--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_ajaxdirpreview.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_ajaxdirpreview.php
@@ -34,28 +34,28 @@
if (!isset($mode) || $mode != 'noajax') // For ajax call
{
- require_once '../../main.inc.php';
- require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
- require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
- require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
-
- $action = GETPOST('action', 'aZ09');
- $file = urldecode(GETPOST('file', 'alpha'));
- $section = GETPOST("section", 'alpha');
- $module = GETPOST("module", 'alpha');
- $urlsource = GETPOST("urlsource", 'alpha');
- $search_doc_ref = GETPOST('search_doc_ref', 'alpha');
-
- $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
- $sortfield = GETPOST("sortfield", 'alpha');
- $sortorder = GETPOST("sortorder", 'alpha');
- $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
- if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
- $offset = $limit * $page;
- $pageprev = $page - 1;
- $pagenext = $page + 1;
- if (!$sortorder) $sortorder = "ASC";
- if (!$sortfield) $sortfield = "name";
+ require_once '../../main.inc.php';
+ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
+ require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
+
+ $action = GETPOST('action', 'aZ09');
+ $file = urldecode(GETPOST('file', 'alpha'));
+ $section = GETPOST("section", 'alpha');
+ $module = GETPOST("module", 'alpha');
+ $urlsource = GETPOST("urlsource", 'alpha');
+ $search_doc_ref = GETPOST('search_doc_ref', 'alpha');
+
+ $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
+ $sortfield = GETPOST("sortfield", 'alpha');
+ $sortorder = GETPOST("sortorder", 'alpha');
+ $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
+ if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
+ $offset = $limit * $page;
+ $pageprev = $page - 1;
+ $pagenext = $page + 1;
+ if (!$sortorder) $sortorder = "ASC";
+ if (!$sortfield) $sortfield = "name";
$rootdirfordoc = $conf->ecm->dir_output;
@@ -63,30 +63,31 @@
$ecmdir = new EcmDirectory($db);
if ($section > 0) {
- $result = $ecmdir->fetch($section);
- if (!$result > 0)
- {
- //dol_print_error($db,$ecmdir->error);
- //exit;
- }
+ $result = $ecmdir->fetch($section);
+ if (!$result > 0)
+ {
+ //dol_print_error($db,$ecmdir->error);
+ //exit;
+ }
}
} else // For no ajax call
{
$rootdirfordoc = $conf->ecm->dir_output;
$ecmdir = new EcmDirectory($db);
- $relativepath = '';
- if ($section > 0)
- {
- $result = $ecmdir->fetch($section);
- if (!$result > 0)
- {
- dol_print_error($db, $ecmdir->error);
- exit;
- }
-
- $relativepath = $ecmdir->getRelativePath(); // Example 'mydir/'
- } elseif (GETPOST('section_dir'))
+ $relativepath = '';
+ if ($section > 0)
+ {
+ $result = $ecmdir->fetch($section);
+ if (!$result > 0)
+ {
+ dol_print_error($db, $ecmdir->error);
+ exit;
+ }
+
+ $relativepath = $ecmdir->getRelativePath(); // Example 'mydir/'
+ }
+ elseif (GETPOST('section_dir'))
{
$relativepath = GETPOST('section_dir');
}
@@ -113,10 +114,10 @@
// On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
if (preg_match('/\.\./', $upload_dir) || preg_match('/[<>|]/', $upload_dir))
{
- dol_syslog("Refused to deliver file ".$upload_dir);
- // Do no show plain path in shown error message
- dol_print_error(0, $langs->trans("ErrorFileNameInvalid", $upload_dir));
- exit;
+ dol_syslog("Refused to deliver file ".$upload_dir);
+ // Do no show plain path in shown error message
+ dol_print_error(0, $langs->trans("ErrorFileNameInvalid", $upload_dir));
+ exit;
}
// Check permissions
@@ -145,10 +146,10 @@
if (!isset($mode) || $mode != 'noajax')
{
// Ajout directives pour resoudre bug IE
- header('Cache-Control: Public, must-revalidate');
- header('Pragma: public');
-
- top_httphead();
+ header('Cache-Control: Public, must-revalidate');
+ header('Pragma: public');
+
+ top_httphead();
}
$type = 'directory';
@@ -156,8 +157,8 @@
// This test if file exists should be useless. We keep it to find bug more easily
if (!dol_is_dir($upload_dir))
{
- //dol_mkdir($upload_dir);
- /*$langs->load("install");
+ //dol_mkdir($upload_dir);
+ /*$langs->load("install");
dol_print_error(0,$langs->trans("ErrorDirDoesNotExists",$upload_dir));
exit;*/
}
@@ -173,76 +174,72 @@
// Dir scan
if ($type == 'directory')
{
- $formfile = new FormFile($db);
-
- $maxlengthname = 40;
- $excludefiles = array('^SPECIMEN\.pdf$', '^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^payments$', '^CVS$', '^thumbs$');
- $sorting = (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC);
-
- // Right area. If module is defined here, we are in automatic ecm.
- $automodules = array(
- 'company',
- 'invoice',
- 'invoice_supplier',
- 'propal',
- 'supplier_proposal',
- 'order',
- 'order_supplier',
- 'contract',
- 'product',
- 'tax',
- 'project',
- 'fichinter',
- 'user',
- 'expensereport',
- 'holiday',
- 'recruitment-recruitmentcandidature',
- 'banque',
- 'mrp-mo'
- );
-
- // TODO change for multicompany sharing
- if ($module == 'company') $upload_dir = $conf->societe->dir_output;
- elseif ($module == 'invoice') $upload_dir = $conf->facture->dir_output;
- elseif ($module == 'invoice_supplier') $upload_dir = $conf->fournisseur->facture->dir_output;
- elseif ($module == 'propal') $upload_dir = $conf->propal->dir_output;
- elseif ($module == 'supplier_proposal') $upload_dir = $conf->supplier_proposal->dir_output;
- elseif ($module == 'order') $upload_dir = $conf->commande->dir_output;
- elseif ($module == 'order_supplier') $upload_dir = $conf->fournisseur->commande->dir_output;
- elseif ($module == 'contract') $upload_dir = $conf->contrat->dir_output;
- elseif ($module == 'product') $upload_dir = $conf->product->dir_output;
- elseif ($module == 'tax') $upload_dir = $conf->tax->dir_output;
- elseif ($module == 'project') $upload_dir = $conf->projet->dir_output;
- elseif ($module == 'fichinter') $upload_dir = $conf->ficheinter->dir_output;
- elseif ($module == 'user') $upload_dir = $conf->user->dir_output;
- elseif ($module == 'expensereport') $upload_dir = $conf->expensereport->dir_output;
- elseif ($module == 'holiday') $upload_dir = $conf->holiday->dir_output;
- elseif ($module == 'recruitment-recruitmentcandidature') $upload_dir = $conf->recruitment->dir_output.'/recruitmentcandidature';
- elseif ($module == 'banque') $upload_dir = $conf->bank->dir_output;
- elseif ($module == 'mrp-mo') $upload_dir = $conf->mrp->dir_output.'/mo';
-
- // Automatic list
- if (in_array($module, $automodules))
- {
- $param .= '&module='.$module;
- if (isset($search_doc_ref) && $search_doc_ref != '') $param .= '&search_doc_ref='.urlencode($search_doc_ref);
-
- $textifempty = ($section ? $langs->trans("NoFileFound") : ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("NoFileFound")));
-
- if ($module == 'company') $excludefiles[] = '^contact$'; // The subdir 'contact' contains files of contacts with no id of thirdparty.
