Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-12 04:21:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur
2020-02-02 19:32:37 +01:00
parent be0a25e5ed 423555c8b0
commit ffa847bc8e
18 changed files with 389 additions and 285 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/admin/company.php
View File

@@ -95,15 +95,15 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM", GETPOST("nom", 'nohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS", GETPOST("MAIN_INFO_SOCIETE_ADDRESS", 'nohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN", GETPOST("MAIN_INFO_SOCIETE_TOWN", 'nohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("MAIN_INFO_SOCIETE_ZIP", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_REGION", GETPOST("region_code", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("MAIN_INFO_SOCIETE_ZIP", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_REGION", GETPOST("region_code", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MONNAIE", GETPOST("currency", 'aZ09'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL", GETPOST("tel", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL", GETPOST("tel", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note", 'none'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
$dirforimage = $conf->mycompany->dir_output.'/logos/';

2
htdocs/admin/const.php
View File

@@ -40,7 +40,7 @@ $update=GETPOST('update', 'alpha');
$delete=GETPOST('delete', 'none'); // Do not use alpha here
$debug=GETPOST('debug', 'int');
$consts=GETPOST('const', 'array');
$constname=GETPOST('constname', 'alpha');
$constname=GETPOST('constname', 'alphanohtml');
$constvalue=GETPOST('constvalue', 'none'); // We shoul dbe able to send everything here
$constnote=GETPOST('constnote', 'alpha');

24
htdocs/admin/defaultvalues.php
View File

@@ -1,5 +1,5 @@
<?php
/* Copyright (C) 2017-2018 Laurent Destailleur <eldy@users.sourceforge.net>
/* Copyright (C) 2017-2020 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2017-2018 Regis Houssin <regis.houssin@inodbox.com>
*
* This program is free software; you can redistribute it and/or modify
@@ -52,15 +52,15 @@ $pagenext = $page + 1;
if (!$sortfield) $sortfield = 'page,param';
if (!$sortorder) $sortorder = 'ASC';
$defaulturl = GETPOST('defaulturl');
$defaultkey = GETPOST('defaultkey', 'alpha');
$defaultvalue = GETPOST('defaultvalue');
$defaulturl = GETPOST('defaulturl', 'alphanohtml');
$defaultkey = GETPOST('defaultkey', 'alphanohtml');
$defaultvalue = GETPOST('defaultvalue', 'none');
$defaulturl = preg_replace('/^\//', '', $defaulturl);
$urlpage = GETPOST('urlpage');
$key = GETPOST('key');
$value = GETPOST('value');
$urlpage = GETPOST('urlpage', 'alphanohtml');
$key = GETPOST('key', 'alphanohtml');
$value = GETPOST('value', 'none');
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('admindefaultvalues', 'globaladmin'));
@@ -210,9 +210,9 @@ print load_fiche_titre($langs->trans("DefaultValues"), $enabledisablehtml, 'titl
print '<span class="opacitymedium">'.$langs->trans("DefaultValuesDesc")."</span><br>\n";
print "<br>\n";
if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.$contextpage;
if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.$limit;
if ($optioncss != '') $param .= '&optioncss='.$optioncss;
if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.urlencode($contextpage);
if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.urlencode($limit);
if ($optioncss != '') $param .= '&optioncss='.urlencode($optioncss);
if ($defaulturl) $param .= '&defaulturl='.urlencode($defaulturl);
if ($defaultkey) $param .= '&defaultkey='.urlencode($defaultkey);
if ($defaultvalue) $param .= '&defaultvalue='.urlencode($defaultvalue);
@@ -359,7 +359,7 @@ if ($result)
// Page
print '<td>';
if ($action != 'edit' || GETPOST('rowid') != $obj->rowid) print $obj->page;
if ($action != 'edit' || GETPOST('rowid', 'int') != $obj->rowid) print $obj->page;
else print '<input type="text" name="urlpage" value="'.dol_escape_htmltag($obj->page).'">';
print '</td>'."\n";
@@ -378,7 +378,7 @@ if ($result)
print '<input type="hidden" name="const['.$i.'][name]" value="'.$obj->transkey.'">';
print '<input type="text" id="value_'.$i.'" class="flat inputforupdate" size="30" name="const['.$i.'][value]" value="'.dol_escape_htmltag($obj->transvalue).'">';
*/
if ($action != 'edit' || GETPOST('rowid') != $obj->rowid) print $obj->value;
if ($action != 'edit' || GETPOST('rowid') != $obj->rowid) print dol_escape_htmltag($obj->value);
else print '<input type="text" name="value" value="'.dol_escape_htmltag($obj->value).'">';
print '</td>';
}

