Home Explore Help
Sign In
iProspective
/
dolibarr
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

FIX #15572

Laurent Destailleur 4 years ago
parent
df17c2f26a
commit
d3a2aa664f
9 changed files with 25 additions and 33 deletions
Split View Show Diff Stats
  1. 3 3
      htdocs/comm/propal/stats/index.php
  2. 2 13
      htdocs/commande/card.php
  3. 4 4
      htdocs/commande/stats/index.php
  4. 2 2
      htdocs/compta/facture/stats/index.php
  5. 1 0
      htdocs/core/lib/functions.lib.php
  6. 4 4
      htdocs/expensereport/stats/index.php
  7. 2 2
      htdocs/fichinter/stats/index.php
  8. 3 3
      htdocs/ticket/stats/index.php
  9. 4 2
      test/phpunit/FunctionsLibTest.php

+ 3 - 3
htdocs/comm/propal/stats/index.php
View File 

@@ -37,11 +37,11 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
 
 $WIDTH = DolGraph::getDefaultGraphSizeForStats('width');
 
 $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height');
 
 
-$mode = GETPOST("mode") ?GETPOST("mode") : 'customer';
 
+$mode = GETPOSTISSET("mode") ? GETPOST("mode", 'aZ09') : 'customer';
 
 if ($mode == 'customer' && !$user->rights->propale->lire) accessforbidden();
 
 if ($mode == 'supplier' && !$user->rights->supplier_proposal->lire) accessforbidden();
 
 
-$object_status = GETPOST('object_status');
 
+$object_status = GETPOST('object_status', 'intcomma');
 
 $typent_id = GETPOST('typent_id', 'int');
 
 $categ_id = GETPOST('categ_id', 'categ_id');
 
 
@@ -55,7 +55,7 @@ if ($user->socid > 0)
 
 }
 
 
 $nowyear = strftime("%Y", dol_now());
 
-$year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear;
 
+$year = GETPOST('year') > 0 ? GETPOST('year', 'int') : $nowyear;
 
 //$startyear=$year-2;
 
 $startyear = $year - 1;
 
 $endyear = $year;

+ 2 - 13
htdocs/commande/card.php
View File 

@@ -460,26 +460,15 @@ if (empty($reshook))
 
 				if (!$error)
 
 				{
 
 					$object_id = $object->create($user);
 
-
 
-					// If some invoice's lines already known
 
-					$NBLINES = 8;
 
-					for ($i = 1; $i <= $NBLINES; $i++) {
 
-						if ($_POST['idprod'.$i]) {
 
-							$xid = 'idprod'.$i;
 
-							$xqty = 'qty'.$i;
 
-							$xremise = 'remise_percent'.$i;
 
-							$object->add_product($_POST[$xid], $_POST[$xqty], $_POST[$xremise]);
 
-						}
 
-					}
 
 				}
 
 			}
 
 
 			// Insert default contacts if defined
 
 			if ($object_id > 0)
 
 			{
 
-				if (GETPOST('contactid'))
 
+				if (GETPOST('contactid', 'int'))
 
 				{
 
-					$result = $object->add_contact(GETPOST('contactid'), 'CUSTOMER', 'external');
 
+					$result = $object->add_contact(GETPOST('contactid', 'int'), 'CUSTOMER', 'external');
 
 					if ($result < 0) {
 
 						setEventMessages($langs->trans("ErrorFailedToAddContact"), null, 'errors');
 
 						$error++;

+ 4 - 4
htdocs/commande/stats/index.php
View File 

@@ -38,11 +38,11 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
 
 $WIDTH = DolGraph::getDefaultGraphSizeForStats('width');
 
 $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height');
 
 
-$mode = GETPOST("mode") ?GETPOST("mode") : 'customer';
 
+$mode = GETPOSTISSET("mode") ? GETPOST("mode", 'aZ09') : 'customer';
 
 if ($mode == 'customer' && !$user->rights->commande->lire) accessforbidden();
 
 if ($mode == 'supplier' && !$user->rights->fournisseur->commande->lire) accessforbidden();
 
 
-$object_status = GETPOST('object_status');
 
+$object_status = GETPOST('object_status', 'intcomma');
 
