Merge remote-tracking branch 'Upstream/develop' into 5.0-17

ChangeLog

@@ -152,6 +152,52 @@ Dolibarr better:
 - The trigger that activate or close a contract line is run on a contract line, not on contract.
 
 
+***** ChangeLog for 4.0.3 to 4.0.2 *****
+FIX: #5853 $conf->global->$calc==0 || $conf->global->$calc==1
+FIX: #5958 no discount on supplier command made by replenishment
+FIX: #5966 Bug: getNomUrl tooltips show Proposal info even if user has no rights to read them
+FIX: #5972 #5734
+FIX: #6007
+FIX: #6010
+FIX: #6029
+FIX: #6043 - Payment mode not visible on supplier invoice list
+FIX: #6051
+FIX: #6062
+FIX: #6088
+FIX: A draft can be deleted by a user with create permission.
+FIX: bad permission to see contract on home page
+FIX: bad permission to see contract statistics
+FIX: Bcc must not appears to recipient when using SMTPs lib
+FIX: Consistent description for add or edit product
+FIX: delete contract extrafields on contract deletion
+FIX: Deposits and credit notes weren't added in the received and pending columns
+FIX: export extrafields must not include separe type
+FIX: Export of opportunity status must be code, not id.
+FIX: False positive on services not activated
+FIX: Filter was wrong or lost during navigation
+FIX: HT and TTC price should always be displayed together
+FIX: if a supplier price reference is changed after creating an order, we can't clone order.
+FIX: in export. Error when using a separate extrafields.
+FIX: Introduce hidden option MAIL_PREFIX_FOR_EMAIL_ID to solve pb of tracking email.
+FIX: javascript error when using on mobile/smartphone
+FIX: javascript xss injection and a translation
+FIX: Label of project is in field title not label.
+FIX: List of people able to validate an expense report was not complete.
+FIX: Missing field
+FIX: Module gravatar was not triggered on thirdparty and contact card
+FIX: Must use external link into a forged email content.
+FIX: Pb in management of date end of projects
+FIX: Regression when deleting product
+FIX: rendering of output of estimated amount on project overview page.
+FIX: Sanitize title of ajax_dialog
+FIX: Security to restrict email sending was not efficient
+FIX: Setting supplier as client when accept a supplier proposal
+FIX: Some statistics not compatible with multicompany module.
+FIX: the time spent on project was not visible in its overwiew
+FIX: Update intervention lline crash with PgSQL
+FIX: wrong test on dict.php
+FIX: wrong var name
+
 ***** ChangeLog for 4.0.2 compared to 4.0.1 *****
 FIX: #5340
 FIX: #5779

build/generate_filelist_xml.php

@@ -65,6 +65,8 @@
 
 fputs($fp, '<dolibarr_htdocs_dir>'."\n");
 
+$checksumconcat=array();
+
 $dir_iterator1 = new RecursiveDirectoryIterator(dirname(__FILE__).'/../htdocs/');
 $iterator1 = new RecursiveIteratorIterator($dir_iterator1);
 // need to ignore document custom etc
@@ -81,12 +83,22 @@
         $needtoclose=1;
     }
     if (filetype($file)=="file") {
-        fputs($fp, '<md5file name="'.basename($file).'">'.md5_file($file).'</md5file>'."\n");
+        $md5=md5_file($file);
+        $checksumconcat[]=$md5;
+        fputs($fp, '<md5file name="'.basename($file).'">'.$md5.'</md5file>'."\n");
     }
 }
 fputs($fp, '</dir>'."\n");
 fputs($fp, '</dolibarr_htdocs_dir>'."\n");
 
+asort($checksumconcat); // Sort list of checksum
+//var_dump($checksumconcat);
+fputs($fp, '<dolibarr_htdocs_dir_checksum>'."\n");
+fputs($fp, md5(join(',',$checksumconcat))."\n");
+fputs($fp, '</dolibarr_htdocs_dir_checksum>'."\n");
+
+
+$checksumconcat=array();
 
 fputs($fp, '<dolibarr_script_dir version="'.$release.'">'."\n");
 
@@ -106,12 +118,18 @@
         $needtoclose=1;
     }
     if (filetype($file)=="file") {
-        fputs($fp, '<md5file name="'.basename($file).'">'.md5_file($file).'</md5file>'."\n");
+        $md5=md5_file($file);
+        $checksumconcat[]=$md5;
+        fputs($fp, '<md5file name="'.basename($file).'">'.$md5.'</md5file>'."\n");
     }
 }
 fputs($fp, '</dir>'."\n");
 fputs($fp, '</dolibarr_script_dir>'."\n");
 