18
htdocs/admin/dict.php
View File

@@ -58,6 +58,7 @@ if ($id == 10 && !empty($user->rights->accounting->chartofaccount)) $allowed = 1
if ($id == 17 && !empty($user->rights->accounting->chartofaccount)) $allowed = 1; // Dictionary with type of expense report and accounting account allowed to manager of chart account
if (!$allowed) accessforbidden();
$acts =array(); $actl =array();
$acts[0] = "activate";
$acts[1] = "disable";
$actl[0] = img_picto($langs->trans("Disabled"), 'switch_off');
@@ -76,7 +77,7 @@ $pageprev = $page - 1;
$pagenext = $page + 1;
$search_country_id = GETPOST('search_country_id', 'int');
if ($search_country_id == '' && ($id == 2 || $id == 3 || $id == 10)) // Not a so good idea to force on current country for all dictionaries. Some tables have entries that are for all countries, we must be able to see them, so this is done for dedicated dictionaries only.
if (! GETPOSTISSET('search_country_id') && $search_country_id == '' && ($id == 2 || $id == 3 || $id == 10)) // Not a so good idea to force on current country for all dictionaries. Some tables have entries that are for all countries, we must be able to see them, so this is done for dedicated dictionaries only.
{
$search_country_id = $mysoc->country_id;
}
@@ -178,7 +179,7 @@ $tablib[38] = "DictionarySocialNetworks";
$tabsql = array();
$tabsql[1] = "SELECT f.rowid as rowid, f.code, f.libelle, c.code as country_code, c.label as country, f.active FROM ".MAIN_DB_PREFIX."c_forme_juridique as f, ".MAIN_DB_PREFIX."c_country as c WHERE f.fk_pays=c.rowid";
$tabsql[2] = "SELECT d.rowid as rowid, d.code_departement as code, d.nom as libelle, d.fk_region as region_id, r.nom as region, c.code as country_code, c.label as country, d.active FROM ".MAIN_DB_PREFIX."c_departements as d, ".MAIN_DB_PREFIX."c_regions as r, ".MAIN_DB_PREFIX."c_country as c WHERE d.fk_region=r.code_region and r.fk_pays=c.rowid and r.active=1 and c.active=1";
$tabsql[3] = "SELECT r.rowid as rowid, r.code_region as code, r.nom as libelle, r.fk_pays as country_id, c.code as country_code, c.label as country, r.active FROM ".MAIN_DB_PREFIX."c_regions as r, ".MAIN_DB_PREFIX."c_country as c WHERE r.fk_pays=c.rowid and c.active=1";
$tabsql[3] = "SELECT r.rowid as rowid, r.code_region as state_code, r.nom as libelle, r.fk_pays as country_id, c.code as country_code, c.label as country, r.active FROM ".MAIN_DB_PREFIX."c_regions as r, ".MAIN_DB_PREFIX."c_country as c WHERE r.fk_pays=c.rowid and c.active=1";
$tabsql[4] = "SELECT c.rowid as rowid, c.code, c.label, c.active, c.favorite FROM ".MAIN_DB_PREFIX."c_country AS c";
$tabsql[5] = "SELECT c.rowid as rowid, c.code as code, c.label, c.active FROM ".MAIN_DB_PREFIX."c_civility AS c";
$tabsql[6] = "SELECT a.id as rowid, a.code as code, a.libelle AS libelle, a.type, a.active, a.module, a.color, a.position FROM ".MAIN_DB_PREFIX."c_actioncomm AS a";
@@ -759,12 +760,13 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
$_POST[$listfieldvalue[$i]] = getEntity($tabname[$id]);
}
if ($i) $sql .= ",";
if ($listfieldvalue[$i] == 'sortorder') // For column name 'sortorder', we use the field name 'position'
{
$sql .= "'".(int) $db->escape($_POST['position'])."'";
$sql .= "'".(int) $db->escape(GETPOST('position'))."'";
}
elseif ($_POST[$listfieldvalue[$i]] == '' && !($listfieldvalue[$i] == 'code' && $id == 10)) $sql .= "null"; // For vat, we want/accept code = ''
else $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
else $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i], 'nohtml'))."'";
$i++;
}
$sql .= ",1)";
@@ -1011,6 +1013,7 @@ if ($id)
if ($search_code != '' && $id == 9) $sql .= natural_search("code_iso", $search_code);
elseif ($search_code != '' && $id == 28) $sql .= natural_search("h.code", $search_code);
elseif ($search_code != '' && $id == 32) $sql .= natural_search("a.code", $search_code);
elseif ($search_code != '' && $id == 3) $sql .= natural_search("r.code_region", $search_code);
elseif ($search_code != '' && $id != 9) $sql .= natural_search("code", $search_code);
if ($sortfield)
@@ -1146,7 +1149,7 @@ if ($id)
if ($fieldlist[$field] == 'revenuestamp_type') { $valuetoshow = $langs->trans('TypeOfRevenueStamp'); }
if ($fieldlist[$field] == 'use_default') { $valuetoshow = $langs->trans('Default'); }
if ($id == 2) // Special cas for state page
if ($id == 2) // Special case for state page
{
if ($fieldlist[$field] == 'region_id') { $valuetoshow = '&nbsp;'; $showfield = 1; }
if ($fieldlist[$field] == 'region') { $valuetoshow = $langs->trans("Country").'/'.$langs->trans("Region"); $showfield = 1; }
@@ -1228,6 +1231,7 @@ if ($id)
// List of available record in database
dol_syslog("htdocs/admin/dict", LOG_DEBUG);
$resql = $db->query($sql);
if ($resql)
{
@@ -1620,7 +1624,9 @@ if ($id)
$key = $langs->trans($obj->label);
$valuetoshow = ($obj->label && $key != strtoupper($obj->label) ? $key : $obj->{$fieldlist[$field]});
}
elseif ($fieldlist[$field] == 'code' && $id == 3) {
$valuetoshow = $obj->state_code;
}
$class .= ($class ? ' ' : '').'tddict';
if ($fieldlist[$field] == 'note' && $id == 10) $class .= ' tdoverflowmax200';
if ($fieldlist[$field] == 'tracking') $class .= ' tdoverflowauto';

