Fix: restore broken feature, disable token renewal in ajax response

htdocs/comm/propal.php

@@ -689,7 +689,7 @@ else if ($action == "addline" && $user->rights->propale->creer)
 {
 	$result=0;
 
-	if (empty($_POST['idprod']) && $_POST["type"] < 0)
+	if (empty($_POST['idprod']) && GETPOST('type') < 0)
 	{
 		$mesg='<div class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("Type")).'</div>';
 		$result = -1 ;
@@ -700,9 +700,9 @@ else if ($action == "addline" && $user->rights->propale->creer)
 		$result = -1 ;
 	}
 
-	if ($result >= 0 && isset($_POST['qty']) && (($_POST['np_price']!='' && ($_POST['np_desc'] || $_POST['dp_desc'])) || $_POST['idprod']))
+	if ($result >= 0 && isset($_POST['qty']) && ((GETPOST('np_price')!='' && (GETPOST('np_desc') || GETPOST('dp_desc'))) || GETPOST('idprod')))
 	{
-		$ret=$object->fetch($_POST["id"]);
+		$ret=$object->fetch($id);
 		if ($ret < 0)
 		{
 			dol_print_error($db,$object->error);
@@ -710,15 +710,18 @@ else if ($action == "addline" && $user->rights->propale->creer)
 		}
 		$ret=$object->fetch_thirdparty();
 
+		$pu_ht=0;
+		$pu_ttc=0;
+		$price_min=0;
 		$price_base_type = 'HT';
 
 		// Ecrase $pu par celui du produit
 		// Ecrase $desc par celui du produit
 		// Ecrase $txtva par celui du produit
-		if ($_POST['idprod'])
+		if (GETPOST('idprod'))
 		{
 			$prod = new Product($db);
-			$prod->fetch($_POST['idprod']);
+			$prod->fetch(GETPOST('idprod'));
 
 			$tva_tx = get_default_tva($mysoc,$object->client,$prod->id);
 			$localtax1_tx= get_localtax($tva_tx, 1, $object->client);  //get_default_localtax($mysoc,$object->client,1,$prod->id);
@@ -775,32 +778,25 @@ else if ($action == "addline" && $user->rights->propale->creer)
 				$desc = $prod->description;
 			}
 
-			$desc.= ($desc && $_POST['np_desc']) ? ((dol_textishtml($desc) || dol_textishtml($_POST['np_desc']))?"<br />\n":"\n") : "";
-			$desc.= $_POST['np_desc'];
+			$desc.= ($desc && GETPOST('np_desc')) ? ((dol_textishtml($desc) || dol_textishtml(GETPOST('np_desc')))?"<br />\n":"\n") : "";
+			$desc.= GETPOST('np_desc');
 			$type = $prod->type;
 		}
 		else
 		{
-			$pu_ht=$_POST['np_price'];
-			$tva_tx=str_replace('*','',$_POST['np_tva_tx']);
-			$tva_npr=preg_match('/\*/',$_POST['np_tva_tx'])?1:0;
-			$desc=$_POST['dp_desc'];
-			$type=$_POST["type"];
+			$pu_ht=GETPOST('np_price');
+			$tva_tx=str_replace('*','',GETPOST('np_tva_tx'));
+			$tva_npr=preg_match('/\*/',GETPOST('np_tva_tx'))?1:0;
+			$desc=GETPOST('dp_desc');
+			$type=GETPOST('type');
 			$localtax1_tx=get_localtax($tva_tx,1,$object->client);
 			$localtax2_tx=get_localtax($tva_tx,2,$object->client);
 		}
 
-		// ajout prix achat
-		$fk_fournprice = $_POST['np_fournprice'];
-		if ( ! empty($_POST['np_buying_price']) )
-		  $pa_ht = $_POST['np_buying_price'];
-		else
-		  $pa_ht = null;
-
 		$info_bits=0;
 		if ($tva_npr) $info_bits |= 0x01;
 
