diff --git a/htdocs/adherents/card_subscriptions.php b/htdocs/adherents/card_subscriptions.php
index 82f817e2f2117940819226483e60409339480804..d7b4390890eda61b76c2d6f9e9509097f998721d 100644
--- a/htdocs/adherents/card_subscriptions.php
+++ b/htdocs/adherents/card_subscriptions.php
@@ -39,8 +39,12 @@ $langs->load("users");
$langs->load("mails");
+$action=GETPOST('action','alpha');
+$rowid=GETPOST('rowid','int');
+$typeid=GETPOST('typeid','int');
+
// Security check
-if (! $user->rights->adherent->cotisation->lire) accessforbidden();
+$result=restrictedArea($user,'adherent',$rowid);
$object = new Adherent($db);
$extrafields = new ExtraFields($db);
@@ -50,10 +54,6 @@ $errmsg='';
$defaultdelay=1;
$defaultdelayunit='y';
-$action=GETPOST('action');
-$rowid=GETPOST('rowid');
-$typeid=GETPOST('typeid');
-
if ($rowid)
{
// Load member
diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php
index 5b23d7cab971a9bb499e5078c9fd7e87cc68ccd8..709d7690c74927887ccbfbdfcbc0795653fb3bff 100644
--- a/htdocs/adherents/class/adherent.class.php
+++ b/htdocs/adherents/class/adherent.class.php
@@ -968,7 +968,7 @@ class Adherent extends CommonObject
*/
function fetch($rowid,$ref='',$fk_soc='')
{
- global $conf, $langs;
+ global $langs;
$sql = "SELECT d.rowid, d.civilite, d.prenom as firstname, d.nom as lastname, d.societe, d.fk_soc, d.statut, d.public, d.adresse as address, d.cp as zip, d.ville as town, d.note,";
$sql.= " d.email, d.phone, d.phone_perso, d.phone_mobile, d.login, d.pass,";
@@ -989,10 +989,12 @@ class Adherent extends CommonObject
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as dep ON d.fk_departement = dep.rowid";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON d.rowid = u.fk_member";
$sql.= " WHERE d.fk_adherent_type = t.rowid";
- $sql.= " AND d.entity = ".$conf->entity;
- if ($ref) $sql.= " AND d.rowid='".$ref."'";
- elseif ($fk_soc) $sql.= " AND d.fk_soc='".$fk_soc."'";
- else $sql.= " AND d.rowid=".$rowid;
+ if ($rowid) $sql.= " AND d.rowid=".$rowid;
+ elseif ($ref || $fk_soc) {
+ $sql.= " AND d.entity IN (".getEntity().")";
+ if ($ref) $sql.= " AND d.rowid='".$ref."'";
+ elseif ($fk_soc) $sql.= " AND d.fk_soc='".$fk_soc."'";
+ }
dol_syslog(get_class($this)."::fetch sql=".$sql);
$resql=$this->db->query($sql);
diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php
index f62b7781be82f11f7d1407f7cd25c87755c9d8d2..5552cc84bd4a7c87958bb28d17e470986d1e6337 100644
--- a/htdocs/adherents/document.php
+++ b/htdocs/adherents/document.php
@@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2002-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2007 Regis Houssin <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2010 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
@@ -31,18 +31,21 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php");
require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent.class.php");
require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php");
+$langs->load("members");
$langs->load("companies");
$langs->load('other');
-
+
+$id=GETPOST('id','int');
+$action=GETPOST('action','alpha');
+$confirm=GETPOST('confirm','alpha');
$mesg = "";
// Security check
-$id = GETPOST('id','int');
if ($user->societe_id > 0)
{
$id = $user->societe_id;
}
-//$result = restrictedArea($user, 'societe', $id);
+$result=restrictedArea($user,'adherent',$id);
// Get parameters
$sortfield = GETPOST("sortfield",'alpha');
@@ -65,7 +68,7 @@ $upload_dir = $conf->adherent->dir_output . "/" . get_exdir($id,2,0,1) . '/' . $
*/
// Envoie fichier
-if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
+if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
{
