Fix edit html

fix wrong DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_ called

.travis.yml

@@ -3,6 +3,7 @@
 # For syntax, see http://about.travis-ci.org/docs/user/languages/php/
 
 # We use dist: trusty to have php 5.4+ available
+os: linux
 dist: trusty
 sudo: required
 
@@ -42,7 +43,7 @@ env:
   global:
   # Set to true for very verbose output
   - DEBUG=false
-  matrix:
+  jobs:
   # MariaDB overrides MySQL installation so it's not possible to test both yet
   #- DB=mysql
   - DB=mariadb
@@ -54,7 +55,7 @@ env:
   # See https://github.com/DracoBlue/travis-ci-nginx-php-fpm-test
   #- WS=nginx
 
-matrix:
+jobs:
   fast_finish: true
   allow_failures:
   - php: nightly

ChangeLog

@@ -3,6 +3,172 @@ English Dolibarr ChangeLog
 --------------------------------------------------------------
 
 
+***** ChangeLog for 11.0.3 compared to 11.0.2 *****
+FIX: unit price for selected supplier products not set. NaN was used.
+FIX: use bad var to check if total is positive for each VAT rate when validating an invoice
+FIX: status missing from last customer invoices box when using MAIN_STATUS_USES_CSS
+FIX: translations for "orders" not loaded in the homepage box
+FIX: #13194
+FIX: #13274 cannot add or update 0 value for an int or double extrafield
+FIX: #13285 SQL error during migration with pgsql
+FIX: #13294
+FIX: #13313
+FIX: Clone Fourn Command, add line's extrafields
+FIX: cols parameter not propagated to tpl
+FIX: CSRF error when creating an intervention
+FIX: date order was -1D and desc with label repetition
+FIX: empty of series in graph of product distribution
+FIX: fk_type subscription list via api REST
+FIX: link when using anchor on "/" in website module
+FIX: menu export document was not visible when using "simple accounting"
+FIX: missing class declaration
+FIX: missing global $conf
+FIX: Missing token in some forms (avoid unset POST errors)
+FIX: params of setEventMessage($langs->trans('ErrorProductClone')...
+FIX: Remove unexisting link
+FIX: mass action on stock movements
+FIX: substitute lines dates values on doc generator (ODT, ...)
+FIX: Ticket - Load Cache Messages Ticket, wrong message's status
+FIX: Ticket Public  - Private messages are displayed
+FIX: wrong include - replace extrafields_create.tpl.php to extrafields_add.tpl.php
+
+***** ChangeLog for 11.0.2 compared to 11.0.1 *****
+FIX: #10309
+FIX: #13110
+FIX: #13118
+FIX: #13124
+FIX: #13131
+FIX: #13135
+FIX: #13146 
+FIX: #13198
+FIX: #13175
+FIX: #13182
+FIX: #13183
+FIX: #13184
+FIX: #13263
+FIX: #13267
+FIX: an external user can not approve
+FIX: API Get list of documents for supplier_invoice
+FIX: API to push an expense report
+FIX: API upload/download doc for expensereport
+FIX: Avoid to download the export if we just press enter to refresh form
+FIX: Bad link to template invoices
+FIX: Bad sort link in accounting report
+FIX: Bad translation for productlot EatBy and SellBy
+FIX: better method to check user rights AND usergroup rights !
+FIX: CA by product list filter
+FIX: CSS
+FIX: Disable js if no javascript
+FIX: duplicate class name into some log lines
+FIX: etrafield with visibilty=5 were not in read only.
+FIX: excess paid from situation invoices not counted when calculating remain to pay.
+FIX: Force FEC export to txt format.
+FIX: Free input for email no more visible.
+FIX: Keep assigned users in session when loading projects and tasks
+FIX: List of viewed projects too large in task widget.
+FIX: Menu truncated. Add tooltip to have all content.
+FIX: Missing field "billed" in export.
+FIX: missing "statut" for getNomUrl() function
+FIX: modFournisseur is required by modSupplierProposal
+FIX: Multicompany compatibility
+FIX: must be == and not =
+FIX: option for topbar search and bookmarks
+FIX: option MAIN_OPTIMIZEFORTEXTBROWSER
+FIX: some responsive troubles
+FIX: round MT in accountancy books
+FIX: search with '0'
+FIX: sort link
+FIX: SQL Overload in default contact trigger.
+FIX: SQl syntax error.
+FIX: Submit of documents for supplier invoices.
+FIX: timezone must be tzserver and not tzuser as on contract card
+FIX: token in barcode tools page missing
+FIX: Bad name of trigger PROPAL_SUPPLIER_TRIGGER, should be PROPOSAL_SUPPLIER_TRIGGER
+FIX: Type of contact for event does not exists and not supported
+FIX: Type of contact not saved when creating a contact
+FIX: typo on ckeck method
+FIX: undefined function measuringUnitString in product list
+FIX: Usage of project not available in export.
+FIX: wrong test
+FIX: z-index for moretabsList with constant MAIN_MAXTABS_IN_CARD
+FIX: Use GETPOST instead of POST
+FIX: HTML Injection
+FIX: Visualization rights correction on last modified contacts box.
+FIX: Vulnerability in module from modulebuilder.
+FIX: Vulnerability reported by code16
+
+***** ChangeLog for 11.0.1 compared to 11.0.0 *****
+FIX: advanced target emailing sql and ergonomy.
+FIX: After import of a website template, home page was not set.
+FIX: Avoid deletion of bank record if in accounting
+FIX: compatibility with multicompany (avoid duplicate data)
+FIX: Confusion between 'bank reconciled' and 'accounted'. Show both data.
+FIX: Count of Stripe payment mode must take test/live into account
+FIX: Creation of Stripe card from backoffice must return a clean message
+FIX: CVE-2019–17223
+FIX: CVE-2019–17223 
+FIX: CVE-2020-7994
+FIX: CVE Need permission to be able to develop modules
+FIX: #13053
+FIX: Disable ticket status change if ticket closed
+FIX: doc of dictionnary API
+FIX: expedition ceate line new parameter is not required.
+FIX: export ledger
+FIX: FEC export have specific name
+FIX: Filenames must not contains non ascii char or we will get non ascii
+FIX: Filter on list of events were lost after "Back to list"
+FIX: hasDelay for retained warranty
+FIX: If we can change vendor status, we must be able to chane vendor code
+FIX: links in products/services index
+FIX: Log of authentication ok or ko + CVE-2020-7996
+FIX: Look and feel v11
+FIX: Mail smtps truncated if content has a line with single .
+FIX: missing hook parameter
+FIX: Missing include
+FIX: need weight short label in shipping doc
+FIX: Picture of contact not visible in tooltip
+FIX: Problem with column label in subscription list
+FIX: ref_client not visible in tooltip.
+FIX: search filter on extrafields were not restored after "Back to list"
+FIX: situation invoice: allow excess paid to be converted to discount
+FIX: situation invoice: bad amount for previous payments because of local variable overwriting a more global one
+FIX: situation invoice: can't convert excess received to discount & bad previous payment amount
+FIX: SQL request and phpunit
+FIX: Update export_files.php
+FIX: Use ref into label of ticket message
+FIX: use "usergroup" instead of "user"
+FIX: Warning on admin/export_files
+FIX: #10203
+FIX: default filtering for 'select' extrafields should use "=", not "LIKE"
+FIX: #11975 When a product is split between multiple pages in a document, prices/quantity/etc appear on the last relevant page
+FIX: #12760 #12763 #12755 #12765 #12751
+FIX: #12874
+FIX: #12892
+FIX: #12908 User login with credentials from self-subscription form fails
+FIX: #12932
+FIX: #12966
+FIX: #12973
+FIX: #12974
+FIX: #12975
+FIX: #12978
+FIX: #12986
+FIX: #12991
+FIX: #12992
+FIX: #12995
+FIX: #13018 Extrafields Supplier invoice
+FIX: #13019
+FIX: #13022
+FIX: #13028
+FIX: #13038 ExpenseReport PDF - custom category description is not correct
+FIX: #13046 More complete
+FIX: #13048
+FIX: #13050
+FIX: #13077 Replace left join with inner join (left join was useless)
+FIX: #13085
+FIX: #13094
+FIX: #13096
+FIX: #13100
+
 ***** ChangeLog for 11.0.0 compared to 10.0.0 *****
 For Users:
 

dev/dolibarr_changes.txt

@@ -63,10 +63,49 @@ with
 
             if (isset($this->imagekeys)) {
                 foreach($this->imagekeys as $file) {
-//                  unlink($file);
+				// DOL CHANGE If we keep this, source image files are physically destroyed
+				// unlink($file);
                 }
             }
 
+* Replace in tcpdf.php
+
+		$preserve = array(
+			'file_id',
+			'internal_encoding',
+			'state',
+			'bufferlen',
+			'buffer',
+			'cached_files',
+
+with
+
+		$preserve = array(
+			'file_id',
+			'internal_encoding',
+			'state',
+			'bufferlen',
+			'buffer',
+			'cached_files',
+			// @CHANGE DOL
+			'imagekeys',
+
+* Replace in tcpdf.php
+
+			if (!@TCPDF_STATIC::file_exists($file)) {
+				return false;	
+			}
+
+with
+
+			if (!@TCPDF_STATIC::file_exists($file)) {
+				// DOL CHANGE If we keep this, the image is not visible on pages after the first one.
+				//var_dump($file.' '.(!@TCPDF_STATIC::file_exists($file)));
+				//return false;	
+			}
+			
+
+
 * In tecnickcom/tcpdf/include/tcpdf_static, in function fopenLocal, replace
 
 		if (strpos($filename, '://') === false) {
@@ -102,7 +141,7 @@ In htdocs/includes/tecnickcom/tcpdf/tcpdf.php
 +       protected $default_monospaced_font = 'freemono';
 
