diff --git a/ChangeLog b/ChangeLog index 101e70ca8b5b5..c3a10ce31ae34 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,14 @@ English Dolibarr ChangeLog -------------------------------------------------------------- +***** ChangeLog for 3.5.4 compared to 3.5.3 ***** +Fix: [ bug #1415 ] Intervention document model name and suppliers model names is not shown + properly in module configuration +Fix: [ bug #1416 ] Supplier order does not list document models in the select box of the + supplier order card +Fix: [ bug #1443 ] Payment conditions is erased after editing supplier invoice label or + limit date for payment + ***** ChangeLog for 3.5.3 compared to 3.5.2 ***** Fix: Error on field accountancy code for export profile of invoices. Fix: [ bug #1351 ] VIES verification link broken. diff --git a/build/debian/changelog b/build/debian/changelog index 655dcd7d604db..567059dce4b52 100644 --- a/build/debian/changelog +++ b/build/debian/changelog @@ -1,3 +1,10 @@ +dolibarr (3.5.4-3) unstable; urgency=low + + [ Laurent Destailleur (eldy) ] + * New upstream release. + + -- Laurent Destailleur (eldy) Tue, 1 July 2014 12:00:00 +0100 + dolibarr (3.5.3-3) unstable; urgency=low [ Laurent Destailleur (eldy) ] diff --git a/build/exe/doliwamp/doliwamp.iss b/build/exe/doliwamp/doliwamp.iss index 2375939be4bdb..9b69bba1efa0e 100644 --- a/build/exe/doliwamp/doliwamp.iss +++ b/build/exe/doliwamp/doliwamp.iss @@ -17,9 +17,9 @@ ; ----- Change this ----- AppName=DoliWamp ; DoliWamp-x.x.x or DoliWamp-x.x.x-alpha or DoliWamp-x.x.x-beta or DoliWamp-x.x.x-rc or DoliWamp-x.x.x -AppVerName=DoliWamp-3.5.3 +AppVerName=DoliWamp-3.5.4 ; DoliWamp-x.x x or DoliWamp-x.x.x-alpha or DoliWamp-x.x.x-beta or DoliWamp-x.x.x-rc or DoliWamp-x.x.x -OutputBaseFilename=DoliWamp-3.5.3 +OutputBaseFilename=DoliWamp-3.5.4 ; ----- End of change ;OutputManifestFile=build\doliwampbuild.log ; Define full path from which all relative path are defined diff --git a/build/rpm/dolibarr_fedora.spec b/build/rpm/dolibarr_fedora.spec index d25632cf3519e..9bcb450bb44e4 100755 --- a/build/rpm/dolibarr_fedora.spec +++ b/build/rpm/dolibarr_fedora.spec @@ -331,6 +331,9 @@ fi # version x.y.z-0.1.a for alpha, x.y.z-0.2.b for beta, x.y.z-0.3 for release %changelog +* Tue July 1 2014 Laurent Destailleur 3.5.4-0.3 +- Upstream release + * Fri May 2 2014 Laurent Destailleur 3.5.3-0.3 - Upstream release diff --git a/build/rpm/dolibarr_generic.spec b/build/rpm/dolibarr_generic.spec index b67d09812172b..bf844b8c76602 100755 --- a/build/rpm/dolibarr_generic.spec +++ b/build/rpm/dolibarr_generic.spec @@ -567,6 +567,9 @@ fi # version x.y.z-0.1.a for alpha, x.y.z-0.2.b for beta, x.y.z-0.3 for release %changelog +* Tue July 1 2014 Laurent Destailleur 3.5.4-0.3 +- Upstream release + * Fri May 2 2014 Laurent Destailleur 3.5.3-0.3 - Upstream release diff --git a/build/rpm/dolibarr_mandriva.spec b/build/rpm/dolibarr_mandriva.spec index 4193de3065454..68c6c505b6574 100755 --- a/build/rpm/dolibarr_mandriva.spec +++ b/build/rpm/dolibarr_mandriva.spec @@ -336,6 +336,9 @@ fi # version x.y.z-0.1.a for alpha, x.y.z-0.2.b for beta, x.y.z-0.3 for release %changelog +* Tue July 1 2014 Laurent Destailleur 3.5.4-0.3 +- Upstream release + * Fri May 2 2014 Laurent Destailleur 3.5.3-0.3 - Upstream release diff --git a/build/rpm/dolibarr_opensuse.spec b/build/rpm/dolibarr_opensuse.spec index a539b25a3e821..3da1b2003ec33 100755 --- a/build/rpm/dolibarr_opensuse.spec +++ b/build/rpm/dolibarr_opensuse.spec @@ -347,6 +347,9 @@ fi # version x.y.z-0.1.a for alpha, x.y.z-0.2.b for beta, x.y.z-0.3 for release %changelog +* Tue July 1 2014 Laurent Destailleur 3.5.4-0.3 +- Upstream release + * Fri May 2 2014 Laurent Destailleur 3.5.3-0.3 - Upstream release diff --git a/htdocs/admin/fichinter.php b/htdocs/admin/fichinter.php index fd2ea1dc9664d..da00762040a47 100644 --- a/htdocs/admin/fichinter.php +++ b/htdocs/admin/fichinter.php @@ -376,13 +376,16 @@ { if (substr($file, dol_strlen($file) -12) == '.modules.php' && substr($file,0,4) == 'pdf_') { + $var=!