[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpcompta-dev] r4348 - phpcompta/trunk/include
|
From: |
phpcompta-dev |
|
Subject: |
[Phpcompta-dev] r4348 - phpcompta/trunk/include |
|
Date: |
Mon, 14 Nov 2011 11:37:48 +0100 (CET) |
Author: danydb
Date: 2011-11-14 11:37:46 +0100 (Mon, 14 Nov 2011)
New Revision: 4348
Modified:
phpcompta/trunk/include/company.inc.php
phpcompta/trunk/include/compta_ach.inc.php
phpcompta/trunk/include/export_balance_csv.php
phpcompta/trunk/include/modify_periode.inc.php
phpcompta/trunk/include/modify_predf_op.php
phpcompta/trunk/include/save_predf_op.php
phpcompta/trunk/include/stock.inc.php
Log:
Update security, remove $user->check_action except for FICADD and FICCAT
Modified: phpcompta/trunk/include/company.inc.php
===================================================================
--- phpcompta/trunk/include/company.inc.php 2011-11-14 09:30:00 UTC (rev
4347)
+++ phpcompta/trunk/include/company.inc.php 2011-11-14 10:37:46 UTC (rev
4348)
@@ -17,9 +17,9 @@
$m->MY_PAYS=$p_pays;
$m->MY_CHECK_PERIODE=$p_check_periode;
$m->MY_DATE_SUGGEST=$p_date_suggest;
- if ( $g_user->check_action(PARCA)!=0)$m->MY_ANALYTIC=$p_compta;
- if ( $g_user->check_action(PARSTR)!=0) $m->MY_STRICT=$p_strict;
- if ( $g_user->check_action(PARTVA)!=0)$m->MY_TVA_USE=$p_tva_use;
+ $m->MY_ANALYTIC=$p_compta;
+ $m->MY_STRICT=$p_strict;
+ $m->MY_TVA_USE=$p_tva_use;
$m->MY_PJ_SUGGEST=$p_pj;
$m->MY_ALPHANUM=$p_alphanum;
@@ -93,11 +93,8 @@
echo
"<tr>".td(_("Pays"),'style="text-align:right"').$all->input("p_pays",$my->MY_PAYS)."</tr>";
$all->value='';
echo "<tr>".td(_("Numéro de
Tva"),'style="text-align:right"').$all->input("p_tva",$my->MY_TVA)."</tr>";
- if ( $g_user->check_action(PARCA)==0) $compta->setReadonly(true);
echo "<tr>".td(_("Utilisation de la compta.
analytique"),'style="text-align:right"').$compta->input("p_compta",$array)."</tr>";
- if ( $g_user->check_action(PARSTR)==0) $strict->setReadonly(true);
echo "<tr>".td(_("Utilisation du mode strict
"),'style="text-align:right"').$strict->input("p_strict",$strict_array)."</tr>";
- if ( $g_user->check_action(PARTVA)==0) $tva_use->setReadonly(true);
echo "<tr>".td(_("Assujetti à la
tva"),'style="text-align:right"').$tva_use->input("p_tva_use",$strict_array)."</tr>";
echo "<tr>".td(_("Suggérer le numéro de pièce
justificative"),'style="text-align:right"').$pj_suggest->input("p_pj",$strict_array)."</tr>";
echo "<tr>".td(_("Suggérer la
date"),'style="text-align:right"').$date_suggest->input("p_date_suggest",$strict_array)."</tr>";
Modified: phpcompta/trunk/include/compta_ach.inc.php
===================================================================
--- phpcompta/trunk/include/compta_ach.inc.php 2011-11-14 09:30:00 UTC (rev
4347)
+++ phpcompta/trunk/include/compta_ach.inc.php 2011-11-14 10:37:46 UTC (rev
4348)
@@ -113,7 +113,7 @@
/* Save the predefined operation */
- if (isset($_POST['opd_save']) &&
$g_user->check_action(PARPREDE) == 1)
+ if (isset($_POST['opd_save']) )
{
$opd = new Pre_op_ach($cn);
$opd->get_post();
Modified: phpcompta/trunk/include/export_balance_csv.php
===================================================================
--- phpcompta/trunk/include/export_balance_csv.php 2011-11-14 09:30:00 UTC
(rev 4347)
+++ phpcompta/trunk/include/export_balance_csv.php 2011-11-14 10:37:46 UTC
(rev 4348)
@@ -35,13 +35,6 @@
require_once ('class_user.php');
-$User=new User($cn);
-$User->Check();
-if ( $User->check_action(IMPBAL) == 0)
-{
- NoAccess();
- exit;
-}
echo 'poste;libelle;deb;cred;solde deb;solde cred';
printf("\n");
$bal=new Acc_Balance($cn);
Modified: phpcompta/trunk/include/modify_periode.inc.php
===================================================================
--- phpcompta/trunk/include/modify_periode.inc.php 2011-11-14 09:30:00 UTC
(rev 4347)
+++ phpcompta/trunk/include/modify_periode.inc.php 2011-11-14 10:37:46 UTC
(rev 4348)
@@ -1,4 +1,5 @@
<?php
+
/*
* This file is part of PhpCompta.
