mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2026-02-08 17:02:34 +01:00
Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
d9e089256e | ||
|
|
ed16699de6 | ||
|
|
0814fa76f8 | ||
|
|
35ce670bf2 | ||
|
|
60debe31c4 | ||
|
|
316b7453e4 | ||
|
|
75bcb7e53f | ||
|
|
9b797c1831 | ||
|
|
384c89dcef | ||
|
|
e886c89e06 | ||
|
|
00f0aff6f0 | ||
|
|
f3ef9b868f |
@@ -159,7 +159,7 @@ Comments:
|
||||
Those files are not shipped in the binary package as we
|
||||
configure Dolibarr to use Dejavu fonts from "fonts-dejavu-core".
|
||||
|
||||
Files: docs/images/*
|
||||
Files: doc/images/*
|
||||
Copyright: Laurent Destailleur
|
||||
License: CC-BY-SA-3.0
|
||||
You are free:
|
||||
@@ -176,7 +176,7 @@ License: CC-BY-SA-3.0
|
||||
.
|
||||
For more information, see http://creativecommons.org/licenses/by-sa/3.0/
|
||||
|
||||
Files: htdocs/includes/fpdi/*
|
||||
Files: htdocs/includes/fpdfi/*
|
||||
Copyright: 2004-2011 Setasign - Jan Slabon
|
||||
License: GPL-2+
|
||||
This program is free software; you can redistribute it
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2008-2011 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2011-2014 Juanjo Menent <jmenent@2byte.es>
|
||||
/* Copyright (C) 2008-2011 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2011-2014 Juanjo Menent <jmenent@2byte.es>
|
||||
* Copyright (C) 2016 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@@ -88,7 +89,7 @@ if ($actionsave)
|
||||
// Save nb of agenda
|
||||
if (! $error)
|
||||
{
|
||||
$res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST('AGENDA_EXT_NB','alpha')),'chaine',0,'',$conf->entity);
|
||||
$res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST('AGENDA_EXT_NB','int')),'chaine',0,'',$conf->entity);
|
||||
if (! $res > 0) $error++;
|
||||
if (empty($conf->global->AGENDA_EXT_NB)) $conf->global->AGENDA_EXT_NB=5;
|
||||
$MAXAGENDA=empty($conf->global->AGENDA_EXT_NB)?5:$conf->global->AGENDA_EXT_NB;
|
||||
@@ -201,9 +202,9 @@ while ($i <= $MAXAGENDA)
|
||||
// Nb
|
||||
print '<td width="180" class="nowrap">'.$langs->trans("AgendaExtNb",$key)."</td>";
|
||||
// Name
|
||||
print '<td><input type="text" class="flat hideifnotset" name="agenda_ext_name'.$key.'" value="'. (GETPOST('agenda_ext_name'.$key)?GETPOST('agenda_ext_name'.$key):$conf->global->$name) . '" size="28"></td>';
|
||||
print '<td><input type="text" class="flat hideifnotset" name="agenda_ext_name'.$key.'" value="'. (GETPOST('agenda_ext_name'.$key)?GETPOST('agenda_ext_name'.$key, 'alpha'):$conf->global->$name) . '" size="28"></td>';
|
||||
// URL
|
||||
print '<td><input type="url" class="flat hideifnotset" name="agenda_ext_src'.$key.'" value="'. (GETPOST('agenda_ext_src'.$key)?GETPOST('agenda_ext_src'.$key):$conf->global->$src) . '" size="60"></td>';
|
||||
print '<td><input type="url" class="flat hideifnotset" name="agenda_ext_src'.$key.'" value="'. (GETPOST('agenda_ext_src'.$key)?GETPOST('agenda_ext_src'.$key, 'alpha'):$conf->global->$src) . '" size="60"></td>';
|
||||
// Color (Possible colors are limited by Google)
|
||||
print '<td class="nowrap" align="right">';
|
||||
//print $formadmin->selectColor($conf->global->$color, "google_agenda_color".$key, $colorlist);
|
||||
|
||||
@@ -367,7 +367,7 @@ class Commande extends CommonOrder
|
||||
{
|
||||
$mouvP = new MouvementStock($this->db);
|
||||
// We increment stock of product (and sub-products)
|
||||