-
- $filter = preg_quote($search_doc_ref, '/');
- $filearray = dol_dir_list($upload_dir, "files", 1, $filter, $excludefiles, $sortfield, $sorting, 1);
-
- $perm = $user->rights->ecm->upload;
-
- $formfile->list_of_autoecmfiles($upload_dir, $filearray, $module, $param, 1, '', $perm, 1, $textifempty, $maxlengthname, $url, 1);
- }
- // Manual list
- else {
- if ($module == 'medias')
- {
- /*
+ $formfile = new FormFile($db);
+
+ $maxlengthname = 40;
+ $excludefiles = array('^SPECIMEN\.pdf$', '^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^payments$', '^CVS$', '^thumbs$');
+ $sorting = (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC);
+
+ // Right area. If module is defined here, we are in automatic ecm.
+ $automodules = array('company', 'invoice', 'invoice_supplier', 'propal', 'supplier_proposal', 'order', 'order_supplier', 'contract', 'product', 'tax', 'project', 'fichinter', 'user', 'expensereport', 'holiday', 'banque');
+
+ // TODO change for multicompany sharing
+ // Auto area for suppliers invoices
+ if ($module == 'company') $upload_dir = $conf->societe->dir_output;
+ // Auto area for suppliers invoices
+ elseif ($module == 'invoice') $upload_dir = $conf->facture->dir_output;
+ // Auto area for suppliers invoices
+ elseif ($module == 'invoice_supplier') $upload_dir = $conf->fournisseur->facture->dir_output;
+ // Auto area for customers proposal
+ elseif ($module == 'propal') $upload_dir = $conf->propal->dir_output;
+ // Auto area for suppliers proposal
+ elseif ($module == 'supplier_proposal') $upload_dir = $conf->supplier_proposal->dir_output;
+ // Auto area for customers orders
+ elseif ($module == 'order') $upload_dir = $conf->commande->dir_output;
+ // Auto area for suppliers orders
+ elseif ($module == 'order_supplier') $upload_dir = $conf->fournisseur->commande->dir_output;
+ // Auto area for suppliers invoices
+ elseif ($module == 'contract') $upload_dir = $conf->contrat->dir_output;
+ // Auto area for products
+ elseif ($module == 'product') $upload_dir = $conf->product->dir_output;
+ // Auto area for suppliers invoices
+ elseif ($module == 'tax') $upload_dir = $conf->tax->dir_output;
+ // Auto area for projects
+ elseif ($module == 'project') $upload_dir = $conf->projet->dir_output;
+ // Auto area for interventions
+ elseif ($module == 'fichinter') $upload_dir = $conf->ficheinter->dir_output;
+ // Auto area for users
+ elseif ($module == 'user') $upload_dir = $conf->user->dir_output;
+ // Auto area for expense report
+ elseif ($module == 'expensereport') $upload_dir = $conf->expensereport->dir_output;
+ // Auto area for holiday
+ elseif ($module == 'holiday') $upload_dir = $conf->holiday->dir_output;
+ // Auto area for holiday
+ elseif ($module == 'banque') $upload_dir = $conf->bank->dir_output;
+
+ // Automatic list
+ if (in_array($module, $automodules))
+ {
+ $param .= '&module='.$module;
+ if (isset($search_doc_ref) && $search_doc_ref != '') $param .= '&search_doc_ref='.urlencode($search_doc_ref);
+
+ $textifempty = ($section ? $langs->trans("NoFileFound") : ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("NoFileFound")));
+
+ if ($module == 'company') $excludefiles[] = '^contact$'; // The subdir 'contact' contains files of contacts with no id of thirdparty.
+
+ $filter = preg_quote($search_doc_ref, '/');
+ $filearray = dol_dir_list($upload_dir, "files", 1, $filter, $excludefiles, $sortfield, $sorting, 1);
+
+ $perm = $user->rights->ecm->upload;
+
+ $formfile->list_of_autoecmfiles($upload_dir, $filearray, $module, $param, 1, '', $perm, 1, $textifempty, $maxlengthname, $url, 1);
+ }
+ // Manual list
+ else
+ {
+ if ($module == 'medias')
+ {
+ /*
$_POST is array like
'token' => string '062380e11b7dcd009d07318b57b71750' (length=32)
'action' => string 'file_manager' (length=12)
@@ -253,82 +250,91 @@
'max_file_size' => string '2097152' (length=7)
'sendit' => string 'Envoyer fichier' (length=15)
*/
- $relativepath = GETPOST('file', 'alpha') ?GETPOST('file', 'alpha') : GETPOST('section_dir', 'alpha');
- if ($relativepath && $relativepath != '/') $relativepath .= '/';
- $upload_dir = $dolibarr_main_data_root.'/'.$module.'/'.$relativepath;
- if (GETPOSTISSET('website') || GETPOSTISSET('file_manager'))
- {
- $param .= '&file_manager=1';
- if (!preg_match('/website=/', $param)) $param .= '&website='.urlencode(GETPOST('website', 'alpha'));
- if (!preg_match('/pageid=/', $param)) $param .= '&pageid='.urlencode(GETPOST('pageid', 'int'));
- //if (!preg_match('/backtopage=/',$param)) $param.='&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1&website='.$websitekey.'&pageid='.$pageid);
- }
- } else {
- $relativepath = $ecmdir->getRelativePath();
- $upload_dir = $conf->ecm->dir_output.'/'.$relativepath;
- }
-
- // If $section defined with value 0
+ $relativepath = GETPOST('file', 'alpha') ?GETPOST('file', 'alpha') : GETPOST('section_dir', 'alpha');
+ if ($relativepath && $relativepath != '/') $relativepath .= '/';
+ $upload_dir = $dolibarr_main_data_root.'/'.$module.'/'.$relativepath;
+ if (GETPOSTISSET('website') || GETPOSTISSET('file_manager'))
+ {
+ $param .= '&file_manager=1';
+ if (!preg_match('/website=/', $param)) $param .= '&website='.urlencode(GETPOST('website', 'alpha'));
+ if (!preg_match('/pageid=/', $param)) $param .= '&pageid='.urlencode(GETPOST('pageid', 'int'));
+ //if (!preg_match('/backtopage=/',$param)) $param.='&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1&website='.$websitekey.'&pageid='.$pageid);
+ }
+ }
+ else
+ {
+ $relativepath = $ecmdir->getRelativePath();
+ $upload_dir = $conf->ecm->dir_output.'/'.$relativepath;
+ }
+
+ // If $section defined with value 0
if (($section === '0' || empty($section)) && ($module != 'medias'))
- {
- $filearray = array();
- } else {
- $filearray = dol_dir_list($upload_dir, "files", 0, '', array('^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^CVS$'), $sortfield, $sorting, 1);
- }
-
- if ($section)
- {
- $param .= '§ion='.$section;
- if (isset($search_doc_ref) && $search_doc_ref != '') $param .= '&search_doc_ref='.$search_doc_ref;
-
- $textifempty = $langs->trans('NoFileFound');
- } elseif ($section === '0')
- {
- if ($module == 'ecm') $textifempty = '
'.$langs->trans("DirNotSynchronizedSyncFirst").'