require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
@@ -96,7 +99,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
}
// Suppression fichier
-if ($_REQUEST['action'] == 'confirm_deletefile' && $_REQUEST['confirm'] == 'yes')
+if ($action == 'confirm_deletefile' && $confirm == 'yes')
{
$file = $upload_dir . "/" . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
dol_delete_file($file);
@@ -197,21 +200,21 @@ if ($id > 0)
/*
* Confirmation suppression fichier
*/
- if ($_GET['action'] == 'delete')
+ if ($action == 'delete')
{
- $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$_GET["id"].'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
+ $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$member->id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
if ($ret == 'html') print '<br>';
}
// Affiche formulaire upload
$formfile=new FormFile($db);
- $formfile->form_attach_new_file(DOL_URL_ROOT.'/adherents/document.php?id='.$id,'',0,0,$user->rights->adherent->creer);
+ $formfile->form_attach_new_file(DOL_URL_ROOT.'/adherents/document.php?id='.$member->id,'',0,0,$user->rights->adherent->creer);
// List of document
$param='&socid='.$societe->id;
- $formfile->list_of_documents($filearray,$member,'member',$param, 0, get_exdir($id,2,0,1).'/'.$id.'/');
+ $formfile->list_of_documents($filearray,$member,'member',$param, 0, get_exdir($member->id,2,0,1).'/'.$member->id.'/');
print "<br><br>";
}
@@ -226,9 +229,7 @@ else
print $langs->trans("ErrorRecordNotFound");
}
-$db->close();
-
llxFooter();
-
+$db->close();
?>
diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php
index 0f756e5eaf2b43fee8871b5a60cf77515d9a5bb9..c7d2c2b162da3731ef31a1e9474b0a9d2b643b83 100644
--- a/htdocs/adherents/fiche.php
+++ b/htdocs/adherents/fiche.php
@@ -41,21 +41,22 @@ $langs->load("bills");
$langs->load("members");
$langs->load("users");
+
+$action=GETPOST('action','alpha');
+$confirm=GETPOST('confirm','alpha');
+$rowid=GETPOST('rowid','int');
+$typeid=GETPOST('typeid','int');
+$userid=GETPOST('userid','int');
+$socid=GETPOST('socid','int');
+
// Security check
-if (! $user->rights->adherent->lire) accessforbidden();
+$result=restrictedArea($user,'adherent',$rowid);
$object = new Adherent($db);
$extrafields = new ExtraFields($db);
$errmsg=''; $errmsgs=array();
-$action=GETPOST('action','alpha');
-$confirm=GETPOST('confirm','alpha');
-$rowid=GETPOST('rowid','int');
-$typeid=GETPOST('typeid','int');
-$userid=GETPOST('userid','int');
-$socid=GETPOST('socid','int');
-
if ($rowid > 0)
{
// Load member
@@ -67,16 +68,12 @@ if ($rowid > 0)
if ($object->user_id)
{
// $user est le user qui edite, $object->user_id est l'id de l'utilisateur lies au membre edite
- $caneditfielduser=( (($user->id == $object->user_id) && $user->rights->user->self->creer)
- || (($user->id != $object->user_id) && $user->rights->user->user->creer) );
- $caneditpassworduser=( (($user->id == $object->user_id) && $user->rights->user->self->password)
- || (($user->id != $adh->user_id) && $user->rights->user->user->password) );
+ $caneditfielduser=((($user->id == $object->user_id) && $user->rights->user->self->creer)
+ || (($user->id != $object->user_id) && $user->rights->user->user->creer));
+ $caneditpassworduser=((($user->id == $object->user_id) && $user->rights->user->self->password)
+ || (($user->id != $object->user_id) && $user->rights->user->user->password));
}
}
-else
-{
- accessforbidden();
-}
// Define variables to know what current user can do on members
$canaddmember=$user->rights->adherent->creer;
diff --git a/htdocs/adherents/index.php b/htdocs/adherents/index.php
index b0e738747bac5b1430e7f870be6df96cc276f499..c6f3d6dc46d620bfa6ec6693fabe77e57ba720cf 100644