 
-		
+
 
 TCPDI:
 ------

dev/translation/txpull.sh

@@ -54,5 +54,5 @@ fi
 
 echo Think to launch also: 
 echo "> dev/tools/fixaltlanguages.sh fix all"
-echo "For v11: Replace also regex \(.*(sponge|cornas|eratosthene|cyan).*\) with ''"
+echo "For v11: Replace also regex \(.*(sponge|cornas|eratosthene|cyan).*\) with '' on *.lang files"
 

doc/user/README-DE.md

@@ -0,0 +1,12 @@
+README (german)
+LiesMich (deutsch)
+
+--------------------------------
+Benutzeranleitung
+--------------------------------
+
+Alle Dolibarr-Informationen sind online verfuegbar ueber die Webseiten:
+https://www.dolibarr.de 
+oder
+https://www.dolibarr.org
+https://wiki.dolibarr.org

htdocs/accountancy/admin/account.php

@@ -46,6 +46,8 @@ $search_accountparent = GETPOST('search_accountparent', 'alpha');
 $search_pcgtype = GETPOST('search_pcgtype', 'alpha');
 $search_pcgsubtype = GETPOST('search_pcgsubtype', 'alpha');
 
+$chartofaccounts = GETPOST('chartofaccounts', 'int');
+
 // Security check
 if ($user->socid > 0) accessforbidden();
 if (! $user->rights->accounting->chartofaccount) accessforbidden();
@@ -101,11 +103,9 @@ if (empty($reshook))
     	$search_pcgsubtype = "";
 		$search_array_options = array();
     }
-
-    if (GETPOST('change_chart', 'alpha') && (GETPOST('valid_change_chart', 'int') || empty($conf->use_javascript_ajax)))
+    if ((GETPOST('valid_change_chart', 'alpha') && GETPOST('chartofaccounts', 'int') > 0)	// explicit click on button 'Change and load' with js on
+    	|| (GETPOST('chartofaccounts', 'int') > 0 && GETPOST('chartofaccounts', 'int') != $conf->global->CHARTOFACCOUNTS))	// a submit of form is done and chartofaccounts combo has been modified
     {
-        $chartofaccounts = GETPOST('chartofaccounts', 'int');
-
         if ($chartofaccounts > 0)
         {
 			// Get language code for this $chartofaccounts
@@ -274,18 +274,13 @@ if ($resql)
 
     if (!empty($conf->use_javascript_ajax))
     {
-	    print '<!-- Add javascript to update a flag when we select "Change plan" -->
+	    print '<!-- Add javascript to reload page when we click "Change plan" -->
 			<script type="text/javascript">
 			$(document).ready(function () {
-		    	$("#searchFormList").on("submit", function (e) {
-					console.log("chartofaccounts focus = "+$("#chartofaccounts").is(":focus"));
-					console.log("change_chart focus = "+$("#change_chart").is(":focus"));
-					if ($("#change_chart").is(":focus"))
-					{
-						console.log("We set valid_change_chart to 1");
-						$("#valid_change_chart").val(1);
-					}
-					return true;
+		    	$("#change_chart").on("click", function (e) {
+					console.log("chartofaccounts seleted = "+$("#chartofaccounts").val());
+					// reload page
+					window.location.href = "'.$_SERVER["PHP_SELF"].'?valid_change_chart=1&chartofaccounts="+$("#chartofaccounts").val();
 			    });
 			});
 	    	</script>';
@@ -332,8 +327,7 @@ if ($resql)
     else dol_print_error($db);
     print "</select>";
     print ajax_combobox("chartofaccounts");
-    print '<input type="submit" class="button" name="change_chart" id="change_chart" value="'.dol_escape_htmltag($langs->trans("ChangeAndLoad")).'">';
-    print '<input type="hidden" name="valid_change_chart" id="valid_change_chart" value="0">';
+    print '<input type="'.(empty($conf->use_javascript_ajax)?'submit':'button').'" class="button" name="change_chart" id="change_chart" value="'.dol_escape_htmltag($langs->trans("ChangeAndLoad")).'">';
 
     print '<br>';
 	print '<br>';

htdocs/accountancy/admin/defaultaccounts.php

@@ -161,6 +161,7 @@ print '<input type="hidden" name="action" value="update">';
 // Define main accounts for thirdparty
 
 print '<table class="noborder centpercent">';
+print '<tr class="liste_titre"><td>'.$langs->trans("ThirdParties").' | '.$langs->trans("Users").'</td><td></td></tr>';
 
 foreach ($list_account_main as $key) {
     print '<tr class="oddeven value">';
@@ -180,15 +181,6 @@ foreach ($list_account_main as $key) {
 }
 
 
-print "</table>\n";
-
-
-print '<br>';
-
-// Define default accounts
-
-print '<table class="noborder centpercent">';
-
 foreach ($list_account as $key) {
 	$reg=array();
 	if (preg_match('/---(.*)---/', $key, $reg)) {

htdocs/accountancy/admin/export.php

@@ -134,13 +134,13 @@ if ($action == 'update') {
 
 $form = new Form($db);
 
-$title = $langs->trans('ConfigAccountingExpert');
+$title = $langs->trans('ExportOptions');
 llxHeader('', $title);
 
 
 $linkback = '';
 // $linkback = '<a href="' . DOL_URL_ROOT . '/admin/modules.php?restore_lastsearch_values=1">' . $langs->trans("BackToModuleList") . '</a>';
-print load_fiche_titre($langs->trans('ConfigAccountingExpert'), $linkback, 'accountancy');
+print load_fiche_titre($langs->trans('ExportOptions'), $linkback, 'accountancy');
 
 
 print "\n".'<script type="text/javascript" language="javascript">'."\n";

htdocs/accountancy/bookkeeping/balance.php

@@ -42,7 +42,6 @@ $page = GETPOST("page", 'int');
 $sortorder = GETPOST("sortorder", 'alpha');
 $sortfield = GETPOST("sortfield", 'alpha');
 $action = GETPOST('action', 'aZ09');
-if (GETPOST("exportcsv", 'alpha')) $action = 'export_csv';
 
 // Load variable for pagination
 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
@@ -198,12 +197,25 @@ if ($action != 'export_csv')
 	if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
 	print '<input type="hidden" name="token" value="'.newToken().'">';
 	print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
-	print '<input type="hidden" name="action" value="list">';
+	print '<input type="hidden" name="action" id="action" value="list">';
 	print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
 	print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
 	print '<input type="hidden" name="page" value="'.$page.'">';
 
-	$button = '<input type="submit" name="exportcsv" class="butAction" value="'.$langs->trans("Export").' ('.$conf->global->ACCOUNTING_EXPORT_FORMAT.')" />';
+	print '<script type="text/javascript" language="javascript">
+	jQuery(document).ready(function() {
+		jQuery("#exportcsvbutton").click(function() {
+			event.preventDefault();
+			console.log("Set action to export_csv");
+			jQuery("#action").val("export_csv");
+			jQuery("#searchFormList").submit();
+			jQuery("#action").val("list");
+		});
+	});
+	</script>';
+
+
+	$button = '<input type="button" id="exportcsvbutton" name="exportcsvbutton" class="butAction" value="'.$langs->trans("Export").' ('.$conf->global->ACCOUNTING_EXPORT_FORMAT.')" />';
 
 	print_barre_liste($title_page, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $button, $result, $nbtotalofrecords, 'title_accountancy', 0, '', '', $limit);
 

htdocs/accountancy/class/accountancyexport.class.php

@@ -125,7 +125,7 @@ class AccountancyExport
 	 * @param	int		$type		Format id
 	 * @return 	string				Format code
 	 */
-	private static function getFormatCode($type)
+	public static function getFormatCode($type)
 	{
 		$formatcode = array(
 			self::$EXPORT_TYPE_CONFIGURABLE => 'csv',
@@ -239,6 +239,7 @@ class AccountancyExport
 		$filename = 'general_ledger-'.$this->getFormatCode($formatexportset);
 		$type_export = 'general_ledger';
 
+		global $db; 	// The tpl file use $db
 		include DOL_DOCUMENT_ROOT.'/accountancy/tpl/export_journal.tpl.php';
 
 
@@ -935,6 +936,7 @@ class AccountancyExport
 		foreach ($objectLines as $line) {
 			$date_document = dol_print_date($line->doc_date, '%Y%m%d');
 			$date_creation = dol_print_date($line->date_creation, '%Y%m%d');
+			$date_lim_reglement = dol_print_date($line->date_lim_reglement, '%Y%m%d');
 
