallowed = false;
foreach ($listofendpoints as $endpointrule) {
$tmparray = explode(':', $endpointrule);
if ($classfile == $tmparray[0] && $tmparray[1] == 1) {
$endpointisallowed = true;
break;
}
}
if (! $endpointisallowed) {
dol_syslog('The API with endpoint /'.$classfile.' is forbidden by config API_ENDPOINT_RULES', LOG_WARNING);
print 'The API with endpoint /'.$classfile.' is forbidden by config API_ENDPOINT_RULES';
header('HTTP/1.1 501 API is forbidden by API_ENDPOINT_RULES');
//session_destroy();
exit(0);
}
}
dol_syslog('Search api file /'.$moduledirforclass.'/class/api_'.$classfile.'.class.php => dir_part_file='.$dir_part_file.' classname='.$classname);
$res = false;
@@ -314,7 +342,7 @@ if (!empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' &&
//var_dump($api->r->apiVersionMap);
//exit;
// We do not want that restler output data if we use native compression (default behaviour) but we want to have it returned into a string.
// We do not want that restler outputs data if we use native compression (default behaviour) but we want to have it returned into a string.
Luracast\Restler\Defaults::$returnResponse = (empty($conf->global->API_DISABLE_COMPRESSION) && !empty($_SERVER['HTTP_ACCEPT_ENCODING']));
// Call API (we suppose we found it).

2
htdocs/asset/class/asset_type.class.php
View File

@@ -188,7 +188,7 @@ class AssetType extends CommonObject
$sql .= "accountancy_code_depreciation_asset = '".$this->db->escape($this->accountancy_code_depreciation_asset)."',";
$sql .= "accountancy_code_depreciation_expense = '".$this->db->escape($this->accountancy_code_depreciation_expense)."',";
$sql .= "note = '".$this->db->escape($this->note)."'";
$sql .= " WHERE rowid =".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {

2
htdocs/blockedlog/class/authority.class.php
View File

@@ -148,7 +148,7 @@ class BlockedLogAuthority
global $langs;
dol_syslog(get_class($this)."::fetch id=".$id, LOG_DEBUG);
dol_syslog(get_class($this)."::fetch id=".((int) $id), LOG_DEBUG);
if (empty($id) && empty($signature)) {
$this->error = 'BadParameter';

2
htdocs/bookmarks/class/bookmark.class.php
View File

@@ -219,7 +219,7 @@ class Bookmark extends CommonObject
$sql .= " ,title = '".$this->db->escape($this->title)."'";
$sql .= " ,favicon = '".$this->db->escape($this->favicon)."'";
$sql .= " ,position = ".(int) $this->position;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("Bookmark::update", LOG_DEBUG);
if ($this->db->query($sql)) {

2
htdocs/categories/class/categorie.class.php
View File

@@ -1470,7 +1470,7 @@ class Categorie extends CommonObject
// Load bank categories
$sql = "SELECT c.label, c.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."bank_class as a, ".MAIN_DB_PREFIX."bank_categ as c";
$sql .= " WHERE a.lineid=".$id." AND a.fk_categ = c.rowid";
$sql .= " WHERE a.lineid=".((int) $id)." AND a.fk_categ = c.rowid";
$sql .= " AND c.entity IN (".getEntity('category').")";
$sql .= " ORDER BY c.label";

2
htdocs/comm/action/card.php
View File

@@ -1395,7 +1395,7 @@ if ($id > 0) {
// Confirmation suppression action
if ($action == 'delete') {
print $form->formconfirm("card.php?id=".$id, $langs->trans("DeleteAction"), $langs->trans("ConfirmDeleteAction"), "confirm_delete", '', '', 1);
print $form->formconfirm("card.php?id=".urlencode($id), $langs->trans("DeleteAction"), $langs->trans("ConfirmDeleteAction"), "confirm_delete", '', '', 1);
}
if ($action == 'edit') {

2
htdocs/comm/action/class/actioncomm.class.php
View File

@@ -2436,7 +2436,7 @@ class ActionComm extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."actioncomm ";
$sql .= " SET percent = ".(int) $percent;
$sql .= " WHERE id=".$id;
$sql .= " WHERE id = ".((int) $id);
if ($this->db->query($sql)) {
$this->db->commit();

2
htdocs/comm/action/index.php
View File

@@ -720,7 +720,7 @@ if ($action == 'show_day') {
$sql .= ')';
}
if ($type) {
$sql .= " AND ca.id = ".$type;
$sql .= " AND ca.id = ".((int) $type);
}
if ($status == '0') {
$sql .= " AND a.percent = 0";

2
htdocs/comm/action/pertype.php
View File

@@ -592,7 +592,7 @@ if ($action == 'show_day') {
$sql .= ')';
}
if ($type) {
$sql .= " AND ca.id = ".$type;
$sql .= " AND ca.id = ".((int) $type);
}
if ($status == '0') {
$sql .= " AND a.percent = 0";

2
htdocs/comm/action/peruser.php
View File

@@ -613,7 +613,7 @@ if ($action == 'show_day') {
$sql .= ')';
}
if ($type) {
$sql .= " AND ca.id = ".$type;
$sql .= " AND ca.id = ".((int) $type);
}
if ($status == '0') {
$sql .= " AND a.percent = 0";

45
htdocs/comm/index.php
View File

@@ -37,6 +37,8 @@ require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
require_once DOL_DOCUMENT_ROOT.'/societe/class/client.class.php';
require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/order.lib.php';
// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array
$hookmanager = new HookManager($db);
@@ -66,6 +68,8 @@ if ($user->socid > 0) {
}
restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
$maxofloop = (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD);
/*
* Actions
@@ -100,6 +104,11 @@ print load_fiche_titre($langs->trans("CommercialArea"), '', 'commercial');
print '<div class="fichecenter"><div class="fichethirdleft">';
print getCustomerProposalPieChart($socid);
print '<br>';
print getCustomerOrderPieChart($socid);
print '<br>';
/*
* Draft customer proposals
*/
@@ -129,14 +138,14 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
if ($resql) {
$total = 0;
$num = $db->num_rows($resql);
$nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD));
$nbofloop = min($num, $maxofloop);
startSimpleTable("ProposalsDraft", "comm/propal/list.php", "search_status=".Propal::STATUS_DRAFT, 2, $num);
if ($num > 0) {
$i = 0;
$othernb = 0;
while ($i < $num && $i < $conf->liste_limit) {
while ($i < $nbofloop) {
$obj = $db->fetch_object($resql);
if ($i >= $max) {
@@ -181,7 +190,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
if ($othernb) {
print '<tr class="oddeven">';
print '<td class="nowrap" colspan="5">';
print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
print '<span class="opacitymedium">'.$langs->trans("More").'...'.($othernb < $maxofloop ? ' ('.$othernb.')' : '').'</span>';
print '</td>';
print "</tr>\n";
}
@@ -219,21 +228,21 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$resql = $db->query($sql);
if ($resql) {
$total = 0;
$num = $db->num_rows($resql);
$nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD));
$nbofloop = min($num, $maxofloop);
startSimpleTable("SupplierProposalsDraft", "supplier_proposal/list.php", "search_status=".SupplierProposal::STATUS_DRAFT, 2, $num);
if ($num > 0) {
$i = 0;
$othernb = 0;
while ($i < $num && $i < $conf->liste_limit) {
while ($i < $nbofloop) {
$obj = $db->fetch_object($resql);
if ($i >= $max) {
@@ -277,7 +286,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
if ($othernb) {
print '<tr class="oddeven">';
print '<td class="nowrap" colspan="5">';
print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
print '<span class="opacitymedium">'.$langs->trans("More").'...'.($othernb < $maxofloop ? ' ('.$othernb.')' : '').'</span>';
print '</td>';
print "</tr>\n";
}
@@ -315,21 +324,21 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);
if ($resql) {
$total = 0;
$num = $db->num_rows($resql);
$nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD));
$nbofloop = min($num, $maxofloop);
startSimpleTable("DraftOrders", "commande/list.php", "search_status=".Commande::STATUS_DRAFT, 2, $num);
if ($num > 0) {
$i = 0;
$othernb = 0;
while ($i < $num && $i < $conf->liste_limit) {
while ($i < $nbofloop) {
$obj = $db->fetch_object($resql);
if ($i >= $max) {
@@ -374,7 +383,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
if ($othernb) {
print '<tr class="oddeven">';
print '<td class="nowrap" colspan="5">';
print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
print '<span class="opacitymedium">'.$langs->trans("More").'...'.($othernb < $maxofloop ? ' ('.$othernb.')' : '').'</span>';
print '</td>';
print "</tr>\n";
}
@@ -419,14 +428,14 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
if ($resql) {
$total = 0;
$num = $db->num_rows($resql);
$nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD));
$nbofloop = min($num, $maxofloop);
startSimpleTable("DraftSuppliersOrders", "fourn/commande/list.php", "search_status=".CommandeFournisseur::STATUS_DRAFT, 2, $num);
if ($num > 0) {
$i = 0;
$othernb = 0;
while ($i < $num && $i < $conf->liste_limit) {
while ($i < $nbofloop) {
$obj = $db->fetch_object($resql);
if ($i >= $max) {
@@ -471,7 +480,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
if ($othernb) {
print '<tr class="oddeven">';
print '<td class="nowrap" colspan="5">';
print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
print '<span class="opacitymedium">'.$langs->trans("More").'...'.($othernb < $maxofloop ? ' ('.$othernb.')' : '').'</span>';
print '</td>';
print "</tr>\n";
}
@@ -605,7 +614,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY s.datec DESC";
$sql .= $db->plimit($max, 0);
@@ -711,7 +720,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max + 1, 0);
@@ -786,7 +795,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY p.rowid DESC";
@@ -902,7 +911,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY c.rowid DESC";

2
htdocs/comm/mailing/advtargetemailing.php
View File

@@ -379,7 +379,7 @@ if ($action == 'deletefilter') {
if ($action == 'delete') {
// Ici, rowid indique le destinataire et id le mailing
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid=".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid = ".((int) $rowid);
$resql = $db->query($sql);
if ($resql) {
if (!empty($id)) {

4
htdocs/comm/mailing/card.php
View File

@@ -308,7 +308,7 @@ if (empty($reshook)) {
dol_syslog("comm/mailing/card.php: ok for #".$i.($mail->error ? ' - '.$mail->error : ''), LOG_DEBUG);
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles";
$sql .= " SET statut=1, date_envoi='".$db->idate($now)."' WHERE rowid=".$obj->rowid;
$sql .= " SET statut=1, date_envoi = '".$db->idate($now)."' WHERE rowid=".((int) $obj->rowid);
$resql2 = $db->query($sql);
if (!$resql2) {
dol_print_error($db);
@@ -378,7 +378,7 @@ if (empty($reshook)) {
}
}
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing SET statut=".$statut." WHERE rowid=".$object->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing SET statut=".((int) $statut)." WHERE rowid = ".((int) $object->id);
dol_syslog("comm/mailing/card.php: update global status", LOG_DEBUG);
$resql2 = $db->query($sql);
if (!$resql2) {