';
- else $textifempty = $langs->trans('NoFileFound');
- } else $textifempty = ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("ECMSelectASection"));
-
- if ($module == 'medias')
- {
- $useinecm = 6;
- $modulepart = 'medias';
- $perm = ($user->rights->website->write || $user->rights->emailing->creer);
- $title = 'none';
- } elseif ($module == 'ecm') // DMS/ECM -> manual structure
- {
- if ($user->rights->ecm->read)
- {
- // Buttons: Preview
- $useinecm = 2;
- }
-
- if ($user->rights->ecm->upload)
- {
- // Buttons: Preview + Delete
- $useinecm = 4;
- }
-
- if ($user->rights->ecm->setup)
- {
- // Buttons: Preview + Delete + Edit
- $useinecm = 5;
- }
-
- $perm = $user->rights->ecm->upload;
- $modulepart = 'ecm';
- $title = ''; // Use default
- } else {
- $useinecm = 5;
- $modulepart = 'ecm';
- $perm = $user->rights->ecm->upload;
- $title = ''; // Use default
- }
-
- // When we show list of files for ECM files, $filearray contains file list, and directory is defined with modulepart + section into $param
- // When we show list of files for a directory, $filearray ciontains file list, and directory is defined with modulepart + $relativepath
- //var_dump("section=".$section." title=".$title." modulepart=".$modulepart." useinecm=".$useinecm." perm=".$perm." relativepath=".$relativepath." param=".$param." url=".$url);
- $formfile->list_of_documents($filearray, '', $modulepart, $param, 1, $relativepath, $perm, $useinecm, $textifempty, $maxlengthname, $title, $url, 0, $perm);
- }
+ {
+ $filearray = array();
+ }
+ else
+ {
+ $filearray = dol_dir_list($upload_dir, "files", 0, '', array('^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^CVS$'), $sortfield, $sorting, 1);
+ }
+
+ if ($section)
+ {
+ $param .= '§ion='.$section;
+ if (isset($search_doc_ref) && $search_doc_ref != '') $param .= '&search_doc_ref='.$search_doc_ref;
+
+ $textifempty = $langs->trans('NoFileFound');
+ }
+ elseif ($section === '0')
+ {
+ if ($module == 'ecm') $textifempty = '
'.$langs->trans("DirNotSynchronizedSyncFirst").'
';
+ else $textifempty = $langs->trans('NoFileFound');
+ }
+ else $textifempty = ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("ECMSelectASection"));
+
+ if ($module == 'medias')
+ {
+ $useinecm = 6;
+ $modulepart = 'medias';
+ $perm = ($user->rights->website->write || $user->rights->emailing->creer);
+ $title = 'none';
+ }
+ elseif ($module == 'ecm') // DMS/ECM -> manual structure
+ {
+ if ($user->rights->ecm->read)
+ {
+ // Buttons: Preview
+ $useinecm = 2;
+ }
+
+ if ($user->rights->ecm->upload)
+ {
+ // Buttons: Preview + Delete
+ $useinecm = 4;
+ }
+
+ if ($user->rights->ecm->setup)
+ {
+ // Buttons: Preview + Delete + Edit
+ $useinecm = 5;
+ }
+
+ $perm = $user->rights->ecm->upload;
+ $modulepart = 'ecm';
+ $title = ''; // Use default
+ }
+ else
+ {
+ $useinecm = 5;
+ $modulepart = 'ecm';
+ $perm = $user->rights->ecm->upload;
+ $title = ''; // Use default
+ }
+
+ // When we show list of files for ECM files, $filearray contains file list, and directory is defined with modulepart + section into $param
+ // When we show list of files for a directory, $filearray ciontains file list, and directory is defined with modulepart + $relativepath
+ //var_dump("section=".$section." title=".$title." modulepart=".$modulepart." useinecm=".$useinecm." perm=".$perm." relativepath=".$relativepath." param=".$param." url=".$url);
+ $formfile->list_of_documents($filearray, '', $modulepart, $param, 1, $relativepath, $perm, $useinecm, $textifempty, $maxlengthname, $title, $url, 0, $perm);
+ }
}
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_ajaxdirtree.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_ajaxdirtree.php
@@ -49,7 +49,8 @@
$preopened = GETPOST('preopened');
if ($selecteddir != '/') $selecteddir = preg_replace('/\/$/', '', $selecteddir); // We removed last '/' except if it is '/'
-} else // For no ajax call
+}
+else // For no ajax call
{
//if (GETPOST('preopened')) { $_GET['dir'] = $_POST['dir'] = GETPOST('preopened'); }
@@ -72,7 +73,8 @@
{
$fullpathselecteddir = $conf->ecm->dir_output.'/'.($selecteddir != '/' ? $selecteddir : '');
$fullpathpreopened = $conf->ecm->dir_output.'/'.($preopened != '/' ? $preopened : '');
-} elseif ($modulepart == 'medias')
+}
+elseif ($modulepart == 'medias')
{
$fullpathselecteddir = $dolibarr_main_data_root.'/medias/'.($selecteddir != '/' ? $selecteddir : '');
$fullpathpreopened = $dolibarr_main_data_root.'/medias/'.($preopened != '/' ? $preopened : '');
@@ -83,17 +85,18 @@
// On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
if (preg_match('/\.\./', $fullpathselecteddir) || preg_match('/[<>|]/', $fullpathselecteddir))
{
- dol_syslog("Refused to deliver file ".$original_file);
- // Do no show plain path in shown error message
- dol_print_error(0, $langs->trans("ErrorFileNameInvalid", GETPOST("file")));
- exit;
+ dol_syslog("Refused to deliver file ".$original_file);
+ // Do no show plain path in shown error message
+ dol_print_error(0, $langs->trans("ErrorFileNameInvalid", GETPOST("file")));
+ exit;
}
// Check permissions
if ($modulepart == 'ecm')
{
if (!$user->rights->ecm->read) accessforbidden();
-} elseif ($modulepart == 'medias')
+}
+elseif ($modulepart == 'medias')
{
// Always allowed
}
@@ -120,11 +123,11 @@
$current_ecmdir_id = -1;
foreach ($sqltree as $keycursor => $val)
{
- //print $val['fullrelativename']." == ".$selecteddir;
- if ($val['fullrelativename'] == $selecteddir)
- {
- $current_ecmdir_id = $keycursor;
- }
+ //print $val['fullrelativename']." == ".$selecteddir;
+ if ($val['fullrelativename'] == $selecteddir)
+ {
+ $current_ecmdir_id = $keycursor;
+ }
}
if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_JS))
@@ -468,7 +471,8 @@
if ($modulepart == 'ecm')
{
$newfullpathselecteddir = $conf->ecm->dir_output.'/'.($val['fullrelativename'] != '/' ? $val['fullrelativename'] : '');
- } elseif ($modulepart == 'medias')
+ }
+ elseif ($modulepart == 'medias')
{
$newfullpathselecteddir = $dolibarr_main_data_root.'/medias/'.($val['fullrelativename'] != '/' ? $val['fullrelativename'] : '');
}
@@ -482,6 +486,7 @@
echo "\n";
}
- } else print "PermissionDenied";
- }
-}
+ }
+ else print "PermissionDenied";
+ }
+}
