From cc37a7d84823b6db24ae6a09d53451ec0c841a35 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Jun 2017 13:11:34 +0200 Subject: [PATCH 01/12] Fix parenthesis --- .../prelevement/class/bonprelevement.class.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 9b86bd668971a..0785efe6b1ade 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -252,7 +252,7 @@ function addline(&$line_id, $client_id, $client_nom, $amount, $code_banque, $cod function getErrorString($error) { global $langs; - + $errors = array(); $errors[1027] = $langs->trans("DateInvalid"); @@ -920,7 +920,7 @@ function Create($banque=0, $agence=0, $mode='real') $dir=$conf->prelevement->dir_output.'/receipts'; if (! is_dir($dir)) dol_mkdir($dir); - + $this->filename = $dir.'/'.$ref.'.xml'; // Create withdraw receipt in database @@ -1028,7 +1028,7 @@ function Create($banque=0, $agence=0, $mode='real') $this->emetteur_bic = $account->bic; $this->emetteur_ics = $conf->global->PRELEVEMENT_ICS; // Ex: PRELEVEMENT_ICS = "FR78ZZZ123456"; - + $this->raison_sociale = $account->proprio; } @@ -1572,7 +1572,7 @@ function EnregDestinataireSEPA($row_code_client, $row_nom, $row_address, $row_zi $XML_DEBITOR .=' '.strtoupper(dolEscapeXML(dol_string_unaccent($row_nom))).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$row_country_code.''.$CrLf; - $XML_DEBITOR .=' '.dolEscapeXML(dol_trunc(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => "")))),70,'right','UTF-8',true).''.$CrLf; + $XML_DEBITOR .=' '.dolEscapeXML(dol_trunc(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => ""))),70,'right','UTF-8',true)).''.$CrLf; $XML_DEBITOR .=' '.dolEscapeXML(dol_string_unaccent($row_zip.' '.$row_town)).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$CrLf; @@ -1668,7 +1668,7 @@ function EnregEmetteur() * @return string String with SEPA Sender */ function EnregEmetteurSEPA($configuration, $ladate, $nombre, $total, $CrLf='\n') - { + { // SEPA INITIALISATION global $conf; @@ -1687,12 +1687,12 @@ function EnregEmetteurSEPA($configuration, $ladate, $nombre, $total, $CrLf='\n') $this->emetteur_number_key = $account->cle_rib; $this->emetteur_iban = $account->iban; $this->emetteur_bic = $account->bic; - + $this->emetteur_ics = $conf->global->PRELEVEMENT_ICS; // Ex: PRELEVEMENT_ICS = "FR78ZZZ123456"; - + $this->raison_sociale = $account->proprio; } - + // Récupération info demandeur $sql = "SELECT rowid, ref"; $sql.= " FROM"; From d037515e37938161982583d866c598fc03061c9d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 29 May 2017 09:57:05 +0200 Subject: [PATCH 02/12] FIX SQL injection on user/index.php parameter search_statut. Conflicts: htdocs/user/index.php --- htdocs/core/lib/functions.lib.php | 3 ++ htdocs/user/index.php | 58 +++++++++++++++---------------- 2 files changed, 32 insertions(+), 29 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 3ced09db55203..a212b82c18fcb 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -250,6 +250,9 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL) case 'int': if (! is_numeric($out)) { $out=''; } break; + case 'intcomma': + if (preg_match('/[^0-9,]+/i',$out)) $out=''; + break; case 'alpha': $out=trim($out); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. diff --git a/htdocs/user/index.php b/htdocs/user/index.php index 5d8f02e1c32e6..669152cb145f5 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -100,7 +100,7 @@ // Extra fields if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) { - foreach($extrafields->attribute_label as $key => $val) + foreach($extrafields->attribute_label as $key => $val) { $arrayfields["ef.".$key]=array('label'=>$extrafields->attribute_label[$key], 'checked'=>$extrafields->attribute_list[$key], 'position'=>$extrafields->attribute_pos[$key], 'enabled'=>$extrafields->attribute_perms[$key]); } @@ -116,9 +116,9 @@ $search_employee=GETPOST('search_employee','alpha'); $search_accountancy_code=GETPOST('search_accountancy_code','alpha'); $search_email=GETPOST('search_email','alpha'); -$search_statut=GETPOST('search_statut','alpha'); +$search_statut=GETPOST('search_statut','intcomma'); $search_thirdparty=GETPOST('search_thirdparty','alpha'); -$search_supervisor=GETPOST('search_supervisor','alpha'); +$search_supervisor=GETPOST('search_supervisor','intcomma'); $search_previousconn=GETPOST('search_previousconn','alpha'); $optioncss = GETPOST('optioncss','alpha'); @@ -131,7 +131,7 @@ /* * Actions */ - + $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); @@ -196,8 +196,8 @@ } if ($socid > 0) $sql.= " AND u.fk_soc = ".$socid; //if ($search_user != '') $sql.=natural_search(array('u.login', 'u.lastname', 'u.firstname'), $search_user); -if ($search_supervisor > 0) $sql.= " AND u.fk_user = ".$search_supervisor; -if ($search_thirdparty != '') $sql.=natural_search(array('s.nom'), $search_thirdparty); +if ($search_supervisor > 0) $sql.= " AND u.fk_user = ".$db->escape($search_supervisor); +if ($search_thirdparty != '') $sql.= natural_search(array('s.nom'), $search_thirdparty); if ($search_login != '') $sql.= natural_search("u.login", $search_login); if ($search_lastname != '') $sql.= natural_search("u.lastname", $search_lastname); if ($search_firstname != '') $sql.= natural_search("u.firstname", $search_firstname); @@ -206,9 +206,9 @@ $sql .= ' AND u.employee = '.(int) $search_employee; } if ($search_accountancy_code != '') $sql.= natural_search("u.accountancy_code", $search_accountancy_code); -if ($search_email != '') $sql.