Explorar o código

FIX security vulnerability reported by ADLab of Venustech

Laurent Destailleur %!s(int64=7) %!d(string=hai) anos
pai
achega
6a62e13960
Modificáronse 60 ficheiros con 562 adicións e 129 borrados
  1. 9 0
      htdocs/accountancy/tpl/export_journal.tpl.php
  2. 8 1
      htdocs/adherents/canvas/default/tpl/adherentcard_create.tpl.php
  3. 8 1
      htdocs/adherents/canvas/default/tpl/adherentcard_edit.tpl.php
  4. 9 1
      htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php
  5. 9 2
      htdocs/adherents/tpl/linkedobjectblock.tpl.php
  6. 10 2
      htdocs/comm/propal/tpl/linkedobjectblock.tpl.php
  7. 10 3
      htdocs/commande/tpl/linkedobjectblock.tpl.php
  8. 1 1
      htdocs/compta/facture/card.php
  9. 11 4
      htdocs/compta/facture/tpl/linkedobjectblock.tpl.php
  10. 9 2
      htdocs/compta/facture/tpl/linkedobjectblockForRec.tpl.php
  11. 8 1
      htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php
  12. 8 1
      htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php
  13. 8 1
      htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php
  14. 9 1
      htdocs/contrat/tpl/linkedobjectblock.tpl.php
  15. 15 8
      htdocs/core/tpl/admin_extrafields_add.tpl.php
  16. 17 10
      htdocs/core/tpl/admin_extrafields_edit.tpl.php
  17. 10 2
      htdocs/core/tpl/admin_extrafields_view.tpl.php
  18. 8 1
      htdocs/core/tpl/ajax/fileupload_main.tpl.php
  19. 8 1
      htdocs/core/tpl/ajax/fileupload_view.tpl.php
  20. 8 0
      htdocs/core/tpl/ajaxrow.tpl.php
  21. 7 0
      htdocs/core/tpl/bloc_showhide.tpl.php
  22. 8 0
      htdocs/core/tpl/contacts.tpl.php
  23. 8 0
      htdocs/core/tpl/document_actions_post_headers.tpl.php
  24. 8 0
      htdocs/core/tpl/extrafields_view.tpl.php
  25. 8 0
      htdocs/core/tpl/login.tpl.php
  26. 8 0
      htdocs/core/tpl/notes.tpl.php
  27. 7 0
      htdocs/core/tpl/objectline_create.tpl.php
  28. 10 3
      htdocs/core/tpl/objectline_edit.tpl.php
  29. 8 0
      htdocs/core/tpl/objectline_view.tpl.php
  30. 8 1
      htdocs/core/tpl/originproductline.tpl.php
  31. 8 0
      htdocs/core/tpl/passwordforgotten.tpl.php
  32. 8 0
      htdocs/core/tpl/resource_add.tpl.php
  33. 10 4
      htdocs/core/tpl/resource_view.tpl.php
  34. 8 0
      htdocs/ecm/tpl/enablefiletreeajax.tpl.php
  35. 10 3
      htdocs/expedition/tpl/linkedobjectblock.tpl.php
  36. 9 2
      htdocs/expensereport/tpl/linkedobjectblock.tpl.php
  37. 9 2
      htdocs/fichinter/tpl/linkedobjectblock.tpl.php
  38. 10 3
      htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php
  39. 12 4
      htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php
  40. 1 1
      htdocs/main.inc.php
  41. 8 0
      htdocs/modulebuilder/template/core/tpl/mytemplate.tpl.php
  42. 8 0
      htdocs/product/canvas/product/tpl/card_create.tpl.php
  43. 8 0
      htdocs/product/canvas/product/tpl/card_edit.tpl.php
  44. 8 0
      htdocs/product/canvas/product/tpl/card_view.tpl.php
  45. 9 2
      htdocs/product/canvas/product/tpl/list.tpl.php
  46. 8 1
      htdocs/product/canvas/service/tpl/card_create.tpl.php
  47. 8 0
      htdocs/product/canvas/service/tpl/card_edit.tpl.php
  48. 8 0
      htdocs/product/canvas/service/tpl/card_view.tpl.php
  49. 9 2
      htdocs/product/canvas/service/tpl/list.tpl.php
  50. 59 49
      htdocs/product/inventory/tpl/inventory.tpl.php
  51. 8 0
      htdocs/product/stock/tpl/stockcorrection.tpl.php
  52. 8 0
      htdocs/product/stock/tpl/stocktransfer.tpl.php
  53. 8 1
      htdocs/societe/canvas/company/tpl/card_create.tpl.php
  54. 8 1
      htdocs/societe/canvas/company/tpl/card_edit.tpl.php
  55. 8 1
      htdocs/societe/canvas/company/tpl/card_view.tpl.php
  56. 8 1
      htdocs/societe/canvas/individual/tpl/card_create.tpl.php
  57. 8 1
      htdocs/societe/canvas/individual/tpl/card_edit.tpl.php
  58. 8 1
      htdocs/societe/canvas/individual/tpl/card_view.tpl.php
  59. 8 1
      htdocs/societe/tpl/linesalesrepresentative.tpl.php
  60. 9 2
      htdocs/supplier_proposal/tpl/linkedobjectblock.tpl.php

