Home Explore Help
Sign In
iProspective
/
dolibarr
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

FIX Protection against bad value into accurancy setup

Laurent Destailleur 2 years ago
parent
85a764afc6
commit
509c85672e
2 changed files with 47 additions and 22 deletions
Split View Show Diff Stats
  1. 44 21
      htdocs/admin/limits.php
  2. 3 1
      htdocs/langs/en_US/errors.lang

+ 44 - 21
htdocs/admin/limits.php
View File 

@@ -1,5 +1,5 @@
 
 <?php
 
-/* Copyright (C) 2007-2020	Laurent Destailleur	<eldy@users.sourceforge.net>
 
+/* Copyright (C) 2007-2022	Laurent Destailleur	<eldy@users.sourceforge.net>
 
  * Copyright (C) 2009-2018	Regis Houssin		<regis.houssin@inodbox.com>
 
  * Copyright (C) 2010		Juanjo Menent		<jmenent@2byte.es>
 
  *
 
@@ -29,11 +29,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/price.lib.php';
 
 // Load translation files required by the page
 
 $langs->loadLangs(array('companies', 'products', 'admin'));
 
 
-if (!$user->admin) {
 
-	accessforbidden();
 
-}
 
-
 
 $action = GETPOST('action', 'aZ09');
 
+$cancel = GETPOST('cancel', 'aZ09');
 
 $currencycode = GETPOST('currencycode', 'alpha');
 
 
 if (!empty($conf->multicurrency->enabled) && !empty($conf->global->MULTICURRENCY_USE_LIMIT_BY_CURRENCY)) {
 
@@ -48,25 +45,36 @@ $mainroundingruletot = 'MAIN_ROUNDING_RULE_TOT'.(!empty($currencycode) ? '_'.$cu
 
 
 $valmainmaxdecimalsunit = GETPOST($mainmaxdecimalsunit, 'int');
 
 $valmainmaxdecimalstot = GETPOST($mainmaxdecimalstot, 'int');
 
-$valmainmaxdecimalsshown = GETPOST($mainmaxdecimalsshown, 'int');
 
+$valmainmaxdecimalsshown = GETPOST($mainmaxdecimalsshown, 'alpha');	// Can be 'x.y' but also 'x...'
 
 $valmainroundingruletot = price2num(GETPOST($mainroundingruletot, 'alphanohtml'), '', 2);
 
 
-if ($action == 'update') {
 
+if (!$user->admin) {
 
+	accessforbidden();
 
+}
 
+
 
+
 
+/*
 
+ * Actions
 
+ */
 
+
 
+if ($action == 'update' && !$cancel) {
 
 	$error = 0;
 
 	$MAXDEC = 8;
 
-	if ($_POST[$mainmaxdecimalsunit] > $MAXDEC
 
-	|| $_POST[$mainmaxdecimalstot] > $MAXDEC
 
-	|| $_POST[$mainmaxdecimalsshown] > $MAXDEC) {
 
+	if ($valmainmaxdecimalsunit > $MAXDEC
 
+		|| $valmainmaxdecimalstot > $MAXDEC
 
+		|| $valmainmaxdecimalsshown > $MAXDEC) {
 
 		$error++;
 
 		setEventMessages($langs->trans("ErrorDecimalLargerThanAreForbidden", $MAXDEC), null, 'errors');
 
+		$action = 'edit';
 
 	}
 
 
-	if ($_POST[$mainmaxdecimalsunit].(!empty($currencycode) ? '_'.$currencycode : '') < 0
 
-	|| $_POST[$mainmaxdecimalstot] < 0
 
-	|| $_POST[$mainmaxdecimalsshown] < 0) {
 
+	if ($valmainmaxdecimalsunit < 0
 
+		|| $valmainmaxdecimalstot < 0
 
+		|| $valmainmaxdecimalsshown < 0) {
 
 		$langs->load("errors");
 
 		$error++;
 
 		setEventMessages($langs->trans("ErrorNegativeValueNotAllowed"), null, 'errors');
 
+		$action = 'edit';
 
 	}
 
 
 	if ($valmainroundingruletot) {
 
@@ -74,9 +82,23 @@ if ($action == 'update') {
 
 			$langs->load("errors");
 