= natural_search("u.email", $search_email); -if ($search_statut != '' && $search_statut >= 0) $sql.= " AND (u.statut=".$search_statut.")"; -if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall); +if ($search_email != '') $sql.= natural_search("u.email", $search_email); +if ($search_statut != '' && $search_statut >= 0) $sql.= " AND u.statut IN (".$db->escape($search_statut).")"; +if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall); // Add where from extra fields foreach ($search_array_options as $key => $val) { @@ -217,7 +217,7 @@ $typ=$extrafields->attribute_type[$tmpkey]; $mode=0; if (in_array($typ, array('int','double'))) $mode=1; // Search on a numeric - if ($val && ( ($crit != '' && ! in_array($typ, array('select'))) || ! empty($crit))) + if ($val && ( ($crit != '' && ! in_array($typ, array('select'))) || ! empty($crit))) { $sql .= natural_search('ef.'.$tmpkey, $crit, $mode); } @@ -265,27 +265,27 @@ $crit=$val; $tmpkey=preg_replace('/search_options_/','',$key); if ($val != '') $param.='&search_options_'.$tmpkey.'='.urlencode($val); - } - - + } + + print '
'."\n"; if ($optioncss != '') print ''; print ''; print ''; print ''; print ''; - + if ($sall) { foreach($fieldstosearchall as $key => $val) $fieldstosearchall[$key]=$langs->trans($val); print $langs->trans("FilterOnInto", $sall) . join(', ',$fieldstosearchall); } - + $moreforfilter=''; - + $varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage; $selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields - + print ''; print ''; if (! empty($arrayfields['u.login']['checked'])) print_liste_field_titre($langs->trans("Login"),$_SERVER['PHP_SELF'],"u.login",$param,"","",$sortfield,$sortorder); @@ -303,9 +303,9 @@ // Extra fields if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) { - foreach($extrafields->attribute_label as $key => $val) + foreach($extrafields->attribute_label as $key => $val) { - if (! empty($arrayfields["ef.".$key]['checked'])) + if (! empty($arrayfields["ef.".$key]['checked'])) { $align=$extrafields->getAlignFlag($key); print_liste_field_titre($extralabels[$key],$_SERVER["PHP_SELF"],"ef.".$key,"",$param,($align?'align="'.$align.'"':''),$sortfield,$sortorder); @@ -340,7 +340,7 @@ { print ''; } if (! empty($arrayfields['u.employee']['checked'])) @@ -380,9 +380,9 @@ // Extra fields if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) { - foreach($extrafields->attribute_label as $key => $val) + foreach($extrafields->attribute_label as $key => $val) { - if (! empty($arrayfields["ef.".$key]['checked'])) + if (! empty($arrayfields["ef.".$key]['checked'])) { $align=$extrafields->getAlignFlag($key); $typeofextrafield=$extrafields->attribute_type[$key]; @@ -428,7 +428,7 @@ $searchpitco=$form->showFilterAndCheckAddButtons(0); print $searchpitco; print ''; - + print "\n"; $user2=new User($db); @@ -451,7 +451,7 @@ $userstatic->lastname=$obj->lastname; $userstatic->employee=$obj->employee; $userstatic->photo=$obj->photo; - + $li=$userstatic->getNomUrl(-1,'',0,0,24,1,'login'); print ""; @@ -564,8 +564,8 @@ } } print ''; - } - + } + // Date last login if (! empty($arrayfields['u.datelastlogin']['checked'])) { @@ -576,13 +576,13 @@ { print ''; } - + // Extra fields if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) { - foreach($extrafields->attribute_label as $key => $val) + foreach($extrafields->attribute_label as $key => $val) { - if (! empty($arrayfields["ef.".$key]['checked'])) + if (! empty($arrayfields["ef.".$key]['checked'])) { print 'getAlignFlag($key); From 9c482b9f2a021604e29b7321e2e18eed60d08932 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 10 Jun 2017 21:37:27 +0200 Subject: [PATCH 03/12] FIX CVE-2017-7886 --- htdocs/core/datepicker.php | 2 +- htdocs/core/get_menudiv.php | 2 +- htdocs/core/lib/functions.lib.php | 106 +++++++++++++++--------------- htdocs/core/search_page.php | 8 +-- htdocs/externalsite/frames.php | 2 +- htdocs/install/inc.php | 6 +- htdocs/main.inc.php | 4 +- htdocs/master.inc.php | 2 +- htdocs/support/inc.php | 2 +- htdocs/theme/eldy/style.css.php | 12 ++-- htdocs/theme/md/style.css.php | 52 +++++++-------- 11 files changed, 99 insertions(+), 99 deletions(-) diff --git a/htdocs/core/datepicker.php b/htdocs/core/datepicker.php index 63b765fbadb29..99bf9b15a801c 100644 --- a/htdocs/core/datepicker.php +++ b/htdocs/core/datepicker.php @@ -39,7 +39,7 @@ require_once '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; -if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php +if (GETPOST('lang', 'aZ09')) $langs->setDefaultLang(GETPOST('lang', 'aZ09')); // If language was forced on URL by the main.inc.php $langs->load("main"); $langs->load("agenda"); $right=($langs->trans("DIRECTION")=='rtl'?'left':'right'); diff --git a/htdocs/core/get_menudiv.php b/htdocs/core/get_menudiv.php index 655e10afd6731..f8b3a652e088a 100644 --- a/htdocs/core/get_menudiv.php +++ b/htdocs/core/get_menudiv.php @@ -35,7 +35,7 @@ require_once '../main.inc.php'; -if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php +if (GETPOST('lang', 'aZ09')) $langs->setDefaultLang(GETPOST('lang', 'aZ09')); // If language was forced on URL by the main.inc.php $langs->load("main"); $right=($langs->trans("DIRECTION")=='rtl'?'left':'right'); $left=($langs->trans("DIRECTION")=='rtl'?'right':'left'); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index a212b82c18fcb..c4674fbe5a0af 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -191,7 +191,7 @@ function getBrowserInfo($user_agent) elseif (preg_match('/opera(\/|\s)([\d\.]