-		if ($price_min && (price2num($pu_ht)*(1-price2num($_POST['remise_percent'])/100) < price2num($price_min)))
+		if (! empty($price_min) && (price2num($pu_ht)*(1-price2num(GETPOST('remise_percent'))/100) < price2num($price_min)))
 		{
 			$mesg = '<div class="error">'.$langs->trans("CantBeLessThanMinPrice",price2num($price_min,'MU').' '.$langs->trans("Currency".$conf->currency)).'</div>' ;
 		}
@@ -808,24 +804,24 @@ else if ($action == "addline" && $user->rights->propale->creer)
 		{
 			// Insert line
 			$result=$object->addline(
-    			$_POST["id"],
+    			$id,
     			$desc,
     			$pu_ht,
-    			$_POST['qty'],
+    			GETPOST('qty'),
     			$tva_tx,
     			$localtax1_tx,
     			$localtax2_tx,
-    			$_POST['idprod'],
-    			$_POST['remise_percent'],
+    			GETPOST('idprod'),
+    			GETPOST('remise_percent'),
     			$price_base_type,
     			$pu_ttc,
     			$info_bits,
     			$type,
     			-1,
     			0,
-    			$_POST['fk_parent_line'],
-    			$fk_fournprice,
-    			$pa_ht
+    			GETPOST('fk_parent_line'),
+    			GETPOST('np_fournprice'),
+    			GETPOST('np_buying_price')
 			);
 
 			if ($result > 0)

htdocs/comm/propal/class/propal.class.php

@@ -2397,6 +2397,7 @@ class Propal extends CommonObject
             {
                 $obj = $this->db->fetch_object($resql);
 
+                $this->lines[$i]					= (object) array();
                 $this->lines[$i]->id				= $obj->rowid;
                 $this->lines[$i]->description 		= $obj->description;
                 $this->lines[$i]->fk_product		= $obj->fk_product;
@@ -2523,10 +2524,12 @@ class PropaleLigne
 		$sql = 'SELECT pd.rowid, pd.fk_propal, pd.fk_parent_line, pd.fk_product, pd.description, pd.price, pd.qty, pd.tva_tx,';
 		$sql.= ' pd.remise, pd.remise_percent, pd.fk_remise_except, pd.subprice,';
 		$sql.= ' pd.info_bits, pd.total_ht, pd.total_tva, pd.total_ttc, pd.fk_product_fournisseur_price as fk_fournprice, pd.buy_price_ht as pa_ht, pd.special_code, pd.rang,';
+		$sql.= ' pd.localtax1_tx, pd.localtax2_tx, pd.total_localtax1, pd.total_localtax2,';
 		$sql.= ' p.ref as product_ref, p.label as product_libelle, p.description as product_desc';
 		$sql.= ' FROM '.MAIN_DB_PREFIX.'propaldet as pd';
 		$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON pd.fk_product = p.rowid';
 		$sql.= ' WHERE pd.rowid = '.$rowid;
+
 		$result = $this->db->query($sql);
 		if ($result)
 		{
@@ -2555,6 +2558,7 @@ class PropaleLigne
 			$this->pa_ht			= $marginInfos[0];
 			$this->marge_tx			= $marginInfos[1];
 			$this->marque_tx		= $marginInfos[2];
+
 			$this->special_code		= $objp->special_code;
 			$this->rang				= $objp->rang;
 
@@ -2603,7 +2607,7 @@ class PropaleLigne
 
         // si prix d'achat non renseign� et utilis� pour calcul des marges alors prix achat = prix vente (idem pour remises)
         if ($this->pa_ht == 0) {
-		      if ($this->subprice < 0 || ($conf->global->CalculateMarginsOnLinesWithoutBuyingPrice == 1))
+        	if ($this->subprice < 0 || (isset($conf->global->CalculateMarginsOnLinesWithoutBuyingPrice) && $conf->global->CalculateMarginsOnLinesWithoutBuyingPrice == 1))
         		$this->pa_ht = $this->subprice * (1 - $this->remise_percent / 100);
         }
 
@@ -2636,12 +2640,10 @@ class PropaleLigne
         $sql.= " ".price2num($this->total_localtax1).",";
         $sql.= " ".price2num($this->total_localtax2).",";
         $sql.= " ".price2num($this->total_ttc).",";
+        $sql.= " ".(isset($this->fk_fournprice)?"'".$this->fk_fournprice."'":"null").",";
+        $sql.= " ".(isset($this->pa_ht)?"'".price2num($this->pa_ht)."'":"null").",";
         $sql.= ' '.$this->special_code.',';
-        $sql.= ' '.$this->rang.',';
-				if (isset($this->fk_fournprice)) $sql.= ' '.$this->fk_fournprice.',';
-				else $sql.= ' null,';
-				if (isset($this->pa_ht)) $sql.= ' '.price2num($this->pa_ht);
-				else $sql.= ' null';
+        $sql.= ' '.$this->rang;
         $sql.= ')';
 
         dol_syslog("PropaleLigne::insert sql=$sql");

htdocs/core/tpl/predefinedproductline_create.tpl.php

 <?php
-/* Copyright (C) 2010-2011 Regis Houssin       <regis@dolibarr.fr>
+/* Copyright (C) 2010-2012	Regis Houssin		<regis@dolibarr.fr>
  * Copyright (C) 2010-2011	Laurent Destailleur	<eldy@users.sourceforge.net>
  * Copyright (C) 2012		Christophe Battarel	<christophe.battarel@altairis.fr>
  *
@@ -56,9 +56,9 @@ if (! empty($conf->margin->enabled)) {
 </tr>
 
