From 19ba90f57780e1ed724e382d7ed3a4f3e5dc64f2 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 1 Aug 2017 13:17:27 +0200
Subject: [PATCH] Fix creation of leave request
---
htdocs/holiday/card.php | 17 ++++++++++-------
htdocs/holiday/class/holiday.class.php | 6 +++---
2 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php
index e50c880c0ee..8ee0fb64b40 100644
--- a/htdocs/holiday/card.php
+++ b/htdocs/holiday/card.php
@@ -60,7 +60,7 @@ if ($action == 'create')
$object = new Holiday($db);
// If no right to create a request
- $fuserid = GETPOST('fuserid');
+ $fuserid = GETPOST('fuserid','int');
if (($fuserid == $user->id && empty($user->rights->holiday->write)) || ($fuserid != $user->id && empty($user->rights->holiday->write_all)))
{
$error++;
@@ -118,7 +118,7 @@ if ($action == 'create')
}
// Check if there is already holiday for this period
- $verifCP = $object->verifDateHolidayCP($userID, $date_debut, $date_fin, $halfday);
+ $verifCP = $object->verifDateHolidayCP($fuserid, $date_debut, $date_fin, $halfday);
if (! $verifCP)
{
setEventMessages($langs->trans("alreadyCPexist"), null, 'errors');
@@ -144,11 +144,9 @@ if ($action == 'create')
$result = 0;
- $result = 0;
-
if (! $error)
{
- $object->fk_user = $userid;
+ $object->fk_user = $fuserid;
$object->description = $description;
$object->date_debut = $date_debut;
$object->date_fin = $date_fin;
@@ -157,10 +155,15 @@ if ($action == 'create')
$object->fk_type = $type;
$result = $object->create($user);
+ if ($result <= 0)
+ {
+ setEventMessages($object->error, $object->errors, 'errors');
+ $error++;
+ }
}
// If no SQL error we redirect to the request card
- if (! $error && $result > 0)
+ if (! $error)
{
$db->commit();
@@ -834,7 +837,7 @@ if (empty($id) || $action == 'add' || $action == 'request' || $action == 'create
print $form->select_dolusers($fuserid, 'useridbis', 0, '', 1, '', '', 0, 0, 0, '', 0, '', 'maxwidth300');
print '<input type="hidden" name="fuserid" value="'.($fuserid?$fuserid:$user->id).'">';
}
- else print $form->select_dolusers(GETPOST('fuserid')?GETPOST('fuserid'):$user->id,'fuserid',0,'',0);
+ else print $form->select_dolusers(GETPOST('fuserid','int')?GETPOST('fuserid','int'):$user->id,'fuserid',0,'',0);
print '</td>';
print '</tr>';
diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php
index 9973223ba0f..4815bee4b00 100644
--- a/htdocs/holiday/class/holiday.class.php
+++ b/htdocs/holiday/class/holiday.class.php
@@ -125,9 +125,9 @@ class Holiday extends CommonObject
$now=dol_now();
// Check parameters
- if (empty($this->fk_user) || ! is_numeric($this->fk_user) || $this->fk_user < 0) { $this->error="ErrorBadParameter"; return -1; }
- if (empty($this->fk_validator) || ! is_numeric($this->fk_validator) || $this->fk_validator < 0) { $this->error="ErrorBadParameter"; return -1; }
- if (empty($this->fk_type) || ! is_numeric($this->fk_type) || $this->fk_type < 0) { $this->error="ErrorBadParameter"; return -1; }
+ if (empty($this->fk_user) || ! is_numeric($this->fk_user) || $this->fk_user < 0) { $this->error="ErrorBadParameterFkUser"; return -1; }
+ if (empty($this->fk_validator) || ! is_numeric($this->fk_validator) || $this->fk_validator < 0) { $this->error="ErrorBadParameterFkValidator"; return -1; }
+ if (empty($this->fk_type) || ! is_numeric($this->fk_type) || $this->fk_type < 0) { $this->error="ErrorBadParameterFkType"; return -1; }
// Insert request
$sql = "INSERT INTO ".MAIN_DB_PREFIX."holiday(";
--
GitLab