4
htdocs/comm/mailing/cibles.php
View File

@@ -104,8 +104,6 @@ if ($action == 'add') {
}
if ($result > 0) {
setEventMessages($langs->trans("XTargetsAdded", $result), null, 'mesgs');
//header("Location: ".$_SERVER['PHP_SELF']."?id=".$id);
//exit;
$action = '';
}
if ($result == 0) {
@@ -167,7 +165,7 @@ if (GETPOST('exportcsv', 'int')) {
if ($action == 'delete') {
// Ici, rowid indique le destinataire et id le mailing
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid=".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid = ".((int) $rowid);
$resql = $db->query($sql);
if ($resql) {
if (!empty($id)) {

4
htdocs/comm/propal/card.php
View File

@@ -1248,7 +1248,7 @@ if (empty($reshook)) {
if (empty($user->rights->margins->creer)) {
foreach ($object->lines as &$line) {
if ($line->id == GETPOST('lineid')) {
if ($line->id == GETPOST('lineid', 'int')) {
$fournprice = $line->fk_fournprice;
$buyingprice = $line->pa_ht;
break;
@@ -2433,7 +2433,7 @@ if ($action == 'create') {
// Show object lines
$result = $object->getLinesArray();
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid')).'" method="POST">
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">

12
htdocs/comm/propal/class/api_proposals.class.php
View File

@@ -328,6 +328,9 @@ class Proposals extends DolibarrApi
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label);
$updateRes = $this->propal->addline(
$request_data->desc,
$request_data->subprice,
@@ -337,8 +340,8 @@ class Proposals extends DolibarrApi
$request_data->localtax2_tx,
$request_data->fk_product,
$request_data->remise_percent,
'HT',
0,
$request_data->price_base_type ? $request_data->price_base_type : 'HT',
$request_data->subprice,
$request_data->info_bits,
$request_data->product_type,
$request_data->rang,
@@ -392,6 +395,9 @@ class Proposals extends DolibarrApi
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label);
$propalline = new PropaleLigne($this->db);
$result = $propalline->fetch($lineid);
if ($result <= 0) {
@@ -407,7 +413,7 @@ class Proposals extends DolibarrApi
isset($request_data->localtax1_tx) ? $request_data->localtax1_tx : $propalline->localtax1_tx,
isset($request_data->localtax2_tx) ? $request_data->localtax2_tx : $propalline->localtax2_tx,
isset($request_data->desc) ? $request_data->desc : $propalline->desc,
'HT',
isset($request_data->price_base_type) ? $request_data->price_base_type : 'HT',
isset($request_data->info_bits) ? $request_data->info_bits : $propalline->info_bits,
isset($request_data->special_code) ? $request_data->special_code : $propalline->special_code,
isset($request_data->fk_parent_line) ? $request_data->fk_parent_line : $propalline->fk_parent_line,

2
htdocs/comm/propal/class/propal.class.php
View File

@@ -1477,7 +1477,7 @@ class Propal extends CommonObject
$sql .= " WHERE p.entity IN (".getEntity('propal').")"; // Dont't use entity if you use rowid
$sql .= " AND p.ref='".$this->db->escape($ref)."'";
} else {
$sql .= " WHERE p.rowid=".$rowid;
$sql .= " WHERE p.rowid = ".((int) $rowid);
}
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);

122
htdocs/comm/propal/index.php
View File

@@ -28,6 +28,7 @@
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php';
// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array
$hookmanager = new HookManager($db);
@@ -45,6 +46,7 @@ if (isset($user->socid) && $user->socid > 0) {
$action = '';
$socid = $user->socid;
}
restrictedArea($user, 'propal');
@@ -65,124 +67,8 @@ print load_fiche_titre($langs->trans("ProspectionArea"), '', 'propal');
print '<div class="fichecenter">';
print '<div class="fichethirdleft">';
/*
* Statistics
*/
$listofstatus = array(Propal::STATUS_DRAFT, Propal::STATUS_VALIDATED, Propal::STATUS_SIGNED, Propal::STATUS_NOTSIGNED, Propal::STATUS_BILLED);
$sql = "SELECT count(p.rowid) as nb, p.fk_statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."propal as p";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND p.fk_soc = s.rowid";
if ($user->socid) {
$sql .= ' AND p.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
$sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")";
$sql .= " GROUP BY p.fk_statut";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
$total = 0;
$totalinprocess = 0;
$dataseries = array();
$colorseries = array();
$vals = array();
while ($i < $num) {
$obj = $db->fetch_object($resql);
if ($obj) {
$vals[$obj->status] = $obj->nb;
$totalinprocess += $obj->nb;
$total += $obj->nb;
}
$i++;
}
$db->free($resql);
include DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/theme_vars.inc.php';
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder nohover centpercent">';
print '<tr class="liste_titre">';
print '<td colspan="2">'.$langs->trans("Statistics").' - '.$langs->trans("Proposals").'</td>';
print '</tr>';
foreach ($listofstatus as $status) {
$dataseries[] = array($propalstatic->LibStatut($status, 1), (isset($vals[$status]) ? (int) $vals[$status] : 0));
if ($status == Propal::STATUS_DRAFT) {
$colorseries[$status] = '-'.$badgeStatus0;
}
if ($status == Propal::STATUS_VALIDATED) {
$colorseries[$status] = $badgeStatus1;
}
if ($status == Propal::STATUS_SIGNED) {
$colorseries[$status] = $badgeStatus4;
}
if ($status == Propal::STATUS_NOTSIGNED) {
$colorseries[$status] = $badgeStatus9;
}
if ($status == Propal::STATUS_BILLED) {
$colorseries[$status] = $badgeStatus6;
}
if (empty($conf->use_javascript_ajax)) {
print '<tr class="oddeven">';
print '<td>'.$propalstatic->LibStatut($status, 0).'</td>';
print '<td class="right"><a href="list.php?statut='.$status.'">'.(isset($vals[$status]) ? $vals[$status] : 0).'</a></td>';
print "</tr>\n";
}
}
if ($conf->use_javascript_ajax) {
print '<tr>';
print '<td align="center" colspan="2">';
include_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
$dolgraph = new DolGraph();
$dolgraph->SetData($dataseries);
$dolgraph->SetDataColor(array_values($colorseries));
$dolgraph->setShowLegend(2);
$dolgraph->setShowPercent(1);
$dolgraph->SetType(array('pie'));
$dolgraph->setHeight('200');
$dolgraph->draw('idgraphthirdparties');
print $dolgraph->show($total ? 0 : 1);
print '</td>';
print '</tr>';
}
//if ($totalinprocess != $total)
//{
// print '<tr class="liste_total">';
// print '<td>'.$langs->trans("Total").' ('.$langs->trans("CustomersOrdersRunning").')</td>';
// print '<td class="right">'.$totalinprocess.'</td>';
// print '</tr>';
//}
print '<tr class="liste_total">';
print '<td>'.$langs->trans("Total").'</td>';
print '<td class="right">'.$total.'</td>';
print '</tr>';
print '</table>';
print '</div>';
print '<br>';
} else {
dol_print_error($db);
}
print getCustomerProposalPieChart($socid);
print '<br>';
/*
* Draft proposals

2
htdocs/comm/prospect/index.php
View File

@@ -194,7 +194,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY p.rowid DESC";
$sql .= $db->plimit(5, 0);

4
htdocs/commande/card.php
View File

@@ -1052,7 +1052,7 @@ if (empty($reshook)) {
if (!$error) {
if (empty($user->rights->margins->creer)) {
foreach ($object->lines as &$line) {
if ($line->id == GETPOST('lineid')) {
if ($line->id == GETPOST('lineid', 'int')) {
$fournprice = $line->fk_fournprice;
$buyingprice = $line->pa_ht;
break;
@@ -2416,7 +2416,7 @@ if ($action == 'create' && $usercancreate) {
*/
$result = $object->getLinesArray();
print '<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid')).'" method="POST">
print '<form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">

16
htdocs/commande/class/api_orders.class.php
View File

@@ -331,7 +331,12 @@ class Orders extends DolibarrApi
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label);
$updateRes = $this->commande->addline(
$request_data->desc,
$request_data->subprice,
@@ -343,8 +348,8 @@ class Orders extends DolibarrApi
$request_data->remise_percent,
$request_data->info_bits,
$request_data->fk_remise_except,
'HT',
0,
$request_data->price_base_type ? $request_data->price_base_type : 'HT',
$request_data->subprice,
$request_data->date_start,
$request_data->date_end,
$request_data->product_type,
@@ -394,7 +399,12 @@ class Orders extends DolibarrApi
if (!DolibarrApi::_checkAccessToResource('commande', $this->commande->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label);
$updateRes = $this->commande->updateline(
$lineid,
$request_data->desc,
@@ -404,7 +414,7 @@ class Orders extends DolibarrApi
$request_data->tva_tx,
$request_data->localtax1_tx,
$request_data->localtax2_tx,
'HT',
$request_data->price_base_type ? $request_data->price_base_type : 'HT',
$request_data->info_bits,
$request_data->date_start,
$request_data->date_end,

