Merge remote-tracking branch 'Upstream/develop' into 5.0-p32

Conflicts:
	htdocs/core/menus/standard/eldy.lib.php

dev/skeletons/skeleton_api_class.class.php

@@ -93,12 +93,12 @@ function get($id)
      * @param string	$sortorder	Sort order
      * @param int		$limit		Limit for list
      * @param int		$page		Page number
-     *
+     * @param string    $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101') or (t.import_key:=:'20160101')"
      * @return array Array of skeleton objects
      *
      * @url	GET /skeletons/
      */
-    function getList($mode, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0) {
+    function index($mode, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $sqlfilters = '') {
         global $db, $conf;
 
         $obj_ret = array();
@@ -124,18 +124,19 @@ function getList($mode, $sortfield = "s.rowid", $sortorder = 'ASC', $limit = 0,
         if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND s.fk_soc = sc.fk_soc";
         if ($socid) $sql.= " AND s.fk_soc = ".$socid;
         if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc";		// Join for the needed table to filter by sale
-
         // Insert sale filter
         if ($search_sale > 0)
         {
             $sql .= " AND sc.fk_user = ".$search_sale;
         }
-
-        $nbtotalofrecords = 0;
-        if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
+        if ($sqlfilters)
         {
-            $result = $db->query($sql);
-            $nbtotalofrecords = $db->num_rows($result);
+            if (! DolibarrApi::_checkFilters($sqlfilters))
+            {
+                throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
+            }
+	        $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
+            $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
         }
 
         $sql.= $db->order($sortfield, $sortorder);

dev/skeletons/skeleton_class.class.php

@@ -454,33 +454,49 @@ public function createFromClone($fromid)
      *  @param	integer	$notooltip			1=Disable tooltip
      *  @param	int		$maxlen				Max length of visible user name
      *  @param  string  $morecss            Add more css on link
+     *  @param	int   	$notooltip		    1=Disable tooltip
 	 *	@return	string						String with URL
 	 */
-	function getNomUrl($withpicto=0, $option='', $notooltip=0, $maxlen=24, $morecss='')
+	function getNomUrl($withpicto=0, $option='', $notooltip=0, $maxlen=24, $morecss='', $notooltip=0)
 	{
-		global $langs, $conf, $db;
+		global $db, $conf, $langs;
         global $dolibarr_main_authentication, $dolibarr_main_demo;
         global $menumanager;
 
-
+        if (! empty($conf->dol_no_mouse_hover)) $notooltip=1;   // Force disable tooltips
+
         $result = '';
         $companylink = '';
 
         $label = '<u>' . $langs->trans("MyModule") . '</u>';
-        $label.= '<div width="100%">';
+        $label.= '<br>';
         $label.= '<b>' . $langs->trans('Ref') . ':</b> ' . $this->ref;
 
-        $link = '<a href="'.DOL_URL_ROOT.'/mymodule/'.$this->table_name.'_card.php?id='.$this->id.'"';
-        $link.= ($notooltip?'':' title="'.dol_escape_htmltag($label, 1).'" class="classfortooltip'.($morecss?' '.$morecss:'').'"');
-        $link.= '>';
+        $url = DOL_URL_ROOT.'/mymodule/'.$this->table_name.'_card.php?id='.$this->id;
+
+        $linkclose='';
+        if (empty($notooltip))
+        {
+            if (! empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))
+            {
+                $label=$langs->trans("ShowProject");
+                $linkclose.=' alt="'.dol_escape_htmltag($label, 1).'"';
+            }
+            $linkclose.=' title="'.dol_escape_htmltag($label, 1).'"';
+            $linkclose.=' class="classfortooltip'.($morecss?' '.$morecss:'').'"';
+        }
+        else $linkclose = ($morecss?' class="'.$morecss.'"':'');
+
+		$linkstart = '<a href="'.$url.'"';
+		$linkstart.=$linkclose.'>';
 		$linkend='</a>';
 