--- a/htdocs/adherents/index.php
+++ b/htdocs/adherents/index.php
@@ -1,7 +1,8 @@
<?php
-/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
- * Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
+/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
+ * Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
+ * Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -59,7 +60,10 @@ $AdherentType=array();
$sql = "SELECT t.rowid, t.libelle, t.cotisation,";
$sql.= " d.statut, count(d.rowid) as somme";
$sql.= " FROM ".MAIN_DB_PREFIX."adherent_type as t";
-$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."adherent as d ON t.rowid = d.fk_adherent_type";
+$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."adherent as d";
+$sql.= " ON t.rowid = d.fk_adherent_type";
+$sql.= " AND d.entity IN (".getEntity().")";
+$sql.= " WHERE t.entity IN (".getEntity().")";
$sql.= " GROUP BY t.rowid, t.libelle, t.cotisation, d.statut";
dol_syslog("index.php::select nb of members by type sql=".$sql, LOG_DEBUG);
@@ -94,8 +98,9 @@ $now=dol_now();
// old rule: uptodate = if type does not need payment, that end date is null, if type need payment that end date is in future)
$sql = "SELECT count(*) as somme , d.fk_adherent_type";
$sql.= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."adherent_type as t";
-//$sql.= " WHERE d.statut = 1 AND ((t.cotisation = 0 AND d.datefin IS NULL) OR d.datefin >= ".$db->idate($now).')';
-$sql.= " WHERE d.statut = 1 AND d.datefin >= ".$db->idate($now);
+$sql.= " WHERE d.entity IN (".getEntity().")";
+//$sql.= " AND d.statut = 1 AND ((t.cotisation = 0 AND d.datefin IS NULL) OR d.datefin >= ".$db->idate($now).')';
+$sql.= " AND d.statut = 1 AND d.datefin >= ".$db->idate($now);
$sql.= " AND t.rowid = d.fk_adherent_type";
$sql.= " GROUP BY d.fk_adherent_type";
@@ -212,7 +217,8 @@ $sql = "SELECT a.rowid, a.statut, a.nom as lastname, a.prenom as firstname,";
$sql.= " a.tms as datem, datefin as date_end_subscription,";
$sql.= " ta.rowid as typeid, ta.libelle, ta.cotisation";
$sql.= " FROM ".MAIN_DB_PREFIX."adherent as a, ".MAIN_DB_PREFIX."adherent_type as ta";
-$sql.= " WHERE a.fk_adherent_type = ta.rowid";
+$sql.= " WHERE a.entity IN (".getEntity().")";
+$sql.= " AND a.fk_adherent_type = ta.rowid";
$sql.= $db->order("a.tms","DESC");
$sql.= $db->plimit($max, 0);
@@ -264,7 +270,8 @@ $sql = "SELECT a.rowid, a.statut, a.nom, a.prenom,";
$sql.= " datefin as date_end_subscription,";
$sql.= " c.rowid as cid, c.tms as datem, c.datec as datec, c.dateadh as date_start, c.datef as date_end, c.cotisation";
$sql.= " FROM ".MAIN_DB_PREFIX."adherent as a, ".MAIN_DB_PREFIX."cotisation as c";
-$sql.= " WHERE c.fk_adherent = a.rowid";
+$sql.= " WHERE a.entity IN (".getEntity().")";
+$sql.= " AND c.fk_adherent = a.rowid";
$sql.= $db->order("c.tms","DESC");
$sql.= $db->plimit($max, 0);
@@ -350,7 +357,8 @@ $numb=0;
$sql = "SELECT c.cotisation, c.dateadh";
$sql.= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."cotisation as c";
-$sql.= " WHERE d.rowid = c.fk_adherent";
+$sql.= " WHERE d.entity IN (".getEntity().")";
+$sql.= " AND d.rowid = c.fk_adherent";
if(isset($date_select) && $date_select != '')
{
$sql .= " AND dateadh LIKE '$date_select%'";
@@ -406,7 +414,6 @@ print '</td></tr>';
print '</table>';
-$db->close();
-
llxFooter();
+$db->close();
?>
diff --git a/htdocs/adherents/info.php b/htdocs/adherents/info.php
index 7fc5b055798f8d8e6aabd2edd5a5295724b63375..067ce7fcf2723b0a00737ddf58ceaaab747a8775 100644
--- a/htdocs/adherents/info.php
+++ b/htdocs/adherents/info.php
@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2005-2009 Laurent Destailleur <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2006 Regis Houssin <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -32,8 +32,10 @@ $langs->load("bills");