 			// TYPE
 			$type_enregistrement = 'E'; // For write movement
@@ -950,7 +952,7 @@ class AccountancyExport
 			// LIBE
 			print $line->label_operation.$separator;
 			// DATH
-			print $line->date_lim_reglement.$separator;
+			print $date_lim_reglement.$separator;
 			// CNPI
 			if ($line->doc_type == 'supplier_invoice') {
 				if ($line->montant < 0) {
@@ -969,21 +971,19 @@ class AccountancyExport
 			}
 			print $nature_piece.$separator;
 			// RACI
-			/*
-			if (! empty($line->subledger_account)) {
-				if ($line->doc_type == 'supplier_invoice') {
-					$racine_subledger_account = '40';
-				} elseif ($line->doc_type == 'customer_invoice') {
-					$racine_subledger_account = '41';
-				} else {
-					$nature_piece = '';
-				}
-				print $racine_subledger_account . $separator;
-			} else {
-				print $separator;
-			}
-			*/
-			print $separator; // deprecated CPTG & CPTA use instead
+			//			if (! empty($line->subledger_account)) {
+			//              if ($line->doc_type == 'supplier_invoice') {
+			//                  $racine_subledger_account = '40';
+			//              } elseif ($line->doc_type == 'customer_invoice') {
+			//                  $racine_subledger_account = '41';
+			//              } else {
+			//                  $racine_subledger_account = '';
+			//              }
+			//          } else {
+			$racine_subledger_account = ''; // for records of type E leave this field blank
+			//          }
+
+			print $racine_subledger_account . $separator; // deprecated CPTG & CPTA use instead
 			// MONT
 			print price(abs($line->montant), 0, '', 1, 2).$separator;
 			// CODC

htdocs/accountancy/class/bookkeeping.class.php

@@ -926,6 +926,7 @@ class BookKeeping extends CommonObject
 		$sql .= " t.debit,";
 		$sql .= " t.credit,";
 		$sql .= " t.lettering_code,";
+		$sql .= " t.date_lettering,";
 		$sql .= " t.montant,";
 		$sql .= " t.sens,";
 		$sql .= " t.fk_user_author,";
@@ -934,6 +935,7 @@ class BookKeeping extends CommonObject
 		$sql .= " t.journal_label,";
 		$sql .= " t.piece_num,";
 		$sql .= " t.date_creation,";
+		$sql .= " t.date_lim_reglement,";
 		$sql .= " t.tms as date_modification,";
         $sql .= " t.date_export";
 		$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
@@ -1006,12 +1008,14 @@ class BookKeeping extends CommonObject
 				$line->montant = $obj->montant;
 				$line->sens = $obj->sens;
 				$line->lettering_code = $obj->lettering_code;
+				$line->date_lettering = $obj->date_lettering;
 				$line->fk_user_author = $obj->fk_user_author;
 				$line->import_key = $obj->import_key;
 				$line->code_journal = $obj->code_journal;
 				$line->journal_label = $obj->journal_label;
 				$line->piece_num = $obj->piece_num;
 				$line->date_creation = $this->db->jdate($obj->date_creation);
+				$line->date_lim_reglement = $this->db->jdate($obj->date_lim_reglement);
 				$line->date_modification = $this->db->jdate($obj->date_modification);
                 $line->date_export = $this->db->jdate($obj->date_export);
 
@@ -1550,7 +1554,7 @@ class BookKeeping extends CommonObject
 		$sql .= " WHERE piece_num = ".$piecenum;
 		$sql .= " AND entity IN (".getEntity('accountancy').")";
 
-		dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
+		dol_syslog(__METHOD__, LOG_DEBUG);
 		$result = $this->db->query($sql);
 		if ($result) {
 			$obj = $this->db->fetch_object($result);
@@ -1564,7 +1568,7 @@ class BookKeeping extends CommonObject
 			$this->date_creation = $obj->date_creation;
 		} else {
 			$this->error = "Error ".$this->db->lasterror();
-			dol_syslog(get_class($this)."::".__METHOD__.$this->error, LOG_ERR);
+			dol_syslog(__METHOD__.$this->error, LOG_ERR);
 			return -1;
 		}
 
@@ -1618,7 +1622,7 @@ class BookKeeping extends CommonObject
 		$sql .= " WHERE piece_num = ".$piecenum;
 		$sql .= " AND entity IN (".getEntity('accountancy').")";
 
-		dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
+		dol_syslog(__METHOD__, LOG_DEBUG);
 		$result = $this->db->query($sql);
 		if ($result) {
 			while ($obj = $this->db->fetch_object($result)) {
@@ -1650,7 +1654,7 @@ class BookKeeping extends CommonObject
 			}
 		} else {
 			$this->error = "Error ".$this->db->lasterror();
-			dol_syslog(get_class($this)."::".__METHOD__.$this->error, LOG_ERR);
+			dol_syslog(__METHOD__.$this->error, LOG_ERR);
 			return -1;
 		}
 

htdocs/accountancy/index.php

@@ -66,7 +66,7 @@ if ($conf->accounting->enabled)
 
     $resultboxes = FormOther::getBoxesArea($user, "27"); // Load $resultboxes (selectboxlist + boxactivated + boxlista + boxlistb)
 
-	$helpisexpanded = empty($resultboxes['boxactivated']); // If there is no widget, the tooltip help is expanded by default.
+    $helpisexpanded = empty($resultboxes['boxactivated']) || (empty($resultboxes['boxlista']) && empty($resultboxes['boxlistb'])); // If there is no widget, the tooltip help is expanded by default.
 	$showtutorial = '';
 
 	if (!$helpisexpanded)
@@ -222,10 +222,6 @@ if ($conf->accounting->enabled)
     $boxlist .= '<div class="twocolumns">';
 
     $boxlist .= '<div class="firstcolumn fichehalfleft boxhalfleft" id="boxhalfleft">';
-    if (!empty($nbworkboardcount))
-    {
-        $boxlist .= $boxwork;
-    }
 
     $boxlist .= $resultboxes['boxlista'];
 
@@ -233,7 +229,6 @@ if ($conf->accounting->enabled)
 
     $boxlist .= '<div class="secondcolumn fichehalfright boxhalfright" id="boxhalfright">';
 
-    $boxlist .= $boxstat;
     $boxlist .= $resultboxes['boxlistb'];
 
     $boxlist .= '</div>';

htdocs/accountancy/journal/bankjournal.php

@@ -663,7 +663,7 @@ if (! $error && $action == 'writebookkeeping') {
 						} elseif ($tabtype[$key] == 'payment_various') {
 							$bookkeeping->subledger_account = $k;
                             $bookkeeping->subledger_label = $tabcompany[$key]['name'];
-							$bookkeeping->numero_compte = $tabpay[$obj->rowid]["account_various"];
+							$bookkeeping->numero_compte = $tabpay[$key]["account_various"];
 
 							$accountingaccount->fetch(null, $bookkeeping->numero_compte, true);
 							$bookkeeping->label_compte = $accountingaccount->label;
@@ -760,7 +760,7 @@ if (! $error && $action == 'writebookkeeping') {
 			}
 		}
 
-		if (price2num($totaldebit) != price2num($totalcredit))
+		if (price2num($totaldebit, 'MT') != price2num($totalcredit, 'MT'))
 		{
 			$error++;
 			$errorforline++;
@@ -968,8 +968,8 @@ if (empty($action) || $action == 'view') {
 	journalHead($nom, '', $period, $periodlink, $description, $builddate, $exportlink, array('action' => ''), '', $varlink);
 
 
-	// Test that setup is complete
-	$sql = 'SELECT COUNT(rowid) as nb FROM '.MAIN_DB_PREFIX.'bank_account WHERE fk_accountancy_journal IS NULL AND clos=0';
+	// Test that setup is complete (we are in accounting, so test on entity is always on $conf->entity only, no sharing allowed)
+	$sql = 'SELECT COUNT(rowid) as nb FROM '.MAIN_DB_PREFIX.'bank_account WHERE entity = '.$conf->entity.' AND fk_accountancy_journal IS NULL AND clos=0';
 	$resql = $db->query($sql);
 	if ($resql)
 	{

htdocs/accountancy/journal/expensereportsjournal.php

@@ -355,7 +355,7 @@ if ($action == 'writebookkeeping') {
 		}
 
 		// Protection against a bug on line before
-		if (price2num($totaldebit) != price2num($totalcredit))
+		if (price2num($totaldebit, 'MT') != price2num($totalcredit, 'MT'))
 		{
 			$error++;
 			$errorforline++;

htdocs/accountancy/journal/purchasesjournal.php

@@ -513,7 +513,7 @@ if ($action == 'writebookkeeping') {
 		}
 
 		// Protection against a bug on lines before
-		if (!$errorforline && (price2num($totaldebit) != price2num($totalcredit)))
+		if (! $errorforline && (price2num($totaldebit, 'MT') != price2num($totalcredit, 'MT')))
 		{
 			$error++;
 			$errorforline++;

htdocs/accountancy/journal/sellsjournal.php

@@ -471,7 +471,7 @@ if ($action == 'writebookkeeping') {
 		}
 
 		// Protection against a bug on lines before
-		if (!$errorforline && (price2num($totaldebit) != price2num($totalcredit)))
+		if (! $errorforline && (price2num($totaldebit, 'MT') != price2num($totalcredit, 'MT')))
 		{
 			$error++;
 			$errorforline++;

htdocs/accountancy/tpl/export_journal.tpl.php

@@ -34,8 +34,10 @@ $endaccountingperiod = dol_print_date(dol_now(), '%Y%m%d');
 
 header('Content-Type: text/csv');
 
+include_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountancyexport.class.php';
+$accountancyexport = new AccountancyExport($db);
 
-if ($conf->global->ACCOUNTING_EXPORT_MODELCSV == "11" && $type_export == "general_ledger") // Specific filename for FEC model export into the general ledger
+if ($accountancyexport->getFormatCode($formatexportset) == $accountancyexport::$EXPORT_TYPE_FEC && $type_export == "general_ledger") // Specific filename for FEC model export into the general ledger
 {
 	// FEC format is defined here: https://www.legifrance.gouv.fr/affichCodeArticle.do?idArticle=LEGIARTI000027804775&cidTexte=LEGITEXT000006069583&dateTexte=20130802&oldAction=rechCodeArticle
 	if (empty($search_date_end))
@@ -55,7 +57,7 @@ if ($conf->global->ACCOUNTING_EXPORT_MODELCSV == "11" && $type_export == "genera
 
 	$endaccountingperiod = dol_print_date(dol_get_last_day($tmparray['year'], $tmparray['mon']), 'dayxcard');
 
