Prepare 4.0.4 version

Conflicts:
	htdocs/core/class/html.formprojet.class.php

ChangeLog

@@ -12,6 +12,25 @@ Upgrading to any other version or any other database system is abolutely require
 make a Dolibarr upgrade.
 
 
+***** ChangeLog for 4.0.4 to 4.0.3 *****
+FIX: #6227 Document models table header "Unit" is shown in 2 lines in Spanish
+FIX: #6230
+FIX: #6237
+FIX: #6245 Thirdparty link in supplier invoices list, links to "comm/card" instead of "fourn/card" page
+FIX: #6253 Supplier invoice list filter does not respect "thirdparty" filter
+FIX: #6277
+FIX: project list and ajax completion return wrong list.
+FIX: bug margin calculation by user with multicompany
+FIX: Can make a stock transfert on product not on sale/purchase.
+FIX: extrafield input for varchar was not working with special char within (ie double quotes)
+FIX: javascript error
+FIX: link for not found photo when using gravatar. Must use external url.
+FIX: Protection so even if link is output for external user, links is disabled.
+FIX: repair tool was ko to restore extrafields with type select.
+FIX: Security access problem with external users on projects/tasks
+FIX: We must not drop extrafield column if there is still record on other entities.
+FIX: regression with sedning email when introducing security options to restrict nb of email sending.
+t 
 ***** ChangeLog for 4.0.3 to 4.0.2 *****
 FIX: #5853 $conf->global->$calc==0 || $conf->global->$calc==1
 FIX: #5958 no discount on supplier command made by replenishment
@@ -267,6 +286,115 @@ So if you included it into your module, change your code like this to be compati
   if (! $res) include_once DOL_DOCUMENT_ROOT . '/core/tpl/document_actions_pre_headers.tpl.php';
 
 
+
+***** ChangeLog for 3.9.4 compared to 3.9.3 *****
+FIX: #2853
+FIX: #3128
+FIX: #4447
+FIX: #5128 if create method return duplicated code error not use GETPOST in order to get a new code
+FIX: #5340
+FIX: #5473
+FIX: #5474 Country_id of "Don" object is still empty
+FIX: #5534
+FIX: #5535 bad dependency.
+FIX: #5537 AJAX project search does not work properly
+FIX: #5540 getFormMail is not registered as addReplace hook
+FIX: #5544 Disabled Contact still appear in lists to send emails
+FIX: #5549 getNomUrl tooltips show Order info even if user has no rights to read them
+FIX: #5568
+FIX: #5594
+FIX: #5629 PgSQL Interger string stylish error
+FIX: #5651
+FIX: #5660
+FIX: #5853 $conf->global->$calc==0 || $conf->global->$calc==1
+FIX: #5907
+FIX: #5966 Bug: getNomUrl tooltips show Proposal info even if user has no rights to read them
+FIX: #6051
+FIX: #6088
+FIX: Can correct stock of lot using eatby or sell by date
+FIX: Can make a movement on "out of sell" products
+FIX: cannot update bank account on invoice if module order not activated
+FIX: Can't create withdrawal document
+FIX: delete contract extrafields on contract deletion
+FIX: Direction of movement lost if an error occurs
+FIX: Error when CATEGORIE_RECURSIV_ADD is enabled and new category is daughter of an already linked to object
+FIX: export extrafields must not include separe type
+FIX: External user must not be able to edit its discounts
+FIX: Failed to export contact categories with contact extra fields
+FIX: header title in commercial area
+FIX: HT and TTC price should always be displayed together
+FIX: incoterms
+FIX: incoterms do not output into crabe invoice PDF
+FIX: in PgSQL no quote "word style" is permitted around column name
+FIX: Introduce hidden option MAIL_PREFIX_FOR_EMAIL_ID to solve pb of tracking email.
+FIX: margin tab on customer card must filter on current entity invoices
+FIX: missing column into SQL on thridparty list
+FIX: only show projects of related third if external user
+FIX: PgSQL Module Ressource list crash #5637
+FIX: php Strict
+FIX: Regression when deleting product
+FIX: Security to restrict email sending was not efficient
+FIX: tag for date rfc in odt substitution
+FIX: Update intervention lline crash with PgSQL
+FIX: update limit stock on product stock
+FIX: vat dictionary should allow enter and edit multiple values for localtaxes, separated by: (ex -19:-15)
+FIX: wrong test on dict.php
+
+
+***** ChangeLog for 3.9.4 compared to 3.9.3 *****
+FIX: #2853
+FIX: #3128
+FIX: #4447
+FIX: #5128 if create method return duplicated code error not use GETPOST in order to get a new code
+FIX: #5340
+FIX: #5473
+FIX: #5474 Country_id of "Don" object is still empty
+FIX: #5534
+FIX: #5535 bad dependency.
+FIX: #5537 AJAX project search does not work properly
+FIX: #5540 getFormMail is not registered as addReplace hook
+FIX: #5544 Disabled Contact still appear in lists to send emails
+FIX: #5549 getNomUrl tooltips show Order info even if user has no rights to read them
+FIX: #5568
+FIX: #5594
+FIX: #5629 PgSQL Interger string stylish error
+FIX: #5651
+FIX: #5660
+FIX: #5853 $conf->global->$calc==0 || $conf->global->$calc==1
+FIX: #5907
+FIX: #5966 Bug: getNomUrl tooltips show Proposal info even if user has no rights to read them
+FIX: #6051
+FIX: #6088
+FIX: Can correct stock of lot using eatby or sell by date
+FIX: Can make a movement on "out of sell" products
+FIX: cannot update bank account on invoice if module order not activated
+FIX: Can't create withdrawal document
+FIX: delete contract extrafields on contract deletion
+FIX: Direction of movement lost if an error occurs
+FIX: Error when CATEGORIE_RECURSIV_ADD is enabled and new category is daughter of an already linked to object
+FIX: export extrafields must not include separe type
+FIX: External user must not be able to edit its discounts
+FIX: Failed to export contact categories with contact extra fields
+FIX: header title in commercial area
+FIX: HT and TTC price should always be displayed together
+FIX: incoterms
+FIX: incoterms do not output into crabe invoice PDF
+FIX: in PgSQL no quote "word style" is permitted around column name
+FIX: Introduce hidden option MAIL_PREFIX_FOR_EMAIL_ID to solve pb of tracking email.
+FIX: margin tab on customer card must filter on current entity invoices
+FIX: missing column into SQL on thridparty list
+FIX: only show projects of related third if external user
+FIX: PgSQL Module Ressource list crash #5637
+FIX: php Strict
+FIX: Regression when deleting product
+FIX: Security to restrict email sending was not efficient
+FIX: tag for date rfc in odt substitution
+FIX: Update intervention lline crash with PgSQL
+FIX: update limit stock on product stock
+FIX: vat dictionary should allow enter and edit multiple values for localtaxes, separated by: (ex -19:-15)
+FIX: wrong test on dict.php
+
+
 ***** ChangeLog for 3.9.3 compared to 3.9.2 *****
 FIX: #4383 $userid not defined
 FIX: #4448 $filebonprev is not used, $this->filename now

dev/initdemo/initdemo.sh

@@ -162,7 +162,7 @@ export res=$?
 
 
 # ---------------------------- copy demo files
-export documentdir=`cat $mydir/../../htdocs/conf/conf.php | grep '^\$dolibarr_main_data_root' | sed -e 's/$dolibarr_main_data_root=//' | sed -e 's/;//' | sed -e "s/'//g" `
+export documentdir=`cat $mydir/../../htdocs/conf/conf.php | grep '^\$dolibarr_main_data_root' | sed -e 's/$dolibarr_main_data_root=//' | sed -e 's/;//' | sed -e "s/'//g" | sed -e 's/"//g' `
 if [ "x$documentdir" != "x" ]
 then
 	echo cp -pr $mydir/documents_demo/* "$documentdir/"
@@ -174,7 +174,7 @@ then
 	echo cp -pr $mydir/../../doc/images/* "$documentdir/ecm/Images"
 	cp -pr $mydir/../../doc/images/* "$documentdir/ecm/Images"
 else
-	echo Detection of documents directory failed so demo files were not copied. 
+	echo Detection of documents directory $documentdir failed so demo files were not copied. 
 fi
 