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_box.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_box.php
@@ -58,7 +58,7 @@
$nbboxonright = substr_count($tmp[1], ',');
print $nbboxonleft.'-'.$nbboxonright;
if ($nbboxonleft > $nbboxonright) $boxorder = preg_replace('/B:/', 'B:'.$boxid.',', $boxorder); // Insert id of new box into list
- else $boxorder = preg_replace('/^A:/', 'A:'.$boxid.',', $boxorder); // Insert id of new box into list
+ else $boxorder = preg_replace('/^A:/', 'A:'.$boxid.',', $boxorder); // Insert id of new box into list
}
// Registering the location of boxes after a move
@@ -70,10 +70,10 @@
$result = InfoBox::saveboxorder($db, $zone, $boxorder, $userid);
if ($result > 0)
{
- $langs->load("boxes");
- if (!GETPOST('closing'))
- {
- setEventMessages($langs->trans("BoxAdded"), null);
- }
+ $langs->load("boxes");
+ if (!GETPOST('closing'))
+ {
+ setEventMessages($langs->trans("BoxAdded"), null);
+ }
}
}
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_check_notifications.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_check_notifications.php
@@ -1,7 +1,7 @@
* Copyright (C) 2017 Juanjo Menent
- * Copyright (C) 2019 Frédéric France
+ * Copyright (C) 2019 Frédéric France
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -18,82 +18,26 @@
*/
if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1');
-if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal
if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1');
if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1');
if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1');
if (!defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1');
-if (!defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1');
-
-//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user
-//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc
-//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs
-//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters
-//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters
-//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on).
-//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
-//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
-//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
-//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
-//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
-//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
-//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
-//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value
-//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler
-//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', '1'); // The main.inc.php does not make a redirect if not logged, instead show simple error message
-//if (! defined("XFRAMEOPTIONS_ALLOWALL")) define('XFRAMEOPTIONS_ALLOWALL', '1'); // Do not add the HTTP header 'X-Frame-Options: SAMEORIGIN' but 'X-Frame-Options: ALLOWALL'
-
require '../../main.inc.php';
-
-//$time = (int) GETPOST('time', 'int'); // Use the time parameter that is always increased by time_update, even if call is late
-$time = dol_now();
-$action = GETPOST('action', 'aZ09');
-$listofreminderids = GETPOST('listofreminderids', 'aZ09');
-
-
-/*
- * Actions
- */
-
-if ($action == 'stopreminder') {
- dol_syslog("Clear notification for listofreminderids=".$listofreminderids);
- $listofreminderid = GETPOST('listofreminderids', 'intcomma');
-
- // Set the reminder as done
- //foreach ($listofreminderidsarray as $listofreminderid) {
- // if (empty($listofreminderid)) continue;
- //$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'action_reminder WHERE rowid = '.$listofreminderid.' AND fk_user = '.$user->id;
- $sql = 'UPDATE '.MAIN_DB_PREFIX.'actioncomm_reminder SET status = 1';
- $sql .= ' WHERE status = 0 AND rowid IN ('.$db->sanitize($db->escape($listofreminderid)).')';
- $sql .= ' AND fk_user = '.$user->id.' AND entity = '.$conf->entity;
- $resql = $db->query($sql);
- if (!$resql) {
- dol_print_error($db);
- }
- //}
-
- include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
-
- // Clean database
- $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'actioncomm_reminder';
- $sql .= " WHERE dateremind < '".$db->idate(dol_time_plus_duree(dol_now(), -1, 'm'))."'";
- $resql = $db->query($sql);
- if (!$resql) {
- dol_print_error($db);
- }
-
- exit;
-}
/*
* View
*/
-top_httphead('application/json');
+top_httphead('text/html'); // TODO Use a json mime type
global $user, $db, $langs, $conf;
+
+$time = (int) GETPOST('time', 'int'); // Use the time parameter that is always increased by time_update, even if call is late
+//$time=dol_now();
+
$eventfound = array();
//Uncomment this to force a test
@@ -102,10 +46,9 @@
//dol_syslog('time='.$time.' $_SESSION[auto_ck_events_not_before]='.$_SESSION['auto_check_events_not_before']);
// TODO Try to make a solution with only a javascript timer that is easier. Difficulty is to avoid notification twice when several tabs are opened.
-// This need to extend period to be sure to not miss and save in session what we notified to avoid duplicate.
-if (empty($_SESSION['auto_check_events_not_before']) || $time >= $_SESSION['auto_check_events_not_before'] || GETPOST('forcechecknow', 'int'))
+if ($time >= $_SESSION['auto_check_events_not_before'])
{
- /*$time_update = (int) $conf->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY; // Always defined
+ $time_update = (int) $conf->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY; // Always defined
if (!empty($_SESSION['auto_check_events_not_before']))
{
// We start scan from the not before so if two tabs were opend at differents seconds and we close one (so the js timer),
@@ -117,58 +60,60 @@
dol_syslog("We ask to check browser notification on a too large period. We fix this with current date.");
$starttime = $time;
}
- } else {
+ }
+ else
+ {
$starttime = $time;
}
$_SESSION['auto_check_events_not_before'] = $time + $time_update;
- */
- // Force save of the session change we did.
- // WARNING: Any change in sessions after that will not be saved !
- session_write_close();
+ // Force save of session change we did.
+ // WARNING: Any change in sessions after that will not be saved !