20
htdocs/commande/class/commande.class.php
View File

@@ -1807,7 +1807,7 @@ class Commande extends CommonOrder
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON c.fk_incoterms = i.rowid';
if ($id) {
$sql .= " WHERE c.rowid=".$id;
$sql .= " WHERE c.rowid=".((int) $id);
} else {
$sql .= " WHERE c.entity IN (".getEntity('commande').")"; // Dont't use entity if you use rowid
}
@@ -2397,9 +2397,9 @@ class Commande extends CommonOrder
}
/**
* Applique une remise relative
* Set a percentage discount
*
* @param User $user User qui positionne la remise
* @param User $user User setting the discount
* @param float $remise Discount (percent)
* @param int $notrigger 1=Does not execute triggers, 0= execute triggers
* @return int <0 if KO, >0 if OK
@@ -2458,7 +2458,7 @@ class Commande extends CommonOrder
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
/**
* Applique une remise absolue
* Set a fixed amount discount
*
* @param User $user User qui positionne la remise
* @param float $remise Discount
@@ -2687,7 +2687,7 @@ class Commande extends CommonOrder
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
if ($draft) {
$sql .= " AND c.fk_statut = ".self::STATUS_DRAFT;
@@ -3156,7 +3156,9 @@ class Commande extends CommonOrder
$langs->load("errors");
$this->error = $langs->trans('ErrorStockIsNotEnoughToAddProductOnOrder', $product->ref);
$this->errors[] = $this->error;
dol_syslog(get_class($this)."::addline error=Product ".$product->ref.": ".$this->error, LOG_ERR);
$this->db->rollback();
return self::STOCK_NOT_ENOUGH_FOR_ORDER;
}
@@ -4206,11 +4208,15 @@ class OrderLine extends CommonOrderLine
$error = 0;
if (empty($this->id) && !empty($this->rowid)) { // For backward compatibility
$this->id = $this->rowid;
}
// check if order line is not in a shipment line before deleting
$sqlCheckShipmentLine = "SELECT";
$sqlCheckShipmentLine .= " ed.rowid";
$sqlCheckShipmentLine .= " FROM ".MAIN_DB_PREFIX."expeditiondet ed";
$sqlCheckShipmentLine .= " WHERE ed.fk_origin_line = ".$this->rowid;
$sqlCheckShipmentLine .= " WHERE ed.fk_origin_line = ".((int) $this->id);
$resqlCheckShipmentLine = $this->db->query($sqlCheckShipmentLine);
if (!$resqlCheckShipmentLine) {
@@ -4235,7 +4241,7 @@ class OrderLine extends CommonOrderLine
$this->db->begin();
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."commandedet WHERE rowid=".$this->rowid;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."commandedet WHERE rowid = ".((int) $this->id);
dol_syslog("OrderLine::delete", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/commande/customer.php
View File

@@ -105,7 +105,7 @@ if (dol_strlen($begin)) {
$sql .= " AND s.nom like '".$db->escape($begin)."'";
}
if ($socid > 0) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " AND c.fk_statut in (1, 2) AND c.facture = 0";
$sql .= " GROUP BY s.nom";

110
htdocs/commande/index.php
View File

@@ -30,6 +30,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/notify.class.php';
require_once DOL_DOCUMENT_ROOT.'/societe/class/client.class.php';
require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/order.lib.php';
if (!$user->rights->commande->lire) {
accessforbidden();
@@ -76,113 +77,8 @@ print load_fiche_titre($langs->trans("OrdersArea"), '', 'order');
print '<div class="fichecenter"><div class="fichethirdleft">';
/*
* Statistics
*/
$sql = "SELECT count(c.rowid) as nb, c.fk_statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."commande as c";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('societe').")";
if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
$sql .= " GROUP BY c.fk_statut";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
$total = 0;
$totalinprocess = 0;
$dataseries = array();
$colorseries = array();
$vals = array();
// -1=Canceled, 0=Draft, 1=Validated, 2=Accepted/On process, 3=Closed (Sent/Received, billed or not)
while ($i < $num) {
$row = $db->fetch_row($resql);
if ($row) {
//if ($row[1]!=-1 && ($row[1]!=3 || $row[2]!=1))
{
if (!isset($vals[$row[1]])) {
$vals[$row[1]] = 0;
}
$vals[$row[1]] += $row[0];
$totalinprocess += $row[0];
}
$total += $row[0];
}
$i++;
}
$db->free($resql);
include DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/theme_vars.inc.php';
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder nohover centpercent">';
print '<tr class="liste_titre"><th colspan="2">'.$langs->trans("Statistics").' - '.$langs->trans("CustomersOrders").'</th></tr>'."\n";
$listofstatus = array(0, 1, 2, 3, -1);
foreach ($listofstatus as $status) {
$dataseries[] = array($commandestatic->LibStatut($status, 0, 1, 1), (isset($vals[$status]) ? (int) $vals[$status] : 0));
if ($status == Commande::STATUS_DRAFT) {
$colorseries[$status] = '-'.$badgeStatus0;
}
if ($status == Commande::STATUS_VALIDATED) {
$colorseries[$status] = $badgeStatus1;
}
if ($status == Commande::STATUS_SHIPMENTONPROCESS) {
$colorseries[$status] = $badgeStatus4;
}
if ($status == Commande::STATUS_CLOSED && empty($conf->global->WORKFLOW_BILL_ON_SHIPMENT)) {
$colorseries[$status] = $badgeStatus6;
}
if ($status == Commande::STATUS_CLOSED && (!empty($conf->global->WORKFLOW_BILL_ON_SHIPMENT))) {
$colorseries[$status] = $badgeStatus6;
}
if ($status == Commande::STATUS_CANCELED) {
$colorseries[$status] = $badgeStatus9;
}
if (empty($conf->use_javascript_ajax)) {
print '<tr class="oddeven">';
print '<td>'.$commandestatic->LibStatut($status, 0, 0, 1).'</td>';
print '<td class="right"><a href="list.php?statut='.$status.'">'.(isset($vals[$status]) ? $vals[$status] : 0).' ';
print $commandestatic->LibStatut($status, 0, 3, 1);
print '</a></td>';
print "</tr>\n";
}
}
if ($conf->use_javascript_ajax) {
print '<tr class="impair"><td align="center" colspan="2">';
include_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
$dolgraph = new DolGraph();
$dolgraph->SetData($dataseries);
$dolgraph->SetDataColor(array_values($colorseries));
$dolgraph->setShowLegend(2);
$dolgraph->setShowPercent(1);
$dolgraph->SetType(array('pie'));
$dolgraph->setHeight('200');
$dolgraph->draw('idgraphstatus');
print $dolgraph->show($total ? 0 : 1);
print '</td></tr>';
}
//if ($totalinprocess != $total)
print '<tr class="liste_total"><td>'.$langs->trans("Total").'</td><td class="right">'.$total.'</td></tr>';
print "</table></div><br>";
} else {
dol_print_error($db);
}
print getCustomerOrderPieChart($socid);
print '<br>';
/*

2
htdocs/compta/bank/account_statement_document.php
View File

@@ -129,7 +129,7 @@ if (!empty($numref)) {
$object->fetch_thirdparty();
$upload_dir = $conf->bank->dir_output."/".$id."/statement/".dol_sanitizeFileName($numref);
}
$backtopage = $_SERVER['PHP_SELF']."?account=".$id."&num=".$numref;
$backtopage = $_SERVER['PHP_SELF']."?account=".urlencode($id)."&num=".urlencode($numref);
include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';

30
htdocs/compta/bank/bankentries_list.php
View File

@@ -791,7 +791,7 @@ if ($resql) {
$nbmax = 12; // We show last 12 receipts (so we can have more than one year)
$liste = "";
$sql = "SELECT DISTINCT num_releve FROM ".MAIN_DB_PREFIX."bank";
$sql .= " WHERE fk_account=".$object->id." AND num_releve IS NOT NULL";
$sql .= " WHERE fk_account = ".((int) $object->id)." AND num_releve IS NOT NULL";
$sql .= $db->order("num_releve", "DESC");
$sql .= $db->plimit($nbmax + 1);
print '<br>';
@@ -967,7 +967,7 @@ if ($resql) {
$moreforfilter = '';
$moreforfilter .= '<div class="divsearchfield">';
$moreforfilter .= $langs->trans('DateOperationShort').' :';
$moreforfilter .= $langs->trans('DateOperationShort').' ';
$moreforfilter .= ($conf->browser->layout == 'phone' ? '<br>' : ' ');
$moreforfilter .= '<div class="nowrap inline-block">';
$moreforfilter .= $form->selectDate($search_dt_start, 'search_start_dt', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')).'</div>';
@@ -976,7 +976,7 @@ if ($resql) {
$moreforfilter .= '</div>';
$moreforfilter .= '<div class="divsearchfield">';
$moreforfilter .= $langs->trans('DateValueShort').' : ';
$moreforfilter .= $langs->trans('DateValueShort').' ';
$moreforfilter .= ($conf->browser->layout == 'phone' ? '<br>' : ' ');
$moreforfilter .= '<div class="nowrap inline-block">';
$moreforfilter .= $form->selectDate($search_dv_start, 'search_start_dv', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')).'</div>';
@@ -1329,21 +1329,22 @@ if ($resql) {
// Description
if (!empty($arrayfields['b.label']['checked'])) {
print "<td>";
//print "<a href=\"line.php?rowid=".$objp->rowid."&amp;account=".$objp->fk_account."\">";
$labeltoshow = '';
$titletoshow = '';
$reg = array();
preg_match('/\((.+)\)/i', $objp->label, $reg); // Si texte entoure de parenthee on tente recherche de traduction
if ($reg[1] && $langs->trans($reg[1]) != $reg[1]) {
print $langs->trans($reg[1]);
$labeltoshow = $langs->trans($reg[1]);
} else {
if ($objp->label == '(payment_salary)') {
print dol_trunc($langs->trans("SalaryPayment", 40));
$labeltoshow = dol_trunc($langs->trans("SalaryPayment", 40));
} else {
print dol_trunc($objp->label, 40);
$labeltoshow = dol_escape_htmltag($objp->label);
$titletoshow = $objp->label;
}
}
//print "</a>&nbsp;";
print '<td class="tdoverflowmax300"'.($titletoshow ? ' title="'.dol_escape_htmltag($titletoshow).'"' : '').'>';
print $labeltoshow; // Already escaped
// Add links after description
$cachebankaccount = array();
@@ -1498,7 +1499,7 @@ if ($resql) {
// Num cheque
if (!empty($arrayfields['b.num_chq']['checked'])) {
print '<td class="nowrap" align="center">'.($objp->num_chq ? $objp->num_chq : "")."</td>\n";
print '<td class="nowrap" align="center">'.($objp->num_chq ? dol_escape_htmltag($objp->num_chq) : "")."</td>\n";
if (!$i) {
$totalarray['nbfield']++;
}
@@ -1605,7 +1606,8 @@ if ($resql) {
$totalarray['nbfield']++;
}
}
// Balance
// Balance after
if (!empty($arrayfields['balance']['checked'])) {
if ($mode_balance_ok) {
if ($balance >= 0) {
@@ -1626,7 +1628,7 @@ if ($resql) {
// Transaction reconciliated or edit link
if ($bankaccount->canBeConciliated() > 0) {
if ($objp->num_releve) {
print '<a href="releve.php?num='.$objp->num_releve.'&account='.$objp->bankid.'&save_lastsearch_values=1">'.$objp->num_releve.'</a>';
print '<a href="releve.php?num='.urlencode($objp->num_releve).'&account='.urlencode($objp->bankid).'&save_lastsearch_values=1">'.dol_escape_htmltag($objp->num_releve).'</a>';
}
if (!$objp->conciliated && $action == 'reconcile') {
if ($objp->num_releve) {
@@ -1644,7 +1646,7 @@ if ($resql) {
if (!empty($arrayfields['b.conciliated']['checked'])) {
print '<td class="nowraponall" align="center">';
print $objp->conciliated ? $langs->trans("Yes") : $langs->trans("No");
print yn($objp->conciliated);
print '</td>';
if (!$i) {
$totalarray['nbfield']++;