$result=$mouvP->reception($user, $this->lines[$i]->fk_product, $idwarehouse, $this->lines[$i]->qty, $this->lines[$i]->subprice, $langs->trans("OrderBackToDraftInDolibarr",$this->ref));
|
||||
$result=$mouvP->reception($user, $this->lines[$i]->fk_product, $idwarehouse, $this->lines[$i]->qty, 0, $langs->trans("OrderBackToDraftInDolibarr",$this->ref));
|
||||
if ($result < 0) { $error++; }
|
||||
}
|
||||
}
|
||||
@@ -555,7 +555,7 @@ class Commande extends CommonOrder
|
||||
{
|
||||
$mouvP = new MouvementStock($this->db);
|
||||
// We increment stock of product (and sub-products)
|
||||
$result=$mouvP->reception($user, $this->lines[$i]->fk_product, $idwarehouse, $this->lines[$i]->qty, $this->lines[$i]->subprice, $langs->trans("OrderCanceledInDolibarr",$this->ref));
|
||||
$result=$mouvP->reception($user, $this->lines[$i]->fk_product, $idwarehouse, $this->lines[$i]->qty, 0, $langs->trans("OrderCanceledInDolibarr",$this->ref));
|
||||
if ($result < 0) {
|
||||
$error++;
|
||||
}
|
||||
@@ -881,6 +881,7 @@ class Commande extends CommonOrder
|
||||
// Clear fields
|
||||
$this->user_author_id = $user->id;
|
||||
$this->user_valid = '';
|
||||
$this->date = dol_now();
|
||||
$this->date_creation = '';
|
||||
$this->date_validation = '';
|
||||
$this->ref_client = '';
|
||||
|
||||
@@ -1796,7 +1796,7 @@ class Facture extends CommonInvoice
|
||||
{
|
||||
$mouvP = new MouvementStock($this->db);
|
||||
// We decrease stock for product
|
||||
if ($this->type == 2) $result=$mouvP->reception($user, $this->lines[$i]->fk_product, $idwarehouse, $this->lines[$i]->qty, $this->lines[$i]->subprice, $langs->trans("InvoiceValidatedInDolibarr",$num));
|
||||
if ($this->type == 2) $result=$mouvP->reception($user, $this->lines[$i]->fk_product, $idwarehouse, $this->lines[$i]->qty, 0, $langs->trans("InvoiceValidatedInDolibarr",$num));
|
||||
else $result=$mouvP->livraison($user, $this->lines[$i]->fk_product, $idwarehouse, $this->lines[$i]->qty, $this->lines[$i]->subprice, $langs->trans("InvoiceValidatedInDolibarr",$num));
|
||||
if ($result < 0) {
|
||||
$error++;
|
||||
|
||||
@@ -847,7 +847,7 @@ class Expedition extends CommonObject
|
||||
$mouvS = new MouvementStock($this->db);
|
||||
// We decrement stock of product (and sub-products)
|
||||
// We use warehouse selected for each line
|
||||
$result=$mouvS->reception($user, $obj->fk_product, $obj->fk_entrepot, $obj->qty, $obj->subprice, $langs->trans("ShipmentDeletedInDolibarr",$this->ref));
|
||||
$result=$mouvS->reception($user, $obj->fk_product, $obj->fk_entrepot, $obj->qty, 0, $langs->trans("ShipmentDeletedInDolibarr",$this->ref));
|
||||
if ($result < 0)
|
||||
{
|
||||
$error++;
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
* Upgrade scripts can be ran from command line with syntax:
|
||||
*
|
||||
* cd htdocs/install
|
||||
* php upgrade.php 3.4.0 3.5.0
|
||||
* php upgrade.php 3.4.0 3.5.0 [dirmodule|ignoredbversion]
|
||||
* php upgrade2.php 3.4.0 3.5.0
|
||||
*
|
||||
* Return code is 0 if OK, >0 if error
|
||||
@@ -54,7 +54,8 @@ $setuplang=GETPOST("selectlang",'',3)?GETPOST("selectlang",'',3):'auto';
|
||||
$langs->setDefaultLang($setuplang);
|
||||
$versionfrom=GETPOST("versionfrom",'',3)?GETPOST("versionfrom",'',3):(empty($argv[1])?'':$argv[1]);
|
||||
$versionto=GETPOST("versionto",'',3)?GETPOST("versionto",'',3):(empty($argv[2])?'':$argv[2]);
|
||||
$versionmodule=GETPOST("versionmodule",'',3)?GETPOST("versionmodule",'',3):(empty($argv[3])?'':$argv[3]);