+ 9 - 0
htdocs/accountancy/tpl/export_journal.tpl.php

@@ -15,6 +15,15 @@
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $prefix = $conf->global->ACCOUNTING_EXPORT_PREFIX_SPEC;
 $format = $conf->global->ACCOUNTING_EXPORT_FORMAT;
 $nodateexport = $conf->global->ACCOUNTING_EXPORT_NO_DATE_IN_FILENAME;

+ 8 - 1
htdocs/adherents/canvas/default/tpl/adherentcard_create.tpl.php

@@ -14,8 +14,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE ADHERENTCARD_CREATE.TPL.PHP DEFAULT -->

+ 8 - 1
htdocs/adherents/canvas/default/tpl/adherentcard_edit.tpl.php

@@ -14,9 +14,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $contact = $GLOBALS['objcanvas']->control->object;
 
 ?>

+ 9 - 1
htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php

@@ -14,10 +14,18 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $contact = $GLOBALS['objcanvas']->control->object;
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE ADHERENTCARD_VIEW.TPL.PHP DEFAULT -->

+ 9 - 2
htdocs/adherents/tpl/linkedobjectblock.tpl.php

@@ -15,8 +15,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -33,7 +40,7 @@ $var=true;
 $total=0;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
-	
+
 ?>
 <tr <?php echo $GLOBALS['bc'][$var]; ?> >
     <td><?php echo $langs->trans("Subscription"); ?></td>

+ 10 - 2
htdocs/comm/propal/tpl/linkedobjectblock.tpl.php

@@ -22,6 +22,14 @@
  *  \ingroup	propal
  *  \brief		Template to show objects linked to proposals
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -40,7 +48,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -71,7 +79,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 

+ 10 - 3
htdocs/commande/tpl/linkedobjectblock.tpl.php

@@ -15,8 +15,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -36,7 +43,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -76,7 +83,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 

+ 1 - 1
htdocs/compta/facture/card.php

@@ -2538,7 +2538,7 @@ if ($action == 'create')
 				print '&nbsp;&nbsp;&nbsp; <input data-role="none" type="checkbox" name="invoiceAvoirWithLines" id="invoiceAvoirWithLines" value="1" onclick="$(\'#credit_note_options input[type=checkbox]\').not(this).prop(\'checked\', false);" '.(GETPOST('invoiceAvoirWithLines','int')>0 ? 'checked':'').' /> <label for="invoiceAvoirWithLines">'.$langs->trans('invoiceAvoirWithLines')."</label>";
 				print '<br>&nbsp;&nbsp;&nbsp; <input data-role="none" type="checkbox" name="invoiceAvoirWithPaymentRestAmount" id="invoiceAvoirWithPaymentRestAmount" value="1" onclick="$(\'#credit_note_options input[type=checkbox]\').not(this).prop(\'checked\', false);" '.(GETPOST('invoiceAvoirWithPaymentRestAmount','int')>0 ? 'checked':'').' /> <label for="invoiceAvoirWithPaymentRestAmount">'.$langs->trans('invoiceAvoirWithPaymentRestAmount')."</label>";
 				print '</div>';
-				
+
     			print '</div></div>';
     		}
 		}

+ 11 - 4
htdocs/compta/facture/tpl/linkedobjectblock.tpl.php

@@ -15,8 +15,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -36,7 +43,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -54,7 +61,7 @@ foreach($linkedObjectBlock as $key => $objectlink)
     				$total = $total + $sign * $objectlink->total_ht;
     				echo price($objectlink->total_ht);
     			}
-    			else 
+    			else
     			{
     				echo '<strike>'.price($objectlink->total_ht).'</strike>';
     			}
@@ -76,7 +83,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 

+ 9 - 2
htdocs/compta/facture/tpl/linkedobjectblockForRec.tpl.php

@@ -15,8 +15,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -36,7 +43,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>

+ 8 - 1
htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php

@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE CONTACTCARD_CREATE.TPL.PHP DEFAULT -->

+ 8 - 1
htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php

@@ -13,9 +13,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $contact = $GLOBALS['objcanvas']->control->object;
 
 ?>

+ 8 - 1
htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php

@@ -13,9 +13,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $contact = $GLOBALS['objcanvas']->control->object;
 ?>
 

+ 9 - 1
htdocs/contrat/tpl/linkedobjectblock.tpl.php

@@ -14,6 +14,14 @@
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -33,7 +41,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>

+ 15 - 8
htdocs/core/tpl/admin_extrafields_add.tpl.php

@@ -26,6 +26,13 @@
  * $elementtype
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE admin_extrafields_add.tpl.php -->
@@ -56,11 +63,11 @@
 