$langs->load("members");
$langs->load("users");
-if (!$user->rights->adherent->lire)
- accessforbidden();
+$id=(GETPOST('id','int') ? GETPOST('id','int') : GETPOST('rowid','int'));
+
+// Security check
+$result=restrictedArea($user,'adherent',$id);
/*
@@ -43,9 +45,8 @@ if (!$user->rights->adherent->lire)
llxHeader('',$langs->trans("Member"),'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros');
$adh = new Adherent($db);
-$adh->id=$_GET["id"];
-$adh->fetch($_GET["id"]);
-$adh->info($_GET["id"]);
+$adh->fetch($id);
+$adh->info($id);
$head = member_prepare_head($adh);
@@ -59,7 +60,6 @@ print '</td></tr></table>';
print '</div>';
-$db->close();
-
llxFooter();
+$db->close();
?>
diff --git a/htdocs/adherents/note.php b/htdocs/adherents/note.php
index 0cae04902227d7a1b45799f5ff71cdc2f891f920..a99ae0579257ad284a101b9287f0956113f5b2d5 100644
--- a/htdocs/adherents/note.php
+++ b/htdocs/adherents/note.php
@@ -27,14 +27,15 @@ require_once(DOL_DOCUMENT_ROOT.'/core/lib/member.lib.php');
require_once(DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php');
require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php");
-$action=GETPOST('action');
-$id=GETPOST('id','int');
-
-$langs->load("companies");
-$langs->load("members");
+$langs->load("companies");
+$langs->load("members");
$langs->load("bills");
-if (!$user->rights->adherent->lire) accessforbidden();
+$action=GETPOST('action','alpha');
+$id=GETPOST('id','int');
+
+// Security check
+$result=restrictedArea($user,'adherent',$id);
$object = new Adherent($db);
$result=$object->fetch($id);
@@ -49,7 +50,7 @@ if ($result > 0)
* Actions
*/
-if ($_POST["action"] == 'update' && $user->rights->adherent->creer && ! $_POST["cancel"])
+if ($action == 'update' && $user->rights->adherent->creer && ! $_POST["cancel"])
{
$db->begin();
@@ -174,7 +175,7 @@ if ($id)
}
-$db->close();
llxFooter();
+$db->close();
?>
diff --git a/htdocs/adherents/stats/geo.php b/htdocs/adherents/stats/geo.php
index 9465a7eb10f316718ee4b7aa500e71f8fe5b008c..1c5c0c998bd3070bace4942bb81e6f54358fa922 100755
--- a/htdocs/adherents/stats/geo.php
+++ b/htdocs/adherents/stats/geo.php
@@ -73,7 +73,8 @@ if ($mode)
$data = array();
$sql.="SELECT COUNT(d.rowid) as nb, MAX(d.datevalid) as lastdate, c.code, c.libelle as label";
$sql.=" FROM ".MAIN_DB_PREFIX."adherent as d LEFT JOIN ".MAIN_DB_PREFIX."c_pays as c on d.pays = c.rowid";
- $sql.=" WHERE d.statut = 1";
+ $sql.=" WHERE d.entity IN (".getEntity().")";
+ $sql.=" AND d.statut = 1";
$sql.=" GROUP BY c.libelle, c.code";
//print $sql;
}
@@ -88,7 +89,8 @@ if ($mode)
$sql.=" FROM ".MAIN_DB_PREFIX."adherent as d LEFT JOIN ".MAIN_DB_PREFIX."c_departements as c on d.fk_departement = c.rowid";
$sql.=" LEFT JOIN ".MAIN_DB_PREFIX."c_regions as r on c.fk_region = r.code_region";
$sql.=" LEFT JOIN ".MAIN_DB_PREFIX."c_pays as p on d.pays = p.rowid";
- $sql.=" WHERE d.statut = 1";
+ $sql.=" WHERE d.entity IN (".getEntity().")";
+ $sql.=" AND d.statut = 1";
$sql.=" GROUP BY p.libelle, p.code, c.nom";
//print $sql;
}
@@ -102,7 +104,8 @@ if ($mode)
$sql.="SELECT COUNT(d.rowid) as nb, MAX(d.datevalid) as lastdate, p.code, p.libelle as label, d.ville as label2";
$sql.=" FROM ".MAIN_DB_PREFIX."adherent as d";
$sql.=" LEFT JOIN ".MAIN_DB_PREFIX."c_pays as p on d.pays = p.rowid";
- $sql.=" WHERE d.statut = 1";
+ $sql.=" WHERE d.entity IN (".getEntity().")";
+ $sql.=" AND d.statut = 1";
$sql.=" GROUP BY p.libelle, p.code, d.ville";
//print $sql;
}
diff --git a/htdocs/adherents/stats/index.php b/htdocs/adherents/stats/index.php