 

htdocs/admin/modules.php

@@ -193,7 +193,7 @@ foreach ($modulesdir as $dir)
 		    					    }
 		    					    ksort($arrayofnatures);
 		    					}
-		    					
+
 		    					// Define array $categ with categ with at least one qualified module
 		    					if ($modulequalified > 0)
 		    					{
@@ -315,13 +315,13 @@ if ($mode != 'marketplace')
     print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
     print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
     print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
-    
+
     $moreforfilter = '';
     $moreforfilter.='<div class="divsearchfield">';
     $moreforfilter.= $langs->trans('Keyword') . ': <input type="text" name="search_keyword" value="'.dol_escape_htmltag($search_keyword).'">';
     $moreforfilter.= '</div>';
     $moreforfilter.='<div class="divsearchfield">';
-    $moreforfilter.= $langs->trans('Origin') . ': '.$form->selectarray('search_nature', $arrayofnatures, $search_nature, 1);
+    $moreforfilter.= $langs->trans('Origin') . ': '.$form->selectarray('search_nature', $arrayofnatures, dol_escape_htmltag($search_nature), 1);
     $moreforfilter.= '</div>';
     if (! empty($conf->global->MAIN_FEATURES_LEVEL))
     {
@@ -342,7 +342,7 @@ if ($mode != 'marketplace')
     $moreforfilter.=' ';
     $moreforfilter.='<input type="submit" name="buttonreset" class="button" value="'.dol_escape_htmltag($langs->trans("Reset")).'">';
     $moreforfilter.= '</div>';
-    
+
     if (! empty($moreforfilter))
     {
         //print '<div class="liste_titre liste_titre_bydiv centpercent">';
@@ -351,11 +351,11 @@ if ($mode != 'marketplace')
         $reshook=$hookmanager->executeHooks('printFieldPreListTitle',$parameters);    // Note that $action and $object may have been modified by hook
         print $hookmanager->resPrint;
         //print '</div>';
-    }    
-    
+    }
+
     print '<br><br><br>';
-    
-    
+
+
     // Show list of modules
 
     print '<table summary="list_of_modules" id="list_of_modules" class="liste" width="100%">'."\n";
@@ -370,7 +370,7 @@ if ($mode != 'marketplace')
         $modName = $filename[$key];
     	$objMod  = $modules[$key];
     	$dirofmodule = $dirmod[$key];
-    	 
+
     	$special = $objMod->special;
 
     	//print $objMod->name." - ".$key." - ".$objMod->special.' - '.$objMod->version."<br>";
@@ -383,9 +383,9 @@ if ($mode != 'marketplace')
         	dol_syslog("Error for module ".$key." - Property name of module looks empty", LOG_WARNING);
       		continue;
         }
-        
+
         $const_name = 'MAIN_MODULE_'.strtoupper(preg_replace('/^mod/i','',get_class($objMod)));
-        
+
         // Check filters
         $modulename=$objMod->getName();
         $moduledesc=$objMod->getDesc();
@@ -396,7 +396,7 @@ if ($mode != 'marketplace')
         if ($search_keyword)
         {
             $qualified=0;
-            if (preg_match('/'.preg_quote($search_keyword).'/i', $modulename) 
+            if (preg_match('/'.preg_quote($search_keyword).'/i', $modulename)
                 || preg_match('/'.preg_quote($search_keyword).'/i', $moduledesc)
                 || preg_match('/'.preg_quote($search_keyword).'/i', $moduledesclong)
                 || preg_match('/'.preg_quote($search_keyword).'/i', $moduleauthor)
@@ -415,7 +415,7 @@ if ($mode != 'marketplace')
             {
                 //print $reg[1].'-'.dol_escape_htmltag($objMod->getPublisher());
                 $publisher=dol_escape_htmltag($objMod->getPublisher());
-                if ($reg[1] && $reg[1] != $publisher) continue;
+                if ($reg[1] && dol_escape_htmltag($reg[1]) != $publisher) continue;
                 if (! $reg[1] && ! empty($publisher)) continue;
             }
             if ($search_nature == 'core' && $objMod->isCoreOrExternalModule() == 'external') continue;
@@ -496,7 +496,7 @@ if ($mode != 'marketplace')
         $text='';
         if ($objMod->getDescLong()) $text.=$objMod->getDesc().'<br>'.$objMod->getDescLong().'<br>';
         else $text.=$objMod->getDesc().'<br>';
-        
+
         $textexternal='';
         if ($objMod->isCoreOrExternalModule() == 'external')
         {
@@ -522,7 +522,7 @@ if ($mode != 'marketplace')
             }
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddDictionaries").':</strong> ';
         if (isset($objMod->dictionaries) && isset($objMod->dictionaries['tablib']) && is_array($objMod->dictionaries['tablib']) && count($objMod->dictionaries['tablib']))
         {
@@ -534,7 +534,7 @@ if ($mode != 'marketplace')
             }
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddBoxes").':</strong> ';
         if (isset($objMod->boxes) && is_array($objMod->boxes) && count($objMod->boxes))
         {
@@ -553,14 +553,14 @@ if ($mode != 'marketplace')
             $text.=$langs->trans("Yes");
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddSubstitutions").':</strong> ';
         if (isset($objMod->module_parts) && isset($objMod->module_parts['substitutions']) && $objMod->module_parts['substitutions'])
         {
             $text.=$langs->trans("Yes");
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddSheduledJobs").':</strong> ';
         if (isset($objMod->cronjobs) && is_array($objMod->cronjobs) && count($objMod->cronjobs))
         {
@@ -572,14 +572,14 @@ if ($mode != 'marketplace')
             }
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddTriggers").':</strong> ';
         if (isset($objMod->module_parts) && isset($objMod->module_parts['triggers']) && $objMod->module_parts['triggers'])
         {
             $text.=$langs->trans("Yes");
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddHooks").':</strong> ';
         if (isset($objMod->module_parts) && is_array($objMod->module_parts['hooks']) && count($objMod->module_parts['hooks']))
         {
@@ -603,14 +603,14 @@ if ($mode != 'marketplace')
             }
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddMenus").':</strong> ';
         if (isset($objMod->menu) && is_array($objMod->menu) && ! empty($objMod->menu))
         {
             $text.=$langs->trans("Yes");
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddExportProfiles").':</strong> ';
         if (isset($objMod->export_label) && is_array($objMod->export_label) && count($objMod->export_label))
         {
@@ -622,7 +622,7 @@ if ($mode != 'marketplace')
             }
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddImportProfiles").':</strong> ';
         if (isset($objMod->import_label) && is_array($objMod->import_label) && count($objMod->import_label))
         {
@@ -634,25 +634,25 @@ if ($mode != 'marketplace')
             }
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddOtherPagesOrServices").':</strong> ';
         $text.=$langs->trans("DetectionNotPossible");
-        
+
         print $form->textwithpicto('', $text, 1, 'help', 'minheight20');
 
-        // Picto warning 
+        // Picto warning
         $version=$objMod->getVersion(0);
         $versiontrans=$objMod->getVersion(1);
         if (preg_match('/development/i', $version))  print img_warning($langs->trans("Development"), 'style="float: right"');
         if (preg_match('/experimental/i', $version)) print img_warning($langs->trans("Experimental"), 'style="float: right"');
         if (preg_match('/deprecated/i', $version))   print img_warning($langs->trans("Deprecated"), 'style="float: right"');
-        
+
         // Picto external
         if ($textexternal) print img_picto($langs->trans("ExternalModule",$dirofmodule), 'external', 'style="float: right"');
-        
-        
+
+
         print '</td>';
-        
+
         // Version
         print '<td align="center" valign="top" class="nowrap">';
         print $versiontrans;

htdocs/comm/mailing/card.php

@@ -753,8 +753,9 @@ else
 				$sendingmode=$conf->global->MAIN_MAIL_SENDMODE;
 				if (empty($sendingmode)) $sendingmode='mail';	// If not defined, we use php mail function
 
-				// MAILING_NO_USING_PHPMAIL may be defined or not
-				// MAILING_LIMIT_SENDBYWEB is always defined to something != 0, MAILING_LIMIT_SENDBYCLI may be defined ot not.
+				// MAILING_NO_USING_PHPMAIL may be defined or not.
+				// MAILING_LIMIT_SENDBYWEB is always defined to something != 0 (-1=forbidden).
+				// MAILING_LIMIT_SENDBYCLI may be defined ot not (-1=forbidden, 0 or undefined=no limit).
 				if (! empty($conf->global->MAILING_NO_USING_PHPMAIL) && $sendingmode == 'mail')
 				{
 					// EMailing feature may be a spam problem, so when you host several users/instance, having this option may force each user to use their own SMTP agent.
@@ -768,8 +769,8 @@ else
 				}
 				else if ($conf->global->MAILING_LIMIT_SENDBYWEB == '-1')
 				{
-				    if (! empty($conf->global->MAILING_LIMIT_WARNING_PHPMAIL) && $sendingmode == 'mail') setEventMessages($conf->global->MAILING_LIMIT_WARNING_PHPMAIL, null, 'warnings');
-				    if (! empty($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL) && $sendingmode != 'mail') setEventMessages($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL, null, 'warnings');
+				    if (! empty($conf->global->MAILING_LIMIT_WARNING_PHPMAIL) && $sendingmode == 'mail') setEventMessages($langs->transnoentitiesnoconv($conf->global->MAILING_LIMIT_WARNING_PHPMAIL), null, 'warnings');
+				    if (! empty($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL) && $sendingmode != 'mail') setEventMessages($langs->transnoentitiesnoconv($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL), null, 'warnings');
 				    