$var; + $name = substr($file, 4, dol_strlen($file) -16); $classname = substr($file, 0, dol_strlen($file) -12); - $var=!$var; + require_once $dir.'/'.$file; + $module = new $classname($db); print ''; - echo "$name"; + print (empty($module->name)?$name:$module->name); print "\n"; require_once $dir.$file; $module = new $classname($db); diff --git a/htdocs/admin/supplier_invoice.php b/htdocs/admin/supplier_invoice.php index 5800ccc3a9b3d..6ee60ddfb3382 100644 --- a/htdocs/admin/supplier_invoice.php +++ b/htdocs/admin/supplier_invoice.php @@ -372,9 +372,14 @@ $name = substr($file, 4, dol_strlen($file) -16); $classname = substr($file, 0, dol_strlen($file) -12); + require_once $dir.'/'.$file; + $module = new $classname($db, new FactureFournisseur($db)); + $var=!$var; print "\n"; - print "".$name."\n"; + print ""; + print (empty($module->name)?$name:$module->name); + print "\n"; print "\n"; require_once $dir.$file; $module = new $classname($db,$specimenthirdparty); diff --git a/htdocs/admin/supplier_order.php b/htdocs/admin/supplier_order.php index 07d7d7316526e..bac30ddfbdd44 100644 --- a/htdocs/admin/supplier_order.php +++ b/htdocs/admin/supplier_order.php @@ -42,6 +42,7 @@ $type=GETPOST('type', 'alpha'); $value=GETPOST('value', 'alpha'); +$label = GETPOST('label','alpha'); $action=GETPOST('action', 'alpha'); $specimenthirdparty=new Societe($db); @@ -367,9 +368,14 @@ $name = substr($file, 4, dol_strlen($file) -16); $classname = substr($file, 0, dol_strlen($file) -12); + require_once $dir.'/'.$file; + $module = new $classname($db, new CommandeFournisseur($db)); + $var=!$var; print "\n"; - print "".$name."\n"; + print ""; + print (empty($module->name)?$name:$module->name); + print "\n"; print "\n"; require_once $dir.$file; $module = new $classname($db,$specimenthirdparty); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 49dd62acfd629..bdffb1fc708f1 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -2083,7 +2083,7 @@ function fetch_optionals($rowid,$optionsArray='') foreach ($tab as $key => $value) { - //Test fetch_array ! is_int($key) because fetch_array seult is a mix table with Key as alpha and Key as int (depend db engine) + // Test fetch_array ! is_int($key) because fetch_array seult is a mix table with Key as alpha and Key as int (depend db engine) if ($key != 'rowid' && $key != 'tms' && $key != 'fk_member' && ! is_int($key)) { // we can add this attribute to adherent object diff --git a/htdocs/core/class/fileupload.class.php b/htdocs/core/class/fileupload.class.php index 910ad55e0a0ea..ed091e74c8360 100644 --- a/htdocs/core/class/fileupload.class.php +++ b/htdocs/core/class/fileupload.class.php @@ -329,14 +329,14 @@ protected function validate($uploaded_file, $file, $error, $index) $file->error = 'minFileSize'; return false; } - if (is_int($this->options['max_number_of_files']) && ( + if (is_numeric($this->options['max_number_of_files']) && ( count($this->getFileObjects()) >= $this->options['max_number_of_files']) ) { $file->error = 'maxNumberOfFiles'; return false; } list($img_width, $img_height) = @getimagesize($uploaded_file); - if (is_int($img_width)) { + if (is_numeric($img_width)) { if ($this->options['max_width'] && $img_width > $this->options['max_width'] || $this->options['max_height'] && $img_height > $this->options['max_height']) { $file->error = 'maxResolution'; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 