33
htdocs/compta/bank/class/account.class.php
View File

@@ -508,15 +508,20 @@ class Account extends CommonObject
dol_syslog(__METHOD__.": using numeric operations is deprecated", LOG_WARNING);
}
if (empty($this->id) && !empty($this->rowid)) { // For backward compatibility
$this->id = $this->rowid;
}
// Clean parameters
$emetteur = trim($emetteur);
$banque = trim($banque);
$label = trim($label);
$now = dol_now();
if (is_numeric($oper)) { // Clean operation to have a code instead of a rowid
$sql = "SELECT code FROM ".MAIN_DB_PREFIX."c_paiement";
$sql .= " WHERE id=".$oper;
$sql .= " WHERE id = ".((int) $oper);
$sql .= " AND entity IN (".getEntity('c_paiement').")";
$resql = $this->db->query($sql);
if ($resql) {
@@ -533,8 +538,8 @@ class Account extends CommonObject
$this->error = "oper not defined";
return -1;
}
if (!$this->rowid) {
$this->error = "this->rowid not defined";
if (!$this->id) {
$this->error = "this->id not defined";
return -2;
}
if ($this->courant == Account::TYPE_CASH && $oper != 'LIQ') {
@@ -555,7 +560,7 @@ class Account extends CommonObject
$accline->label = $label;
$accline->amount = $amount;
$accline->fk_user_author = $user->id;
$accline->fk_account = $this->rowid;
$accline->fk_account = $this->id;
$accline->fk_type = $oper;
$accline->numero_compte = $accountancycode;
$accline->num_releve = $num_releve;
@@ -574,10 +579,10 @@ class Account extends CommonObject
if ($accline->insert() > 0) {
if ($categorie > 0) {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (";
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class(";
$sql .= "lineid, fk_categ";
$sql .= ") VALUES (";
$sql .= $accline->id.", ".$categorie;
$sql .= ((int) $accline->id).", '".$this->db->escape($categorie)."'";
$sql .= ")";
$result = $this->db->query($sql);
@@ -610,7 +615,7 @@ class Account extends CommonObject
*/
public function create(User $user, $notrigger = 0)
{
global $langs, $conf, $hookmanager;
global $langs, $conf;
$error = 0;
@@ -769,7 +774,7 @@ class Account extends CommonObject
*/
public function update(User $user, $notrigger = 0)
{
global $langs, $conf, $hookmanager;
global $langs, $conf;
$error = 0;
@@ -795,9 +800,9 @@ class Account extends CommonObject
$sql .= " ref = '".$this->db->escape($this->ref)."'";
$sql .= ",label = '".$this->db->escape($this->label)."'";
$sql .= ",courant = ".$this->courant;
$sql .= ",clos = ".$this->clos;
$sql .= ",rappro = ".$this->rappro;
$sql .= ",courant = ".((int) $this->courant);
$sql .= ",clos = ".((int) $this->clos);
$sql .= ",rappro = ".((int) $this->rappro);
$sql .= ",url = ".($this->url ? "'".$this->db->escape($this->url)."'" : "null");
$sql .= ",account_number = '".$this->db->escape($this->account_number)."'";
$sql .= ",fk_accountancy_journal = ".($this->fk_accountancy_journal > 0 ? $this->db->escape($this->fk_accountancy_journal) : "null");
@@ -823,7 +828,7 @@ class Account extends CommonObject
$sql .= ",ics = '".$this->db->escape($this->ics)."'";
$sql .= ",ics_transfer = '".$this->db->escape($this->ics_transfer)."'";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
$result = $this->db->query($sql);
@@ -1223,7 +1228,7 @@ class Account extends CommonObject
$sql .= " AND (ba.rappro = 1 AND ba.courant != 2)"; // Compte rapprochable
$sql .= " AND clos = 0";
if ($filteraccountid) {
$sql .= " AND ba.rowid = ".$filteraccountid;
$sql .= " AND ba.rowid = ".((int) $filteraccountid);
}
$resql = $this->db->query($sql);
@@ -1278,7 +1283,7 @@ class Account extends CommonObject
$sql .= " AND (ba.rappro = 1 AND ba.courant != 2)"; // Compte rapprochable
$sql .= " AND clos = 0";
if ($filteraccountid) {
$sql .= " AND ba.rowid = ".$filteraccountid;
$sql .= " AND ba.rowid = ".((int) $filteraccountid);
}
$resql = $this->db->query($sql);

22
htdocs/compta/bank/class/api_bankaccounts.class.php
View File

@@ -249,6 +249,10 @@ class BankAccounts extends DolibarrApi
$typeto = 'LIQ';
}
// Clean data
$description = checkVal($description, 'alphanohtml');
/**
* Creating bank line records
*/
@@ -295,7 +299,9 @@ class BankAccounts extends DolibarrApi
return array(
'success' => array(
'code' => 201,
'message' => 'Internal wire transfer created successfully.'
'message' => 'Internal wire transfer created successfully.',
'bank_id_from' => $bank_line_id_from,
'bank_id_to' => $bank_line_id_to,
)
);
} else {
@@ -475,7 +481,7 @@ class BankAccounts extends DolibarrApi
* @param string $accountancycode Accountancy code {@from body}
* @param int $datev Payment date value (timestamp) {@from body} {@type timestamp}
* @param string $num_releve Bank statement numero {@from body}
* @return int ID of line
* @return int ID of line
*
* @url POST {id}/lines
*/
@@ -491,6 +497,14 @@ class BankAccounts extends DolibarrApi
throw new RestException(404, 'account not found');
}
$type = checkVal($type);
$label = checkVal($label);
$cheque_number = checkVal($cheque_number);
$cheque_writer = checkVal($cheque_writer);
$cheque_bank = checkVal($cheque_bank);
$accountancycode = checkVal($accountancycode);
$num_releve = checkVal($num_releve);
$result = $account->addline(
$date,
$type,
@@ -542,6 +556,10 @@ class BankAccounts extends DolibarrApi
throw new RestException(404, 'account line not found');
}
$url = checkVal($url);
$label = checkVal($label);
$type = checkVal($type);
$result = $account->add_url_line($line_id, $url_id, $url, $label, $type);
if ($result < 0) {
throw new RestException(503, 'Error when adding link to account line: '.$account->error);

17
htdocs/compta/bank/line.php
View File

@@ -268,7 +268,7 @@ $sql = "SELECT b.rowid,b.dateo as do,b.datev as dv, b.amount, b.label, b.rappro,
$sql .= " b.num_releve, b.fk_user_author, b.num_chq, b.fk_type, b.fk_account, b.fk_bordereau as receiptid,";
$sql .= " b.emetteur,b.banque";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE rowid=".$rowid;
$sql .= " WHERE rowid=".((int) $rowid);
$sql .= " ORDER BY dateo ASC";
$result = $db->query($sql);
if ($result) {
@@ -291,7 +291,7 @@ if ($result) {
// Confirmations
if ($action == 'delete_categ') {
print $form->formconfirm($_SERVER['PHP_SELF']."?rowid=".$rowid."&cat1=".GETPOST("fk_categ")."&orig_account=".$orig_account, $langs->trans("RemoveFromRubrique"), $langs->trans("RemoveFromRubriqueConfirm"), "confirm_delete_categ", '', 'yes', 1);
print $form->formconfirm($_SERVER['PHP_SELF']."?rowid=".urlencode($rowid)."&cat1=".urlencode(GETPOST("fk_categ", 'int'))."&orig_account=".urlencode($orig_account), $langs->trans("RemoveFromRubrique"), $langs->trans("RemoveFromRubriqueConfirm"), "confirm_delete_categ", '', 'yes', 1);
}
print '<form name="update" method="POST" action="'.$_SERVER['PHP_SELF'].'?rowid='.$rowid.'">';
@@ -452,7 +452,7 @@ if ($result) {
}
print '</td>';
} else {
print '<td>'.$objp->fk_type.' '.$objp->num_chq.'</td>';
print '<td>'.$objp->fk_type.' '.dol_escape_htmltag($objp->num_chq).'</td>';
}
print "</tr>";
@@ -462,7 +462,7 @@ if ($result) {
print "</td>";
if ($user->rights->banque->modifier || $user->rights->banque->consolidate) {
print '<td>';
print '<input type="text" class="flat minwidth200" name="emetteur" value="'.(empty($objp->emetteur) ? '' : stripslashes($objp->emetteur)).'">';
print '<input type="text" class="flat minwidth200" name="emetteur" value="'.(empty($objp->emetteur) ? '' : dol_escape_htmltag($objp->emetteur)).'">';
print '</td>';
} else {
print '<td>'.$objp->emetteur.'</td>';
@@ -475,10 +475,10 @@ if ($result) {
print "</td>";
if ($user->rights->banque->modifier || $user->rights->banque->consolidate) {
print '<td>';
print '<input type="text" class="flat minwidth200" name="banque" value="'.(empty($objp->banque) ? '' : $objp->banque).'">';
print '<input type="text" class="flat minwidth200" name="banque" value="'.(empty($objp->banque) ? '' : dol_escape_htmltag($objp->banque)).'">';
print '</td>';
} else {
print '<td>'.$objp->banque.'</td>';
print '<td>'.dol_escape_htmltag($objp->banque).'</td>';
}
print "</tr>";
@@ -523,6 +523,7 @@ if ($result) {
print "</tr>";
// Description
$reg = array();
print "<tr><td>".$langs->trans("Label")."</td>";
if ($user->rights->banque->modifier || $user->rights->banque->consolidate) {
print '<td>';
@@ -531,7 +532,7 @@ if ($result) {
// Label generique car entre parentheses. On l'affiche en le traduisant
print $langs->trans($reg[1]);
} else {
print $objp->label;
print dol_escape_htmltag($objp->label);
}
print '">';
print '</td>';
@@ -541,7 +542,7 @@ if ($result) {
// Label generique car entre parentheses. On l'affiche en le traduisant
print $langs->trans($reg[1]);
} else {
print $objp->label;
print dol_escape_htmltag($objp->label);
}
print '</td>';
}

