From f21ec76bc040638768dcd572e388ac020d2274ba Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 29 May 2017 21:16:37 +0200 Subject: [PATCH 01/39] Exclude dir --- build/makepack-dolibarr.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/build/makepack-dolibarr.pl b/build/makepack-dolibarr.pl index c06d8f0730fe7..1dbd6f6fd5e39 100755 --- a/build/makepack-dolibarr.pl +++ b/build/makepack-dolibarr.pl @@ -518,6 +518,7 @@ $ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/dolimed*`; $ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/dolimod*`; $ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/factory*`; + $ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/forceproject*`; $ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/lead*`; $ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/management*`; $ret=`rm -fr $BUILDROOT/$PROJECT/htdocs/multicompany*`; From eea6461369088e27ab0208d7c3313865ed6e2cac Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 29 May 2017 21:27:22 +0200 Subject: [PATCH 02/39] Update ChangeLog for 4.0.6 --- ChangeLog | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5fe3c74149929..e69b2a9d203e9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,29 @@ Upgrading to any other version or any other database system is abolutely require make a Dolibarr upgrade. +***** ChangeLog for 4.0.6 to 4.0.5 ***** +FIX: #6613 Default subject for Supplier proposal emails is filled with a non-existing key +FIX: #6623 User card shows "Return to list" link even if the user has no rights to list users +FIX: #6636 Complete fix +FIX: #6669 User with no permission to edit customer invoices can see a edit button in project entry +FIX: #6671 Cannot remove thirdparty type with "#" in its name +FIX: #6673 Missing "nature" table header in thirdparty list +FIX: #6675 Restricted user with no agenda permissions can see a button to create appointment in thirdparty contact list +FIX: #6677 Expired contracts dashboard box does not show the name of the thirdparty +FIX: #6679 User with restricted supplier invoice permissions can edit project, payment conditions, payment mode +FIX: #6680 User with restricted supplier invoice permissions sees "reopen" button even if he has no permission to do it +FIX: #6813 +FIX: Correction with author and validator user on orders +FIX: doactions hook missing in invoice model page +FIX: dont get empty "Incoterms : - " string if no incoterm +FIX: dont lose supplier ref if no supplier price in database +FIX: forgotten parameter for right multicompany use +FIX: global $dateSelector isn't the good one, then date selector on objectline_create tpl was hidden +FIX: limit+1 dosn't show Total line +FIX: supplier order line were always created with rang = 0 +FIX: All known CVE at the date 31th of may. + + ***** ChangeLog for 4.0.5 to 4.0.4 ***** FIX: #6234 FIX: #6259 From 8edce66c08679e79634d7a22c510317aeb3c2d68 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 29 May 2017 21:27:22 +0200 Subject: [PATCH 03/39] Update ChangeLog for 4.0.6 --- ChangeLog | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5fe3c74149929..e4c07380aae29 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,28 @@ Upgrading to any other version or any other database system is abolutely require make a Dolibarr upgrade. +***** ChangeLog for 4.0.6 to 4.0.5 ***** +FIX: #6613 Default subject for Supplier proposal emails is filled with a non-existing key +FIX: #6623 User card shows "Return to list" link even if the user has no rights to list users +FIX: #6636 Complete fix +FIX: #6669 User with no permission to edit customer invoices can see a edit button in project entry +FIX: #6671 Cannot remove thirdparty type with "#" in its name +FIX: #6673 Missing "nature" table header in thirdparty list +FIX: #6675 Restricted user with no agenda permissions can see a button to create appointment in thirdparty contact list +FIX: #6677 Expired contracts dashboard box does not show the name of the thirdparty +FIX: #6679 User with restricted supplier invoice permissions can edit project, payment conditions, payment mode +FIX: #6680 User with restricted supplier invoice permissions sees "reopen" button even if he has no permission to do it +FIX: #6813 +FIX: Correction with author and validator user on orders +FIX: doactions hook missing in invoice model page +FIX: dont get empty "Incoterms : - " string if no incoterm +FIX: dont lose supplier ref if no supplier price in database +FIX: forgotten parameter for right multicompany use +FIX: global $dateSelector isn't the good one, then date selector on objectline_create tpl was hidden +FIX: limit+1 dosn't show Total line +FIX: supplier order line were always created with rang = 0 + + ***** ChangeLog for 4.0.5 to 4.0.4 ***** FIX: #6234 FIX: #6259 From bd891ea56ab2de44ce7fc3f5ffe538d51ba7e9bc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 May 2017 00:26:02 +0200 Subject: [PATCH 04/39] Deploy to server works even when cloudflare is active. --- build/makepack-dolibarr.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/makepack-dolibarr.pl b/build/makepack-dolibarr.pl index 1dbd6f6fd5e39..20dfc2579aa78 100755 --- a/build/makepack-dolibarr.pl +++ b/build/makepack-dolibarr.pl @@ -19,7 +19,7 @@ # Change this to defined target for option 98 and 99 $PROJECT="dolibarr"; $PUBLISHSTABLE="eldy,dolibarr\@frs.sourceforge.net:/home/frs/project/dolibarr"; -$PUBLISHBETARC="ldestailleur\@asso.dolibarr.org:/home/dolibarr/dolibarr.org/httpdocs/files"; +$PUBLISHBETARC="ldestailleur\@vmprod.dolibarr.org:/home/dolibarr/dolibarr.org/httpdocs/files"; #@LISTETARGET=("TGZ","ZIP","RPM_GENERIC","RPM_FEDORA","RPM_MANDRIVA","RPM_OPENSUSE","DEB","APS","EXEDOLIWAMP","SNAPSHOT"); # Possible packages From 200f4010d89deb5487364b5ff74c2e396d6e1a55 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Tue, 30 May 2017 16:00:39 +0200 Subject: [PATCH 05/39] Fix special char and size limit in SEPA XML --- htdocs/compta/prelevement/class/bonprelevement.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index f007fa41d2189..814bece5bd182 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -1574,10 +1574,10 @@ function EnregDestinataireSEPA($row_code_client, $row_nom, $row_address, $row_zi $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$CrLf; - $XML_DEBITOR .=' '.strtoupper(dol_string_unaccent($row_nom)).''.$CrLf; + $XML_DEBITOR .=' '.strtoupper(dol_string_unaccent(dolEscapeXML($row_nom))).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$row_country_code.''.$CrLf; - $XML_DEBITOR .=' '.dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => ""))).''.$CrLf; + $XML_DEBITOR .=' '.dol_trunc(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => ""))),70,'right','UTF-8',true).''.$CrLf; $XML_DEBITOR .=' '.dol_string_unaccent($row_zip.' '.$row_town).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$CrLf; From 510b1aedcf12d2ce16780bb0fd185bbdbb9cdd68 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Tue, 30 May 2017 16:13:49 +0200 Subject: [PATCH 06/39] Fix xml SEPA $ListOfFactures not used and was listing all invoices in each XML line --- .../prelevement/class/bonprelevement.class.php | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 814bece5bd182..2bfed9b069672 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -1265,18 +1265,6 @@ function generate() * section Debiteur (sepa Debiteurs bloc lines) */ - $tmp_invoices = array(); - - $sql = "SELECT f.facnumber as fac FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl, ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."prelevement_facture as pf, ".MAIN_DB_PREFIX."societe as soc, ".MAIN_DB_PREFIX."c_country as p, ".MAIN_DB_PREFIX."societe_rib as rib WHERE pl.fk_prelevement_bons = ".$this->id." AND pl.rowid = pf.fk_prelevement_lignes AND pf.fk_facture = f.rowid AND soc.fk_pays = p.rowid AND soc.rowid = f.fk_soc AND rib.fk_soc = f.fk_soc AND rib.default_rib = 1"; - $resql=$this->db->query($sql); - if ($resql) { - while ($objfac = $this->db->fetch_object($resql)) { - $tmp_invoices[] = $objfac->fac; - } - } - - $ListOfFactures = implode($tmp_invoices); - $sql = "SELECT soc.code_client as code, soc.address, soc.zip, soc.town, c.code as country_code,"; $sql.= " pl.client_nom as nom, pl.code_banque as cb, pl.code_guichet as cg, pl.number as cc, pl.amount as somme,"; $sql.= " f.facnumber as fac, pf.fk_facture as idfac, rib.datec, rib.iban_prefix as iban, rib.bic as bic, rib.rowid as drum"; @@ -1303,7 +1291,7 @@ function generate() while ($i < $num) { $obj = $this->db->fetch_object($resql); - $fileDebiteurSection .= $this->EnregDestinataireSEPA($obj->code, $obj->nom, $obj->address, $obj->zip, $obj->town, $obj->country_code, $obj->cb, $obj->cg, $obj->cc, $obj->somme, $ListOfFactures, $obj->idfac, $obj->iban, $obj->bic, $this->db->jdate($obj->datec), $obj->drum); + $fileDebiteurSection .= $this->EnregDestinataireSEPA($obj->code, $obj->nom, $obj->address, $obj->zip, $obj->town, $obj->country_code, $obj->cb, $obj->cg, $obj->cc, $obj->somme, $obj->fac, $obj->idfac, $obj->iban, $obj->bic, $this->db->jdate($obj->datec), $obj->drum); $this->total = $this->total + $obj->somme; $i++; } From 7c29e286f82f2ca3d3a77a6b67d0534067bad6b0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 31 May 2017 13:31:17 +0200 Subject: [PATCH 07/39] Prepare 4.0.7 --- htdocs/filefunc.