From 3ad05c2dde94a11cfc1a5dcf5d392161f700e805 Mon Sep 17 00:00:00 2001 From: VIAL-GOUTEYRON Quentin Date: Tue, 1 Apr 2025 23:13:31 +0200 Subject: [PATCH 1/7] FIX: Incorrect entity used when downloading a document generated in another entity (#33565) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * FIX : Wrong entity to download document * MODIFICATION : Remplacement de l'ID d'entité par l'objet dans les fonctions de gestion des fichiers pour une meilleure cohérence. * Update files.lib.php * Update files.lib.php --------- Co-authored-by: Laurent Destailleur --- htdocs/core/class/commonobject.class.php | 2 +- htdocs/core/class/html.formfile.class.php | 8 ++++---- htdocs/core/lib/files.lib.php | 21 +++++++++++++++++---- htdocs/ecm/class/ecmfiles.class.php | 2 -- 4 files changed, 22 insertions(+), 11 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index d4693486140..d9e9228a282 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -9797,7 +9797,7 @@ abstract class CommonObject $filearray=array_merge($filearray, $filearrayold); }*/ - completeFileArrayWithDatabaseInfo($filearray, $relativedir); + completeFileArrayWithDatabaseInfo($filearray, $relativedir, $this); '@phan-var-force array $filearray'; if (count($filearray)) { diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 3ec99820ecb..d87869b312d 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -936,7 +936,7 @@ class FormFile // Get list of files stored into database for same relative directory if ($relativedir) { - completeFileArrayWithDatabaseInfo($file_list, $relativedir); + completeFileArrayWithDatabaseInfo($file_list, $relativedir, $object); '@phan-var-force array $file_list'; //var_dump($sortfield.' - '.$sortorder); @@ -973,7 +973,6 @@ class FormFile // Show file name with link to download $imgpreview = $this->showPreview($file, $modulepart, $relativepath, 0, $param); - $out .= ''; if ($imgpreview) { $out .= ''; @@ -988,7 +987,6 @@ class FormFile $out .= 'target="_blank" '; } $out .= 'href="'.$documenturl.'?modulepart='.$modulepart.'&file='.urlencode($relativepath).($param ? '&'.$param : '').'"'; - $mime = dol_mimetype($relativepath, '', 0); if (preg_match('/text/', $mime)) { $out .= ' target="_blank" rel="noopener noreferrer"'; @@ -999,10 +997,12 @@ class FormFile $out .= dol_trunc($file["name"], 150); $out .= ''; } + $out .= ''."\n"; $out .= $imgpreview; $out .= ''; + // Show file size $size = (!empty($file['size']) ? $file['size'] : dol_filesize($filedir."/".$file["name"])); $out .= ''.dol_print_size($size, 1, 1).''; @@ -1429,7 +1429,7 @@ class FormFile // Get list of files stored into database for same relative directory if ($relativedir) { - completeFileArrayWithDatabaseInfo($filearray, $relativedir); + completeFileArrayWithDatabaseInfo($filearray, $relativedir, $object); '@phan-var-force array $filearray'; //var_dump($sortfield.' - '.$sortorder); diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 576e2fc0014..8fdb4816940 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -257,14 +257,18 @@ function dol_dir_list($utf8_path, $types = "all", $recursive = 0, $filter = "", * @param int $sortorder Sort order (SORT_ASC, SORT_DESC) * @param int $mode 0=Return array minimum keys loaded (faster), 1=Force all keys like description * @param string $sqlfilters Filter as an Universal Search string. + * @param ?Object $object Object used * Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')' * @return array Array of array('name'=>'xxx','fullname'=>'/abc/xxx','date'=>'yyy','size'=>99,'type'=>'dir|file',...) * @see dol_dir_list() */ -function dol_dir_list_in_database($path, $filter = "", $excludefilter = null, $sortcriteria = "name", $sortorder = SORT_ASC, $mode = 0, $sqlfilters = "") +function dol_dir_list_in_database($path, $filter = "", $excludefilter = null, $sortcriteria = "name", $sortorder = SORT_ASC, $mode = 0, $sqlfilters = "", $object = null) { global $conf, $db; + if (is_null($object)) { + $object = new stdClass(); + } $sql = " SELECT rowid, label, entity, filename, filepath, fullpath_orig, keywords, cover, gen_or_uploaded, extraparams,"; $sql .