7
htdocs/admin/system/browser.php
View File

@@ -49,12 +49,15 @@ $tmp=getBrowserInfo($_SERVER["HTTP_USER_AGENT"]);
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td>'.$langs->trans("Parameter").'</td><td colspan="2">'.$langs->trans("Value").'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("UserAgent").'</td><td colspan="2">'.$_SERVER['HTTP_USER_AGENT'].'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("UserAgent").'</td><td colspan="2">'.dol_escape_htmltag($_SERVER['HTTP_USER_AGENT']).'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("BrowserName").'</td><td colspan="2">'.$tmp['browsername'].'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("BrowserOS").'</td><td colspan="2">'.$tmp['browseros'].'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("Version").'</td><td colspan="2">'.$tmp['browserversion'].'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("Layout").' (phone/tablet/classic)</td><td colspan="2">'.$tmp['layout'].'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("IPAddress").'</td><td colspan="2">'.$_SERVER['REMOTE_ADDR'].'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("IPAddress").'</td><td colspan="2">'.dol_escape_htmltag($_SERVER['REMOTE_ADDR']);
if (! empty($_SERVER['HTTP_CLIENT_IP'])) print ' (HTTP_CLIENT_IP='.dol_escape_htmltag($_SERVER['HTTP_CLIENT_IP']).')';
if (! empty($_SERVER['HTTP_X_FORWARDED_FOR'])) print ' (HTTP_X_FORWARDED_FOR='.dol_escape_htmltag($_SERVER['HTTP_X_FORWARDED_FOR']).')';
print '</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("SessionName").'</td><td colspan="2">'.session_name().'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("SessionId").'</td><td colspan="2">'.session_id().'</td></tr>'."\n";