*)/i', $user_agent, $reg)) { $name='opera'; $version=$reg[2]; } elseif (preg_match('/(MSIE\s([0-9]+\.[0-9]))|.*(Trident\/[0-9]+.[0-9];\srv:([0-9]+\.[0-9]+))/i', $user_agent, $reg)) { $name='ie'; $version=end($reg); } // MS products at end elseif (preg_match('/l(i|y)n(x|ks)(\(|\/|\s)*([\d\.]+)/i', $user_agent, $reg)) { $name='lynxlinks'; $version=$reg[4]; } - + if ($tablet) { $layout = 'tablet'; } elseif ($phone) { @@ -269,7 +269,7 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL) break; case 'aZ09': $out=trim($out); - if (preg_match('/[^a-z0-9]+/i',$out)) $out=''; + if (preg_match('/[^a-z0-9_\-]+/i',$out)) $out=''; break; case 'array': if (! is_array($out) || empty($out)) $out=array(); @@ -290,13 +290,13 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL) * This prefix is unique for instance and avoid conflict between multi-instances, * even when having two instances with one root dir or two instances in virtual servers * - * @param string $mode '' or 'email' + * @param string $mode '' or 'email' * @return string A calculated prefix */ function dol_getprefix($mode='') { global $conf; - + // If MAIL_PREFIX_FOR_EMAIL_ID is set and prefix is for email if ($mode == 'email' && ! empty($conf->global->MAIL_PREFIX_FOR_EMAIL_ID)) { @@ -378,15 +378,15 @@ function dol_buildpath($path, $type=0) if ($type == 1) $res = DOL_URL_ROOT.'/'.$path; // Standard value if ($type == 2) $res = DOL_MAIN_URL_ROOT.'/'.$path; // Standard value if ($type == 3) $res = DOL_URL_ROOT.'/'.$path; - + foreach ($conf->file->dol_document_root as $key => $dirroot) // ex: array(["main"]=>"/home/main/htdocs", ["alt0"]=>"/home/dirmod/htdocs", ...) { - if ($key == 'main') + if ($key == 'main') { if ($type == 3) { global $dolibarr_main_url_root; - + // Define $urlwithroot $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root)); $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file @@ -413,12 +413,12 @@ function dol_buildpath($path, $type=0) if ($type == 3) { global $dolibarr_main_url_root; - + // Define $urlwithroot $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root)); $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current - + $res=(preg_match('/^http/i',$conf->file->dol_url_root[$key])?'':$urlwithroot).$conf->file->dol_url_root[$key].'/'.$path; // Test on start with http is for old conf syntax } break; @@ -957,7 +957,7 @@ function dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='r $maxvisiblephotos=(isset($conf->global->PRODUCT_MAX_VISIBLE_PHOTO)?$conf->global->PRODUCT_MAX_VISIBLE_PHOTO:5); if ($conf->browser->phone) $maxvisiblephotos=1; if ($showimage) $morehtmlleft.='
'.$object->show_photos($conf->product->multidir_output[$object->entity],'small',$maxvisiblephotos,0,0,0,$width,0).'
'; - else + else { if (!empty($conf->global->PRODUCT_NODISPLAYIFNOPHOTO)) { $nophoto=''; @@ -967,17 +967,17 @@ function dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='r $nophoto='/public/theme/common/nophoto.png'; $morehtmlleft.='
No photo
'; } - + } } - else + else { if ($showimage) $morehtmlleft.='
'.$form->showphoto($modulepart,$object,0,0,0,'photoref','small',1,0,$maxvisiblephotos).'
'; } if ($showbarcode) $morehtmlleft.='
'.$form->showbarcode($object).'
'; if ($object->element == 'societe' && ! empty($conf->use_javascript_ajax) && $user->rights->societe->creer && ! empty($conf->global->MAIN_DIRECT_STATUS_UPDATE)) { $morehtmlright.=ajax_object_onoff($object, 'status', 'status', 'InActivity', 'ActivityCeased'); - } + } elseif ($object->element == 'product') { //$morehtmlright.=$langs->trans("Status").' ('.$langs->trans("Sell").') '; @@ -999,7 +999,7 @@ function dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='r } if (! empty($object->name_alias)) $morehtmlref.='
'.$object->name_alias.'
'; // For thirdparty if (! empty($object->label)) $morehtmlref.='
'.$object->label.'
'; // For product - if ($object->element != 'product') + if ($object->element != 'product') { $morehtmlref.='
'; $morehtmlref.=$object->getBannerAddress('refaddress',$object); @@ -1184,9 +1184,9 @@ function dol_print_date($time,$format='',$tzoutput='tzserver',$outputlangs='',$e $reduceformat=(! empty($conf->dol_optimize_smallscreen) && in_array($format,array('day','dayhour')))?1:0; $formatwithoutreduce = preg_replace('/reduceformat/','',$format); if ($formatwithoutreduce != $format) { $format = $formatwithoutreduce; $reduceformat=1; } // so format 'dayreduceformat' is processed like day - + // Change predefined format into computer format. If found translation in lang file we use it, otherwise we use default. - // TODO Add format daysmallyear and dayhoursmallyear + // TODO Add format daysmallyear and dayhoursmallyear if ($format == 'day') $format=($outputlangs->trans("FormatDateShort")!="FormatDateShort"?$outputlangs->trans("FormatDateShort"):$conf->format_date_short); else if ($format == 'hour') $format=($outputlangs->trans("FormatHourShort")!="FormatHourShort"?$outputlangs->trans("FormatHourShort"):$conf->format_hour_short); else if ($format == 'hourduration') $format=($outputlangs->trans("FormatHourShortDuration")!="FormatHourShortDuration"?$outputlangs->trans("FormatHourShortDuration"):$conf->format_hour_short_duration); @@ -1957,7 +1957,7 @@ function dol_print_graph($htmlid,$width,$height,$data,$showlegend=0,$type='pie', print '
'.$langs->trans("NotEnoughDataYet").'