     		// Case of computed field
     		console.log(type);
-    		if (type == '' || type == 'varchar' || type == 'int' || type == 'double' || type == 'price') { 
-    			jQuery("tr.extra_computed_value").show(); 
+    		if (type == '' || type == 'varchar' || type == 'int' || type == 'double' || type == 'price') {
+    			jQuery("tr.extra_computed_value").show();
     		} else {
     			computed_value.val(''); jQuery("tr.extra_computed_value").hide();
-    		} 
+    		}
     		if (computed_value.val())
     		{
         		console.log("We enter a computed formula");
@@ -75,7 +82,7 @@
         		jQuery("#default_value, #unique, #required, #alwayseditable, #ishidden, #list").attr('disabled', false);
         		jQuery("tr.extra_default_value, tr.extra_unique, tr.extra_required, tr.extra_alwayseditable, tr.extra_ishidden, tr.extra_list").show();
     		}
-    		
+
 			if (type == 'date')          { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").hide();jQuery("#helpchkbxlst").hide(); }
 			else if (type == 'datetime') { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").hide(); jQuery("#helpchkbxlst").hide();}
     		else if (type == 'double')   { size.val('24,8').removeAttr('disabled'); unique.removeAttr('disabled'); jQuery("#value_choice").hide(); jQuery("#helpchkbxlst").hide();}
@@ -90,8 +97,8 @@
 			else if (type == 'checkbox') { size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); jQuery("#value_choice").show();jQuery("#helpselect").show();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").hide();jQuery("#helplink").hide();}
 			else if (type == 'chkbxlst') { size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); jQuery("#value_choice").show();jQuery("#helpselect").hide();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").show();jQuery("#helplink").hide();}
 			else if (type == 'link')     { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").show();jQuery("#helpselect").hide();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").hide();jQuery("#helplink").show();}
-			else if (type == 'separate') { 
-				size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); required.val('').prop('disabled', true); 
+			else if (type == 'separate') {
+				size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); required.val('').prop('disabled', true);
 				jQuery("#value_choice").hide();jQuery("#helpselect").hide();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").hide();jQuery("#helplink").hide();
 			}
 			else {	// type = string
@@ -102,12 +109,12 @@
 			if (type == 'separate')
 			{
 				required.removeAttr('checked').prop('disabled', true); alwayseditable.removeAttr('checked').prop('disabled', true); list.val('').prop('disabled', true);
-				jQuery('#size, #default_value').val('').prop('disabled', true); 
+				jQuery('#size, #default_value').val('').prop('disabled', true);
 			}
 			else
 			{
 				default_value.removeAttr('disabled');
-				required.removeAttr('disabled'); alwayseditable.removeAttr('disabled'); list.val('').removeAttr('disabled'); 
+				required.removeAttr('disabled'); alwayseditable.removeAttr('disabled'); list.val('').removeAttr('disabled');
 			}
     	}
     	init_typeoffields('<?php echo GETPOST('type'); ?>');

+ 17 - 10
htdocs/core/tpl/admin_extrafields_edit.tpl.php

@@ -25,6 +25,13 @@
  * $elementtype
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE admin_extrafields_edit.tpl.php -->
@@ -54,11 +61,11 @@
     		?>
 
     		// Case of computed field
-    		if (type == 'varchar' || type == 'int' || type == 'double' || type == 'price') { 
-    			jQuery("tr.extra_computed_value").show(); 
+    		if (type == 'varchar' || type == 'int' || type == 'double' || type == 'price') {
+    			jQuery("tr.extra_computed_value").show();
     		} else {
     			computed_value.val(''); jQuery("tr.extra_computed_value").hide();
-    		} 
+    		}
     		if (computed_value.val())
     		{
         		console.log("We enter a computed formula");
@@ -73,7 +80,7 @@
         		jQuery("#default_value, #unique, #required, #alwayseditable, #ishidden, #list").attr('disabled', false);
         		jQuery("tr.extra_default_value, tr.extra_unique, tr.extra_required, tr.extra_alwayseditable, tr.extra_ishidden, tr.extra_list").show();
     		}
-    		
+
 			if (type == 'date') { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").hide();jQuery("#helpchkbxlst").hide(); }
 			else if (type == 'datetime') { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").hide(); jQuery("#helpchkbxlst").hide();}
     		else if (type == 'double')   { size.removeAttr('disabled'); unique.removeAttr('disabled'); jQuery("#value_choice").hide(); jQuery("#helpchkbxlst").hide();}
@@ -91,19 +98,19 @@
 			else if (type == 'separate') { size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); required.val('').prop('disabled', true); default_value.val('').prop('disabled', true); jQuery("#value_choice").hide();jQuery("#helpselect").hide();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").hide();jQuery("#helplink").hide();}
 			else {	// type = string
 				size.val('').prop('disabled', true);
-				unique.removeAttr('disabled');		
+				unique.removeAttr('disabled');
 			}
 