index 8c5484d3e92ef5cda8867fd87a1f0089363918c2..515df6c5a740db7f89df4d6dc033c6caa4da709e 100644
--- a/htdocs/adherents/stats/index.php
+++ b/htdocs/adherents/stats/index.php
@@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php
index ea15f11b1ed31d549476a021963b9a5630cb8b57..eb93f7d44a3ddc4e17be382bfd3d677d34d437af 100644
--- a/htdocs/adherents/type.php
+++ b/htdocs/adherents/type.php
@@ -2,7 +2,7 @@
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -49,8 +49,8 @@ $pagenext = $page + 1;
if (! $sortorder) { $sortorder="DESC"; }
if (! $sortfield) { $sortfield="d.nom"; }
-// Security check
-if (! $user->rights->adherent->lire) accessforbidden();
+// Security check
+$result=restrictedArea($user,'adherent',$rowid,'adherent_type');
if (GETPOST('button_removefilter'))
{
@@ -153,7 +153,8 @@ if (! $rowid && $action != 'create' && $action != 'edit')
$sql = "SELECT d.rowid, d.libelle, d.cotisation, d.vote";
- $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type as d";
+ $sql.= " FROM ".MAIN_DB_PREFIX."adherent_type as d";
+ $sql.= " WHERE d.entity IN (".getEntity().")";
$result = $db->query($sql);
if ($result)
@@ -267,10 +268,8 @@ if ($rowid > 0)
if ($action != 'edit')
{
$adht = new AdherentType($db);
- $adht->id = $rowid;
$adht->fetch($rowid);
-
$h=0;
$head[$h][0] = $_SERVER["PHP_SELF"].'?rowid='.$adht->id;
@@ -344,7 +343,7 @@ if ($rowid > 0)
$sql.= " t.libelle as type, t.cotisation";
$sql.= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."adherent_type as t";
$sql.= " WHERE d.fk_adherent_type = t.rowid ";
- $sql.= " AND d.entity = ".$conf->entity;
+ $sql.= " AND d.entity IN (".getEntity().")";
$sql.= " AND t.rowid = ".$adht->id;
if ($sall)
{
diff --git a/htdocs/categories/categorie.php b/htdocs/categories/categorie.php
index 67cbc2cd908ee2b60f20c695a9964f1bd79fceb7..2a6e437c765876184950feee43a6858f63a4e523 100644
--- a/htdocs/categories/categorie.php
+++ b/htdocs/categories/categorie.php
@@ -75,7 +75,7 @@ if ($id || $ref)
$objecttype = 'adherent&categorie';
$objectid = isset($id)?$id:(isset($ref)?$ref:'');
$dbtablename = 'adherent';
- $fieldid = isset($ref)?'ref':'rowid';
+ $fieldid = ! empty($ref)?'ref':'rowid';
}
}
diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php
index b44b363f751df60c5d09a977132c9e7eced966c4..6b503110a0bb43ba5d27c21fa6b7ede9896ba849 100755
--- a/htdocs/filefunc.inc.php
+++ b/htdocs/filefunc.inc.php
@@ -76,6 +76,12 @@ if (! $result && ! empty($_SERVER["GATEWAY_INTERFACE"])) // If install not do
exit;
}
+// Disable php display errors
+if (! empty($dolibarr_main_prod))
+{
+ ini_set('display_errors','Off');
+}
+
// Clean parameters
$dolibarr_main_data_root=trim($dolibarr_main_data_root);
$dolibarr_main_url_root=trim($dolibarr_main_url_root);
diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php
index bac58616bceeab447b779e5496a11a59490f1a3f..2193bb9c56720984e6956e612ddda434e110f005 100644
--- a/htdocs/user/fiche.php
+++ b/htdocs/user/fiche.php
@@ -57,10 +57,10 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
if ($id)
{
// $user est le user qui edite, $_GET["id"] est l'id de l'utilisateur edite
- $caneditfield=( (($user->id == $id) && $user->rights->user->self->creer)
- || (($user->id != $id) && $user->rights->user->user->creer) );
- $caneditpassword=( (($user->id == $id) && $user->rights->user->self->password)
- || (($user->id != $id) && $user->rights->user->user->password) );
+ $caneditfield=((($user->id == $id) && $user->rights->user->self->creer)
+ || (($user->id != $id) && $user->rights->user->user->creer));
+ $caneditpassword=((($user->id == $id) && $user->rights->user->self->password)
+ || (($user->id != $id) && $user->rights->user->user->password));
}
//Multicompany in mode transversal