Merge remote-tracking branch 'Dolibarr/19.0' into 19

fappels · Feb 25, 2024 · 1aa1285 · 1aa1285
2 parents 7f537c4 + c171ce2
commit 1aa1285
Show file tree

Hide file tree

Showing 61 changed files with 346 additions and 230 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -2,72 +2,6 @@
 English Dolibarr ChangeLog
 --------------------------------------------------------------
 
-***** ChangeLog for 18.0.5 compared to 18.0.4 *****
-FIX: 17.0: deprecated field should only be a fallback
-FIX: 17.0 - php8 warnings: test for $field existence before checking if it is null or empty
-FIX: #24185: v18: display of the merged pdf lists
-FIX: #26416 BOM_SUB_BOM blank page
-FIX: #27166
-FIX: #27262 Recurrent invoice - user to string conversion
-FIX: #27970 #26283 #27970
-FIX: Accountancy - Level 3 of binding not working on supplier side (#27462)
-FIX: Accounting files export - Use th instead of td on all title columns (#28003)
-FIX: add action update_extras to don card
-FIX: Adding hooks init
-FIX: Adding the $encode parameter to recursive _replaceHtmlWithOdtTag() utilisation
-FIX: add new hook context for mo production card (#28037)
-FIX: avoid from re-initializing result on nested hook getEntity (#27799)
-FIX: avoid sql error (issue #26342)
-FIX: bad accountancy code autoselection for supplier ventilation
-FIX: Bad visible status of proposal after reopen
-FIX: Barcode header cell not well displayed
-FIX: BarCode Header not well displayed
-FIX: Bar code verification should be done by entity because generation does (#28087)
-FIX: can edit reminders on past events
-FIX: check parameter socid before cloning a customer proposal (#28085)
-FIX: crabe PDF is generating in conf->entity instead of object->entity
-FIX: CVE-2024-23817 (#28089)
-FIX: disable pointer events on jQuery-UI tooltips to prevent a glitch (fast-blinking tooltip)
-FIX: Error on emailreminder not reported
-FIX: Fatal error converting object of class User to string (php8)
-FIX: filter by entity on contact is missing
-FIX: Fix supplier invoice security check
-FIX: format of color in manifest is wrong when using a custom color
-FIX: #GHSA-7947-48q7-cp5m
-FIX: HTML injection vulnerability in Dolibarr Application Home Page
-FIX: invoice add line save devise
-FIX: Keep a link to enable a 'always_enabled' module to solve pb.
-FIX: label
-FIX: line special_code never saved (#28051)
-FIX: link to print when there is a search on multiselect fields
-FIX: Menu Create of project no working on smartphone with no top menu.
-FIX: missing $search_sale var (backport from v19)
-FIX: Missing begin transaction when updating supplier recurring invoice
-FIX: missing entity filter for check if period exists
-FIX: more correctly parse the select part to be replaced in sql queries
-FIX: MouvementStock::origin is not an object
-FIX: notification information on intervention validated confirmation message (v17+)
-FIX: not load all contacts by default when creating an event
-FIX: port in Docker MailDev
-FIX: propal use devise changes
-FIX: public user photo not visible if $dolibarr_main_instance_unique_id
-FIX: remove DISTINCT (backport from v19)
-FIX: remove specific name from v19
-FIX: Retours PR
-FIX: Return a better error message when token is not valid
-FIX: search by ref & rowid in don list
-FIX: search by thirdparty in don list
-FIX: several names for one const THIRDPARTY_CAN_HAVE_CUSTOMER_CATEGORY_EVEN_IF_NOT_CUSTOMER_PROSPECT
-FIX: SQL concatenation error
-FIX: [TAKEPOS] display prices with or without taxes depending on setup (TAKEPOS_CHANGE_PRICE_HT)
-FIX: Ternary operator condition is always true/false
-FIX: too long output
-FIX: Undefined property: Task::$fk_parent
-FIX: uniformization to use "intervention"
-FIX: Update loan.class.php (#27971)
-FIX: update price extrafield on propal card
-FIX: user filter in per user view of event list (#28049)
-FIX: use the currency for propal signature page
 
 ***** ChangeLog for 19.0.0 compared to 18.0.0 *****
 
@@ -319,6 +253,73 @@ The following changes may create regressions for some external modules, but were
 * The load of hook context productdao has been removed before calling loadvirtualstock. Modules must use the context of main parent page or 'all' for all cases.
 
