From 873f4b902df3add220a4282e79bcfb5c4d6dbfc0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur <eldy@destailleur.fr> Date: Sat, 14 Dec 2013 02:31:06 +0100 Subject: [PATCH] Fix: W3C. No form into table. Make some browsers crazy. --- htdocs/compta/facture/impayees.php | 46 +++++++++++------------------- 1 file changed, 17 insertions(+), 29 deletions(-) diff --git a/htdocs/compta/facture/impayees.php b/htdocs/compta/facture/impayees.php index 5603bd6417d..3d792e343f0 100644 --- a/htdocs/compta/facture/impayees.php +++ b/htdocs/compta/facture/impayees.php @@ -49,7 +49,7 @@ $result = restrictedArea($user,'facture',$id,''); * Action */ -if ($action == "builddoc" && $user->rights->facture->lire) +if ($action == "builddoc" && $user->rights->facture->lire && ! GETPOST('button_search')) { if (is_array($_POST['toGenerate'])) { @@ -149,14 +149,14 @@ if ($action == 'remove_file') * View */ +$form = new Form($db); +$formfile = new FormFile($db); + $title=$langs->trans("BillsCustomersUnpaid"); if ($option=='late') $title=$langs->trans("BillsCustomersUnpaid"); llxHeader('',$title); -$form = new Form($db); -$formfile = new FormFile($db); - ?> <script type="text/javascript"> $(document).ready(function() { @@ -170,12 +170,6 @@ $(document).ready(function() { </script> <?php -/*************************************************************************** - * * - * Mode Liste * - * * - ***************************************************************************/ - $now=dol_now(); $search_ref = GETPOST("search_ref"); @@ -222,10 +216,10 @@ if (GETPOST('filtre')) $sql .= " AND " . $filt[0] . " = " . $filt[1]; } } -if ($search_ref) $sql .= " AND f.facnumber LIKE '%".$search_ref."%'"; -if ($search_societe) $sql .= " AND s.nom LIKE '%".$search_societe."%'"; -if ($search_montant_ht) $sql .= " AND f.total = '".$search_montant_ht."'"; -if ($search_montant_ttc) $sql .= " AND f.total_ttc = '".$search_montant_ttc."'"; +if ($search_ref) $sql .= " AND f.facnumber LIKE '%".$db->escape($search_ref)."%'"; +if ($search_societe) $sql .= " AND s.nom LIKE '%".$db->escape($search_societe)."%'"; +if ($search_montant_ht) $sql .= " AND f.total = '".$db->escape($search_montant_ht)."'"; +if ($search_montant_ttc) $sql .= " AND f.total_ttc = '".$db->escape($search_montant_ttc)."'"; if (GETPOST('sf_ref')) $sql .= " AND f.facnumber LIKE '%".$db->escape(GETPOST('sf_ref'))."%'"; $sql.= " GROUP BY s.nom, s.rowid, f.facnumber, f.increment, f.total, f.tva, f.total_ttc, f.datef, f.date_lim_reglement, f.paye, f.rowid, f.fk_statut, f.type "; if (! $user->rights->societe->client->voir && ! $socid) $sql .= ", sc.fk_soc, sc.fk_user "; @@ -271,10 +265,13 @@ if ($resql) dol_htmloutput_mesg($mesg); + print '<form id="form_generate_pdf" method="POST" action="'.$_SERVER["PHP_SELF"].'?sortfield='. $sortfield .'&sortorder='. $sortorder .'">'; + print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'; + if ($late) print '<input type="hidden" name="late" value="'.dol_escape_htmltag($late).'">'; + $i = 0; print '<table class="liste" width="100%">'; print '<tr class="liste_titre">'; - print_liste_field_titre($langs->trans("Ref"),$_SERVER["PHP_SELF"],"f.facnumber","",$param,"",$sortfield,$sortorder); print_liste_field_titre($langs->trans("Date"),$_SERVER["PHP_SELF"],"f.datef","",$param,'align="center"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("DateDue"),$_SERVER["PHP_SELF"],"f.date_lim_reglement","",$param,'align="center"',$sortfield,$sortorder); @@ -289,17 +286,16 @@ if ($resql) print "</tr>\n"; // Lignes des champs de filtre - print '<form method="GET" action="'.