         if ($withpicto)
         {
-            $result.=($link.img_object(($notooltip?'':$label), 'label', ($notooltip?'':'class="classfortooltip"')).$linkend);
+            $result.=($linkstart.img_object(($notooltip?'':$label), 'label', ($notooltip?'':'class="classfortooltip"')).$linkend);
             if ($withpicto != 2) $result.=' ';
 		}
-		$result.= $link . $this->ref . $linkend;
+		$result.= $linkstart . $this->ref . $linkend;
 		return $result;
 	}
 

htdocs/adherents/class/api_members.class.php

@@ -84,13 +84,12 @@ function get($id)
      * @param int       $limit      Limit for list
      * @param int       $page       Page number
      * @param string    $typeid     ID of the type of member
-     * @param string    $login      To filter the members by login
-     * @param string    $name       To filter the members by name (firstname, lastname or company name matching the filter)
-     * @return array Array of member objects
+     * @param string    $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
+     * @return array                Array of member objects
      *
      * @throws RestException
      */
-    function index($sortfield = "a.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $typeid = '', $login = '', $name = '') {
+    function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 0, $page = 0, $typeid = '', $login = '', $name = '', $sqlfilters = '') {
         global $db, $conf;
 
         $obj_ret = array();
@@ -99,27 +98,24 @@ function index($sortfield = "a.rowid", $sortorder = 'ASC', $limit = 0, $page = 0
             throw new RestException(401);
         }
 
-        $sql = "SELECT a.rowid";
-        $sql.= " FROM ".MAIN_DB_PREFIX."adherent as a";
-        $sql.= ' WHERE a.entity IN ('.getEntity('adherent', 1).')';
+        $sql = "SELECT t.rowid";
+        $sql.= " FROM ".MAIN_DB_PREFIX."adherent as t";
+        $sql.= ' WHERE t.entity IN ('.getEntity('adherent', 1).')';
         if (!empty($typeid))
         {
-            $sql.= ' AND a.fk_adherent_type='.$typeid;
+            $sql.= ' AND t.fk_adherent_type='.$typeid;
         }
-        if (!empty($login)) {
-            $sql .= " AND a.login LIKE '%".$login."%'";
-        }
-        if (!empty($name)) {
-            $sql .= " AND (a.firstname LIKE '%".$name."%' OR a.lastname LIKE '%".$name."%' OR a.societe LIKE '%".$name."%')";
-        }
-
-        $nbtotalofrecords = 0;
-        if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
+        // Add sql filters
+        if ($sqlfilters) 
         {
-            $result = $db->query($sql);
-            $nbtotalofrecords = $db->num_rows($result);
+            if (! DolibarrApi::_checkFilters($sqlfilters))
+            {
+                throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
+            }
+	        $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
+            $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
         }
-
+        
         $sql.= $db->order($sortfield, $sortorder);
         if ($limit)    {
             if ($page < 0)

htdocs/adherents/class/api_subscriptions.class.php

@@ -80,11 +80,12 @@ function get($id)
      * @param string    $sortorder  Sort order
      * @param int       $limit      Limit for list
      * @param int       $page       Page number
+     * @param string    $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.import_key:<:'20160101')"
      * @return array Array of subscription objects
      *
      * @throws RestException
      */
-    function index($sortfield = "dateadh", $sortorder = 'ASC', $limit = 0, $page = 0) {
+    function index($sortfield = "dateadh", $sortorder = 'ASC', $limit = 0, $page = 0, $sqlfilters = '') {
         global $db, $conf;
 
         $obj_ret = array();
@@ -94,15 +95,19 @@ function index($sortfield = "dateadh", $sortorder = 'ASC', $limit = 0, $page = 0
         }
 