 
+***** ChangeLog for 18.0.5 compared to 18.0.4 *****
+FIX: 17.0: deprecated field should only be a fallback
+FIX: 17.0 - php8 warnings: test for $field existence before checking if it is null or empty
+FIX: #24185: v18: display of the merged pdf lists
+FIX: #26416 BOM_SUB_BOM blank page
+FIX: #27166
+FIX: #27262 Recurrent invoice - user to string conversion
+FIX: #27970 #26283 #27970
+FIX: Accountancy - Level 3 of binding not working on supplier side (#27462)
+FIX: Accounting files export - Use th instead of td on all title columns (#28003)
+FIX: add action update_extras to don card
+FIX: Adding hooks init
+FIX: Adding the $encode parameter to recursive _replaceHtmlWithOdtTag() utilisation
+FIX: add new hook context for mo production card (#28037)
+FIX: avoid from re-initializing result on nested hook getEntity (#27799)
+FIX: avoid sql error (issue #26342)
+FIX: bad accountancy code autoselection for supplier ventilation
+FIX: Bad visible status of proposal after reopen
+FIX: Barcode header cell not well displayed
+FIX: BarCode Header not well displayed
+FIX: Bar code verification should be done by entity because generation does (#28087)
+FIX: can edit reminders on past events
+FIX: check parameter socid before cloning a customer proposal (#28085)
+FIX: crabe PDF is generating in conf->entity instead of object->entity
+FIX: CVE-2024-23817 (#28089)
+FIX: disable pointer events on jQuery-UI tooltips to prevent a glitch (fast-blinking tooltip)
+FIX: Error on emailreminder not reported
+FIX: Fatal error converting object of class User to string (php8)
+FIX: filter by entity on contact is missing
+FIX: Fix supplier invoice security check
+FIX: format of color in manifest is wrong when using a custom color
+FIX: #GHSA-7947-48q7-cp5m
+FIX: HTML injection vulnerability in Dolibarr Application Home Page
+FIX: invoice add line save devise
+FIX: Keep a link to enable a 'always_enabled' module to solve pb.
+FIX: label
+FIX: line special_code never saved (#28051)
+FIX: link to print when there is a search on multiselect fields
+FIX: Menu Create of project no working on smartphone with no top menu.
+FIX: missing $search_sale var (backport from v19)
+FIX: Missing begin transaction when updating supplier recurring invoice
+FIX: missing entity filter for check if period exists
+FIX: more correctly parse the select part to be replaced in sql queries
+FIX: MouvementStock::origin is not an object
+FIX: notification information on intervention validated confirmation message (v17+)
+FIX: not load all contacts by default when creating an event
+FIX: port in Docker MailDev
+FIX: propal use devise changes
+FIX: public user photo not visible if $dolibarr_main_instance_unique_id
+FIX: remove DISTINCT (backport from v19)
+FIX: remove specific name from v19
+FIX: Retours PR
+FIX: Return a better error message when token is not valid
+FIX: search by ref & rowid in don list
+FIX: search by thirdparty in don list
+FIX: several names for one const THIRDPARTY_CAN_HAVE_CUSTOMER_CATEGORY_EVEN_IF_NOT_CUSTOMER_PROSPECT
+FIX: SQL concatenation error
+FIX: [TAKEPOS] display prices with or without taxes depending on setup (TAKEPOS_CHANGE_PRICE_HT)
+FIX: Ternary operator condition is always true/false
+FIX: too long output
+FIX: Undefined property: Task::$fk_parent
+FIX: uniformization to use "intervention"
+FIX: Update loan.class.php (#27971)
+FIX: update price extrafield on propal card
+FIX: user filter in per user view of event list (#28049)
+FIX: use the currency for propal signature page
+
 ***** ChangeLog for 18.0.4 compared to 18.0.3 *****
 FIX: $this->newref already exists and could have been modified by trigger but we still use a local variable for the filesystem-based renaming
 FIX: 16.0 only, backport fix for SQL error on global search product

