From 5399226762b095429180eee7e58deb418102c267 Mon Sep 17 00:00:00 2001
From: Luca <lucas@openstamanager.com>
Date: Mon, 24 Jan 2022 10:16:43 +0100
Subject: [PATCH 1/4] Fix CVE-2022-0144

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 1300dac91..7b7957fdd 100755
--- a/package.json
+++ b/package.json
@@ -67,7 +67,7 @@
         "inquirer": "^4.0.1",
         "main-bower-files": "^2.13.1",
         "md5-file": "^5.0.0",
-        "shelljs": "^0.7.7"
+        "shelljs": ">=0.8.5"
     },
     "scripts": {
         "gulp": "gulp",

From 6c883d65f48ed444ba2bebd4f333792fcae7c195 Mon Sep 17 00:00:00 2001
From: Beppe <cjbeppe87@gmail.com>
Date: Mon, 24 Jan 2022 13:27:49 +0100
Subject: [PATCH 2/4] Aggiunta vista Email Inviata in ordini

---
 update/2_4_29.sql | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/update/2_4_29.sql b/update/2_4_29.sql
index 5332e93f6..4b4f380a4 100644
--- a/update/2_4_29.sql
+++ b/update/2_4_29.sql
@@ -42,4 +42,13 @@ UPDATE `zz_views` SET `query` = 'GROUP_CONCAT(DISTINCT(SELECT DISTINCT(ragione_s
 UPDATE `zz_modules` SET `options` = 'SELECT |select| FROM an_mansioni WHERE 1=1 HAVING 2=2 ORDER BY `nome`' WHERE `zz_modules`.`name` = 'Mansioni referenti'; 
 
