Merge branch '10.0' of github.com:Dolibarr/dolibarr into 10_fixeventlist

htdocs/adherents/ldap.php

@@ -83,10 +83,10 @@
  *	View
  */
 
-llxHeader('', $langs->trans("Member"), 'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros');
-
 $form = new Form($db);
 
+llxHeader('', $langs->trans("Member"), 'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros');
+
 $head = member_prepare_head($object);
 
 dol_fiche_head($head, 'ldap', $langs->trans("Member"), 0, 'user');
@@ -98,31 +98,24 @@
 print '<div class="fichecenter">';
 
 print '<div class="underbanner clearboth"></div>';
-print '<table class="border centpercent">';
+print '<table class="border centpercent tableforfield">';
 
 // Login
-print '<tr><td class="titlefield">'.$langs->trans("Login").'</td><td class="valeur">'.$object->login.'&nbsp;</td></tr>';
+print '<tr><td class="titlefield">'.$langs->trans("Login").' / '.$langs->trans("Id").'</td><td class="valeur">'.$object->login.'&nbsp;</td></tr>';
 
-// Password not crypted
+// If there is a link to password not crypted, we show value in database here so we can compare because it is shown nowhere else
 if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD))
 {
 	print '<tr><td>'.$langs->trans("LDAPFieldPasswordNotCrypted").'</td>';
 	print '<td class="valeur">'.$object->pass.'</td>';
 	print "</tr>\n";
 }
 
-// Password crypted
-if (! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED))
-{
-	print '<tr><td>'.$langs->trans("LDAPFieldPasswordCrypted").'</td>';
-	print '<td class="valeur">'.$object->pass_crypted.'</td>';
-	print "</tr>\n";
-}
+$adht = new AdherentType($db);
+$adht->fetch($object->typeid);
 
 // Type
-print '<tr><td>'.$langs->trans("Type").'</td><td class="valeur">'.$object->type."</td></tr>\n";
-
-$langs->load("admin");
+print '<tr><td>'.$langs->trans("Type").'</td><td class="valeur">'.$adht->getNomUrl(1)."</td></tr>\n";
 
 // LDAP DN
 print '<tr><td>LDAP '.$langs->trans("LDAPMemberDn").'</td><td class="valeur">'.$conf->global->LDAP_MEMBER_DN."</td></tr>\n";

htdocs/adherents/note.php

@@ -80,7 +80,7 @@
     print '<div class="fichecenter">';
 
     print '<div class="underbanner clearboth"></div>';
-	print '<table class="border centpercent">';
+	print '<table class="border centpercent tableforfield">';
 
     // Login
     if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED))

htdocs/adherents/subscription.php

@@ -478,7 +478,7 @@
     print '<div class="fichehalfleft">';
 
     print '<div class="underbanner clearboth"></div>';
-    print '<table class="border" width="100%">';
+    print '<table class="border centpercent tableforfield">';
 
 	// Login
 	if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED))

htdocs/adherents/type.php

@@ -822,7 +822,7 @@
 						$value = $_POST["options_" . $key];
 					}
 				} else {
-					$value = $adht->array_options["options_" . $key];
+					$value = $object->array_options["options_" . $key];
 				}
 				print '<tr><td width="30%">'.$label.'</td><td>';
 				print $extrafields->showInputField($key, $value);

htdocs/admin/dict.php

@@ -39,7 +39,7 @@
 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
-if (! empty($conf->accounting->enabled)) require_once DOL_DOCUMENT_ROOT . '/core/class/html.formaccounting.class.php';
+require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
 
 // Load translation files required by the page
 $langs->loadLangs(array("errors","admin","main","companies","resource","holiday","accountancy","hrm","orders","contracts","projects","propal","bills","interventions"));
@@ -1782,7 +1782,7 @@ function fieldList($fieldlist, $obj = '', $tabname = '', $context = '')
 
 	$formadmin = new FormAdmin($db);
 	$formcompany = new FormCompany($db);
-	if (! empty($conf->accounting->enabled)) $formaccounting = new FormAccounting($db);
+	$formaccounting = new FormAccounting($db);
 
