--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_ajaxdirpreview.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_ajaxdirpreview.php @@ -34,28 +34,28 @@ if (!isset($mode) || $mode != 'noajax') // For ajax call { - require_once '../../main.inc.php'; - require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; - require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php'; - - $action = GETPOST('action', 'aZ09'); - $file = urldecode(GETPOST('file', 'alpha')); - $section = GETPOST("section", 'alpha'); - $module = GETPOST("module", 'alpha'); - $urlsource = GETPOST("urlsource", 'alpha'); - $search_doc_ref = GETPOST('search_doc_ref', 'alpha'); - - $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; - $sortfield = GETPOST("sortfield", 'alpha'); - $sortorder = GETPOST("sortorder", 'alpha'); - $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); - if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 - $offset = $limit * $page; - $pageprev = $page - 1; - $pagenext = $page + 1; - if (!$sortorder) $sortorder = "ASC"; - if (!$sortfield) $sortfield = "name"; + require_once '../../main.inc.php'; + require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; + require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php'; + + $action = GETPOST('action', 'aZ09'); + $file = urldecode(GETPOST('file', 'alpha')); + $section = GETPOST("section", 'alpha'); + $module = GETPOST("module", 'alpha'); + $urlsource = GETPOST("urlsource", 'alpha'); + $search_doc_ref = GETPOST('search_doc_ref', 'alpha'); + + $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; + $sortfield = GETPOST("sortfield", 'alpha'); + $sortorder = GETPOST("sortorder", 'alpha'); + $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); + if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 + $offset = $limit * $page; + $pageprev = $page - 1; + $pagenext = $page + 1; + if (!$sortorder) $sortorder = "ASC"; + if (!$sortfield) $sortfield = "name"; $rootdirfordoc = $conf->ecm->dir_output; @@ -63,30 +63,31 @@ $ecmdir = new EcmDirectory($db); if ($section > 0) { - $result = $ecmdir->fetch($section); - if (!$result > 0) - { - //dol_print_error($db,$ecmdir->error); - //exit; - } + $result = $ecmdir->fetch($section); + if (!$result > 0) + { + //dol_print_error($db,$ecmdir->error); + //exit; + } } } else // For no ajax call { $rootdirfordoc = $conf->ecm->dir_output; $ecmdir = new EcmDirectory($db); - $relativepath = ''; - if ($section > 0) - { - $result = $ecmdir->fetch($section); - if (!$result > 0) - { - dol_print_error($db, $ecmdir->error); - exit; - } - - $relativepath = $ecmdir->getRelativePath(); // Example 'mydir/' - } elseif (GETPOST('section_dir')) + $relativepath = ''; + if ($section > 0) + { + $result = $ecmdir->fetch($section); + if (!$result > 0) + { + dol_print_error($db, $ecmdir->error); + exit; + } + + $relativepath = $ecmdir->getRelativePath(); // Example 'mydir/' + } + elseif (GETPOST('section_dir')) { $relativepath = GETPOST('section_dir'); } @@ -113,10 +114,10 @@ // On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers. if (preg_match('/\.\./', $upload_dir) || preg_match('/[<>|]/', $upload_dir)) { - dol_syslog("Refused to deliver file ".$upload_dir); - // Do no show plain path in shown error message - dol_print_error(0, $langs->trans("ErrorFileNameInvalid", $upload_dir)); - exit; + dol_syslog("Refused to deliver file ".$upload_dir); + // Do no show plain path in shown error message + dol_print_error(0, $langs->trans("ErrorFileNameInvalid", $upload_dir)); + exit; } // Check permissions @@ -145,10 +146,10 @@ if (!isset($mode) || $mode != 'noajax') { // Ajout directives pour resoudre bug IE - header('Cache-Control: Public, must-revalidate'); - header('Pragma: public'); - - top_httphead(); + header('Cache-Control: Public, must-revalidate'); + header('Pragma: public'); + + top_httphead(); } $type = 'directory'; @@ -156,8 +157,8 @@ // This test if file exists should be useless. We keep it to find bug more easily if (!dol_is_dir($upload_dir)) { - //dol_mkdir($upload_dir); - /*$langs->load("install"); + //dol_mkdir($upload_dir); + /*$langs->load("install"); dol_print_error(0,$langs->trans("ErrorDirDoesNotExists",$upload_dir)); exit;*/ } @@ -173,76 +174,72 @@ // Dir scan if ($type == 'directory') { - $formfile = new FormFile($db); - - $maxlengthname = 40; - $excludefiles = array('^SPECIMEN\.pdf$', '^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^payments$', '^CVS$', '^thumbs$'); - $sorting = (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC); - - // Right area. If module is defined here, we are in automatic ecm. - $automodules = array( - 'company', - 'invoice', - 'invoice_supplier', - 'propal', - 'supplier_proposal', - 'order', - 'order_supplier', - 'contract', - 'product', - 'tax', - 'project', - 'fichinter', - 'user', - 'expensereport', - 'holiday', - 'recruitment-recruitmentcandidature', - 'banque', - 'mrp-mo' - ); - - // TODO change for multicompany sharing - if ($module == 'company') $upload_dir = $conf->societe->dir_output; - elseif ($module == 'invoice') $upload_dir = $conf->facture->dir_output; - elseif ($module == 'invoice_supplier') $upload_dir = $conf->fournisseur->facture->dir_output; - elseif ($module == 'propal') $upload_dir = $conf->propal->dir_output; - elseif ($module == 'supplier_proposal') $upload_dir = $conf->supplier_proposal->dir_output; - elseif ($module == 'order') $upload_dir = $conf->commande->dir_output; - elseif ($module == 'order_supplier') $upload_dir = $conf->fournisseur->commande->dir_output; - elseif ($module == 'contract') $upload_dir = $conf->contrat->dir_output; - elseif ($module == 'product') $upload_dir = $conf->product->dir_output; - elseif ($module == 'tax') $upload_dir = $conf->tax->dir_output; - elseif ($module == 'project') $upload_dir = $conf->projet->dir_output; - elseif ($module == 'fichinter') $upload_dir = $conf->ficheinter->dir_output; - elseif ($module == 'user') $upload_dir = $conf->user->dir_output; - elseif ($module == 'expensereport') $upload_dir = $conf->expensereport->dir_output; - elseif ($module == 'holiday') $upload_dir = $conf->holiday->dir_output; - elseif ($module == 'recruitment-recruitmentcandidature') $upload_dir = $conf->recruitment->dir_output.'