0ca35224f1414..1811dd721523c 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -2620,7 +2620,7 @@ function formconfirm($page, $title, $question, $action, $formquestion='', $selec $autoOpen=true; $dialogconfirm='dialog-confirm'; $button=''; - if (! is_int($useajax)) + if (! is_numeric($useajax)) { $button=$useajax; $useajax=1; @@ -3475,7 +3475,7 @@ function select_date($set_time='', $prefix='re', $h=0, $m=0, $empty=0, $form_nam if($m == '') $m=0; if($empty == '') $empty=0; - if ($set_time === '' && $empty == 0) + if ($set_time === '' && $empty == 0) { include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; $set_time = dol_now('tzuser')-(getServerTimeZoneInt('now')*3600); // set_time must be relative to PHP server timezone diff --git a/htdocs/core/lib/pdf.lib.php b/htdocs/core/lib/pdf.lib.php index 6f7a57bebc186..76d63a1031754 100644 --- a/htdocs/core/lib/pdf.lib.php +++ b/htdocs/core/lib/pdf.lib.php @@ -436,7 +436,7 @@ function pdf_pagehead(&$pdf,$outputlangs,$page_height) if (! empty($conf->global->MAIN_USE_BACKGROUND_ON_PDF)) { $pdf->SetAutoPageBreak(0,0); // Disable auto pagebreak before adding image - $pdf->Image($conf->mycompany->dir_output.'/logos/'.$conf->global->MAIN_USE_BACKGROUND_ON_PDF, 0, 0, 0, $page_height); + $pdf->Image($conf->mycompany->dir_output.'/logos/'.$conf->global->MAIN_USE_BACKGROUND_ON_PDF, (isset($conf->global->MAIN_USE_BACKGROUND_ON_PDF_X)?$conf->global->MAIN_USE_BACKGROUND_ON_PDF_X:0), (isset($conf->global->MAIN_USE_BACKGROUND_ON_PDF_Y)?$conf->global->MAIN_USE_BACKGROUND_ON_PDF_Y:0), 0, $page_height); $pdf->SetAutoPageBreak(1,0); // Restore pagebreak } } diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index a95d7a5235600..315e7a8b391d5 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -292,11 +292,11 @@ function dol_loginfunction($langs,$conf,$mysoc) if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME; // Set dol_hide_topmenu, dol_hide_leftmenu, dol_optimize_smallscreen, dol_nomousehover - $dol_hide_topmenu=GETPOST('dol_hide_topmenu'); - $dol_hide_leftmenu=GETPOST('dol_hide_leftmenu'); - $dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen'); - $dol_no_mouse_hover=GETPOST('dol_no_mouse_hover'); - $dol_use_jmobile=GETPOST('dol_use_jmobile'); + $dol_hide_topmenu=GETPOST('dol_hide_topmenu','int'); + $dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int'); + $dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int'); + $dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int'); + $dol_use_jmobile=GETPOST('dol_use_jmobile','int'); // Include login page template include $template_dir.'login.tpl.php'; diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index 96a3ee4d31bff..753e1a0892b9d 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -329,7 +329,7 @@ function __construct($db) unset($this->export_entities_array[$r]['s.code_fournisseur']); } // Add extra fields - $sql="SELECT name, label FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'socpeople'"; + $sql="SELECT name, label, type, param FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'socpeople'"; $resql=$this->db->query($sql); if ($resql) // This can fail when class is used on old database (during migration for example) { diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index 12c4bd8a0fc83..95192ea74b186 100755 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -29,7 +29,7 @@ * \brief File that include conf.php file and commons lib like functions.lib.php */ -if (! defined('DOL_VERSION')) define('DOL_VERSION','3.5.3'); +if (! defined('DOL_VERSION')) define('DOL_VERSION','3.5.4'); if (! defined('EURO')) define('EURO',chr(128)); // Define syslog constants diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 