 -- Nuova stampa Ordine cliente (senza codici)
-INSERT INTO `zz_prints` (`id`, `id_module`, `is_record`, `name`, `title`, `filename`, `directory`, `previous`, `options`, `icon`, `version`, `compatibility`, `order`, `predefined`, `default`, `enabled`) VALUES (NULL, (SELECT `id` FROM `zz_modules` WHERE `name`='Ordini cliente'), '1', 'Ordine cliente (senza codici)', 'Ordine cliente (senza codici)', 'Ordine cliente num. {numero} del {data}', 'ordini', 'idordine', '{\"pricing\": true, \"last-page-footer\": true, \"hide_codice\": true}', 'fa fa-print', '', '', '0', '0', '1', '1');
\ No newline at end of file
+INSERT INTO `zz_prints` (`id`, `id_module`, `is_record`, `name`, `title`, `filename`, `directory`, `previous`, `options`, `icon`, `version`, `compatibility`, `order`, `predefined`, `default`, `enabled`) VALUES (NULL, (SELECT `id` FROM `zz_modules` WHERE `name`='Ordini cliente'), '1', 'Ordine cliente (senza codici)', 'Ordine cliente (senza codici)', 'Ordine cliente num. {numero} del {data}', 'ordini', 'idordine', '{\"pricing\": true, \"last-page-footer\": true, \"hide_codice\": true}', 'fa fa-print', '', '', '0', '0', '1', '1');
+
+-- Aggiunta vista Email inviata in moduli ordini
+UPDATE `zz_modules` SET `options` = 'SELECT |select|\r\nFROM `or_ordini`\r\n LEFT JOIN `an_anagrafiche` ON `or_ordini`.`idanagrafica` = `an_anagrafiche`.`idanagrafica`\r\n LEFT JOIN `or_tipiordine` ON `or_ordini`.`idtipoordine` = `or_tipiordine`.`id`\r\n LEFT JOIN (\r\n SELECT `idordine`,\r\n SUM(`qta` - `qta_evasa`) AS `qta_da_evadere`,\r\n SUM(`subtotale` - `sconto`) AS `totale_imponibile`,\r\n SUM(`subtotale` - `sconto` + `iva`) AS `totale`\r\n FROM `or_righe_ordini`\r\n GROUP BY `idordine`\r\n ) AS righe ON `or_ordini`.`id` = `righe`.`idordine`\r\n LEFT JOIN (\r\n SELECT `idordine`,\r\n MIN(`data_evasione`) AS `data_evasione`\r\n FROM `or_righe_ordini`\r\n WHERE (`qta` - `qta_evasa`)>0\r\n GROUP BY `idordine`\r\n ) AS `righe_da_evadere` ON `righe`.`idordine`=`righe_da_evadere`.`idordine`\r\n LEFT JOIN (\r\n SELECT GROUP_CONCAT(DISTINCT co_documenti.numero_esterno SEPARATOR \", \") AS info, co_righe_documenti.idordine FROM co_documenti INNER JOIN co_righe_documenti ON co_documenti.id = co_righe_documenti.iddocumento GROUP BY idordine\r\n) AS fattura ON fattura.idordine = or_ordini.id\r\nLEFT JOIN (\r\n SELECT `zz_operations`.`id_email`, `zz_operations`.`id_record`\r\n FROM `zz_operations`\r\n INNER JOIN `em_emails` ON `zz_operations`.`id_email` = `em_emails`.`id`\r\n INNER JOIN `em_templates` ON `em_emails`.`id_template` = `em_templates`.`id`\r\n INNER JOIN `zz_modules` ON `zz_operations`.`id_module` = `zz_modules`.`id`\r\n WHERE `zz_modules`.`name` = \'Ordini fornitore\' AND `zz_operations`.`op` = \'send-email\'\r\n GROUP BY `zz_operations`.`id_record`\r\n ) AS `email` ON `email`.`id_record` = `or_ordini`.`id`\r\nWHERE 1=1 AND `dir` = \'uscita\' |date_period(`data`)|\r\nHAVING 2=2\r\nORDER BY `data` DESC, CAST(`numero_esterno` AS UNSIGNED) DESC' WHERE `zz_modules`.`id` = 25;
+
+UPDATE `zz_modules` SET `options` = 'SELECT |select|\r\nFROM `or_ordini`\r\n LEFT JOIN `an_anagrafiche` ON `or_ordini`.`idanagrafica` = `an_anagrafiche`.`idanagrafica`\r\n LEFT JOIN `or_tipiordine` ON `or_ordini`.`idtipoordine` = `or_tipiordine`.`id`\r\n LEFT JOIN (\r\n SELECT `idordine`,\r\n SUM(`qta` - `qta_evasa`) AS `qta_da_evadere`,\r\n SUM(`subtotale` - `sconto`) AS `totale_imponibile`,\r\n SUM(`subtotale` - `sconto` + `iva`) AS `totale`\r\n FROM `or_righe_ordini`\r\n GROUP BY `idordine`\r\n ) AS righe ON `or_ordini`.`id` = `righe`.`idordine`\r\n LEFT JOIN (\r\n SELECT `idordine`,\r\n MIN(`data_evasione`) AS `data_evasione`\r\n FROM `or_righe_ordini`\r\n WHERE (`qta` - `qta_evasa`)>0\r\n GROUP BY `idordine`\r\n ) AS `righe_da_evadere` ON `righe`.`idordine`=`righe_da_evadere`.`idordine`\r\n LEFT JOIN (\r\n SELECT GROUP_CONCAT(DISTINCT co_documenti.numero_esterno SEPARATOR \", \") AS info, co_righe_documenti.idordine FROM co_documenti INNER JOIN co_righe_documenti ON co_documenti.id = co_righe_documenti.iddocumento GROUP BY idordine\r\n) AS fattura ON fattura.idordine = or_ordini.id\r\nLEFT JOIN (\r\n SELECT `zz_operations`.`id_email`, `zz_operations`.`id_record`\r\n FROM `zz_operations`\r\n INNER JOIN `em_emails` ON `zz_operations`.`id_email` = `em_emails`.`id`\r\n INNER JOIN `em_templates` ON `em_emails`.`id_template` = `em_templates`.`id`\r\n INNER JOIN `zz_modules` ON `zz_operations`.`id_module` = `zz_modules`.`id`\r\n WHERE `zz_modules`.`name` = \'Ordini cliente\' AND `zz_operations`.`op` = \'send-email\'\r\n GROUP BY `zz_operations`.`id_record`\r\n ) AS `email` ON `email`.`id_record` = `or_ordini`.`id`\r\nWHERE 1=1 AND `dir` = \'entrata\' |date_period(`data`)|\r\nHAVING 2=2\r\nORDER BY `data` DESC, CAST(`numero_esterno` AS UNSIGNED) DESC' WHERE `zz_modules`.`id` = 24;
+
+INSERT INTO `zz_views` (`id_module`, `name`, `query`, `order`, `search`, `slow`, `format`, `search_inside`, `order_by`, `visible`, `summable`, `default`) VALUES
+((SELECT `id` FROM `zz_modules` WHERE `name` = 'Ordini cliente'), 'icon_Inviata', 'IF(`email`.`id_email` IS NOT NULL, \'fa fa-envelope text-success\', \'\')', 12, 1, 0, 0, '', '', 1, 0, 0),
+((SELECT `id` FROM `zz_modules` WHERE `name` = 'Ordini fornitore'), 'icon_Inviata', 'IF(`email`.`id_email` IS NOT NULL, \'fa fa-envelope text-success\', \'\')', 12, 1, 0, 0, '', '', 0, 0, 0);
\ No newline at end of file