+asort($checksumconcat); // Sort list of checksum
+fputs($fp, '<dolibarr_script_dir_checksum>'."\n");
+fputs($fp, md5(join(',',$checksumconcat))."\n");
+fputs($fp, '</dolibarr_script_dir_checksum>'."\n");
 
 fputs($fp, '</checksum_list>'."\n");
 fclose($fp);

dev/skeletons/skeleton_list.php

@@ -89,8 +89,11 @@
 	//accessforbidden();
 }
 
+// Initialize technical object to manage context to save list fields
+$contextpage=GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'mymodulelist';
+
 // Initialize technical object to manage hooks. Note that conf->hooks_modules contains array
-$hookmanager->initHooks(array('skeletonlist'));
+$hookmanager->initHooks(array('mymodulelist'));
 $extrafields = new ExtraFields($db);
 
 // fetch optionals attributes and labels
@@ -305,6 +308,7 @@ function init_myfunc()
 print '<input type="hidden" name="action" value="list">';
 print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
 print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
+print '<input type="hidden" name="contextpage" value="'.$contextpage.'">';
 
 print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $nbtotalofrecords, 'title_companies', 0, '', '', $limit);
 

htdocs/accountancy/class/accountancyexport.class.php

@@ -357,7 +357,7 @@ public function exportQuadratus(&$TData) {
 			$Tab['libelle_ecriture'] = str_pad(self::trunc($data->doc_ref . ' ' . $data->label_compte, 20), 20);
 			$Tab['sens'] = $data->sens; // C or D
 			$Tab['signe_montant'] = '+';
-			$Tab['montant'] = str_pad(abs($data->montant) * 100, 12, '0', STR_PAD_LEFT); // TODO manage negative amount
+			$Tab['montant'] = str_pad(abs($data->montant), 12, '0', STR_PAD_LEFT); // TODO manage negative amount
 			$Tab['contrepartie'] = str_repeat(' ', 8);
 			if (! empty($data->date_echeance))
 				$Tab['date_echeance'] = dol_print_date($data->date_echeance, $conf->global->ACCOUNTING_EXPORT_DATE);

htdocs/admin/dict.php

@@ -1274,6 +1274,7 @@
 
         // Title line with search boxes
         print '<tr class="liste_titre">';
+        $filterfound=0;
         foreach ($fieldlist as $field => $value)
         {
             $showfield=1;							  	// By defaut
@@ -1284,21 +1285,25 @@
             {
                 if ($value == 'country')
                 {
-                    print '<td>';
+                    print '<td class="liste_titre">';
                     print $form->select_country($search_country_id, 'search_country_id', '', 28, 'maxwidth200 maxwidthonsmartphone');
                     print '</td>';
+                    $filterfound++;
                 }
                 else
                 {
-                    print '<td></td>';
+                    print '<td class="liste_titre"></td>';
                 }
             }
         }
         if ($id == 4) print '<td></td>';
-        print '<td></td>';
+        print '<td class="liste_titre"></td>';
     	print '<td class="liste_titre" colspan="2" align="right">';
-    	$searchpitco=$form->showFilterAndCheckAddButtons(0);
-    	print $searchpitco;
+    	if ($filterfound)
+    	{
+        	$searchpitco=$form->showFilterAndCheckAddButtons(0);
+        	print $searchpitco;
+    	}
     	print '</td>';
         print '</tr>';
 
@@ -1314,19 +1319,17 @@
                 print '<tr '.$bc[$var].' id="rowid-'.$obj->rowid.'">';
                 if ($action == 'edit' && ($rowid == (! empty($obj->rowid)?$obj->rowid:$obj->code)))
                 {
-                    print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$id.'" method="POST">';
-                    print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
-                    print '<input type="hidden" name="page" value="'.$page.'">';
-                    print '<input type="hidden" name="rowid" value="'.$rowid.'">';
-
                     $tmpaction='edit';
                     $parameters=array('fieldlist'=>$fieldlist, 'tabname'=>$tabname[$id]);
                     $reshook=$hookmanager->executeHooks('editDictionaryFieldlist',$parameters,$obj, $tmpaction);    // Note that $action and $object may have been modified by some hooks
                     $error=$hookmanager->error; $errors=$hookmanager->errors;
 
+                    // Show fields
                     if (empty($reshook)) fieldList($fieldlist,$obj,$tabname[$id],'edit');
 
                     print '<td colspan="3" align="center">';
+                    print '<input type="hidden" name="page" value="'.$page.'">';
+                    print '<input type="hidden" name="rowid" value="'.$rowid.'">';
                     print '<input type="submit" class="button" name="actionmodify" value="'.$langs->trans("Modify").'">';
                     print '<div name="'.(! empty($obj->rowid)?$obj->rowid:$obj->code).'"></div>';
                     print '<input type="submit" class="button" name="actioncancel" value="'.$langs->trans("Cancel").'">';

htdocs/admin/mails.php

@@ -619,6 +619,12 @@ function initfields()
 	print '</div>';
 