 					// The feature is forbidden from GUI, we show just message to use from command line.
 				    setEventMessages($langs->trans("MailingNeedCommand"), null, 'warnings');
@@ -782,8 +783,8 @@ else
 				}
 				else
 				{
-				    if (! empty($conf->global->MAILING_LIMIT_WARNING_PHPMAIL) && $sendingmode == 'mail') setEventMessages($conf->global->MAILING_LIMIT_WARNING_PHPMAIL, null, 'warnings');
-				    if (! empty($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL) && $sendingmode != 'mail') setEventMessages($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL, null, 'warnings');
+				    if (! empty($conf->global->MAILING_LIMIT_WARNING_PHPMAIL) && $sendingmode == 'mail') setEventMessages($langs->transnoentitiesnoconv($conf->global->MAILING_LIMIT_WARNING_PHPMAIL), null, 'warnings');
+				    if (! empty($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL) && $sendingmode != 'mail') setEventMessages($langs->transnoentitiesnoconv($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL), null, 'warnings');
 				    
 				    $text='';
 				    if ($conf->global->MAILING_LIMIT_SENDBYCLI >= 0)
@@ -794,7 +795,7 @@ else
                     }
 				    $text.=$langs->trans('ConfirmSendingEmailing').'<br>';
 					$text.=$langs->trans('LimitSendingEmailing',$conf->global->MAILING_LIMIT_SENDBYWEB);
-					print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id,$langs->trans('SendMailing'),$text,'sendallconfirmed',$formquestion,'',1,270);
+					print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id,$langs->trans('SendMailing'),$text,'sendallconfirmed',$formquestion,'',1,300);
 				}
 			}
 
@@ -832,23 +833,28 @@ else
 			print $langs->trans("TotalNbOfDistinctRecipients");
 			print '</td><td colspan="3">';
 			$nbemail = ($object->nbemail?$object->nbemail:img_warning('').' <font class="warning">'.$langs->trans("NoTargetYet").'</font>');
-			if ($object->statut != 3 && !empty($conf->global->MAILING_LIMIT_SENDBYWEB) && is_numeric($nbemail) && $conf->global->MAILING_LIMIT_SENDBYWEB < $nbemail)
+			if ($object->statut != 3 && is_numeric($nbemail))
 			{
-				if ($conf->global->MAILING_LIMIT_SENDBYWEB > 0)
-				{
-					$text=$langs->trans('LimitSendingEmailing',$conf->global->MAILING_LIMIT_SENDBYWEB);
-					print $form->textwithpicto($nbemail,$text,1,'warning');
-				}
-				else
-				{
-					$text=$langs->trans('NotEnoughPermissions');
-					print $form->textwithpicto($nbemail,$text,1,'warning');
-				}
-
-			}
-			else
-			{
-				print $nbemail;
+			    $text='';
+			    if (! empty($conf->global->MAILING_LIMIT_SENDBYWEB) && $conf->global->MAILING_LIMIT_SENDBYWEB < $nbemail)
+			    {
+    				if ($conf->global->MAILING_LIMIT_SENDBYWEB > 0)
+    				{
+    					$text.=$langs->trans('LimitSendingEmailing',$conf->global->MAILING_LIMIT_SENDBYWEB);
+    				}
+    				else
+    				{
+    					$text.=$langs->trans('NotEnoughPermissions');
+    				}
+			    }
+				if ($text)
+    			{
+    			    print $form->textwithpicto($nbemail,$text,1,'warning');
+    			}
+    			else
+    			{
+    				print $nbemail;
+    			}
 			}
 			print '</td></tr>';
 

htdocs/commande/class/api_commande.class.php

@@ -193,7 +193,7 @@ class CommandeApi extends DolibarrApi
      * @return  array   Array of order objects
      */
     function getListForSoc($socid = 0) {
-      return getList(0,"s.rowid","ASC",0,0,$socid);
+      return $this->getList(0,"s.rowid","ASC",0,0,$socid);
     }
 
     

htdocs/compta/paiement.php

@@ -391,10 +391,9 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
 							var form = $("#payment_form");
 
 							json["invoice_type"] = $("#invoice_type").val();
-							json["amountPayment"] = $("#amountpayment").attr("value");
+            				json["amountPayment"] = $("#amountpayment").attr("value");
 							json["amounts"] = _elemToJson(form.find("input.amount"));
-							json["remains"] = _elemToJson(form.find("input.remain]"));
-
+							json["remains"] = _elemToJson(form.find("input.remain"));
 							if (imgId != null) {
 								json["imgClicked"] = imgId;
 							}

htdocs/conf/conf.php.example

@@ -251,11 +251,16 @@ $dolibarr_main_restrict_os_commands='mysqldump, mysql, pg_dump, pgrestore';
 $dolibarr_nocsrfcheck='0';
 
 // dolibarr_mailing_limit_sendbyweb
-// Can set a limit for mailing send by web. Can be used for a restricted mode.
-// Default value: 0 (use database value if exist)
-// Examples:
-// $dolibarr_mailing_limit_sendbyweb='0';
+// Can set a limit for mailing send by web. This overwrite database value. Can be used to restrict on OS level.
+// Default value: '25'
+// Examples: '-1' (sending by web is forbidden)
+// $dolibarr_mailing_limit_sendbyweb='25';
 
+// dolibarr_mailing_limit_sendbycli
+// Can set a limit for mailing send by cli. This overwrite database value. Can be used to restrict on OS level.
+// Default value: '0' (no hard limit, use soft database value if exists)
+// Examples: '-1' (sending by cli is forbidden)
+// $dolibarr_mailing_limit_sendbycli='0';
 
 
 //##################
@@ -274,18 +279,6 @@ $dolibarr_nocsrfcheck='0';
 // Examples:
 // $dolibarr_main_limit_users='0';
 
-// dolibarr_mailing_limit_sendbyweb
-// Can set a limit for mailing send by web. This overwrite database value. Can be used to restrict on OS level.
-// Default value: '0' (no overwrite, use database value if exists)
-// Examples: '-1' (sending by web is forbidden)
-// $dolibarr_mailing_limit_sendbyweb='0';
-
-// dolibarr_mailing_limit_sendbycli
-// Can set a limit for mailing send by cli. This overwrite database value. Can be used to restrict on OS level.
-// Default value: '0' (no overwrite, use database value if exists)
-// Examples: '-1' (sending by cli is forbidden)
-// $dolibarr_mailing_limit_sendbycli='0';
-
 // dolibarr_strict_mode
 // Set this to 1 to enable the PHP strict mode. For dev environment only.
 // Default value: 0 (use database value if exist)

htdocs/contact/class/contact.class.php

@@ -130,6 +130,7 @@ class Contact extends CommonObject
 			$clause = "AND";
 		}
 		$sql.= ' '.$clause.' sp.entity IN ('.getEntity($this->element, 1).')';
+		$sql.= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))";
         if ($user->societe_id > 0) $sql.=" AND sp.fk_soc = ".$user->societe_id;
         
 		$resql=$this->db->query($sql);

htdocs/core/class/CMailFile.class.php

@@ -153,7 +153,7 @@ class CMailFile
 		}
 
 		if (! empty($conf->global->MAIN_MAIL_FORCE_CONTENT_TYPE_TO_HTML)) $this->msgishtml=1; // To force to send everything with content type html.
-		    
+
 		// Detect images
 		if ($this->msgishtml)
 		{
@@ -210,7 +210,7 @@ class CMailFile
 			$this->trackid = $trackid;
 			$smtp_headers = $this->write_smtpheaders();
             if (! empty($moreinheader)) $smtp_headers.=$moreinheader;
-            
+
 			// Define mime_headers
 			$mime_headers = $this->write_mimeheaders($filename_list, $mimefilename_list);
 
@@ -270,7 +270,7 @@ class CMailFile
 			$smtps->setFrom($this->getValidAddress($from,0,1));
 			$smtps->setTrackId($trackid);
 			$smtps->setReplyTo($this->getValidAddress($from,0,1));   // Set property with this->smtps->setReplyTo after constructor if you want to use another value than the From
-					
+
 			if (! empty($this->html))
 			{
 				if (!empty($css))
@@ -365,7 +365,9 @@ class CMailFile
         {
             // Use Swift Mailer library
             // ------------------------------------------
-
+            
+            $host = dol_getprefix('email');
+            
             require_once DOL_DOCUMENT_ROOT.'/includes/swiftmailer/lib/swift_required.php';
             // Create the message
             $this->message = Swift_Message::newInstance();
@@ -373,7 +375,7 @@ class CMailFile
             // Adding a trackid header to a message
             $headers = $this->message->getHeaders();
             $headers->addTextHeader('X-Dolibarr-TRACKID', $trackid);
-            $headerID = time() . '.swiftmailer-dolibarr-' . $trackid . '@' . $conf->global->MAIN_MAIL_SMTP_SERVER;
+            $headerID = time() . '.swiftmailer-dolibarr-' . $trackid . '@' . $host;
             $msgid = $headers->get('Message-ID');
             $msgid->setId($headerID);
             $headers->addIdHeader('References', $headerID);
@@ -473,37 +475,46 @@ class CMailFile
                 'maildao'
             ));
             $reshook = $hookmanager->executeHooks('doactions', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks
-            if (! empty($reshook)) 
+            if (! empty($reshook))
             {
                 $this->error = "Error in hook maildao doactions " . $reshook;
                 dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_ERR);
-                
+
                 return $reshook;
             }
 