diff --git a/htdocs/accountancy/index.php b/htdocs/accountancy/index.php
@@ -290,7 +290,7 @@
 	print $boxlist;
 
 	print '</div>';
-} elseif (isModEnabled('compta')) {
+} elseif (isModEnabled('comptabilite')) {
 	print load_fiche_titre($langs->trans("AccountancyArea"), '', 'accountancy');
 
 	print '<span class="opacitymedium">'.$langs->trans("Module10Desc")."</span>\n";

diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php
@@ -246,7 +246,7 @@
 				$lineisasale = 1;
 			}
 		}
-		//var_dump($obj->type_payment); var_dump($obj->type_payment_supplier);
+		//var_dump($obj->type_payment); //var_dump($obj->type_payment_supplier);
 		//var_dump($lineisapurchase); //var_dump($lineisasale);
 
 		// Set accountancy code for bank

diff --git a/htdocs/asset/class/asset.class.php b/htdocs/asset/class/asset.class.php
@@ -418,7 +418,7 @@ public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset =
 			foreach ($filter as $key => $value) {
 				if ($key == 't.rowid') {
 					$sqlwhere[] = $key." = ".((int) $value);
-				} elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
+				} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
 					$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
 				} elseif ($key == 'customsql') {
 					$sqlwhere[] = $value;

diff --git a/htdocs/asset/class/assetmodel.class.php b/htdocs/asset/class/assetmodel.class.php
@@ -358,7 +358,7 @@ public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset =
 			foreach ($filter as $key => $value) {
 				if ($key == 't.rowid') {
 					$sqlwhere[] = $key." = ".((int) $value);
-				} elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
+				} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
 					$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
 				} elseif ($key == 'customsql') {
 					$sqlwhere[] = $value;

diff --git a/htdocs/bookcal/class/availabilities.class.php b/htdocs/bookcal/class/availabilities.class.php
@@ -413,7 +413,7 @@ public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset =
 			foreach ($filter as $key => $value) {
 				if ($key == 't.rowid') {
 					$sqlwhere[] = $key." = ".((int) $value);
-				} elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
+				} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
 					$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
 				} elseif ($key == 'customsql') {
 					$sqlwhere[] = $value;

diff --git a/htdocs/bookcal/class/calendar.class.php b/htdocs/bookcal/class/calendar.class.php
@@ -370,7 +370,7 @@ public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset =
 			foreach ($filter as $key => $value) {
 				if ($key == 't.rowid') {
 					$sqlwhere[] = $key." = ".((int) $value);
-				} elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
+				} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
 					$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
 				} elseif ($key == 'customsql') {
 					$sqlwhere[] = $value;

diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php
@@ -139,10 +139,10 @@
 		$object->cle_rib = trim(GETPOST("cle_rib"));
 		$object->bic = trim(GETPOST("bic"));
 		$object->iban = trim(GETPOST("iban"));
-		$object->domiciliation = trim(GETPOST("domiciliation", "alphanohtml"));
 		$object->pti_in_ctti = empty(GETPOST("pti_in_ctti")) ? 0 : 1;
 
 		$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
+		$object->domiciliation = trim(GETPOST("domiciliation", "alphanohtml"));
 		$object->owner_address = trim(GETPOST("owner_address", 'alphanohtml'));
 		$object->owner_zip = trim(GETPOST("owner_zip", 'alphanohtml'));
 		$object->owner_town = trim(GETPOST("owner_town", 'alphanohtml'));
@@ -252,7 +252,6 @@
 		$object->cle_rib = trim(GETPOST("cle_rib"));
 		$object->bic = trim(GETPOST("bic"));
 		$object->iban = trim(GETPOST("iban"));
-		$object->domiciliation = trim(GETPOST("domiciliation", "alphanohtml"));
 		$object->pti_in_ctti = empty(GETPOST("pti_in_ctti")) ? 0 : 1;
 