+ session_write_close();
- require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
+ require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
- dol_syslog('NEW $_SESSION[auto_check_events_not_before]='.(empty($_SESSION['auto_check_events_not_before']) ? '' : $_SESSION['auto_check_events_not_before']));
+ dol_syslog('NEW $_SESSION[auto_check_events_not_before]='.$_SESSION['auto_check_events_not_before']);
- $sql = 'SELECT a.id as id_agenda, a.code, a.datep, a.label, a.location, ar.rowid as id_reminder, ar.dateremind, ar.fk_user as id_user_reminder';
- $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a';
- if (!empty($user->conf->MAIN_USER_WANT_ALL_EVENTS_NOTIFICATIONS)) {
- $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id;
- $sql .= ' WHERE a.code <> "AC_OTH_AUTO"';
- $sql .= ' AND (';
- $sql .= " (ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity;
- $sql .= ' )';
- } else {
- $sql .= ' JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id;
- $sql .= " AND ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity;
- }
- $sql .= $db->order('datep', 'ASC');
- $sql .= ' LIMIT 10'; // Avoid too many notification at once
+ $sql = 'SELECT id';
+ $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm a, '.MAIN_DB_PREFIX.'actioncomm_resources ar';
+ $sql .= ' WHERE a.id = ar.fk_actioncomm';
+ // TODO Try to make a solution with only a javascript timer that is easier. Difficulty is to avoid notification twice when several tabs are opened.
+ // This need to extend period to be sure to not miss and save in session what we notified to avoid duplicate (save is not done yet).
+ $sql .= " AND datep BETWEEN '".$db->idate($starttime)."' AND '".$db->idate($time + $time_update - 1)."'";
+ $sql .= ' AND a.code <> "AC_OTH_AUTO"';
+ $sql .= ' AND ar.element_type = "user"';
+ $sql .= ' AND ar.fk_element = '.$user->id;
+ $sql .= ' LIMIT 10'; // Avoid too many notification at once
- $resql = $db->query($sql);
- if ($resql) {
- while ($obj = $db->fetch_object($resql))
- {
- // Message must be formated and translated to be used with javascript directly
- $event = array();
- $event['type'] = 'agenda';
- $event['id_reminder'] = $obj->id_reminder;
- $event['id_agenda'] = $obj->id_agenda;
- $event['id_user'] = $obj->id_user_reminder;
- $event['code'] = $obj->code;
- $event['label'] = $obj->label;
- $event['location'] = $obj->location;
- $event['reminder_date_formated'] = dol_print_date($db->jdate($obj->dateremind), 'standard');
- $event['event_date_start_formated'] = dol_print_date($db->jdate($obj->datep), 'standard');
+ $resql = $db->query($sql);
+ if ($resql) {
+ $actionmod = new ActionComm($db);
- $eventfound[$obj->id_agenda] = $event;
- }
- } else {
- dol_syslog("Error sql = ".$db->lasterror(), LOG_ERR);
- }
+ while ($obj = $db->fetch_object($resql))
+ {
+ // Load translation files required by the page
+ $langs->loadLangs(array('agenda', 'commercial'));
+
+ $actionmod->fetch($obj->id);
+
+ // Message must be formated and translated to be used with javascript directly
+ $event = array();
+ $event['type'] = 'agenda';
+ $event['id'] = $actionmod->id;
+ $event['tipo'] = $langs->transnoentities('Action'.$actionmod->code);
+ $event['titulo'] = $actionmod->label;
+ $event['location'] = $langs->transnoentities('Location').': '.$actionmod->location;
+
+ $eventfound[] = $event;
+ }
+ }
+ else
+ {
+ dol_syslog("Error sql = ".$db->lasterror(), LOG_ERR);
+ }
}
-print json_encode(array('pastreminders'=>$eventfound, 'nextreminder'=>''));
+print json_encode($eventfound);
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_constantonoff.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_constantonoff.php
@@ -26,14 +26,12 @@
if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1');
if (!defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1');
if (!defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1');
-if (!defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Token is required even in GET mode
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
-$action = GETPOST('action', 'aZ09'); // set or del
+$action = GETPOST('action', 'alpha');
$name = GETPOST('name', 'alpha');
-
/*
* View
@@ -48,7 +46,7 @@
//print ''."\n";
-// Registering the new value of constant
+// Registering the location of boxes
if (!empty($action) && !empty($name))
{
$entity = GETPOST('entity', 'int');
@@ -59,11 +57,10 @@
if ($action == 'set')
{
dolibarr_set_const($db, $name, $value, 'chaine', 0, '', $entity);
- } elseif ($action == 'del')
+ }
+ elseif ($action == 'del')
{
dolibarr_del_const($db, $name, $entity);
}
}
-} else {
- http_response_code(403);
}
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_contacts.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_contacts.php
@@ -1,6 +1,6 @@
- * Copyright (C) 2020 Laurent Destailleur
+ * Copyright (C) 2016 Laurent Destailleur
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,14 +27,10 @@
require '../../main.inc.php';
-$id = GETPOST('id', 'int'); // id of thirdparty
-$action = GETPOST('action', 'aZ09');
+$id = GETPOST('id', 'int');
+$action = GETPOST('action', 'alpha');
$htmlname = GETPOST('htmlname', 'alpha');
$showempty = GETPOST('showempty', 'int');
-
-// Security check
-$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
-
/*
* View
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_extraparams.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_extraparams.php
@@ -51,38 +51,20 @@
$classpath = $subelement = $element;
// For compatibility
- if ($element == 'order' || $element == 'commande') {
- $classpath = $subelement = 'commande';
- } elseif ($element == 'propal') {
- $classpath = 'comm/propal';
- $subelement = 'propal';
- } elseif ($element == 'facture') {
- $classpath = 'compta/facture';
- $subelement = 'facture';
- } elseif ($element == 'contract') {
- $classpath = $subelement = 'contrat';
- } elseif ($element == 'shipping') {
- $classpath = $subelement = 'expedition';
- } elseif ($element == 'deplacement') {
- $classpath = 'compta/deplacement';
- $subelement = 'deplacement';
- } elseif ($element == 'order_supplier') {
- $classpath = 'fourn';
- $subelement = 'fournisseur.commande';
- } elseif ($element == 'invoice_supplier') {
- $classpath = 'fourn';
- $subelement = 'fournisseur.facture';
- }
+ if ($element == 'order' || $element == 'commande') { $classpath = $subelement = 'commande'; }
+ elseif ($element == 'propal') { $classpath = 'comm/propal'; $subelement = 'propal'; }
+ elseif ($element == 'facture') { $classpath = 'compta/facture'; $subelement = 'facture'; }