-	$completefilename = $siren . "FEC" . $endaccountingperiod . "." . $format;
+	$completefilename = $siren . "FEC" . $endaccountingperiod . ".txt";
 }
 else
 {

htdocs/adherents/class/adherent.class.php

@@ -1376,48 +1376,49 @@ class Adherent extends CommonObject
 
 		require_once DOL_DOCUMENT_ROOT.'/adherents/class/subscription.class.php';
 
-		$sql = "SELECT c.rowid, c.fk_adherent, c.subscription, c.note, c.fk_bank,";
-		$sql.= " c.tms as datem,";
-		$sql.= " c.datec as datec,";
-		$sql.= " c.dateadh as dateh,";
-		$sql.= " c.datef as datef";
-		$sql.= " FROM ".MAIN_DB_PREFIX."subscription as c";
-		$sql.= " WHERE c.fk_adherent = ".$this->id;
-		$sql.= " ORDER BY c.dateadh";
+		$sql = "SELECT c.rowid, c.fk_adherent, c.fk_type, c.subscription, c.note, c.fk_bank,";
+		$sql .= " c.tms as datem,";
+		$sql .= " c.datec as datec,";
+		$sql .= " c.dateadh as dateh,";
+		$sql .= " c.datef as datef";
+		$sql .= " FROM ".MAIN_DB_PREFIX."subscription as c";
+		$sql .= " WHERE c.fk_adherent = ".$this->id;
+		$sql .= " ORDER BY c.dateadh";
 		dol_syslog(get_class($this)."::fetch_subscriptions", LOG_DEBUG);
 
-		$resql=$this->db->query($sql);
+		$resql = $this->db->query($sql);
 		if ($resql)
 		{
-			$this->subscriptions=array();
+			$this->subscriptions = array();
 
-			$i=0;
+			$i = 0;
 			while ($obj = $this->db->fetch_object($resql))
 			{
-				if ($i==0)
+				if ($i == 0)
 				{
-					$this->first_subscription_date=$this->db->jdate($obj->datec);
-					$this->first_subscription_date_start=$this->db->jdate($obj->dateh);
-					$this->first_subscription_date_end=$this->db->jdate($obj->datef);
-					$this->first_subscription_amount=$obj->subscription;
+					$this->first_subscription_date = $this->db->jdate($obj->datec);
+					$this->first_subscription_date_start = $this->db->jdate($obj->dateh);
+					$this->first_subscription_date_end = $this->db->jdate($obj->datef);
+					$this->first_subscription_amount = $obj->subscription;
 				}
-				$this->last_subscription_date=$this->db->jdate($obj->datec);
-				$this->last_subscription_date_start=$this->db->jdate($obj->datef);
-				$this->last_subscription_date_end=$this->db->jdate($obj->datef);
-				$this->last_subscription_amount=$obj->subscription;
+				$this->last_subscription_date = $this->db->jdate($obj->datec);
+				$this->last_subscription_date_start = $this->db->jdate($obj->datef);
+				$this->last_subscription_date_end = $this->db->jdate($obj->datef);
+				$this->last_subscription_amount = $obj->subscription;
 
-				$subscription=new Subscription($this->db);
-				$subscription->id=$obj->rowid;
-				$subscription->fk_adherent=$obj->fk_adherent;
-				$subscription->amount=$obj->subscription;
-				$subscription->note=$obj->note;
-				$subscription->fk_bank=$obj->fk_bank;
-				$subscription->datem=$this->db->jdate($obj->datem);
-				$subscription->datec=$this->db->jdate($obj->datec);
-				$subscription->dateh=$this->db->jdate($obj->dateh);
-				$subscription->datef=$this->db->jdate($obj->datef);
+				$subscription = new Subscription($this->db);
+				$subscription->id = $obj->rowid;
+				$subscription->fk_adherent = $obj->fk_adherent;
+				$subscription->fk_type = $obj->fk_type;
+				$subscription->amount = $obj->subscription;
+				$subscription->note = $obj->note;
+				$subscription->fk_bank = $obj->fk_bank;
+				$subscription->datem = $this->db->jdate($obj->datem);
+				$subscription->datec = $this->db->jdate($obj->datec);
+				$subscription->dateh = $this->db->jdate($obj->dateh);
+				$subscription->datef = $this->db->jdate($obj->datef);
 
-				$this->subscriptions[]=$subscription;
+				$this->subscriptions[] = $subscription;
 
 				$i++;
 			}
@@ -1425,7 +1426,7 @@ class Adherent extends CommonObject
 		}
 		else
 		{
-			$this->error=$this->db->error().' sql='.$sql;
+			$this->error = $this->db->error().' sql='.$sql;
 			return -1;
 		}
 	}

htdocs/adherents/note.php

@@ -75,7 +75,7 @@ if ($id)
 
 	$linkback = '<a href="'.DOL_URL_ROOT.'/adherents/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
 
-	dol_banner_tab($object, 'rowid', $linkback);
+	dol_banner_tab($object, 'id', $linkback);
 
     print '<div class="fichecenter">';
 

htdocs/adherents/stats/index.php

@@ -145,6 +145,8 @@ print '<div class="fichecenter"><div class="fichethirdleft">';
 
 // Show filter box
 /*print '<form name="stats" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
+print '<input type="hidden" name="token" value="'.newToken().'">';
+
 print '<table class="border centpercent">';
 print '<tr class="liste_titre"><td class="liste_titre" colspan="2">'.$langs->trans("Filter").'</td></tr>';
 print '<tr><td>'.$langs->trans("Member").'</td><td>';

htdocs/adherents/subscription.php

@@ -229,7 +229,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
     // Payment informations
     $accountid = $_POST["accountid"];
     $operation = $_POST["operation"]; // Payment mode
-    $num_chq = $_POST["num_chq"];
+    $num_chq = GETPOST("num_chq", "alphanohtml");
     $emetteur_nom = $_POST["chqemetteur"];
     $emetteur_banque = $_POST["chqbank"];
     $option = $_POST["paymentsave"];

htdocs/adherents/subscription/list.php

@@ -388,46 +388,17 @@ print "</tr>\n";
 
 
 print '<tr class="liste_titre">';
-if (!empty($arrayfields['d.ref']['checked']))
-{
-	print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "c.rowid", $param, "", "", $sortfield, $sortorder);
-}
-if (!empty($arrayfields['d.fk_type']['checked']))
-{
-	print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "c.fk_type", $param, "", "", $sortfield, $sortorder);
-}
-if (!empty($arrayfields['d.lastname']['checked']))
-{
-	print_liste_field_titre("LastName", $_SERVER["PHP_SELF"], "d.lastname", $param, "", "", $sortfield, $sortorder);
-}
-if (!empty($arrayfields['d.firstname']['checked']))
-{
-	print_liste_field_titre("FirstName", $_SERVER["PHP_SELF"], "d.firstname", $param, "", "", $sortfield, $sortorder);
-}
-if (!empty($arrayfields['d.login']['checked']))
-{
-	print_liste_field_titre("Login", $_SERVER["PHP_SELF"], "d.login", $param, "", "", $sortfield, $sortorder);
-}
-if (!empty($arrayfields['t.libelle']['checked']))
-{
-	print_liste_field_titre("Label", $_SERVER["PHP_SELF"], "c.note", $param, "", '', $sortfield, $sortorder);
-}
-if (!empty($arrayfields['d.bank']['checked']))
-{
-	print_liste_field_titre("Account", $_SERVER["PHP_SELF"], "b.fk_account", $param, "", "", $sortfield, $sortorder);
-}
-if (!empty($arrayfields['c.dateadh']['checked']))
-{
-	print_liste_field_titre("DateStart", $_SERVER["PHP_SELF"], "c.dateadh", $param, "", '', $sortfield, $sortorder, 'center nowraponall ');
-}
-if (!empty($arrayfields['c.datef']['checked']))
-{
-	print_liste_field_titre("DateEnd", $_SERVER["PHP_SELF"], "c.datef", $param, "", '', $sortfield, $sortorder, 'center nowraponall ');
-}
-if (!empty($arrayfields['d.amount']['checked']))
-{
-	print_liste_field_titre("Amount", $_SERVER["PHP_SELF"], "c.subscription", $param, "", '', $sortfield, $sortorder, 'right ');
-}
+if (! empty($arrayfields['d.ref']['checked']))          print_liste_field_titre($arrayfields['d.ref']['label'], $_SERVER["PHP_SELF"], "c.rowid", $param, "", "", $sortfield, $sortorder);
+if (! empty($arrayfields['d.fk_type']['checked']))      print_liste_field_titre($arrayfields['d.fk_type']['label'], $_SERVER["PHP_SELF"], "c.fk_type", $param, "", "", $sortfield, $sortorder);
+if (! empty($arrayfields['d.lastname']['checked']))     print_liste_field_titre($arrayfields['d.lastname']['label'], $_SERVER["PHP_SELF"], "d.lastname", $param, "", "", $sortfield, $sortorder);
+if (! empty($arrayfields['d.firstname']['checked']))    print_liste_field_titre($arrayfields['d.firstname']['label'], $_SERVER["PHP_SELF"], "d.firstname", $param, "", "", $sortfield, $sortorder);
+if (! empty($arrayfields['d.login']['checked']))        print_liste_field_titre($arrayfields['d.login']['label'], $_SERVER["PHP_SELF"], "d.login", $param, "", "", $sortfield, $sortorder);
+if (! empty($arrayfields['t.libelle']['checked']))      print_liste_field_titre($arrayfields['t.libelle']['label'], $_SERVER["PHP_SELF"], "c.note", $param, "", '', $sortfield, $sortorder);
+if (! empty($arrayfields['d.bank']['checked']))         print_liste_field_titre($arrayfields['d.bank']['label'], $_SERVER["PHP_SELF"], "b.fk_account", $param, "", "", $sortfield, $sortorder);
+if (! empty($arrayfields['c.dateadh']['checked']))      print_liste_field_titre($arrayfields['c.dateadh']['label'], $_SERVER["PHP_SELF"], "c.dateadh", $param, "", '', $sortfield, $sortorder, 'center nowraponall ');
+if (! empty($arrayfields['c.datef']['checked']))        print_liste_field_titre($arrayfields['c.datef']['label'], $_SERVER["PHP_SELF"], "c.datef", $param, "", '', $sortfield, $sortorder, 'center nowraponall ');
+if (! empty($arrayfields['d.amount']['checked']))       print_liste_field_titre($arrayfields['d.amount']['label'], $_SERVER["PHP_SELF"], "c.subscription", $param, "", '', $sortfield, $sortorder, 'right ');
+
 // Extra fields
 include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php';
 

htdocs/admin/clicktodial.php

@@ -66,7 +66,7 @@ llxHeader('', $langs->trans("ClickToDialSetup"), $wikihelp);
 $linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
 print load_fiche_titre($langs->trans("ClickToDialSetup"), $linkback, 'title_setup');
 