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index d2ca04278ff97..13349d3c1dabc 100644 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -31,7 +31,7 @@ */ if (! defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE','Dolibarr'); -if (! defined('DOL_VERSION')) define('DOL_VERSION','4.0.6'); +if (! defined('DOL_VERSION')) define('DOL_VERSION','4.0.7'); if (! defined('EURO')) define('EURO',chr(128)); From d70c14a411f520714656f2d5ca8c0a64d300742c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 31 May 2017 19:07:39 +0200 Subject: [PATCH 08/39] Update bonprelevement.class.php --- htdocs/compta/prelevement/class/bonprelevement.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 2bfed9b069672..dd6b773af9fd8 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -1562,11 +1562,11 @@ function EnregDestinataireSEPA($row_code_client, $row_nom, $row_address, $row_zi $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$CrLf; - $XML_DEBITOR .=' '.strtoupper(dol_string_unaccent(dolEscapeXML($row_nom))).''.$CrLf; + $XML_DEBITOR .=' '.strtoupper(dolEscapeXML(dol_string_unaccent($row_nom))).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$row_country_code.''.$CrLf; $XML_DEBITOR .=' '.dol_trunc(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => ""))),70,'right','UTF-8',true).''.$CrLf; - $XML_DEBITOR .=' '.dol_string_unaccent($row_zip.' '.$row_town).''.$CrLf; + $XML_DEBITOR .=' '.dolEscapeXML(dol_string_unaccent($row_zip.' '.$row_town)).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$CrLf; From 0e175ba3737f1120b0ef6d5ce84c483f15ffa594 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Thu, 1 Jun 2017 11:48:14 +0200 Subject: [PATCH 09/39] Fix : SEPA XML address should also have dolEscapeXML --- htdocs/compta/prelevement/class/bonprelevement.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index dd6b773af9fd8..134e125b06745 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -1565,7 +1565,7 @@ function EnregDestinataireSEPA($row_code_client, $row_nom, $row_address, $row_zi $XML_DEBITOR .=' '.strtoupper(dolEscapeXML(dol_string_unaccent($row_nom))).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$row_country_code.''.$CrLf; - $XML_DEBITOR .=' '.dol_trunc(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => ""))),70,'right','UTF-8',true).''.$CrLf; + $XML_DEBITOR .=' '.dol_trunc(dolEscapeXML(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => "")))),70,'right','UTF-8',true).''.$CrLf; $XML_DEBITOR .=' '.dolEscapeXML(dol_string_unaccent($row_zip.' '.$row_town)).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$CrLf; From fb252706f9568074de2ee19d5fe86df8211c6588 Mon Sep 17 00:00:00 2001 From: gauthier Date: Thu, 1 Jun 2017 15:42:19 +0200 Subject: [PATCH 10/39] FIX : situation_progress param default value must be 100 and not 0 --- htdocs/compta/facture/class/facture.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index a1364702d5218..1dd45234b9bd9 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -2482,7 +2482,7 @@ function addline($desc, $pu_ht, $qty, $txtva, $txlocaltax1=0, $txlocaltax2=0, $f * @param string $fk_unit Code of the unit to use. Null to use the default one * @return int < 0 if KO, > 0 if OK */ - function updateline($rowid, $desc, $pu, $qty, $remise_percent, $date_start, $date_end, $txtva, $txlocaltax1=0, $txlocaltax2=0, $price_base_type='HT', $info_bits=0, $type= self::TYPE_STANDARD, $fk_parent_line=0, $skip_update_total=0, $fk_fournprice=null, $pa_ht=0, $label='', $special_code=0, $array_options=0, $situation_percent=0, $fk_unit = null) + function updateline($rowid, $desc, $pu, $qty, $remise_percent, $date_start, $date_end, $txtva, $txlocaltax1=0, $txlocaltax2=0, $price_base_type='HT', $info_bits=0, $type= self::TYPE_STANDARD, $fk_parent_line=0, $skip_update_total=0, $fk_fournprice=null, $pa_ht=0, $label='', $special_code=0, $array_options=0, $situation_percent=100, $fk_unit = null) { global $conf,$user; // Deprecation warning From 6787d717f915be421949ef03b97983088940529a Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Sat, 3 Jun 2017 18:23:19 +0200 Subject: [PATCH 11/39] Update bonprelevement.class.php --- htdocs/compta/prelevement/class/bonprelevement.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 134e125b06745..a63708bfe6a71 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -1565,7 +1565,7 @@ function EnregDestinataireSEPA($row_code_client, $row_nom, $row_address, $row_zi $XML_DEBITOR .=' '.strtoupper(dolEscapeXML(dol_string_unaccent($row_nom))).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$row_country_code.''.$CrLf; - $XML_DEBITOR .=' '.dol_trunc(dolEscapeXML(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => "")))),70,'right','UTF-8',true).''.$CrLf; + $XML_DEBITOR .=' '.dolEscapeXML(dol_trunc(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => "")))),70,'right','UTF-8',true).''.$CrLf; $XML_DEBITOR .=' '.dolEscapeXML(dol_string_unaccent($row_zip.' '.$row_town)).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$CrLf; From cc37a7d84823b6db24ae6a09d53451ec0c841a35 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Jun 2017 13:11:34 +0200 Subject: [PATCH 12/39] Fix parenthesis --- .../prelevement/class/bonprelevement.class.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 9b86bd668971a..0785efe6b1ade 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -252,7 +252,7 @@ function addline(&$line_id, $client_id, $client_nom, $amount, $code_banque, $cod function getErrorString($error) { global $langs; - + $errors = array(); $errors[1027] = $langs->trans("DateInvalid"); @@ -920,7 +920,7 @@ function Create($banque=0, $agence=0, $mode='real') $dir=$conf->prelevement->dir_output.'/receipts'; if (! is_dir($dir)) dol_mkdir($dir); - + $this->filename = $dir.'/'.$ref.'.xml'; // Create withdraw receipt in database @@ -1028,7 +1028,7 @@ function Create($banque=0, $agence=0, $mode='real') $this->emetteur_bic = $account->bic; $this->emetteur_ics = $conf->global->PRELEVEMENT_ICS; // Ex: PRELEVEMENT_ICS = "FR78ZZZ123456"; - + $this->raison_sociale = $account->proprio; } @@ -1572,7 +1572,7 @@ function EnregDestinataireSEPA($row_code_client, $row_nom, $row_address, $row_zi $XML_DEBITOR .=' '.strtoupper(dolEscapeXML(dol_string_unaccent($row_nom))).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$row_country_code.''.$CrLf; - $XML_DEBITOR .=' '.dolEscapeXML(dol_trunc(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => "")))),70,'right','UTF-8',true).''.$CrLf; + $XML_DEBITOR .=' '.dolEscapeXML(dol_trunc(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => ""))),70,'right','UTF-8',true)).''.$CrLf; $XML_DEBITOR .=' '.dolEscapeXML(dol_string_unaccent($row_zip.' '.$row_town)).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$CrLf; @@ -1668,7 +1668,7 @@ function EnregEmetteur() * @return string String with SEPA Sender */ function EnregEmetteurSEPA($configuration, $ladate, $nombre, $total, $CrLf='\n') - { + { // SEPA INITIALISATION global $conf; @@ -1687,12 +1687,12 @@ function EnregEmetteurSEPA($configuration, $ladate, $nombre, $total, $CrLf='\n') $this->emetteur_number_key = $account->cle_rib; $this->emetteur_iban = $account->iban; $this->emetteur_bic = $account->bic; - + $this->emetteur_ics = $conf->global->PRELEVEMENT_ICS; // Ex: PRELEVEMENT_ICS = "FR78ZZZ123456"; - + $this->raison_sociale = $account->proprio; } - + // Récupération info demandeur $sql = "SELECT rowid, ref"; $sql.= " FROM"; From d037515e37938161982583d866c598fc03061c9d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 29 May 2017 09:57:05 +0200 Subject: [PATCH 13/39] FIX SQL injection on user/index.php parameter search_statut. Conflicts: htdocs/user/index.php --- htdocs/core/lib/functions.lib.php | 3 ++ htdocs/user/index.php | 58 +++++++++++++++---------------- 2 files changed, 32 insertions(+), 29 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 3ced09db55203..a212b82c18fcb 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -250,6 +250,9 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL) case 'int': if (! is_numeric($out)) { $out=''; } break; + case 'intcomma': + if (preg_match('/[^0-9,]+/i',$out)) $out=''; + break; case 'alpha': $out=trim($out); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. diff --git a/htdocs/user/index.php b/htdocs/user/index.php index 5d8f02e1c32e6..669152cb145f5 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -100,7 +100,7 @@ // Extra fields if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) { - foreach($extrafields->attribute_label as $key => $val) + foreach($extrafields->attribute_label as $key => $val) { $arrayfields["ef.".$key]=array('label'=>$extrafields->attribute_label[$key], 'checked'=>$extrafields->attribute_list[$key], 'position'=>$extrafields->attribute_pos[$key], 'enabled'=>$extrafields->attribute_perms[$key]); } @@ -116,9 +116,9 @@ $search_employee=GETPOST('search_employee','alpha'); $search_accountancy_code=GETPOST('search_accountancy_code','alpha'); $search_email=GETPOST('search_email','alpha'); -$search_statut=GETPOST('search_statut','alpha'); +$search_statut=GETPOST('search_statut','intcomma'); $search_thirdparty=GETPOST('search_thirdparty','alpha'); -$search_supervisor=GETPOST('search_supervisor','alpha'); +$search_supervisor=GETPOST('search_supervisor','intcomma'); $search_previousconn=GETPOST('search_previousconn','alpha'); $optioncss = GETPOST('optioncss','alpha'); @@ -131,7 +131,7 @@ /* * Actions */ - + $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); @@ -196,8 +196,8 @@ } if ($socid > 0) $sql.