 	$withentity='';
 
@@ -1890,6 +1890,7 @@ function fieldList($fieldlist, $obj = '', $tabname = '', $context = '')
 		elseif (in_array($fieldlist[$field], array('libelle_facture'))) {
 		    print '<td>';
 		    $transfound=0;
+		    $transkey='';
 	        // Special case for labels
 	        if ($tabname == MAIN_DB_PREFIX.'c_payment_term')
 	        {

htdocs/bom/lib/bom.lib.php

@@ -55,7 +55,7 @@ function bomAdminPrepareHead()
 	//$this->tabs = array(
 	//	'entity:-tabname:Title:@bom:/bom/mypage.php?id=__ID__'
 	//); // to remove a tab
-	complete_head_from_modules($conf, $langs, $object, $head, $h, 'bom');
+	complete_head_from_modules($conf, $langs, null, $head, $h, 'bom');
 
 	return $head;
 }

htdocs/categories/class/categorie.class.php

@@ -188,10 +188,12 @@ class Categorie extends CommonObject
 	 * @var string     Color
 	 */
 	public $color;
+
 	/**
-	 * @var ???
+	 * @var int		  Id of thirdparty when CATEGORY_ASSIGNED_TO_A_CUSTOMER is set
 	 */
 	public $socid;
+
 	/**
 	 * @var string	Category type
 	 *

htdocs/contact/ldap.php

@@ -80,12 +80,12 @@
  *	View
  */
 
+$form = new Form($db);
+
 $title = (! empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("Contacts") : $langs->trans("ContactsAddresses"));
 
 llxHeader('', $title, 'EN:Module_Third_Parties|FR:Module_Tiers|ES:Módulo_Empresas');
 
-$form = new Form($db);
-
 $head = contact_prepare_head($object);
 
 dol_fiche_head($head, 'ldap', $title, -1, 'contact');

htdocs/core/actions_massactions.inc.php

@@ -39,7 +39,7 @@
 // Protection
 if (empty($objectclass) || empty($uploaddir))
 {
-	dol_print_error(null, 'include of actions_massactions.inc.php is done but var $massaction or $objectclass or $uploaddir was not defined');
+	dol_print_error(null, 'include of actions_massactions.inc.php is done but var $objectclass or $uploaddir was not defined');
 	exit;
 }
 

htdocs/core/class/html.formfile.class.php

@@ -1381,7 +1381,7 @@ public function list_of_documents($filearray, $object, $modulepart, $param = '',
 							if (! empty($conf->dol_use_jmobile)) $useajax=0;
 							if (empty($conf->use_javascript_ajax)) $useajax=0;
 							if (! empty($conf->global->MAIN_ECM_DISABLE_JS)) $useajax=0;
-							print '<a href="'.((($useinecm && $useinecm != 6) && $useajax)?'#':($url.'?action=delete&urlfile='.urlencode($filepath).$param)).'" class="deletefilelink" rel="'.$filepath.'">'.img_delete().'</a>';
+							print '<a href="'.((($useinecm && $useinecm != 6) && $useajax)?'#':($url.'?action=delete&urlfile='.urlencode($filepath).$param)).'" class="reposition deletefilelink" rel="'.$filepath.'">'.img_delete().'</a>';
 						}
 						print "</td>";
 

htdocs/core/db/mssql.class.php

@@ -419,7 +419,11 @@ public function query($query, $usesavepoint = 0, $type = 'auto')
 		}
 		//print "<!--".$query."-->";
 