*
@@ -15,95 +16,89 @@
* You should have received a copy of the GNU General Public License
* along with PhpCompta; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
+ */
/* $Revision$ */
// Copyright Author Dany De Bontridder address@hidden
require_once('class_periode.php');
-/*!\file
+/* !\file
* \brief display or save a periode
* variable received $op, $cn $user
*/
-$err=0;$html='';
- /* we check the security */
- if ( $user->check_action(PARPER) == 0 )
- {
- $html='<div class="error">Accès interdit</div>';
- $err=1;
- }
- else
- {
- switch ($op)
- {
- case 'input_per':
- $per=new Periode($cn,$_GET['p_id']);
- $per->load();
- $limit=$per->get_date_limit($_GET['p_id']);
+$err = 0;
+$html = '';
+/* we check the security */
+switch ($op)
+{
+ case 'input_per':
+ $per = new Periode($cn, $_GET['p_id']);
+ $per->load();
+ $limit = $per->get_date_limit($_GET['p_id']);
- $p_start=new IDate('p_start');
- $p_start->value=$limit['p_start'];
- $p_end = new IDate('p_end');
- $p_end->value = $limit['p_end'];
- $p_exercice=new INum('p_exercice');
- $p_exercice->value=$per->p_exercice;
+ $p_start = new IDate('p_start');
+ $p_start->value = $limit['p_start'];
+ $p_end = new IDate('p_end');
+ $p_end->value = $limit['p_end'];
+ $p_exercice = new INum('p_exercice');
+ $p_exercice->value = $per->p_exercice;
- $html='';
- $html.=HtmlInput::anchor_close('mod_periode');
- $html.=h2info('Modification période');
- $html.='<p> Modifier les dates de début et fin de période</p>';
- $html.='<p class="notice">Cela pourrait avoir un impact sur les
opérations déjà existantes</p>';
- $html.='<form method="post" onsubmit="return save_periode(this)">';
- $html.=dossier::hidden();
- $html.='<table>';
+ $html = '';
+ $html.=HtmlInput::anchor_close('mod_periode');
+ $html.=h2info('Modification période');
+ $html.='<p> Modifier les dates de début et fin de période</p>';
+ $html.='<p class="notice">Cela pourrait avoir un impact sur les
opérations déjà existantes</p>';
+ $html.='<form method="post" onsubmit="return save_periode(this)">';
+ $html.=dossier::hidden();
+ $html.='<table>';
- $html.=tr(td(' Début période : ').td($p_start->input()));
- $html.=tr(td(' Fin période : ').td($p_end->input()));
- $html.=tr(td(' Exercice : ').td($p_exercice->input()));
- $html.='</table>';
- $html.=HtmlInput::submit('sauver','sauver');
-
$html.=HtmlInput::button('close','Fermer','onclick="removeDiv(\'mod_periode\')"');
- $html.=HtmlInput::hidden('p_id',$_GET['p_id']);
- $html.='</form>';
- break;
- case 'save_per':
- $per=new Periode($cn,$_POST['p_id']);
- $per->load();
- if ( isDate($_POST['p_start']) == null ||
- isDate($_POST['p_end'] == null ) ||
- isNumber($_POST['p_exercice']) == 0 ||
- $_POST['p_exercice'] > 2099 ||
- $_POST['p_exercice'] < 2000 )
- {
- $html='';
- $html.=HtmlInput::anchor_close('mod_periode');
- $html.='<h2 class="info"> Modifier les dates de début et fin de
