[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 04/23: Security
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 04/23: Security |
Date: |
Tue, 24 Nov 2020 14:22:39 -0500 (EST) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 22b3512167542d196d073384b4029b7b3d103ed1
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Thu Nov 12 08:54:11 2020 +0100
Security
---
include/export/export_fiche_detail_pdf.php | 10 +++++-----
include/export/export_fiche_pdf.php | 19 ++++++++++++-------
2 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/include/export/export_fiche_detail_pdf.php
b/include/export/export_fiche_detail_pdf.php
index de21a96..713de2a 100644
--- a/include/export/export_fiche_detail_pdf.php
+++ b/include/export/export_fiche_detail_pdf.php
@@ -109,12 +109,12 @@ for ($e=0;$e<count($array);$e++)
$diff_solde=bcsub($tot_deb,$tot_cred);
if ( $diff_solde < 0 )
{
- $solde=" créditeur ";
+ $solde=" "._("créditeur")." ";
$diff_solde=bcmul($diff_solde,-1);
}
else
{
- $solde=" débiteur ";
+ $solde=" "._('débiteur')." ";
}
$str_diff_solde=sprintf("%12.2f €",$diff_solde);
@@ -129,7 +129,7 @@ for ($e=0;$e<count($array);$e++)
/*
* reset total and current_exercice
*/
- $prog=0;
+ $progress=0;
$current_exercice=$row['p_exercice'];
$tot_deb=0;$tot_cred=0;
$pdf->SetFont('DejaVuCond','',8);
@@ -213,12 +213,12 @@ $str_credit=sprintf("% 12.2f €",$tot_cred);
$diff_solde=$tot_deb-$tot_cred;
if ( $diff_solde < 0 )
{
- $solde=" créditeur ";
+ $solde=" "._("créditeur")." ";
$diff_solde*=-1;
}
else
{
- $solde=" débiteur ";
+ $solde=" "._('débiteur')." ";
}
$str_diff_solde=sprintf("%12.2f €",$diff_solde);
diff --git a/include/export/export_fiche_pdf.php
b/include/export/export_fiche_pdf.php
index 03585e5..567cf17 100644
--- a/include/export/export_fiche_pdf.php
+++ b/include/export/export_fiche_pdf.php
@@ -48,23 +48,29 @@ $pdf->SetFont('DejaVu','BI',14);
$pdf->write_cell(0,8,$name,0,1,'C');
$pdf->SetTitle($name,1);
$pdf->SetAuthor('NOALYSS');
+$http=new HttpInput();
+$start=$http->request('start');
+$end=$http->request('end');
+if ( isDate($start) == null || isDate ($end) == null ) return;
+
/* balance */
if ( $_GET['histo'] == 4 )
{
- $fd=new Fiche_Def($cn,$_REQUEST['cat']);
+ $cat=$http->request('cat');
+ $fd=new Fiche_Def($cn,$cat);
if ( $fd->hasAttribute(ATTR_DEF_ACCOUNT) == false )
{
- $pdf->write_cell(0,10, "Cette catégorie n'ayant pas de poste comptable
n'a pas de balance");
+ $pdf->write_cell(0,10, _("Cette catégorie n'ayant pas de poste
comptable n'a pas de balance"));
//Save PDF to file
$fDate=date('dmy-Hi');
$pdf->Output("category-$fDate.pdf", 'D');
exit;
}
- $aCard=$cn->get_array("select f_id,ad_value from fiche join fiche_Detail
using (f_id) where ad_id=1 and fd_id=$1 order by 2 ",array($_REQUEST['cat']));
+ $aCard=$cn->get_array("select f_id,ad_value from fiche join fiche_Detail
using (f_id) where ad_id=1 and fd_id=$1 order by 2 ",array($cat));
if ( empty($aCard))
{
- $pdf->write_cell(0,10, "Aucune fiche trouvée");//Save PDF to file
+ $pdf->write_cell(0,10, _("Aucune fiche trouvée"));//Save PDF to file
$fDate=date('dmy-Hi');
$pdf->Output("category-$fDate.pdf", 'D');
exit;
@@ -78,11 +84,10 @@ if ( $_GET['histo'] == 4 )
$pdf->write_cell(20,7,'D/C',0,0,'C',0);
$pdf->line_new();
$idx=0;
+ $filter= " (j_date >= to_date('".$start."','DD.MM.YYYY') ".
+ " and j_date <= to_date('".$end."','DD.MM.YYYY')) ";
for ($i=0;$i < count($aCard);$i++)
{
- if ( isDate($_REQUEST['start']) == null || isDate ($_REQUEST['end'])
== null ) exit;
- $filter= " (j_date >= to_date('".$_REQUEST['start']."','DD.MM.YYYY') ".
- " and j_date <=
to_date('".$_REQUEST['end']."','DD.MM.YYYY')) ";
$oCard=new Fiche($cn,$aCard[$i]['f_id']);
$solde=$oCard->get_solde_detail($filter);
if ( $solde['debit'] == 0 && $solde['credit']==0) continue;
- [Noalyss-commit] [noalyss] branch master updated (8bd9ba4 -> a723604), Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 02/23: translate en, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 03/23: rename upgrade18, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 01/23: Security administration : add a confirmation with generate random string and record it in audit, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 04/23: Security,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 05/23: Version 8.0, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 08/23: Security remove direct access to $_REQUEST, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 06/23: Follow-up : list , the name is a tip, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 15/23: fixup! Translate , make failed chrome because of HTML in javascript message, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 17/23: Typo, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 20/23: Fix: template doesn't delete LOB files, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 09/23: IText require , used for admin and password, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 07/23: ANCGL : export CSV add the date of payment, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 16/23: IText : protect against Quote and Double Quote, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 18/23: Merge branch 'dev8000', Dany De Bontridder, 2020/11/24