-		if (! in_array($query, array('BEGIN','COMMIT','ROLLBACK'))) dol_syslog('sql='.$query, LOG_DEBUG);
+		if (! in_array($query, array('BEGIN','COMMIT','ROLLBACK')))
+		{
+			$SYSLOG_SQL_LIMIT = 10000;	// limit log to 10kb per line to limit DOS attacks
+			dol_syslog('sql='.substr($query, 0, $SYSLOG_SQL_LIMIT), LOG_DEBUG);
+		}
 
 		if (! $this->database_name)
 		{

htdocs/core/db/mysqli.class.php

@@ -247,7 +247,7 @@ public function close()
      * 	Execute a SQL request and return the resultset
      *
      * 	@param	string	$query			SQL query string
-     * 	@param	int		$usesavepoint	0=Default mode, 1=Run a savepoint before and a rollbock to savepoint if error (this allow to have some request with errors inside global transactions).
+     * 	@param	int		$usesavepoint	0=Default mode, 1=Run a savepoint before and a rollback to savepoint if error (this allow to have some request with errors inside global transactions).
      * 									Note that with Mysql, this parameter is not used as Myssql can already commit a transaction even if one request is in error, without using savepoints.
      *  @param  string	$type           Type of SQL order ('ddl' for insert, update, select, delete or 'dml' for create, alter...)
      *	@return	bool|mysqli_result		Resultset of answer
@@ -258,7 +258,11 @@ public function query($query, $usesavepoint = 0, $type = 'auto')
 
         $query = trim($query);
 
-	    if (! in_array($query, array('BEGIN','COMMIT','ROLLBACK'))) dol_syslog('sql='.$query, LOG_DEBUG);
+	    if (! in_array($query, array('BEGIN','COMMIT','ROLLBACK')))
+	    {
+	    	$SYSLOG_SQL_LIMIT = 10000;	// limit log to 10kb per line to limit DOS attacks
+	    	dol_syslog('sql='.substr($query, 0, $SYSLOG_SQL_LIMIT), LOG_DEBUG);
+	    }
         if (empty($query)) return false;    // Return false = error if empty request
 
         if (! $this->database_name)

htdocs/core/db/pgsql.class.php

@@ -522,7 +522,11 @@ public function query($query, $usesavepoint = 0, $type = 'auto')
 			@pg_query($this->db, 'SAVEPOINT mysavepoint');
 		}
 
-		if (! in_array($query, array('BEGIN','COMMIT','ROLLBACK'))) dol_syslog('sql='.$query, LOG_DEBUG);
+		if (! in_array($query, array('BEGIN','COMMIT','ROLLBACK')))
+		{
+			$SYSLOG_SQL_LIMIT = 10000;	// limit log to 10kb per line to limit DOS attacks
+			dol_syslog('sql='.substr($query, 0, $SYSLOG_SQL_LIMIT), LOG_DEBUG);
+		}
 
 		$ret = @pg_query($this->db, $query);
 

htdocs/core/db/sqlite3.class.php

@@ -453,7 +453,11 @@ public function query($query, $usesavepoint = 0, $type = 'auto')
         }
         //print "After convertSQLFromMysql:\n".$query."<br>\n";
 
-        if (! in_array($query, array('BEGIN','COMMIT','ROLLBACK'))) dol_syslog('sql='.$query, LOG_DEBUG);
+        if (! in_array($query, array('BEGIN','COMMIT','ROLLBACK')))
+        {
+        	$SYSLOG_SQL_LIMIT = 10000;	// limit log to 10kb per line to limit DOS attacks
+        	dol_syslog('sql='.substr($query, 0, $SYSLOG_SQL_LIMIT), LOG_DEBUG);
+        }
         if (empty($query)) return false;    // Return false = error if empty request
 
         // Ordre SQL ne necessitant pas de connexion a une base (exemple: CREATE DATABASE)

htdocs/core/lib/functions.lib.php

@@ -922,11 +922,15 @@ function dol_escape_js($stringtoescape, $mode = 0, $noescapebackslashn = 0)
  *  @param      string		$stringtoescape		String to escape
  *  @param		int			$keepb				1=Preserve b tags (otherwise, remove them)
  *  @param      int         $keepn              1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a <textarea>.
+ *  @param		string		$keepmoretags		'' or 'common' or list of tags
  *  @return     string     				 		Escaped string
  *  @see		dol_string_nohtmltag(), dol_string_nospecial(), dol_string_unaccent()
  */
-function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0)
+function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $keepmoretags = '')
 {
+	if ($keepmoretags == 'common') $keepmoretags = 'html,body,a,em,i,u,ul,li,br,div,img,font,p,span,strong,table,tr,td,th,tbody';
+	// TODO Implement $keepmoretags
+
 	// escape quotes and backslashes, newlines, etc.
 	$tmp=html_entity_decode($stringtoescape, ENT_COMPAT, 'UTF-8');		// TODO Use htmlspecialchars_decode instead, that make only required change for html tags
 	if (! $keepb) $tmp=strtr($tmp, array("<b>"=>'','</b>'=>''));
@@ -5528,7 +5532,7 @@ function dol_nl2br($stringtoencode, $nl2brmode = 0, $forxml = false)
 