2
htdocs/compta/bank/various_payment/list.php
View File

@@ -226,7 +226,7 @@ $sql .= " WHERE v.entity IN (".getEntity('payment_various').")";
// Search criteria
if ($search_ref) {
$sql .= " AND v.rowid=".$db->escape($search_ref);
$sql .= " AND v.rowid = ".((int) $search_ref);
}
if ($search_label) {
$sql .= natural_search(array('v.label'), $search_label);

2
htdocs/compta/cashcontrol/report.php
View File

@@ -342,7 +342,7 @@ if ($resql) {
$sql .= "SET";
$sql .= " cash='".$db->escape($cash)."'";
$sql .= ", card='".$db->escape($bank)."'";
$sql .= " where rowid=".$id;
$sql .= " where rowid = ".((int) $id);
$db->query($sql);
*/

2
htdocs/compta/clients.php
View File

@@ -127,7 +127,7 @@ if (dol_strlen($begin)) {
$sql .= natural_search("s.nom", $begin);
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY $sortfield $sortorder ";
$sql .= $db->plimit($conf->liste_limit + 1, $offset);

2
htdocs/compta/deplacement/card.php
View File

@@ -366,7 +366,7 @@ if ($action == 'create') {
* Confirm delete trip
*/
if ($action == 'delete') {
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$id, $langs->trans("DeleteTrip"), $langs->trans("ConfirmDeleteTrip"), "confirm_delete");
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".urlencode($id), $langs->trans("DeleteTrip"), $langs->trans("ConfirmDeleteTrip"), "confirm_delete");
}
$soc = new Societe($db);

6
htdocs/compta/facture/card-rec.php
View File

@@ -770,7 +770,7 @@ if (empty($reshook)) {
}
/*$line = new FactureLigne($db);
$line->fetch(GETPOST('lineid'));
$line->fetch(GETPOST('lineid', 'int'));
$percent = $line->get_prev_progress($object->id);
if (GETPOST('progress') < $percent)
@@ -823,7 +823,7 @@ if (empty($reshook)) {
// Update line
if (!$error) {
$result = $object->updateline(
GETPOST('lineid'),
GETPOST('lineid', 'int'),
$description,
$pu_ht,
$qty,
@@ -1597,7 +1597,7 @@ if ($action == 'create') {
// Lines
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#add' : '#line_'.GETPOST('lineid')).'" method="POST">
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#add' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">

10
htdocs/compta/facture/card.php
View File

@@ -238,13 +238,13 @@ if (empty($reshook)) {
$object->fetch($id);
$object->fetch_thirdparty();
$result = $object->deleteline(GETPOST('lineid'));
$result = $object->deleteline(GETPOST('lineid', 'int'));
if ($result > 0) {
// Define output language
$outputlangs = $langs;
$newlang = '';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && !empty($_REQUEST['lang_id'])) {
$newlang = $_REQUEST['lang_id'];
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id')) {
$newlang = GETPOST('lang_id');
}
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) {
$newlang = $object->thirdparty->default_lang;
@@ -2416,7 +2416,7 @@ if (empty($reshook)) {
if (!$error) {
if (empty($usercancreatemargin)) {
foreach ($object->lines as &$line) {
if ($line->id == GETPOST('lineid')) {
if ($line->id == GETPOST('lineid', 'int')) {
$fournprice = $line->fk_fournprice;
$buyingprice = $line->pa_ht;
break;
@@ -5168,7 +5168,7 @@ if ($action == 'create') {
}
}
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid')).'" method="POST">
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#addline' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
<input type="hidden" name="token" value="' . newToken().'">
<input type="hidden" name="action" value="' . (($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">

14
htdocs/compta/facture/class/api_invoices.class.php
View File

@@ -407,7 +407,12 @@ class Invoices extends DolibarrApi
if (!DolibarrApi::_checkAccessToResource('facture', $this->invoice->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label);
$updateRes = $this->invoice->updateline(
$lineid,
$request_data->desc,
@@ -419,7 +424,7 @@ class Invoices extends DolibarrApi
$request_data->tva_tx,
$request_data->localtax1_tx,
$request_data->localtax2_tx,
'HT',
$request_data->price_base_type ? $request_data->price_base_type : 'HT',
$request_data->info_bits,
$request_data->product_type,
$request_data->fk_parent_line,
@@ -694,6 +699,9 @@ class Invoices extends DolibarrApi
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label);
// Reset fk_parent_line for no child products and special product
if (($request_data->product_type != 9 && empty($request_data->fk_parent_line)) || $request_data->product_type == 9) {
$request_data->fk_parent_line = 0;
@@ -717,8 +725,8 @@ class Invoices extends DolibarrApi
$request_data->fk_code_ventilation,
$request_data->info_bits,
$request_data->fk_remise_except,
'HT',
0,
$request_data->price_base_type ? $request_data->price_base_type : 'HT',
$request_data->subprice,
$request_data->product_type,
$request_data->rang,
$request_data->special_code,

2
htdocs/compta/facture/class/facture-rec.class.php
View File

@@ -765,7 +765,7 @@ class FactureRec extends CommonInvoice
{
$rowid = $this->id;
dol_syslog(get_class($this)."::delete rowid=".$rowid, LOG_DEBUG);
dol_syslog(get_class($this)."::delete rowid=".((int) $rowid), LOG_DEBUG);
$error = 0;
$this->db->begin();

4
htdocs/compta/facture/class/facture.class.php
View File

@@ -1604,7 +1604,7 @@ class Facture extends CommonInvoice
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON f.fk_incoterms = i.rowid';
if ($rowid) {
$sql .= " WHERE f.rowid=".$rowid;
$sql .= " WHERE f.rowid=".((int) $rowid);
} else {
$sql .= ' WHERE f.entity IN ('.getEntity('invoice').')'; // Dont't use entity if you use rowid
if ($ref) {
@@ -3657,7 +3657,7 @@ class Facture extends CommonInvoice
{
global $user;
dol_syslog(get_class($this)."::deleteline rowid=".$rowid, LOG_DEBUG);
dol_syslog(get_class($this)."::deleteline rowid=".((int) $rowid), LOG_DEBUG);
if ($this->statut != self::STATUS_DRAFT) {
$this->error = 'ErrorDeleteLineNotAllowedByObjectStatus';

3
htdocs/compta/index.php
View File

@@ -75,6 +75,9 @@ $maxOpenCount = empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->globa
$hookmanager->initHooks(array('invoiceindex'));
$maxofloop = (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD);
/*
* Actions
*/

2
htdocs/compta/paiement/cheque/class/remisecheque.class.php
View File

@@ -171,7 +171,7 @@ class RemiseCheque extends CommonObject
$sql .= "'".$this->db->idate($now)."'";
$sql .= ", '".$this->db->idate($now)."'";
$sql .= ", ".$user->id;
$sql .= ", ".$account_id;
$sql .= ", ".((int) $account_id);
$sql .= ", 0";
$sql .= ", 0";
$sql .= ", 0";

2
htdocs/compta/prelevement/card.php
View File

@@ -380,7 +380,7 @@ if ($id > 0 || $ref) {
$num = $db->num_rows($result);
$i = 0;
$urladd = "&amp;id=".$id;
$urladd = "&id=".urlencode($id);
print '<form method="get" action="'.$_SERVER ['PHP_SELF'].'" name="search_form">'."\n";
print '<input type="hidden" name="id" value="'.$id.'"/>';

6
htdocs/compta/prelevement/class/bonprelevement.class.php
View File

@@ -229,9 +229,9 @@ class BonPrelevement extends CommonObject
$sql .= ", cle_rib";
$sql .= ") VALUES (";
$sql .= $this->id;
$sql .= ", ".$client_id;
$sql .= ", ".((int) $client_id);
$sql .= ", '".$this->db->escape($client_nom)."'";
$sql .= ", '".price2num($amount)."'";
$sql .= ", ".((float) price2num($amount));
$sql .= ", '".$this->db->escape($code_banque)."'";
$sql .= ", '".$this->db->escape($code_guichet)."'";
$sql .= ", '".$this->db->escape($number)."'";
@@ -290,7 +290,7 @@ class BonPrelevement extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons as p";
$sql .= " WHERE p.entity IN (".getEntity('invoice').")";
if ($rowid > 0) {
$sql .= " AND p.rowid = ".$rowid;
$sql .= " AND p.rowid = ".((int) $rowid);
} else {
$sql .= " AND p.ref = '".$this->db->escape($ref)."'";
}

2
htdocs/compta/prelevement/class/ligneprelevement.class.php
View File

@@ -79,7 +79,7 @@ class LignePrelevement
$sql .= ", pl.statut, pl.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl";
$sql .= ", ".MAIN_DB_PREFIX."prelevement_bons as p";
$sql .= " WHERE pl.rowid=".$rowid;
$sql .= " WHERE pl.rowid=".((int) $rowid);
$sql .= " AND p.rowid = pl.fk_prelevement_bons";
$sql .= " AND p.entity = ".$conf->entity;

2
htdocs/compta/prelevement/factures.php
View File

@@ -220,7 +220,7 @@ if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
$param = "&id=".$id;
$param = "&id=".urlencode($id);
// Lines of title fields
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';

2
htdocs/compta/prelevement/line.php
View File

@@ -275,7 +275,7 @@ if ($id) {
$num = $db->num_rows($result);
$i = 0;
$urladd = "&amp;id=".$id;
$urladd = "&id=".urlencode($id);
print_barre_liste($langs->trans("Bills"), $page, "factures.php", $urladd, $sortfield, $sortorder, '', $num, 0, '');

2
htdocs/compta/prelevement/list.php
View File

@@ -125,7 +125,7 @@ if ($type == 'bank-transfer') {
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
if ($search_line) {
$sql .= " AND pl.rowid = '".$db->escape($search_line)."'";

2
htdocs/compta/prelevement/rejets.php
View File

@@ -99,7 +99,7 @@ if ($type == 'bank-transfer') {
$sql .= " AND p.type = 'debit-order'";
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $db->plimit($limit + 1, $offset);

2
htdocs/compta/sociales/class/chargesociales.class.php
View File

@@ -147,7 +147,7 @@ class ChargeSociales extends CommonObject
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as p ON cs.fk_mode_reglement = p.id';
$sql .= ' WHERE cs.entity IN ('.getEntity('tax').')';
if ($ref) {
$sql .= " AND cs.rowid = ".$ref;
$sql .= " AND cs.ref = '".$this->db->escape($ref)."'";
} else {
$sql .= " AND cs.rowid = ".((int) $id);
}

2
htdocs/compta/sociales/list.php
View File

@@ -195,7 +195,7 @@ $sql .= " WHERE cs.fk_type = c.id";
$sql .= " AND cs.entity = ".$conf->entity;
// Search criteria
if ($search_ref) {
$sql .= " AND cs.rowid=".$db->escape($search_ref);
$sql .= " AND cs.ref = '".$db->escape($search_ref)."'";
}
if ($search_label) {
$sql .= natural_search("cs.libelle", $search_label);