63cf162e7e2ac..6f9d132a477fe 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -518,7 +518,7 @@ function update($user=0, $notrigger=0) if (isset($this->fk_user_valid)) $this->fk_user_valid=trim($this->fk_user_valid); if (isset($this->fk_facture_source)) $this->fk_facture_source=trim($this->fk_facture_source); if (isset($this->fk_project)) $this->fk_project=trim($this->fk_project); - if (isset($this->fk_cond_reglement)) $this->fk_cond_reglement=trim($this->fk_cond_reglement); + if (isset($this->cond_reglement_id)) $this->cond_reglement_id=trim($this->cond_reglement_id); if (isset($this->note_private)) $this->note=trim($this->note_private); if (isset($this->note_public)) $this->note_public=trim($this->note_public); if (isset($this->model_pdf)) $this->model_pdf=trim($this->model_pdf); @@ -556,7 +556,7 @@ function update($user=0, $notrigger=0) $sql.= " fk_user_valid=".(isset($this->fk_user_valid)?$this->fk_user_valid:"null").","; $sql.= " fk_facture_source=".(isset($this->fk_facture_source)?$this->fk_facture_source:"null").","; $sql.= " fk_projet=".(isset($this->fk_project)?$this->fk_project:"null").","; - $sql.= " fk_cond_reglement=".(isset($this->fk_cond_reglement)?$this->fk_cond_reglement:"null").","; + $sql.= " fk_cond_reglement=".(isset($this->cond_reglement_id)?$this->cond_reglement_id:"null").","; $sql.= " date_lim_reglement=".(dol_strlen($this->date_echeance)!=0 ? "'".$this->db->idate($this->date_echeance)."'" : 'null').","; $sql.= " note_private=".(isset($this->note_private)?"'".$this->db->escape($this->note_private)."'":"null").","; $sql.= " note_public=".(isset($this->note_public)?"'".$this->db->escape($this->note_public)."'":"null").","; diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 12dbfee552d75..45ddc3d8734d6 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -360,16 +360,16 @@ function analyse_sql_and_script(&$var, $type) // It is not already authenticated and it requests the login / password include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; - $dol_dst_observed=GETPOST("dst_observed",3); - $dol_dst_first=GETPOST("dst_first",3); - $dol_dst_second=GETPOST("dst_second",3); - $dol_screenwidth=GETPOST("screenwidth",3); - $dol_screenheight=GETPOST("screenheight",3); - $dol_hide_topmenu=GETPOST('dol_hide_topmenu',3); - $dol_hide_leftmenu=GETPOST('dol_hide_leftmenu',3); - $dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen',3); - $dol_no_mouse_hover=GETPOST('dol_no_mouse_hover',3); - $dol_use_jmobile=GETPOST('dol_use_jmobile',3); + $dol_dst_observed=GETPOST("dst_observed",'int',3); + $dol_dst_first=GETPOST("dst_first",'int',3); + $dol_dst_second=GETPOST("dst_second",'int',3); + $dol_screenwidth=GETPOST("screenwidth",'int',3); + $dol_screenheight=GETPOST("screenheight",'int',3); + $dol_hide_topmenu=GETPOST('dol_hide_topmenu','int',3); + $dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int',3); + $dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int',3); + $dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int',3); + $dol_use_jmobile=GETPOST('dol_use_jmobile','int',3); //dol_syslog("POST key=".join(array_keys($_POST),',').' value='.join($_POST,',')); // If in demo mode, we check we go to home page through the public/demo/index.php page @@ -1035,11 +1035,11 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs $themeparam='?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss','alpha',1):'').'&userid='.$user->id.'&entity='.$conf->entity; $themeparam.=($ext?'&'.$ext:''); if (! empty($_SESSION['dol_resetcache'])) $themeparam.='&dol_resetcache='.$_SESSION['dol_resetcache']; - if (GETPOST('dol_hide_topmenu')) { $themeparam.='&dol_hide_topmenu='.GETPOST('dol_hide_topmenu'); } - if (GETPOST('dol_hide_leftmenu')) { $themeparam.