19
htdocs/admin/translation.php
View File

@@ -1,5 +1,5 @@
<?php
/* Copyright (C) 2007-2016 Laurent Destailleur <eldy@users.sourceforge.net>
/* Copyright (C) 2007-2020 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2009-2017 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2017 Frédéric France <frederic.france@free.fr>
*
@@ -35,9 +35,9 @@ if (!$user->admin) accessforbidden();
$id = GETPOST('rowid', 'int');
$action = GETPOST('action', 'alpha');
$langcode = GETPOST('langcode', 'alpha');
$transkey = GETPOST('transkey', 'alpha');
$transvalue = GETPOST('transvalue', 'alpha');
$langcode = GETPOST('langcode', 'alphanohtml');
$transkey = GETPOST('transkey', 'alphanohtml');
$transvalue = GETPOST('transvalue', 'none');
$mode = GETPOST('mode', 'aZ09') ?GETPOST('mode', 'aZ09') : 'overwrite';
@@ -190,7 +190,6 @@ if ($action == 'delete')
/*
* View
*/
@@ -231,9 +230,9 @@ print '<span class="opacitymedium">'.$form->textwithpicto($langs->trans("Current
print '<br>';
if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
if ($optioncss != '') $param.='&optioncss='.$optioncss;
if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
if ($optioncss != '') $param.='&optioncss='.urlencode($optioncss);
if ($langcode) $param.='&langcode='.urlencode($langcode);
if ($transkey) $param.='&transkey='.urlencode($transkey);
if ($transvalue) $param.='&transvalue='.urlencode($transvalue);
@@ -348,11 +347,11 @@ if ($mode == 'overwrite')
*/
if ($action == 'edit' && $obj->rowid == GETPOST('rowid', 'int'))
{
print '<input type="text" class="quatrevingtpercent" name="transvalue" value="'.$obj->transvalue.'">';
print '<input type="text" class="quatrevingtpercent" name="transvalue" value="'.dol_escape_htmltag($obj->transvalue).'">';
}
else
{
print $obj->transvalue;
print dol_escape_htmltag($obj->transvalue);
}
print '</td>';

4
htdocs/core/ajax/pingresult.php
View File

@@ -53,8 +53,8 @@ print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"])
// If ok
if ($action == 'firstpingok')
{
// Note: pings are by installation, done on entity 1.
// Once this constant are set, no more ping will be tried (except if we add parameter &forceping=1 on URL). So we can say this are 'first' ping.
// Note: pings are per installed instances / entity.
// Once this constants are set, no more ping will be tried (except if we add parameter &forceping=1 on URL). So we can say this are 'first' ping.
dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_DATE', dol_print_date($now, 'dayhourlog', 'gmt'));
dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_ID', $hash_unique_id);

58
htdocs/core/lib/functions.lib.php
View File

@@ -224,7 +224,54 @@ function dol_shutdown()
*/
function GETPOSTISSET($paramname)
{
return (isset($_POST[$paramname]) || isset($_GET[$paramname]));
$isset = 0;
$relativepathstring = $_SERVER["PHP_SELF"];
// Clean $relativepathstring
if (constant('DOL_URL_ROOT')) $relativepathstring = preg_replace('/^'.preg_quote(constant('DOL_URL_ROOT'), '/').'/', '', $relativepathstring);
$relativepathstring = preg_replace('/^\//', '', $relativepathstring);
$relativepathstring = preg_replace('/^custom\//', '', $relativepathstring);
//var_dump($relativepathstring);
//var_dump($user->default_values);
// Code for search criteria persistence.
// Retrieve values if restore_lastsearch_values
if (!empty($_GET['restore_lastsearch_values'])) // Use $_GET here and not GETPOST
{
if (!empty($_SESSION['lastsearch_values_'.$relativepathstring])) // If there is saved values
{
$tmp = json_decode($_SESSION['lastsearch_values_'.$relativepathstring], true);
if (is_array($tmp))
{
foreach ($tmp as $key => $val)
{
if ($key == $paramname) // We are on the requested parameter
{
$isset = 1;
break;
}
}
}
}
// If there is saved contextpage, page or limit
if ($paramname == 'contextpage' && !empty($_SESSION['lastsearch_contextpage_'.$relativepathstring]))
{
$isset = 1;
}
elseif ($paramname == 'page' && !empty($_SESSION['lastsearch_page_'.$relativepathstring]))
{
$isset = 1;
}
elseif ($paramname == 'limit' && !empty($_SESSION['lastsearch_limit_'.$relativepathstring]))
{
$isset = 1;
}
}
else {
$isset = (isset($_POST[$paramname]) || isset($_GET[$paramname]));
}
return $isset;
}
/**
@@ -1058,10 +1105,13 @@ function dol_syslog($message, $level = LOG_INFO, $ident = 0, $suffixinfilename =
'ip' => false
);
$remoteip = getUserRemoteIP(); // Get ip when page run on a web server
if (! empty($remoteip)) {
$data['ip'] = $remoteip;
// This is when server run behind a reverse proxy
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) $data['ip'] = $_SERVER['HTTP_X_FORWARDED_FOR'].(empty($_SERVER["REMOTE_ADDR"]) ? '' : '->'.$_SERVER['REMOTE_ADDR']);
// This is when server run normally on a server
elseif (!empty($_SERVER["REMOTE_ADDR"])) $data['ip'] = $_SERVER['REMOTE_ADDR'];
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != $remoteip) $data['ip'] = $_SERVER['HTTP_X_FORWARDED_FOR'].' -> '.$data['ip'];
elseif (!empty($_SERVER['HTTP_CLIENT_IP']) && $_SERVER['HTTP_CLIENT_IP'] != $remoteip) $data['ip'] = $_SERVER['HTTP_CLIENT_IP'].' -> '.$data['ip'];
}
// This is when PHP session is ran inside a web server but not inside a client request (example: init code of apache)
elseif (!empty($_SERVER['SERVER_ADDR'])) $data['ip'] = $_SERVER['SERVER_ADDR'];
// This is when PHP session is ran outside a web server, like from Windows command line (Not always defined, but useful if OS defined it).