From 0cc8b6ba8ff002d1e3e4c8ac8a495ab221820926 Mon Sep 17 00:00:00 2001
From: Luca <lucas@openstamanager.com>
Date: Mon, 24 Jan 2022 17:39:15 +0100
Subject: [PATCH 3/4] Update 2_4_29.sql

---
 update/2_4_29.sql | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/update/2_4_29.sql b/update/2_4_29.sql
index 4b4f380a4..e91580392 100644
--- a/update/2_4_29.sql
+++ b/update/2_4_29.sql
@@ -45,9 +45,9 @@ UPDATE `zz_modules` SET `options` = 'SELECT |select| FROM an_mansioni WHERE 1=1
 INSERT INTO `zz_prints` (`id`, `id_module`, `is_record`, `name`, `title`, `filename`, `directory`, `previous`, `options`, `icon`, `version`, `compatibility`, `order`, `predefined`, `default`, `enabled`) VALUES (NULL, (SELECT `id` FROM `zz_modules` WHERE `name`='Ordini cliente'), '1', 'Ordine cliente (senza codici)', 'Ordine cliente (senza codici)', 'Ordine cliente num. {numero} del {data}', 'ordini', 'idordine', '{\"pricing\": true, \"last-page-footer\": true, \"hide_codice\": true}', 'fa fa-print', '', '', '0', '0', '1', '1');
 