'; return; } - + if (empty($conf->use_javascript_ajax)) return; $jsgraphlib='flot'; $datacolor=array(); @@ -2126,7 +2126,7 @@ function dol_trunc($string,$size=40,$trunc='right',$stringencoding='UTF-8',$nodo global $conf; if ($size==0 || ! empty($conf->global->MAIN_DISABLE_TRUNC)) return $string; - + if (empty($stringencoding)) $stringencoding='UTF-8'; // reduce for small screen if ($conf->dol_optimize_smallscreen==1 && $display==1) $size = round($size/3); @@ -3076,7 +3076,7 @@ function load_fiche_titre($titre, $mesg='', $picto='title_generic.png', $pictois * @param string $options parametres complementaires lien ('' par defaut) * @param string $sortfield champ de tri ('' par defaut) * @param string $sortorder ordre de tri ('' par defaut) - * @param string $center chaine du centre ('' par defaut). We often find here string $massaction comming from $form->selectMassAction() + * @param string $center chaine du centre ('' par defaut). We often find here string $massaction comming from $form->selectMassAction() * @param int $num number of records found by select with limit+1 * @param int $totalnboflines Total number of records/lines for all pages (if known). Use a negative value to no show number. * @param string $picto Icon to use before title (should be a 32x32 transparent png file) @@ -3090,11 +3090,11 @@ function load_fiche_titre($titre, $mesg='', $picto='title_generic.png', $pictois function print_barre_liste($titre, $page, $file, $options='', $sortfield='', $sortorder='', $center='', $num=-1, $totalnboflines=0, $picto='title_generic.png', $pictoisfullpath=0, $morehtml='', $morecss='', $limit=-1, $hideselectlimit=0) { global $conf,$langs; - + $savlimit = $limit; $savtotalnboflines = $totalnboflines; $totalnboflines=abs($totalnboflines); - + if ($picto == 'setup') $picto='title_setup.png'; if (($conf->browser->name == 'ie') && $picto=='title_generic.png') $picto='title.gif'; if ($limit < 0) $limit = $conf->liste_limit; @@ -3107,7 +3107,7 @@ function print_barre_liste($titre, $page, $file, $options='', $sortfield='', $so $nextpage = 0; } //print 'totalnboflines='.$totalnboflines.'-savlimit='.$savlimit.'-limit='.$limit.'-num='.$num.'-nextpage='.$nextpage; - + print "\n"; print "\n"; print '
'; $arraygender=array('man'=>$langs->trans("Genderman"),'woman'=>$langs->trans("Genderwoman")); - print $form->selectarray('search_gender', $arraygender, $search_gender, 1); + print $form->selectarray('search_gender', $arraygender, $search_gender, 1); print '
'.dol_print_date($db->jdate($obj->datepreviouslogin),"dayhour").'
'; @@ -3206,7 +3206,7 @@ function print_fleche_navigation($page, $file, $options='', $nextpage=0, $betwee //$pagesizechoices.=',0:'.$langs->trans("All"); // Not yet supported //$pagesizechoices.=',2:2'; if (! empty($conf->global->MAIN_PAGESIZE_CHOICES)) $pagesizechoices=$conf->global->MAIN_PAGESIZE_CHOICES; - + print ''; - print ''; + print price($prevsits_total_amount, 0, $langs, 1, -1, -1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency) ); + + print ''; + // Previous situation(s) deduction(s) for ($i = 0; $i < $cprevsits; $i++) { @@ -3348,10 +3349,10 @@ print $prevsits[$i]->situation_counter; print ''; - print ''; - print ''; + print ''; + } } } From e4c7f584e3cf21108cad67b389eecf5b3d6b93bf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Jun 2017 11:45:21 +0200 Subject: [PATCH 07/12] Fix option STOCK_SUPPORTS_SERVICES (stock not visible when it should) --- htdocs/product/list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 40dcd116ab4f0..7fd4135bd4ace 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -628,9 +628,9 @@ $product_static->status = $objp->tosell; $product_static->entity = $objp->entity; - if (! empty($conf->stock->enabled) && $user->rights->stock->lire && $type != 1) // To optimize call of load_stock + if ((! empty($conf->stock->enabled) && $user->rights->stock->lire && $type != 1) || ! empty($conf->global->STOCK_DISABLE_OPTIM_LOAD)) // To optimize call of load_stock { - if ($objp->fk_product_type != 1) // Not a service + if ($objp->fk_product_type != 1 || ! empty($conf->global->STOCK_SUPPORTS_SERVICES)) // Not a service { $product_static->load_stock('nobatch'); // Load stock_reel + stock_warehouse. This also call load_virtual_stock() } From f2961b8652dce6ff9cf86a3d1fb4c1ab042a7c3e Mon Sep 17 00:00:00 2001 From: phf Date: Tue, 13 Jun 2017 12:30:30 +0200 Subject: [PATCH 08/12] Fix 6993 - supplier propal check min price on update line --- htdocs/supplier_proposal/card.