/recruitmentcandidature'; - elseif ($module == 'banque') $upload_dir = $conf->bank->dir_output; - elseif ($module == 'mrp-mo') $upload_dir = $conf->mrp->dir_output.'/mo'; - - // Automatic list - if (in_array($module, $automodules)) - { - $param .= '&module='.$module; - if (isset($search_doc_ref) && $search_doc_ref != '') $param .= '&search_doc_ref='.urlencode($search_doc_ref); - - $textifempty = ($section ? $langs->trans("NoFileFound") : ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("NoFileFound"))); - - if ($module == 'company') $excludefiles[] = '^contact$'; // The subdir 'contact' contains files of contacts with no id of thirdparty. - - $filter = preg_quote($search_doc_ref, '/'); - $filearray = dol_dir_list($upload_dir, "files", 1, $filter, $excludefiles, $sortfield, $sorting, 1); - - $perm = $user->rights->ecm->upload; - - $formfile->list_of_autoecmfiles($upload_dir, $filearray, $module, $param, 1, '', $perm, 1, $textifempty, $maxlengthname, $url, 1); - } - // Manual list - else { - if ($module == 'medias') - { - /* + $formfile = new FormFile($db); + + $maxlengthname = 40; + $excludefiles = array('^SPECIMEN\.pdf$', '^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^payments$', '^CVS$', '^thumbs$'); + $sorting = (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC); + + // Right area. If module is defined here, we are in automatic ecm. + $automodules = array('company', 'invoice', 'invoice_supplier', 'propal', 'supplier_proposal', 'order', 'order_supplier', 'contract', 'product', 'tax', 'project', 'fichinter', 'user', 'expensereport', 'holiday', 'banque'); + + // TODO change for multicompany sharing + // Auto area for suppliers invoices + if ($module == 'company') $upload_dir = $conf->societe->dir_output; + // Auto area for suppliers invoices + elseif ($module == 'invoice') $upload_dir = $conf->facture->dir_output; + // Auto area for suppliers invoices + elseif ($module == 'invoice_supplier') $upload_dir = $conf->fournisseur->facture->dir_output; + // Auto area for customers proposal + elseif ($module == 'propal') $upload_dir = $conf->propal->dir_output; + // Auto area for suppliers proposal + elseif ($module == 'supplier_proposal') $upload_dir = $conf->supplier_proposal->dir_output; + // Auto area for customers orders + elseif ($module == 'order') $upload_dir = $conf->commande->dir_output; + // Auto area for suppliers orders + elseif ($module == 'order_supplier') $upload_dir = $conf->fournisseur->commande->dir_output; + // Auto area for suppliers invoices + elseif ($module == 'contract') $upload_dir = $conf->contrat->dir_output; + // Auto area for products + elseif ($module == 'product') $upload_dir = $conf->product->dir_output; + // Auto area for suppliers invoices + elseif ($module == 'tax') $upload_dir = $conf->tax->dir_output; + // Auto area for projects + elseif ($module == 'project') $upload_dir = $conf->projet->dir_output; + // Auto area for interventions + elseif ($module == 'fichinter') $upload_dir = $conf->ficheinter->dir_output; + // Auto area for users + elseif ($module == 'user') $upload_dir = $conf->user->dir_output; + // Auto area for expense report + elseif ($module == 'expensereport') $upload_dir = $conf->expensereport->dir_output; + // Auto area for holiday + elseif ($module == 'holiday') $upload_dir = $conf->holiday->dir_output; + // Auto area for holiday + elseif ($module == 'banque') $upload_dir = $conf->bank->dir_output; + + // Automatic list + if (in_array($module, $automodules)) + { + $param .= '&module='.$module; + if (isset($search_doc_ref) && $search_doc_ref != '') $param .= '&search_doc_ref='.urlencode($search_doc_ref); + + $textifempty = ($section ? $langs->trans("NoFileFound") : ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("NoFileFound"))); + + if ($module == 'company') $excludefiles[] = '^contact$'; // The subdir 'contact' contains files of contacts with no id of thirdparty. + + $filter = preg_quote($search_doc_ref, '/'); + $filearray = dol_dir_list($upload_dir, "files", 1, $filter, $excludefiles, $sortfield, $sorting, 1); + + $perm = $user->rights->ecm->upload; + + $formfile->list_of_autoecmfiles($upload_dir, $filearray, $module, $param, 1, '', $perm, 1, $textifempty, $maxlengthname, $url, 1); + } + // Manual list + else + { + if ($module == 'medias') + { + /* $_POST is array like 'token' => string '062380e11b7dcd009d07318b57b71750' (length=32) 'action' => string 'file_manager' (length=12) @@ -253,82 +250,91 @@ 'max_file_size' => string '2097152' (length=7) 'sendit' => string 'Envoyer fichier' (length=15) */ - $relativepath = GETPOST('file', 'alpha') ?GETPOST('file', 'alpha') : GETPOST('section_dir', 'alpha'); - if ($relativepath && $relativepath != '/') $relativepath .= '/'; - $upload_dir = $dolibarr_main_data_root.'/'.$module.'/'.$relativepath; - if (GETPOSTISSET('website') || GETPOSTISSET('file_manager')) - { - $param .= '&file_manager=1'; - if (!preg_match('/website=/', $param)) $param .= '&website='.urlencode(GETPOST('website', 'alpha')); - if (!preg_match('/pageid=/', $param)) $param .= '&pageid='.urlencode(GETPOST('pageid', 'int')); - //if (!preg_match('/backtopage=/',$param)) $param.='&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1&website='.$websitekey.'&pageid='.$pageid); - } - } else { - $relativepath = $ecmdir->getRelativePath(); - $upload_dir = $conf->ecm->dir_output.'/'.$relativepath; - } - - // If $section defined with value 0 + $relativepath = GETPOST('file', 'alpha') ?GETPOST('file', 'alpha') : GETPOST('section_dir', 'alpha'); + if ($relativepath && $relativepath != '/') $relativepath .= '/'; + $upload_dir = $dolibarr_main_data_root.'/'.$module.'/'.$relativepath; + if (GETPOSTISSET('website') || GETPOSTISSET('file_manager')) + { + $param .= '&file_manager=1'; + if (!preg_match('/website=/', $param)) $param .= '&website='.urlencode(GETPOST('website', 'alpha')); + if (!preg_match('/pageid=/', $param)) $param .= '&pageid='.urlencode(GETPOST('pageid', 'int')); + //if (!preg_match('/backtopage=/',$param)) $param.='&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1&website='.$websitekey.'&pageid='.$pageid); + } + } + else + { + $relativepath = $ecmdir->getRelativePath(); + $upload_dir = $conf->ecm->dir_output.'/'.$relativepath; + } + + // If $section defined with value 0 if (($section === '0' || empty($section)) && ($module != 'medias')) - { - $filearray = array(); - } else { - $filearray = dol_dir_list($upload_dir, "files", 0, '', array('^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^CVS$'), $sortfield, $sorting, 1); - } - - if ($section) - { - $param .= '§ion='.$section; - if (isset($search_doc_ref) && $search_doc_ref != '') $param .= '&search_doc_ref='.$search_doc_ref; - - $textifempty = $langs->trans('NoFileFound'); - } elseif ($section === '0') - { - if ($module == 'ecm') $textifempty = '