= " AND u.fk_soc = ".$socid; //if ($search_user != '') $sql.=natural_search(array('u.login', 'u.lastname', 'u.firstname'), $search_user); -if ($search_supervisor > 0) $sql.= " AND u.fk_user = ".$search_supervisor; -if ($search_thirdparty != '') $sql.=natural_search(array('s.nom'), $search_thirdparty); +if ($search_supervisor > 0) $sql.= " AND u.fk_user = ".$db->escape($search_supervisor); +if ($search_thirdparty != '') $sql.= natural_search(array('s.nom'), $search_thirdparty); if ($search_login != '') $sql.= natural_search("u.login", $search_login); if ($search_lastname != '') $sql.= natural_search("u.lastname", $search_lastname); if ($search_firstname != '') $sql.= natural_search("u.firstname", $search_firstname); @@ -206,9 +206,9 @@ $sql .= ' AND u.employee = '.(int) $search_employee; } if ($search_accountancy_code != '') $sql.= natural_search("u.accountancy_code", $search_accountancy_code); -if ($search_email != '') $sql.= natural_search("u.email", $search_email); -if ($search_statut != '' && $search_statut >= 0) $sql.= " AND (u.statut=".$search_statut.")"; -if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall); +if ($search_email != '') $sql.= natural_search("u.email", $search_email); +if ($search_statut != '' && $search_statut >= 0) $sql.= " AND u.statut IN (".$db->escape($search_statut).")"; +if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall); // Add where from extra fields foreach ($search_array_options as $key => $val) { @@ -217,7 +217,7 @@ $typ=$extrafields->attribute_type[$tmpkey]; $mode=0; if (in_array($typ, array('int','double'))) $mode=1; // Search on a numeric - if ($val && ( ($crit != '' && ! in_array($typ, array('select'))) || ! empty($crit))) + if ($val && ( ($crit != '' && ! in_array($typ, array('select'))) || ! empty($crit))) { $sql .= natural_search('ef.'.$tmpkey, $crit, $mode); } @@ -265,27 +265,27 @@ $crit=$val; $tmpkey=preg_replace('/search_options_/','',$key); if ($val != '') $param.='&search_options_'.$tmpkey.'='.urlencode($val); - } - - + } + + print '
'."\n"; if ($optioncss != '') print ''; print ''; print ''; print ''; print ''; - + if ($sall) { foreach($fieldstosearchall as $key => $val) $fieldstosearchall[$key]=$langs->trans($val); print $langs->trans("FilterOnInto", $sall) . join(', ',$fieldstosearchall); } - + $moreforfilter=''; - + $varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage; $selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields - + print ''; print ''; if (! empty($arrayfields['u.login']['checked'])) print_liste_field_titre($langs->trans("Login"),$_SERVER['PHP_SELF'],"u.login",$param,"","",$sortfield,$sortorder); @@ -303,9 +303,9 @@ // Extra fields if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) { - foreach($extrafields->attribute_label as $key => $val) + foreach($extrafields->attribute_label as $key => $val) { - if (! empty($arrayfields["ef.".$key]['checked'])) + if (! empty($arrayfields["ef.".$key]['checked'])) { $align=$extrafields->getAlignFlag($key); print_liste_field_titre($extralabels[$key],$_SERVER["PHP_SELF"],"ef.".$key,"",$param,($align?'align="'.$align.'"':''),$sortfield,$sortorder); @@ -340,7 +340,7 @@ { print ''; } if (! empty($arrayfields['u.employee']['checked'])) @@ -380,9 +380,9 @@ // Extra fields if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) { - foreach($extrafields->attribute_label as $key => $val) + foreach($extrafields->attribute_label as $key => $val) { - if (! empty($arrayfields["ef.".$key]['checked'])) + if (! empty($arrayfields["ef.".$key]['checked'])) { $align=$extrafields->getAlignFlag($key); $typeofextrafield=$extrafields->attribute_type[$key]; @@ -428,7 +428,7 @@ $searchpitco=$form->showFilterAndCheckAddButtons(0); print $searchpitco; print ''; - + print "\n"; $user2=new User($db); @@ -451,7 +451,7 @@ $userstatic->lastname=$obj->lastname; $userstatic->employee=$obj->employee; $userstatic->photo=$obj->photo; - + $li=$userstatic->getNomUrl(-1,'',0,0,24,1,'login'); print ""; @@ -564,8 +564,8 @@ } } print ''; - } - + } + // Date last login if (! empty($arrayfields['u.datelastlogin']['checked'])) { @@ -576,13 +576,13 @@ { print ''; } - + // Extra fields if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) { - foreach($extrafields->attribute_label as $key => $val) + foreach($extrafields->attribute_label as $key => $val) { - if (! empty($arrayfields["ef.".$key]['checked'])) + if (! empty($arrayfields["ef.".$key]['checked'])) { print 'getAlignFlag($key); From 9c482b9f2a021604e29b7321e2e18eed60d08932 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 10 Jun 2017 21:37:27 +0200 Subject: [PATCH 14/39] FIX CVE-2017-7886 --- htdocs/core/datepicker.php | 2 +- htdocs/core/get_menudiv.php | 2 +- htdocs/core/lib/functions.lib.php | 106 +++++++++++++++--------------- htdocs/core/search_page.php | 8 +-- htdocs/externalsite/frames.php | 2 +- htdocs/install/inc.php | 6 +- htdocs/main.inc.php | 4 +- htdocs/master.inc.php | 2 +- htdocs/support/inc.php | 2 +- htdocs/theme/eldy/style.css.php | 12 ++-- htdocs/theme/md/style.css.php | 52 +++++++-------- 11 files changed, 99 insertions(+), 99 deletions(-) diff --git a/htdocs/core/datepicker.php b/htdocs/core/datepicker.php index 63b765fbadb29..99bf9b15a801c 100644 --- a/htdocs/core/datepicker.php +++ b/htdocs/core/datepicker.php @@ -39,7 +39,7 @@ require_once '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; -if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php +if (GETPOST('lang', 'aZ09')) $langs->setDefaultLang(GETPOST('lang', 'aZ09')); // If language was forced on URL by the main.inc.php $langs->load("main"); $langs->load("agenda"); $right=($langs->trans("DIRECTION")=='rtl'?'left':'right'); diff --git a/htdocs/core/get_menudiv.php b/htdocs/core/get_menudiv.php index 655e10afd6731..f8b3a652e088a 100644 --- a/htdocs/core/get_menudiv.php +++ b/htdocs/core/get_menudiv.php @@ -35,7 +35,7 @@ require_once '../main.inc.php'; -if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php +if (GETPOST('lang', 'aZ09')) $langs->setDefaultLang(GETPOST('lang', 'aZ09')); // If language was forced on URL by the main.inc.php $langs->load("main"); $right=($langs->trans("DIRECTION")=='rtl'?'left':'right'); $left=($langs->trans("DIRECTION")=='rtl'?'right':'left'); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index a212b82c18fcb..c4674fbe5a0af 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -191,7 +191,7 @@ function getBrowserInfo($user_agent) elseif (preg_match('/opera(\/|\s)([\d\.]*)/i', $user_agent, $reg)) { $name='opera'; $version=$reg[2]; } elseif (preg_match('/(MSIE\s([0-9]+\.[0-9]))|.*(Trident\/[0-9]+.[0-9];\srv:([0-9]+\.[0-9]+))/i', $user_agent, $reg)) { $name='ie'; $version=end($reg); } // MS products at end elseif (preg_match('/l(i|y)n(x|ks)(\(|\/|\s)*([\d\.]+)/i', $user_agent, $reg)) { $name='lynxlinks'; $version=$reg[4]; } - + if ($tablet) { $layout = 'tablet'; } elseif ($phone) { @@ -269,7 +269,7 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL) break; case 'aZ09': $out=trim($out); - if (preg_match('/[^a-z0-9]+/i',$out)) $out=''; + if (preg_match('/[^a-z0-9_\-]+/i',$out)) $out=''; break; case 'array': if (! is_array($out) || empty($out)) $out=array(); @@ -290,13 +290,13 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL) * This prefix is unique for instance and avoid conflict between multi-instances, * even when having two instances with one root dir or two instances in virtual servers * - * @param string $mode '' or 'email' + * @param string $mode '' or 'email' * @return string A calculated prefix */ function dol_getprefix($mode='') { global $conf; - + // If MAIL_PREFIX_FOR_EMAIL_ID is set and prefix is for email if ($mode == 'email' && ! empty($conf->global->MAIL_PREFIX_FOR_EMAIL_ID)) { @@ -378,15 +378,15 @@ function dol_buildpath($path, $type=0) if ($type == 1) $res = DOL_URL_ROOT.'/'.$path; // Standard value if ($type == 2) $res = DOL_MAIN_URL_ROOT.'/'.$path; // Standard value if ($type == 3) $res = DOL_URL_ROOT.'/'.$path; - + foreach ($conf->file->dol_document_root as $key => $dirroot) // ex: array(["main"]=>"/home/main/htdocs", ["alt0"]=>"/home/dirmod/htdocs", ...) { - if ($key == 'main') + if ($key == 'main') { if ($type == 3) { global $dolibarr_main_url_root; - + // Define $urlwithroot $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root)); $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file @@ -413,12 +413,12 @@ function dol_buildpath($path, $type=0) if ($type == 3) { global $dolibarr_main_url_root; - + // Define $urlwithroot $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root)); $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current - + $res=(preg_match('/^http/i',$conf->file->dol_url_root[$key])?'':$urlwithroot).$conf->file->dol_url_root[$key].'/'.$path; // Test on start with http is for old conf syntax } break; @@ -957,7 +957,7 @@ function dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='r $maxvisiblephotos=(isset($conf->global->PRODUCT_MAX_VISIBLE_PHOTO)?$conf->global->PRODUCT_MAX_VISIBLE_PHOTO:5); if ($conf->browser->phone) $maxvisiblephotos=1; if ($showimage) $morehtmlleft.='
'.$object->show_photos($conf->product->multidir_output[$object->entity],'small',$maxvisiblephotos,0,0,0,$width,0).'