 			if (type == 'separate')
 			{
-				required.removeAttr('checked').prop('disabled', true); alwayseditable.removeAttr('checked').prop('disabled', true); list.val('').prop('disabled', true); 
-				jQuery('#size, #default_value').val('').prop('disabled', true); 
+				required.removeAttr('checked').prop('disabled', true); alwayseditable.removeAttr('checked').prop('disabled', true); list.val('').prop('disabled', true);
+				jQuery('#size, #default_value').val('').prop('disabled', true);
 			}
 			else
 			{
 				default_value.removeAttr('disabled');
-				required.removeAttr('disabled'); alwayseditable.removeAttr('disabled'); list.val('').removeAttr('disabled'); 
-			}			
+				required.removeAttr('disabled'); alwayseditable.removeAttr('disabled'); list.val('').removeAttr('disabled');
+			}
     	}
     	init_typeoffields(jQuery("#type").val());
     	jQuery("#type").change(function() {
@@ -113,7 +120,7 @@
     	// If we enter a formula, we disable other fields
     	jQuery("#computed_value").keyup(function() {
     		init_typeoffields(jQuery('#type').val());
-    	});    	
+    	});
     });
 </script>
 

+ 10 - 2
htdocs/core/tpl/admin_extrafields_view.tpl.php

@@ -22,6 +22,14 @@
  * $extrafield
  * $elementtype
  */
+
+// Protection to avoid direct call of template
+if (empty($langs) || ! is_object($langs))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE admin_extrafields_view.tpl.php -->
@@ -56,7 +64,7 @@ if (count($extrafields->attribute_type))
 {
     foreach($extrafields->attribute_type as $key => $value)
     {
-        
+
         print '<tr class="oddeven">';
         print "<td>".$extrafields->attribute_pos[$key]."</td>\n";
         print "<td>".$extrafields->attribute_label[$key]."</td>\n";
@@ -77,7 +85,7 @@ else
 {
     $colspan=9;
     if (! empty($conf->global->MAIN_CAN_HIDE_EXTRAFIELDS)) $colspan++;
-    
+
     print '<tr class="oddeven">';
     print '<td class="opacitymedium" colspan="'.$colspan.'">';
     print $langs->trans("None");

+ 8 - 1
htdocs/core/tpl/ajax/fileupload_main.tpl.php

@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- START TEMPLATE FILE UPLOAD MAIN -->

+ 8 - 1
htdocs/core/tpl/ajax/fileupload_view.tpl.php

@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- START TEMPLATE FILE UPLOAD -->

+ 8 - 0
htdocs/core/tpl/ajaxrow.tpl.php

@@ -19,6 +19,14 @@
  * You can use this if you want to be abale to drag and drop rows of a table.
  * You must add id="tablelines" on table level tag and have ($nboflines or count($object->lines) or count($taskarray) > 0)
  */
+
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE AJAXROW.TPL.PHP - Script to enable drag and drop on tables -->

+ 7 - 0
htdocs/core/tpl/bloc_showhide.tpl.php

@@ -16,6 +16,13 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($blocname))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 $hide = true;	// Hide by default
 if (isset($parameters['showblocbydefault'])) $hide=(empty($parameters['showblocbydefault']) ? true : false);
 if (isset($object->extraparams[$blocname]['showhide'])) $hide = (empty($object->extraparams[$blocname]['showhide']) ? true : false);

+ 8 - 0
htdocs/core/tpl/contacts.tpl.php

@@ -21,6 +21,14 @@
  * $withproject (if we are on task contact)
  */
 
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
 

+ 8 - 0
htdocs/core/tpl/document_actions_post_headers.tpl.php

@@ -24,6 +24,14 @@
 // $modulepart = for download
 // $param      = param to add to download links
 
+// Protection to avoid direct call of template
+if (empty($langs) || ! is_object($langs))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $langs->load("link");
 if (empty($relativepathwithnofile)) $relativepathwithnofile='';
 if (empty($permtoedit)) $permtoedit=-1;

+ 8 - 0
htdocs/core/tpl/extrafields_view.tpl.php

@@ -24,6 +24,14 @@
  * $parameters
  * $cols
  */
+
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 <!-- BEGIN PHP TEMPLATE extrafields_view.tpl.php -->
 <?php

+ 8 - 0
htdocs/core/tpl/login.tpl.php

@@ -19,6 +19,14 @@
 // Need global variable $title to be defined by caller (like dol_loginfunction)
 // Caller can also set 	$morelogincontent = array(['options']=>array('js'=>..., 'table'=>...);
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 header('Cache-Control: Public, must-revalidate');
 header("Content-type: text/html; charset=".$conf->file->character_set_client);
 

+ 8 - 0
htdocs/core/tpl/notes.tpl.php

@@ -17,6 +17,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 // $cssclass must be defined by caller. For example cssclass='fieldtitle"
 $module = $object->element;
 $note_public = 'note_public';