='&dol_hide_leftmenu='.GETPOST('dol_hide_leftmenu'); } - if (GETPOST('dol_optimize_smallscreen')) { $themeparam.='&dol_optimize_smallscreen='.GETPOST('dol_optimize_smallscreen'); } - if (GETPOST('dol_no_mouse_hover')) { $themeparam.='&dol_no_mouse_hover='.GETPOST('dol_no_mouse_hover'); } - if (GETPOST('dol_use_jmobile')) { $themeparam.='&dol_use_jmobile='.GETPOST('dol_use_jmobile'); $conf->dol_use_jmobile=GETPOST('dol_use_jmobile'); } + if (GETPOST('dol_hide_topmenu')) { $themeparam.='&dol_hide_topmenu='.GETPOST('dol_hide_topmenu','int'); } + if (GETPOST('dol_hide_leftmenu')) { $themeparam.='&dol_hide_leftmenu='.GETPOST('dol_hide_leftmenu','int'); } + if (GETPOST('dol_optimize_smallscreen')) { $themeparam.='&dol_optimize_smallscreen='.GETPOST('dol_optimize_smallscreen','int'); } + if (GETPOST('dol_no_mouse_hover')) { $themeparam.='&dol_no_mouse_hover='.GETPOST('dol_no_mouse_hover','int'); } + if (GETPOST('dol_use_jmobile')) { $themeparam.='&dol_use_jmobile='.GETPOST('dol_use_jmobile','int'); $conf->dol_use_jmobile=GETPOST('dol_use_jmobile','int'); } //print 'themepath='.$themepath.' themeparam='.$themeparam;exit; print ''."\n"; diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php index da7642e8df4a6..d97656a1131d9 100644 --- a/htdocs/master.inc.php +++ b/htdocs/master.inc.php @@ -160,19 +160,22 @@ { $conf->entity = GETPOST("entity",'int'); } - else if (defined('DOLENTITY') && is_int(DOLENTITY)) // For public page with MultiCompany module + else if (defined('DOLENTITY') && is_numeric(DOLENTITY)) // For public page with MultiCompany module { $conf->entity = DOLENTITY; } - else if (!empty($_COOKIE['DOLENTITY'])) // For other application with MultiCompany module + else if (!empty($_COOKIE['DOLENTITY'])) // For other application with MultiCompany module (TODO: We should remove this. entity to use should never be stored into client side) { $conf->entity = $_COOKIE['DOLENTITY']; } - else if (! empty($conf->multicompany->force_entity) && is_int($conf->multicompany->force_entity)) // To force entity in login page + else if (! empty($conf->multicompany->force_entity) && is_numeric($conf->multicompany->force_entity)) // To force entity in login page { $conf->entity = $conf->multicompany->force_entity; } + // Sanitize entity + if (! is_numeric($conf->entity)) $conf->entity=1; + //print "Will work with data into entity instance number '".$conf->entity."'"; // Here we read database (llx_const table) and define $conf->global->XXX var. diff --git a/htdocs/public/demo/index.php b/htdocs/public/demo/index.php index 0948be50631f1..2b36e6c9d5ca7 100644 --- a/htdocs/public/demo/index.php +++ b/htdocs/public/demo/index.php @@ -33,11 +33,11 @@ $langs->load("install"); $langs->load("other"); -$conf->dol_hide_topmenu=GETPOST('dol_hide_topmenu'); -$conf->dol_hide_leftmenu=GETPOST('dol_hide_leftmenu'); -$conf->dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen'); -$conf->dol_no_mouse_hover=GETPOST('dol_no_mouse_hover'); -$conf->dol_use_jmobile=GETPOST('dol_use_jmobile'); +$conf->dol_hide_topmenu=GETPOST('dol_hide_topmenu','int'); +$conf->dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int'); +$conf->dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int'); +$conf->dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int'); +$conf->dol_use_jmobile=GETPOST('dol_use_jmobile','int'); // Security check global $dolibarr_main_demo; diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index 34a96f7bcb649..33dee38626e85 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -38,11 +38,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; diff --git a/htdocs/public/members/public_card.php b/htdocs/public/members/public_card.php index 