'; - else + else { if (!empty($conf->global->PRODUCT_NODISPLAYIFNOPHOTO)) { $nophoto=''; @@ -967,17 +967,17 @@ function dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='r $nophoto='/public/theme/common/nophoto.png'; $morehtmlleft.='
No photo
'; } - + } } - else + else { if ($showimage) $morehtmlleft.='
'.$form->showphoto($modulepart,$object,0,0,0,'photoref','small',1,0,$maxvisiblephotos).'
'; } if ($showbarcode) $morehtmlleft.='
'.$form->showbarcode($object).'
'; if ($object->element == 'societe' && ! empty($conf->use_javascript_ajax) && $user->rights->societe->creer && ! empty($conf->global->MAIN_DIRECT_STATUS_UPDATE)) { $morehtmlright.=ajax_object_onoff($object, 'status', 'status', 'InActivity', 'ActivityCeased'); - } + } elseif ($object->element == 'product') { //$morehtmlright.=$langs->trans("Status").' ('.$langs->trans("Sell").') '; @@ -999,7 +999,7 @@ function dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='r } if (! empty($object->name_alias)) $morehtmlref.='
'.$object->name_alias.'
'; // For thirdparty if (! empty($object->label)) $morehtmlref.='
'.$object->label.'
'; // For product - if ($object->element != 'product') + if ($object->element != 'product') { $morehtmlref.='
'; $morehtmlref.=$object->getBannerAddress('refaddress',$object); @@ -1184,9 +1184,9 @@ function dol_print_date($time,$format='',$tzoutput='tzserver',$outputlangs='',$e $reduceformat=(! empty($conf->dol_optimize_smallscreen) && in_array($format,array('day','dayhour')))?1:0; $formatwithoutreduce = preg_replace('/reduceformat/','',$format); if ($formatwithoutreduce != $format) { $format = $formatwithoutreduce; $reduceformat=1; } // so format 'dayreduceformat' is processed like day - + // Change predefined format into computer format. If found translation in lang file we use it, otherwise we use default. - // TODO Add format daysmallyear and dayhoursmallyear + // TODO Add format daysmallyear and dayhoursmallyear if ($format == 'day') $format=($outputlangs->trans("FormatDateShort")!="FormatDateShort"?$outputlangs->trans("FormatDateShort"):$conf->format_date_short); else if ($format == 'hour') $format=($outputlangs->trans("FormatHourShort")!="FormatHourShort"?$outputlangs->trans("FormatHourShort"):$conf->format_hour_short); else if ($format == 'hourduration') $format=($outputlangs->trans("FormatHourShortDuration")!="FormatHourShortDuration"?$outputlangs->trans("FormatHourShortDuration"):$conf->format_hour_short_duration); @@ -1957,7 +1957,7 @@ function dol_print_graph($htmlid,$width,$height,$data,$showlegend=0,$type='pie', print '
'.$langs->trans("NotEnoughDataYet").'
'; return; } - + if (empty($conf->use_javascript_ajax)) return; $jsgraphlib='flot'; $datacolor=array(); @@ -2126,7 +2126,7 @@ function dol_trunc($string,$size=40,$trunc='right',$stringencoding='UTF-8',$nodo global $conf; if ($size==0 || ! empty($conf->global->MAIN_DISABLE_TRUNC)) return $string; - + if (empty($stringencoding)) $stringencoding='UTF-8'; // reduce for small screen if ($conf->dol_optimize_smallscreen==1 && $display==1) $size = round($size/3); @@ -3076,7 +3076,7 @@ function load_fiche_titre($titre, $mesg='', $picto='title_generic.png', $pictois * @param string $options parametres complementaires lien ('' par defaut) * @param string $sortfield champ de tri ('' par defaut) * @param string $sortorder ordre de tri ('' par defaut) - * @param string $center chaine du centre ('' par defaut). We often find here string $massaction comming from $form->selectMassAction() + * @param string $center chaine du centre ('' par defaut). We often find here string $massaction comming from $form->selectMassAction() * @param int $num number of records found by select with limit+1 * @param int $totalnboflines Total number of records/lines for all pages (if known). Use a negative value to no show number. * @param string $picto Icon to use before title (should be a 32x32 transparent png file) @@ -3090,11 +3090,11 @@ function load_fiche_titre($titre, $mesg='', $picto='title_generic.png', $pictois function print_barre_liste($titre, $page, $file, $options='', $sortfield='', $sortorder='', $center='', $num=-1, $totalnboflines=0, $picto='title_generic.png', $pictoisfullpath=0, $morehtml='', $morecss='', $limit=-1, $hideselectlimit=0) { global $conf,$langs; - + $savlimit = $limit; $savtotalnboflines = $totalnboflines; $totalnboflines=abs($totalnboflines); - + if ($picto == 'setup') $picto='title_setup.png'; if (($conf->browser->name == 'ie') && $picto=='title_generic.png') $picto='title.gif'; if ($limit < 0) $limit = $conf->liste_limit; @@ -3107,7 +3107,7 @@ function print_barre_liste($titre, $page, $file, $options='', $sortfield='', $so $nextpage = 0; } //print 'totalnboflines='.$totalnboflines.'-savlimit='.$savlimit.'-limit='.$limit.'-num='.$num.'-nextpage='.$nextpage; - + print "\n"; print "\n"; print '
'; $arraygender=array('man'=>$langs->trans("Genderman"),'woman'=>$langs->trans("Genderwoman")); - print $form->selectarray('search_gender', $arraygender, $search_gender, 1); + print $form->selectarray('search_gender', $arraygender, $search_gender, 1); print '
'.dol_print_date($db->jdate($obj->datepreviouslogin),"dayhour").'