 $typent_id = GETPOST('typent_id', 'int');
 
 $categ_id = GETPOST('categ_id', 'categ_id');
 
 
@@ -308,11 +308,11 @@ if ($mode == 'customer')
 
         Commande::STATUS_CLOSED=>$langs->trans("StatusOrderDelivered"),
 
         Commande::STATUS_CANCELED=>$langs->trans("StatusOrderCanceled")
 
     );
 
-    print $form->selectarray('object_status', $liststatus, GETPOST('object_status', 'int'), -4);
 
+    print $form->selectarray('object_status', $liststatus, GETPOST('object_status', 'intcomma'), -4);
 
 }
 
 if ($mode == 'supplier')
 
 {
 
-    $formorder->selectSupplierOrderStatus((strstr($object_status, ',') ?-1 : $object_status), 0, 'object_status');
 
+    $formorder->selectSupplierOrderStatus((strstr($object_status, ',') ? -1 : $object_status), 0, 'object_status');
 
 }
 
 print '</td></tr>';
 
 // Year

+ 2 - 2
htdocs/compta/facture/stats/index.php
View File 

@@ -44,7 +44,7 @@ $mode = GETPOST("mode") ?GETPOST("mode") : 'customer';
 
 if ($mode == 'customer' && !$user->rights->facture->lire) accessforbidden();
 
 if ($mode == 'supplier' && !$user->rights->fournisseur->facture->lire) accessforbidden();
 
 
-$object_status = GETPOST('object_status');
 
+$object_status = GETPOST('object_status', 'intcomma');
 
 $typent_id = GETPOST('typent_id', 'int');
 
 $categ_id = GETPOST('categ_id', 'categ_id');
 
 
@@ -59,7 +59,7 @@ if ($user->socid > 0)
 
 }
 
 
 $nowyear = strftime("%Y", dol_now());
 
-$year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear;
 
+$year = GETPOST('year') > 0 ? GETPOST('year', 'int') : $nowyear;
 
 if(!empty($conf->global->INVOICE_STATS_GRAPHS_SHOW_2_YEARS)) $startyear=$year-2;
 
 else $startyear=$year-1;
 
 $endyear = $year;

+ 1 - 0
htdocs/core/lib/functions.lib.php
View File 

@@ -4723,6 +4723,7 @@ function price2num($amount, $rounding = '', $option = 0)
 
 	// Convert value to universal number format (no thousand separator, '.' as decimal separator)
 
 	if ($option != 1) {	// If not a PHP number or unknown, we change or clean format
 
 		//print 'PP'.$amount.' - '.$dec.' - '.$thousand.' - '.intval($amount).'<br>';
 
+		$amount = preg_replace('/[a-zA-Z\/\\\*\(\)\<\>\-]/', '', $amount);
 
 
 		if ($option == 2 && $thousand == '.' && preg_match('/\.(\d\d\d)$/', (string) $amount)) {	// It means the . is used as a thousand separator and string come frominput data, so 1.123 is 1123
 
 			$amount = str_replace($thousand, '', $amount);

+ 4 - 4
htdocs/expensereport/stats/index.php
View File 

@@ -34,8 +34,8 @@ $langs->loadLangs(array('trips', 'companies'));
 
 $WIDTH = DolGraph::getDefaultGraphSizeForStats('width');
 
 $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height');
 
 
-$mode = GETPOST("mode") ?GETPOST("mode") : 'customer';
 
-$object_status = GETPOST('object_status');
 
+$mode = GETPOSTISSET("mode") ? GETPOST("mode", 'aZ09') : 'customer';
 
+$object_status = GETPOST('object_status', 'intcomma');
 
 
 $userid = GETPOST('userid', 'int');
 
 $socid = GETPOST('socid', 'int'); if ($socid < 0) $socid = 0;
 
@@ -51,7 +51,7 @@ if ($user->socid) $socid = $user->socid;
 
 $result = restrictedArea($user, 'expensereport', $id, '');
 
 
 $nowyear = strftime("%Y", dol_now());
 
-$year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear;
 
+$year = GETPOST('year') > 0 ? GETPOST('year', 'int') : $nowyear;
 
 //$startyear=$year-2;
 