         $sql = "SELECT rowid";
-        $sql.= " FROM ".MAIN_DB_PREFIX."subscription";
-
-        $nbtotalofrecords = 0;
-        if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
+        $sql.= " FROM ".MAIN_DB_PREFIX."subscription as t";
+        $sql.= ' WHERE 1 = 1';
+        // Add sql filters
+        if ($sqlfilters) 
         {
-            $result = $db->query($sql);
-            $nbtotalofrecords = $db->num_rows($result);
+            if (! DolibarrApi::_checkFilters($sqlfilters))
+            {
+                throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
+            }
+	        $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
+            $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
         }
-
+        
         $sql.= $db->order($sortfield, $sortorder);
         if ($limit)    {
             if ($page < 0)

htdocs/admin/ihm.php

@@ -104,7 +104,7 @@
     else dolibarr_set_const($db, 'THEME_ELDY_TEXTLINK', implode(',',colorStringToArray(GETPOST('THEME_ELDY_TEXTLINK'),array())),'chaine',0,'',$conf->entity);
 
     dolibarr_set_const($db, "MAIN_SIZE_LISTE_LIMIT",			$_POST["main_size_liste_limit"],'chaine',0,'',$conf->entity);
-    dolibarr_set_const($db, "MAIN_SIZE_SHORTLISTE_LIMIT",		$_POST["main_size_shortliste_limit"],'chaine',0,'',$conf->entity);
+    dolibarr_set_const($db, "MAIN_SIZE_SHORTLIST_LIMIT",		$_POST["main_size_shortliste_limit"],'chaine',0,'',$conf->entity);
     dolibarr_set_const($db, "MAIN_DISABLE_JAVASCRIPT",			$_POST["main_disable_javascript"],'chaine',0,'',$conf->entity);
     dolibarr_set_const($db, "MAIN_BUTTON_HIDE_UNAUTHORIZED",	$_POST["MAIN_BUTTON_HIDE_UNAUTHORIZED"],'chaine',0,'',$conf->entity);
     dolibarr_set_const($db, "MAIN_START_WEEK",					$_POST["MAIN_START_WEEK"],'chaine',0,'',$conf->entity);
@@ -225,7 +225,7 @@
 
 	// Max size of short lists on customer card
     $var=!$var;
-    print '<tr '.$bc[$var].'><td>'.$langs->trans("DefaultMaxSizeShortList").'</td><td><input class="flat" name="main_size_shortliste_limit" size="4" value="' . $conf->global->MAIN_SIZE_SHORTLISTE_LIMIT . '"></td>';
+    print '<tr '.$bc[$var].'><td>'.$langs->trans("DefaultMaxSizeShortList").'</td><td><input class="flat" name="main_size_shortliste_limit" size="4" value="' . $conf->global->MAIN_SIZE_SHORTLIST_LIMIT . '"></td>';
 	print '<td width="20">&nbsp;</td>';
 	print '</tr>';
 
@@ -408,7 +408,7 @@
 	print "</tr>";
 
 	$var=!$var;
-    print '<tr '.$bc[$var].'><td>'.$langs->trans("DefaultMaxSizeShortList").'</td><td>' . $conf->global->MAIN_SIZE_SHORTLISTE_LIMIT . '</td>';
+    print '<tr '.$bc[$var].'><td>'.$langs->trans("DefaultMaxSizeShortList").'</td><td>' . $conf->global->MAIN_SIZE_SHORTLIST_LIMIT . '</td>';
 	print '<td width="20">&nbsp;</td>';
 	print "</tr>";
 

htdocs/api/admin/index.php

@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2004		Rodolphe Quiedeville	<rodolphe@quiedeville.org>
- * Copyright (C) 2005-2010	Laurent Destailleur		<eldy@users.sourceforge.org>
+ * Copyright (C) 2005-2016	Laurent Destailleur		<eldy@users.sourceforge.org>
  * Copyright (C) 2011		Juanjo Menent			<jmenent@2byte.es>
  * Copyright (C) 2012		Regis Houssin			<regis.houssin@capnetworks.com>
  * Copyright (C) 2015		Jean-François Ferry     <jfefe@aternatik.fr>
@@ -43,8 +43,16 @@
 
 	if (dolibarr_set_const($db, 'API_PRODUCTION_MODE', $status, 'chaine', 0, '', $conf->entity) > 0)
 	{
-		header("Location: ".$_SERVER["PHP_SELF"]);
-		exit;
+	    $result = dol_mkdir($conf->api->dir_temp);
+	    if ($result < 0)
+	    {
+	        setEventMessages($langs->trans("ErrorFaildToCreateDir", $conf->api->dir_temp), null, 'errors');
+	    }
+	    else
+	    {
+    		header("Location: ".$_SERVER["PHP_SELF"]);
+	   	    exit;
+	    }
 	}
 	else
 	{
@@ -71,7 +79,7 @@
 