 
+	if ($conf->global->MAIN_MAIL_SENDMODE == 'mail')
+	{
+        $text = $langs->trans("WarningPHPMail");
+	    print info_admin($text);
+	}
+
 	// Run the test to connect
 	if ($action == 'testconnect')
 	{

htdocs/admin/system/filecheck.php

@@ -75,9 +75,9 @@
 
 // File to analyze
 //$xmlfile = DOL_DOCUMENT_ROOT.'/install/filelist-'.DOL_VERSION.'.xml';
-$xmlshortfile = '/install/filelist-'.DOL_VERSION.'.xml';
+$xmlshortfile = GETPOST('xmlshortfile')?GETPOST('xmlshortfile'):'/install/filelist-'.DOL_VERSION.'.xml';
 $xmlfile = DOL_DOCUMENT_ROOT.$xmlshortfile;
-$xmlremote = 'https://www.dolibarr.org/files/stable/signatures/filelist-'.DOL_VERSION.'.xml';
+$xmlremote = GETPOST('xmlremote')?GETPOST('xmlremote'):'https://www.dolibarr.org/files/stable/signatures/filelist-'.DOL_VERSION.'.xml';
 
 
 // Test if remote test is ok
@@ -87,21 +87,27 @@
 
 print '<form name="check" action="'.$_SERVER["PHP_SELF"].'">';
 print $langs->trans("MakeIntegrityAnalysisFrom").':<br>';
+print '<!-- for a local check target=local&xmlshortfile=... -->'."\n";
 if (dol_is_file($xmlfile))
 {
     print '<input type="radio" name="target" value="local"'.((! GETPOST('target') || GETPOST('target') == 'local') ? 'checked="checked"':'').'"> '.$langs->trans("LocalSignature").' = '.$xmlshortfile.'<br>';
 }
 else
 {
-    print '<input type="radio" name="target" value="local"> '.$langs->trans("LocalSignature").' = '.$xmlshortfile.' <span class="warning">('.$langs->trans("AvailableOnlyOnPackagedVersions").')</span><br>';
+    print '<input type="radio" name="target" value="local"> '.$langs->trans("LocalSignature").' = '.$xmlshortfile;
+    if (! GETPOST('xmlshortfile')) print ' <span class="warning">('.$langs->trans("AvailableOnlyOnPackagedVersions").')</span>';
+    print '<br>';
 }
+print '<!-- for a remote target=remote&xmlremote=... -->'."\n";
 if ($enableremotecheck)
 {
     print '<input type="radio" name="target" value="remote"'.(GETPOST('target') == 'remote' ? 'checked="checked"':'').'> '.$langs->trans("RemoteSignature").' = '.$xmlremote.'<br>';
 }
 else
 {
-    print '<input type="radio" name="target" value="remote" disabled="disabled"> '.$langs->trans("RemoteSignature").' = '.$xmlremote.'  <span class="warning">('.$langs->trans("FeatureAvailableOnlyOnStable").')</span><br>';
+    print '<input type="radio" name="target" value="remote" disabled="disabled"> '.$langs->trans("RemoteSignature").' = '.$xmlremote;
+    if (! GETPOST('xmlremote')) print ' <span class="warning">('.$langs->trans("FeatureAvailableOnlyOnStable").')</span>';
+    print '<br>';
 }
 print '<br><div class="center"><input type="submit" name="check" class="button" value="'.$langs->trans("Check").'"></div>';
 print '</form>';
@@ -128,7 +134,8 @@
     if (! $xmlarray['curl_error_no'] && $xmlarray['http_code'] != '404')
     {
         $xmlfile = $xmlarray['content'];
-        $xml = simplexml_load_file($xmlfile);
+        //print "eee".$xmlfile."eee";
+        $xml = simplexml_load_string($xmlfile);
     }
     else
     {
@@ -141,11 +148,14 @@
 