 		$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
@@ -279,8 +278,9 @@
 
 		$object->currency_code = trim(GETPOST("account_currency_code"));
 
-		$object->state_id = GETPOST("account_state_id", 'int');
-		$object->country_id = GETPOST("account_country_id", 'int');
+		$object->address = trim(GETPOST("account_address", "alphanohtml"));
+		$object->state_id = GETPOSTINT("account_state_id");
+		$object->country_id = GETPOSTINT("account_country_id");
 
 		$object->min_allowed = GETPOST("account_min_allowed", 'int');
 		$object->min_desired = GETPOST("account_min_desired", 'int');
@@ -462,8 +462,8 @@
 	$type = (GETPOSTISSET("type") ? GETPOST('type', 'int') : Account::TYPE_CURRENT); // add default value
 	if ($type == Account::TYPE_SAVINGS || $type == Account::TYPE_CURRENT) {
 		print '<tr><td>'.$langs->trans("BankAccountDomiciliation").'</td><td>';
-		print '<textarea class="flat quatrevingtpercent" name="domiciliation" rows="'.ROWS_2.'">';
-		print(GETPOSTISSET('domiciliation') ? GETPOST('domiciliation') : $object->domiciliation);
+		print '<textarea class="flat quatrevingtpercent" name="account_address" rows="'.ROWS_2.'">';
+		print(GETPOSTISSET('account_address') ? GETPOST('account_address') : $object->address);
 		print "</textarea></td></tr>";
 	}
 
@@ -681,7 +681,6 @@
 		$morehtmlref = '';
 		dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
 
-
 		print '<div class="fichecenter">';
 		print '<div class="fichehalfleft">';
 		print '<div class="underbanner clearboth"></div>';
@@ -848,19 +847,19 @@
 			}
 
 			print '<tr><td>'.$langs->trans("BankAccountOwner").'</td><td>';
-			print $object->proprio;
+			print dol_escape_htmltag($object->proprio);
 			print "</td></tr>\n";
 
 			print '<tr><td>'.$langs->trans("BankAccountOwnerAddress").'</td><td>';
 			print nl2br($object->owner_address);
 			print "</td></tr>\n";
 
 			print '<tr><td class="tdtop">'.$langs->trans("BankAccountOwnerZip").'</td>';
-			print '<td>'.$object->owner_zip;
+			print '<td>'.dol_escape_htmltag($object->owner_zip);
 			print '</td></tr>';
 
 			print '<tr><td class="tdtop">'.$langs->trans("BankAccountOwnerTown").'</td>';
-			print '<td>'.$object->owner_town;
+			print '<td>'.dol_escape_htmltag($object->owner_town);
 			print '</td></tr>';
 
 			print '<tr><td class="tdtop">'.$langs->trans("BankAccountOwnerCountry").'</td>';
@@ -1003,8 +1002,8 @@
 		$type = (GETPOSTISSET('type') ? GETPOST('type', 'int') : $object->type); // add default current value
 		if ($type == Account::TYPE_SAVINGS || $type == Account::TYPE_CURRENT) {
 			print '<tr><td>'.$langs->trans("BankAccountDomiciliation").'</td><td>';
-			print '<textarea class="flat quatrevingtpercent" name="domiciliation" rows="'.ROWS_2.'">';
-			print $object->domiciliation;
+			print '<textarea class="flat quatrevingtpercent" name="account_address" rows="'.ROWS_2.'">';
+			print $object->address;
 			print "</textarea></td></tr>";
 		}
 
@@ -1183,16 +1182,17 @@
 				}
 			}
 
-			print '<tr><td>'.$langs->trans("BankAccountOwner").'</td>';
-			print '<td><input class="maxwidth200onsmartphone" type="text" class="flat" name="proprio" value="'.$object->proprio.'"></td>';
-			print '</tr>';
-
 			print '</table>';
+
 			print '<hr>';
 
 			print '<table class="border centpercent">';
 