période</h2>';
- $html.="<div class=\"error\">Erreur date invalide</div>";
+ $html.=tr(td(' Début période : ') . td($p_start->input()));
+ $html.=tr(td(' Fin période : ') . td($p_end->input()));
+ $html.=tr(td(' Exercice : ') . td($p_exercice->input()));
+ $html.='</table>';
+ $html.=HtmlInput::submit('sauver', 'sauver');
+ $html.=HtmlInput::button('close', 'Fermer',
'onclick="removeDiv(\'mod_periode\')"');
+ $html.=HtmlInput::hidden('p_id', $_GET['p_id']);
+ $html.='</form>';
+ break;
+ case 'save_per':
+ $per = new Periode($cn, $_POST['p_id']);
+ $per->load();
+ if (isDate($_POST['p_start']) == null ||
+ isDate($_POST['p_end'] == null) ||
+ isNumber($_POST['p_exercice']) == 0 ||
+ $_POST['p_exercice'] > 2099 ||
+ $_POST['p_exercice'] < 2000)
+ {
+ $html = '';
+ $html.=HtmlInput::anchor_close('mod_periode');
+ $html.='<h2 class="info"> Modifier les dates de début et fin de
période</h2>';
+ $html.="<div class=\"error\">Erreur date invalide</div>";
-
$html.=HtmlInput::button('close','Fermer','onclick="removeDiv(\'mod_periode\')"');
- }
- else
- {
- $sql="update parm_periode set
p_start=to_date($1,'DD.MM.YYYY'),p_end=to_date($2,'DD.MM.YYYY'),p_exercice=$3
where p_id=$4";
- try {
-
$cn->exec_sql($sql,array($_POST['p_start'],$_POST['p_end'],$_POST['p_exercice'],$_POST['p_id']));
- $html='<h2 class="info"> Modifier les dates de début et fin de
période</h2>';
- $html.='<h2 class="notice"> Sauvé </h2>';
-
- $html.=HtmlInput::button('close','Fermer','onclick="
refresh_window();"');
+ $html.=HtmlInput::button('close', 'Fermer',
'onclick="removeDiv(\'mod_periode\')"');
+ }
+ else
+ {
+ $sql = "update parm_periode set
p_start=to_date($1,'DD.MM.YYYY'),p_end=to_date($2,'DD.MM.YYYY'),p_exercice=$3
where p_id=$4";
+ try
+ {
+ $cn->exec_sql($sql, array($_POST['p_start'], $_POST['p_end'],
$_POST['p_exercice'], $_POST['p_id']));
+ $html = '<h2 class="info"> Modifier les dates de début et fin
de période</h2>';
+ $html.='<h2 class="notice"> Sauvé </h2>';
+ $html.=HtmlInput::button('close', 'Fermer', 'onclick="
refresh_window();"');
+ }
+ catch (Exception $e)
+ {
+ $html = alert($e->getTrace(), true);
+ }
+ }
+ break;
+}
- } catch (Exception $e) {
- $html=alert($e->getTrace(),true);
- }
-
- }
- break;
- }
- }
-$html=escape_xml($html);
+$html = escape_xml($html);
header('Content-type: text/xml; charset=UTF-8');
echo '<?xml version="1.0" encoding="UTF-8"?>';
echo '<xml>';
-echo '<data>'.$html.'</data>';
+echo '<data>' . $html . '</data>';
echo '</xml>';
Modified: phpcompta/trunk/include/modify_predf_op.php
===================================================================
--- phpcompta/trunk/include/modify_predf_op.php 2011-11-14 09:30:00 UTC (rev
4347)
+++ phpcompta/trunk/include/modify_predf_op.php 2011-11-14 10:37:46 UTC (rev
4348)
@@ -1,4 +1,5 @@
<?php
+
/*
* This file is part of PhpCompta.