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index ea0ecc12f891d..55da718cebc01 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -808,11 +808,6 @@ $price_min = $product->multiprices_min [$object->thirdparty->price_level]; $label = ((GETPOST('update_label') && GETPOST('product_label')) ? GETPOST('product_label') : ''); - - if ($price_min && (price2num($pu_ht) * (1 - price2num(GETPOST('remise_percent')) / 100) < price2num($price_min))) { - setEventMessages($langs->trans("CantBeLessThanMinPrice", price(price2num($price_min, 'MU'), 0, $langs, 0, 0, - 1, $conf->currency)), null, 'errors'); - $error ++; - } } else { $type = GETPOST('type'); $label = (GETPOST('product_label') ? GETPOST('product_label') : ''); From 9b979e3cb765744b1c443d7c8811a0a1b9238a60 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Jun 2017 13:44:18 +0200 Subject: [PATCH 09/12] Fix wrong warning when user is disabled --- htdocs/user/card.php | 48 ++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 2d5ace3380923..a48d7e499fb6d 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -299,7 +299,7 @@ } } - if ($action == 'update' && ! $cancel) + if ($action == 'update' && ! $cancel) { require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; @@ -318,7 +318,7 @@ $error ++; } - if (!$error) + if (!$error) { $object->fetch($id); @@ -455,7 +455,7 @@ setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors'); } else { // Create thumbs - $object->addThumbs($newfile); + $object->addThumbs($newfile); } } else { $error ++; @@ -464,7 +464,7 @@ } } } - + if (! $error && ! count($object->errors)) { // Then we add the associated categories @@ -475,7 +475,7 @@ if (!$error && !count($object->errors)) { setEventMessages($langs->trans("UserModified"), null, 'mesgs'); $db->commit(); - + $login = $_SESSION["dol_login"]; if ($login && $login == $object->oldcopy->login && $object->oldcopy->login != $object->login) // Current user has changed its login { @@ -494,11 +494,11 @@ if ($caneditpassword) // Case we can edit only password { dol_syslog("Not allowed to change fields, only password"); - + $object->fetch($id); - + $object->oldcopy = clone $object; - + $ret = $object->setPassword($user, GETPOST("password")); if ($ret < 0) { @@ -1059,7 +1059,7 @@ print ''; print ''; print "\n"; - + // Date employment print ''; print ''; } - + // Categories - if (! empty($conf->categorie->enabled) && ! empty($user->rights->categorie->lire)) + if (! empty($conf->categorie->enabled) && ! empty($user->rights->categorie->lire)) { print '"; } - + // Note print ''; print '\n"; } } - + if (isset($conf->file->main_authentication) && preg_match('/openid/',$conf->file->main_authentication) && ! empty($conf->global->MAIN_OPENIDURL_PERUSER)) { print ''; print ''; print "\n"; } - + print ''; print ''; print "\n"; - + print ''; print ''; print "\n"; - + // Other attributes $parameters=array(); $reshook=$hookmanager->executeHooks('formObjectOptions',$parameters,$object,$action); // Note that $action and $object may have been modified by hook @@ -1505,7 +1505,7 @@ { print $object->showOptionals($extrafields); } - + // Company / Contact if (! empty($conf->societe->enabled)) { @@ -1673,7 +1673,7 @@ print ''; print ''; } - + print '
'; + print ''; $prevsits_total_amount = 0; foreach ($prevsits as $situation) { @@ -3335,9 +3335,10 @@ } $prevsits_total_amount += $object->total_ht; - print price($prevsits_total_amount); - print '' . $langs->trans('Currency' . $conf->currency) . '
'; - print '- ' . price($prevsits[$i]->total_ht); - print '' . $langs->trans('Currency' . $conf->currency) . '
'; + print '- ' . price($prevsits[$i]->total_ht, 0, $langs, 1, -1, -1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency) ); + print '
'.$langs->trans("DateEmployment").''; @@ -1084,9 +1084,9 @@ print $formother->selectColor(GETPOST('color')?GETPOST('color'):$object->color, 'color', null, 1, '', 'hideifnotset'); print '
' . fieldLabel('Categories', 'usercats') . ''; $cate_arbo = $form->select_all_categories('user', null, 'parent', null, null, 1); @@ -1094,7 +1094,7 @@ null, '90%' ); print "
'; print $langs->trans("Note"); @@ -1137,10 +1137,10 @@ $object->fetch($id); if ($res < 0) { dol_print_error($db,$object->error); exit; } $res=$object->fetch_optionals($object->id,$extralabels); - + // Check if user has rights $object->getrights(); - if(empty($object->nb_rights)) setEventMessages($langs->trans('UserHasNoPermissions'), null, 'warnings'); + if (empty($object->nb_rights) && $object->statut != 0) setEventMessages($langs->trans('UserHasNoPermissions'), null, 'warnings'); // Connexion ldap // pour recuperer passDoNotExpire et userChangePassNextLogon @@ -1455,7 +1455,7 @@ } // Categories - if (! empty($conf->categorie->enabled) && ! empty($user->rights->categorie->lire)) + if (! empty($conf->categorie->enabled) && ! empty($user->rights->categorie->lire)) { print '
' . $langs->trans( "Categories" ) . ''; @@ -1482,22 +1482,22 @@ print "
'.$langs->trans("OpenIDURL").''.$object->openid.'
'.$langs->trans("LastConnexion").''.dol_print_date($object->datelastlogin,"dayhour").'
'.$langs->trans("PreviousConnexion").''.dol_print_date($object->datepreviouslogin,"dayhour").'