 <form name="addpredefinedproduct" id="addpredefinedproduct" action="<?php echo $_SERVER["PHP_SELF"].'?id='.$this->id; ?>#add" method="POST">
-<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>">
-<input type="hidden" name="action" value="addline">
-<input type="hidden" name="id" value="<?php echo $this->id; ?>">
+<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>" />
+<input type="hidden" name="action" value="addline" />
+<input type="hidden" name="id" value="<?php echo $this->id; ?>" />
 
 <script type="text/javascript">
 jQuery(document).ready(function() {
@@ -108,7 +108,7 @@ if (! empty($conf->margin->enabled)) {
 	<td align="center" valign="middle" colspan="<?php echo $colspan; ?>"><input type="submit" class="button" value="<?php echo $langs->trans("Add"); ?>" name="addline"></td>
 </tr>
 
-<?php if ($conf->service->enabled && $dateSelector) {
+<?php if (! empty($conf->service->enabled) && $dateSelector) {
 if (! empty($conf->global->MAIN_VIEW_LINE_NUMBER))
 	$colspan = 10;
 else
@@ -140,7 +140,7 @@ if (! empty($conf->margin->enabled)) {
 $("#idprod").change(function() {
   $("#np_fournprice options").remove();
   $("#np_buying_price").show();
-  $.post('<?php echo DOL_URL_ROOT; ?>/fourn/product/getSupplierPrices.php', {'idprod': $(this).val()}, function(data) {     
+  $.post('<?php echo DOL_URL_ROOT; ?>/fourn/ajax/getSupplierPrices.php', {'idprod': $(this).val()}, function(data) {
     if (data.length > 0) {
       var options = '';
       var i = 0;

htdocs/core/tpl/predefinedproductline_edit.tpl.php

@@ -116,7 +116,7 @@ if (! empty($conf->margin->enabled)) {
 ?>
 <script type="text/javascript">
 $(document).ready(function() {
-  $.post('<?php echo DOL_URL_ROOT; ?>/fourn/product/getSupplierPrices.php', {'idprod': <?php echo $line->fk_product; ?>}, function(data) {      
+  $.post('<?php echo DOL_URL_ROOT; ?>/fourn/ajax/getSupplierPrices.php', {'idprod': <?php echo $line->fk_product; ?>}, function(data) {
     if (data.length > 0) {
       var options = '';
       var trouve=false;