$_SERVER["PHP_SELF"].'">'; print '<tr class="liste_titre">'; // Ref print '<td class="liste_titre">'; print '<input class="flat" size="10" type="text" name="search_ref" value="'.$search_ref.'"></td>'; print '<td class="liste_titre"> </td>'; print '<td class="liste_titre"> </td>'; - print '<td class="liste_titre" align="left"><input class="flat" type="text" size="10" name="search_societe" value="'.$search_societe.'"></td>'; - print '<td class="liste_titre" align="right"><input class="flat" type="text" size="8" name="search_montant_ht" value="'.$search_montant_ht.'"></td>'; + print '<td class="liste_titre" align="left"><input class="flat" type="text" size="10" name="search_societe" value="'.dol_escape_htmltag($search_societe).'"></td>'; + print '<td class="liste_titre" align="right"><input class="flat" type="text" size="8" name="search_montant_ht" value="'.dol_escape_htmltag($search_montant_ht).'"></td>'; print '<td class="liste_titre"> </td>'; - print '<td class="liste_titre" align="right"><input class="flat" type="text" size="8" name="search_montant_ttc" value="'.$search_montant_ttc.'"></td>'; + print '<td class="liste_titre" align="right"><input class="flat" type="text" size="8" name="search_montant_ttc" value="'.dol_escape_htmltag($search_montant_ttc).'"></td>'; print '<td class="liste_titre"> </td>'; print '<td class="liste_titre"> </td>'; print '<td class="liste_titre" align="right">'; @@ -309,7 +305,6 @@ if ($resql) if ($conf->use_javascript_ajax) print '<a href="#" id="checkall">'.$langs->trans("All").'</a> / <a href="#" id="checknone">'.$langs->trans("None").'</a>'; print '</td>'; print "</tr>\n"; - print '</form>'; if ($num > 0) { @@ -321,9 +316,6 @@ if ($resql) $facturestatic=new Facture($db); - print '<form id="form_generate_pdf" method="POST" action="'.$_SERVER["PHP_SELF"].'?sortfield='. $sortfield .'&sortorder='. $sortorder .'">'; - print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'; - while ($i < $num) { $objp = $db->fetch_object($resql); @@ -426,17 +418,13 @@ if ($resql) * Show list of available documents */ $filedir=$diroutputpdf; - if ($search_ref) print '<input type="hidden" name="search_ref" value="'.$search_ref.'">'; - if ($search_societe) print '<input type="hidden" name="search_societe" value="'.$search_societe.'">'; - if ($search_montant_ht) print '<input type="hidden" name="search_montant_ht" value="'.$search_montant_ht.'">'; - if ($search_montant_ttc) print '<input type="hidden" name="search_montant_ttc" value="'.$search_montant_ttc.'">'; - if ($late) print '<input type="hidden" name="late" value="'.$late.'">'; $genallowed=$user->rights->facture->lire; $delallowed=$user->rights->facture->lire; print '<br>'; print '<input type="hidden" name="option" value="'.$option.'">'; - $formfile->show_documents('unpaid','',$filedir,$urlsource,$genallowed,$delallowed,'',1,0,0,48,1,$param,$langs->trans("PDFMerge"),$langs->trans("PDFMerge")); + // We disable multilang because we concat already existing pdf. + $formfile->show_documents('unpaid','',$filedir,$urlsource,$genallowed,$delallowed,'',1,1,0,48,1,$param,$langs->trans("PDFMerge"),$langs->trans("PDFMerge")); print '</form>'; $db->free($resql); -- GitLab