             // Check number of recipient is lower or equal than MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL
-            if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL=10;
-            $tmparray = explode(',', $this->addr_to);
-            if (count($tmparray) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)
+            if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_TO_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_TO_IN_SAME_EMAIL=10;
+            $tmparray1 = explode(',', $this->addr_to);
+            if (count($tmparray1) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_TO_IN_SAME_EMAIL)
             {
                 $this->error = 'Too much recipients in to:';
                 dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
                 return false;
             }
-            $tmparray = explode(',', $this->addr_cc);
-            if (count($tmparray) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)
+            if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_CC_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_CC_IN_SAME_EMAIL=10;
+            $tmparray2 = explode(',', $this->addr_cc);
+            if (count($tmparray2) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_CC_IN_SAME_EMAIL)
             {
                 $this->error = 'Too much recipients in cc:';
                 dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
                 return false;
             }
-            $tmparray = explode(',', $this->addr_bcc);
-            if (count($tmparray) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)
+            if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_BCC_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_BCC_IN_SAME_EMAIL=10;
+            $tmparray3 = explode(',', $this->addr_bcc);
+            if (count($tmparray3) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_BCC_IN_SAME_EMAIL)
             {
                 $this->error = 'Too much recipients in bcc:';
                 dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
                 return false;
             }
+            if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL=10;
+            if ((count($tmparray1)+count($tmparray2)+count($tmparray3)) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)
+            {
+                $this->error = 'Too much recipients in to:, cc:, bcc:';
+                dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
+                return false;
+            }
 
 			// Action according to choosed sending method
 			if ($conf->global->MAIN_MAIL_SENDMODE == 'mail')
@@ -546,7 +557,7 @@ class CMailFile
                         $bounce .= ($bounce?' ':'').'-ba';
                     }
                     dol_syslog("CMailFile::sendfile: mail start HOST=".ini_get('SMTP').", PORT=".ini_get('smtp_port').", additionnal_parameters=".$bounce, LOG_DEBUG);
-                    
+
 					$this->message=stripslashes($this->message);
 
 					if (! empty($conf->global->MAIN_MAIL_DEBUG)) $this->dump_mail();
@@ -866,7 +877,7 @@ class CMailFile
 
 		// Receiver
 		if (isset($this->addr_cc)   && $this->addr_cc)   $out.= "Cc: ".$this->getValidAddress($this->addr_cc,2).$this->eol2;
-		if (isset($this->addr_bcc)  && $this->addr_bcc)  $out.= "Bcc: ".$this->getValidAddress($this->addr_bcc,2).$this->eol2;    // Question: bcc must not be into header, only into SMTP command "RCPT TO". Does php mail support this ? 
+		if (isset($this->addr_bcc)  && $this->addr_bcc)  $out.= "Bcc: ".$this->getValidAddress($this->addr_bcc,2).$this->eol2;    // Question: bcc must not be into header, only into SMTP command "RCPT TO". Does php mail support this ?
 
 		// Delivery receipt
 		if (isset($this->deliveryreceipt) && $this->deliveryreceipt == 1) $out.= "Disposition-Notification-To: ".$this->getValidAddress($this->addr_from,2).$this->eol2;

htdocs/core/class/extrafields.class.php

@@ -323,16 +323,40 @@ class ExtraFields
 
 		$table=$elementtype.'_extrafields';
 
+		$error=0;
+		
 		if (! empty($attrname) && preg_match("/^\w[a-zA-Z0-9-_]*$/",$attrname))
 		{
-			$result=$this->db->DDLDropField(MAIN_DB_PREFIX.$table,$attrname);	// This also drop the unique key
+			$result=$this->delete_label($attrname,$elementtype);
 			if ($result < 0)
 			{
-				$this->error=$this->db->lasterror();
+			    $this->error=$this->db->lasterror();
+			    $error++;
 			}
 
-			$result=$this->delete_label($attrname,$elementtype);
-
+			if (! $error)
+			{
+        		$sql = "SELECT COUNT(rowid) as nb";
+        		$sql.= " FROM ".MAIN_DB_PREFIX."extrafields";
+        		$sql.= " WHERE elementtype = '".$elementtype."'";
+        		$sql.= " AND name = '".$attrname."'";
+        		//$sql.= " AND entity IN (0,".$conf->entity.")";      Do not test on entity here. We want to see if there is still on field remaning in other entities before deleting field in table
+                $resql = $this->db->query($sql);
+                if ($resql)
+                {
+                    $obj = $this->db->fetch_object($resql);
+                    if ($obj->nb <= 0)
+                    {
+            			$result=$this->db->DDLDropField(MAIN_DB_PREFIX.$table,$attrname);	// This also drop the unique key
+            			if ($result < 0)
+            			{
+            				$this->error=$this->db->lasterror();
+            				$error++;
+            			}
+                    }
+                }
+			}
+			
 			return $result;
 		}
 		else
@@ -715,7 +739,7 @@ class ExtraFields
 		}
 		elseif ($type == 'varchar')
 		{
-			$out='<input type="text" class="flat" name="'.$keysuffix.'options_'.$key.$keyprefix.'" size="'.$showsize.'" maxlength="'.$size.'" value="'.$value.'"'.($moreparam?$moreparam:'').'>';
+			$out='<input type="text" class="flat" name="'.$keysuffix.'options_'.$key.$keyprefix.'" size="'.$showsize.'" maxlength="'.$size.'" value="'.dol_escape_htmltag($value).'"'.($moreparam?$moreparam:'').'>';
 		}
 		elseif ($type == 'text')
 		{

htdocs/core/class/html.form.class.php

@@ -5812,7 +5812,7 @@ class Form
 	                 */
                     global $dolibarr_main_url_root;
                     $ret.='<!-- Put link to gravatar -->';
-                    $ret.='<img class="photo'.$modulepart.($cssclass?' '.$cssclass:'').'" alt="Gravatar avatar" title="'.$email.' Gravatar avatar" border="0"'.($width?' width="'.$width.'"':'').($height?' height="'.$height.'"':'').' src="https://www.gravatar.com/avatar/'.dol_hash(strtolower(trim($email)),3).'?s='.$width.'&d='.urlencode(dol_buildpath($nophoto,2)).'">';	// gravatar need md5 hash
+                    $ret.='<img class="photo'.$modulepart.($cssclass?' '.$cssclass:'').'" alt="Gravatar avatar" title="'.$email.' Gravatar avatar" border="0"'.($width?' width="'.$width.'"':'').($height?' height="'.$height.'"':'').' src="https://www.gravatar.com/avatar/'.dol_hash(strtolower(trim($email)),3).'?s='.$width.'&d='.urlencode(dol_buildpath($nophoto,3)).'">';	// gravatar need md5 hash
                 }
                 else
 				{

htdocs/core/class/html.formfile.class.php

@@ -76,7 +76,7 @@ class FormFile
         global $conf,$langs, $hookmanager;
         $hookmanager->initHooks(array('formfile'));
 
-        
+
         if (! empty($conf->browser->layout) && $conf->browser->layout != 'classic') $useajax=0;
 
 		if ((! empty($conf->global->MAIN_USE_JQUERY_FILEUPLOAD) && $useajax) || ($useajax==2))
@@ -276,7 +276,7 @@ class FormFile
 		if (0 !== $iconPDF) {
 			dol_syslog(__METHOD__ . ": passing iconPDF parameter is deprecated", LOG_WARNING);
 		}
-		
+
         global $langs, $conf, $user, $hookmanager;
         global $form, $bc;
 
@@ -288,7 +288,7 @@ class FormFile
         if (! empty($iconPDF)) {
         	return $this->getDocumentsLink($modulepart, $modulesubdir, $filedir);
         }
-        
+
         $printer=0;
         if (in_array($modulepart,array('facture','supplier_proposal','propal','proposal','order','commande','expedition', 'commande_fournisseur')))	// The direct print feature is implemented only for such elements
         {
@@ -506,7 +506,7 @@ class FormFile
 