'.$langs->trans("DirNotSynchronizedSyncFirst").'

'; - else $textifempty = $langs->trans('NoFileFound'); - } else $textifempty = ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("ECMSelectASection")); - - if ($module == 'medias') - { - $useinecm = 6; - $modulepart = 'medias'; - $perm = ($user->rights->website->write || $user->rights->emailing->creer); - $title = 'none'; - } elseif ($module == 'ecm') // DMS/ECM -> manual structure - { - if ($user->rights->ecm->read) - { - // Buttons: Preview - $useinecm = 2; - } - - if ($user->rights->ecm->upload) - { - // Buttons: Preview + Delete - $useinecm = 4; - } - - if ($user->rights->ecm->setup) - { - // Buttons: Preview + Delete + Edit - $useinecm = 5; - } - - $perm = $user->rights->ecm->upload; - $modulepart = 'ecm'; - $title = ''; // Use default - } else { - $useinecm = 5; - $modulepart = 'ecm'; - $perm = $user->rights->ecm->upload; - $title = ''; // Use default - } - - // When we show list of files for ECM files, $filearray contains file list, and directory is defined with modulepart + section into $param - // When we show list of files for a directory, $filearray ciontains file list, and directory is defined with modulepart + $relativepath - //var_dump("section=".$section." title=".$title." modulepart=".$modulepart." useinecm=".$useinecm." perm=".$perm." relativepath=".$relativepath." param=".$param." url=".$url); - $formfile->list_of_documents($filearray, '', $modulepart, $param, 1, $relativepath, $perm, $useinecm, $textifempty, $maxlengthname, $title, $url, 0, $perm); - } + { + $filearray = array(); + } + else + { + $filearray = dol_dir_list($upload_dir, "files", 0, '', array('^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^CVS$'), $sortfield, $sorting, 1); + } + + if ($section) + { + $param .= '§ion='.$section; + if (isset($search_doc_ref) && $search_doc_ref != '') $param .= '&search_doc_ref='.$search_doc_ref; + + $textifempty = $langs->trans('NoFileFound'); + } + elseif ($section === '0') + { + if ($module == 'ecm') $textifempty = '
'.$langs->trans("DirNotSynchronizedSyncFirst").'

'; + else $textifempty = $langs->trans('NoFileFound'); + } + else $textifempty = ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("ECMSelectASection")); + + if ($module == 'medias') + { + $useinecm = 6; + $modulepart = 'medias'; + $perm = ($user->rights->website->write || $user->rights->emailing->creer); + $title = 'none'; + } + elseif ($module == 'ecm') // DMS/ECM -> manual structure + { + if ($user->rights->ecm->read) + { + // Buttons: Preview + $useinecm = 2; + } + + if ($user->rights->ecm->upload) + { + // Buttons: Preview + Delete + $useinecm = 4; + } + + if ($user->rights->ecm->setup) + { + // Buttons: Preview + Delete + Edit + $useinecm = 5; + } + + $perm = $user->rights->ecm->upload; + $modulepart = 'ecm'; + $title = ''; // Use default + } + else + { + $useinecm = 5; + $modulepart = 'ecm'; + $perm = $user->rights->ecm->upload; + $title = ''; // Use default + } + + // When we show list of files for ECM files, $filearray contains file list, and directory is defined with modulepart + section into $param + // When we show list of files for a directory, $filearray ciontains file list, and directory is defined with modulepart + $relativepath + //var_dump("section=".$section." title=".$title." modulepart=".$modulepart." useinecm=".$useinecm." perm=".$perm." relativepath=".$relativepath." param=".$param." url=".$url); + $formfile->list_of_documents($filearray, '', $modulepart, $param, 1, $relativepath, $perm, $useinecm, $textifempty, $maxlengthname, $title, $url, 0, $perm); + } } --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_ajaxdirtree.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_ajaxdirtree.php @@ -49,7 +49,8 @@ $preopened = GETPOST('preopened'); if ($selecteddir != '/') $selecteddir = preg_replace('/\/$/', '', $selecteddir); // We removed last '/' except if it is '/' -} else // For no ajax call +} +else // For no ajax call { //if (GETPOST('preopened')) { $_GET['dir'] = $_POST['dir'] = GETPOST('preopened'); } @@ -72,7 +73,8 @@ { $fullpathselecteddir = $conf->ecm->dir_output.'/'.($selecteddir != '/' ? $selecteddir : ''); $fullpathpreopened = $conf->ecm->dir_output.'/'.($preopened != '/' ? $preopened : ''); -} elseif ($modulepart == 'medias') +} +elseif ($modulepart == 'medias') { $fullpathselecteddir = $dolibarr_main_data_root.'/medias/'.($selecteddir != '/' ? $selecteddir : ''); $fullpathpreopened = $dolibarr_main_data_root.'/medias/'.($preopened != '/' ? $preopened : ''); @@ -83,17 +85,18 @@ // On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers. if (preg_match('/\.\./', $fullpathselecteddir) || preg_match('/[<>|]/', $fullpathselecteddir)) { - dol_syslog("Refused to deliver file ".$original_file); - // Do no show plain path in shown error message - dol_print_error(0, $langs->trans("ErrorFileNameInvalid", GETPOST("file"))); - exit; + dol_syslog("Refused to deliver file ".$original_file); + // Do no show plain path in shown error message + dol_print_error(0, $langs->trans("ErrorFileNameInvalid", GETPOST("file"))); + exit; } // Check permissions if ($modulepart == 'ecm') { if (!$user->rights->ecm->read) accessforbidden(); -} elseif ($modulepart == 'medias') +} +elseif ($modulepart == 'medias') { // Always allowed } @@ -120,11 +123,11 @@ $current_ecmdir_id = -1; foreach ($sqltree as $keycursor => $val) { - //print $val['fullrelativename']." == ".$selecteddir; - if ($val['fullrelativename'] == $selecteddir) - { - $current_ecmdir_id = $keycursor; - } + //print $val['fullrelativename']." == ".$selecteddir; + if ($val['fullrelativename'] == $selecteddir) + { + $current_ecmdir_id = $keycursor; + } } if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_JS)) @@ -468,7 +471,8 @@ if ($modulepart == 'ecm') { $newfullpathselecteddir = $conf->ecm->dir_output.'/'.