'."\n"; print ''."\n"; if(! empty($conf->multicompany->enabled) && !empty($conf->multicompany->transverse_mode) && $conf->entity == 1 && $user->admin && ! $user->entity) @@ -1765,7 +1765,7 @@ } print "
'.$langs->trans("Groups").'
"; - + if ($caneditgroup) { print '
'; @@ -2237,9 +2237,9 @@ print $form->showphoto('userphoto',$object,60,0,$caneditfield,'photowithmargin','small'); print ''; print ''; - + // Categories - if (!empty( $conf->categorie->enabled ) && !empty( $user->rights->categorie->lire )) + if (!empty( $conf->categorie->enabled ) && !empty( $user->rights->categorie->lire )) { print '' . fieldLabel( 'Categories', 'usercats' ) . ''; print ''; From 70c7bcc85fae6b43d1ce4e1045c63ff7f7cf100e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Jun 2017 15:57:30 +0200 Subject: [PATCH 10/12] Complete css to get value unique --- htdocs/core/lib/functions.lib.php | 2 +- htdocs/core/menus/standard/auguria.lib.php | 33 ++++++++++++---------- htdocs/core/menus/standard/eldy.lib.php | 9 ++++-- htdocs/core/menus/standard/empty.php | 20 +++++++------ 4 files changed, 37 insertions(+), 27 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 3ed597d50e5f0..f0819570c10a9 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -611,7 +611,7 @@ function dol_string_unaccent($str) */ function dol_string_nospecial($str,$newstr='_',$badcharstoreplace='') { - $forbidden_chars_to_replace=array(" ","'","/","\\",":","*","?","\"","<",">","|","[","]",",",";","="); + $forbidden_chars_to_replace=array(" ", "'", "/", "\\", ":", "*", "?", "\"", "<", ">", "|", "[", "]", ",", ";", "="); $forbidden_chars_to_remove=array(); if (is_array($badcharstoreplace)) $forbidden_chars_to_replace=$badcharstoreplace; //$forbidden_chars_to_remove=array("(",")"); diff --git a/htdocs/core/menus/standard/auguria.lib.php b/htdocs/core/menus/standard/auguria.lib.php index 2c2d2c5ec63bf..4f8175c3fac09 100644 --- a/htdocs/core/menus/standard/auguria.lib.php +++ b/htdocs/core/menus/standard/auguria.lib.php @@ -54,20 +54,20 @@ function print_auguria_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$m if (empty($noout)) print_start_menu_array_auguria(); $usemenuhider = (GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER)); - + // Show/Hide vertical menu if ($mode != 'jmobile' && $mode != 'topnb' && $usemenuhider && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { $showmode=1; $classname = 'class="tmenu menuhider"'; $idsel='menu'; - + if (empty($noout)) print_start_menu_entry_auguria($idsel,$classname,$showmode); if (empty($noout)) print_text_menu_entry_auguria('', 1, '#', $id, $idsel, $classname, $atarget); if (empty($noout)) print_end_menu_entry_auguria($showmode); $menu->add('#', '', 0, $showmode, $atarget, "xxx", ''); } - + $num = count($newTabMenu); for($i = 0; $i < $num; $i++) { @@ -77,7 +77,7 @@ function print_auguria_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$m if ($showmode == 1) { $url = $shorturl = $newTabMenu[$i]['url']; - + if (! preg_match("/^(http:\/\/|https:\/\/)/i",$newTabMenu[$i]['url'])) { $tmp=explode('?',$newTabMenu[$i]['url'],2); @@ -85,11 +85,11 @@ function print_auguria_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$m $param = (isset($tmp[1])?$tmp[1]:''); // Complete param to force leftmenu to '' to closed opend menu when we click on a link with no leftmenu defined. - if ((! preg_match('/mainmenu/i',$param)) && (! preg_match('/leftmenu/i',$param)) && ! empty($newTabMenu[$i]['url'])) + if ((! preg_match('/mainmenu/i',$param)) && (! preg_match('/leftmenu/i',$param)) && ! empty($newTabMenu[$i]['url'])) { $param.=($param?'&':'').'mainmenu='.$newTabMenu[$i]['url'].'&leftmenu='; } - if ((! preg_match('/mainmenu/i',$param)) && (! preg_match('/leftmenu/i',$param)) && empty($newTabMenu[$i]['url'])) + if ((! preg_match('/mainmenu/i',$param)) && (! preg_match('/leftmenu/i',$param)) && empty($newTabMenu[$i]['url'])) { $param.=($param?'&':'').'leftmenu='; } @@ -136,7 +136,7 @@ function print_auguria_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$m function print_start_menu_array_auguria() { global $conf; - + print '
'; print '
    global->MAIN_OPTIMIZEFORTEXTBROWSER)?'':' title="Top menu"').'>'; } @@ -250,7 +250,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM $usemenuhider = (GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER)); global $usemenuhider; - + // Show logo company if (empty($noout) && ! empty($conf->global->MAIN_SHOW_LOGO) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { @@ -284,7 +284,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM print '
'."\n"; print "\n"; } - + // We update newmenu with entries found into database $menuArbo = new Menubase($db,'auguria'); $newmenu = $menuArbo->menuLeftCharger($newmenu,$mainmenu,$leftmenu,($user->societe_id?1:0),'auguria',$tabMenu); @@ -401,7 +401,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM for($j = ($i + 1); $j < $num; $j++) { if (empty($menu_array[$j]['level'])) $lastopened=false; - } + } if ($altok % 2 == 0) { print '
'."\n"; @@ -454,9 +454,12 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM // Menu niveau > 0 if ($menu_array[$i]['level'] > 0) { - if ($menu_array[$i]['enabled']) + $cssmenu = ''; + if ($menu_array[$i]['url']) $cssmenu = ' menu_contenu'.dol_string_nospecial(preg_replace('/\.php.*$/','',$menu_array[$i]['url'])); + + if ($menu_array[$i]['enabled']) { - print '
'.$tabstring; + print '
'.$tabstring; if ($menu_array[$i]['url']) print ''; else print ''; print $menu_array[$i]['titre']; @@ -468,7 +471,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM } else if ($showmenu) { - print '
'.$tabstring.''.$menu_array[$i]['titre'].'