|
||||
$versionmodule=(GETPOST("versionmodule",'',3) && GETPOST("versionmodule",'',3) != 'ignoredbversion')?GETPOST("versionmodule",'',3):((empty($argv[3]) || $argv[3] == 'ignoredbversion')?'':$argv[3]);
|
||||
$ignoredbversion=(GETPOST('ignoredbversion','',3)=='ignoredbversion')?GETPOST('ignoredbversion','',3):((empty($argv[3]) || $argv[3] != 'ignoredbversion')?'':$argv[3]);
|
||||
|
||||
$langs->load("admin");
|
||||
$langs->load("install");
|
||||
|
||||
@@ -80,13 +80,15 @@ function test_sql_and_script_inject($val, $type)
|
||||
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
|
||||
if ($type != 2)
|
||||
{
|
||||
$sql_inj += preg_match('/delete[\s]+from/i', $val);
|
||||
$sql_inj += preg_match('/create[\s]+table/i', $val);
|
||||
$sql_inj += preg_match('/update.+set.+=/i', $val);
|
||||
$sql_inj += preg_match('/insert[\s]+into/i', $val);
|
||||
$sql_inj += preg_match('/select.+from/i', $val);
|
||||
$sql_inj += preg_match('/union.+select/i', $val);
|
||||
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
|
||||
$sql_inj += preg_match('/delete\s+from/i', $val);
|
||||
$sql_inj += preg_match('/create\s+table/i', $val);
|
||||
$sql_inj += preg_match('/update.+set.+=/i', $val);
|
||||
$sql_inj += preg_match('/insert\s+into/i', $val);
|
||||
$sql_inj += preg_match('/select.+from/i', $val);
|
||||
$sql_inj += preg_match('/union.+select/i', $val);
|
||||
$sql_inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
|
||||
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
|
||||
$sql_inj += preg_match('/onerror=/i', $val);
|
||||
}
|
||||
// For XSS Injection done by adding javascript with script
|
||||
// This is all cases a browser consider text is javascript:
|
||||
@@ -94,7 +96,8 @@ function test_sql_and_script_inject($val, $type)
|
||||
// All examples on page: http://ha.ckers.org/xss.html#XSScalc
|
||||
$sql_inj += preg_match('/<script/i', $val);
|
||||
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
|
||||
$sql_inj += preg_match('/base[\s]+href/i', $val);
|
||||
$sql_inj += preg_match('/base[\s]+href/si', $val);
|
||||
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmouseover can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
|
||||
if ($type == 1)
|
||||
{
|
||||
$sql_inj += preg_match('/javascript:/i', $val);
|
||||
|
||||
@@ -2662,7 +2662,7 @@ class Product extends CommonObject
|
||||
$sql = "SELECT ps.reel, ps.fk_entrepot, ps.pmp";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."product_stock as ps";
|
||||
$sql.= ", ".MAIN_DB_PREFIX."entrepot as w";
|
||||
$sql.= " WHERE w.entity IN (".getEntity('warehouse', 1).")";
|
||||
$sql.= " WHERE w.entity IN (".getEntity('stock', 1).")";
|
||||
$sql.= " AND w.rowid = ps.fk_entrepot";
|
||||
$sql.= " AND ps.fk_product = ".$this->id;
|
||||
|
||||
|
||||
@@ -358,7 +358,7 @@ class Entrepot extends CommonObject
|
||||
|
||||
$sql = "SELECT rowid, label";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."entrepot";
|
||||
$sql.= " WHERE entity IN (".getEntity('warehouse', 1).")";
|
||||
$sql.= " WHERE entity IN (".getEntity('stock', 1).")";
|
||||
$sql.= " AND statut = ".$status;
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
@@ -418,7 +418,7 @@ class Entrepot extends CommonObject
|
||||
{
|
||||
$ret=array();
|
||||
|
||||
$sql = "SELECT sum(ps.reel) as nb, sum(ps.reel * ps.pmp) as value";
|
||||