'; @@ -3206,7 +3206,7 @@ function print_fleche_navigation($page, $file, $options='', $nextpage=0, $betwee //$pagesizechoices.=',0:'.$langs->trans("All"); // Not yet supported //$pagesizechoices.=',2:2'; if (! empty($conf->global->MAIN_PAGESIZE_CHOICES)) $pagesizechoices=$conf->global->MAIN_PAGESIZE_CHOICES; - + print ''; print ''; From f694939fc74e81d823be4c56b51d66f64d793abb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 19 Jun 2017 19:39:37 +0200 Subject: [PATCH 20/39] Fix migration with pgsql --- htdocs/install/mysql/migration/3.5.0-3.6.0.sql | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/htdocs/install/mysql/migration/3.5.0-3.6.0.sql b/htdocs/install/mysql/migration/3.5.0-3.6.0.sql index bd04766eebfec..3d83d2a7af95a 100644 --- a/htdocs/install/mysql/migration/3.5.0-3.6.0.sql +++ b/htdocs/install/mysql/migration/3.5.0-3.6.0.sql @@ -63,7 +63,7 @@ ALTER TABLE llx_bookmark ADD COLUMN entity integer DEFAULT 1 NOT NULL; ALTER TABLE llx_bookmark MODIFY COLUMN url varchar(255) NOT NULL; -ALTER TABLE llx_opensurvey_sondage MODIFY COLUMN tms timestamp DEFAULT '2001-01-01 00:00:00'; +-- VMYSQL4.1 ALTER TABLE llx_opensurvey_sondage MODIFY COLUMN tms timestamp DEFAULT '2001-01-01 00:00:00'; -- Clean corrupted values for tms -- VMYSQL4.1 SET sql_mode = 'ALLOW_INVALID_DATES'; @@ -74,7 +74,7 @@ ALTER TABLE llx_opensurvey_sondage MODIFY COLUMN tms timestamp DEFAULT '2001-01- -- VMYSQL4.3 ALTER TABLE llx_opensurvey_sondage MODIFY COLUMN date_fin DATETIME NULL DEFAULT NULL; -- VPGSQL8.2 ALTER TABLE llx_opensurvey_sondage ALTER COLUMN date_fin DROP NOT NULL; -ALTER TABLE llx_opensurvey_sondage MODIFY COLUMN tms timestamp DEFAULT CURRENT_TIMESTAMP; +-- VMYSQL4.1 ALTER TABLE llx_opensurvey_sondage MODIFY COLUMN tms timestamp DEFAULT CURRENT_TIMESTAMP; ALTER TABLE llx_opensurvey_sondage ADD COLUMN entity integer DEFAULT 1 NOT NULL; @@ -204,9 +204,14 @@ CREATE TABLE llx_payment_salary ( fk_user_modif integer )ENGINE=innodb; + +DELETE FROM llx_product_batch where fk_product_stock NOT IN (SELECT rowid from llx_product_stock); + ALTER TABLE llx_product_batch ADD INDEX idx_fk_product_stock (fk_product_stock); ALTER TABLE llx_product_batch ADD CONSTRAINT fk_product_batch_fk_product_stock FOREIGN KEY (fk_product_stock) REFERENCES llx_product_stock (rowid); +DELETE FROM llx_expeditiondet_batch where fk_expeditiondet NOT IN (SELECT rowid from llx_expeditiondet); + ALTER TABLE llx_expeditiondet_batch ADD INDEX idx_fk_expeditiondet (fk_expeditiondet); ALTER TABLE llx_expeditiondet_batch ADD CONSTRAINT fk_expeditiondet_batch_fk_expeditiondet FOREIGN KEY (fk_expeditiondet) REFERENCES llx_expeditiondet(rowid); From 480587c8263398aad02a1961892a2ce2ab122d45 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 25 Jun 2017 02:28:07 +0200 Subject: [PATCH 21/39] Fix travis errors --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 8655b27d4ed0f..4c18c5caa3b97 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,7 +10,7 @@ php: - '5.3' - '5.4' - '5.5' -- '5.6' +- '5.6.29' - '7.0' - nightly From 99c78675222640e1890c678ba0fbc13fc64ee4ad Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 27 Jun 2017 12:06:01 +0200 Subject: [PATCH 22/39] Fix travis --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index bb6b774d9ab40..60343805fcfb8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,7 +10,7 @@ php: - '5.3' - '5.4' - '5.5' -- '5.6' +- '5.6.29' - '7.0' - nightly From 65b9b70ff8ad62147bf5186ac07a9e3ac3a67ee2 Mon Sep 17 00:00:00 2001 From: arnaud Date: Tue, 27 Jun 2017 15:23:51 +0200 Subject: [PATCH 23/39] FIX invoice page list --- htdocs/compta/facture/list.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 14a5c484e8cbf..e37f5b316fcb4 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -551,7 +551,7 @@ $nbtotalofrecords = $db->num_rows($result); } -$sql.= $db->plimit($limit,$offset); +$sql.= $db->plimit($limit + 1,$offset); //print $sql; $resql = $db->query($sql); @@ -591,7 +591,6 @@ $i = 0; print ''."\n"; - print_barre_liste($langs->trans('BillsCustomers').' '.($socid?' '.$soc->name:''),$page,$_SERVER["PHP_SELF"],$param,$sortfield,$sortorder,$massactionbutton,$num,$nbtotalofrecords,'title_accountancy.png'); if ($massaction == 'presend') From 4283b1ee30b294b975c34236897a0944a6901371 Mon Sep 17 00:00:00 2001 From: fmarcet Date: Wed, 28 Jun 2017 18:31:37 +0200 Subject: [PATCH 24/39] FIX: User id correction on holiday request --- htdocs/holiday/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index 5789cf271808e..44ec0496f7bb7 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -792,7 +792,7 @@ function valider() if (empty($user->rights->holiday->write_all)) { print $form->select_dolusers($fuserid, 'useridbis', 0, '', 1, '', '', 0, 0, 0, '', 0, '', 'maxwidth300'); - print ''; + print ''; } else print $form->select_dolusers(GETPOST('fuserid')?GETPOST('fuserid'):$user->id,'fuserid',0,'',0); print ''; From ca6ce2ba8b0aa8fcb4568ce74646b13cc3d30393 Mon Sep 17 00:00:00 2001 From: arnaud Date: Fri, 30 Jun 2017 10:38:54 +0200 Subject: [PATCH 25/39] FIX status were wrong on product referent list --- htdocs/compta/facture/list.php | 8 ++++---- htdocs/product/stats/facture.php | 13 +++++++------ 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 1d0a5ad7e9f2e..4ce8e0ed724cc 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -1431,10 +1431,10 @@ // Status if (! empty($arrayfields['f.fk_statut']['checked'])) { - print '"; - if (! $i) $totalarray['nbfield']++; + print '"; + if (! $i) $totalarray['nbfield']++; } // Action column diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index e9eb3d41859c0..e8fd04ac81822 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -141,7 +141,7 @@ elseif ($user->rights->facture->lire) { $sql = "SELECT DISTINCT s.nom as name, s.rowid as socid, s.code_client,"; - $sql.= " f.facnumber, f.datef, f.paye, f.fk_statut as statut, f.rowid as facid,"; + $sql.= " f.facnumber, f.datef, f.paye, f.type, f.fk_statut as statut, f.rowid as facid,"; $sql.= " d.rowid, d.total_ht as total_ht, d.qty"; // We must keep the d.rowid here to not loose record because of the distinct used to ignore duplicate line when link on societe_commerciaux is used if (!$user->rights->societe->client->voir && !$socid) $sql.= ", sc.fk_soc, sc.fk_user "; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; @@ -232,23 +232,24 @@ $var=True; while ($i < min($num,$conf->liste_limit)) { - $objp = $db->fetch_object($result); + $objp = $db->fetch_object($result); + $invoicestatic->id=$objp->facid; + $invoicestatic->ref=$objp->facnumber; + $societestatic->fetch($objp->socid); + $paiement = $invoicestatic->getSommePaiement(); $var=!$var; print ''; print '\n"; - $societestatic->fetch($objp->socid); print ''; print "\n"; print '"; print '\n"; print '\n"; - print ''; + print ''; print "\n"; $i++; From 1a71e9b4a0377f2c42ebdccd65aa73c5bd73a6cb Mon Sep 17 00:00:00 2001 From: arnaud Date: Wed, 5 Jul 2017 16:57:03 +0200 Subject: [PATCH 26/39] FIX add supplierproposaldet without price (new product) --- htdocs/supplier_proposal/card.php | 5 +++-- htdocs/supplier_proposal/class/supplier_proposal.class.php | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 9ed3846118012..e2bfb50202867 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -526,7 +526,8 @@ $error = 0; // Set if we used free entry or predefined product - $predef=''; + $predef=''; + $ref_fourn = GETPOST('fourn_ref'); $product_desc=(GETPOST('dp_desc')?GETPOST('dp_desc'):''); $date_start=dol_mktime(GETPOST('date_start'.$predef.'hour'), GETPOST('date_start'.$predef.'min'), GETPOST('date_start' . $predef . 'sec'), GETPOST('date_start'.$predef.'month'), GETPOST('date_start'.$predef.'day'), GETPOST('date_start'.$predef.'year')); $date_end=dol_mktime(GETPOST('date_end'.$predef.'hour'), GETPOST('date_end'.$predef.'min'), GETPOST('date_end' . $predef . 'sec'), GETPOST('date_end'.$predef.'month'), GETPOST('date_end'.$predef.'day'), GETPOST('date_end'.$predef.'year')); @@ -614,7 +615,7 @@ $price_base_type = $productsupplier->fourn_price_base_type; $type = $productsupplier->type; $label = $productsupplier->label; - $desc = $productsupplier->description; + $desc = $productsupplier->description; if (trim($product_desc) != trim($desc)) $desc = dol_concatdesc($desc, $product_desc); $tva_tx = get_default_tva($object->thirdparty, $mysoc, $productsupplier->id, GETPOST('idprodfournprice')); diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 8cbc3882fc451..6f973f4ce0888 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -2738,6 +2738,7 @@ function insert($notrigger=0) if (empty($this->special_code)) $this->special_code=0; if (empty($this->fk_parent_line)) $this->fk_parent_line=0; if (empty($this->fk_fournprice)) $this->fk_fournprice=0; + if (empty($this->subprice)) $this->subprice=0; if (empty($this->pa_ht)) $this->pa_ht=0; @@ -2920,6 +2921,7 @@ function update($notrigger=0) if (empty($this->special_code)) $this->special_code=0; if (empty($this->fk_parent_line)) $this->fk_parent_line=0; if (empty($this->fk_fournprice)) $this->fk_fournprice=0; + if (empty($this->subprice)) $this->subprice=0; if (empty($this->pa_ht)) $this->pa_ht=0; From 3d18c71201bc22c5ff5377418812e66caf774362 Mon Sep 17 00:00:00 2001 From: alexis Algoud Date: Wed, 5 Jul 2017 17:21:37 +0200 Subject: [PATCH 27/39] FIX invoice situation VAT total rounding into PDF crabe --- .../modules/facture/doc/pdf_crabe.modules.