2a9b346554362..aa16450865094 100644 --- a/htdocs/public/members/public_card.php +++ b/htdocs/public/members/public_card.php @@ -27,11 +27,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php index 1b6d23d946cc5..be901932e12e7 100644 --- a/htdocs/public/members/public_list.php +++ b/htdocs/public/members/public_list.php @@ -27,11 +27,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; diff --git a/htdocs/public/paybox/newpayment.php b/htdocs/public/paybox/newpayment.php index b8bad33c08fe1..56843afb1b77f 100644 --- a/htdocs/public/paybox/newpayment.php +++ b/htdocs/public/paybox/newpayment.php @@ -27,11 +27,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php'; diff --git a/htdocs/public/paybox/paymentko.php b/htdocs/public/paybox/paymentko.php index a9da81d0e68e2..fdf19f9a24746 100644 --- a/htdocs/public/paybox/paymentko.php +++ b/htdocs/public/paybox/paymentko.php @@ -26,11 +26,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php'; diff --git a/htdocs/public/paybox/paymentok.php b/htdocs/public/paybox/paymentok.php index 350d409735ce5..46fd05c52fdfa 100644 --- a/htdocs/public/paybox/paymentok.php +++ b/htdocs/public/paybox/paymentok.php @@ -26,11 +26,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php'; diff --git a/htdocs/public/paypal/newpayment.php b/htdocs/public/paypal/newpayment.php index 91d1f67a3b943..51c598f4fabed 100644 --- a/htdocs/public/paypal/newpayment.php +++ b/htdocs/public/paypal/newpayment.php @@ -29,11 +29,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php'; diff --git a/htdocs/public/paypal/paymentko.php b/htdocs/public/paypal/paymentko.php index 3427f6a9b8242..a7b327f96aa6e 100644 --- a/htdocs/public/paypal/paymentko.php +++ b/htdocs/public/paypal/paymentko.php @@ -29,11 +29,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php'; diff --git a/htdocs/public/paypal/paymentok.php b/htdocs/public/paypal/paymentok.php index 68420f3bbd802..4182dffde5709 100644 --- a/htdocs/public/paypal/paymentok.php +++ b/htdocs/public/paypal/paymentok.php @@ -29,11 +29,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php'; diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 00bf221d339c3..74902878c637f 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -806,7 +806,7 @@ function create($user,$notrigger=0) $sql = "SELECT login FROM ".MAIN_DB_PREFIX."user"; $sql.= " WHERE login ='".$this->db->escape($this->login)."'"; - $sql.= " AND entity IN (0,".$conf->entity.")"; + $sql.= " AND entity IN (0,".$this->db->escape($conf->entity).")"; dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); $resql=$this->db->query($sql); @@ -825,7 +825,7 @@ function create($user,$notrigger=0) else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."user (datec,login,ldap_sid,entity)"; - $sql.= " VALUES('".$this->db->idate($this->datec)."','".$this->db->escape($this->login)."','".$this->ldap_sid."',".$this->entity.")"; + $sql.= " VALUES('".$this->db->idate($this->datec)."','".$this->db->escape($this->login)."','".$this->ldap_sid."',".$this->db->escape($this->entity).")"; $result=$this->db->query($sql); dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); @@ -922,7 +922,7 @@ function create_from_contact($contact,$login='',$password='') $this->lastname = $contact->lastname; $this->firstname = $contact->firstname; $this->email = $contact->email; - $this->skype = $contact->skype; + $this->skype = $contact->skype; $this->office_phone = $contact->phone_pro; $this->office_fax = $contact->fax; $this->user_mobile = $contact->phone_mobile; diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php index debf67f95ebc3..7820e40a395eb 100644 --- a/htdocs/user/class/usergroup.class.php +++ b/htdocs/user/class/usergroup.class.php @@ -589,7 +589,7 @@ function create($notrigger=0) $sql.