 -- Aggiunta vista Email inviata in moduli ordini
-UPDATE `zz_modules` SET `options` = 'SELECT |select|\r\nFROM `or_ordini`\r\n LEFT JOIN `an_anagrafiche` ON `or_ordini`.`idanagrafica` = `an_anagrafiche`.`idanagrafica`\r\n LEFT JOIN `or_tipiordine` ON `or_ordini`.`idtipoordine` = `or_tipiordine`.`id`\r\n LEFT JOIN (\r\n SELECT `idordine`,\r\n SUM(`qta` - `qta_evasa`) AS `qta_da_evadere`,\r\n SUM(`subtotale` - `sconto`) AS `totale_imponibile`,\r\n SUM(`subtotale` - `sconto` + `iva`) AS `totale`\r\n FROM `or_righe_ordini`\r\n GROUP BY `idordine`\r\n ) AS righe ON `or_ordini`.`id` = `righe`.`idordine`\r\n LEFT JOIN (\r\n SELECT `idordine`,\r\n MIN(`data_evasione`) AS `data_evasione`\r\n FROM `or_righe_ordini`\r\n WHERE (`qta` - `qta_evasa`)>0\r\n GROUP BY `idordine`\r\n ) AS `righe_da_evadere` ON `righe`.`idordine`=`righe_da_evadere`.`idordine`\r\n LEFT JOIN (\r\n SELECT GROUP_CONCAT(DISTINCT co_documenti.numero_esterno SEPARATOR \", \") AS info, co_righe_documenti.idordine FROM co_documenti INNER JOIN co_righe_documenti ON co_documenti.id = co_righe_documenti.iddocumento GROUP BY idordine\r\n) AS fattura ON fattura.idordine = or_ordini.id\r\nLEFT JOIN (\r\n SELECT `zz_operations`.`id_email`, `zz_operations`.`id_record`\r\n FROM `zz_operations`\r\n INNER JOIN `em_emails` ON `zz_operations`.`id_email` = `em_emails`.`id`\r\n INNER JOIN `em_templates` ON `em_emails`.`id_template` = `em_templates`.`id`\r\n INNER JOIN `zz_modules` ON `zz_operations`.`id_module` = `zz_modules`.`id`\r\n WHERE `zz_modules`.`name` = \'Ordini fornitore\' AND `zz_operations`.`op` = \'send-email\'\r\n GROUP BY `zz_operations`.`id_record`\r\n ) AS `email` ON `email`.`id_record` = `or_ordini`.`id`\r\nWHERE 1=1 AND `dir` = \'uscita\' |date_period(`data`)|\r\nHAVING 2=2\r\nORDER BY `data` DESC, CAST(`numero_esterno` AS UNSIGNED) DESC' WHERE `zz_modules`.`id` = 25;
+UPDATE `zz_modules` SET `options` = 'SELECT |select|\r\nFROM `or_ordini`\r\n LEFT JOIN `an_anagrafiche` ON `or_ordini`.`idanagrafica` = `an_anagrafiche`.`idanagrafica`\r\n LEFT JOIN `or_tipiordine` ON `or_ordini`.`idtipoordine` = `or_tipiordine`.`id`\r\n LEFT JOIN (\r\n SELECT `idordine`,\r\n SUM(`qta` - `qta_evasa`) AS `qta_da_evadere`,\r\n SUM(`subtotale` - `sconto`) AS `totale_imponibile`,\r\n SUM(`subtotale` - `sconto` + `iva`) AS `totale`\r\n FROM `or_righe_ordini`\r\n GROUP BY `idordine`\r\n ) AS righe ON `or_ordini`.`id` = `righe`.`idordine`\r\n LEFT JOIN (\r\n SELECT `idordine`,\r\n MIN(`data_evasione`) AS `data_evasione`\r\n FROM `or_righe_ordini`\r\n WHERE (`qta` - `qta_evasa`)>0\r\n GROUP BY `idordine`\r\n ) AS `righe_da_evadere` ON `righe`.`idordine`=`righe_da_evadere`.`idordine`\r\n LEFT JOIN (\r\n SELECT GROUP_CONCAT(DISTINCT co_documenti.numero_esterno SEPARATOR \", \") AS info, co_righe_documenti.idordine FROM co_documenti INNER JOIN co_righe_documenti ON co_documenti.id = co_righe_documenti.iddocumento GROUP BY idordine\r\n) AS fattura ON fattura.idordine = or_ordini.id\r\nLEFT JOIN (\r\n SELECT `zz_operations`.`id_email`, `zz_operations`.`id_record`\r\n FROM `zz_operations`\r\n INNER JOIN `em_emails` ON `zz_operations`.`id_email` = `em_emails`.`id`\r\n INNER JOIN `em_templates` ON `em_emails`.`id_template` = `em_templates`.`id`\r\n INNER JOIN `zz_modules` ON `zz_operations`.`id_module` = `zz_modules`.`id`\r\n WHERE `zz_modules`.`name` = \'Ordini fornitore\' AND `zz_operations`.`op` = \'send-email\'\r\n GROUP BY `zz_operations`.`id_record`\r\n ) AS `email` ON `email`.`id_record` = `or_ordini`.`id`\r\nWHERE 1=1 AND `dir` = \'uscita\' |date_period(`data`)|\r\nHAVING 2=2\r\nORDER BY `data` DESC, CAST(`numero_esterno` AS UNSIGNED) DESC' WHERE `zz_modules`.`name` = 'Ordini fornitore';
 