             $addcolumforpicto=($delallowed || $printer || $morepicto);
             $out.= '<th align="center" colspan="'.(3+($addcolumforpicto?'2':'1')).'" class="formdoc liste_titre maxwidthonsmartphone">';
-            
+
             // Model
             if (! empty($modellist))
             {
@@ -863,8 +863,8 @@ class FormFile
 						    $minifile=getImageFileNameForSize($file['name'], '_mini'); // For new thumbs using same ext (in lower case howerver) than original
 						    if (! dol_is_file($file['path'].'/'.$minifile)) $minifile=getImageFileNameForSize($file['name'], '_mini', '.png'); // For backward compatibility of old thumbs that were created with filename in lower case and with .png extension
 						    //print $file['path'].'/'.$minifile.'<br>';
-						    print '<a href="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&file='.urlencode($relativepath.$fileinfo['filename'].'.'.strtolower($fileinfo['extension'])).'" class="aphoto" target="_blank">';
-							print '<img border="0" height="'.$maxheightmini.'" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&file='.urlencode($relativepath.$minifile).'" title="">';
+						    print '<a href="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.(!empty($object->entity)?$object->entity:$conf->entity).'&file='.urlencode($relativepath.$fileinfo['filename'].'.'.strtolower($fileinfo['extension'])).'" class="aphoto" target="_blank">';
+							print '<img border="0" height="'.$maxheightmini.'" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.(!empty($object->entity)?$object->entity:$conf->entity).'&file='.urlencode($relativepath.$minifile).'" title="">';
 							print '</a>';
 						}
 						else print '&nbsp;';

htdocs/core/class/html.formprojet.class.php

@@ -140,8 +140,10 @@ class FormProjets
 		if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)";
 		if ($socid > 0 && empty($conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY))  $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)";
 		if (!empty($filterkey)) {
-			$sql .= " AND p.title LIKE '%".$this->db->escape($filterkey)."%'";
-			$sql .= " OR p.ref LIKE '%".$this->db->escape($filterkey)."%'";
+			$sql .= ' AND (';
+			$sql .= ' p.title LIKE "%'.$this->db->escape($filterkey).'%"';
+			$sql .= ' OR p.ref LIKE "%'.$this->db->escape($filterkey).'%"';
+			$sql .= ')';
 		}
 		$sql.= " ORDER BY p.ref ASC";
 

htdocs/core/class/smtps.class.php

@@ -1190,7 +1190,7 @@ class SMTPs
 		$host=preg_replace('@tcp://@i','',$host);	// Remove prefix
 		$host=preg_replace('@ssl://@i','',$host);	// Remove prefix
 
-		$host=dol_getprefix('email').'-'.$host;
+		$host=dol_getprefix('email');
 		
 		//NOTE: Message-ID should probably contain the username of the user who sent the msg
 		$_header .= 'Subject: '    . $this->getSubject()     . "\r\n";

htdocs/core/modules/commande/doc/pdf_einstein.modules.php

@@ -110,8 +110,8 @@ class pdf_einstein extends ModelePDFCommandes
 		{
 			$this->posxtva=99;
 			$this->posxup=114;
-			$this->posxqty=133;
-			$this->posxunit=150;
+			$this->posxqty=130;
+			$this->posxunit=147;
 		}
 		else
 		{

htdocs/core/modules/facture/doc/pdf_crabe.modules.php

@@ -119,8 +119,8 @@ class pdf_crabe extends ModelePDFFactures
 		{
 			$this->posxtva=99;
 			$this->posxup=114;
-			$this->posxqty=133;
-			$this->posxunit=150;
+			$this->posxqty=130;
+			$this->posxunit=147;
 		}
 		else
 		{

htdocs/core/modules/propale/doc/pdf_azur.modules.php

@@ -108,8 +108,8 @@ class pdf_azur extends ModelePDFPropales
 		{
 			$this->posxtva=99;
 			$this->posxup=114;
-			$this->posxqty=133;
-			$this->posxunit=150;
+			$this->posxqty=130;
+			$this->posxunit=147;
 		}
 		else
 		{

htdocs/core/modules/supplier_invoice/pdf/pdf_canelle.modules.php

@@ -102,8 +102,8 @@ class pdf_canelle extends ModelePDFSuppliersInvoices
 		if($conf->global->PRODUCT_USE_UNITS) {
 			$this->posxtva=99;
 			$this->posxup=114;
-			$this->posxqty=133;
-			$this->posxunit=150;
+			$this->posxqty=130;
+			$this->posxunit=147;
 		}
 		//if (! empty($conf->global->MAIN_GENERATE_DOCUMENTS_WITHOUT_VAT)) $this->posxtva=$this->posxup;
 		$this->posxpicture=$this->posxtva - (empty($conf->global->MAIN_DOCUMENTS_WITH_PICTURE_WIDTH)?20:$conf->global->MAIN_DOCUMENTS_WITH_PICTURE_WIDTH);	// width of images

htdocs/core/modules/supplier_order/pdf/pdf_muscadet.modules.php

@@ -111,8 +111,8 @@ class pdf_muscadet extends ModelePDFSuppliersOrders
 		{
 			$this->posxtva=99;
 			$this->posxup=114;
-			$this->posxqty=133;
-			$this->posxunit=150;
+			$this->posxqty=130;
+			$this->posxunit=147;
 		} else {
 			$this->posxtva=112;
 			$this->posxup=126;

htdocs/core/tpl/login.tpl.php

@@ -89,7 +89,7 @@ $(document).ready(function () {
 
 <div id="login_right">
 
-<table class="left centpercent" title="Login pass">
+<table class="left centpercent" title="<?php echo $langs->trans("EnterLoginDetail"); ?>">
 <!-- Login -->
 <tr>
 <td class="nowrap center valignmiddle">

htdocs/fichinter/card.php

@@ -583,7 +583,7 @@ if (empty($reshook))
 		}
 	}
 
-	// Classify Billed
+	// Classify unbilled
 	else if ($action == 'classifyunbilled' && $user->rights->ficheinter->creer)
 	{
 		$result=$object->setStatut(1);
@@ -598,6 +598,21 @@ if (empty($reshook))
 		}
 	}
 
+	// Classify Done
+	else if ($action == 'classifydone' && $user->rights->ficheinter->creer)
+	{
+	    $result=$object->setStatut(3);
+	    if ($result > 0)
+	    {
+	        header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+	        exit;
+	    }
+	    else
+	    {
+	        setEventMessages($object->error, $object->errors, 'errors');
+	    }
+	}
+	
 	/*
 	 *  Mise a jour d'une ligne d'intervention
 	 */

htdocs/filefunc.inc.php

@@ -31,7 +31,7 @@
  */
 
 if (! defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE','Dolibarr');
-if (! defined('DOL_VERSION')) define('DOL_VERSION','4.0.3');
+if (! defined('DOL_VERSION')) define('DOL_VERSION','4.0.4');
 
 if (! defined('EURO')) define('EURO',chr(128));
 

htdocs/fourn/commande/dispatch.php

@@ -314,7 +314,7 @@ if ($id > 0 || ! empty($ref))
 
 			if ($commande->methode_commande)
 			{
-				print '<tr><td>'.$langs->trans("Method").'</td><td colspan="2">'.$commande->methode_commande.'</td></tr>';
+				print '<tr><td>'.$langs->trans("Method").'</td><td colspan="2">'.$commande->getInputMethod().'</td></tr>';
 			}
 		}
 

htdocs/fourn/facture/list.php

@@ -6,7 +6,7 @@
  * Copyright (C) 2013	   Florian Henry		<florian.henry@open-concept.pro>
  * Copyright (C) 2013      Cédric Salvador      <csalvador@gpcsolutions.fr>
  * Copyright (C) 2015      Marcos García        <marcosgdf@gmail.com>
- * Copyright (C) 2015	   juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2015-2007 Juanjo Menent		<jmenent@2byte.es>
  * Copyright (C) 2015 	   Abbes Bahfir 	<bafbes@gmail.com>
  * Copyright (C) 2015-2016 Ferran Marcet		<fmarcet@2byte.es>
  *
@@ -434,6 +434,7 @@ if ($resql)
 	print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
 	print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
 	print '<input type="hidden" name="viewstatut" value="'.$viewstatut.'">';
+	print '<input type="hidden" name="socid" value="'.$socid.'">';
 
 	print_barre_liste($langs->trans("BillsSuppliers").($socid?" $soc->name.":""),$page,$_SERVER["PHP_SELF"],$param,$sortfield,$sortorder,'',$num,$nbtotalofrecords,'title_accountancy',0,'','',$limit);
 	