 /**
  *	This function is called to encode a string into a HTML string but differs from htmlentities because
- * 	a detection is done before to see if text is already HTML or not. Also, all entities but &,<,> are converted.
+ * 	a detection is done before to see if text is already HTML or not. Also, all entities but &,<,>," are converted.
  *  This permits to encode special chars to entities with no double encoding for already encoded HTML strings.
  * 	This function also remove last EOL or BR if $removelasteolbr=1 (default).
  *  For PDF usage, you can show text by 2 ways:

htdocs/core/lib/ldap.lib.php

@@ -124,7 +124,7 @@ function show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass)
 	}
 	else
 	{
-		print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action='.$testlabel.'">'.$butlabel.'</a>';
+		print '<a class="butAction reposition" href="'.$_SERVER["PHP_SELF"].'?action='.$testlabel.'">'.$butlabel.'</a>';
 	}
 	print '<br><br>';
 }

htdocs/core/lib/modulebuilder.lib.php

@@ -63,11 +63,10 @@ function rebuildObjectClass($destdir, $module, $objectname, $newmask, $readdir =
     		setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv("Label")), null, 'errors');
     		return -2;
     	}
-
-    	if (! preg_match('/^(price|boolean|sellist|integer|date|timestamp|varchar|double|text|html)/', $addfieldentry['type']))
-
+    	if (! preg_match('/^(integer|price|sellist|date|varchar|double|text|html)/', $addfieldentry['type'])
+    		&& ! preg_match('/^(boolean|real|timestamp)$/', $addfieldentry['type']))
     	{
-    		setEventMessages($langs->trans('BadFormatForType', $objectname), null, 'errors');
+    		setEventMessages($langs->trans('BadValueForType', $objectname), null, 'errors');
     		return -2;
     	}
     }

htdocs/core/modules/modExpenseReport.class.php

@@ -186,7 +186,13 @@ public function __construct($db)
 			'u.lastname'=>'Lastname','u.firstname'=>'Firstname','u.login'=>"Login",'ed.rowid'=>'LineId','tf.code'=>'Type','ed.date'=>'Date','ed.tva_tx'=>'VATRate',
 			'ed.total_ht'=>'TotalHT','ed.total_tva'=>'TotalVAT','ed.total_ttc'=>'TotalTTC','ed.comments'=>'Comment','p.rowid'=>'ProjectId','p.ref'=>'Ref'
 		);
-		$this->export_entities_array[$r]=array(
+        $this->export_TypeFields_array[$r]=array(
+        	'd.rowid'=>"Numeric",'d.ref'=>'Text','d.date_debut'=>'Date','d.date_fin'=>'Date','d.date_create'=>'Date','d.date_approve'=>'Date',
+        	'd.total_ht'=>"Numeric",'d.total_tva'=>'Numeric','d.total_ttc'=>'Numeric','d.note_private'=>'Text','d.note_public'=>'Text',
+        	'u.lastname'=>'Text','u.firstname'=>'Text','u.login'=>"Text",'ed.rowid'=>'Numeric','tf.code'=>'Code','ed.date'=>'Date','ed.tva_tx'=>'Numeric',
+        	'ed.total_ht'=>'Numeric','ed.total_tva'=>'Numeric','ed.total_ttc'=>'Numeric','ed.comments'=>'Text','p.rowid'=>'Numeric','p.ref'=>'Text'
+        );
+        $this->export_entities_array[$r]=array(
 			'u.lastname'=>'user','u.firstname'=>'user','u.login'=>'user','ed.rowid'=>'expensereport_line','ed.date'=>'expensereport_line',
 			'ed.tva_tx'=>'expensereport_line','ed.total_ht'=>'expensereport_line','ed.total_tva'=>'expensereport_line','ed.total_ttc'=>'expensereport_line',
 			'ed.comments'=>'expensereport_line','tf.code'=>'expensereport_line','p.project_ref'=>'expensereport_line','p.rowid'=>'project','p.ref'=>'project'