+ elseif ($element == 'contract') { $classpath = $subelement = 'contrat'; }
+ elseif ($element == 'shipping') { $classpath = $subelement = 'expedition'; }
+ elseif ($element == 'deplacement') { $classpath = 'compta/deplacement'; $subelement = 'deplacement'; }
+ elseif ($element == 'order_supplier') { $classpath = 'fourn'; $subelement = 'fournisseur.commande'; }
+ elseif ($element == 'invoice_supplier') { $classpath = 'fourn'; $subelement = 'fournisseur.facture'; }
dol_include_once('/'.$classpath.'/class/'.$subelement.'.class.php');
- if ($element == 'order_supplier') {
- $classname = 'CommandeFournisseur';
- } elseif ($element == 'invoice_supplier') {
- $classname = 'FactureFournisseur';
- } else {
- $classname = ucfirst($subelement);
- }
+ if ($element == 'order_supplier') { $classname = 'CommandeFournisseur'; }
+ elseif ($element == 'invoice_supplier') { $classname = 'FactureFournisseur'; }
+ else $classname = ucfirst($subelement);
$object = new $classname($db);
$object->fetch($id);
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_loadinplace.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_loadinplace.php
@@ -62,7 +62,8 @@
elseif ($element == 'order_supplier') {
$element = 'fournisseur';
$subelement = 'commande';
- } elseif ($element == 'invoice_supplier') {
+ }
+ elseif ($element == 'invoice_supplier') {
$element = 'fournisseur';
$subelement = 'facture';
}
@@ -82,7 +83,8 @@
{
$ret = $form->$methodname();
if ($ret > 0) echo json_encode($form->$cachename);
- } elseif (!empty($ext_element))
+ }
+ elseif (!empty($ext_element))
{
$module = $subelement = $ext_element;
if (preg_match('/^([^_]+)_([^_]+)/i', $ext_element, $regs))
@@ -97,12 +99,16 @@
$ret = $object->$methodname($fk_element);
if ($ret > 0) echo json_encode($object->$cachename);
}
- } else {
+ }
+ else
+ {
$object = new GenericObject($db);
$value = $object->$loadmethod($table_element, $fk_element, $field);
echo $value;
}
- } else {
+ }
+ else
+ {
echo $langs->transnoentities('NotEnoughPermissions');
}
}
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_objectonoff.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_objectonoff.php
@@ -30,7 +30,7 @@
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php';
-$action = GETPOST('action', 'aZ09');
+$action = GETPOST('action', 'alpha');
$id = GETPOST('id', 'int');
$value = GETPOST('value', 'int');
$field = GETPOST('field', 'alpha');
@@ -43,9 +43,9 @@
$socid = $user->socid;
}
-/*if (empty($conf->global->MAIN_DIRECT_STATUS_UPDATE)) {
+if (empty($conf->global->MAIN_DIRECT_STATUS_UPDATE)) {
accessforbidden('Calling this file is allowed only when MAIN_DIRECT_STATUS_UPDATE is set');
-}*/
+}
/*
@@ -58,9 +58,11 @@
if (in_array($field, array('status'))) {
$result = restrictedArea($user, $element, $id);
-} elseif ($element == 'product' && in_array($field, array('tosell', 'tobuy', 'tobatch'))) { // Special case for products
+}
+elseif ($element == 'product' && in_array($field, array('tosell', 'tobuy', 'tobatch'))) { // Special case for products
$result = restrictedArea($user, 'produit|service', $id, 'product&product', '', '', 'rowid');
-} else {
+}
+else {
accessforbidden("Bad value for combination of parameters element/field.", 0, 0, 1);
exit;
}
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_pingresult.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_pingresult.php
@@ -30,7 +30,7 @@
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
-$action = GETPOST('action', 'aZ09');
+$action = GETPOST('action', 'alpha');
$hash_unique_id = GETPOST('hash_unique_id', 'alpha');
$hash_algo = GETPOST('hash_algo', 'alpha');
@@ -66,6 +66,7 @@
// Note: pings are by installation, done on entity 1.
dolibarr_set_const($db, 'MAIN_LAST_PING_KO_DATE', dol_print_date($now, 'dayhourlog'), 'gmt'); // erase last value
print 'First ping KO saved for entity '.$conf->entity;
-} else {
+}
+else {
print 'Error action='.$action.' not supported';
}
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_price.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_price.php
@@ -51,7 +51,8 @@
$price = price2num($amount * (1 + ($tva_tx / 100)), 'MU');
$return['price_ht'] = $amount;
$return['price_ttc'] = (isset($price) && $price != '' ? price($price) : '');
- } elseif ($output == 'price_ht') {
+ }
+ elseif ($output == 'price_ht') {
$price = price2num($amount / (1 + ($tva_tx / 100)), 'MU');
$return['price_ht'] = (isset($price) && $price != '' ? price($price) : '');
$return['price_ttc'] = ($tva_tx == 0 ? $price : $amount);
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_row.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_row.php
@@ -47,8 +47,8 @@
print ''."\n";
// Registering the location of boxes
-if (GETPOST('roworder', 'alpha') && GETPOST('table_element_line', 'alpha', 2)
- && GETPOST('fk_element', 'alpha', 2) && GETPOST('element_id', 'int', 2))
+if ((!empty($_POST['roworder'])) && (!empty($_POST['table_element_line']))
+ && (!empty($_POST['fk_element'])) && (!empty($_POST['element_id'])))
{
$roworder = GETPOST('roworder', 'alpha', 2);
$table_element_line = GETPOST('table_element_line', 'alpha', 2);
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_saveinplace.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_saveinplace.php
@@ -59,60 +59,51 @@
if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_element))
{
$ext_element = GETPOST('ext_element', 'alpha', 2);
- $field = substr($field, 8); // remove prefix val_
+ $field = substr($field, 8); // remove prefix val_
$type = GETPOST('type', 'alpha', 2);
- $value = ($type == 'ckeditor' ? GETPOST('value', '', 2) : GETPOST('value', 'alpha', 2));
- $loadmethod = GETPOST('loadmethod', 'alpha', 2);
- $savemethod = GETPOST('savemethod', 'alpha', 2);
+ $value = ($type == 'ckeditor' ? GETPOST('value', '', 2) : GETPOST('value', 'alpha', 2));
+ $loadmethod = GETPOST('loadmethod', 'alpha', 2);
+ $savemethod = GETPOST('savemethod', 'alpha', 2);
$savemethodname = (!empty($savemethod) ? $savemethod : 'setValueFrom');
- $newelement = $element;
+ $newelement = $element;
$view = '';
$format = 'text';
$return = array();
$error = 0;
- if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i', $element, $regs)) {
+ if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i', $element, $regs))
+ {
$element = $regs[1];
$subelement = $regs[2];
}
- if ($element == 'propal') {
- $newelement = 'propale';
- } elseif ($element == 'fichinter') {
- $newelement = 'ficheinter';
- } elseif ($element == 'product') {