($val['fullrelativename'] != '/' ? $val['fullrelativename'] : ''); - } elseif ($modulepart == 'medias') + } + elseif ($modulepart == 'medias') { $newfullpathselecteddir = $dolibarr_main_data_root.'/medias/'.($val['fullrelativename'] != '/' ? $val['fullrelativename'] : ''); } @@ -482,6 +486,7 @@ echo "\n"; } - } else print "PermissionDenied"; - } -} + } + else print "PermissionDenied"; + } +} --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_box.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_box.php @@ -58,7 +58,7 @@ $nbboxonright = substr_count($tmp[1], ','); print $nbboxonleft.'-'.$nbboxonright; if ($nbboxonleft > $nbboxonright) $boxorder = preg_replace('/B:/', 'B:'.$boxid.',', $boxorder); // Insert id of new box into list - else $boxorder = preg_replace('/^A:/', 'A:'.$boxid.',', $boxorder); // Insert id of new box into list + else $boxorder = preg_replace('/^A:/', 'A:'.$boxid.',', $boxorder); // Insert id of new box into list } // Registering the location of boxes after a move @@ -70,10 +70,10 @@ $result = InfoBox::saveboxorder($db, $zone, $boxorder, $userid); if ($result > 0) { - $langs->load("boxes"); - if (!GETPOST('closing')) - { - setEventMessages($langs->trans("BoxAdded"), null); - } + $langs->load("boxes"); + if (!GETPOST('closing')) + { + setEventMessages($langs->trans("BoxAdded"), null); + } } } --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_check_notifications.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_check_notifications.php @@ -1,7 +1,7 @@ * Copyright (C) 2017 Juanjo Menent - * Copyright (C) 2019 Frédéric France + * Copyright (C) 2019 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -18,82 +18,26 @@ */ if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); -if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) +if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); if (!defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); -if (!defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); - -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', '1'); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("XFRAMEOPTIONS_ALLOWALL")) define('XFRAMEOPTIONS_ALLOWALL', '1'); // Do not add the HTTP header 'X-Frame-Options: SAMEORIGIN' but 'X-Frame-Options: ALLOWALL' - require '../../main.inc.php'; - -//$time = (int) GETPOST('time', 'int'); // Use the time parameter that is always increased by time_update, even if call is late -$time = dol_now(); -$action = GETPOST('action', 'aZ09'); -$listofreminderids = GETPOST('listofreminderids', 'aZ09'); - - -/* - * Actions - */ - -if ($action == 'stopreminder') { - dol_syslog("Clear notification for listofreminderids=".$listofreminderids); - $listofreminderid = GETPOST('listofreminderids', 'intcomma'); - - // Set the reminder as done - //foreach ($listofreminderidsarray as $listofreminderid) { - // if (empty($listofreminderid)) continue; - //$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'action_reminder WHERE rowid = '.$listofreminderid.' AND fk_user = '.$user->id; - $sql = 'UPDATE '.MAIN_DB_PREFIX.'actioncomm_reminder SET status = 1'; - $sql .= ' WHERE status = 0 AND rowid IN ('.$db->sanitize($db->escape($listofreminderid)).')'; - $sql .= ' AND fk_user = '.$user->id.' AND entity = '.$conf->entity; - $resql = $db->query($sql); - if (!$resql) { - dol_print_error($db); - } - //} - - include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; - - // Clean database - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'actioncomm_reminder'; - $sql .= " WHERE dateremind < '".$db->idate(dol_time_plus_duree(dol_now(), -1, 'm'))."'"; - $resql = $db->query($sql); - if (!$resql) { - dol_print_error($db); - } - - exit; -} /* * View */ -top_httphead('application/json'); +top_httphead('text/html'); // TODO Use a json mime type global $user, $db, $langs, $conf; + +$time = (int) GETPOST('time', 'int'); // Use the time parameter that is always increased by time_update, even if call is late +//$time=dol_now(); + $eventfound = array(); //Uncomment this to force a test @@ -102,10 +46,9 @@ //dol_syslog('time='.$time.' $_SESSION[auto_ck_events_not_before]='.$_SESSION['auto_check_events_not_before']); // TODO Try to make a solution with only a javascript timer that is easier. Difficulty is to avoid notification twice when several tabs are opened. -// This need to extend period to be sure to not miss and save in session what we notified to avoid duplicate. -if (empty($_SESSION['auto_check_events_not_before']) || $time >= $_SESSION['auto_check_events_not_before'] || GETPOST('forcechecknow', 'int')) +if ($time >= $_SESSION['auto_check_events_not_before']) { - /*$time_update = (int) $conf->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY; // Always defined + $time_update = (int) $conf->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY; // Always defined if (!empty($_SESSION['auto_check_events_not_before'])) { // We start scan from the not before so if two tabs were opend at differents seconds and we close one (so the js timer), @@ -117,58 +60,60 @@ dol_syslog("We ask to check browser notification on a too large period. We fix this with current date."); $starttime = $time; } - } else { + } + else + { $starttime = $time; } $_SESSION['auto_check_events_not_before'] = $time + $time_update; - */ - // Force save of the session change we did. - // WARNING: Any change in sessions after that will not be saved ! - session_write_close(); + // Force save of session change we did. + // WARNING: Any change in sessions after that will not be saved ! + session_write_close(); - require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; + require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; - dol_syslog('NEW $_SESSION[auto_check_events_not_before]='.(empty($_SESSION['auto_check_events_not_before']) ? '' : $_SESSION['auto_check_events_not_before'])); + dol_syslog('NEW $_SESSION[auto_check_events_not_before]='.$_SESSION['auto_check_events_not_before']); - $sql = 'SELECT a.id as id_agenda, a.code, a.datep, a.label, a.location, ar.rowid as id_reminder, ar.dateremind, ar.fk_user as id_user_reminder'; - $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a'; - if (!empty($user->conf->MAIN_USER_WANT_ALL_EVENTS_NOTIFICATIONS)) { - $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id; - $sql .= ' WHERE a.code <> "AC_OTH_AUTO"'; - $sql .