@@ -788,7 +789,7 @@ if ($resql)
                 $thirdparty->name=$obj->name;
                 $thirdparty->client=$obj->client;
                 $thirdparty->code_client=$obj->code_client;
-                print $thirdparty->getNomUrl(1,'customer');
+                print $thirdparty->getNomUrl(1,'supplier');
                 print '</td>';
                 if (! $i) $totalarray['nbfield']++;
     		}

htdocs/install/repair.php

@@ -252,10 +252,34 @@ if ($ok)
 	            if (! in_array($code,array_keys($arrayoffieldsfound)))
 	            {
 	                print 'Found field '.$code.' declared into '.MAIN_DB_PREFIX.'extrafields table but not found into desc of table '.$tableextra." -> ";
-	                $type=$extrafields->attribute_type[$code]; $value=$extrafields->attribute_size[$code]; $attribute=''; $default=''; $extra=''; $null='null';
+	                $type=$extrafields->attribute_type[$code]; $length=$extrafields->attribute_size[$code]; $attribute=''; $default=''; $extra=''; $null='null';
+	                
+           			if ($type=='boolean') {
+        				$typedb='int';
+        				$lengthdb='1';
+        			} elseif($type=='price') {
+        				$typedb='double';
+        				$lengthdb='24,8';
+        			} elseif($type=='phone') {
+        				$typedb='varchar';
+        				$lengthdb='20';
+        			}elseif($type=='mail') {
+        				$typedb='varchar';
+        				$lengthdb='128';
+        			} elseif (($type=='select') || ($type=='sellist') || ($type=='radio') ||($type=='checkbox') ||($type=='chkbxlst')){
+        				$typedb='text';
+        				$lengthdb='';
+        			} elseif ($type=='link') {
+        				$typedb='int';
+        				$lengthdb='11';
+        			} else {
+        				$typedb=$type;
+        				$lengthdb=$length;
+        			}
+	                
 	                $field_desc=array(
-	                	'type'=>$type,
-	                	'value'=>$value,
+	                	'type'=>$typedb,
+	                	'value'=>$lengthdb,
 	                	'attribute'=>$attribute,
 	                	'default'=>$default,
 	                	'extra'=>$extra,

htdocs/langs/en_US/admin.lang

@@ -560,7 +560,7 @@ Permission34=Delete products
 Permission36=See/manage hidden products
 Permission38=Export products
 Permission41=Read projects and tasks (shared project and projects i'm contact for). Can also enter time consumed on assigned tasks (timesheet)
-Permission42=Create/modify projects (shared project and projects i'm contact for)
+Permission42=Create/modify projects (shared project and projects i'm contact for). Can also create tasks and assign users to project and tasks
 Permission44=Delete projects (shared project and projects i'm contact for)
 Permission45=Export projects
 Permission61=Read interventions
@@ -663,7 +663,7 @@ PermissionAdvanced253=Create/modify internal/external users and permissions
 Permission254=Create/modify external users only
 Permission255=Modify other users password
 Permission256=Delete or disable other users
-Permission262=Extend access to all third parties (not only those linked to user). Not effective for external users (always limited to themselves).
+Permission262=Extend access to all third parties (not only third parties that user is a sale representative). Not effective for external users (always limited to themselves for proposals, orders, invoices, contracts, etc). Not effective for projects (only rules on project permissions, visibility and assignement matters).
 Permission271=Read CA
 Permission272=Read invoices
 Permission273=Issue invoices

htdocs/langs/en_US/errors.lang

@@ -170,12 +170,13 @@ ErrorWarehouseRequiredIntoShipmentLine=Warehouse is required on the line to ship
 ErrorFileMustHaveFormat=File must have format %s
 ErrorSupplierCountryIsNotDefined=Country for this supplier is not defined. Correct this first.
 ErrorsThirdpartyMerge=Failed to merge the two records. Request canceled.
-ErrorStockIsNotEnoughToAddProductOnOrder=Stock is not enougth for product %s to add it into a new order.
-ErrorStockIsNotEnoughToAddProductOnInvoice=Stock is not enougth for product %s to add it into a new invoice.
-ErrorStockIsNotEnoughToAddProductOnShipment=Stock is not enougth for product %s to add it into a new shipment.
-ErrorStockIsNotEnoughToAddProductOnProposal=Stock is not enougth for product %s to add it into a new proposal.
+ErrorStockIsNotEnoughToAddProductOnOrder=Stock is not enough for product %s to add it into a new order.
+ErrorStockIsNotEnoughToAddProductOnInvoice=Stock is not enough for product %s to add it into a new invoice.
+ErrorStockIsNotEnoughToAddProductOnShipment=Stock is not enough for product %s to add it into a new shipment.
+ErrorStockIsNotEnoughToAddProductOnProposal=Stock is not enough for product %s to add it into a new proposal.
 ErrorFailedToLoadLoginFileForMode=Failed to get the login key for mode '%s'.
 ErrorPhpMailDelivery=Check that you don't use a too high number of recipients and that your email content is not similar to a Spam. Ask also your administrator to check firewall and server logs files for a more complete information.
+ErrorUserNotAssignedToTask=User must be assigned to task to be able to enter time consumed.
 
 # Warnings
 WarningPasswordSetWithNoAccount=A password was set for this member. However, no user account was created. So this password is stored but can't be used to login to Dolibarr. It may be used by an external module/interface but if you don't need to define any login nor password for a member, you can disable option "Manage a login for each member" from Member module setup. If you need to manage a login but don't need any password, you can keep this field empty to avoid this warning. Note: Email can also be used as a login if the member is linked to a user.  

htdocs/langs/en_US/mails.lang

@@ -35,7 +35,7 @@ MailingStatusSentPartialy=Sent partialy
 MailingStatusSentCompletely=Sent completely
 MailingStatusError=Error
 MailingStatusNotSent=Not sent
-MailSuccessfulySent=Email successfully sent (from %s to %s)
+MailSuccessfulySent=Email successfully accepted for delivery (from %s to %s)
 MailingSuccessfullyValidated=EMailing successfully validated
 MailUnsubcribe=Unsubscribe
 MailingStatusNotContact=Don't contact anymore

htdocs/langs/en_US/main.lang

@@ -447,6 +447,7 @@ DeletePicture=Picture delete
 ConfirmDeletePicture=Confirm picture deletion?
 Login=Login
 CurrentLogin=Current login
+EnterLoginDetail=Enter login details
 January=January
 February=February
 March=March

htdocs/langs/eu_ES/mails.lang

@@ -27,7 +27,7 @@ DeleteAMailing=Delete an emailing
 PreviewMailing=Preview emailing
 CreateMailing=Create emailing
 TestMailing=Test email
-ValidMailing=Valid emailing
+ValidMailing=Validate emailing
 MailingStatusDraft=Draft
 MailingStatusValidated=Validated
 MailingStatusSent=Sent

htdocs/margin/agentMargins.php

@@ -124,6 +124,7 @@ $sql.= ", ".MAIN_DB_PREFIX."facturedet as d";
 $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= ", ".MAIN_DB_PREFIX."user as u";
 $sql.= " WHERE f.fk_soc = s.rowid";
+$sql.= " AND f.entity = ".$conf->entity;
 $sql.= " AND sc.fk_soc = f.fk_soc";
 $sql.= " AND (d.product_type = 0 OR d.product_type = 1)";
 if (! empty($conf->global->AGENT_CONTACT_TYPE))

htdocs/product/stats/card.php

@@ -44,6 +44,7 @@ $ref	= GETPOST('ref');
 $mode	= (GETPOST('mode') ? GETPOST('mode') : 'byunit');
 $error	= 0;
 $mesg	= '';
+$graphfiles=array();
 
 $socid='';
 if (! empty($user->societe_id)) $socid=$user->societe_id;
@@ -57,7 +58,7 @@ $result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','',
 /*
  *	View
  */
- 
+
 $form = new Form($db);
 
 if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
@@ -68,7 +69,7 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
         llxHeader("",$langs->trans("ProductStatistics"));
 
    	    $type = GETPOST('type');
-	    
+
        	$helpurl='';
         if ($type == '0')
         {
@@ -88,13 +89,13 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
             //$title=$langs->trans("StatisticsOfProductsOrServices");
             $title=$langs->trans("Statistics");
         }
-        
+
         print load_fiche_titre($title, $mesg,'title_products.png');
     }
     else
     {
         $result = $object->fetch($id,$ref);
-        
+
 		$title = $langs->trans('ProductServiceCard');
 		$helpurl = '';
 		$shortlabel = dol_trunc($object->label,16);
@@ -111,8 +112,8 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
 
 		llxHeader('', $title, $helpurl);
     }
-	
-    
+
+
 	if ($result && (! empty($id) || ! empty($ref)))
 	{
 		$head=product_prepare_head($object);
@@ -122,21 +123,21 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
 		dol_fiche_head($head, 'stats', $titre, 0, $picto);
 