2
htdocs/core/lib/security2.lib.php
View File

@@ -104,7 +104,7 @@ function checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $auth
}
else
{
dol_syslog("Authentification ko - failed to load file '".$authfile."'", LOG_ERR);
dol_syslog("Authentication KO - failed to load file '".$authfile."'", LOG_ERR);
sleep(1);
// Load translation files required by the page
$langs->loadLangs(array('other', 'main', 'errors'));

8
htdocs/core/login/functions_dolibarr.php
View File

@@ -110,7 +110,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
else
{
sleep(2); // Anti brut force protection
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password for '".$usertotest."', cryptType=".$cryptType);
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO bad password for '".$usertotest."', cryptType=".$cryptType, LOG_NOTICE);
// Load translation files required by the page
$langs->loadLangs(array('main', 'errors'));
@@ -129,7 +129,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
$ret = $mc->checkRight($obj->rowid, $entitytotest);
if ($ret < 0)
{
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko entity '" . $entitytotest . "' not allowed for user '" . $obj->rowid . "'");
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO entity '" . $entitytotest . "' not allowed for user '" . $obj->rowid . "'", LOG_NOTICE);
$login = ''; // force authentication failure
}
}
@@ -137,7 +137,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
}
else
{
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko user not found for '".$usertotest."'");
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO user not found for '".$usertotest."'", LOG_NOTICE);
sleep(1);
// Load translation files required by the page
@@ -148,7 +148,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
}
else
{
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko db error for '".$usertotest."' error=".$db->lasterror());
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentication KO db error for '".$usertotest."' error=".$db->lasterror(), LOG_ERR);
sleep(1);
$_SESSION["dol_loginmesg"]=$db->lasterror();
}

8
htdocs/core/login/functions_ldap.php
View File

@@ -52,7 +52,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
if (! function_exists("ldap_connect"))
{
dol_syslog("functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP. LDAP functions are disabled on this PHP");
dol_syslog("functions_ldap::check_user_password_ldap Authentication KO failed to connect to LDAP. LDAP functions are disabled on this PHP", LOG_ERR);
sleep(1);
// Load translation files required by the page
@@ -202,7 +202,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
$ret=$mc->checkRight($usertmp->id, $entitytotest);
if ($ret < 0)
{
dol_syslog("functions_ldap::check_user_password_ldap Authentification ko entity '".$entitytotest."' not allowed for user '".$usertmp->id."'");
dol_syslog("functions_ldap::check_user_password_ldap Authentication KO entity '".$entitytotest."' not allowed for user '".$usertmp->id."'", LOG_NOTICE);
$login=''; // force authentication failure
}
unset($usertmp);
@@ -210,7 +210,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
}
if ($result == 1)
{
dol_syslog("functions_ldap::check_user_password_ldap Authentification ko bad user/password for '".$usertotest."'");
dol_syslog("functions_ldap::check_user_password_ldap Authentication KO bad user/password for '".$usertotest."'", LOG_NOTICE);
sleep(1);
// Load translation files required by the page
@@ -229,7 +229,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
** 49 - Wrong password
** 53 - Account inactive (manually locked out by administrator)
*/
dol_syslog("functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP for '".$usertotest."'");
dol_syslog("functions_ldap::check_user_password_ldap Authentication KO failed to connect to LDAP for '".$usertotest."'", LOG_NOTICE);
if (is_resource($ldap->connection)) // If connection ok but bind ko
{
$ldap->ldapErrorCode = ldap_errno($ldap->connection);