-print $langs->trans("ClickToDialDesc")."<br>\n";
+print '<span class="opacitymedium">'.$langs->trans("ClickToDialDesc")."</span><br>\n";
 
 print '<br>';
 print '<form method="post" action="clicktodial.php">';

htdocs/admin/company.php

@@ -95,15 +95,15 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
     dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM", GETPOST("nom", 'nohtml'), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS", GETPOST("MAIN_INFO_SOCIETE_ADDRESS", 'nohtml'), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN", GETPOST("MAIN_INFO_SOCIETE_TOWN", 'nohtml'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("MAIN_INFO_SOCIETE_ZIP", 'alpha'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_REGION", GETPOST("region_code", 'alpha'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("MAIN_INFO_SOCIETE_ZIP", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_REGION", GETPOST("region_code", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_MONNAIE", GETPOST("currency", 'aZ09'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL", GETPOST("tel", 'alpha'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax", 'alpha'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail", 'alpha'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web", 'alpha'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL", GETPOST("tel", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note", 'none'), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode", 'alpha'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
 
 	$dirforimage = $conf->mycompany->dir_output.'/logos/';
 
@@ -408,7 +408,7 @@ print '<tr class="liste_titre"><th class="titlefield wordbreak">'.$langs->trans(
 
 // Name
 
-print '<tr class="oddeven"><td class="fieldrequired"><label for="name">'.$langs->trans("CompanyName").'</label></td><td>';
+print '<tr class="oddeven"><td class="fieldrequired wordbreak"><label for="name">'.$langs->trans("CompanyName").'</label></td><td>';
 print '<input name="nom" id="name" class="minwidth200" value="'. dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_NOM?$conf->global->MAIN_INFO_SOCIETE_NOM: GETPOST("nom", 'nohtml')) . '"'.(empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) ? '' : ' autofocus="autofocus"').'></td></tr>'."\n";
 
 // Addresse
@@ -477,36 +477,36 @@ if (!empty($conf->barcode->enabled)) {
 
 // Logo
 print '<tr class="oddeven"><td><label for="logo">'.$form->textwithpicto($langs->trans("Logo"), 'png, jpg').'</label></td><td>';
-print '<table width="100%" class="nobordernopadding"><tr class="nocellnopadd"><td valign="middle" class="nocellnopadd">';
+print '<div class="centpertent nobordernopadding valignmiddle "><div class="inline-block marginrightonly">';
 print '<input type="file" class="flat minwidth200" name="logo" id="logo" accept="image/*">';
-print '</td><td class="nocellnopadd right" valign="middle">';
+print '</div><div class="inline-block valignmiddle marginrightonly">';
 if (!empty($mysoc->logo_mini)) {
 	print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?action=removelogo">'.img_delete($langs->trans("Delete")).'</a>';
 	if (file_exists($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_mini)) {
-		print ' &nbsp; ';
+		print '</div><div class="inline-block valignmiddle">';
 		print '<img src="'.DOL_URL_ROOT.'/viewimage.php?modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_mini).'">';
 	}
 } else {
 	print '<img height="30" src="'.DOL_URL_ROOT.'/public/theme/common/nophoto.png">';
 }
-print '</td></tr></table>';
+print '</div>';
 print '</td></tr>';
 
 // Logo (squarred)
 print '<tr class="oddeven"><td><label for="logo_squarred">'.$form->textwithpicto($langs->trans("LogoSquarred"), 'png, jpg').'</label></td><td>';
-print '<table width="100%" class="nobordernopadding"><tr class="nocellnopadd"><td valign="middle" class="nocellnopadd">';
+print '<div class="centpertent nobordernopadding valignmiddle"><div class="inline-block marginrightonly">';
 print '<input type="file" class="flat minwidth200" name="logo_squarred" id="logo_squarred" accept="image/*">';
-print '</td><td class="nocellnopadd right" valign="middle">';
+print '</div><div class="inline-block valignmiddle marginrightonly">';
 if (!empty($mysoc->logo_squarred_mini)) {
 	print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?action=removelogosquarred">'.img_delete($langs->trans("Delete")).'</a>';
 	if (file_exists($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_squarred_mini)) {
-		print ' &nbsp; ';
+		print '</div><div class="inline-block valignmiddle marginrightonly">';
 		print '<img src="'.DOL_URL_ROOT.'/viewimage.php?modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_squarred_mini).'">';
 	}
 } else {
 	print '<img height="30" src="'.DOL_URL_ROOT.'/public/theme/common/nophoto.png">';
 }
-print '</td></tr></table>';
+print '</div>';
 print '</td></tr>';
 
 // Note

htdocs/admin/const.php

@@ -40,7 +40,7 @@ $update=GETPOST('update', 'alpha');
 $delete=GETPOST('delete', 'none');	// Do not use alpha here
 $debug=GETPOST('debug', 'int');
 $consts=GETPOST('const', 'array');
-$constname=GETPOST('constname', 'alpha');
+$constname=GETPOST('constname', 'alphanohtml');
 $constvalue=GETPOST('constvalue', 'none');	// We shoul dbe able to send everything here
 $constnote=GETPOST('constnote', 'alpha');
 

htdocs/admin/defaultvalues.php

@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2017-2018	Laurent Destailleur	<eldy@users.sourceforge.net>
+/* Copyright (C) 2017-2020	Laurent Destailleur	<eldy@users.sourceforge.net>
  * Copyright (C) 2017-2018	Regis Houssin		<regis.houssin@inodbox.com>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -52,15 +52,15 @@ $pagenext = $page + 1;
 if (!$sortfield) $sortfield = 'page,param';
 if (!$sortorder) $sortorder = 'ASC';
 
-$defaulturl = GETPOST('defaulturl');
-$defaultkey = GETPOST('defaultkey', 'alpha');
-$defaultvalue = GETPOST('defaultvalue');
+$defaulturl = GETPOST('defaulturl', 'alphanohtml');
+$defaultkey = GETPOST('defaultkey', 'alphanohtml');
+$defaultvalue = GETPOST('defaultvalue', 'none');
 
 $defaulturl = preg_replace('/^\//', '', $defaulturl);
 
-$urlpage = GETPOST('urlpage');
-$key = GETPOST('key');
-$value = GETPOST('value');
+$urlpage = GETPOST('urlpage', 'alphanohtml');
+$key = GETPOST('key', 'alphanohtml');
+$value = GETPOST('value', 'none');
 
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('admindefaultvalues', 'globaladmin'));
@@ -210,9 +210,9 @@ print load_fiche_titre($langs->trans("DefaultValues"), $enabledisablehtml, 'titl
 print '<span class="opacitymedium">'.$langs->trans("DefaultValuesDesc")."</span><br>\n";
 print "<br>\n";
 
-if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.$contextpage;
-if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.$limit;
-if ($optioncss != '')  $param .= '&optioncss='.$optioncss;
+if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.urlencode($contextpage);
+if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.urlencode($limit);
+if ($optioncss != '')  $param .= '&optioncss='.urlencode($optioncss);
 if ($defaulturl)        $param .= '&defaulturl='.urlencode($defaulturl);
 if ($defaultkey)        $param .= '&defaultkey='.urlencode($defaultkey);
 if ($defaultvalue)      $param .= '&defaultvalue='.urlencode($defaultvalue);
@@ -359,7 +359,7 @@ if ($result)
 
 		// Page
 		print '<td>';
-		if ($action != 'edit' || GETPOST('rowid') != $obj->rowid) print $obj->page;
+		if ($action != 'edit' || GETPOST('rowid', 'int') != $obj->rowid) print $obj->page;
 		else print '<input type="text" name="urlpage" value="'.dol_escape_htmltag($obj->page).'">';
 		print '</td>'."\n";
 
@@ -378,7 +378,7 @@ if ($result)
     		print '<input type="hidden" name="const['.$i.'][name]" value="'.$obj->transkey.'">';
     		print '<input type="text" id="value_'.$i.'" class="flat inputforupdate" size="30" name="const['.$i.'][value]" value="'.dol_escape_htmltag($obj->transvalue).'">';
     		*/
-    		if ($action != 'edit' || GETPOST('rowid') != $obj->rowid) print $obj->value;
+    		if ($action != 'edit' || GETPOST('rowid') != $obj->rowid) print dol_escape_htmltag($obj->value);
     		else print '<input type="text" name="value" value="'.dol_escape_htmltag($obj->value).'">';
     		print '</td>';
 		}

htdocs/admin/dict.php

@@ -58,6 +58,7 @@ if ($id == 10 && !empty($user->rights->accounting->chartofaccount)) $allowed = 1
 if ($id == 17 && !empty($user->rights->accounting->chartofaccount)) $allowed = 1; // Dictionary with type of expense report and accounting account allowed to manager of chart account
 if (!$allowed) accessforbidden();
 