*
@@ -15,39 +16,33 @@
* You should have received a copy of the GNU General Public License
* along with PhpCompta; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
+ */
/* $Revision$ */
// Copyright Author Dany De Bontridder address@hidden
-/*!\file
+/* !\file
* \brief display a form to change the name of a predefined operation
*/
ob_start();
-if ( $user->check_action(PARPREDE)==0)
- {
- echo alert('Action interdite');
- }
-else
- {
- echo HtmlInput::anchor_close('mod_predf_op');
- echo h2info('Modification du nom');
- echo '
+echo HtmlInput::anchor_close('mod_predf_op');
+echo h2info('Modification du nom');
+echo '
<form method="get" onsubmit="save_predf_op(this);return false;">';
- $name=new IText('predf_name');
- $name->value=$cn->get_value('select od_name from op_predef where
od_id=$1',array($_GET['id']));
- $name->size=60;
- echo "Nom =".$name->input();
- echo dossier::hidden().HtmlInput::hidden('od_id',$_GET['id']);
- echo "<hr>";
- echo HtmlInput::submit('save','Sauve');
- echo
HtmlInput::button('close','Annuler','onclick="removeDiv(\'mod_predf_op\')"');
- echo '</form>';
+$name = new IText('predf_name');
+$name->value = $cn->get_value('select od_name from op_predef where od_id=$1',
array($_GET['id']));
+$name->size = 60;
+echo "Nom =" . $name->input();
+echo dossier::hidden() . HtmlInput::hidden('od_id', $_GET['id']);
+echo "<hr>";
+echo HtmlInput::submit('save', 'Sauve');
+echo HtmlInput::button('close', 'Annuler',
'onclick="removeDiv(\'mod_predf_op\')"');
+echo '</form>';
- }
-$html=ob_get_contents();
+
+$html = ob_get_contents();
ob_clean();
-$html=escape_xml($html);
+$html = escape_xml($html);
header('Content-type: text/xml; charset=UTF-8');
echo <<<EOF
Modified: phpcompta/trunk/include/save_predf_op.php
===================================================================
--- phpcompta/trunk/include/save_predf_op.php 2011-11-14 09:30:00 UTC (rev
4347)
+++ phpcompta/trunk/include/save_predf_op.php 2011-11-14 10:37:46 UTC (rev
4348)
@@ -25,8 +25,6 @@
* included from ajax_misc
*/
-if ( $user->check_action(PARPREDE)==0) exit();
-
if ( trim($_GET['predf_name']) != '')
{
$cn->exec_sql('update op_predef set od_name =$1 where od_id=$2',
Modified: phpcompta/trunk/include/stock.inc.php
===================================================================
--- phpcompta/trunk/include/stock.inc.php 2011-11-14 09:30:00 UTC (rev
4347)
+++ phpcompta/trunk/include/stock.inc.php 2011-11-14 10:37:46 UTC (rev
4348)
@@ -68,12 +68,6 @@
}
else
{
- // Check if User Can change the stock
- if ( $g_user->check_action($gDossier,GESTOCK) == 0 )
- {
- NoAccess();
- exit (-1);
- }
// if neg the stock decrease => credit
$type=( $change < 0 )?'c':'d';
@@ -132,7 +126,7 @@
$sg_code=(isset ($_GET['sg_code'] ))?$_GET['sg_code']:$_POST['sg_code'];
$year=(isset($_GET['year']))?$_GET['year']:$_POST['year'];
$a=ViewDetailStock($cn,$sg_code,$year);
- $write=$g_user->check_action(STOWRITE);
+ $write=1;
$b="";
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpcompta-dev] r4348 - phpcompta/trunk/include,
phpcompta-dev <=