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index 52971f767708e..57c8d55c9834e 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -1120,7 +1120,26 @@ function _tableau_tot(&$pdf, $object, $deja_regle, $posy, $outputlangs) } //} + // VAT + // Situations totals migth be wrong on huge amounts + if ($object->situation_cycle_ref && $object->situation_counter > 1) { + + $sum_pdf_tva = 0; + foreach($this->tva as $tvakey => $tvaval){ + $sum_pdf_tva+=$tvaval; // sum VAT amounts to compare to object + } + + if($sum_pdf_tva!=$object->total_tva) { // apply coef to recover the VAT object amount (the good one) + $coef_fix_tva = $object->total_tva / $sum_pdf_tva; + + foreach($this->tva as $tvakey => $tvaval) { + $this->tva[$tvakey]=$tvaval * $coef_fix_tva; + } + } + + } + foreach($this->tva as $tvakey => $tvaval) { if ($tvakey != 0) // On affiche pas taux 0 From f166c96ed5a5065c1fffedaefadee8b5eb972c8f Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Sun, 9 Jul 2017 13:09:17 +0200 Subject: [PATCH 28/39] Fix : script to migrate photo path --- scripts/product/migrate_picture_path.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/product/migrate_picture_path.php b/scripts/product/migrate_picture_path.php index f8624ebc0408a..98a5c4d51bc25 100755 --- a/scripts/product/migrate_picture_path.php +++ b/scripts/product/migrate_picture_path.php @@ -104,7 +104,7 @@ function migrate_product_photospath($product) global $conf; $dir = $conf->product->multidir_output[$product->entity]; - $origin = $dir .'/'. get_exdir($product->id,2) . $product->id ."/photos"; + $origin = $dir .'/'. get_exdir($product->id,2,0,0,$product,'product') . $product->id ."/photos"; $destin = $dir.'/'.dol_sanitizeFileName($product->ref); $error = 0; From f1c23f25f0c15a7f8ebc985393cb4a491d123762 Mon Sep 17 00:00:00 2001 From: phf Date: Thu, 13 Jul 2017 16:49:58 +0200 Subject: [PATCH 29/39] Fix updateline extrafields contrat fail --- htdocs/contrat/class/contrat.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index e4bee39c39ec5..65ea14219d1f8 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -1601,8 +1601,8 @@ function updateline($rowid, $desc, $pu, $qty, $remise_percent, $date_start, $dat if (empty($conf->global->MAIN_EXTRAFIELDS_DISABLED) && is_array($array_options) && count($array_options)>0) // For avoid conflicts if trigger used { $contractline = new ContratLigne($this->db); - $contractline->array_options=$array_option; - $contractline->id= $this->db->last_insert_id(MAIN_DB_PREFIX.$contractline->table_element); + $contractline->array_options=$array_options; + $contractline->id= $rowid; $result=$contractline->insertExtraFields(); if ($result < 0) { From ccbeb162cfed29abc9198a4cbfe8358b14c9b6d5 Mon Sep 17 00:00:00 2001 From: gauthier Date: Mon, 17 Jul 2017 11:27:57 +0200 Subject: [PATCH 30/39] FIX : Buying prices must always be in positive valueo --- htdocs/compta/facture.php | 2 +- htdocs/install/mysql/migration/3.8.0-3.9.0.sql | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index 34ed1383e1437..a5e4334228dc7 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -771,7 +771,7 @@ $line->fk_parent_line = $fk_parent_line; $line->subprice =-$line->subprice; // invert price for object - $line->pa_ht = -$line->pa_ht; + $line->pa_ht = $line->pa_ht; $line->total_ht=-$line->total_ht; $line->total_tva=-$line->total_tva; $line->total_ttc=-$line->total_ttc; diff --git a/htdocs/install/mysql/migration/3.8.0-3.9.0.sql b/htdocs/install/mysql/migration/3.8.0-3.9.0.sql index 86d2549a8bc40..88ba07cc24bae 100755 --- a/htdocs/install/mysql/migration/3.8.0-3.9.0.sql +++ b/htdocs/install/mysql/migration/3.8.0-3.9.0.sql @@ -611,3 +611,7 @@ INSERT INTO llx_c_tva(rowid,fk_pays,taux,recuperableonly,note,active) VALUES (14 -- VMYSQL4.1 ALTER TABLE llx_c_type_resource CHANGE COLUMN rowid rowid integer NOT NULL AUTO_INCREMENT; ALTER TABLE llx_import_model MODIFY COLUMN type varchar(50); + +-- Negative buying prices + +UPDATE llx_facturedet SET buy_price_ht = ABS(buy_price_ht) From 76eac7ce6a387d9fcfdf5be017169e3e69cecd56 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Tue, 18 Jul 2017 10:13:10 +0200 Subject: [PATCH 31/39] Fix : creating user from member was failing due to column size difference --- htdocs/install/mysql/migration/3.9.0-4.0.0.sql | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/3.9.0-4.0.0.sql b/htdocs/install/mysql/migration/3.9.0-4.0.0.sql index f1c94f346cf40..e09d364a0e234 100644 --- a/htdocs/install/mysql/migration/3.9.0-4.0.0.sql +++ b/htdocs/install/mysql/migration/3.9.0-4.0.0.sql @@ -544,4 +544,6 @@ INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (178, -- VMYSQL4.1 ALTER TABLE llx_establishment CHANGE COLUMN fk_user_mod fk_user_mod integer NULL; -- VPGSQL8.2 ALTER TABLE llx_establishment ALTER COLUMN fk_user_mod DROP NOT NULL; -ALTER TABLE llx_multicurrency_rate ADD COLUMN entity integer DEFAULT 1; \ No newline at end of file +ALTER TABLE llx_multicurrency_rate ADD COLUMN entity integer DEFAULT 1; + +ALTER TABLE llx_user MODIFY COLUMN login varchar(50); \ No newline at end of file From d35dbdea923ce3115631d289784a03e53d030353 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Tue, 18 Jul 2017 10:16:59 +0200 Subject: [PATCH 32/39] Change column size in sql table creation also --- htdocs/install/mysql/tables/llx_user.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/tables/llx_user.sql b/htdocs/install/mysql/tables/llx_user.sql index 6b3c5b83f6dbc..84d74fa52d938 100644 --- a/htdocs/install/mysql/tables/llx_user.sql +++ b/htdocs/install/mysql/tables/llx_user.sql @@ -33,7 +33,7 @@ create table llx_user tms timestamp, fk_user_creat integer, fk_user_modif integer, - login varchar(24) NOT NULL, + login varchar(50) NOT NULL, pass varchar(128), pass_crypted varchar(128), pass_temp varchar(128), -- temporary password when asked for forget password From 2e63393bf237d142066a9e92cae150a555a291e4 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 21 Jul 2017 19:35:08 +0200 Subject: [PATCH 33/39] Fix: wrong values if array used to force entity 0 --- htdocs/core/modules/DolibarrModules.class.php | 142 +++++++++--------- 1 file changed, 71 insertions(+), 71 deletions(-) diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index d682aa2db97b2..f98357bb69841 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -48,22 +48,22 @@ class DolibarrModules // Can not be abstract, because we need to insta * @var string Publisher name */ public $editor_name; - + /** * @var string URL of module at publisher site */ - public $editor_web; - + public $editor_web; + /** * @var string Family */ public $family; - + /** * @var int module_position */ public $module_position=500; - + /** * @var string Module name */ @@ -171,7 +171,7 @@ class DolibarrModules // Can not be abstract, because we need to insta * @var string Module description (long text) */ public $descriptionlong; - + /** * @var string[] Module language files */ @@ -211,7 +211,7 @@ class DolibarrModules // Can not be abstract, because we need to insta * @var bool Module is enabled globally (Multicompany support) */ public $core_enabled; - + /** * @var string Relative path to module style sheet * @deprecated @@ -219,8 +219,8 @@ class DolibarrModules // Can not be abstract, because we need to insta */ public $style_sheet = ''; - - + + /** * Constructor. Define names, constants, directories, boxes, permissions * @@ -468,9 +468,9 @@ function getDescLong() { global $langs; $langs->load("admin"); - + if (empty($this->descriptionlong)) return ''; - + // If module description translation does not exist using its unique id, we can use its name to find translation if (is_array($this->langfiles)) { @@ -481,7 +481,7 @@ function getDescLong() } return $langs->trans($this->descriptionlong); } - + /** * Gives the publisher name * @@ -491,7 +491,7 @@ function getPublisher() { return $this->editor_name; } - + /** * Gives the publisher url * @@ -501,7 +501,7 @@ function getPublisherUrl() { return $this->editor_url; } - + /** * Gives module version (translated if param $translated is on) * For 'experimental' modules, gives 'experimental' translation @@ -705,7 +705,7 @@ function _load_tables($reldir) $files[] = $file; } sort($files); - foreach ($files as $file) + foreach ($files as $file) { if (preg_match('/\.sql$/i',$file) && ! preg_match('/\.key\.sql$/i',$file) && substr($file,0,4) == 'llx_' && substr($file,0,4) != 'data') { @@ -723,7 +723,7 @@ function _load_tables($reldir) $files[] = $file; } sort($files); - foreach ($files as $file) + foreach ($files as $file) { if (preg_match('/\.key\.sql$/i',$file) && substr($file,0,4) == 'llx_' && substr($file,0,4) != 'data') { @@ -741,7 +741,7 @@ function _load_tables($reldir) $files[] = $file; } sort($files); - foreach ($files as $file) + foreach ($files as $file) { if (preg_match('/\.sql$/i',$file) && ! preg_match('/\.key\.sql$/i',$file) && substr($file,0,4) == 'data') { @@ -759,7 +759,7 @@ function _load_tables($reldir) $files[] = $file; } sort($files); - foreach ($files as $file) + foreach ($files as $file) { if (preg_match('/\.sql$/i',$file) && ! preg_match('/\.key\.sql$/i',$file) && substr($file,0,6) == 'update') { @@ -899,19 +899,19 @@ function delete_boxes() //$titre = $this->boxes[$key][0]; $file = $this->boxes[$key]['file']; //$note = $this->boxes[$key][2]; - + // TODO If the box is also included by another module and the other module is still on, we should not remove it. // For the moment, we manage this with hard coded exception //print "Remove box ".$file.'