+$acts =array(); $actl =array();
 $acts[0] = "activate";
 $acts[1] = "disable";
 $actl[0] = img_picto($langs->trans("Disabled"), 'switch_off');
@@ -76,7 +77,7 @@ $pageprev = $page - 1;
 $pagenext = $page + 1;
 
 $search_country_id = GETPOST('search_country_id', 'int');
-if ($search_country_id == '' && ($id == 2 || $id == 3 || $id == 10))	// Not a so good idea to force on current country for all dictionaries. Some tables have entries that are for all countries, we must be able to see them, so this is done for dedicated dictionaries only.
+if (! GETPOSTISSET('search_country_id') && $search_country_id == '' && ($id == 2 || $id == 3 || $id == 10))	// Not a so good idea to force on current country for all dictionaries. Some tables have entries that are for all countries, we must be able to see them, so this is done for dedicated dictionaries only.
 {
 	$search_country_id = $mysoc->country_id;
 }
@@ -178,7 +179,7 @@ $tablib[38] = "DictionarySocialNetworks";
 $tabsql = array();
 $tabsql[1] = "SELECT f.rowid as rowid, f.code, f.libelle, c.code as country_code, c.label as country, f.active FROM ".MAIN_DB_PREFIX."c_forme_juridique as f, ".MAIN_DB_PREFIX."c_country as c WHERE f.fk_pays=c.rowid";
 $tabsql[2] = "SELECT d.rowid as rowid, d.code_departement as code, d.nom as libelle, d.fk_region as region_id, r.nom as region, c.code as country_code, c.label as country, d.active FROM ".MAIN_DB_PREFIX."c_departements as d, ".MAIN_DB_PREFIX."c_regions as r, ".MAIN_DB_PREFIX."c_country as c WHERE d.fk_region=r.code_region and r.fk_pays=c.rowid and r.active=1 and c.active=1";
-$tabsql[3] = "SELECT r.rowid as rowid, r.code_region as code, r.nom as libelle, r.fk_pays as country_id, c.code as country_code, c.label as country, r.active FROM ".MAIN_DB_PREFIX."c_regions as r, ".MAIN_DB_PREFIX."c_country as c WHERE r.fk_pays=c.rowid and c.active=1";
+$tabsql[3] = "SELECT r.rowid as rowid, r.code_region as state_code, r.nom as libelle, r.fk_pays as country_id, c.code as country_code, c.label as country, r.active FROM ".MAIN_DB_PREFIX."c_regions as r, ".MAIN_DB_PREFIX."c_country as c WHERE r.fk_pays=c.rowid and c.active=1";
 $tabsql[4] = "SELECT c.rowid as rowid, c.code, c.label, c.active, c.favorite FROM ".MAIN_DB_PREFIX."c_country AS c";
 $tabsql[5] = "SELECT c.rowid as rowid, c.code as code, c.label, c.active FROM ".MAIN_DB_PREFIX."c_civility AS c";
 $tabsql[6] = "SELECT a.id    as rowid, a.code as code, a.libelle AS libelle, a.type, a.active, a.module, a.color, a.position FROM ".MAIN_DB_PREFIX."c_actioncomm AS a";
@@ -752,19 +753,33 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
         $i = 0;
         foreach ($listfieldinsert as $f => $value)
         {
+        	$keycode = $listfieldvalue[$i];
+        	if (empty($keycode)) $keycode = $value;
+
             if ($value == 'price' || preg_match('/^amount/i', $value) || $value == 'taux') {
-            	$_POST[$listfieldvalue[$i]] = price2num($_POST[$listfieldvalue[$i]], 'MU');
+            	$_POST[$keycode] = price2num($_POST[$keycode], 'MU');
             }
             elseif ($value == 'entity') {
-            	$_POST[$listfieldvalue[$i]] = getEntity($tabname[$id]);
+            	$_POST[$keycode] = getEntity($tabname[$id]);
             }
+
             if ($i) $sql .= ",";
-            if ($listfieldvalue[$i] == 'sortorder')		// For column name 'sortorder', we use the field name 'position'
+
+            if ($keycode == 'sortorder')		// For column name 'sortorder', we use the field name 'position'
             {
-            	$sql .= "'".(int) $db->escape($_POST['position'])."'";
+            	$sql .= "'".(int) GETPOST('position', 'int')."'";
             }
-            elseif ($_POST[$listfieldvalue[$i]] == '' && !($listfieldvalue[$i] == 'code' && $id == 10)) $sql .= "null"; // For vat, we want/accept code = ''
-            else $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
+            elseif ($_POST[$keycode] == '' && !($keycode == 'code' && $id == 10)) $sql .= "null"; // For vat, we want/accept code = ''
+            elseif ($keycode == 'content') {
+            	$sql .= "'".$db->escape(GETPOST($keycode, 'restricthtml'))."'";
+            }
+            elseif (in_array($keycode, array('joinfile', 'private', 'position', 'scale'))) {
+            	$sql .= (int) GETPOST($keycode, 'int');
+            }
+            else {
+            	$sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'";
+            }
+
             $i++;
         }
         $sql .= ",1)";
@@ -804,23 +819,36 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
         $i = 0;
         foreach ($listfieldmodify as $field)
         {
+        	$keycode = $listfieldvalue[$i];
+        	if (empty($keycode)) $keycode = $field;
+
             if ($field == 'price' || preg_match('/^amount/i', $field) || $field == 'taux') {
-            	$_POST[$listfieldvalue[$i]] = price2num($_POST[$listfieldvalue[$i]], 'MU');
+            	$_POST[$keycode] = price2num($_POST[$keycode], 'MU');
             }
             elseif ($field == 'entity') {
-            	$_POST[$listfieldvalue[$i]] = getEntity($tabname[$id]);
+            	$_POST[$keycode] = getEntity($tabname[$id]);
             }
+
             if ($i) $sql .= ",";
             $sql .= $field."=";
             if ($listfieldvalue[$i] == 'sortorder')		// For column name 'sortorder', we use the field name 'position'
             {
-            	$sql .= "'".(int) $db->escape($_POST['position'])."'";
+            	$sql .= (int) GETPOST('position', 'int');
             }
-            elseif ($_POST[$listfieldvalue[$i]] == '' && !($listfieldvalue[$i] == 'code' && $id == 10)) $sql .= "null"; // For vat, we want/accept code = ''
-            else $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
+            elseif ($_POST[$keycode] == '' && !($keycode == 'code' && $id == 10)) $sql .= "null"; // For vat, we want/accept code = ''
+            elseif ($keycode == 'content') {
+            	$sql .= "'".$db->escape(GETPOST($keycode, 'restricthtml'))."'";
+            }
+            elseif (in_array($keycode, array('private', 'position', 'scale'))) {
+            	$sql .= (int) GETPOST($keycode, 'int');
+            }
+            else {
+            	$sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'";
+            }
+
             $i++;
         }
-        $sql .= " WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
+        $sql .= " WHERE ".$rowidcol." = ".(int) $db->escape($rowid);
         if (in_array('entity', $listfieldmodify)) $sql .= " AND entity = '".getEntity($tabname[$id])."'";
 
         dol_syslog("actionmodify", LOG_DEBUG);
@@ -1011,6 +1039,7 @@ if ($id)
     if ($search_code != '' && $id == 9)     $sql .= natural_search("code_iso", $search_code);
     elseif ($search_code != '' && $id == 28)    $sql .= natural_search("h.code", $search_code);
     elseif ($search_code != '' && $id == 32)    $sql .= natural_search("a.code", $search_code);
+    elseif ($search_code != '' && $id == 3)     $sql .= natural_search("r.code_region", $search_code);
     elseif ($search_code != '' && $id != 9)     $sql .= natural_search("code", $search_code);
 
     if ($sortfield)
@@ -1146,7 +1175,7 @@ if ($id)
 			if ($fieldlist[$field] == 'revenuestamp_type') { $valuetoshow = $langs->trans('TypeOfRevenueStamp'); }
 			if ($fieldlist[$field] == 'use_default') { $valuetoshow = $langs->trans('Default'); }
 
-            if ($id == 2)	// Special cas for state page
+            if ($id == 2)	// Special case for state page
             {
                 if ($fieldlist[$field] == 'region_id') { $valuetoshow = ' '; $showfield = 1; }
                 if ($fieldlist[$field] == 'region') { $valuetoshow = $langs->trans("Country").'/'.$langs->trans("Region"); $showfield = 1; }
@@ -1228,6 +1257,7 @@ if ($id)
 