= ' AND ('; - $sql .= " (ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity; - $sql .= ' )'; - } else { - $sql .= ' JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id; - $sql .= " AND ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity; - } - $sql .= $db->order('datep', 'ASC'); - $sql .= ' LIMIT 10'; // Avoid too many notification at once + $sql = 'SELECT id'; + $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm a, '.MAIN_DB_PREFIX.'actioncomm_resources ar'; + $sql .= ' WHERE a.id = ar.fk_actioncomm'; + // TODO Try to make a solution with only a javascript timer that is easier. Difficulty is to avoid notification twice when several tabs are opened. + // This need to extend period to be sure to not miss and save in session what we notified to avoid duplicate (save is not done yet). + $sql .= " AND datep BETWEEN '".$db->idate($starttime)."' AND '".$db->idate($time + $time_update - 1)."'"; + $sql .= ' AND a.code <> "AC_OTH_AUTO"'; + $sql .= ' AND ar.element_type = "user"'; + $sql .= ' AND ar.fk_element = '.$user->id; + $sql .= ' LIMIT 10'; // Avoid too many notification at once - $resql = $db->query($sql); - if ($resql) { - while ($obj = $db->fetch_object($resql)) - { - // Message must be formated and translated to be used with javascript directly - $event = array(); - $event['type'] = 'agenda'; - $event['id_reminder'] = $obj->id_reminder; - $event['id_agenda'] = $obj->id_agenda; - $event['id_user'] = $obj->id_user_reminder; - $event['code'] = $obj->code; - $event['label'] = $obj->label; - $event['location'] = $obj->location; - $event['reminder_date_formated'] = dol_print_date($db->jdate($obj->dateremind), 'standard'); - $event['event_date_start_formated'] = dol_print_date($db->jdate($obj->datep), 'standard'); + $resql = $db->query($sql); + if ($resql) { + $actionmod = new ActionComm($db); - $eventfound[$obj->id_agenda] = $event; - } - } else { - dol_syslog("Error sql = ".$db->lasterror(), LOG_ERR); - } + while ($obj = $db->fetch_object($resql)) + { + // Load translation files required by the page + $langs->loadLangs(array('agenda', 'commercial')); + + $actionmod->fetch($obj->id); + + // Message must be formated and translated to be used with javascript directly + $event = array(); + $event['type'] = 'agenda'; + $event['id'] = $actionmod->id; + $event['tipo'] = $langs->transnoentities('Action'.$actionmod->code); + $event['titulo'] = $actionmod->label; + $event['location'] = $langs->transnoentities('Location').': '.$actionmod->location; + + $eventfound[] = $event; + } + } + else + { + dol_syslog("Error sql = ".$db->lasterror(), LOG_ERR); + } } -print json_encode(array('pastreminders'=>$eventfound, 'nextreminder'=>'')); +print json_encode($eventfound); --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_constantonoff.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_constantonoff.php @@ -26,14 +26,12 @@ if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); if (!defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); if (!defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); -if (!defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Token is required even in GET mode require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; -$action = GETPOST('action', 'aZ09'); // set or del +$action = GETPOST('action', 'alpha'); $name = GETPOST('name', 'alpha'); - /* * View @@ -48,7 +46,7 @@ //print ''."\n"; -// Registering the new value of constant +// Registering the location of boxes if (!empty($action) && !empty($name)) { $entity = GETPOST('entity', 'int'); @@ -59,11 +57,10 @@ if ($action == 'set') { dolibarr_set_const($db, $name, $value, 'chaine', 0, '', $entity); - } elseif ($action == 'del') + } + elseif ($action == 'del') { dolibarr_del_const($db, $name, $entity); } } -} else { - http_response_code(403); } --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_contacts.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_contacts.php @@ -1,6 +1,6 @@ - * Copyright (C) 2020 Laurent Destailleur + * Copyright (C) 2016 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,14 +27,10 @@ require '../../main.inc.php'; -$id = GETPOST('id', 'int'); // id of thirdparty -$action = GETPOST('action', 'aZ09'); +$id = GETPOST('id', 'int'); +$action = GETPOST('action', 'alpha'); $htmlname = GETPOST('htmlname', 'alpha'); $showempty = GETPOST('showempty', 'int'); - -// Security check -$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); - /* * View --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_extraparams.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_extraparams.php @@ -51,38 +51,20 @@ $classpath = $subelement = $element; // For compatibility - if ($element == 'order' || $element == 'commande') { - $classpath = $subelement = 'commande'; - } elseif ($element == 'propal') { - $classpath = 'comm/propal'; - $subelement = 'propal'; - } elseif ($element == 'facture') { - $classpath = 'compta/facture'; - $subelement = 'facture'; - } elseif ($element == 'contract') { - $classpath = $subelement = 'contrat'; - } elseif ($element == 'shipping') { - $classpath = $subelement = 'expedition'; - } elseif ($element == 'deplacement') { - $classpath = 'compta/deplacement'; - $subelement = 'deplacement'; - } elseif ($element == 'order_supplier') { - $classpath = 'fourn'; - $subelement = 'fournisseur.commande'; - } elseif ($element == 'invoice_supplier') { - $classpath = 'fourn'; - $subelement = 'fournisseur.facture'; - } + if ($element == 'order' || $element == 'commande') { $classpath = $subelement = 'commande'; } + elseif ($element == 'propal') { $classpath = 'comm/propal'; $subelement = 'propal'; } + elseif ($element == 'facture') { $classpath = 'compta/facture'; $subelement = 'facture'; } + elseif ($element == 'contract') { $classpath = $subelement = 'contrat'; } + elseif ($element == 'shipping') { $classpath = $subelement = 'expedition'; } + elseif ($element == 'deplacement') { $classpath = 'compta/deplacement'; $subelement = 'deplacement'; } + elseif ($element == 'order_supplier') { $classpath = 'fourn'; $subelement = 'fournisseur.commande'; } + elseif ($element == 'invoice_supplier') { $classpath = 'fourn'; $subelement = 'fournisseur.facture'; } dol_include_once('/'.$classpath.'/class/'.$subelement.'