'."\n"; + print '
'.$tabstring.''.$menu_array[$i]['titre'].'
'."\n"; } } @@ -480,7 +483,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM if ($blockvmenuopened) { print "
\n"; $blockvmenuopened=false; } } } - + if ($altok) print '
'; } @@ -493,7 +496,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM print '
'."\n"; print "\n"; } - + return count($menu_array); } diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index ca6791475a698..66fe9f993a955 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1561,9 +1561,12 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu // Menu niveau > 0 if ($menu_array[$i]['level'] > 0) { - if ($menu_array[$i]['enabled']) + $cssmenu = ''; + if ($menu_array[$i]['url']) $cssmenu = ' menu_contenu'.dol_string_nospecial(preg_replace('/\.php.*$/','',$menu_array[$i]['url'])); + + if ($menu_array[$i]['enabled']) { - print '
'.$tabstring; + print '
'.$tabstring; if ($menu_array[$i]['url']) print ''; else print ''; print $menu_array[$i]['titre']; @@ -1575,7 +1578,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu } else if ($showmenu) { - print '
'.$tabstring.''.$menu_array[$i]['titre'].'
'."\n"; + print '
'.$tabstring.''.$menu_array[$i]['titre'].'
'."\n"; } } diff --git a/htdocs/core/menus/standard/empty.php b/htdocs/core/menus/standard/empty.php index 6bc3df987ccd4..72dd10c7647a0 100644 --- a/htdocs/core/menus/standard/empty.php +++ b/htdocs/core/menus/standard/empty.php @@ -82,7 +82,7 @@ function showmenu($mode, $moredata=null) { return 1; } - + if ($mode == 'top' || $mode == 'jmobile') { if (empty($noout)) print_start_menu_array_empty(); @@ -98,13 +98,13 @@ function showmenu($mode, $moredata=null) $showmode=1; $classname = 'class="tmenu menuhider"'; $idsel='menu'; - + if (empty($noout)) print_start_menu_entry($idsel,$classname,$showmode); if (empty($noout)) print_text_menu_entry('', 1, '#', $id, $idsel, $classname, $atarget); if (empty($noout)) print_end_menu_entry($showmode); $menu->add('#', '', 0, $showmode, $atarget, "xxx", ''); - } - + } + if (empty($noout)) print_start_menu_entry_empty($idsel, $classname, $showmode); if (empty($noout)) print_text_menu_entry_empty($langs->trans("Home"), 1, dol_buildpath('/index.php',1).'?mainmenu=home&leftmenu=', $id, $idsel, $classname, $this->atarget); if (empty($noout)) print_end_menu_entry_empty($showmode); @@ -201,8 +201,12 @@ function showmenu($mode, $moredata=null) print '
'."\n"; } - if ($this->menu->liste[$i]['level'] > 0) { - print '
'; + if ($this->menu->liste[$i]['level'] > 0) + { + $cssmenu = ''; + if ($this->menu->liste[$i]['url']) $cssmenu = ' menu_contenu'.dol_string_nospecial(preg_replace('/\.php.*$/','',$this->menu->liste[$i]['url'])); + + print '
'; if ($this->menu->liste[$i]['enabled']) { @@ -229,7 +233,7 @@ function showmenu($mode, $moredata=null) print "
\n"; } } - + if ($altok) print '
'; } @@ -308,7 +312,7 @@ function showmenu($mode, $moredata=null) function print_start_menu_array_empty() { global $conf; - + print '
'; print '
    global->MAIN_OPTIMIZEFORTEXTBROWSER)?'':' title="Top menu"').'>'; } From 83a5b8e078ba57ba3d4070e5f3f2cb944c28e555 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Jun 2017 10:13:33 +0200 Subject: [PATCH 11/12] FIX Can set supplier invoice to billed. --- htdocs/fourn/commande/card.php | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index e9b143382adef..5bfae3c955f33 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -2585,19 +2585,29 @@ // Create bill if (! empty($conf->facture->enabled)) { - if (! empty($conf->fournisseur->enabled) && ($object->statut >= 2 && $object->billed != 1)) // 2 means accepted + if (! empty($conf->fournisseur->enabled) && ($object->statut >= 2 && $object->billed != 1)) // statut 2 means approved { if ($user->rights->fournisseur->facture->creer) { print ''.$langs->trans("CreateBill").''; } + } + } - if ($user->rights->fournisseur->commande->creer && $object->statut >= 2 && !empty($object->linkedObjectsIds['invoice_supplier'])) + // Classify billed manually (need one invoice if module invoice is on, no condition on invoice if not) + if ($user->rights->fournisseur->commande->creer && $object->statut >= 2 && $object->billed != 1) // statut 2 means approved + { + if (empty($conf->facture->enabled)) + { + print ''.$langs->trans("ClassifyBilled").''; + } + else if (!empty($object->linkedObjectsIds['invoice_supplier'])) + { + if ($user->rights->fournisseur->facture->creer) { - print ''.$langs->trans("ClassifyBilled").''; + print ''.