 			$error++;
 
 			setEventMessages($langs->trans("ErrorMAIN_ROUNDING_RULE_TOTCanMAIN_MAX_DECIMALS_TOT"), null, 'errors');
 
+			$action = 'edit';
 
 		}
 
 	}
 
 
+	if ((float) $valmainmaxdecimalsshown == 0) {
 
+		$langs->load("errors");
 
+		$error++;
 
+		setEventMessages($langs->trans("ErrorValueCantBeNull", dol_trunc(dol_string_nohtmltag($langs->transnoentitiesnoconv("MAIN_MAX_DECIMALS_SHOWN")), 40)), null, 'errors');
 
+		$action = 'edit';
 
+	}
 
+	if (! $error && ((float) $valmainmaxdecimalsshown < $valmainmaxdecimalsunit || (float) $valmainmaxdecimalsshown < $valmainmaxdecimalstot)) {
 
+		$langs->load("errors");
 
+		$error++;
 
+		setEventMessages($langs->trans("ErrorValueForTooLow", dol_trunc(dol_string_nohtmltag($langs->transnoentitiesnoconv("MAIN_MAX_DECIMALS_SHOWN")), 40)), null, 'errors');
 
+		$action = 'edit';
 
+	}
 
+
 
 	if (!$error) {
 
 		dolibarr_set_const($db, $mainmaxdecimalsunit, $valmainmaxdecimalsunit, 'chaine', 0, '', $conf->entity);
 
 		dolibarr_set_const($db, $mainmaxdecimalstot, $valmainmaxdecimalstot, 'chaine', 0, '', $conf->entity);
 
@@ -143,24 +165,25 @@ if ($action == 'edit') {
 
 
 	print '<tr class="oddeven"><td>';
 
 	print $form->textwithpicto($langs->trans("MAIN_MAX_DECIMALS_UNIT"), $langs->trans("ParameterActiveForNextInputOnly"));
 
-	print '</td><td><input class="flat" name="'.$mainmaxdecimalsunit.'" size="3" value="'.(isset($conf->global->$mainmaxdecimalsunit) ? $conf->global->$mainmaxdecimalsunit : $conf->global->MAIN_MAX_DECIMALS_UNIT).'"></td></tr>';
 
+	print '</td><td><input class="flat right" name="'.$mainmaxdecimalsunit.'" size="3" value="'.(GETPOSTISSET($mainmaxdecimalsunit) ? GETPOST($mainmaxdecimalsunit) : getDolGlobalInt('MAIN_MAX_DECIMALS_UNIT', 0)).'"></td></tr>';
 
 
 	print '<tr class="oddeven"><td>';
 
 	print $form->textwithpicto($langs->trans("MAIN_MAX_DECIMALS_TOT"), $langs->trans("ParameterActiveForNextInputOnly"));
 
-	print '</td><td><input class="flat" name="'.$mainmaxdecimalstot.'" size="3" value="'.(isset($conf->global->$mainmaxdecimalstot) ? $conf->global->$mainmaxdecimalstot : $conf->global->MAIN_MAX_DECIMALS_TOT).'"></td></tr>';
 
+	print '</td><td><input class="flat right" name="'.$mainmaxdecimalstot.'" size="3" value="'.(GETPOSTISSET($mainmaxdecimalstot) ? GETPOST($mainmaxdecimalstot) : getDolGlobalInt('MAIN_MAX_DECIMALS_TOT', 0)).'"></td></tr>';
 
 
 	print '<tr class="oddeven"><td>'.$langs->trans("MAIN_MAX_DECIMALS_SHOWN").'</td>';
 
-	print '<td><input class="flat" name="'.$mainmaxdecimalsshown.'" size="3" value="'.(isset($conf->global->$mainmaxdecimalsshown) ? $conf->global->$mainmaxdecimalsshown : $conf->global->MAIN_MAX_DECIMALS_SHOWN).'"></td></tr>';
 