- $newelement = 'produit';
- } elseif ($element == 'member') {
- $newelement = 'adherent';
- } elseif ($element == 'order_supplier') {
+ if ($element == 'propal') $newelement = 'propale';
+ elseif ($element == 'fichinter') $newelement = 'ficheinter';
+ elseif ($element == 'product') $newelement = 'produit';
+ elseif ($element == 'member') $newelement = 'adherent';
+ elseif ($element == 'order_supplier') {
$newelement = 'fournisseur';
$subelement = 'commande';
- } elseif ($element == 'invoice_supplier') {
+ }
+ elseif ($element == 'invoice_supplier') {
$newelement = 'fournisseur';
$subelement = 'facture';
- } else {
- $newelement = $element;
- }
+ }
+ else $newelement = $element;
$_POST['action'] = 'update'; // Hack so restrictarea will test permissions on write too
$feature = $newelement;
$feature2 = $subelement;
$object_id = $fk_element;
- if ($feature == 'expedition' || $feature == 'shipping') {
+ if ($feature == 'expedition' || $feature == 'shipping')
+ {
$feature = 'commande';
$object_id = 0;
}
- if ($feature == 'shipping') {
- $feature = 'commande';
- }
- if ($feature == 'payment') {
- $feature = 'facture';
- }
- if ($feature == 'payment_supplier') {
- $feature = 'fournisseur';
- $feature2 = 'facture';
- }
+ if ($feature == 'shipping') $feature = 'commande';
+ if ($feature == 'payment') { $feature = 'facture'; }
+ if ($feature == 'payment_supplier') { $feature = 'fournisseur'; $feature2 = 'facture'; }
//var_dump(GETPOST('action','aZ09'));
//var_dump($newelement.'-'.$subelement."-".$feature."-".$object_id);
$check_access = restrictedArea($user, $feature, $object_id, '', $feature2);
@@ -139,11 +130,15 @@
$error++;
$return['error'] = $langs->trans('ErrorBadValue');
}
- } elseif ($type == 'datepicker') {
+ }
+ elseif ($type == 'datepicker')
+ {
$timestamp = GETPOST('timestamp', 'int', 2);
$format = 'date';
$newvalue = ($timestamp / 1000);
- } elseif ($type == 'select') {
+ }
+ elseif ($type == 'select')
+ {
$loadmethodname = 'load_cache_'.$loadmethod;
$loadcachename = 'cache_'.$loadmethod;
$loadviewname = 'view_'.$loadmethod;
@@ -162,11 +157,15 @@
$loadview = $form->$loadviewname;
$view = $loadview[$newvalue];
}
- } else {
+ }
+ else
+ {
$error++;
$return['error'] = $form->error;
}
- } else {
+ }
+ else
+ {
$module = $subelement = $ext_element;
if (preg_match('/^([^_]+)_([^_]+)/i', $ext_element, $regs))
{
@@ -188,7 +187,9 @@
$loadview = $object->$loadviewname;
$view = $loadview[$newvalue];
}
- } else {
+ }
+ else
+ {
$error++;
$return['error'] = $object->error;
}
@@ -214,13 +215,17 @@
$return['value'] = $value;
$return['view'] = (!empty($view) ? $view : $value);
- } else {
+ }
+ else
+ {
$return['error'] = $object->error;
}
}
echo json_encode($return);
- } else {
+ }
+ else
+ {
echo $langs->trans('NotEnoughPermissions');
}
}
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_selectobject.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_selectobject.php
@@ -33,7 +33,7 @@
$htmlname = GETPOST('htmlname', 'aZ09');
$sqlfilter = GETPOST('sqlfilter', 'alpha');
$outjson = (GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0);
-$action = GETPOST('action', 'aZ09');
+$action = GETPOST('action', 'alpha');
$id = GETPOST('id', 'int');
@@ -75,10 +75,9 @@
}
// When used from jQuery, the search term is added as GET param "term".
-$searchkey = (($id && GETPOST($id, 'alpha')) ? GETPOST($id, 'alpha') : (($htmlname && GETPOST($htmlname, 'alpha')) ? GETPOST($htmlname, 'alpha') : ''));
+$searchkey = (($id && GETPOST($id, 'alpha')) ?GETPOST($id, 'alpha') : (($htmlname && GETPOST($htmlname, 'alpha')) ?GETPOST($htmlname, 'alpha') : ''));
-// Add a security test to avoid to get content of all tables
-restrictedArea($user, $objecttmp->element, $id);
+// TODO Add a security test to avoid to get content of all tables
$arrayresult = $form->selectForFormsList($objecttmp, $htmlname, '', 0, $searchkey, '', '', '', 0, 1);
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_selectsearchbox.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_selectsearchbox.php
@@ -26,21 +26,21 @@
if (!isset($usedbyinclude) || empty($usedbyinclude))
{
- if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', 1); // Disables token renewal
- if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1');
- if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1');
- if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1');
- if (!defined('NOREDIRECTBYMAINTOLOGIN')) define('NOREDIRECTBYMAINTOLOGIN', '1');
+ if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', 1); // Disables token renewal
+ if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1');
+ if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1');
+ if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1');
+ if (!defined('NOREDIRECTBYMAINTOLOGIN')) define('NOREDIRECTBYMAINTOLOGIN', '1');
- $res = @include '../../main.inc.php';
- if ($res == 'ERROR_NOT_LOGGED')
- {
- $langs->load("other");
- $arrayresult['jumptologin'] = array('img'=>'object_generic', 'label'=>$langs->trans("JumpToLogin"), 'text'=>' '.$langs->trans("JumpToLogin"), 'url'=>DOL_URL_ROOT.'/index.php');
- print json_encode($arrayresult);
- if (is_object($db)) $db->close();
- exit;
- }
+ $res = @include '../../main.inc.php';
+ if ($res == 'ERROR_NOT_LOGGED')
+ {
+ $langs->load("other");
+ $arrayresult['jumptologin'] = array('img'=>'object_generic', 'label'=>$langs->trans("JumpToLogin"), 'text'=>' '.$langs->trans("JumpToLogin"), 'url'=>DOL_URL_ROOT.'/index.php');
+ print json_encode($arrayresult);
+ if (is_object($db)) $db->close();
+ exit;
+ }
}
include_once DOL_DOCUMENT_ROOT.'/core/lib/json.lib.php';
@@ -48,7 +48,7 @@
//global $hookmanager;
$hookmanager->initHooks(array('searchform'));
-$search_boxvalue = GETPOST('q', 'restricthtml');
+$search_boxvalue = GETPOST('q', 'none');
$arrayresult = array();
@@ -82,7 +82,7 @@
if (!empty($conf->projet->enabled) && empty($conf->global->MAIN_SEARCHFORM_PROJECT_DISABLED) && $user->rights->projet->lire)
{
- $arrayresult['searchintoprojects'] = array('position'=>40, 'shortcut'=>'Q', 'img'=>'object_project', 'label'=>$langs->trans("SearchIntoProjects", $search_boxvalue), 'text'=>img_picto('', 'object_project').' '.$langs->trans("SearchIntoProjects", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/projet/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));