16
htdocs/core/modules/modModuleBuilder.class.php
View File

@@ -45,6 +45,7 @@ class modModuleBuilder extends DolibarrModules
// Family can be 'crm','financial','hr','projects','products','ecm','technic','other'
// It is used to group modules in module setup page
$this->family = "technic";
$this->module_position = '90';
// Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module)
$this->name = preg_replace('/^mod/i', '', get_class($this));
$this->description = "A RAD (Rapid Application Development) tool to help developers to build their own module.";
@@ -82,6 +83,21 @@ class modModuleBuilder extends DolibarrModules
//------
$this->boxes = array();
// Permissions
//------------
$this->rights = array(); // Permission array used by this module
$this->rights_class = 'modulebuilder';
$r=0;
$r++;
$this->rights[$r][0] = 3301;
$this->rights[$r][1] = 'Generate new modules';
$this->rights[$r][2] = 'a';
$this->rights[$r][3] = 0;
$this->rights[$r][4] = 'run';
// Main menu entries
//------------------
$this->menu = array();

20
htdocs/main.inc.php
View File

@@ -957,7 +957,7 @@ if (!defined('NOLOGIN'))
{
// If not active, we refuse the user
$langs->load("other");
dol_syslog("Authentification ko as login is disabled");
dol_syslog("Authentication KO as login is disabled", LOG_NOTICE);
accessforbidden($langs->trans("ErrorLoginDisabled"));
exit;
}
@@ -2553,22 +2553,29 @@ if (!function_exists("llxFooter"))
// Add code for the asynchronous anonymous first ping (for telemetry)
// You can use &forceping=1 in parameters to force the ping if the ping was already sent.
if (($_SERVER["PHP_SELF"] == DOL_URL_ROOT.'/index.php') || GETPOST('forceping', 'alpha'))
$forceping = GETPOST('forceping', 'alpha');
if (($_SERVER["PHP_SELF"] == DOL_URL_ROOT.'/index.php') || $forceping)
{
//print '<!-- instance_unique_id='.$conf->file->instance_unique_id.' MAIN_FIRST_PING_OK_ID='.$conf->global->MAIN_FIRST_PING_OK_ID.' -->';
$hash_unique_id = md5('dolibarr'.$conf->file->instance_unique_id);
if (empty($conf->global->MAIN_FIRST_PING_OK_DATE)
|| (!empty($conf->file->instance_unique_id) && ($hash_unique_id != $conf->global->MAIN_FIRST_PING_OK_ID) && ($conf->global->MAIN_FIRST_PING_OK_ID != 'disabled'))
|| GETPOST('forceping', 'alpha'))
|| $forceping)
{
if (strpos('alpha', DOL_VERSION) > 0) {
// No ping done if we are into an alpha version
if (strpos('alpha', DOL_VERSION) > 0 && ! $forceping) {
print "\n<!-- NO JS CODE TO ENABLE the anonymous Ping. It is an alpha version -->\n";
}
elseif (empty($_COOKIE['DOLINSTALLNOPING_'.$hash_unique_id])) // Cookie is set when we uncheck the checkbox in the installation wizard.
elseif (empty($_COOKIE['DOLINSTALLNOPING_'.$hash_unique_id]) || $forceping) // Cookie is set when we uncheck the checkbox in the installation wizard.
{
// MAIN_LAST_PING_KO_DATE
// Disable ping if MAIN_LAST_PING_KO_DATE is set and is recent
if (! empty($conf->global->MAIN_LAST_PING_KO_DATE) && substr($conf->global->MAIN_LAST_PING_KO_DATE, 0, 6) == dol_print_date(dol_now(), '%Y%m') && ! $forceping) {
print "\n<!-- NO JS CODE TO ENABLE the anonymous Ping. An error already occured this month, we will try later. -->\n";
} else {
include_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
print "\n".'<!-- Includes JS for Ping of Dolibarr MAIN_FIRST_PING_OK_DATE = '.$conf->global->MAIN_FIRST_PING_OK_DATE.' MAIN_FIRST_PING_OK_ID = '.$conf->global->MAIN_FIRST_PING_OK_ID.' -->'."\n";
print "\n".'<!-- Includes JS for Ping of Dolibarr forceping='.$forceping.' MAIN_FIRST_PING_OK_DATE='.$conf->global->MAIN_FIRST_PING_OK_DATE.' MAIN_FIRST_PING_OK_ID='.$conf->global->MAIN_FIRST_PING_OK_ID.' MAIN_LAST_PING_KO_DATE='.$conf->global->MAIN_LAST_PING_KO_DATE.' -->'."\n";
print "\n<!-- JS CODE TO ENABLE the anonymous Ping -->\n";
$url_for_ping = (empty($conf->global->MAIN_URL_FOR_PING) ? "https://ping.dolibarr.org/" : $conf->global->MAIN_URL_FOR_PING);
// Try to guess the distrib used
@@ -2620,6 +2627,7 @@ if (!function_exists("llxFooter"))
</script>
<?php
}
}
else
{
$now = dol_now();