'; if ($file == 'box_graph_product_distribution.php') { - if (! empty($conf->produit->enabled) || ! empty($conf->service->enabled)) + if (! empty($conf->produit->enabled) || ! empty($conf->service->enabled)) { dol_syslog("We discard disabling of module ".$file." because another module still active require it."); continue; } } - + if (empty($file)) $file = isset($this->boxes[$key][1])?$this->boxes[$key][1]:''; // For backward compatibility if ($this->db->type == 'sqlite3') { @@ -986,7 +986,7 @@ function insert_cronjobs() $status = isset($this->cronjobs[$key]['status'])?$this->cronjobs[$key]['status']:''; $priority = isset($this->cronjobs[$key]['priority'])?$this->cronjobs[$key]['priority']:''; $test = isset($this->cronjobs[$key]['test'])?$this->cronjobs[$key]['test']:''; // Line must be visible - + // Search if boxes def already present $sql = "SELECT count(*) as nb FROM ".MAIN_DB_PREFIX."cronjob"; $sql.= " WHERE module_name = '".$this->db->escape($this->rights_class)."'"; @@ -1124,55 +1124,55 @@ function delete_tabs() * * @return int Error count (0 if ok) */ - function insert_tabs() - { - global $conf; - - $err=0; - - if (! empty($this->tabs)) - { - $i=0; - foreach ($this->tabs as $key => $value) - { - if (is_array($value) && count($value) == 0) continue; // Discard empty arrays - - $entity=$conf->entity; - $newvalue = $value; - - if (is_array($value)) - { - $newvalue = $value['data']; - if (isset($value['entity'])) $entity = $value['entity']; - } - - if ($newvalue) - { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."const ("; - $sql.= "name"; - $sql.= ", type"; - $sql.= ", value"; - $sql.= ", note"; - $sql.= ", visible"; - $sql.= ", entity"; - $sql.= ")"; - $sql.= " VALUES ("; - $sql.= $this->db->encrypt($this->const_name."_TABS_".$i,1); - $sql.= ", 'chaine'"; - $sql.= ", ".$this->db->encrypt($value,1); - $sql.= ", null"; - $sql.= ", '0'"; - $sql.= ", ".$conf->entity; - $sql.= ")"; - - dol_syslog(get_class($this)."::insert_tabs", LOG_DEBUG); - $this->db->query($sql); - } - $i++; - } - } - return $err; - } + function insert_tabs() + { + global $conf; + + $err=0; + + if (! empty($this->tabs)) + { + $i=0; + foreach ($this->tabs as $key => $value) + { + if (is_array($value) && count($value) == 0) continue; // Discard empty arrays + + $entity=$conf->entity; + $newvalue = $value; + + if (is_array($value)) + { + $newvalue = $value['data']; + if (isset($value['entity'])) $entity = $value['entity']; + } + + if ($newvalue) + { + $sql = "INSERT INTO ".MAIN_DB_PREFIX."const ("; + $sql.= "name"; + $sql.= ", type"; + $sql.= ", value"; + $sql.= ", note"; + $sql.= ", visible"; + $sql.= ", entity"; + $sql.= ")"; + $sql.= " VALUES ("; + $sql.= $this->db->encrypt($this->const_name."_TABS_".$i,1); + $sql.= ", 'chaine'"; + $sql.= ", ".$this->db->encrypt($newvalue,1); + $sql.= ", null"; + $sql.= ", '0'"; + $sql.= ", ".$entity; + $sql.= ")"; + + dol_syslog(get_class($this)."::insert_tabs", LOG_DEBUG); + $this->db->query($sql); + } + $i++; + } + } + return $err; + } /** * Adds constants From c9c375f3b8777e5c9ce2932eaaf627901fe95516 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sun, 23 Jul 2017 10:29:45 +0200 Subject: [PATCH 34/39] Fix: run_jobs return always an error !! --- htdocs/cron/class/cronjob.class.php | 102 ++++++++++++++-------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index bd1d74e35b854..5f7f8e5ead0c8 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -108,7 +108,7 @@ function create($user, $notrigger=0) if (isset($this->nbrun)) $this->nbrun=trim($this->nbrun); if (isset($this->libname)) $this->libname = trim($this->libname); if (isset($this->test)) $this->test = trim($this->test); - + // Check parameters // Put here code to add a control on parameters values if (dol_strlen($this->datestart)==0) { @@ -363,9 +363,9 @@ function fetch($id) function fetch_all($sortorder='DESC', $sortfield='t.rowid', $limit=0, $offset=0, $status=1, $filter='') { global $langs; - + $this->lines=array(); - + $sql = "SELECT"; $sql.= " t.rowid,"; $sql.= " t.entity,"; @@ -403,7 +403,7 @@ function fetch_all($sortorder='DESC', $sortfield='t.rowid', $limit=0, $offset=0, if ($status == 2) $sql.= " AND t.status = 2"; //Manage filter if (is_array($filter) && count($filter)>0) { - foreach($filter as $key => $value) + foreach($filter as $key => $value) { if ($key == 't.rowid') $sql.= ' AND '.$key.' = '.$this->db->escape($value); else $sql.= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; @@ -526,7 +526,7 @@ function update($user=null, $notrigger=0) if (empty($this->maxrun)) $this->maxrun=0; if (isset($this->libname)) $this->libname = trim($this->libname); if (isset($this->test)) $this->test = trim($this->test); - + // Check parameters // Put here code to add a control on parameters values if (dol_strlen($this->datestart)==0) { @@ -837,8 +837,8 @@ function info() /** * Run a job. - * Once job is finished, status and nb of run is updated. - * This function does not plan the next run. This is done by function ->reprogram_jobs + * Once job is finished, status and nb of run is updated. + * This function does not plan the next run. This is done by function ->reprogram_jobs * * @param string $userlogin User login * @return int <0 if KO, >0 if OK @@ -853,7 +853,7 @@ function run_jobs($userlogin) $langs->load('cron'); - if (empty($userlogin)) + if (empty($userlogin)) { $this->error="User login is mandatory"; dol_syslog(get_class($this)."::run_jobs ".$this->error, LOG_ERR); @@ -914,16 +914,16 @@ function run_jobs($userlogin) // load classes if (! $error) { - $ret=dol_include_once($this->classesname); - if ($ret===false || (! class_exists($this->objectname))) - { - $this->error=$langs->trans('CronCannotLoadClass',$this->classesname,$this->objectname); - dol_syslog(get_class($this)."::run_jobs ".$this->error, LOG_ERR); - $this->lastoutput = $this->error; - $this->lastresult = -1; - $retval = $this->lastresult; - $error++; - } + $ret=dol_include_once($this->classesname); + if ($ret===false || (! class_exists($this->objectname))) + { + $this->error=$langs->trans('CronCannotLoadClass',$this->classesname,$this->objectname); + dol_syslog(get_class($this)."::run_jobs ".$this->error, LOG_ERR); + $this->lastoutput = $this->error; + $this->lastresult = -1; + $retval = $this->lastresult; + $error++; + } } // test if method exists @@ -939,7 +939,7 @@ function run_jobs($userlogin) $error++; } } - + // Load langs if (! $error) { @@ -954,14 +954,14 @@ function run_jobs($userlogin) $error++; } } - + if (! $error) { dol_syslog(get_class($this)."::run_jobs START ".$this->objectname."->".$this->methodename."(".$this->params.");", LOG_DEBUG); - + // Create Object for the call module $object = new $this->objectname($this->db); - + $params_arr = explode(", ",$this->params); if (!is_array($params_arr)) { @@ -971,8 +971,8 @@ function run_jobs($userlogin) { $result = call_user_func_array(array($object, $this->methodename), $params_arr); } - - if ($result===false || $result != 0) + + if ($result===false || $result < 0) { $langs->load("errors"); dol_syslog(get_class($this)."::run_jobs END result=".$result." error=".$object->error, LOG_ERR); @@ -989,7 +989,7 @@ function run_jobs($userlogin) $this->lastresult=var_export($result,true); $retval = $this->lastresult; } - } + } } if($this->jobtype == 'function') @@ -1021,7 +1021,7 @@ function run_jobs($userlogin) $result = call_user_func_array($this->methodename, $params_arr); } - if ($result === false || $result != 0) + if ($result === false || $result < 0) { $langs->load("errors"); dol_syslog(get_class($this)."::run_jobs result=".$result, LOG_ERR); @@ -1062,7 +1062,7 @@ function run_jobs($userlogin) $this->lastoutput = ''; // Will be filled later $this->lastresult = $retval; $retval = $this->lastresult; - $error++; + $error++; } } if ($execmethod == 2) @@ -1086,21 +1086,21 @@ function run_jobs($userlogin) } // Update with result - if (is_array($output_arr) && count($output_arr)>0) - { - foreach($output_arr as $val) - { - $this->lastoutput.=$val."\n"; - } - } - - $this->lastresult=$retval; - - dol_syslog(get_class($this)."::run_jobs output_arr:".var_export($output_arr,true)." lastoutput=".$this->lastoutput." lastresult=".$this->lastresult, LOG_DEBUG); + if (is_array($output_arr) && count($output_arr)>0) + { + foreach($output_arr as $val) + { + $this->lastoutput.=$val."\n"; + } + } + + $this->lastresult=$retval; + + dol_syslog(get_class($this)."::run_jobs output_arr:".var_export($output_arr,true)." lastoutput=".$this->lastoutput." lastresult=".