+ $arrayresult['searchintoprojects'] = array('position'=>40, 'shortcut'=>'Q', 'img'=>'object_projectpub', 'label'=>$langs->trans("SearchIntoProjects", $search_boxvalue), 'text'=>img_picto('', 'object_project').' '.$langs->trans("SearchIntoProjects", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/projet/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));
}
if (!empty($conf->projet->enabled) && empty($conf->global->MAIN_SEARCHFORM_TASK_DISABLED) && $user->rights->projet->lire)
{
@@ -110,46 +110,13 @@
{
$arrayresult['searchintosupplierpropal'] = array('position'=>100, 'img'=>'object_propal', 'label'=>$langs->trans("SearchIntoSupplierProposals", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_proposal').' '.$langs->trans("SearchIntoSupplierProposals", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/supplier_proposal/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));
}
-if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_ORDER_DISABLED) || !empty($conf->supplier_order->enabled)) && $user->rights->fournisseur->commande->lire)
+if ((! empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_ORDER_DISABLED) || ! empty($conf->supplier_order->enabled)) && $user->rights->fournisseur->commande->lire)
{
$arrayresult['searchintosupplierorder'] = array('position'=>110, 'img'=>'object_order', 'label'=>$langs->trans("SearchIntoSupplierOrders", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_order').' '.$langs->trans("SearchIntoSupplierOrders", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fourn/commande/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : ''));
}
-if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_INVOICE_DISABLED) || !empty($conf->supplier_invoice->enabled)) && $user->rights->fournisseur->facture->lire)
+if ((! empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_INVOICE_DISABLED) || ! empty($conf->supplier_invoice->enabled)) && $user->rights->fournisseur->facture->lire)
{
$arrayresult['searchintosupplierinvoice'] = array('position'=>120, 'img'=>'object_bill', 'label'=>$langs->trans("SearchIntoSupplierInvoices", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_invoice').' '.$langs->trans("SearchIntoSupplierInvoices", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fourn/facture/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));
-}
-
-// Customer payments
-if (!empty($conf->facture->enabled) && empty($conf->global->MAIN_SEARCHFORM_CUSTOMER_INVOICE_DISABLED) && $user->rights->facture->lire)
-{
- $arrayresult['searchintocustomerpayments'] = array(
- 'position'=>170,
- 'img'=>'object_payment',
- 'label'=>$langs->trans("SearchIntoCustomerPayments", $search_boxvalue),
- 'text'=>img_picto('', 'object_payment').' '.$langs->trans("SearchIntoCustomerPayments", $search_boxvalue),
- 'url'=>DOL_URL_ROOT.'/compta/paiement/list.php?leftmenu=customers_bills_payment'.($search_boxvalue ? '&sall='.urlencode($search_boxvalue) : ''));
-}
-
-// Vendor payments
-if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_INVOICE_DISABLED) || !empty($conf->supplier_invoice->enabled)) && $user->rights->fournisseur->facture->lire)
-{
- $arrayresult['searchintovendorpayments'] = array(
- 'position'=>175,
- 'img'=>'object_payment',
- 'label'=>$langs->trans("SearchIntoVendorPayments", $search_boxvalue),
- 'text'=>img_picto('', 'object_payment').' '.$langs->trans("SearchIntoVendorPayments", $search_boxvalue),
- 'url'=>DOL_URL_ROOT.'/fourn/paiement/list.php?leftmenu=suppliers_bills_payment'.($search_boxvalue ? '&sall='.urlencode($search_boxvalue) : ''));
-}
-
-// Miscellaneous payments
-if (!empty($conf->banque->enabled) && empty($conf->global->MAIN_SEARCHFORM_MISC_PAYMENTS_DISABLED) && $user->rights->banque->lire)
-{
- $arrayresult['searchintomiscpayments'] = array(
- 'position'=>180,
- 'img'=>'object_payment',
- 'label'=>$langs->trans("SearchIntoMiscPayments", $search_boxvalue),
- 'text'=>img_picto('', 'object_payment').' '.$langs->trans("SearchIntoMiscPayments", $search_boxvalue),
- 'url'=>DOL_URL_ROOT.'/compta/bank/various_payment/list.php?leftmenu=tax_various'.($search_boxvalue ? '&sall='.urlencode($search_boxvalue) : ''));
}
if (!empty($conf->contrat->enabled) && empty($conf->global->MAIN_SEARCHFORM_CONTRACT_DISABLED) && $user->rights->contrat->lire)
@@ -185,12 +152,13 @@
if (empty($reshook))
{
$arrayresult = array_merge($arrayresult, $hookmanager->resArray);
-} else $arrayresult = $hookmanager->resArray;
+}
+else $arrayresult = $hookmanager->resArray;
-// This pushes a search entry to the top
+// This allow to keep a search entry to the top
if (!empty($conf->global->DEFAULT_SEARCH_INTO_MODULE)) {
- $key = 'searchinto'.$conf->global->DEFAULT_SEARCH_INTO_MODULE;
- if (array_key_exists($key, $arrayresult)) $arrayresult[$key]['position'] = -1000;
+ $key = 'searchinto'.$conf->global->DEFAULT_SEARCH_INTO_MODULE;
+ if (array_key_exists($key, $arrayresult)) $arrayresult[$key]['position'] = -10;
}
// Sort on position
@@ -199,6 +167,6 @@
// Print output if called by ajax or do nothing (var $arrayresult will be used) if called by an include
if (!isset($usedbyinclude) || empty($usedbyinclude))
{
- print json_encode($arrayresult);
- if (is_object($db)) $db->close();
+ print json_encode($arrayresult);
+ if (is_object($db)) $db->close();
}
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_vatrates.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_vatrates.php
@@ -27,7 +27,7 @@
require '../../main.inc.php';
$id = GETPOST('id', 'int');
-$action = GETPOST('action', 'aZ09');
+$action = GETPOST('action', 'alpha');
$htmlname = GETPOST('htmlname', 'alpha');
$selected = (GETPOST('selected') ?GETPOST('selected') : '-1');
$productid = (GETPOST('productid', 'int') ?GETPOST('productid', 'int') : 0);
@@ -52,7 +52,9 @@
{
$seller = $mysoc;
$buyer = $soc;
- } else {
+ }
+ else
+ {
$buyer = $mysoc;
$seller = $soc;
}
--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_ziptown.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_ziptown.php
@@ -1,6 +1,6 @@
- * Copyright (C) 2011-2014 Laurent Destailleur
+/* Copyright (C) 2010 Regis Houssin
+ * Copyright (C) 2011-204 Laurent Destailleur
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -75,7 +75,8 @@
if ($town) $sql .= " AND z.town LIKE '%".$db->escape($town)."%'";
$sql .= " ORDER BY z.zip, z.town";
$sql .= $db->plimit(100); // Avoid pb with bad criteria
- } else // Use table of third parties
+ }
+ else // Use table of third parties
{
$sql = "SELECT DISTINCT s.zip, s.town, s.fk_departement as fk_county, s.fk_pays as fk_country";
$sql .= ", c.code as country_code, c.label as country";
@@ -127,7 +128,9 @@
}
echo json_encode($return_arr);
-} else {
+}
+else
+{
}
$db->close();