     // List of available record in database
     dol_syslog("htdocs/admin/dict", LOG_DEBUG);
+
     $resql = $db->query($sql);
     if ($resql)
     {
@@ -1620,7 +1650,9 @@ if ($id)
 								$key = $langs->trans($obj->label);
 								$valuetoshow = ($obj->label && $key != strtoupper($obj->label) ? $key : $obj->{$fieldlist[$field]});
 							}
-
+							elseif ($fieldlist[$field] == 'code' && $id == 3) {
+								$valuetoshow = $obj->state_code;
+							}
                             $class .= ($class ? ' ' : '').'tddict';
                             if ($fieldlist[$field] == 'note' && $id == 10) $class .= ' tdoverflowmax200';
                             if ($fieldlist[$field] == 'tracking') $class .= ' tdoverflowauto';

htdocs/admin/ihm.php

@@ -58,6 +58,13 @@ if (GETPOST('cancel', 'alpha'))
 	$action='';
 }
 
+// Convert action set_XXX and del_XXX to set var (this is used when no javascript on for ajax_constantonoff)
+$regs = array();
+if (preg_match('/^(set|del)_([A-Z_]+)$/', $action, $regs)) {
+	if ($regs[1] == 'set') dolibarr_set_const($db, $regs[2], 1, 'chaine', 0, '', $conf->entity);
+	else dolibarr_del_const($db, $regs[2], $conf->entity);
+}
+
 if ($action == 'removebackgroundlogin' && ! empty($conf->global->MAIN_LOGIN_BACKGROUND))
 {
 	dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", (int) $conf->global->MAIN_IHM_PARAMS_REV+1, 'chaine', 0, '', $conf->entity);
@@ -81,15 +88,15 @@ if ($action == 'removebackgroundlogin' && ! empty($conf->global->MAIN_LOGIN_BACK
 
 if ($action == 'update')
 {
-	dolibarr_set_const($db, "MAIN_LANG_DEFAULT", $_POST["MAIN_LANG_DEFAULT"], 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_LANG_DEFAULT", GETPOST("MAIN_LANG_DEFAULT", 'aZ09'), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", (int) $conf->global->MAIN_IHM_PARAMS_REV+1, 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_MULTILANGS", $_POST["MAIN_MULTILANGS"], 'chaine', 0, '', $conf->entity);
+	//dolibarr_set_const($db, "MAIN_MULTILANGS", $_POST["MAIN_MULTILANGS"], 'chaine', 0, '', $conf->entity);
 
-	dolibarr_set_const($db, "MAIN_THEME", $_POST["main_theme"], 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_THEME", GETPOST("main_theme", 'aZ09'), 'chaine', 0, '', $conf->entity);
 
-	$val=GETPOST('THEME_TOPMENU_DISABLE_IMAGE');
+	/*$val=GETPOST('THEME_TOPMENU_DISABLE_IMAGE');
 	if (! $val) dolibarr_del_const($db, 'THEME_TOPMENU_DISABLE_IMAGE', $conf->entity);
-	else dolibarr_set_const($db, 'THEME_TOPMENU_DISABLE_IMAGE', GETPOST('THEME_TOPMENU_DISABLE_IMAGE'), 'chaine', 0, '', $conf->entity);
+	else dolibarr_set_const($db, 'THEME_TOPMENU_DISABLE_IMAGE', GETPOST('THEME_TOPMENU_DISABLE_IMAGE'), 'chaine', 0, '', $conf->entity);*/
 
 	$val=(implode(',', (colorStringToArray(GETPOST('THEME_ELDY_BACKBODY'), array()))));
 	if ($val == '') dolibarr_del_const($db, 'THEME_ELDY_BACKBODY', $conf->entity);
@@ -141,25 +148,27 @@ if ($action == 'update')
 	if ($val == '') dolibarr_del_const($db, 'THEME_ELDY_USE_CHECKED', $conf->entity);
 	else dolibarr_set_const($db, "THEME_ELDY_USE_CHECKED", $val, 'chaine', 0, '', $conf->entity);
 
-	dolibarr_set_const($db, "MAIN_SIZE_LISTE_LIMIT", $_POST["main_size_liste_limit"], 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_SIZE_SHORTLIST_LIMIT", $_POST["main_size_shortliste_limit"], 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_DISABLE_JAVASCRIPT", $_POST["MAIN_DISABLE_JAVASCRIPT"], 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_BUTTON_HIDE_UNAUTHORIZED", $_POST["MAIN_BUTTON_HIDE_UNAUTHORIZED"], 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_START_WEEK", $_POST["MAIN_START_WEEK"], 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_DEFAULT_WORKING_DAYS", $_POST["MAIN_DEFAULT_WORKING_DAYS"], 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_DEFAULT_WORKING_HOURS", $_POST["MAIN_DEFAULT_WORKING_HOURS"], 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_SHOW_LOGO", $_POST["MAIN_SHOW_LOGO"], 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_FIRSTNAME_NAME_POSITION", $_POST["MAIN_FIRSTNAME_NAME_POSITION"], 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_SIZE_LISTE_LIMIT", GETPOST("main_size_liste_limit", 'int'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_SIZE_SHORTLIST_LIMIT", GETPOST("main_size_shortliste_limit", 'int'), 'chaine', 0, '', $conf->entity);
 
-	dolibarr_set_const($db, "MAIN_HELPCENTER_DISABLELINK", $_POST["MAIN_HELPCENTER_DISABLELINK"], 'chaine', 0, '', 0);	// Param for all entities
-	dolibarr_set_const($db, "MAIN_MOTD", dol_htmlcleanlastbr($_POST["main_motd"]), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_HOME", dol_htmlcleanlastbr($_POST["main_home"]), 'chaine', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_HELP_DISABLELINK", $_POST["MAIN_HELP_DISABLELINK"], 'chaine', 0, '', 0);	    // Param for all entities
-	dolibarr_set_const($db, "MAIN_BUGTRACK_ENABLELINK", $_POST["MAIN_BUGTRACK_ENABLELINK"], 'chaine', 0, '', $conf->entity);
+	//dolibarr_set_const($db, "MAIN_DISABLE_JAVASCRIPT", GETPOST("MAIN_DISABLE_JAVASCRIPT", 'aZ09'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_BUTTON_HIDE_UNAUTHORIZED", GETPOST("MAIN_BUTTON_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_START_WEEK", GETPOST("MAIN_START_WEEK", 'int'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_DEFAULT_WORKING_DAYS", GETPOST("MAIN_DEFAULT_WORKING_DAYS", 'int'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_DEFAULT_WORKING_HOURS", GETPOST("MAIN_DEFAULT_WORKING_HOURS", 'int'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_SHOW_LOGO", GETPOST("MAIN_SHOW_LOGO", 'aZ09'), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_FIRSTNAME_NAME_POSITION", GETPOST("MAIN_FIRSTNAME_NAME_POSITION", 'aZ09'), 'chaine', 0, '', $conf->entity);
+
+	dolibarr_set_const($db, "MAIN_HELPCENTER_DISABLELINK", GETPOST('MAIN_HELPCENTER_DISABLELINK', 'aZ09'), 'chaine', 0, '', 0);	// Param for all entities
+	dolibarr_set_const($db, "MAIN_MOTD", dol_htmlcleanlastbr(GETPOST("main_motd", 'none')), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_HOME", dol_htmlcleanlastbr(GETPOST("main_home", 'none')), 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_HELP_DISABLELINK", GETPOST("MAIN_HELP_DISABLELINK", 'aZ09'), 'chaine', 0, '', 0);	    // Param for all entities
+	dolibarr_set_const($db, "MAIN_BUGTRACK_ENABLELINK", GETPOST('MAIN_BUGTRACK_ENABLELINK', 'aZ09'), 'chaine', 0, '', $conf->entity);
 
 	$varforimage='imagebackground'; $dirforimage=$conf->mycompany->dir_output.'/logos/';
 	if ($_FILES[$varforimage]["tmp_name"])
 	{
+		$reg = array();
 		if (preg_match('/([^\\/:]+)$/i', $_FILES[$varforimage]["name"], $reg))
 		{
 			$original_file=$reg[1];
@@ -247,7 +256,7 @@ print '</tr>';
 
 // Multilingual GUI
 print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("EnableMultilangInterface").'</td><td>';
-print $form->selectyesno('MAIN_MULTILANGS', $conf->global->MAIN_MULTILANGS, 1);
+print ajax_constantonoff("MAIN_MULTILANGS");
 print '</td>';
 print '<td width="20">&nbsp;</td>';
 print '</tr>';
@@ -266,7 +275,7 @@ print '</tr>';
 
 // Disable javascript and ajax
 print '<tr class="oddeven"><td>'.$langs->trans("DisableJavascript").'</td><td>';
-print $form->selectyesno('MAIN_DISABLE_JAVASCRIPT', isset($conf->global->MAIN_DISABLE_JAVASCRIPT)?$conf->global->MAIN_DISABLE_JAVASCRIPT:0, 1);
+print ajax_constantonoff("MAIN_DISABLE_JAVASCRIPT");
 print '</td>';
 print '<td width="20">&nbsp;</td>';
 print '</tr>';

htdocs/admin/mails.php

@@ -134,9 +134,8 @@ $head = email_admin_prepare_head();
 // List of sending methods
 $listofmethods = array();
 $listofmethods['mail'] = 'PHP mail function';
-//$listofmethods['simplemail']='Simplemail class';
 $listofmethods['smtps'] = 'SMTP/SMTPS socket library';
-$listofmethods['swiftmailer'] = 'Swift Mailer socket library';
+if (version_compare(phpversion(), '7.0', '>=')) $listofmethods['swiftmailer'] = 'Swift Mailer socket library';
 
 
 if ($action == 'edit')

htdocs/admin/mails_templates.php

@@ -58,6 +58,8 @@ $search_topic = GETPOST('search_topic', 'alpha');
 
 if (!empty($user->socid)) accessforbidden();
 