$sql = "SELECT sum(ps.reel) as nb, sum(ps.reel * p.pmp) as value";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."product_stock as ps";
|
||||
$sql.= ", ".MAIN_DB_PREFIX."product as p";
|
||||
$sql.= " WHERE ps.fk_entrepot = ".$this->id;
|
||||
|
||||
@@ -364,7 +364,7 @@ else
|
||||
print_liste_field_titre($langs->trans("Product"),"", "p.ref","&id=".$_GET['id'],"","",$sortfield,$sortorder);
|
||||
print_liste_field_titre($langs->trans("Label"),"", "p.label","&id=".$_GET['id'],"","",$sortfield,$sortorder);
|
||||
print_liste_field_titre($langs->trans("Units"),"", "ps.reel","&id=".$_GET['id'],"",'align="right"',$sortfield,$sortorder);
|
||||
print_liste_field_titre($langs->trans("AverageUnitPricePMPShort"),"", "ps.pmp","&id=".$_GET['id'],"",'align="right"',$sortfield,$sortorder);
|
||||
print_liste_field_titre($langs->trans("AverageUnitPricePMPShort"),"", "p.pmp","&id=".$_GET['id'],"",'align="right"',$sortfield,$sortorder);
|
||||
print_liste_field_titre($langs->trans("EstimatedStockValueShort"),"", "","&id=".$_GET['id'],"",'align="right"',$sortfield,$sortorder);
|
||||
if (empty($conf->global->PRODUIT_MULTIPRICES)) print_liste_field_titre($langs->trans("SellPriceMin"),"", "p.price","&id=".$_GET['id'],"",'align="right"',$sortfield,$sortorder);
|
||||
if (empty($conf->global->PRODUIT_MULTIPRICES)) print_liste_field_titre($langs->trans("EstimatedStockValueSellShort"),"", "","&id=".$_GET['id'],"",'align="right"',$sortfield,$sortorder);
|
||||
@@ -426,10 +426,10 @@ else
|
||||
$totalunit+=$objp->value;
|
||||
|
||||
// Price buy PMP
|
||||
print '<td align="right">'.price(price2num($objp->pmp,'MU')).'</td>';
|
||||
print '<td align="right">'.price(price2num($objp->ppmp,'MU')).'</td>';
|
||||
// Total PMP
|
||||
print '<td align="right">'.price(price2num($objp->pmp*$objp->value,'MT')).'</td>';
|
||||
$totalvalue+=price2num($objp->pmp*$objp->value,'MT');
|
||||
print '<td align="right">'.price(price2num($objp->ppmp*$objp->value,'MT')).'</td>';
|
||||
$totalvalue+=price2num($objp->ppmp*$objp->value,'MT');
|
||||
|
||||
// Price sell min
|
||||
if (empty($conf->global->PRODUIT_MULTIPRICES))
|
||||
|
||||
@@ -528,9 +528,10 @@ print '<td align="right">'.$langs->trans("SellPriceMin").'</td>';
|
||||
print '<td align="right">'.$langs->trans("EstimatedStockValueSellShort").'</td>';
|
||||
print '</tr>';
|
||||
|
||||
$sql = "SELECT e.rowid, e.label, ps.reel, ps.pmp";
|
||||
$sql = "SELECT e.rowid, e.label, ps.reel, p.pmp";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."entrepot as e,";
|
||||
$sql.= " ".MAIN_DB_PREFIX."product_stock as ps";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = ps.fk_product";
|
||||
$sql.= " WHERE ps.reel != 0";
|
||||
$sql.= " AND ps.fk_entrepot = e.rowid";
|
||||
$sql.= " AND e.entity = ".$conf->entity;
|
||||
|
||||
@@ -53,7 +53,7 @@ $year = strftime("%Y",time());
|
||||
|
||||
// Affichage valorisation par entrepot
|
||||
$sql = "SELECT e.rowid as ref, e.label, e.statut, e.lieu,";
|
||||
$sql.= " SUM(ps.pmp * ps.reel) as estimatedvalue, SUM(p.price * ps.reel) as sellvalue";
|
||||
$sql.= " SUM(p.pmp * ps.reel) as estimatedvalue, SUM(p.price * ps.reel) as sellvalue";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."entrepot as e";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON e.rowid = ps.fk_entrepot";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON ps.fk_product = p.rowid";
|
||||
|
||||
Reference in New Issue
Block a user