+ 7 - 0
htdocs/core/tpl/objectline_create.tpl.php

@@ -30,6 +30,13 @@
  * $inputalsopricewithtax (0 by default, 1 to also show column with unit price including tax)
  */
 
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 
 $usemargins=0;
 if (! empty($conf->margin->enabled) && ! empty($object->element) && in_array($object->element,array('facture','propal','commande')))

+ 10 - 3
htdocs/core/tpl/objectline_edit.tpl.php

@@ -30,6 +30,13 @@
  * $inputalsopricewithtax (0 by default, 1 to also show column with unit price including tax)
  */
 
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 
 $usemargins=0;
 if (! empty($conf->margin->enabled) && ! empty($object->element) && in_array($object->element,array('facture','propal','commande'))) $usemargins=1;
@@ -266,21 +273,21 @@ jQuery(document).ready(function()
 		if (event.which != 9 && (event.which < 37 ||event.which > 40) && jQuery("#price_ht").val() != '') {
 			jQuery("#price_ttc").val('');
 			jQuery("#multicurrency_subprice").val('');
-		} 
+		}
 	});
 	jQuery("#price_ttc").keyup(function(event) {
 		// console.log(event.which);		// discard event tag and arrows
 		if (event.which != 9 && (event.which < 37 || event.which > 40) && jQuery("#price_ttc").val() != '') {
 			jQuery("#price_ht").val('');
 			jQuery("#multicurrency_subprice").val('');
-		} 
+		}
 	});
 	jQuery("#multicurrency_subprice").keyup(function(event) {
 		// console.log(event.which);		// discard event tag and arrows
 		if (event.which != 9 && (event.which < 37 || event.which > 40) && jQuery("#price_ttc").val() != '') {
 			jQuery("#price_ht").val('');
 			jQuery("#price_ttc").val('');
-		} 
+		}
 	});
 
     <?php

+ 8 - 0
htdocs/core/tpl/objectline_view.tpl.php

@@ -37,6 +37,14 @@
  * $type, $text, $description, $line
  */
 
+// Protection to avoid direct call of template
+if (empty($object) || ! is_object($object))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 global $forceall, $senderissupplier, $inputalsopricewithtax, $outputalsopricetotalwithtax;
 
 $usemargins=0;

+ 8 - 1
htdocs/core/tpl/originproductline.tpl.php

@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE originproductline.tpl.php -->

+ 8 - 0
htdocs/core/tpl/passwordforgotten.tpl.php

@@ -16,6 +16,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 header('Cache-Control: Public, must-revalidate');
 header("Content-type: text/html; charset=".$conf->file->character_set_client);
 

+ 8 - 0
htdocs/core/tpl/resource_add.tpl.php

@@ -1,6 +1,14 @@
 <!-- BEGIN TEMPLATE resource_add.tpl.php -->
 <?php
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 require_once(DOL_DOCUMENT_ROOT.'/resource/class/html.formresource.class.php');
 
 $form = new Form($db);

+ 10 - 4
htdocs/core/tpl/resource_view.tpl.php

@@ -1,6 +1,12 @@
 <!-- BEGIN TEMPLATE resource_view.tpl.php -->
 <?php
-//var_dump($linked_resources);
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 
 $form= new Form($db);
 
@@ -34,11 +40,11 @@ if( (array) $linked_resources && count($linked_resources) > 0)
 
 	foreach ($linked_resources as $linked_resource)
 	{
-		
+
 		$object_resource = fetchObjectByElement($linked_resource['resource_id'],$linked_resource['resource_type']);
-		
+
 		//$element_id = $linked_resource['rowid'];
-		
+
 		if ($mode == 'edit' && $linked_resource['rowid'] == GETPOST('lineid'))
 		{
 

+ 8 - 0
htdocs/ecm/tpl/enablefiletreeajax.tpl.php

@@ -16,6 +16,14 @@
  *
  * Output javascript for interactions code of ecm module
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE ecm/tpl/enablefiletreeajax.tpl.php -->

+ 10 - 3
htdocs/expedition/tpl/linkedobjectblock.tpl.php

@@ -14,8 +14,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -34,7 +41,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -73,7 +80,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 

+ 9 - 2
htdocs/expensereport/tpl/linkedobjectblock.tpl.php

@@ -15,8 +15,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -32,7 +39,7 @@ $var=true;
 $total=0;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
-	
+
 ?>
 <tr <?php echo $GLOBALS['bc'][$var]; ?> >
 	<td><?php echo $langs->trans("ExpenseReport"); ?></td>

+ 9 - 2
htdocs/fichinter/tpl/linkedobjectblock.tpl.php

@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -33,7 +40,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>

+ 10 - 3
htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php

@@ -14,8 +14,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -35,7 +42,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -66,7 +73,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 