.class.php'); - if ($element == 'order_supplier') { - $classname = 'CommandeFournisseur'; - } elseif ($element == 'invoice_supplier') { - $classname = 'FactureFournisseur'; - } else { - $classname = ucfirst($subelement); - } + if ($element == 'order_supplier') { $classname = 'CommandeFournisseur'; } + elseif ($element == 'invoice_supplier') { $classname = 'FactureFournisseur'; } + else $classname = ucfirst($subelement); $object = new $classname($db); $object->fetch($id); --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_loadinplace.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_loadinplace.php @@ -62,7 +62,8 @@ elseif ($element == 'order_supplier') { $element = 'fournisseur'; $subelement = 'commande'; - } elseif ($element == 'invoice_supplier') { + } + elseif ($element == 'invoice_supplier') { $element = 'fournisseur'; $subelement = 'facture'; } @@ -82,7 +83,8 @@ { $ret = $form->$methodname(); if ($ret > 0) echo json_encode($form->$cachename); - } elseif (!empty($ext_element)) + } + elseif (!empty($ext_element)) { $module = $subelement = $ext_element; if (preg_match('/^([^_]+)_([^_]+)/i', $ext_element, $regs)) @@ -97,12 +99,16 @@ $ret = $object->$methodname($fk_element); if ($ret > 0) echo json_encode($object->$cachename); } - } else { + } + else + { $object = new GenericObject($db); $value = $object->$loadmethod($table_element, $fk_element, $field); echo $value; } - } else { + } + else + { echo $langs->transnoentities('NotEnoughPermissions'); } } --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_objectonoff.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_objectonoff.php @@ -30,7 +30,7 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php'; -$action = GETPOST('action', 'aZ09'); +$action = GETPOST('action', 'alpha'); $id = GETPOST('id', 'int'); $value = GETPOST('value', 'int'); $field = GETPOST('field', 'alpha'); @@ -43,9 +43,9 @@ $socid = $user->socid; } -/*if (empty($conf->global->MAIN_DIRECT_STATUS_UPDATE)) { +if (empty($conf->global->MAIN_DIRECT_STATUS_UPDATE)) { accessforbidden('Calling this file is allowed only when MAIN_DIRECT_STATUS_UPDATE is set'); -}*/ +} /* @@ -58,9 +58,11 @@ if (in_array($field, array('status'))) { $result = restrictedArea($user, $element, $id); -} elseif ($element == 'product' && in_array($field, array('tosell', 'tobuy', 'tobatch'))) { // Special case for products +} +elseif ($element == 'product' && in_array($field, array('tosell', 'tobuy', 'tobatch'))) { // Special case for products $result = restrictedArea($user, 'produit|service', $id, 'product&product', '', '', 'rowid'); -} else { +} +else { accessforbidden("Bad value for combination of parameters element/field.", 0, 0, 1); exit; } --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_pingresult.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_pingresult.php @@ -30,7 +30,7 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; -$action = GETPOST('action', 'aZ09'); +$action = GETPOST('action', 'alpha'); $hash_unique_id = GETPOST('hash_unique_id', 'alpha'); $hash_algo = GETPOST('hash_algo', 'alpha'); @@ -66,6 +66,7 @@ // Note: pings are by installation, done on entity 1. dolibarr_set_const($db, 'MAIN_LAST_PING_KO_DATE', dol_print_date($now, 'dayhourlog'), 'gmt'); // erase last value print 'First ping KO saved for entity '.$conf->entity; -} else { +} +else { print 'Error action='.$action.' not supported'; } --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_price.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_price.php @@ -51,7 +51,8 @@ $price = price2num($amount * (1 + ($tva_tx / 100)), 'MU'); $return['price_ht'] = $amount; $return['price_ttc'] = (isset($price) && $price != '' ? price($price) : ''); - } elseif ($output == 'price_ht') { + } + elseif ($output == 'price_ht') { $price = price2num($amount / (1 + ($tva_tx / 100)), 'MU'); $return['price_ht'] = (isset($price) && $price != '' ? price($price) : ''); $return['price_ttc'] = ($tva_tx == 0 ? $price : $amount); --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_row.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_row.php @@ -47,8 +47,8 @@ print ''."\n"; // Registering the location of boxes -if (GETPOST('roworder', 'alpha') && GETPOST('table_element_line', 'alpha', 2) - && GETPOST('fk_element', 'alpha', 2) && GETPOST('element_id', 'int', 2)) +if ((!empty($_POST['roworder'])) && (!empty($_POST['table_element_line'])) + && (!empty($_POST['fk_element'])) && (!empty($_POST['element_id']))) { $roworder = GETPOST('roworder', 'alpha', 2); $table_element_line = GETPOST('table_element_line', 'alpha', 2); --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_saveinplace.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_saveinplace.php @@ -59,60 +59,51 @@ if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_element)) { $ext_element = GETPOST('ext_element', 'alpha', 2); - $field = substr($field, 8); // remove prefix val_ + $field = substr($field, 8); // remove prefix val_ $type = GETPOST('type', 'alpha', 2); - $value = ($type == 'ckeditor' ? GETPOST('value', '', 2) : GETPOST('value', 'alpha', 2)); - $loadmethod = GETPOST('loadmethod', 'alpha', 2); - $savemethod = GETPOST('savemethod', 'alpha', 2); + $value = ($type == 'ckeditor' ? GETPOST('value', '', 2) : GETPOST('value', 'alpha', 2)); + $loadmethod = GETPOST('loadmethod', 'alpha', 2); + $savemethod = GETPOST('savemethod', 'alpha', 2); $savemethodname = (!empty($savemethod) ? $savemethod : 'setValueFrom'); - $newelement = $element; + $newelement = $element; $view = ''; $format = 'text'; $return = array(); $error = 0; - if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i', $element, $regs)) { + if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i', $element, $regs)) + { $element = $regs[1]; $subelement = $regs[2]; } - if ($element == 'propal') { - $newelement = 'propale'; - } elseif ($element == 'fichinter') { - $newelement = 'ficheinter'; - } elseif ($element == 'product') { - $newelement = 'produit'; - } elseif ($element == 'member') { - $newelement = 'adherent'; - } elseif ($element == 'order_supplier') { + if ($element == 'propal') $newelement = 'propale'; + elseif ($element == 'fichinter') $newelement = 'ficheinter'; + elseif ($element == 'product') $newelement = 'produit'; + elseif ($element == 'member') $newelement = 'adherent'; + elseif ($element == 'order_supplier') { $newelement = 'fournisseur'; $subelement = 'commande'; - } elseif ($element == 'invoice_supplier') { + } + elseif ($element == 'invoice_supplier') { $newelement = 'fournisseur'; $subelement = 'facture'; - } else { - $newelement = $element; - } + } + else $newelement = $element; $_POST['action'] = 'update'; // Hack so restrictarea will test permissions on write too $feature = $newelement; $feature2 = $subelement; $object_id = $fk_element; - if ($feature == 'expedition' || $feature == 'shipping') { + if ($feature == 'expedition' || $feature == 'shipping') + { $feature = 'commande'; $object_id = 0; } - if ($feature == 'shipping') { - $feature = 'commande'; - } - if ($feature == 'payment') { - $feature = 'facture'; - } - if ($feature == 'payment_supplier') { - $feature = 'fournisseur'; - $feature2 = 'facture'; - } + if ($feature == 'shipping') $feature = 'commande'; + if ($feature == 'payment') { $feature = 'facture'; } + if ($feature == 'payment_supplier') { $feature = 'fournisseur'; $feature2 = 'facture'; } //var_dump(GETPOST('action','aZ09')); //var_dump($newelement.'-'.$subelement."-".$feature."-".$object_id); $check_access = restrictedArea($user, $feature, $object_id, '', $feature2); @@ -139,11 +130,15 @@ $error++; $return['error'] = $langs->trans('ErrorBadValue'); } - } elseif ($type == 'datepicker') { + } + elseif ($type == 'datepicker') + { $timestamp = GETPOST('timestamp', 'int', 2); $format = 'date'; $newvalue = ($timestamp / 1000); - } elseif ($type == 'select') { + } + elseif ($type == 'select') + { $loadmethodname = 'load_cache_'.$loadmethod; $loadcachename = 'cache_'.$loadmethod; $loadviewname = 'view_'.$loadmethod; @@ -162,11 +157,15 @@ $loadview = $form->$loadviewname; $view = $loadview[$newvalue]; } - } else { + } + else + { $error++; $return['error'] = $form->error; } - } else { + } + else + { $module = $subelement = $ext_element; if (preg_match('/^([^_]+)_([^_]+)/i', $ext_element, $regs)) { @@ -188,7 +187,9 @@ $loadview = $object->$loadviewname; $view = $loadview[$newvalue]; } - } else { + } + else + { $error++; $return['error'] = $object->error; } @@ -214,13 +215,17 @@ $return['value'] = $value; $return['view'] = (!empty($view) ? $view : $value); - } else { + } + else + { $return['error'] = $object->error; } } echo json_encode($return); - } else { + } + else + { echo $langs->trans('NotEnoughPermissions'); } } --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_selectobject.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_selectobject.php @@ -33,7 +33,7 @@ $htmlname = GETPOST('htmlname', 'aZ09'); $sqlfilter = GETPOST('sqlfilter', 'alpha'); $outjson = (GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0); -$action = GETPOST('action', 'aZ09'); +$action = GETPOST('action', 'alpha'); $id = GETPOST('id', 'int'); @@ -75,10 +75,9 @@ } // When used from jQuery, the search term is added as GET param "term". -$searchkey = (($id && GETPOST($id, 'alpha')) ? GETPOST($id, 'alpha') : (($htmlname && GETPOST($htmlname, 'alpha')) ? GETPOST($htmlname, 'alpha') : '')); +$searchkey = (($id && GETPOST($id, 'alpha')) ?GETPOST($id, 'alpha') : (($htmlname && GETPOST($htmlname, 'alpha')) ?GETPOST($htmlname, 'alpha') : '')); -// Add a security test to avoid to get content of all tables -restrictedArea($user, $objecttmp->element, $id); +// TODO Add a security test to avoid to get content of all tables $arrayresult = $form->selectForFormsList($objecttmp, $htmlname, '', 0, $searchkey, '', '', '', 0, 1); --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_selectsearchbox.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_selectsearchbox.php @@ -26,21 +26,21 @@ if (!isset($usedbyinclude) || empty($usedbyinclude)) { - if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', 1); // Disables token renewal - if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); - if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); - if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); - if (!defined('NOREDIRECTBYMAINTOLOGIN')) define('NOREDIRECTBYMAINTOLOGIN', '1'); + if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', 1); // Disables token renewal + if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); + if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); + if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); + if (!defined('NOREDIRECTBYMAINTOLOGIN')) define('NOREDIRECTBYMAINTOLOGIN', '1'); - $res = @include '../../main.inc.php'; - if ($res == 'ERROR_NOT_LOGGED') - { - $langs->load("other"); - $arrayresult['jumptologin'] = array('img'=>'object_generic', 'label'=>$langs->trans("JumpToLogin"), 'text'=>' '.$langs->trans("JumpToLogin"), 'url'=>DOL_URL_ROOT.'/index.php'); - print json_encode($arrayresult); - if (is_object($db)) $db->close(); - exit; - } + $res = @include '../../main.inc.php'; + if ($res == 'ERROR_NOT_LOGGED') + { + $langs->load("other"); + $arrayresult['jumptologin'] = array('img'=>'object_generic', 'label'=>$langs->trans("JumpToLogin"), 'text'=>' '.$langs->trans("JumpToLogin"), 'url'=>DOL_URL_ROOT.'/index.php'); + print json_encode($arrayresult); + if (is_object($db)) $db->close(); + exit; + } } include_once DOL_DOCUMENT_ROOT.'/core/lib/json.lib.php'; @@ -48,7 +48,7 @@ //global $hookmanager; $hookmanager->initHooks(array('searchform')); -$search_boxvalue = GETPOST('q', 'restricthtml'); +$search_boxvalue = GETPOST('q', 'none'); $arrayresult = array(); @@ -82,7 +82,7 @@ if (!empty($conf->projet->enabled) && empty($conf->global->MAIN_SEARCHFORM_PROJECT_DISABLED) && $user->rights->projet->lire) { - $arrayresult['searchintoprojects'] = array('position'=>40, 'shortcut'=>'Q', 'img'=>'object_project', 'label'=>$langs->trans("SearchIntoProjects", $search_boxvalue), 'text'=>img_picto('', 'object_project').' '.$langs->trans("SearchIntoProjects", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/projet/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : '')); + $arrayresult['searchintoprojects'] = array('position'=>40, 'shortcut'=>'Q', 'img'=>'object_projectpub', 'label'=>$langs->trans("SearchIntoProjects", $search_boxvalue), 'text'=>img_picto('', 'object_project').' '.