 if ($xml)
 {
+    $checksumconcat = array();
+
+    // Scan htdocs
     if (is_object($xml->dolibarr_htdocs_dir[0]))
     {
-    	$file_list = array();
-        $ret = getFilesUpdated($file_list, $xml->dolibarr_htdocs_dir[0]);		// Fill array $file_list
-
+        $file_list = array();
+        $ret = getFilesUpdated($file_list, $xml->dolibarr_htdocs_dir[0], '', DOL_DOCUMENT_ROOT, $checksumconcat);		// Fill array $file_list
+    
         print '<table class="noborder">';
         print '<tr class="liste_titre">';
         print '<td>' . $langs->trans("FilesMissing") . '</td>';
@@ -181,10 +191,10 @@
         print '<td align="right">' . $langs->trans("DateModification") . '</td>';
         print '</tr>'."\n";
         $var = true;
-        $tmpfilelist = dol_sort_array($file_list['updated'], 'filename');
-        if (is_array($tmpfilelist) && count($tmpfilelist))
+        $tmpfilelist2 = dol_sort_array($file_list['updated'], 'filename');
+        if (is_array($tmpfilelist2) && count($tmpfilelist2))
         {
-	        foreach ($tmpfilelist as $file)
+	        foreach ($tmpfilelist2 as $file)
 	        {
 	            $var = !$var;
 	            print '<tr ' . $bc[$var] . '>';
@@ -201,12 +211,44 @@
             print '<tr ' . $bc[false] . '><td colspan="5" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
         }
         print '</table>';
+
+        if (empty($tmpfilelist) && empty($tmpfilelist2))
+        {
+            setEventMessage($langs->trans("FileIntegrityIsStrictlyConformedWithReference"));
+        }
+        else
+        {
+            setEventMessage($langs->trans("FileIntegritySomeFilesWereRemovedOrModified"), 'warnings');
+        }
     }
     else
     {
         print 'Error: Failed to found dolibarr_htdocs_dir into XML file '.$xmlfile;
         $error++;
     }
+
+
+    // Scan scripts
+    /*
+    if (is_object($xml->dolibarr_script_dir[0]))
+    {
+        $file_list = array();
+        $ret = getFilesUpdated($file_list, $xml->dolibarr_htdocs_dir[0], '', ???, $checksumconcat);		// Fill array $file_list
+    }*/
+
+
+    asort($checksumconcat); // Sort list of checksum        
+    //var_dump($checksumconcat);
+    $checksumget = md5(join(',',$checksumconcat));
+    $checksumtoget = $xml->dolibarr_htdocs_dir_checksum;
+    if ($checksumtoget)
+    {
+        print '<br>';
+        print '<strong>'.$langs->trans("GlobalChecksum").'</strong><br>';
+        print $langs->trans("ExpectedChecksum").' = '.$checksumtoget.'<br>';
+        print $langs->trans("CurrentChecksum").' = '.$checksumget;
+    }
+
 }
 
 
@@ -223,33 +265,36 @@
  * Function to get list of updated or modified files.
  * $file_list is used as global variable
  *
- * @param	array				$file_list	Array for response
- * @param   SimpleXMLElement	$dir    	SimpleXMLElement of files to test
- * @param   string   			$path   	Path of file
- * @return  array               			Array of filenames
+ * @param	array				$file_list	        Array for response
+ * @param   SimpleXMLElement	$dir    	        SimpleXMLElement of files to test
+ * @param   string   			$path   	        Path of files relative to $pathref. We start with ''. Used by recursive calls.
+ * @param   string              $pathref            Path ref (DOL_DOCUMENT_ROOT)
+ * @param   array               $checksumconcat     Array of checksum
+ * @return  array               			        Array of filenames
  */
-function getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path = '')
+function getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path = '', $pathref = '', &$checksumconcat = array())
 {
     $exclude = 'install';
 
     foreach ($dir->md5file as $file)
     {
         $filename = $path.$file['name'];
 
-        if (preg_match('#'.$exclude.'#', $filename)) continue;
+        //if (preg_match('#'.$exclude.'#', $filename)) continue;
 
-        if (!file_exists(DOL_DOCUMENT_ROOT.'/'.$filename))
+        if (!file_exists($pathref.'/'.$filename))
         {
             $file_list['missing'][] = array('filename'=>$filename, 'expectedmd5'=>(string) $file);
         }
         else
 		{
-            $md5_local = md5_file(DOL_DOCUMENT_ROOT.'/'.$filename);
+            $md5_local = md5_file($pathref.'/'.$filename);
             if ($md5_local != (string) $file) $file_list['updated'][] = array('filename'=>$filename, 'expectedmd5'=>(string) $file, 'md5'=>(string) $md5_local);
-        }
+            $checksumconcat[] = $md5_local;
+		}
     }
 
-    foreach ($dir->dir as $subdir) getFilesUpdated($file_list, $subdir, $path.$subdir['name'].'/');
+    foreach ($dir->dir as $subdir) getFilesUpdated($file_list, $subdir, $path.$subdir['name'].'/', $pathref, $checksumconcat);
 
     return $file_list;
 }