2
htdocs/compta/tva/class/tva.class.php
View File

@@ -585,7 +585,7 @@ class Tva extends CommonObject
$sql .= " '".$this->db->idate($this->datec)."'";
$sql .= ", '".$this->db->idate($this->datep)."'";
$sql .= ", '".$this->db->idate($this->datev)."'";
$sql .= ", ".$this->amount;
$sql .= ", ".((float) $this->amount);
$sql .= ", '".$this->db->escape($this->type_payment)."'";
$sql .= ", '".$this->db->escape($this->num_payment)."'";
if ($this->note) {

2
htdocs/contact/list.php
View File

@@ -513,7 +513,7 @@ if ($type == "o") { // filtre sur type
$sql .= " AND s.client IN (2, 3)";
}
if (!empty($socid)) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
// Add where from extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';

4
htdocs/contrat/card.php
View File

@@ -711,7 +711,7 @@ if (empty($reshook)) {
$db->rollback();
}
} elseif ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->contrat->creer) {
$result = $object->deleteline(GETPOST('lineid'), $user);
$result = $object->deleteline(GETPOST('lineid', 'int'), $user);
if ($result >= 0) {
header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
@@ -1963,7 +1963,7 @@ if ($action == 'create') {
$dateSelector = 1;
print "\n";
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#add' : '#line_'.GETPOST('lineid')).'" method="POST">
print ' <form name="addproduct" id="addproduct" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.(($action != 'editline') ? '#add' : '#line_'.GETPOST('lineid', 'int')).'" method="POST">
<input type="hidden" name="token" value="'.newToken().'">
<input type="hidden" name="action" value="'.(($action != 'editline') ? 'addline' : 'updateline').'">
<input type="hidden" name="mode" value="">

14
htdocs/contrat/class/api_contracts.class.php
View File

@@ -274,7 +274,12 @@ class Contracts extends DolibarrApi
if (!DolibarrApi::_checkAccessToResource('contrat', $this->contract->id)) {
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->price_base_type = checkVal($request_data->price_base_type);
$updateRes = $this->contract->addline(
$request_data->desc,
$request_data->subprice,
@@ -286,7 +291,7 @@ class Contracts extends DolibarrApi
$request_data->remise_percent,
$request_data->date_start, // date_start = date planned start, date ouverture = date_start_real
$request_data->date_end, // date_end = date planned end, date_cloture = date_end_real
$request_data->HT,
$request_data->price_base_type ? $request_data->price_base_type : 'HT',
$request_data->subprice_excl_tax,
$request_data->info_bits,
$request_data->fk_fournprice,
@@ -330,6 +335,9 @@ class Contracts extends DolibarrApi
$request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml');
$request_data->price_base_type = checkVal($request_data->price_base_type);
$updateRes = $this->contract->updateline(
$lineid,
$request_data->desc,
@@ -343,7 +351,7 @@ class Contracts extends DolibarrApi
$request_data->localtax2_tx,
$request_data->date_ouverture,
$request_data->date_cloture,
'HT',
$request_data->price_base_type ? $request_data->price_base_type : 'HT',
$request_data->info_bits,
$request_data->fk_fourn_price,
$request_data->pa_ht,
@@ -426,8 +434,6 @@ class Contracts extends DolibarrApi
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
// $request_data = (object) $request_data;
$updateRes = $this->contract->close_line(DolibarrApiAccess::$user, $lineid, $datestart, $comment);
if ($updateRes > 0) {

2
htdocs/contrat/class/contrat.class.php
View File

@@ -1832,7 +1832,7 @@ class Contrat extends CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element_line;
$sql .= " WHERE rowid=".$idline;
$sql .= " WHERE rowid = ".((int) $idline);
dol_syslog(get_class($this)."::deleteline", LOG_DEBUG);
$resql = $this->db->query($sql);

10
htdocs/contrat/index.php
View File

@@ -323,11 +323,11 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " GROUP BY c.rowid, c.ref, c.datec, c.tms, c.statut, s.nom, s.rowid";
$sql .= " ORDER BY c.tms DESC";
$sql .= " LIMIT ".$max;
$sql .= $db->plimit($max);
dol_syslog("contrat/index.php", LOG_DEBUG);
$result = $db->query($sql);
@@ -398,7 +398,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY cd.tms DESC";
@@ -480,7 +480,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY cd.tms DESC";
@@ -562,7 +562,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY cd.tms DESC";

2
htdocs/contrat/services_list.php
View File

@@ -288,7 +288,7 @@ if ($search_service) {
$sql .= " AND (p.ref LIKE '%".$db->escape($search_service)."%' OR p.description LIKE '%".$db->escape($search_service)."%' OR cd.description LIKE '%".$db->escape($search_service)."%')";
}
if ($socid > 0) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$filter_dateouvertureprevue_start = dol_mktime(0, 0, 0, $opouvertureprevuemonth, $opouvertureprevueday, $opouvertureprevueyear);

13
htdocs/core/boxes/box_graph_product_distribution.php
View File

@@ -149,8 +149,8 @@ class box_graph_product_distribution extends ModeleBoxes
$socid = empty($user->socid) ? 0 : $user->socid;
$userid = 0; // No filter on user creation
$WIDTH = ($nbofgraph >= 2 || !empty($conf->dol_optimize_smallscreen)) ? '160' : '320';
$HEIGHT = '192';
$WIDTH = ($nbofgraph >= 2 || !empty($conf->dol_optimize_smallscreen)) ? '300' : '320';
$HEIGHT = '120';
if (!empty($conf->propal->enabled) && !empty($user->rights->propale->lire)) {
// Build graphic number of object. $data = array(array('Lib',val1,val2,val3),...)
@@ -177,6 +177,7 @@ class box_graph_product_distribution extends ModeleBoxes
$i = 0;
$legend = array();
// Truncate length of legend
foreach ($data2 as $key => $val) {
$data2[$key][0] = dol_trunc($data2[$key][0], 32);
$legend[] = $data2[$key][0];
@@ -194,7 +195,7 @@ class box_graph_product_distribution extends ModeleBoxes
$px2->setShowPointValue($showpointvalue);
$px2->setShowPercent(0);
$px2->SetMaxValue($px2->GetCeilMaxValue());
//$px2->SetWidth($WIDTH);
$px2->SetWidth($WIDTH);
$px2->SetHeight($HEIGHT);
//$px2->SetYLabel($langs->trans("AmountOfBillsHT"));
$px2->SetShading(3);
@@ -236,6 +237,7 @@ class box_graph_product_distribution extends ModeleBoxes
$i = 0;
$legend = array();
// Truncate length of legend
foreach ($data3 as $key => $val) {
$data3[$key][0] = dol_trunc($data3[$key][0], 32);
$legend[] = $data3[$key][0];
@@ -253,7 +255,7 @@ class box_graph_product_distribution extends ModeleBoxes
$px3->setShowPointValue($showpointvalue);
$px3->setShowPercent(0);
$px3->SetMaxValue($px3->GetCeilMaxValue());
//$px3->SetWidth($WIDTH);
$px3->SetWidth($WIDTH);
$px3->SetHeight($HEIGHT);
//$px3->SetYLabel($langs->trans("AmountOfBillsHT"));
$px3->SetShading(3);
@@ -296,6 +298,7 @@ class box_graph_product_distribution extends ModeleBoxes
$i = 0;
$legend = array();
// Truncate length of legend
foreach ($data1 as $key => $val) {
$data1[$key][0] = dol_trunc($data1[$key][0], 32);
$legend[] = $data1[$key][0];
@@ -313,7 +316,7 @@ class box_graph_product_distribution extends ModeleBoxes
$px1->setShowPointValue($showpointvalue);
$px1->setShowPercent(0);
$px1->SetMaxValue($px1->GetCeilMaxValue());
//$px1->SetWidth($WIDTH);
$px1->SetWidth($WIDTH);
$px1->SetHeight($HEIGHT);
//$px1->SetYLabel($langs->trans("NumberOfBills"));
$px1->SetShading(3);

4
htdocs/core/class/commoninvoice.class.php
View File

@@ -604,10 +604,10 @@ abstract class CommonInvoice extends CommonObject
$sqltemp = 'SELECT c.type_cdr, c.nbjour, c.decalage';
$sqltemp .= ' FROM '.MAIN_DB_PREFIX.'c_payment_term as c';
if (is_numeric($cond_reglement)) {
$sqltemp .= " WHERE c.rowid=".$cond_reglement;
$sqltemp .= " WHERE c.rowid=".((int) $cond_reglement);
} else {
$sqltemp .= " WHERE c.entity IN (".getEntity('c_payment_term').")";
$sqltemp .= " AND c.code='".$this->db->escape($cond_reglement)."'";
$sqltemp .= " AND c.code = '".$this->db->escape($cond_reglement)."'";
}
dol_syslog(get_class($this).'::calculate_date_lim_reglement', LOG_DEBUG);

6
htdocs/core/class/commonobject.class.php
View File

@@ -3969,7 +3969,7 @@ abstract class CommonObject
$sql = "DELETE FROM " . MAIN_DB_PREFIX . "element_element";
$sql .= " WHERE";
if ($rowid > 0) {
$sql .= " rowid = " . $rowid;
$sql .= " rowid = " . ((int) $rowid);
} else {
if ($deletesource) {
$sql .= " fk_source = " . $sourceid . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'";
@@ -5012,7 +5012,7 @@ abstract class CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."element_resources";
$sql .= " WHERE rowid=".$rowid;
$sql .= " WHERE rowid = ".((int) $rowid);
dol_syslog(get_class($this)."::delete_resource", LOG_DEBUG);
@@ -8893,7 +8893,7 @@ abstract class CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element_line;
$sql .= " WHERE rowid=".$idline;
$sql .= " WHERE rowid = ".((int) $idline);
dol_syslog(get_class($this)."::deleteLineCommon", LOG_DEBUG);
$resql = $this->db->query($sql);