$this->lastresult, LOG_DEBUG); } - + dol_syslog(get_class($this)."::run_jobs now we update job to track it is finished (with success or error)"); - + $this->datelastresult=dol_now(); $result = $this->update($user); // This include begin/commit if ($result < 0) @@ -1125,19 +1125,19 @@ function run_jobs($userlogin) function reprogram_jobs($userlogin, $now) { dol_syslog(get_class($this)."::reprogram_jobs userlogin:$userlogin", LOG_DEBUG); - + require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; $user=new User($this->db); $result=$user->fetch('',$userlogin); - if ($result<0) + if ($result<0) { $this->error="User Error:".$user->error; dol_syslog(get_class($this)."::reprogram_jobs ".$this->error, LOG_ERR); return -1; } - else + else { - if (empty($user->id)) + if (empty($user->id)) { $this->error=" User user login:".$userlogin." do not exists"; dol_syslog(get_class($this)."::reprogram_jobs ".$this->error, LOG_ERR); @@ -1147,24 +1147,24 @@ function reprogram_jobs($userlogin, $now) dol_syslog(get_class($this)."::reprogram_jobs ", LOG_DEBUG); - - if (empty($this->datenextrun)) + + if (empty($this->datenextrun)) { if (empty($this->datestart)) $this->datenextrun = $now + ($this->frequency * $this->unitfrequency); else $this->datenextrun = $this->datestart + ($this->frequency * $this->unitfrequency); } - if ($this->datenextrun < $now && $this->frequency > 0 && $this->unitfrequency > 0) + if ($this->datenextrun < $now && $this->frequency > 0 && $this->unitfrequency > 0) { // Loop until date is after future while ($this->datenextrun < $now) { $this->datenextrun += ($this->frequency * $this->unitfrequency); - + // TODO For exact frequency (every month, every year, ...), use instead a dol_time_plus_duree($time, $duration_value, $duration_unit) } } - else + else { //$this->datenextrun=$this->datenextrun + ($this->frequency * $this->unitfrequency); } @@ -1180,9 +1180,9 @@ function reprogram_jobs($userlogin, $now) dol_syslog(get_class($this)."::reprogram_jobs Job will be set to archived", LOG_ERR); } } - + $result = $this->update($user); - if ($result<0) + if ($result<0) { dol_syslog(get_class($this)."::reprogram_jobs ".$this->error, LOG_ERR); return -1; From 585dde6cf5329eb363ed6a464dfda33a3d98e23e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 23 Jul 2017 19:06:47 +0200 Subject: [PATCH 35/39] Fix url --- build/exe/doliwamp/doliwamp.iss | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/build/exe/doliwamp/doliwamp.iss b/build/exe/doliwamp/doliwamp.iss index 34757a5123af7..2ef8ab32f2265 100644 --- a/build/exe/doliwamp/doliwamp.iss +++ b/build/exe/doliwamp/doliwamp.iss @@ -353,10 +353,12 @@ begin begin // TODO Copy file or ask to install package ? //CustomMessage('YouWillInstallDoliWamp')+#13#13 - MsgBox('The package vcredist_x86.exe must have been installed first. It seems it is not. Please install it first from http://www.microsoft.com/en-us/download/details.aspx?id=30679 then restart DoliWamp installation/upgrade.',mbInformation,MB_OK); + MsgBox('The package vcredist_x86.exe must have been installed first. It seems it is not. Please install it first from http://www.microsoft.com/en-us/download/details.aspx?id=30679 then restart DoliWamp installation/upgrade.',mbInformation,MB_OK); end; - - + // Pb seems similar with msvcp110.dll + //vcredist_x64.exe + + // If we have a new database version, we should only copy old my.ini file into new directory // and change only all basedir= strings to use new version. Like this, data dir is still correct. // Install of service and stop/start scripts are already rebuild by installer. From a52adcad4a6fc645baf2432abf094c651c0cd0df Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 25 Jul 2017 13:52:10 +0200 Subject: [PATCH 36/39] Fix: change the condition --- htdocs/cron/class/cronjob.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index 5f7f8e5ead0c8..d62be5d915c45 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -972,7 +972,7 @@ function run_jobs($userlogin) $result = call_user_func_array(array($object, $this->methodename), $params_arr); } - if ($result===false || $result < 0) + if ($result !== true || $result != 0) { $langs->load("errors"); dol_syslog(get_class($this)."::run_jobs END result=".$result." error=".$object->error, LOG_ERR); @@ -1021,7 +1021,7 @@ function run_jobs($userlogin) $result = call_user_func_array($this->methodename, $params_arr); } - if ($result === false || $result < 0) + if ($result !== true || $result != 0) { $langs->load("errors"); dol_syslog(get_class($this)."::run_jobs result=".$result, LOG_ERR); From b932ce62468f55e6f13bfb84149827d7863326ca Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 26 Jul 2017 01:25:15 +0200 Subject: [PATCH 37/39] Update cronjob.class.php is better condition for use true or 0 if ($result === false || (! is_bool($result) && $result != 0)) --- htdocs/cron/class/cronjob.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index d62be5d915c45..5fba81a34225c 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -972,7 +972,7 @@ function run_jobs($userlogin) $result = call_user_func_array(array($object, $this->methodename), $params_arr); } - if ($result !== true || $result != 0) + if ($result === false || (! is_bool($result) && $result != 0)) { $langs->load("errors"); dol_syslog(get_class($this)."::run_jobs END result=".$result." error=".$object->error, LOG_ERR); @@ -1021,7 +1021,7 @@ function run_jobs($userlogin) $result = call_user_func_array($this->methodename, $params_arr); } - if ($result !== true || $result != 0) + if ($result === false || (! is_bool($result) && $result != 0)) { $langs->load("errors"); dol_syslog(get_class($this)."::run_jobs result=".$result, LOG_ERR); From adbb41799cd52c99a2fd9d12a33ce8595a022a32 Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio Date: Tue, 1 Aug 2017 11:08:58 +0200 Subject: [PATCH 38/39] FIX: calculate correct remain to pay for planned bank transactions --- htdocs/compta/bank/treso.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/compta/bank/treso.php b/htdocs/compta/bank/treso.php index cbdb769789f1a..92c1a73cf4f1b 100644 --- a/htdocs/compta/bank/treso.php +++ b/htdocs/compta/bank/treso.php @@ -282,6 +282,8 @@ $refcomp=$societestatic->getNomUrl(1,'',24); $paiement = $facturestatic->getSommePaiement(); // Payment already done + $paiement+= $facturestatic->getSumDepositsUsed(); + $paiement+= $facturestatic->getSumCreditNotesUsed(); } if ($obj->family == 'social_contribution') { From 09c271b7c57d073752e51def1e6ee58979855b5a Mon Sep 17 00:00:00 2001 From: Ferran Marcet Date: Wed, 2 Aug 2017 10:31:16 +0200 Subject: [PATCH 39/39] Fix: Correction in the calculation of the next week --- htdocs/core/lib/date.lib.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/date.lib.php b/htdocs/core/lib/date.lib.php index b06baaa928859..e08b6c24de531 100644 --- a/htdocs/core/lib/date.lib.php +++ b/htdocs/core/lib/date.lib.php @@ -2,6 +2,7 @@ /* Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2005-2011 Regis Houssin * Copyright (C) 2011-2015 Juanjo Menent + * Copyright (C) 2017 Ferran Marcet * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -407,7 +408,7 @@ function dol_get_next_week($day, $week, $month, $year) { $tmparray = dol_get_first_day_week($day, $month, $year); - $time=dol_mktime(12,0,0,$month,$tmparray['first_day'],$year,1,0); + $time=dol_mktime(12,0,0,$tmparray['first_month'],$tmparray['first_day'],$tmparray['first_year'],1,0); $time+=24*60*60*7; $tmparray=dol_getdate($time,true);
'; if (empty($user->rights->holiday->write_all)) { - print $form->select_dolusers($userid, 'useridbis', 0, '', 1, '', '', 0, 0, 0, '', 0, '', 'maxwidth300'); - print ''; + print $form->select_dolusers($fuserid, 'useridbis', 0, '', 1, '', '', 0, 0, 0, '', 0, '', 'maxwidth300'); + print ''; } - else print $form->select_dolusers(GETPOST('userid')?GETPOST('userid'):$user->id,'userid',0,'',0); + else print $form->select_dolusers(GETPOST('fuserid')?GETPOST('fuserid'):$user->id,'fuserid',0,'',0); print '
'; - print $facturestatic->LibStatut($obj->paye,$obj->fk_statut,5,$paiement,$obj->type); - print "'; + print $facturestatic->LibStatut($obj->paye,$obj->fk_statut,5,$paiement,$obj->type); + print "
'; - $invoicestatic->id=$objp->facid; - $invoicestatic->ref=$objp->facnumber; print $invoicestatic->getNomUrl(1); print "'.$societestatic->getNomUrl(1).'".$objp->code_client."'; print dol_print_date($db->jdate($objp->datef),'day')."'.$objp->qty."'.price($objp->total_ht)."'.$invoicestatic->LibStatut($objp->paye,$objp->statut,5).''.$invoicestatic->LibStatut($objp->paye,$objp->statut,5,$paiement,$objp->type).'