+ 12 - 4
htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php

@@ -17,6 +17,14 @@
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -36,7 +44,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -54,7 +62,7 @@ foreach($linkedObjectBlock as $key => $objectlink)
     				$total = $total + $sign * $objectlink->total_ht;
     				echo price($objectlink->total_ht);
     			}
-    			else 
+    			else
     			{
     				echo '<strike>'.price($objectlink->total_ht).'</strike>';
     			}
@@ -62,7 +70,7 @@ foreach($linkedObjectBlock as $key => $objectlink)
     	<td align="right"><?php echo $objectlink->getLibStatut(3); ?></td>
     	<td align="right"><a href="<?php echo $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=dellink&dellinkid='.$key; ?>"><?php echo img_delete($langs->transnoentitiesnoconv("RemoveLink")); ?></a></td>
     </tr>
-<?php 
+<?php
 }
 if (count($linkedObjectBlock) > 1)
 {
@@ -76,7 +84,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>
 

+ 1 - 1
htdocs/main.inc.php

@@ -81,7 +81,7 @@ function test_sql_and_script_inject($val, $type)
     // For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
     if ($type != 2)
     {
-    	$inj += preg_match('/updatexml^(/i',	 $val);
+    	$inj += preg_match('/updatexml\(/i',	 $val);
     	$inj += preg_match('/delete\s+from/i',	 $val);
         $inj += preg_match('/create\s+table/i',	 $val);
         $inj += preg_match('/update.+set.+=/i',  $val);

+ 8 - 0
htdocs/modulebuilder/template/core/tpl/mytemplate.tpl.php

@@ -23,5 +23,13 @@
  * Put detailed description here.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 /** Your code here. */
 echo "Hello world!";

+ 8 - 0
htdocs/product/canvas/product/tpl/card_create.tpl.php

@@ -15,6 +15,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object=$GLOBALS['object'];
 
 $statutarray=array('1' => $langs->trans("OnSell"), '0' => $langs->trans("NotOnSell"));

+ 8 - 0
htdocs/product/canvas/product/tpl/card_edit.tpl.php

@@ -15,6 +15,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object=$GLOBALS['object'];
 
 $statutarray=array('1' => $langs->trans("OnSell"), '0' => $langs->trans("NotOnSell"));

+ 8 - 0
htdocs/product/canvas/product/tpl/card_view.tpl.php

@@ -15,6 +15,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object=$GLOBALS['object'];
 ?>
 

+ 9 - 2
htdocs/product/canvas/product/tpl/list.tpl.php

@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -69,7 +76,7 @@
  		if ($searchfield['enabled']) {
  			if ($searchfield['search'])	{ ?>
   				<td class="liste_titre" align="<?php echo $searchfield['align']; ?>"><input class="flat" type="text" name="s<?php echo $searchfield['alias']; ?>" value=""></td>
-	<?php } else if ($key == $num) { 
+	<?php } else if ($key == $num) {
         print '<td class="liste_titre" align="right">';
         $searchpicto=$form->showFilterAndCheckAddButtons(0);
         print $searchpicto;

+ 8 - 1
htdocs/product/canvas/service/tpl/card_create.tpl.php

@@ -13,9 +13,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object=$GLOBALS['object'];
 
 $statutarray=array('1' => $langs->trans("OnSell"), '0' => $langs->trans("NotOnSell"));

+ 8 - 0
htdocs/product/canvas/service/tpl/card_edit.tpl.php

@@ -15,6 +15,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object=$GLOBALS['object'];
 
 $statutarray=array('1' => $langs->trans("OnSell"), '0' => $langs->trans("NotOnSell"));

+ 8 - 0
htdocs/product/canvas/service/tpl/card_view.tpl.php

@@ -15,6 +15,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object=$GLOBALS['object'];
 ?>
 

+ 9 - 2
htdocs/product/canvas/service/tpl/list.tpl.php

@@ -13,8 +13,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE -->
@@ -69,7 +76,7 @@
  		if ($searchfield['enabled']) {
  			if ($searchfield['search'])	{ ?>
   				<td class="liste_titre" align="<?php echo $searchfield['align']; ?>"><input class="flat" type="text" name="s<?php echo $searchfield['alias']; ?>" value=""></td>
-	<?php } else if ($key == $num) { 	
+	<?php } else if ($key == $num) {
         print '<td class="liste_titre" align="right">';
         $searchpicto=$form->showFilterAndCheckAddButtons(0);
         print $searchpicto;