htdocs/core/modules/modHoliday.class.php

@@ -206,6 +206,12 @@ public function __construct($db)
 			'd.date_valid'=>'DateApprove','d.fk_validator'=>"UserForApprovalID",'ua.lastname'=>"UserForApprovalLastname",'ua.firstname'=>"UserForApprovalFirstname",
 			'ua.login'=>"UserForApprovalLogin",'d.description'=>'Description','d.statut'=>'Status'
 		);
+		$this->export_TypeFields_array[$r]=array(
+			'd.rowid'=>"Numeric",'t.code'=>'Text', 't.label'=>'Text','d.fk_user'=>'Numeric',
+			'u.lastname'=>'Text','u.firstname'=>'Text','u.login'=>"Text",'d.date_debut'=>'Date','d.date_fin'=>'Date',
+			'd.date_valid'=>'Date','d.fk_validator'=>"Numeric",'ua.lastname'=>"Text",'ua.firstname'=>"Text",
+			'ua.login'=>"Text",'d.description'=>'Text','d.statut'=>'Numeric'
+		);
 		$this->export_entities_array[$r]=array(
 			'u.lastname'=>'user','u.firstname'=>'user','u.login'=>'user','ua.lastname'=>'user','ua.firstname'=>'user','ua.login'=>'user'
 		);

htdocs/core/tpl/objectline_create.tpl.php

@@ -110,7 +110,9 @@
 	{
 	?>
 		<td class="linecolrefsupplier"><span id="title_fourn_ref"><?php echo $langs->trans('SupplierRef'); ?></span></td>
-	<?php } ?>
+	<?php
+	}
+	?>
 	<td class="linecolvat right"><span id="title_vat"><?php echo $langs->trans('VAT'); ?></span></td>
 	<td class="linecoluht right"><span id="title_up_ht"><?php echo $langs->trans('PriceUHT'); ?></span></td>
 	<?php if (!empty($conf->multicurrency->enabled) && $this->multicurrency_code != $conf->currency) { ?>
@@ -249,11 +251,11 @@
 			if (! empty($conf->global->ENTREPOT_EXTRA_STATUS))
 			{
 				// hide products in closed warehouse, but show products for internal transfer
-				$form->select_produits(GETPOST('idprod'), 'idprod', $filtertype, $conf->product->limit_size, $buyer->price_level, 1, 2, '', 1, array(), $buyer->id, '1', 0, 'maxwidth300', 0, 'warehouseopen,warehouseinternal', GETPOST('combinations', 'array'));
+				$form->select_produits(GETPOST('idprod'), 'idprod', $filtertype, $conf->product->limit_size, $buyer->price_level, -1, 2, '', 1, array(), $buyer->id, '1', 0, 'maxwidth300', 0, 'warehouseopen,warehouseinternal', GETPOST('combinations', 'array'));
 			}
 			else
 			{
-				$form->select_produits(GETPOST('idprod'), 'idprod', $filtertype, $conf->product->limit_size, $buyer->price_level, 1, 2, '', 1, array(), $buyer->id, '1', 0, 'maxwidth300', 0, '', GETPOST('combinations', 'array'));
+				$form->select_produits(GETPOST('idprod'), 'idprod', $filtertype, $conf->product->limit_size, $buyer->price_level, -1, 2, '', 1, array(), $buyer->id, '1', 0, 'maxwidth300', 0, '', GETPOST('combinations', 'array'));
 			}
 
 			if (! empty($conf->global->MAIN_AUTO_OPEN_SELECT2_ON_FOCUS_FOR_CUSTOMER_PRODUCTS))