-			print '<tr><td class="titlefieldcreate">'.$langs->trans("BankAccountOwnerAddress").'</td><td>';
+			print '<tr><td>'.$langs->trans("BankAccountOwner").'</td>';
+			print '<td><input class="maxwidth200onsmartphone" type="text" class="flat" name="proprio" value="'.$object->proprio.'"></td>';
+			print '</tr>';
+
+			print '<tr><td class="titlefieldcreate tdtop">'.$langs->trans("BankAccountOwnerAddress").'</td><td>';
 			print '<textarea class="flat quatrevingtpercent" name="owner_address" rows="'.ROWS_2.'">';
 			print $object->owner_address;
 			print "</textarea></td></tr>";

diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php
@@ -184,6 +184,7 @@ class Account extends CommonObject
 	public $state_id;
 	public $state_code;
 	public $state;
+	public $country_id;
 
 	/**
 	 * Variable containing all account types with their respective translated label.
@@ -1633,6 +1634,40 @@ public function getCountryCode()
 		return '';
 	}
 
+	/**
+	 * 	Return full address for banner
+	 *
+	 * 	@param		string		$htmlkey            HTML id to make banner content unique
+	 *  @param      Object      $object				Object (thirdparty, thirdparty of contact for contact, null for a member)
+	 *	@return		string							Full address string
+	 */
+	public function getBannerAddress($htmlkey, $object)
+	{
+		global $conf, $langs;
+
+		$out = '';
+
+		$outdone = 0;
+		$coords = $this->getFullAddress(1, ', ', getDolGlobalInt('MAIN_SHOW_REGION_IN_STATE_SELECT'));
+		if ($coords) {
+			if (!empty($conf->use_javascript_ajax)) {
+				// hideonsmatphone because copyToClipboard call jquery dialog that does not work with jmobile
+				$out .= '<a href="#" class="hideonsmartphone" onclick="return copyToClipboard(\''.dol_escape_js($coords).'\',\''.dol_escape_js($langs->trans("HelpCopyToClipboard")).'\');">';
+				$out .= img_picto($langs->trans("Address"), 'map-marker-alt');
+				$out .= '</a> ';
+			}
+			$address = dol_print_address($coords, 'address_'.$htmlkey.'_'.$this->id, $this->element, $this->id, 1, ', ');
+			if ($address) {
+				$out .= $address;
+				$outdone++;
+			}
+			$outdone++;
+		}
+
+		return $out;
+	}
+
+
 	/**
 	 * Return if a bank account is defined with detailed information (bank code, desk code, number and key).
 	 * More information on codes used by countries on page http://en.wikipedia.org/wiki/Bank_code
@@ -2569,12 +2604,15 @@ public function info($id)
 	 */
 	public function getNomUrl($withpicto = 0, $maxlen = 0, $option = '', $notooltip = 0)
 	{
-		global $langs;
+		global $conf, $langs;
 
 		$result = '';
 
 		$label = img_picto('', $this->picto).' <u>'.$langs->trans("BankTransactionLine").'</u>:<br>';
 		$label .= '<b>'.$langs->trans("Ref").':</b> '.$this->ref;
+		if ($this->amount) {
+			$label .= '<br><strong>'.$langs->trans("Amount").':</strong> '.price($this->amount, 0, $langs, 1, -1, -1, $conf->currency);
+		}
 
 		$linkstart = '<a href="'.DOL_URL_ROOT.'/compta/bank/line.php?rowid='.((int) $this->id).'&save_lastsearch_values=1" title="'.dol_escape_htmltag($label, 1).'" class="classfortooltip">';
 		$linkend = '</a>';
@@ -2586,6 +2624,7 @@ public function getNomUrl($withpicto = 0, $maxlen = 0, $option = '', $notooltip
 		if ($withpicto != 2) {
 			$result .= ($this->ref ? $this->ref : $this->id);
 		}
+
 		$result .= $linkend;
 
 		if ($option == 'showall' || $option == 'showconciliated' || $option == 'showconciliatedandaccounted') {
@@ -2684,7 +2723,6 @@ public function LibStatut($status, $mode = 0)
 		return '';
 	}
 
-
 	/**
 	 *	Return if a bank line was dispatched into bookkeeping
 	 *