$langs->trans("ClassifyBilled").''; } - } - + } } // Create a remote order using WebService only if module is activated From 0e867229dbd68bf0da952223677bebdb7714e037 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Jun 2017 10:28:02 +0200 Subject: [PATCH 12/12] FIX Can't create invoice if PO disapproved --- htdocs/fourn/commande/card.php | 56 +++++++++++++++++----------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 324c352e72c08..bc3c082220718 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -275,7 +275,7 @@ if ($action == 'addline' && $user->rights->fournisseur->commande->creer) { $db->begin(); - + $langs->load('errors'); $error = 0; @@ -441,7 +441,7 @@ $ht = $ttc / (1 + ($tva_tx / 100)); $price_base_type = 'HT'; } - + $pu_ht_devise = price2num($price_ht_devise, 'MU'); $result=$object->addline($desc, $ht, $qty, $tva_tx, $localtax1_tx, $localtax2_tx, 0, 0, '', $remise_percent, $price_base_type, $ttc, $type,'','', $date_start, $date_end, $array_options, $fk_unit, $pu_ht_devise); @@ -451,7 +451,7 @@ if (! $error && $result > 0) { $db->commit(); - + $ret=$object->fetch($object->id); // Reload to get new records // Define output language @@ -508,7 +508,7 @@ $db->rollback(); setEventMessages($object->error, $object->errors, 'errors'); } - + $action = ''; } @@ -543,7 +543,7 @@ $localtax1_tx=get_localtax($tva_tx,1,$mysoc,$object->thirdparty); $localtax2_tx=get_localtax($tva_tx,2,$mysoc,$object->thirdparty); - + $pu_ht_devise = GETPOST('multicurrency_subprice'); // Extrafields Lines @@ -1391,7 +1391,7 @@ // If not defined, set default value from constant if (empty($cond_reglement_id) && ! empty($conf->global->SUPPLIER_ORDER_DEFAULT_PAYMENT_TERM_ID)) $cond_reglement_id=$conf->global->SUPPLIER_ORDER_DEFAULT_PAYMENT_TERM_ID; if (empty($mode_reglement_id) && ! empty($conf->global->SUPPLIER_ORDER_DEFAULT_PAYMENT_MODE_ID)) $mode_reglement_id=$conf->global->SUPPLIER_ORDER_DEFAULT_PAYMENT_MODE_ID; - + print '
    '; print ''; print ''; @@ -1577,7 +1577,7 @@ elseif (! empty($object->id)) { $result = $object->fetch($id, $ref); - + $societe = new Fournisseur($db); $result=$societe->fetch($object->socid); if ($result < 0) dol_print_error($db); @@ -1587,7 +1587,7 @@ $res=$object->fetch_optionals($object->id,$extralabels); - + $head = ordersupplier_prepare_head($object); $title=$langs->trans("SupplierOrder"); @@ -1724,11 +1724,11 @@ // Print form confirm print $formconfirm; - + // Supplier order card $linkback = ''.$langs->trans("BackToList").''; - + $morehtmlref='
    '; // Ref supplier $morehtmlref.=$form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', 0, 1); @@ -1768,15 +1768,15 @@ } } $morehtmlref.='
    '; - - - dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); - + + + dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); + print '
    '; print '
    '; print '
    '; - + print ''; // Date @@ -1969,12 +1969,12 @@ include DOL_DOCUMENT_ROOT . '/core/tpl/extrafields_view.tpl.php'; print '
    '; - + print '
    '; print '
    '; print '
    '; print '
    '; - + print ''; if (!empty($conf->multicurrency->enabled)) @@ -1983,18 +1983,18 @@ print ''; print ''; print ''; - + // Multicurrency Amount VAT print ''; print ''; print ''; - + // Multicurrency Amount TTC print ''; print ''; print ''; } - + // Total print ''; print ''; @@ -2023,19 +2023,19 @@ print ''; print '
    ' . fieldLabel('MulticurrencyAmountHT','multicurrency_total_ht') . '' . price($object->multicurrency_total_ht, '', $langs, 0, - 1, - 1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency)) . '
    ' . fieldLabel('MulticurrencyAmountVAT','multicurrency_total_tva') . '' . price($object->multicurrency_total_tva, '', $langs, 0, - 1, - 1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency)) . '
    ' . fieldLabel('MulticurrencyAmountTTC','multicurrency_total_ttc') . '' . price($object->multicurrency_total_ttc, '', $langs, 0, - 1, - 1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency)) . '
    '.$langs->trans("AmountHT").''.price($object->total_ht,'',$langs,1,-1,-1,$conf->currency).'
    '; - + // Margin Infos /*if (! empty($conf->margin->enabled)) { $formmargin->displayMarginInfos($object); }*/ - - + + print '
    '; print '
    '; print '
    '; - + print '

    '; - + if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB)) { $blocname = 'contacts'; @@ -2591,7 +2591,7 @@ // Create bill if (! empty($conf->facture->enabled)) { - if (! empty($conf->fournisseur->enabled) && ($object->statut >= 2 && $object->billed != 1)) // statut 2 means approved + if (! empty($conf->fournisseur->enabled) && ($object->statut >= 2 && $object->statut != 7 && $object->billed != 1)) // statut 2 means approved, 7 means canceled { if ($user->rights->fournisseur->facture->creer) { @@ -2601,7 +2601,7 @@ } // Classify billed manually (need one invoice if module invoice is on, no condition on invoice if not) - if ($user->rights->fournisseur->commande->creer && $object->statut >= 2 && $object->billed != 1) // statut 2 means approved + if ($user->rights->fournisseur->commande->creer && $object->statut >= 2 && $object->statut != 7 && $object->billed != 1) // statut 2 means approved { if (empty($conf->facture->enabled)) { @@ -2706,7 +2706,7 @@ print ''; print ''; print load_fiche_titre($langs->trans("Receive"),'',''); - + print ''; //print ''; print '
    '.$langs->trans("Receive").'
    '.$langs->trans("DeliveryDate").'';