+ 59 - 49
htdocs/product/inventory/tpl/inventory.tpl.php

@@ -1,12 +1,22 @@
+<?php
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+?>
 <script type="text/javascript">
     function save_qty(k) {
-        
+
         var $input = $('input[name="qty_to_add['+k+']"]');
         var fk_det_inventory = $('input[name=det_id_'+k+']').val();
         var qty = $input.val();
-        
+
         $('#a_save_qty_'+k).hide();
-        
+
         $.ajax({
             url:"ajax/ajax.inventory.php"
             ,data:{
@@ -14,28 +24,28 @@
                 ,'qty': qty
                 ,'put':'qty'
             }
-            
+
         }).done(function(data) {
             $('#qty_view_'+k).html(data);
             $input.val(0);
             $.jnotify("Quantité ajoutée : "+qty, "mesgs" );
-            
+
             $('#a_save_qty_'+k).show();
-            
+
             hide_save_button();
         });
-        
-        
+
+
     }
-    
+
     function save_pmp(k) {
-    	
+
         var $input = $('input[name="new_pmp['+k+']"]');
         var fk_det_inventory = $('input[name=det_id_'+k+']').val();
         var pmp = $input.val();
-        
+
         $('#a_save_new_pmp_'+k).hide();
-        
+
         $.ajax({
             url:"ajax/ajax.inventory.php"
             ,data:{
@@ -43,31 +53,31 @@
                 ,'pmp': pmp
                 ,'put':'pmp'
             }
-            
+
         }).done(function(data) {
            	$input.css({"background-color":"#66ff66"});
             $.jnotify("PMP sauvegardé : "+pmp, "mesgs" );
             $('#a_save_new_pmp_'+k).show();
-             
+
         });
-        
+
     }
-    
+
     function hide_save_button() {
        var nb = 0;
        $('input[name^="qty_to_add"]').each(function() {
            nb += $(this).val();
        });
-       
+
        if(nb>0) {
            $('input[name=modify]').show();
-           
+
        }
        else{
            $('input[name=modify]').hide();
-           
+
        }
-        
+
     }
 </script>
 
@@ -76,37 +86,37 @@
 	<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
 		<input type="hidden" name="action" value="add_line" />
 		<input type="hidden" name="id" value="<?php echo $object->id; ?>" />
-	
+
 		<?php echo inventorySelectProducts($object); ?>
-		
+
 			<input class="button" type="submit" value="<?php echo $langs->trans('AddProduct'); ?>" />
 	</form><br>
 <?php } ?>
 
 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
-	
+
 	<?php if ($view['is_already_validate'] == 1) { ?>
 		<div class="warning">Cet inventaire est validé</div>
 	<?php } ?>
-	
+
 	<input type="hidden" name="action" value="save" />
 	<input type="hidden" name="id" value="<?php echo $object->id; ?>" />
-	
+
 	<table width="100%" class="noborder workstation">
 		<?php
-		
-		_headerList($view); 
-        
+
+		_headerList($view);
+
         $total_pmp = $total_pa = $total_pmp_actual = $total_pa_actual =$total_current_pa=$total_current_pa_actual = 0;
         $i=1;
-        
-        foreach ($lines as $k=>$row) { 
-            
+
+        foreach ($lines as $k=>$row) {
+
             $total_pmp+=$row['pmp_stock'];
             $total_pa+=$row['pa_stock'];
             $total_pmp_actual+=$row['pmp_actual'];
             $total_pa_actual+=$row['pa_actual'];
-            
+
 			if($i%20 === 0)
 			{
             	_headerList($view);
@@ -126,18 +136,18 @@
 	                 if(!empty($conf->global->INVENTORY_USE_MIN_PA_IF_NO_LAST_PA)){
 	                 	echo '<td align="right" style="background-color: #e8e8ff;">'.price($row['current_pa_stock']).'</td>';
 						 $total_current_pa+=$row['current_pa_stock'];
-	                 }   
-	                    
+	                 }
+
 	               ?>
 				<?php } ?>
 				<td align="center"><?php echo $row['qty']; ?>&nbsp;&nbsp;<span id="qty_view_<?php echo $row['k']; ?>"><?php echo $row['qty_view']; ?></span>
-                    <input type="hidden" name="det_id_<?php echo $row['k']; ?>" value="<?php echo $row['id']; ?>" /> 
+                    <input type="hidden" name="det_id_<?php echo $row['k']; ?>" value="<?php echo $row['id']; ?>" />
                 </td>
                 <?php if ($can_validate == 1) { ?>
                     <td align="right"><?php echo price($row['pmp_actual']); ?></td>
                     <?php
                     if(!empty($user->rights->stock->changePMP)) {
-                    	echo '<td align="right">'.$row['pmp_new'].'</td>';	
+                    	echo '<td align="right">'.$row['pmp_new'].'</td>';
 					}
                     ?>
                     <td align="right"><?php echo price($row['pa_actual']); ?></td>
@@ -145,8 +155,8 @@
 		                 if(!empty($conf->global->INVENTORY_USE_MIN_PA_IF_NO_LAST_PA)){
 		                 	echo '<td align="right">'.price($row['current_pa_actual']).'</td>';
 							 $total_current_pa_actual+=$row['current_pa_actual'];
-		                 }   
-		                    
+		                 }
+
 		               ?>
                     <td align="center"><?php echo $row['qty_regulated']; ?></td>
 				<?php } ?>
@@ -154,25 +164,25 @@
 					<td align="center" width="20%"><?php echo $row['action']; ?></td>
 				<?php } ?>
 			</tr>
-			<?php $i++; 
-        
-        } 
-		
+			<?php $i++;
+
+        }
+
 		_footerList($view,$total_pmp,$total_pmp_actual,$total_pa,$total_pa_actual, $total_current_pa,$total_current_pa_actual);
-	
+
 		?>
 	</table>
-	
+
 	<?php if ($object->status != 1) { ?>
 		<div class="tabsAction" style="height:30px;">
 			<?php if ($action!= 'edit') { ?>
 				<!-- <a href="<?php echo $view_url; ?>?id=<?php echo $object->id; ?>&action=exportCSV" class="butAction"><?php echo $langs->trans('ExportCSV') ?></a> -->
 				<a href="<?php echo $view_url; ?>?id=<?php echo $object->id; ?>&action=edit" class="butAction"><?php echo $langs->trans('Modify') ?></a>
-				<?php 
+				<?php
 				 if(!empty($user->rights->stock->changePMP)) {
 				 	echo '<a href="'.$view_url.'?id='.$object->id.'&action=changePMP" class="butAction">'.$langs->trans('ApplyPMP').'</a>';
 				 }
-				
+
 				if ($can_validate == 1) { ?>
 					<a href="<?php echo $view_url; ?>?id=<?php echo $object->id; ?>&action=regulate&token=" class="butAction"><?php echo $langs->trans('RegulateStock') ?></a>
 				<?php } ?>
@@ -193,13 +203,13 @@
 