= ") VALUES ("; $sql.= "'".$this->db->idate($now)."'"; $sql.= ",'".$this->db->escape($this->nom)."'"; - $sql.= ",".$entity; + $sql.= ",".$this->db->escape($entity); $sql.= ")"; dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); @@ -640,7 +640,7 @@ function update($notrigger=0) $sql = "UPDATE ".MAIN_DB_PREFIX."usergroup SET "; $sql.= " nom = '" . $this->db->escape($this->nom) . "'"; - $sql.= ", entity = " . $entity; + $sql.= ", entity = " . $this->db->escape($entity); $sql.= ", note = '" . $this->db->escape($this->note) . "'"; $sql.= " WHERE rowid = " . $this->id; diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 32a4e9d25ec0d..d9ff9c7c71d0d 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -178,16 +178,16 @@ if (! $message) { - $object->lastname = GETPOST("lastname"); - $object->firstname = GETPOST("firstname"); - $object->login = GETPOST("login"); - $object->admin = GETPOST("admin"); - $object->office_phone = GETPOST("office_phone"); - $object->office_fax = GETPOST("office_fax"); + $object->lastname = GETPOST("lastname",'alpha'); + $object->firstname = GETPOST("firstname",'alpha'); + $object->login = GETPOST("login",'alpha'); + $object->admin = GETPOST("admin",'alpha'); + $object->office_phone = GETPOST("office_phone",'alpha'); + $object->office_fax = GETPOST("office_fax",'alpha'); $object->user_mobile = GETPOST("user_mobile"); $object->skype = GETPOST("skype"); - $object->email = GETPOST("email"); - $object->job = GETPOST("job"); + $object->email = GETPOST("email",'alpha'); + $object->job = GETPOST("job",'alpha'); $object->signature = GETPOST("signature"); $object->accountancy_code = GETPOST("accountancy_code"); $object->note = GETPOST("note"); @@ -200,6 +200,7 @@ // If multicompany is off, admin users must all be on entity 0. if (! empty($conf->multicompany->enabled)) { + $entity=GETPOST('entity','int'); if (! empty($_POST["superadmin"])) { $object->entity = 0; @@ -210,12 +211,12 @@ } else { - $object->entity = (empty($_POST["entity"]) ? 0 : $_POST["entity"]); + $object->entity = (empty($entity) ? 0 : $entity); } } else { - $object->entity = (empty($_POST["entity"]) ? 0 : $_POST["entity"]); + $object->entity = (empty($entity) ? 0 : $entity); } $db->begin(); @@ -316,17 +317,17 @@ $object->oldcopy=dol_clone($object); - $object->lastname = GETPOST("lastname"); - $object->firstname = GETPOST("firstname"); - $object->login = GETPOST("login"); + $object->lastname = GETPOST("lastname",'alpha'); + $object->firstname = GETPOST("firstname",'alpha'); + $object->login = GETPOST("login",'alpha'); $object->pass = GETPOST("password"); $object->admin = empty($user->admin)?0:GETPOST("admin"); // A user can only be set admin by an admin - $object->office_phone=GETPOST("office_phone"); - $object->office_fax = GETPOST("office_fax"); + $object->office_phone=GETPOST("office_phone",'alpha'); + $object->office_fax = GETPOST("office_fax",'alpha'); $object->user_mobile= GETPOST("user_mobile"); - $object->skype =GETPOST("skype"); - $object->email = GETPOST("email"); - $object->job = GETPOST("job"); + $object->skype = GETPOST("skype"); + $object->email = GETPOST("email",'alpha'); + $object->job = GETPOST("job",'alpha'); $object->signature = GETPOST("signature"); $object->accountancy_code = GETPOST("accountancy_code"); $object->openid = GETPOST("openid"); @@ -384,8 +385,8 @@ $contact->fetch($contactid); $sql = "UPDATE ".MAIN_DB_PREFIX."user"; - $sql.= " SET fk_socpeople=".$contactid; - if ($contact->socid) $sql.=", fk_societe=".$contact->socid; + $sql.= " SET fk_socpeople=".$db->escape($contactid); + if ($contact->socid) $sql.=", fk_societe=".$db->escape($contact->socid); $sql.= " WHERE rowid=".$object->id; } else