3
htdocs/modulebuilder/index.php
View File

@@ -90,6 +90,9 @@ if (empty($newmask)) // This should no happen
$newmask = '0664';
}
$result = restrictedArea($user, 'modulebuilder', null);
/*
* Actions

82
htdocs/product/index.php
View File

@@ -40,7 +40,7 @@ if ($type == '' && !$user->rights->service->lire) $type = '0'; // Force global p
// Security check
if ($type == '0') $result = restrictedArea($user, 'produit');
elseif ($type == '1') $result = restrictedArea($user, 'service');
else $result = restrictedArea($user, 'produit|service');
else $result = restrictedArea($user, 'produit|service|expedition');
// Load translation files required by the page
$langs->loadLangs(array('products', 'stocks'));
@@ -117,21 +117,23 @@ if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS)) // This is useles
/*
* Number of products and/or services
*/
$prodser = array();
$prodser[0][0] = $prodser[0][1] = $prodser[0][2] = $prodser[0][3] = 0;
$prodser[1][0] = $prodser[1][1] = $prodser[1][2] = $prodser[1][3] = 0;
$sql = "SELECT COUNT(p.rowid) as total, p.fk_product_type, p.tosell, p.tobuy";
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
$sql .= ' WHERE p.entity IN ('.getEntity($product_static->element, 1).')';
// Add where from hooks
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
$sql .= " GROUP BY p.fk_product_type, p.tosell, p.tobuy";
$result = $db->query($sql);
while ($objp = $db->fetch_object($result))
if ((!empty($conf->product->enabled) || !empty($conf->service->enabled)) && ($user->rights->produit->lire || $user->rights->service->lire))
{
$prodser = array();
$prodser[0][0] = $prodser[0][1] = $prodser[0][2] = $prodser[0][3] = 0;
$prodser[1][0] = $prodser[1][1] = $prodser[1][2] = $prodser[1][3] = 0;
$sql = "SELECT COUNT(p.rowid) as total, p.fk_product_type, p.tosell, p.tobuy";
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
$sql .= ' WHERE p.entity IN ('.getEntity($product_static->element, 1).')';
// Add where from hooks
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
$sql .= " GROUP BY p.fk_product_type, p.tosell, p.tobuy";
$result = $db->query($sql);
while ($objp = $db->fetch_object($result))
{
$status = 3; // On sale + On purchase
if (!$objp->tosell && !$objp->tobuy) $status = 0; // Not on sale, not on purchase
if ($objp->tosell && !$objp->tobuy) $status = 1; // On sale only
@@ -140,10 +142,10 @@ while ($objp = $db->fetch_object($result))
if ($objp->tosell) $prodser[$objp->fk_product_type]['sell'] += $objp->total;
if ($objp->tobuy) $prodser[$objp->fk_product_type]['buy'] += $objp->total;
if (!$objp->tosell && !$objp->tobuy) $prodser[$objp->fk_product_type]['none'] += $objp->total;
}
}
if ($conf->use_javascript_ajax)
{
if ($conf->use_javascript_ajax)
{
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><th colspan="2">'.$langs->trans("Statistics").'</th></tr>';
@@ -188,6 +190,7 @@ if ($conf->use_javascript_ajax)
print '</td></tr>';
print '</table>';
print '</div>';
}
}
@@ -270,24 +273,26 @@ print '</div><div class="fichetwothirdright"><div class="ficheaddleft">';
/*
* Latest modified products
*/
$max = 15;
$sql = "SELECT p.rowid, p.label, p.price, p.ref, p.fk_product_type, p.tosell, p.tobuy, p.tobatch, p.fk_price_expression,";
$sql .= " p.entity,";
$sql .= " p.tms as datem";
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
$sql .= " WHERE p.entity IN (".getEntity($product_static->element, 1).")";
if ($type != '') $sql .= " AND p.fk_product_type = ".$type;
// Add where from hooks
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
$sql .= $db->order("p.tms", "DESC");
$sql .= $db->plimit($max, 0);
//print $sql;
$result = $db->query($sql);
if ($result)
if ((!empty($conf->product->enabled) || !empty($conf->service->enabled)) && ($user->rights->produit->lire || $user->rights->service->lire))
{
$max = 15;
$sql = "SELECT p.rowid, p.label, p.price, p.ref, p.fk_product_type, p.tosell, p.tobuy, p.tobatch, p.fk_price_expression,";
$sql .= " p.entity,";
$sql .= " p.tms as datem";
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
$sql .= " WHERE p.entity IN (".getEntity($product_static->element, 1).")";
if ($type != '') $sql .= " AND p.fk_product_type = ".$type;
// Add where from hooks
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
$sql .= $db->order("p.tms", "DESC");
$sql .= $db->plimit($max, 0);
//print $sql;
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$i = 0;
@@ -380,10 +385,11 @@ if ($result)
print '</div>';
print '<br>';
}
}
else
{
}
else
{
dol_print_error($db);
}
}