-UPDATE `zz_modules` SET `options` = 'SELECT |select|\r\nFROM `or_ordini`\r\n LEFT JOIN `an_anagrafiche` ON `or_ordini`.`idanagrafica` = `an_anagrafiche`.`idanagrafica`\r\n LEFT JOIN `or_tipiordine` ON `or_ordini`.`idtipoordine` = `or_tipiordine`.`id`\r\n LEFT JOIN (\r\n SELECT `idordine`,\r\n SUM(`qta` - `qta_evasa`) AS `qta_da_evadere`,\r\n SUM(`subtotale` - `sconto`) AS `totale_imponibile`,\r\n SUM(`subtotale` - `sconto` + `iva`) AS `totale`\r\n FROM `or_righe_ordini`\r\n GROUP BY `idordine`\r\n ) AS righe ON `or_ordini`.`id` = `righe`.`idordine`\r\n LEFT JOIN (\r\n SELECT `idordine`,\r\n MIN(`data_evasione`) AS `data_evasione`\r\n FROM `or_righe_ordini`\r\n WHERE (`qta` - `qta_evasa`)>0\r\n GROUP BY `idordine`\r\n ) AS `righe_da_evadere` ON `righe`.`idordine`=`righe_da_evadere`.`idordine`\r\n LEFT JOIN (\r\n SELECT GROUP_CONCAT(DISTINCT co_documenti.numero_esterno SEPARATOR \", \") AS info, co_righe_documenti.idordine FROM co_documenti INNER JOIN co_righe_documenti ON co_documenti.id = co_righe_documenti.iddocumento GROUP BY idordine\r\n) AS fattura ON fattura.idordine = or_ordini.id\r\nLEFT JOIN (\r\n SELECT `zz_operations`.`id_email`, `zz_operations`.`id_record`\r\n FROM `zz_operations`\r\n INNER JOIN `em_emails` ON `zz_operations`.`id_email` = `em_emails`.`id`\r\n INNER JOIN `em_templates` ON `em_emails`.`id_template` = `em_templates`.`id`\r\n INNER JOIN `zz_modules` ON `zz_operations`.`id_module` = `zz_modules`.`id`\r\n WHERE `zz_modules`.`name` = \'Ordini cliente\' AND `zz_operations`.`op` = \'send-email\'\r\n GROUP BY `zz_operations`.`id_record`\r\n ) AS `email` ON `email`.`id_record` = `or_ordini`.`id`\r\nWHERE 1=1 AND `dir` = \'entrata\' |date_period(`data`)|\r\nHAVING 2=2\r\nORDER BY `data` DESC, CAST(`numero_esterno` AS UNSIGNED) DESC' WHERE `zz_modules`.`id` = 24;
+UPDATE `zz_modules` SET `options` = 'SELECT |select|\r\nFROM `or_ordini`\r\n LEFT JOIN `an_anagrafiche` ON `or_ordini`.`idanagrafica` = `an_anagrafiche`.`idanagrafica`\r\n LEFT JOIN `or_tipiordine` ON `or_ordini`.`idtipoordine` = `or_tipiordine`.`id`\r\n LEFT JOIN (\r\n SELECT `idordine`,\r\n SUM(`qta` - `qta_evasa`) AS `qta_da_evadere`,\r\n SUM(`subtotale` - `sconto`) AS `totale_imponibile`,\r\n SUM(`subtotale` - `sconto` + `iva`) AS `totale`\r\n FROM `or_righe_ordini`\r\n GROUP BY `idordine`\r\n ) AS righe ON `or_ordini`.`id` = `righe`.`idordine`\r\n LEFT JOIN (\r\n SELECT `idordine`,\r\n MIN(`data_evasione`) AS `data_evasione`\r\n FROM `or_righe_ordini`\r\n WHERE (`qta` - `qta_evasa`)>0\r\n GROUP BY `idordine`\r\n ) AS `righe_da_evadere` ON `righe`.`idordine`=`righe_da_evadere`.`idordine`\r\n LEFT JOIN (\r\n SELECT GROUP_CONCAT(DISTINCT co_documenti.numero_esterno SEPARATOR \", \") AS info, co_righe_documenti.idordine FROM co_documenti INNER JOIN co_righe_documenti ON co_documenti.id = co_righe_documenti.iddocumento GROUP BY idordine\r\n) AS fattura ON fattura.idordine = or_ordini.id\r\nLEFT JOIN (\r\n SELECT `zz_operations`.`id_email`, `zz_operations`.`id_record`\r\n FROM `zz_operations`\r\n INNER JOIN `em_emails` ON `zz_operations`.`id_email` = `em_emails`.`id`\r\n INNER JOIN `em_templates` ON `em_emails`.`id_template` = `em_templates`.`id`\r\n INNER JOIN `zz_modules` ON `zz_operations`.`id_module` = `zz_modules`.`id`\r\n WHERE `zz_modules`.`name` = \'Ordini cliente\' AND `zz_operations`.`op` = \'send-email\'\r\n GROUP BY `zz_operations`.`id_record`\r\n ) AS `email` ON `email`.`id_record` = `or_ordini`.`id`\r\nWHERE 1=1 AND `dir` = \'entrata\' |date_period(`data`)|\r\nHAVING 2=2\r\nORDER BY `data` DESC, CAST(`numero_esterno` AS UNSIGNED) DESC' WHERE `zz_modules`.`name` = 'Ordini cliente';
 