htdocs/fourn/ajax/getSupplierPrices.php

+<?php
+/* Copyright (C) 2012      Christophe Battarel  <christophe.battarel@altairis.fr>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/**
+ *	\file       /htdocs/fourn/ajax/getSupplierPrices.php
+ *	\brief      File to return Ajax response on get supplier prices
+ */
+
+if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Disables token renewal
+if (! defined('NOREQUIREMENU'))  define('NOREQUIREMENU','1');
+if (! defined('NOREQUIREHTML'))  define('NOREQUIREHTML','1');
+if (! defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX','1');
+if (! defined('NOREQUIRESOC'))   define('NOREQUIRESOC','1');
+//if (! defined('NOREQUIRETRAN'))  define('NOREQUIRETRAN','1');
+
+require("../../main.inc.php");
+
+$idprod=GETPOST('idprod','int');
+
+$prices = array();
+
+$langs->load('stocks');
+
+/*
+ * View
+*/
+
+top_httphead();
+
+//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
+
+if (! empty($idprod))
+{
+	$sql = "SELECT p.rowid, p.label, p.ref, p.price, p.duration,";
+	$sql.= " pfp.ref_fourn,";
+	$sql.= " pfp.rowid as idprodfournprice, pfp.price as fprice, pfp.quantity, pfp.unitprice, pfp.charges, pfp.unitcharges,";
+	$sql.= " s.nom";
+	$sql.= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
+	$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = pfp.fk_product";
+	$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = pfp.fk_soc";
+	$sql.= " WHERE pfp.fk_product = ".$idprod;
+	$sql.= " AND p.tobuy = 1";
+	$sql.= " AND s.fournisseur = 1";
+	$sql.= " ORDER BY s.nom, pfp.ref_fourn DESC";
+
+	dol_syslog("Ajax::getSupplierPrices sql=".$sql, LOG_DEBUG);
+	$result=$db->query($sql);
+
+	if ($result)
+	{
+		$num = $db->num_rows($result);
+
+		if ($num)
+		{
+			$i = 0;
+			while ($i < $num)
+			{
+				$objp = $db->fetch_object($result);
+
+				$label = $objp->nom.' - '.$objp->ref_fourn.' - ';
+
+				if ($objp->quantity == 1)
+				{
+					$label.= price($objp->fprice);
+					$label.= $langs->trans("Currency".$conf->monnaie)."/";
+					$price = $objp->fprice;
+				}
+
+				$label.= $objp->quantity.' ';
+
+				if ($objp->quantity == 1)
+				{
+					$label.= strtolower($langs->trans("Unit"));
+				}
+				else
+				{
+					$label.= strtolower($langs->trans("Units"));
+				}
+				if ($objp->quantity > 1)
+				{
+					$label.=" - ";
+					$label.= price($objp->unitprice).$langs->trans("Currency".$conf->monnaie)."/".strtolower($langs->trans("Unit"));
+					$price = $objp->unitprice;
+				}
+				if ($objp->unitcharges > 0 && ($conf->global->MARGIN_TYPE == "2")) {
+					$label.=" + ";
+					$label.= price($objp->unitcharges).$langs->trans("Currency".$conf->monnaie);
+					$price += $objp->unitcharges;
+				}
+				if ($objp->duration) $label .= " - ".$objp->duration;
+
+				$prices[] = array("id" => $objp->idprodfournprice, "price" => price($price,0,'',0), "label" => $label);
+				$i++;
+			}
+
+			$db->free($result);
+		}
+	}
+
+	echo json_encode($prices);
+}
+
+?>

htdocs/fourn/product/getSupplierPrices.php

-<?php
-/* Copyright (C) 2012      Christophe Battarel  <christophe.battarel@altairis.fr>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-require("../../main.inc.php");
-
-$prices = array();
-
-$langs->load('stocks');
-
-$sql = "SELECT p.rowid, p.label, p.ref, p.price, p.duration,";
-$sql.= " pfp.ref_fourn,";
-$sql.= " pfp.rowid as idprodfournprice, pfp.price as fprice, pfp.quantity, pfp.unitprice, pfp.charges, pfp.unitcharges,";
-$sql.= " s.nom";
-$sql.= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
-$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = pfp.fk_product";
-$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = pfp.fk_soc";
-$sql.= " WHERE pfp.fk_product = ".$_REQUEST['idprod'];
-$sql.= " AND p.tobuy = 1";
-$sql.= " AND s.fournisseur = 1";
-$sql.= " ORDER BY s.nom, pfp.ref_fourn DESC";
-																																		
-dol_syslog("Form::select_product_fourn_price sql=".$sql,LOG_DEBUG);
-$result=$db->query($sql);
-																							
-if ($result)
-{
-    $num = $db->num_rows($result);
-
-    if ($num)
-    {
-        $i = 0;
-        while ($i < $num)
-        {
-            $objp = $db->fetch_object($result);
-
-            $label = $objp->nom.' - '.$objp->ref_fourn.' - ';         
-
-            if ($objp->quantity == 1)
-            {
-                $label.= price($objp->fprice);
-                $label.= $langs->trans("Currency".$conf->monnaie)."/";
-                $price = $objp->fprice;
-            }
-
-            $label.= $objp->quantity.' ';
-
-            if ($objp->quantity == 1)
-            {
-                $label.= strtolower($langs->trans("Unit"));
-            }
-            else
-            {
-                $label.= strtolower($langs->trans("Units"));
-            }
-            if ($objp->quantity > 1)
-            {
-                $label.=" - ";
-                $label.= price($objp->unitprice).$langs->trans("Currency".$conf->monnaie)."/".strtolower($langs->trans("Unit"));
-                $price = $objp->unitprice;
-            }
-            if ($objp->unitcharges > 0 && ($conf->global->MARGIN_TYPE == "2")) {
-                $label.=" + ";
-                $label.= price($objp->unitcharges).$langs->trans("Currency".$conf->monnaie);
-								$price += $objp->unitcharges;
-						}
-            if ($objp->duration) $label .= " - ".$objp->duration;
-
-            $prices[] = array("id" => $objp->idprodfournprice, "price" => price($price,0,'',0), "label" => $label);
-            $i++;
-        }
-
-        $db->free($result);
-    }
-}
-
-echo json_encode($prices);
-
-?>