2
htdocs/resource/class/dolresource.class.php
View File

@@ -948,7 +948,7 @@ class Dolresource extends CommonObject
*/
public function getNomUrl($withpicto = 0, $option = '', $get_params = '', $notooltip = 0, $morecss = '', $save_lastsearch_value = -1)
{
global $langs;
global $conf, $langs;
$result = '';
$label = '<u>'.$langs->trans("ShowResource").'</u>';

20
htdocs/support/default.css
View File

@@ -23,6 +23,22 @@ background: #f9f9f9;
margin: 5px 5px;
}
.center {
text-align: center;
}
.centpercent {
width: 100%;
}
.valignmiddle {
vertical-align: middle;
}
inline-block {
display: inline-block;
}
div.titre {
padding: 5px 5px 5px 5px;
margin: 0 0 0 0;
@@ -147,10 +163,10 @@ padding: 4px 4px 4px 4px;
tr.title
{
background: #DDDFDD;
background: #EEEEEE;
}
table.login { border: 1px solid #C0C0C0; background: #FFF; }
table.login { border: 1px solid #E0E0E0; background: #FFF; }
.tablesupport {
padding: 6px;

13
htdocs/support/inc.php
View File

@@ -223,15 +223,12 @@ function pHeader($soutitre, $next, $action = 'none')
print '<title>'.$langs->trans("DolibarrHelpCenter").'</title>'."\n";
print '</head>'."\n";
print '<body>'."\n";
print '<body class="center">'."\n";
print '<table class="noborder" summary="helpcentertitle"><tr valign="middle">';
print '<td width="20">';
print '<img src="helpcenter.png" alt="logohelpcenter">';
print '</td>';
print '<td>';
print '<span class="titre">'.$soutitre.'</span>'."\n";
print '</td></tr></table>';
print '<div class="noborder centpercent center valignmiddle inline-block">';
print '<img src="helpcenter.png" alt="logohelpcenter" class="inline-block"><br><br>';
print '<span class="titre inline-block">'.$soutitre.'</span>'."\n";
print '</div><br>';
}
/**