 		$linkback = '<a href="'.DOL_URL_ROOT.'/product/list.php">'.$langs->trans("BackToList").'</a>';
-		
+
         dol_banner_tab($object, 'ref', $linkback, ($user->societe_id?0:1), 'ref');
-        
+
 		dol_fiche_end();
 	}
 	if (GETPOST('id') == 'all')
 	{
         $h=0;
         $head = array();
-        
+
         $head[$h][0] = DOL_URL_ROOT.'/product/stats/card.php?id=all';
         $head[$h][1] = $langs->trans("Chart");
         $head[$h][2] = 'chart';
         $h++;
-        
+
     	$title = $langs->trans("ListProductServiceByPopularity");
         if ((string) $type == '1') {
         	$title = $langs->trans("ListServiceByPopularity");
@@ -144,49 +145,49 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
         if ((string) $type == '0') {
         	$title = $langs->trans("ListProductByPopularity");
         }
-        
+
         $head[$h][0] = DOL_URL_ROOT.'/product/popuprop.php'.($type != ''?'?type='.$type:'');
         $head[$h][1] = $title;
         $head[$h][2] = 'popularityprop';
         $h++;
-        
-        dol_fiche_head($head,'chart',$langs->trans("Statistics"));   
+
+        dol_fiche_head($head,'chart',$langs->trans("Statistics"));
 	}
-	
-	
+
+
 	if ($result || GETPOST('id') == 'all')
 	{
 	    if (GETPOST('id') == 'all')
 	    {
     		// Choice of type of product
     		if (! empty($conf->dol_use_jmobile)) print "\n".'<div class="fichecenter"><div class="nowrap">'."\n";
-    
+
     		if ((string) $type != '0') print '<a href="'.$_SERVER["PHP_SELF"].'?id='.(GETPOST('id')?GETPOST('id'):$object->id).'&type=0'.($mode?'&mode='.$mode:'').'">';
     		else print img_picto('','tick').' ';
     		print $langs->trans("Products");
     		if ((string) $type != '0') print '</a>';
-    
+
     		if (! empty($conf->dol_use_jmobile)) print '</div>'."\n".'<div class="nowrap">'."\n";
     		else print ' &nbsp; / &nbsp; ';
-    
+
     		if ((string) $type != '1') print '<a href="'.$_SERVER["PHP_SELF"].'?id='.(GETPOST('id')?GETPOST('id'):$object->id).'&type=1'.($mode?'&mode='.$mode:'').'">';
     		else print img_picto('','tick').' ';
     		print $langs->trans("Services");
     		if ((string) $type != '1') print '</a>';
-    
+
     		if (! empty($conf->dol_use_jmobile)) print '</div>'."\n".'<div class="nowrap">'."\n";
     		else print ' &nbsp; / &nbsp; ';
-    
+
     		if ((string) $type == '0' || (string) $type == '1') print '<a href="'.$_SERVER["PHP_SELF"].'?id='.(GETPOST('id')?GETPOST('id'):$object->id).($mode?'&mode='.$mode:'').'">';
     		else print img_picto('','tick').' ';
     		print $langs->trans("ProductsAndServices");
     		if ((string) $type == '0' || (string) $type == '1') print '</a>';
-    		
+
     		if (! empty($conf->dol_use_jmobile)) print '</div></div>';
     		else print '<br>';
     		print '<br>';
 	    }
-	    
+
 		// Choice of stats mode (byunit or bynumber)
 		if (! empty($conf->dol_use_jmobile)) print "\n".'<div class="fichecenter"><div class="nowrap">'."\n";
 
@@ -222,25 +223,25 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
     			}
     		}
 		}
-		
+
 		if($conf->propal->enabled) {
 			$graphfiles['propal']=array('modulepart'=>'productstats_proposals',
 			'file' => $object->id.'/propal12m'.((string) $type != '' ? '_type'.$type : '').'_'.$mode.'.png',
 			'label' => ($mode=='byunit'?$langs->transnoentitiesnoconv("NumberOfUnitsProposals"):$langs->transnoentitiesnoconv("NumberOfProposals")));
 		}
-		
+
 		if($conf->supplier_proposal->enabled) {
 			$graphfiles['proposalssuppliers']=array('modulepart'=>'productstats_proposalssuppliers',
 			'file' => $object->id.'/proposalssuppliers12m'.((string) $type != '' ? '_type'.$type : '').'_'.$mode.'.png',
 			'label' => ($mode=='byunit'?$langs->transnoentitiesnoconv("NumberOfUnitsSupplierProposals"):$langs->transnoentitiesnoconv("NumberOfSupplierProposals")));
 		}
-		
+
 		if($conf->order->enabled) {
 			$graphfiles['orders']=array('modulepart'=>'productstats_orders',
 			'file' => $object->id.'/orders12m'.((string) $type != '' ? '_type'.$type : '').'_'.$mode.'.png',
 			'label' => ($mode=='byunit'?$langs->transnoentitiesnoconv("NumberOfUnitsCustomerOrders"):$langs->transnoentitiesnoconv("NumberOfCustomerOrders")));
 		}
-		
+
 		if($conf->fournisseur->enabled) {
 			$graphfiles['orderssuppliers']=array('modulepart'=>'productstats_orderssuppliers',
 			'file' => $object->id.'/orderssuppliers12m'.((string) $type != '' ? '_type'.$type : '').'_'.$mode.'.png',
@@ -251,7 +252,7 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
 			$graphfiles['invoices']=array('modulepart'=>'productstats_invoices',
 			'file' => $object->id.'/invoices12m'.((string) $type != '' ? '_type'.$type : '').'_'.$mode.'.png',
 			'label' => ($mode=='byunit'?$langs->transnoentitiesnoconv("NumberOfUnitsCustomerInvoices"):$langs->transnoentitiesnoconv("NumberOfCustomerInvoices")));
-			
+
 			$graphfiles['invoicessuppliers']=array('modulepart'=>'productstats_invoicessuppliers',
 			'file' => $object->id.'/invoicessuppliers12m'.((string) $type != '' ? '_type'.$type : '').'_'.$mode.'.png',
 			'label' => ($mode=='byunit'?$langs->transnoentitiesnoconv("NumberOfUnitsSupplierInvoices"):$langs->transnoentitiesnoconv("NumberOfSupplierInvoices")));
@@ -282,10 +283,10 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
     					if ($key == 'proposalssuppliers') $graph_data = $object->get_nb_propalsupplier($socid,$mode,((string) $type != '' ? $type : -1));
     					if ($key == 'invoicessuppliers')  $graph_data = $object->get_nb_achat($socid,$mode,((string) $type != '' ? $type : -1));
     					if ($key == 'orderssuppliers')    $graph_data = $object->get_nb_ordersupplier($socid,$mode,((string) $type != '' ? $type : -1));
-    				
+
     					// TODO Save cachefile $graphfiles[$key]['file']
 					}
-					
+
 					if (is_array($graph_data))
 					{
 						$px->SetData($graph_data);
@@ -383,7 +384,7 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
 			print '<div class="clear"><div class="fichecenter"><br></div></div>'."\n";
 		}
 	}
-	
+
 	if (GETPOST('id') == 'all')
 	{
 	    dol_fiche_end();

htdocs/product/stock/massstockmove.php

@@ -372,7 +372,7 @@ else
 {
 	$limit = $conf->global->PRODUIT_LIMIT_SIZE;
 }
-print $form->select_produits($id_product,'productid',$filtertype,$limit);
+print $form->select_produits($id_product,'productid',$filtertype,$limit,0,-1);
 print '</td>';
 // Batch number
 if ($conf->productbatch->enabled)

htdocs/projet/card.php

@@ -68,7 +68,7 @@ if ($id > 0 || ! empty($ref))
 
 // Security check
 $socid=GETPOST('socid');
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $object->id,'projet&project');
 
 // fetch optionals attributes and labels

htdocs/projet/contact.php

@@ -46,7 +46,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be inclu
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $id,'projet&project');
 
 

htdocs/projet/document.php

@@ -42,7 +42,7 @@ $mine 		= (GETPOST('mode','alpha') == 'mine' ? 1 : 0);
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result=restrictedArea($user,'projet',$id,'projet&project');
 
 $object = new Project($db);

htdocs/projet/element.php

@@ -92,7 +92,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be inclu
 
 // Security check
 $socid=$object->socid;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $projectid, 'projet&project');
 
 

htdocs/projet/ganttview.php

@@ -43,7 +43,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be inclu
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $id,'projet&project');
 
 $langs->load("users");

htdocs/projet/index.php

@@ -37,7 +37,7 @@ $mine = GETPOST('mode')=='mine' ? 1 : 0;
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if (!$user->rights->projet->lire) accessforbidden();
 
 $sortfield = GETPOST("sortfield",'alpha');

htdocs/projet/info.php

@@ -34,7 +34,7 @@ $langs->load("projects");
 // Security check
 $socid=0;
 $id = GETPOST("id",'int');
-if ($user->societe_id) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result=restrictedArea($user,'projet',$id,'');
 
 

htdocs/projet/list.php

@@ -40,7 +40,7 @@ $title = $langs->trans("Projects");
 