= " date_c, tms as date_m, fk_user_c, fk_user_m, acl, position, share"; @@ -272,7 +276,11 @@ function dol_dir_list_in_database($path, $filter = "", $excludefilter = null, $s $sql .= ", description"; } $sql .= " FROM ".MAIN_DB_PREFIX."ecm_files"; - $sql .= " WHERE entity = ".((int) $conf->entity); + if (!empty($object->entity) && $object->entity != $conf->entity) { + $sql .= " WHERE entity = ".((int) $object->entity); + } else { + $sql .= " WHERE entity = ".((int) $conf->entity); + } if (preg_match('/%$/', $path)) { $sql .= " AND (filepath LIKE '".$db->escape($path)."' OR filepath = '".$db->escape(preg_replace('/\/%$/', '', $path))."')"; } else { @@ -346,13 +354,18 @@ function dol_dir_list_in_database($path, $filter = "", $excludefilter = null, $s * * @param array $filearray Array of array('name'=>'xxx','fullname'=>'/abc/xxx','date'=>'yyy','size'=>99,'type'=>'dir|file',...) Array of files obtained using dol_dir_list * @param string $relativedir Relative dir from DOL_DATA_ROOT + * @param ?Object $object Object used * @return void */ -function completeFileArrayWithDatabaseInfo(&$filearray, $relativedir) +function completeFileArrayWithDatabaseInfo(&$filearray, $relativedir, $object = null) { global $conf, $db, $user; - $filearrayindatabase = dol_dir_list_in_database($relativedir, '', null, 'name', SORT_ASC); + if (is_null($object)) { + $object = new stdClass(); + } + + $filearrayindatabase = dol_dir_list_in_database($relativedir, '', null, 'name', SORT_ASC, 0, '', $object); // TODO Remove this when PRODUCT_USE_OLD_PATH_FOR_PHOTO will be removed global $modulepart; diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index ad206c45789..ec1a5fca746 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -1025,8 +1025,6 @@ class EcmFiles extends CommonObject $tmppath = preg_replace('/^[^\/]+\//', '', $this->filepath); } } - //var_dump($this->filepath); - $url = DOL_URL_ROOT.'/document.php?modulepart='.urlencode($option).'&file='.urlencode($tmppath.'/'.$this->filename).'&entity='.((int) $this->entity); } else { $url = DOL_URL_ROOT.'/ecm/file_card.php?id='.$this->id; From f78eea2661c224166177553542e2a6ea2ceea85b Mon Sep 17 00:00:00 2001 From: ldestailleur Date: Thu, 3 Apr 2025 12:52:12 +0200 Subject: [PATCH 2/7] Fix click on label of checkbox busy resource --- htdocs/core/class/html.form.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index f2a3569fab3..bf2f8feb55e 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -2613,7 +2613,7 @@ class Form if ($showproperties) { if (is_array($listofresourceid) && count($listofresourceid)) { $out .= '
'; - $out .= ' - ' . $langs->trans("Availability") . ': '; + $out .= ' - ' . $langs->trans("Availability") . ': '; $out .= '
'; } } From 7096eff264666c8b7a35c2fa890cabd727ebb56d Mon Sep 17 00:00:00 2001 From: ldestailleur Date: Thu, 3 Apr 2025 13:10:25 +0200 Subject: [PATCH 3/7] FIX tooltip info on recuring invoice must be into tthe tooltip --- htdocs/compta/facture/card.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index e462f97ea25..8e85c0d0142 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -3797,8 +3797,7 @@ if ($action == 'create') { print '
'; $tmp = ' '; $text = $tmp.' '; - $text .= '('.$langs->trans("YouMustCreateInvoiceFromThird").') '; - $desc = $form->textwithpicto($text, $langs->transnoentities("InvoiceFirstSituationDesc"), 1, 'help', 'nowraponall', 0, 3, 'firstsituationonsmartphone'); + $desc = $form->textwithpicto($text, $langs->transnoentities("InvoiceFirstSituationDesc").'