 INSERT INTO `zz_views` (`id_module`, `name`, `query`, `order`, `search`, `slow`, `format`, `search_inside`, `order_by`, `visible`, `summable`, `default`) VALUES
 ((SELECT `id` FROM `zz_modules` WHERE `name` = 'Ordini cliente'), 'icon_Inviata', 'IF(`email`.`id_email` IS NOT NULL, \'fa fa-envelope text-success\', \'\')', 12, 1, 0, 0, '', '', 1, 0, 0),

From 60aaefb9f42f7f6a5b50de5b1b0475040a0de860 Mon Sep 17 00:00:00 2001
From: Beppe <cjbeppe87@gmail.com>
Date: Wed, 26 Jan 2022 16:32:18 +0100
Subject: [PATCH 4/4] Fix massimale dichiarazione d'intento

---
 update/2_4_29.sql | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/update/2_4_29.sql b/update/2_4_29.sql
index 4b4f380a4..6e230b414 100644
--- a/update/2_4_29.sql
+++ b/update/2_4_29.sql
@@ -51,4 +51,7 @@ UPDATE `zz_modules` SET `options` = 'SELECT |select|\r\nFROM `or_ordini`\r\n LEF
 
 INSERT INTO `zz_views` (`id_module`, `name`, `query`, `order`, `search`, `slow`, `format`, `search_inside`, `order_by`, `visible`, `summable`, `default`) VALUES
 ((SELECT `id` FROM `zz_modules` WHERE `name` = 'Ordini cliente'), 'icon_Inviata', 'IF(`email`.`id_email` IS NOT NULL, \'fa fa-envelope text-success\', \'\')', 12, 1, 0, 0, '', '', 1, 0, 0),
-((SELECT `id` FROM `zz_modules` WHERE `name` = 'Ordini fornitore'), 'icon_Inviata', 'IF(`email`.`id_email` IS NOT NULL, \'fa fa-envelope text-success\', \'\')', 12, 1, 0, 0, '', '', 0, 0, 0);
\ No newline at end of file
+((SELECT `id` FROM `zz_modules` WHERE `name` = 'Ordini fornitore'), 'icon_Inviata', 'IF(`email`.`id_email` IS NOT NULL, \'fa fa-envelope text-success\', \'\')', 12, 1, 0, 0, '', '', 0, 0, 0);
+
+-- Fix massimale dichiarazione d'intento
+ALTER TABLE `co_dichiarazioni_intento` CHANGE `massimale` `massimale` DECIMAL(15,6) NOT NULL; 
\ No newline at end of file