 // Security check
 $socid = (is_numeric($_GET["socid"]) ? $_GET["socid"] : 0 );
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if ($socid > 0)
 {
 	$soc = new Societe($db);
@@ -220,7 +220,9 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_lead_status as cls on p.fk_opp_status = cls.rowid";
 // We'll need this table joined to the select in order to filter by sale
-if ($search_sale > 0 || (! $user->rights->societe->client->voir && ! $socid)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
+// For external user, no check is done on company permission because readability is managed by public status of project and assignement.
+//if ($search_sale > 0 || (! $user->rights->societe->client->voir && ! $socid)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
+if ($search_sale > 0) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
 if ($search_user > 0)
 {
 	$sql.=", ".MAIN_DB_PREFIX."element_contact as ecp";
@@ -271,7 +273,8 @@ if ($search_opp_status)
 }
 if ($search_public!='') $sql .= " AND p.public = ".$db->escape($search_public);
 if ($search_sale > 0) $sql.= " AND sc.fk_user = " .$search_sale;
-if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
+// For external user, no check is done on company permission because readability is managed by public status of project and assignement.
+//if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
 if ($search_user > 0) $sql.= " AND ecp.fk_c_type_contact IN (".join(',',array_keys($listofprojectcontacttype)).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".$search_user; 
 if ($search_opp_amount != '') $sql .= natural_search('p.opp_amount', $search_opp_amount, 1);
 if ($search_budget_amount != '') $sql .= natural_search('p.budget_amount', $search_budget_amount, 1);

htdocs/projet/note.php

@@ -41,7 +41,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be inclu
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $id,'projet&project');
 
 $permissionnote=$user->rights->projet->creer;	// Used by the include of actions_setnotes.inc.php

htdocs/projet/tasks.php

@@ -61,7 +61,7 @@ $extralabels_task=$extrafields_task->fetch_name_optionals_label($taskstatic->tab
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $id,'projet&project');
 
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
@@ -413,7 +413,8 @@ else if ($id > 0 || ! empty($ref))
 	
 	// Get list of tasks in tasksarray and taskarrayfiltered
 	// We need all tasks (even not limited to a user because a task to user can have a parent that is not affected to him).
-	$tasksarray=$taskstatic->getTasksArray(0, 0, $object->id, $socid, 0);
+	$filteronthirdpartyid = $socid;
+	$tasksarray=$taskstatic->getTasksArray(0, 0, $object->id, $filteronthirdpartyid, 0);
 	// We load also tasks limited to a particular user
 	$tasksrole=($mode=='mine' ? $taskstatic->getUserRolesForProjectsOrTasks(0,$user,$object->id,0) : '');
 	//var_dump($tasksarray);

htdocs/projet/tasks/contact.php

@@ -42,7 +42,7 @@ $project_ref=GETPOST('project_ref','alpha');
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 //$result = restrictedArea($user, 'projet', $id, 'projet_task');
 if (! $user->rights->projet->lire) accessforbidden();
 

htdocs/projet/tasks/document.php

@@ -47,7 +47,7 @@ $project_ref = GETPOST('project_ref','alpha');
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 //$result=restrictedArea($user,'projet',$id,'');
 if (!$user->rights->projet->lire) accessforbidden();
 

htdocs/projet/tasks/list.php

@@ -75,7 +75,7 @@ $search_array_options=$extrafields->getOptionalsFromPost($extralabels,'','search
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if (!$user->rights->projet->lire) accessforbidden();
 
 $limit = GETPOST("limit")?GETPOST("limit","int"):$conf->liste_limit;

htdocs/projet/tasks/note.php

@@ -39,7 +39,7 @@ $project_ref = GETPOST('project_ref','alpha');
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if (!$user->rights->projet->lire) accessforbidden();
 //$result = restrictedArea($user, 'projet', $id, '', 'task'); // TODO ameliorer la verification
 

htdocs/projet/tasks/task.php

@@ -47,7 +47,7 @@ $planned_workload=((GETPOST('planned_workloadhour')!='' && GETPOST('planned_work
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if (! $user->rights->projet->lire) accessforbidden();
 
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array

htdocs/projet/tasks/time.php

@@ -43,7 +43,7 @@ $project_ref=GETPOST('project_ref','alpha');
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if (!$user->rights->projet->lire) accessforbidden();
 
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
@@ -128,7 +128,7 @@ if ($action == 'addtimespent' && $user->rights->projet->lire)
 	}
 }
 
-if ($action == 'updateline' && ! $_POST["cancel"] && $user->rights->projet->creer)
+if ($action == 'updateline' && ! $_POST["cancel"] && $user->rights->projet->lire)
 {
 	$error=0;
 
@@ -141,7 +141,8 @@ if ($action == 'updateline' && ! $_POST["cancel"] && $user->rights->projet->cree
 	if (! $error)
 	{
 		$object->fetch($id, $ref);
-
+		// TODO Check that ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids))
+		
 		$object->timespent_id = $_POST["lineid"];
 		$object->timespent_note = $_POST["timespent_note_line"];
 		$object->timespent_old_duration = $_POST["old_duration"];
@@ -175,9 +176,10 @@ if ($action == 'updateline' && ! $_POST["cancel"] && $user->rights->projet->cree
 	}
 }
 
-if ($action == 'confirm_delete' && $confirm == "yes" && $user->rights->projet->creer)
+if ($action == 'confirm_delete' && $confirm == "yes" && $user->rights->projet->lire)
 {
 	$object->fetchTimeSpent($_GET['lineid']);
+	// TODO Check that ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids))
 	$result = $object->delTimeSpent($user);
 
 	if ($result < 0)
@@ -585,6 +587,8 @@ if (($id > 0 || ! empty($ref)) || $projectidforalltimes > 0)
 
 		$tasktmp = new Task($db);
 		
+		$childids = $user->getAllChildIds();
+		
 		$total = 0;
 		$totalvalue = 0;
 		foreach ($tasks as $task_time)
@@ -688,17 +692,20 @@ if (($id > 0 || ! empty($ref)) || $projectidforalltimes > 0)
 				print '<br>';
 				print '<input type="submit" class="button" name="cancel" value="'.$langs->trans('Cancel').'">';
 			}
-			else if ($user->rights->projet->creer)
+			else if ($user->rights->projet->lire)    // Read project and enter time consumed on assigned tasks
 			{
-				print '&nbsp;';
-				print '<a href="'.$_SERVER["PHP_SELF"].'?'.($projectidforalltimes?'projectid='.$projectidforalltimes.'&amp;':'').'id='.$task_time->fk_task.'&amp;action=editline&amp;lineid='.$task_time->rowid.($withproject?'&amp;withproject=1':'').'">';
-				print img_edit();
-				print '</a>';
-
-				print '&nbsp;';
-				print '<a href="'.$_SERVER["PHP_SELF"].'?'.($projectidforalltimes?'projectid='.$projectidforalltimes.'&amp;':'').'id='.$task_time->fk_task.'&amp;action=deleteline&amp;lineid='.$task_time->rowid.($withproject?'&amp;withproject=1':'').'">';
-				print img_delete();
-				print '</a>';
+			    if ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids))
+			    {
+    				print '&nbsp;';
+    				print '<a href="'.$_SERVER["PHP_SELF"].'?'.($projectidforalltimes?'projectid='.$projectidforalltimes.'&amp;':'').'id='.$task_time->fk_task.'&amp;action=editline&amp;lineid='.$task_time->rowid.($withproject?'&amp;withproject=1':'').'">';
+    				print img_edit();
+    				print '</a>';
+    
+    				print '&nbsp;';
+    				print '<a href="'.$_SERVER["PHP_SELF"].'?'.($projectidforalltimes?'projectid='.$projectidforalltimes.'&amp;':'').'id='.$task_time->fk_task.'&amp;action=deleteline&amp;lineid='.$task_time->rowid.($withproject?'&amp;withproject=1':'').'">';
+    				print img_delete();
+    				print '</a>';
+			    }
 			}
 			print '</td>';
 

htdocs/societe/class/api_contact.class.php

@@ -17,7 +17,7 @@
 
 use Luracast\Restler\RestException;
 
-//require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php';
+require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php';
 
 /**
  * API class for contact object

htdocs/societe/class/societe.class.php

@@ -1915,7 +1915,14 @@ class Societe extends CommonObject
         }
         $link.='>';
         $linkend='</a>';
-
+        
+        global $user;
+        if (! $user->rights->societe->client->voir && $user->societe_id > 0 && $this->id != $user->societe_id)
+        {
+            $link='';
+            $linkend='';
+        }
+        
         if ($withpicto) $result.=($link.img_object(($notooltip?'':$label), 'company', ($notooltip?'':'class="classfortooltip"')).$linkend);
         if ($withpicto && $withpicto != 2) $result.=' ';
         if ($withpicto != 2) $result.=$link.($maxlen?dol_trunc($name,$maxlen):$name).$linkend;

htdocs/user/class/user.class.php

@@ -1050,7 +1050,8 @@ class User extends CommonObject
 		$this->town         = $contact->town;
 		$this->state_id     = $contact->state_id;
 		$this->country_id   = $contact->country_id;
-
+        $this->employee     = 0;
+        
 		if (empty($login)) $login=strtolower(substr($contact->firstname, 0, 4)) . strtolower(substr($contact->lastname, 0, 4));
 		$this->login = $login;