+	print '<td><input class="flat right" name="'.$mainmaxdecimalsshown.'" size="3" value="'.(GETPOSTISSET($mainmaxdecimalsshown) ? GETPOST($mainmaxdecimalsshown) : getDolGlobalString('MAIN_MAX_DECIMALS_SHOWN')).'"></td></tr>';
 
 
 	print '<tr class="oddeven"><td>';
 
 	print $form->textwithpicto($langs->trans("MAIN_ROUNDING_RULE_TOT"), $langs->trans("ParameterActiveForNextInputOnly"));
 
-	print '</td><td><input class="flat" name="'.$mainroundingruletot.'" size="3" value="'.(isset($conf->global->$mainroundingruletot) ? $conf->global->$mainroundingruletot : (!empty($conf->global->MAIN_ROUNDING_RULE_TOT) ? $conf->global->MAIN_ROUNDING_RULE_TOT : '')).'"></td></tr>';
 
+	print '</td><td><input class="flat right" name="'.$mainroundingruletot.'" size="3" value="'.(GETPOSTISSET($mainroundingruletot) ? GETPOST($mainroundingruletot) : getDolGlobalString('MAIN_ROUNDING_RULE_TOT')).'"></td></tr>';
 
 
 	print '</table>';
 
 
-	print '<br>';
 
 	print '<div class="center">';
 
-	print '<input class="button button-save" type="submit" value="'.$langs->trans("Save").'">';
 
+	print '<input class="button button-save" type="submit" name="save" value="'.$langs->trans("Save").'">';
 
+	print ' &nbsp; ';
 
+	print '<input class="button button-cancel" type="submit" name="cancel" value="'.$langs->trans("Cancel").'">';
 
 	print '</div>';
 
 	print '<br>';
 
 
@@ -169,7 +192,7 @@ if ($action == 'edit') {
 
 } else {
 
 	print '<div class="div-table-responsive-no-min">';
 
 	print '<table class="noborder centpercent">';
 
-	print '<tr class="liste_titre"><td>'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
 
+	print '<tr class="liste_titre"><td>'.$langs->trans("Parameter").'</td><td class="right">'.$langs->trans("Value").'</td></tr>';
 
 
 	print '<tr class="oddeven"><td>';
 
 	print $form->textwithpicto($langs->trans("MAIN_MAX_DECIMALS_UNIT"), $langs->trans("ParameterActiveForNextInputOnly"));
 
@@ -190,7 +213,7 @@ if ($action == 'edit') {
 
 	print '</div>';
 
 
 	print '<div class="tabsAction">';
 
-	print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=edit&token='.newToken().''.(!empty($currencycode) ? '&currencycode='.$currencycode : '').'">'.$langs->trans("Modify").'</a>';
 
+	print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=edit&token='.newToken().(!empty($currencycode) ? '&currencycode='.$currencycode : '').'">'.$langs->trans("Modify").'</a>';
 
 	print '</div>';
 
 }

+ 3 - 1
htdocs/langs/en_US/errors.lang
View File 

@@ -291,6 +291,8 @@ ErrorAjaxRequestFailed=Request failed
 
 ErrorThirpdartyOrMemberidIsMandatory=Third party or Member of partnership is mandatory
 
 ErrorFailedToWriteInTempDirectory=Failed to write in temp directory
 
 ErrorQuantityIsLimitedTo=Quantity is limited to %s
 
+ErrorValueForTooLow=Value for <b>%s</b> is too low
 
+ErrorValueCantBeNull=Value for <b>%s</b> can't be null
 
 
 # Warnings
 
 WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup.
 
@@ -327,7 +329,7 @@ WarningModuleXDisabledSoYouMayMissEventHere=Module %s has not been enabled. So y
 
 WarningPaypalPaymentNotCompatibleWithStrict=The value 'Strict' makes the online payment features not working correctly. Use 'Lax' instead.
 
 WarningThemeForcedTo=Warning, theme has been forced to <b>%s</b> by hidden constant MAIN_FORCETHEME
 
 WarningAutoValNotPossibleWhenStockIsDecreasedOnInvoiceVal=Automatic validation is disabled when option to decrease stock is set on "Invoice validation".
 
- 
+
 
 # Validate
 
 RequireValidValue = Value not valid
 
 RequireAtLeastXString = Requires at least %s character(s)