25
htdocs/core/class/dolgraph.class.php
View File

@@ -1165,9 +1165,32 @@ class DolGraph
if (!empty($legendMaxLines)) {
$this->stringtoshow .= ', maxLines: ' . $legendMaxLines . '';
}
/* This has no effect on chartjs version with dol v14
$this->stringtoshow .= ', labels: {
color: \'rgb(255, 0, 0)\',
// This more specific font property overrides the global property
font: {
size: 24
}
}';
*/
$this->stringtoshow .= ' }, ' . "\n";
}
/* This has no effect on chartjs version with dol v14
$this->stringtoshow .= 'plugins: {
legend: {
display: true,
labels: {
color: \'rgb(255, 0, 0)\',
// This more specific font property overrides the global property
font: {
size: 24
}
}
}
},'."\n"; */
if ($this->type[$firstlot] == 'piesemicircle') {
$this->stringtoshow .= 'circumference: Math.PI,' . "\n";
$this->stringtoshow .= 'rotation: -Math.PI,' . "\n";
@@ -1236,7 +1259,7 @@ class DolGraph
if ($i > 0) {
$this->stringtoshow .= ', ';
}
$this->stringtoshow .= "'" . dol_escape_js(dol_trunc($val, 32)) . "'";
$this->stringtoshow .= "'" . dol_escape_js(dol_trunc($val, 22)) . "'";
$i++;
}

4
htdocs/core/class/html.formcompany.class.php
View File

@@ -312,9 +312,9 @@ class FormCompany extends Form
$out .= '<option value="0">&nbsp;</option>';
} else {
if (!$country || $country != $obj->country) {
// Affiche la rupture si on est en mode liste multipays
// Show break if we are in list with multiple countries
if (!$country_codeid && $obj->country_code) {
$out .= '<option value="-1" disabled>----- '.$obj->country." -----</option>\n";
$out .= '<option value="-1" disabled data-html="----- '.$obj->country.' -----">----- '.$obj->country." -----</option>\n";
$country = $obj->country;
}
}

6
htdocs/core/lib/ajax.lib.php
View File

@@ -454,8 +454,10 @@ function ajax_combobox($htmlname, $events = array(), $minLengthToAutocomplete =
templateResult: function (data, container) { /* Format visible output into combo list */
/* Code to add class of origin OPTION propagated to the new select2 <li> tag */
if (data.element) { $(container).addClass($(data.element).attr("class")); }
//console.log(data.html);
if (data.id == -1) return \'&nbsp;\';
console.log($(data.element).attr("data-html"));
if (data.id == -1 && $(data.element).attr("data-html") == undefined) {
return \'&nbsp;\';
}
if ($(data.element).attr("data-html") != undefined) return htmlEntityDecodeJs($(data.element).attr("data-html")); // If property html set, we decode html entities and use this
return data.text;
},

8
htdocs/core/lib/company.lib.php
View File

@@ -504,11 +504,11 @@ function getCountry($searchkey, $withcode = '', $dbtouse = 0, $outputlangs = '',
$sql = "SELECT rowid, code, label FROM ".MAIN_DB_PREFIX."c_country";
if (is_numeric($searchkey)) {
$sql .= " WHERE rowid=".$searchkey;
$sql .= " WHERE rowid = ".((int) $searchkey);
} elseif (!empty($searchkey)) {
$sql .= " WHERE code='".$db->escape($searchkey)."'";
$sql .= " WHERE code = '".$db->escape($searchkey)."'";
} else {
$sql .= " WHERE label='".$db->escape($searchlabel)."'";
$sql .= " WHERE label = '".$db->escape($searchlabel)."'";
}
$resql = $dbtouse->query($sql);
@@ -571,7 +571,7 @@ function getState($id, $withcode = '', $dbtouse = 0, $withregion = 0, $outputlan
$sql = "SELECT d.rowid as id, d.code_departement as code, d.nom as name, d.active, c.label as country, c.code as country_code, r.code_region as region_code, r.nom as region_name FROM";
$sql .= " ".MAIN_DB_PREFIX."c_departements as d, ".MAIN_DB_PREFIX."c_regions as r,".MAIN_DB_PREFIX."c_country as c";
$sql .= " WHERE d.fk_region=r.code_region and r.fk_pays=c.rowid and d.rowid=".$id;
$sql .= " WHERE d.fk_region=r.code_region and r.fk_pays=c.rowid and d.rowid=".((int) $id);
$sql .= " AND d.active = 1 AND r.active = 1 AND c.active = 1";
$sql .= " ORDER BY c.code, d.code_departement";

6
htdocs/core/lib/functions.lib.php
View File

@@ -686,11 +686,11 @@ function GETPOSTINT($paramname, $method = 0, $filter = null, $options = null, $n
/**
* Return a value after checking on a rule.
*
* @param string $out Value to get/check
* @param string $check Type of check
* @param string $out Value to check/clear.
* @param string $check Type of check/sanitizing
* @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails)
* @param mixed $options Options to pass to filter_var when $check is set to 'custom'
* @return string|array Value found (string or array), or '' if check fails
* @return string|array Value sanitized (string or array). It may be '' if format check fails.
*/
function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = null)
{

16
htdocs/core/lib/geturl.lib.php
View File

@@ -155,7 +155,7 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
// Deny some reserved host names
if (in_array($hosttocheck, array('metadata.google.internal'))) {
$info['http_code'] = 400;
$info['content'] = 'Error bad hostname (Used by Google metadata). This value for hostname is not allowed.';
$info['content'] = 'Error bad hostname '.$hosttocheck.' (Used by Google metadata). This value for hostname is not allowed.';
break;
}
@@ -179,7 +179,6 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
$iptocheck = '0'; //
}
//var_dump($_SERVER);
if ($iptocheck) {
if ($localurl == 0) { // Only external url allowed (dangerous, may allow to get malware)
if (!filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
@@ -188,7 +187,7 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
$info['content'] = 'Error bad hostname IP (private or reserved range). Must be an external URL.';
break;
}
if ($iptocheck == $_SERVER["SERVER_ADDR"]) {
if (!empty($_SERVER["SERVER_ADDR"]) && $iptocheck == $_SERVER["SERVER_ADDR"]) {
$info['http_code'] = 400;
$info['content'] = 'Error bad hostname IP (IP is a local IP). Must be an external URL.';
break;
@@ -198,10 +197,11 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
$info['content'] = 'Error bad hostname IP (IP is a local IP defined into MAIN_SECURITY_SERVER_IP). Must be an external URL.';
break;
}
} else { // Only local url allowed (dangerous, may allow to get metadata on server or make internal port scanning)
}
if ($localurl == 1) { // Only local url allowed (dangerous, may allow to get metadata on server or make internal port scanning)
if (filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
$info['http_code'] = 400;
$info['content'] = 'Error bad hostname. Must be a local URL.';
$info['content'] = 'Error bad hostname '.$iptocheck.'. Must be a local URL.';
break;
}
if (!empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) && !in_array($iptocheck, explode(',', '127.0.0.1,::1,'.$conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP))) {
@@ -210,6 +210,7 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
break;
}
}
// Common check (local and external)
if (in_array($iptocheck, array('100.100.100.200'))) {
$info['http_code'] = 400;
@@ -219,7 +220,10 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
// Set CURLOPT_CONNECT_TO so curl will not try another resolution that may give a different result. Possible only on PHP v7+
if (defined('CURLOPT_CONNECT_TO')) {
curl_setopt($ch, CURLOPT_CONNECT_TO, $iptocheck);
$connect_to = array(sprintf("%s:%d:%s:%d", $newUrlArray['host'], $newUrlArray['port'], $iptocheck, $newUrlArray['port']));
//var_dump($newUrlArray);
//var_dump($connect_to);
curl_setopt($ch, CURLOPT_CONNECT_TO, $connect_to);
}
}

22
htdocs/core/lib/invoice.lib.php
View File

@@ -315,7 +315,8 @@ function getCustomerInvoicePieChart($socid = 0)
$dolgraph->setShowLegend(2);
$dolgraph->setShowPercent(1);
$dolgraph->SetType(['pie']);
$dolgraph->setHeight('200');
$dolgraph->setHeight('150');
$dolgraph->setWidth('300');
$dolgraph->draw('idgraphcustomerinvoices');
$result .= '<tr>';
@@ -435,7 +436,8 @@ function getPurchaseInvoicePieChart($socid = 0)
$dolgraph->setShowLegend(2);
$dolgraph->setShowPercent(1);
$dolgraph->SetType(['pie']);
$dolgraph->setHeight('200');
$dolgraph->setHeight('150');
$dolgraph->setWidth('300');
$dolgraph->draw('idgraphpurchaseinvoices');
$result .= '<tr>';
@@ -465,6 +467,8 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0)
{
global $conf, $db, $langs, $user, $hookmanager;
$maxofloop = (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD);
$result = '';
$tmpinvoice = new Facture($db);
@@ -488,7 +492,7 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0)
}
if ($socid) {
$sql .= " AND f.fk_soc = $socid";
$sql .= " AND f.fk_soc = ".((int) $socid);
}
// Add where from hooks
$parameters = array();
@@ -511,6 +515,7 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0)
if ($resql) {
$num = $db->num_rows($resql);
$nbofloop = min($num, $maxofloop);
$result .= '<div class="div-table-responsive-no-min">';
$result .= '<table class="noborder centpercent">';
@@ -530,7 +535,7 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0)
$i = 0;
$othernb = 0;
$tot_ttc = 0;
while ($i < $num) {
while ($i < $nbofloop) {
$obj = $db->fetch_object($resql);
if ($i >= $maxCount) {
@@ -577,7 +582,7 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0)
if ($othernb) {
$result .= '<tr class="oddeven">';
$result .= '<td class="nowrap" colspan="3">';
$result .= '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
$result .= '<span class="opacitymedium">'.$langs->trans("More").'...'.($othernb < $maxofloop ? ' ('.$othernb.')' : '').'</span>';
$result .= '</td>';
$result .= "</tr>\n";
}
@@ -608,6 +613,8 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0)
{
global $conf, $db, $langs, $user, $hookmanager;
$maxofloop = (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD);
$result = '';
$facturesupplierstatic = new FactureFournisseur($db);
@@ -637,6 +644,7 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0)
if ($resql) {
$num = $db->num_rows($resql);
$nbofloop = min($num, $maxofloop);
$result .= '<div class="div-table-responsive-no-min">';
$result .= '<table class="noborder centpercent">';
@@ -656,7 +664,7 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0)
$i = 0;
$othernb = 0;
$tot_ttc = 0;
while ($i < $num) {
while ($i < $nbofloop) {
$obj = $db->fetch_object($resql);
if ($i >= $maxCount) {
@@ -702,7 +710,7 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0)
if ($othernb) {
$result .= '<tr class="oddeven">';
$result .= '<td class="nowrap" colspan="3">';
$result .= '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
$result .= '<span class="opacitymedium">'.$langs->trans("More").'...'.($othernb < $maxofloop ? ' ('.$othernb.')' : '').'</span>';
$result .= '</td>';
$result .= "</tr>\n";
}