$langs->trans("SearchIntoProjects", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/projet/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : '')); } if (!empty($conf->projet->enabled) && empty($conf->global->MAIN_SEARCHFORM_TASK_DISABLED) && $user->rights->projet->lire) { @@ -110,46 +110,13 @@ { $arrayresult['searchintosupplierpropal'] = array('position'=>100, 'img'=>'object_propal', 'label'=>$langs->trans("SearchIntoSupplierProposals", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_proposal').' '.$langs->trans("SearchIntoSupplierProposals", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/supplier_proposal/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : '')); } -if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_ORDER_DISABLED) || !empty($conf->supplier_order->enabled)) && $user->rights->fournisseur->commande->lire) +if ((! empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_ORDER_DISABLED) || ! empty($conf->supplier_order->enabled)) && $user->rights->fournisseur->commande->lire) { $arrayresult['searchintosupplierorder'] = array('position'=>110, 'img'=>'object_order', 'label'=>$langs->trans("SearchIntoSupplierOrders", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_order').' '.$langs->trans("SearchIntoSupplierOrders", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fourn/commande/list.php'.($search_boxvalue ? '?search_all='.urlencode($search_boxvalue) : '')); } -if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_INVOICE_DISABLED) || !empty($conf->supplier_invoice->enabled)) && $user->rights->fournisseur->facture->lire) +if ((! empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_INVOICE_DISABLED) || ! empty($conf->supplier_invoice->enabled)) && $user->rights->fournisseur->facture->lire) { $arrayresult['searchintosupplierinvoice'] = array('position'=>120, 'img'=>'object_bill', 'label'=>$langs->trans("SearchIntoSupplierInvoices", $search_boxvalue), 'text'=>img_picto('', 'object_supplier_invoice').' '.$langs->trans("SearchIntoSupplierInvoices", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/fourn/facture/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : '')); -} - -// Customer payments -if (!empty($conf->facture->enabled) && empty($conf->global->MAIN_SEARCHFORM_CUSTOMER_INVOICE_DISABLED) && $user->rights->facture->lire) -{ - $arrayresult['searchintocustomerpayments'] = array( - 'position'=>170, - 'img'=>'object_payment', - 'label'=>$langs->trans("SearchIntoCustomerPayments", $search_boxvalue), - 'text'=>img_picto('', 'object_payment').' '.$langs->trans("SearchIntoCustomerPayments", $search_boxvalue), - 'url'=>DOL_URL_ROOT.'/compta/paiement/list.php?leftmenu=customers_bills_payment'.($search_boxvalue ? '&sall='.urlencode($search_boxvalue) : '')); -} - -// Vendor payments -if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_SEARCHFORM_SUPPLIER_INVOICE_DISABLED) || !empty($conf->supplier_invoice->enabled)) && $user->rights->fournisseur->facture->lire) -{ - $arrayresult['searchintovendorpayments'] = array( - 'position'=>175, - 'img'=>'object_payment', - 'label'=>$langs->trans("SearchIntoVendorPayments", $search_boxvalue), - 'text'=>img_picto('', 'object_payment').' '.$langs->trans("SearchIntoVendorPayments", $search_boxvalue), - 'url'=>DOL_URL_ROOT.'/fourn/paiement/list.php?leftmenu=suppliers_bills_payment'.($search_boxvalue ? '&sall='.urlencode($search_boxvalue) : '')); -} - -// Miscellaneous payments -if (!empty($conf->banque->enabled) && empty($conf->global->MAIN_SEARCHFORM_MISC_PAYMENTS_DISABLED) && $user->rights->banque->lire) -{ - $arrayresult['searchintomiscpayments'] = array( - 'position'=>180, - 'img'=>'object_payment', - 'label'=>$langs->trans("SearchIntoMiscPayments", $search_boxvalue), - 'text'=>img_picto('', 'object_payment').' '.$langs->trans("SearchIntoMiscPayments", $search_boxvalue), - 'url'=>DOL_URL_ROOT.'/compta/bank/various_payment/list.php?leftmenu=tax_various'.($search_boxvalue ? '&sall='.urlencode($search_boxvalue) : '')); } if (!empty($conf->contrat->enabled) && empty($conf->global->MAIN_SEARCHFORM_CONTRACT_DISABLED) && $user->rights->contrat->lire) @@ -185,12 +152,13 @@ if (empty($reshook)) { $arrayresult = array_merge($arrayresult, $hookmanager->resArray); -} else $arrayresult = $hookmanager->resArray; +} +else $arrayresult = $hookmanager->resArray; -// This pushes a search entry to the top +// This allow to keep a search entry to the top if (!empty($conf->global->DEFAULT_SEARCH_INTO_MODULE)) { - $key = 'searchinto'.$conf->global->DEFAULT_SEARCH_INTO_MODULE; - if (array_key_exists($key, $arrayresult)) $arrayresult[$key]['position'] = -1000; + $key = 'searchinto'.$conf->global->DEFAULT_SEARCH_INTO_MODULE; + if (array_key_exists($key, $arrayresult)) $arrayresult[$key]['position'] = -10; } // Sort on position @@ -199,6 +167,6 @@ // Print output if called by ajax or do nothing (var $arrayresult will be used) if called by an include if (!isset($usedbyinclude) || empty($usedbyinclude)) { - print json_encode($arrayresult); - if (is_object($db)) $db->close(); + print json_encode($arrayresult); + if (is_object($db)) $db->close(); } --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_vatrates.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_vatrates.php @@ -27,7 +27,7 @@ require '../../main.inc.php'; $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'aZ09'); +$action = GETPOST('action', 'alpha'); $htmlname = GETPOST('htmlname', 'alpha'); $selected = (GETPOST('selected') ?GETPOST('selected') : '-1'); $productid = (GETPOST('productid', 'int') ?GETPOST('productid', 'int') : 0); @@ -52,7 +52,9 @@ { $seller = $mysoc; $buyer = $soc; - } else { + } + else + { $buyer = $mysoc; $seller = $soc; } --- /tmp/dsg/dolibarr/htdocs/core/ajax/github_ziptown.php +++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_ziptown.php @@ -1,6 +1,6 @@ - * Copyright (C) 2011-2014 Laurent Destailleur +/* Copyright (C) 2010 Regis Houssin + * Copyright (C) 2011-204 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -75,7 +75,8 @@ if ($town) $sql .= " AND z.town LIKE '%".$db->escape($town)."%'"; $sql .= " ORDER BY z.zip, z.town"; $sql .= $db->plimit(100); // Avoid pb with bad criteria - } else // Use table of third parties + } + else // Use table of third parties { $sql = "SELECT DISTINCT s.zip, s.town, s.fk_departement as fk_county, s.fk_pays as fk_country"; $sql .= ", c.code as country_code, c.label as country"; @@ -127,7 +128,9 @@ } echo json_encode($return_arr); -} else { +} +else +{ } $db->close();