 print '<tr class="liste_titre">';
 print "<td>".$langs->trans("Parameter")."</td>";
-print "<td>".$langs->trans("Value")."</td>";
+print '<td align="center">'.$langs->trans("Value")."</td>";
 print "<td>&nbsp;</td>";
 print "</tr>";
 

htdocs/api/class/api.class.php

@@ -162,4 +162,60 @@ static function _checkAccessToResource($resource, $resource_id=0, $dbtablename='
 
 		return checkUserAccessToObject(DolibarrApiAccess::$user, $featuresarray,$resource_id,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
 	}
+
+	/**
+	 * Return if a $sqlfilters parameter is valid
+	 * 
+	 * @param  string   $sqlfilters     sqlfilter string
+	 * @return boolean                  True if valid, False if not valid 
+	 */
+	function _checkFilters($sqlfilters)
+	{
+	    //$regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
+	    //$tmp=preg_replace_all('/'.$regexstring.'/', '', $sqlfilters);
+	    $tmp=$sqlfilters;
+	    $ok=0;
+	    $i=0; $nb=count($tmp);
+	    $counter=0;
+	    while ($i < $nb)
+	    {
+	        if ($tmp[$i]=='(') $counter++;
+	        if ($tmp[$i]==')') $counter--;
+            if ($counter < 0)
+            {
+	           $error="Bad sqlfilters=".$sqlfilters;
+	           dol_syslog($error, LOG_WARNING);
+	           return false;
+            }
+            $i++;
+	    }
+	    return true;
+	}
+
+	/**
+	 * Function to forge a SQL criteria
+	 * 
+	 * @param  array    $matches       Array of found string by regex search
+	 * @return string                  Forged criteria. Example: "t.field like 'abc%'"
+	 */
+	protected static function _forge_criteria_callback($matches)
+	{
+	    global $db;
+
+	    //dol_syslog("Convert matches ".$matches[1]);
+	    if (empty($matches[1])) return '';
+	    $tmp=explode(':',$matches[1]);
+        if (count($tmp) < 3) return '';
+
+	    $tmpescaped=$tmp[2];
+	    if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis))
+	    {
+	        $tmpescaped = "'".$db->escape($regbis[1])."'";
+	    }
+	    else
+	    {
+	        $tmpescaped = $db->escape($tmpescaped);
+	    }
+	    return $db->escape($tmp[0]).' '.strtoupper($db->escape($tmp[1]))." ".$tmpescaped;
+	}	
 }

htdocs/api/class/api_dictionnarycountries.class.php

@@ -54,27 +54,31 @@ function __construct()
      * @param int       $page       Page number (starting from zero)
      * @param string    $filter     To filter the countries by name
      * @param string    $lang       Code of the language the label of the countries must be translated to
+     * @param string    $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
      * @return List of countries
      *            
      * @throws RestException
      */
-    function index($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $filter = '', $lang = '')
+    function index($sortfield = "code", $sortorder = 'ASC', $limit = 100, $page = 0, $filter = '', $lang = '', $sqlfilters = '')
     {
         $list = array();
 
         // Note: The filter is not applied in the SQL request because it must
         // be applied to the translated names, not to the names in database.
-        $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."c_country";
-
-        $nbtotalofrecords = 0;
-        if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
+        $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."c_country as t";
+        $sql.=" WHERE 1 = 1";
+        // Add sql filters
+        if ($sqlfilters) 
         {
-            $result = $this->db->query($sql);
-            $nbtotalofrecords = $this->db->num_rows($result);
+            if (! DolibarrApi::_checkFilters($sqlfilters))
+            {
+                throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
+            }
+	        $regexstring='\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
+            $sql.=" AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
         }
 
         $sql.= $this->db->order($sortfield, $sortorder);
-
 
         if ($limit) {
             if ($page < 0) {