132
htdocs/core/lib/order.lib.php
View File

@@ -171,3 +171,135 @@ function order_admin_prepare_head()
return $head;
}
/**
* Return a HTML table that contains a pie chart of customer orders
*
* @param int $socid (Optional) Show only results from the customer with this id
* @return string A HTML table that contains a pie chart of customer invoices
*/
function getCustomerOrderPieChart($socid = 0)
{
global $conf, $db, $langs, $user;
$result = '';
if (empty($conf->commande->enabled) || empty($user->rights->commande->lire)) {
return '';
}
$commandestatic = new Commande($db);
/*
* Statistics
*/
$sql = "SELECT count(c.rowid) as nb, c.fk_statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."commande as c";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('societe').")";
if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
$sql .= " GROUP BY c.fk_statut";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
$total = 0;
$totalinprocess = 0;
$dataseries = array();
$colorseries = array();
$vals = array();
// -1=Canceled, 0=Draft, 1=Validated, 2=Accepted/On process, 3=Closed (Sent/Received, billed or not)
while ($i < $num) {
$row = $db->fetch_row($resql);
if ($row) {
//if ($row[1]!=-1 && ($row[1]!=3 || $row[2]!=1))
{
if (!isset($vals[$row[1]])) {
$vals[$row[1]] = 0;
}
$vals[$row[1]] += $row[0];
$totalinprocess += $row[0];
}
$total += $row[0];
}
$i++;
}
$db->free($resql);
include DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/theme_vars.inc.php';
$result = '<div class="div-table-responsive-no-min">';
$result .= '<table class="noborder nohover centpercent">';
$result .= '<tr class="liste_titre"><th colspan="2">'.$langs->trans("Statistics").' - '.$langs->trans("CustomersOrders").'</th></tr>'."\n";
$listofstatus = array(0, 1, 2, 3, -1);
foreach ($listofstatus as $status) {
$dataseries[] = array($commandestatic->LibStatut($status, 0, 1, 1), (isset($vals[$status]) ? (int) $vals[$status] : 0));
if ($status == Commande::STATUS_DRAFT) {
$colorseries[$status] = '-'.$badgeStatus0;
}
if ($status == Commande::STATUS_VALIDATED) {
$colorseries[$status] = $badgeStatus1;
}
if ($status == Commande::STATUS_SHIPMENTONPROCESS) {
$colorseries[$status] = $badgeStatus4;
}
if ($status == Commande::STATUS_CLOSED && empty($conf->global->WORKFLOW_BILL_ON_SHIPMENT)) {
$colorseries[$status] = $badgeStatus6;
}
if ($status == Commande::STATUS_CLOSED && (!empty($conf->global->WORKFLOW_BILL_ON_SHIPMENT))) {
$colorseries[$status] = $badgeStatus6;
}
if ($status == Commande::STATUS_CANCELED) {
$colorseries[$status] = $badgeStatus9;
}
if (empty($conf->use_javascript_ajax)) {
$result .= '<tr class="oddeven">';
$result .= '<td>'.$commandestatic->LibStatut($status, 0, 0, 1).'</td>';
$result .= '<td class="right"><a href="list.php?statut='.$status.'">'.(isset($vals[$status]) ? $vals[$status] : 0).' ';
$result .= $commandestatic->LibStatut($status, 0, 3, 1);
$result .= '</a></td>';
$result .= "</tr>\n";
}
}
if ($conf->use_javascript_ajax) {
$result .= '<tr class="impair"><td align="center" colspan="2">';
include_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
$dolgraph = new DolGraph();
$dolgraph->SetData($dataseries);
$dolgraph->SetDataColor(array_values($colorseries));
$dolgraph->setShowLegend(2);
$dolgraph->setShowPercent(1);
$dolgraph->SetType(array('pie'));
$dolgraph->setHeight('150');
$dolgraph->setWidth('300');
$dolgraph->draw('idgraphstatus');
$result .= $dolgraph->show($total ? 0 : 1);
$result .= '</td></tr>';
}
//if ($totalinprocess != $total)
$result .= '<tr class="liste_total"><td>'.$langs->trans("Total").'</td><td class="right">'.$total.'</td></tr>';
$result .= "</table></div><br>";
} else {
dol_print_error($db);
}
return $result;
}

138
htdocs/core/lib/propal.lib.php
View File

@@ -152,3 +152,141 @@ function propal_admin_prepare_head()
return $head;
}
/**
* Return a HTML table that contains a pie chart of customer proposals
*
* @param int $socid (Optional) Show only results from the customer with this id
* @return string A HTML table that contains a pie chart of customer invoices
*/
function getCustomerProposalPieChart($socid = 0)
{
global $conf, $db, $langs, $user;
$result= '';
if (empty($conf->propal->enabled) || empty($user->rights->propal->lire)) {
return '';
}
$listofstatus = array(Propal::STATUS_DRAFT, Propal::STATUS_VALIDATED, Propal::STATUS_SIGNED, Propal::STATUS_NOTSIGNED, Propal::STATUS_BILLED);
$propalstatic = new Propal($db);
$sql = "SELECT count(p.rowid) as nb, p.fk_statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."propal as p";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND p.fk_soc = s.rowid";
if ($user->socid) {
$sql .= ' AND p.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
$sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")";
$sql .= " GROUP BY p.fk_statut";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
$i = 0;
$total = 0;
$totalinprocess = 0;
$dataseries = array();
$colorseries = array();
$vals = array();
while ($i < $num) {
$obj = $db->fetch_object($resql);
if ($obj) {
$vals[$obj->status] = $obj->nb;
$totalinprocess += $obj->nb;
$total += $obj->nb;
}
$i++;
}
$db->free($resql);
include DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/theme_vars.inc.php';
$result = '<div class="div-table-responsive-no-min">';
$result .= '<table class="noborder nohover centpercent">';
$result .= '<tr class="liste_titre">';
$result .= '<td colspan="2">'.$langs->trans("Statistics").' - '.$langs->trans("Proposals").'</td>';
$result .= '</tr>';
foreach ($listofstatus as $status) {
$dataseries[] = array($propalstatic->LibStatut($status, 1), (isset($vals[$status]) ? (int) $vals[$status] : 0));
if ($status == Propal::STATUS_DRAFT) {
$colorseries[$status] = '-'.$badgeStatus0;
}
if ($status == Propal::STATUS_VALIDATED) {
$colorseries[$status] = $badgeStatus1;
}
if ($status == Propal::STATUS_SIGNED) {
$colorseries[$status] = $badgeStatus4;
}
if ($status == Propal::STATUS_NOTSIGNED) {
$colorseries[$status] = $badgeStatus9;
}
if ($status == Propal::STATUS_BILLED) {
$colorseries[$status] = $badgeStatus6;
}
if (empty($conf->use_javascript_ajax)) {
$result .= '<tr class="oddeven">';
$result .= '<td>'.$propalstatic->LibStatut($status, 0).'</td>';
$result .= '<td class="right"><a href="list.php?statut='.$status.'">'.(isset($vals[$status]) ? $vals[$status] : 0).'</a></td>';
$result .= "</tr>\n";
}
}
if ($conf->use_javascript_ajax) {
$result .= '<tr>';
$result .= '<td align="center" colspan="2">';
include_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
$dolgraph = new DolGraph();
$dolgraph->SetData($dataseries);
$dolgraph->SetDataColor(array_values($colorseries));
$dolgraph->setShowLegend(2);
$dolgraph->setShowPercent(1);
$dolgraph->SetType(array('pie'));
$dolgraph->setHeight('150');
$dolgraph->setWidth('300');
$dolgraph->draw('idgraphthirdparties');
$result .= $dolgraph->show($total ? 0 : 1);
$result .= '</td>';
$result .= '</tr>';
}
//if ($totalinprocess != $total)
//{
// print '<tr class="liste_total">';
// print '<td>'.$langs->trans("Total").' ('.$langs->trans("CustomersOrdersRunning").')</td>';
// print '<td class="right">'.$totalinprocess.'</td>';
// print '</tr>';
//}
$result .= '<tr class="liste_total">';
$result .= '<td>'.$langs->trans("Total").'</td>';
$result .= '<td class="right">'.$total.'</td>';
$result .= '</tr>';
$result .= '</table>';
$result .= '</div>';
$result .= '<br>';
} else {
dol_print_error($db);
}
return $result;
}

4
htdocs/core/modules/DolibarrModules.class.php
View File

@@ -2310,9 +2310,9 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
}
/**
* check for module update
* Check for module update
* TODO : store results for $this->url_last_version and $this->needUpdate
* Add a cron task to monitor for updates
* Add a cron task to monitor for updates
*
* @return int <0 if Error, 0 == no update needed, >0 if need update
*/

2
htdocs/core/modules/modAccounting.class.php
View File

@@ -60,7 +60,7 @@ class modAccounting extends DolibarrModules
$this->dirs = array('/accounting/temp');
// Config pages
$this->config_page_url = array();
$this->config_page_url = array('accounting.php');
// Dependencies
$this->depends = array("modFacture", "modBanque", "modTax"); // List of modules id that must be enabled if this module is enabled

2
htdocs/core/modules/movement/doc/pdf_standard.modules.php
View File

@@ -295,7 +295,7 @@ class pdf_stdandard extends ModelePDFMovement
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON m.batch = pl.batch AND m.fk_product = pl.fk_product";
$sql .= " WHERE m.fk_product = p.rowid";
if ($msid > 0) {
$sql .= " AND m.rowid = ".$msid;
$sql .= " AND m.rowid = ".((int) $msid);
}
$sql .= " AND m.fk_entrepot = e.rowid";
$sql .= " AND e.entity IN (".getEntity('stock').")";

4
htdocs/core/tpl/resource_view.tpl.php
View File

@@ -33,7 +33,7 @@ if ((array) $linked_resources && count($linked_resources) > 0) {
//$element_id = $linked_resource['rowid'];
if ($mode == 'edit' && $linked_resource['rowid'] == GETPOST('lineid')) {
if ($mode == 'edit' && $linked_resource['rowid'] == GETPOST('lineid', 'int')) {
print '<div class="tagtr oddeven">';
print '<input type="hidden" name="lineid" value="'.$linked_resource['rowid'].'" />';
print '<input type="hidden" name="element" value="'.$element.'" />';
@@ -47,7 +47,7 @@ if ((array) $linked_resources && count($linked_resources) > 0) {
print '</div>';
} else {
$class = '';
if ($linked_resource['rowid'] == GETPOST('lineid')) {
if ($linked_resource['rowid'] == GETPOST('lineid', 'int')) {
$class = 'highlight';
}

Some files were not shown because too many files have changed in this diff Show More