 $startyear = $year - 1;
 
 $endyear = $year;
 
@@ -231,7 +231,7 @@ print '</td></tr>';
 
 // Status
 
 print '<tr><td class="left">'.$langs->trans("Status").'</td><td class="left">';
 
 $liststatus = $tmpexpensereport->statuts;
 
-print $form->selectarray('object_status', $liststatus, GETPOST('object_status', 'int'), -4, 0, 0, '', 1);
 
+print $form->selectarray('object_status', $liststatus, GETPOST('object_status', 'intcomma'), -4, 0, 0, '', 1);
 
 print '</td></tr>';
 
 // Year
 
 print '<tr><td>';

+ 2 - 2
htdocs/fichinter/stats/index.php
View File 

@@ -42,12 +42,12 @@ if ($user->socid > 0)
 
 }
 
 
 $nowyear = strftime("%Y", dol_now());
 
-$year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear;
 
+$year = GETPOST('year') > 0 ? GETPOST('year', 'int') : $nowyear;
 
 //$startyear=$year-2;
 
 $startyear = $year - 1;
 
 $endyear = $year;
 
 
-$object_status = GETPOST('object_status');
 
+$object_status = GETPOST('object_status', 'intcomma');
 
 
 // Load translation files required by the page
 
 $langs->loadLangs(array('interventions', 'companies', 'other', 'suppliers'));

+ 3 - 3
htdocs/ticket/stats/index.php
View File 

@@ -32,7 +32,7 @@ $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height');
 
 
 if (!$user->rights->ticket->read) accessforbidden();
 
 
-$object_status = GETPOST('object_status');
 
+$object_status = GETPOST('object_status', 'intcomma');
 
 
 $userid = GETPOST('userid', 'int');
 
 $socid = GETPOST('socid', 'int');
 
@@ -44,7 +44,7 @@ if ($user->socid > 0)
 
 }
 
 
 $nowyear = strftime("%Y", dol_now());
 
-$year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear;
 
+$year = GETPOST('year') > 0 ? GETPOST('year', 'int') : $nowyear;
 
 //$startyear=$year-2;
 
 $startyear = $year - 1;
 
 $endyear = $year;
 
@@ -241,7 +241,7 @@ print $form->select_dolusers($userid, 'userid', 1, '', 0, '', '', 0, 0, 0, '', 0
 
 // Status
 
 print '<tr><td class="left">'.$langs->trans("Status").'</td><td class="left">';
 
 $liststatus = $object->fields['fk_statut']['arrayofkeyval'];
 
-print $form->selectarray('object_status', $liststatus, GETPOST('object_status', 'int'), -4, 0, 0, '', 1);
 
+print $form->selectarray('object_status', $liststatus, GETPOST('object_status', 'intcomma'), -4, 0, 0, '', 1);
 
 print '</td></tr>';
 
 // Year
 
 print '<tr><td class="left">'.$langs->trans("Year").'</td><td class="left">';

+ 4 - 2
test/phpunit/FunctionsLibTest.php
View File 

@@ -1234,7 +1234,9 @@ class FunctionsLibTest extends PHPUnit\Framework\TestCase
 
     	$newlangs->load("main");
 
     	$langs = $newlangs;
 
 
-        $this->assertEquals(1000, price2num('1 000.0'));
 
+    	$this->assertEquals(150, price2num('(SELECT/**/CASE/**/WHEN/**/(0<1)/**/THEN/**/SLEEP(5)/**/ELSE/**/SLEEP(0)/**/END)'));
 
+
 
+    	$this->assertEquals(1000, price2num('1 000.0'));
 
         $this->assertEquals(1000, price2num('1 000', 'MT'));
 
         $this->assertEquals(1000, price2num('1 000', 'MU'));
 
 
@@ -1252,7 +1254,7 @@ class FunctionsLibTest extends PHPUnit\Framework\TestCase
 
 
         // Text can't be converted
 
         $this->assertEquals('12.4$', price2num('12.4$'));
 
-        $this->assertEquals('12r.4$', price2num('12r.4$'));
 
+        $this->assertEquals('12.4$', price2num('12r.4$'));
 
 
         // For spanish language
 
         $newlangs2 = new Translate('', $conf);