'.$langs->trans("YouMustCreateInvoiceFromThird"), 1, 'help', 'nowraponall', 0, 3, 'firstsituationonsmartphone'); print $desc; print '
'; } From 038008dd69174ab0464ada104b0d8a00301f137c Mon Sep 17 00:00:00 2001 From: John BOTELLA <68917336+thersane-john@users.noreply.github.com> Date: Thu, 3 Apr 2025 16:00:38 +0200 Subject: [PATCH 4/7] Fix curl error (#33653) --- htdocs/ai/class/ai.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/ai/class/ai.class.php b/htdocs/ai/class/ai.class.php index 5b3297f9e6e..b95d4c93db6 100644 --- a/htdocs/ai/class/ai.class.php +++ b/htdocs/ai/class/ai.class.php @@ -209,7 +209,7 @@ class Ai 'error' => true, 'message' => $errormessage, 'code' => (empty($response['http_code']) ? 0 : $response['http_code']), - 'curl_error_no' => (empty($response['curl_error_no']) ? $response['curl_error_no'] : ''), + 'curl_error_no' => $response['curl_error_no']??'', 'format' => $format, 'service' => $this->apiService, 'function'=>$function From 87b254e0fdaef8ea7bc2ec4c7122884025e01148 Mon Sep 17 00:00:00 2001 From: atm-irvine <165771178+atm-irvine@users.noreply.github.com> Date: Thu, 3 Apr 2025 17:12:28 +0200 Subject: [PATCH 5/7] Fix pdf einstein automatic calculation (#33713) * fix(pdf-einstein): let automatic calculation for pos * removed ; --- .../core/modules/commande/doc/pdf_einstein.modules.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index 8351abd374c..09d0ef83e42 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -1361,8 +1361,8 @@ class pdf_einstein extends ModelePDFCommandes if (getDolGlobalString('PDF_SHOW_PROJECT_TITLE')) { $object->fetch_projet(); - if (!empty($object->project->ref)) { - $posy += 3; + if (!empty($object->project->title)) { + $posy = $pdf->GetY(); $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell($w, 3, $outputlangs->transnoentities("Project")." : ".(empty($object->project->title) ? '' : $object->project->title), '', 'R'); @@ -1373,20 +1373,20 @@ class pdf_einstein extends ModelePDFCommandes $object->fetch_projet(); if (!empty($object->project->ref)) { $outputlangs->load("projects"); - $posy += 3; + $posy = $pdf->GetY(); $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell($w, 3, $outputlangs->transnoentities("RefProject")." : ".(empty($object->project->ref) ? '' : $object->project->ref), '', 'R'); } } - $posy += 4; + $posy = $pdf->GetY(); $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell($w, 3, $outputlangs->transnoentities("OrderDate")." : ".dol_print_date($object->date, "day", false, $outputlangs, true), '', 'R'); if (!getDolGlobalString('MAIN_PDF_HIDE_CUSTOMER_CODE') && !empty($object->thirdparty->code_client)) { - $posy += 4; + $posy = $pdf->GetY(); $pdf->SetXY($posx, $posy); $pdf->SetTextColor(0, 0, 60); $pdf->MultiCell($w, 3, $outputlangs->transnoentities("CustomerCode")." : ".$outputlangs->transnoentities($object->thirdparty->code_client), '', 'R'); From d5eaa1d2817616f3f7cf8957565c529f39f3bc51 Mon Sep 17 00:00:00 2001 From: atm-irvine <165771178+atm-irvine@users.noreply.github.com> Date: Thu, 3 Apr 2025 17:13:27 +0200 Subject: [PATCH 6/7] fix(user): wrong assigned user on agenda, and wrong backtopage (#33717) --- htdocs/user/agenda.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/agenda.php b/htdocs/user/agenda.php index 0e0894ad4ca..a24a2935c71 100644 --- a/htdocs/user/agenda.php +++ b/htdocs/user/agenda.php @@ -164,7 +164,7 @@ $out = ''; $permok = $user->hasRight('agenda', 'myactions', 'create'); if ((!empty($objUser->id) || !empty($objcon->id)) && $permok) { if (is_object($objUser) && get_class($objUser) == 'User') { - $out .= '&originid='.$objUser->id.($objUser->id > 0 ? '&userid='.$objUser->id : '').'&backtopage='.urlencode($_SERVER['PHP_SELF'].($objUser->id > 0 ? '?userid='.$objUser->id : '')); + $out .= '&originid='.$objUser->id.($objUser->id > 0 ? '&assignedtouser='.$objUser->id : '').'&backtopage='.urlencode($_SERVER['PHP_SELF'].($objUser->id > 0 ? '?id='.$objUser->id : '')); } $out .= (!empty($objcon->id) ? '&contactid='.$objcon->id : ''); $out .= '&datep='.dol_print_date(dol_now(), 'dayhourlog', 'tzuserrel'); From 4a88509ea011634694df559f89a9a714e5364542 Mon Sep 17 00:00:00 2001 From: ldestailleur Date: Thu, 3 Apr 2025 21:02:04 +0200 Subject: [PATCH 7/7] Fix protection against bad % operator --- htdocs/core/class/translate.class.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php index 1e046425a2a..c42d53f05df 100644 --- a/htdocs/core/class/translate.class.php +++ b/htdocs/core/class/translate.class.php @@ -790,6 +790,8 @@ class Translate } } + $str = preg_replace('/([^%])%([^%0sdmYIMpHSBb])/', '\1__percent_with_bad_specifier__\2', $str); + if (!preg_match('/^Format/', $key)) { try { // @phan-suppress-next-line PhanPluginPrintfVariableFormatString @@ -800,6 +802,8 @@ class Translate } } + $str = str_replace('__percent_with_bad_specifier__', '%', $str); + // Remove dangerous sequence we should never have. Not needed into a translated response. // %27 is entity code for ' and is replaced by browser automatically when translation is inside a javascript code called by a click like on a href link. $str = str_replace(array('%27', '''), '', $str);