 				<!-- <a href="<?php echo $view_url; ?>?id=<?php echo $object->id; ?>&action=exportCSV" class="butAction"><?php echo $langs->trans('ExportCSV') ?></a> -->
 				<a href="#" title="<?php echo $langs->trans('InventoryAlreadyValidated'); ?>" class="butActionRefused"><?php echo $langs->trans('Delete') ?></a>
-				
+
 			<?php } ?>
 		</div>
 	<?php } ?>
 </form>
 <p>Date de création : <?php echo $object->getDate('datec') ?>
 <br />Dernière mise à jour : <?php echo $object->getDate('tms') ?></p>
-	
 
-	
+
+

+ 8 - 0
htdocs/product/stock/tpl/stockcorrection.tpl.php

@@ -17,6 +17,14 @@
  * $object must be defined
  * $backtopage
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE STOCKCORRECTION.TPL.PHP -->

+ 8 - 0
htdocs/product/stock/tpl/stocktransfer.tpl.php

@@ -17,6 +17,14 @@
  * $object must be defined
  * $backtopage
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE STOCKCORRECTION.TPL.PHP -->

+ 8 - 1
htdocs/societe/canvas/company/tpl/card_create.tpl.php

@@ -14,8 +14,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE CARD_CREATE.TPL.PHP COMPANY -->

+ 8 - 1
htdocs/societe/canvas/company/tpl/card_edit.tpl.php

@@ -14,9 +14,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $contact = $GLOBALS['objcanvas']->control->object;
 
 ?>

+ 8 - 1
htdocs/societe/canvas/company/tpl/card_view.tpl.php

@@ -13,9 +13,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $soc = $GLOBALS['objcanvas']->control->object;
 
 ?>

+ 8 - 1
htdocs/societe/canvas/individual/tpl/card_create.tpl.php

@@ -14,8 +14,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE CARD_CREATE.TPL.PHP INDIVIDUAL -->

+ 8 - 1
htdocs/societe/canvas/individual/tpl/card_edit.tpl.php

@@ -14,8 +14,15 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
+
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE CARD_EDIT.TPL.PHP INDIVIDUAL -->

+ 8 - 1
htdocs/societe/canvas/individual/tpl/card_view.tpl.php

@@ -13,9 +13,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+
 $object = $GLOBALS['objcanvas']->control->object;
 
 ?>

+ 8 - 1
htdocs/societe/tpl/linesalesrepresentative.tpl.php

@@ -1,5 +1,12 @@
 <?php
-        // Sale representative
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
+		// Sale representative
         print '<tr><td>';
         print '<table width="100%" class="nobordernopadding"><tr><td>';
         print $langs->trans('SalesRepresentatives');

+ 9 - 2
htdocs/supplier_proposal/tpl/linkedobjectblock.tpl.php

@@ -17,6 +17,13 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+// Protection to avoid direct call of template
+if (empty($conf) || ! is_object($conf))
+{
+	print "Error, template page can't be called as URL";
+	exit;
+}
+
 ?>
 
 <!-- BEGIN PHP TEMPLATE LINKEDOBJECTBOCK-->
@@ -33,7 +40,7 @@ $var=true;
 foreach($linkedObjectBlock as $key => $objectlink)
 {
     $ilink++;
-    
+
     $trclass=($var?'pair':'impair');
     if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total';
 ?>
@@ -64,7 +71,7 @@ if (count($linkedObjectBlock) > 1)
     	<td align="right"></td>
     	<td align="right"></td>
     </tr>
-    <?php  
+    <?php
 }
 ?>