+$acts = array();
+$actl = array();
 $acts[0] = "activate";
 $acts[1] = "disable";
 $actl[0] = img_picto($langs->trans("Disabled"), 'switch_off');
@@ -261,28 +263,39 @@ if (empty($reshook))
             $i = 0;
             foreach ($listfieldinsert as $f => $value)
             {
-            	//var_dump($i.' - '.$listfieldvalue[$i].' - '.$_POST[$listfieldvalue[$i]].' - '.$value);
             	$keycode = $listfieldvalue[$i];
-            	if ($value == 'label') $_POST[$keycode] = dol_escape_htmltag($_POST[$keycode]);
             	if ($value == 'lang') $keycode = 'langcode';
+            	if (empty($keycode)) $keycode = $value;
+
                 if ($value == 'entity') $_POST[$keycode] = $conf->entity;
-                if ($i) $sql .= ",";
                 if ($value == 'fk_user' && !($_POST[$keycode] > 0)) $_POST[$keycode] = '';
                 if ($value == 'private' && !is_numeric($_POST[$keycode])) $_POST[$keycode] = '0';
                 if ($value == 'position' && !is_numeric($_POST[$keycode])) $_POST[$keycode] = '1';
-                if ($_POST[$keycode] == '' && $keycode != 'langcode')      $sql .= "null"; // lang must be '' if not defined so the unique key that include lang will work
-                elseif ($_POST[$keycode] == '0' && $keycode == 'langcode') $sql .= "''"; // lang must be '' if not defined so the unique key that include lang will work
-                else $sql .= "'".$db->escape($_POST[$keycode])."'";
+                //var_dump($keycode.' '.$value);
+
+                if ($i) $sql .= ", ";
+                if (GETPOST($keycode) == '' && $keycode != 'langcode')      $sql .= "null"; // langcode must be '' if not defined so the unique key that include lang will work
+                elseif (GETPOST($keycode) == '0' && $keycode == 'langcode') $sql .= "''"; // langcode must be '' if not defined so the unique key that include lang will work
+                elseif ($keycode == 'content') {
+                	$sql .= "'".$db->escape(GETPOST($keycode, 'restricthtml'))."'";
+                }
+                elseif (in_array($keycode, array('joinfile', 'private', 'position', 'scale'))) {
+                	$sql .= (int) GETPOST($keycode, 'int');
+                }
+                else {
+                	$sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'";
+                }
+
                 $i++;
             }
-            $sql .= ",1)";
+            $sql .= ", 1)";
 
             dol_syslog("actionadd", LOG_DEBUG);
             $result = $db->query($sql);
             if ($result)	// Add is ok
             {
                 setEventMessages($langs->transnoentities("RecordSaved"), null, 'mesgs');
-            	$_POST = array('id'=>$id); // Clean $_POST array, we keep only
+            	$_POST = array('id'=>$id); // Clean $_POST array, we keep only id
             }
             else
             {
@@ -308,6 +321,7 @@ if (empty($reshook))
             {
             	$keycode = $listfieldvalue[$i];
             	if ($field == 'lang') $keycode = 'langcode';
+            	if (empty($keycode)) $keycode = $field;
 
                 if ($field == 'fk_user' && !($_POST['fk_user'] > 0)) $_POST['fk_user'] = '';
             	if ($field == 'topic') $_POST['topic'] = $_POST['topic-'.$rowid];
@@ -315,15 +329,22 @@ if (empty($reshook))
             	if ($field == 'content') $_POST['content'] = $_POST['content-'.$rowid];
             	if ($field == 'content_lines') $_POST['content_lines'] = $_POST['content_lines-'.$rowid];
                 if ($field == 'entity') $_POST[$keycode] = $conf->entity;
-                if ($i) $sql .= ",";
+
+                if ($i) $sql .= ", ";
                 $sql .= $field."=";
 
-                //print $keycode.' - '.$_POST[$keycode].'<br>';
-                if ($_POST[$keycode] == '' || ($keycode != 'langcode' && $keycode != 'position' && $keycode != 'private' && empty($_POST[$keycode]))) $sql .= "null"; // lang must be '' if not defined so the unique key that include lang will work
-                elseif ($_POST[$keycode] == '0' && $keycode == 'langcode') $sql .= "''"; // lang must be '' if not defined so the unique key that include lang will work
-                elseif ($keycode == 'private') $sql .= ((int) $_POST[$keycode]); // private must be 0 or 1
-                elseif ($keycode == 'position')	$sql .= ((int) $_POST[$keycode]);
-                else $sql .= "'".$db->escape($_POST[$keycode])."'";
+                if (GETPOST($keycode) == '' || ($keycode != 'langcode' && $keycode != 'position' && $keycode != 'private' && ! GETPOST($keycode))) $sql .= "null"; // langcode,... must be '' if not defined so the unique key that include lang will work
+                elseif (GETPOST($keycode) == '0' && $keycode == 'langcode') $sql .= "''"; // langcode must be '' if not defined so the unique key that include lang will work
+                elseif ($keycode == 'content') {
+                	$sql .= "'".$db->escape(GETPOST($keycode, 'restricthtml'))."'";
+                }
+                elseif (in_array($keycode, array('joinfile', 'private', 'position', 'scale'))) {
+                	$sql .= (int) GETPOST($keycode, 'int');
+                }
+                else {
+                	$sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'";
+                }
+
                 $i++;
             }
             $sql .= " WHERE ".$rowidcol." = '".$rowid."'";

htdocs/admin/modules.php

@@ -930,7 +930,7 @@ if ($mode == 'marketplace')
 
 	    ?>
 	            <form method="POST" class="centpercent" id="searchFormList" action="<?php echo $dolistore->url ?>">
-					<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken'] ?>">
+					<input type="hidden" name="token" value="<?php echo newToken(); ?>">
 	            	<input type="hidden" name="mode" value="marketplace">
 	                <div class="divsearchfield"><?php echo $langs->trans('Keyword') ?>:
 	                    <input name="search_keyword" placeholder="<?php echo $langs->trans('Chercher un module') ?>" id="search_keyword" type="text" size="50" value="<?php echo $options['search'] ?>"><br>

htdocs/admin/supplier_order.php

@@ -54,6 +54,8 @@ $specimenthirdparty->initAsSpecimen();
  * Actions
  */
 
+include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php';
+
 if ($action == 'updateMask')
 {
     $maskconstorder = GETPOST('maskconstorder', 'alpha');

htdocs/admin/system/browser.php

@@ -49,12 +49,15 @@ $tmp=getBrowserInfo($_SERVER["HTTP_USER_AGENT"]);
 print '<div class="div-table-responsive-no-min">';
 print '<table class="noborder centpercent">';
 print '<tr class="liste_titre"><td>'.$langs->trans("Parameter").'</td><td colspan="2">'.$langs->trans("Value").'</td></tr>'."\n";
-print '<tr class="oddeven"><td width="300">'.$langs->trans("UserAgent").'</td><td colspan="2">'.$_SERVER['HTTP_USER_AGENT'].'</td></tr>'."\n";
+print '<tr class="oddeven"><td width="300">'.$langs->trans("UserAgent").'</td><td colspan="2">'.dol_escape_htmltag($_SERVER['HTTP_USER_AGENT']).'</td></tr>'."\n";
 print '<tr class="oddeven"><td width="300">'.$langs->trans("BrowserName").'</td><td colspan="2">'.$tmp['browsername'].'</td></tr>'."\n";
 print '<tr class="oddeven"><td width="300">'.$langs->trans("BrowserOS").'</td><td colspan="2">'.$tmp['browseros'].'</td></tr>'."\n";
 print '<tr class="oddeven"><td width="300">'.$langs->trans("Version").'</td><td colspan="2">'.$tmp['browserversion'].'</td></tr>'."\n";
 print '<tr class="oddeven"><td width="300">'.$langs->trans("Layout").' (phone/tablet/classic)</td><td colspan="2">'.$tmp['layout'].'</td></tr>'."\n";
-print '<tr class="oddeven"><td width="300">'.$langs->trans("IPAddress").'</td><td colspan="2">'.$_SERVER['REMOTE_ADDR'].'</td></tr>'."\n";
+print '<tr class="oddeven"><td width="300">'.$langs->trans("IPAddress").'</td><td colspan="2">'.dol_escape_htmltag($_SERVER['REMOTE_ADDR']);
+if (! empty($_SERVER['HTTP_CLIENT_IP'])) print ' (HTTP_CLIENT_IP='.dol_escape_htmltag($_SERVER['HTTP_CLIENT_IP']).')';
+if (! empty($_SERVER['HTTP_X_FORWARDED_FOR'])) print ' (HTTP_X_FORWARDED_FOR='.dol_escape_htmltag($_SERVER['HTTP_X_FORWARDED_FOR']).')';
+print '</td></tr>'."\n";
 print '<tr class="oddeven"><td width="300">'.$langs->trans("SessionName").'</td><td colspan="2">'.session_name().'</td></tr>'."\n";
 print '<tr class="oddeven"><td width="300">'.$langs->trans("SessionId").'</td><td colspan="2">'.session_id().'</td></tr>'."\n";
 

htdocs/admin/ticket.php

@@ -197,6 +197,7 @@ dol_fiche_end();
 
 print load_fiche_titre($langs->trans("TicketNumberingModules"));
 
+print '<div class="div-table-responsive-no-min">';
 print '<table class="noborder centpercent">';
 print '<tr class="liste_titre">';
 print '<td width="100">'.$langs->trans("Name").'</td>';
@@ -287,7 +288,9 @@ foreach ($dirmodels as $reldir) {
     }
 }
 
-print '</table><br>';
+print '</table>';
+print '</div>';
+print '<br>';
 
 if (!$conf->use_javascript_ajax) {
     print '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data" >';

htdocs/admin/ticket_public.php

@@ -167,7 +167,7 @@ $head = ticketAdminPrepareHead();
 
 dol_fiche_head($head, 'public', $langs->trans("Module56000Name"), -1, "ticket");
 
-print '<span class="opacitymedium">'.$langs->trans("TicketPublicAccess").'</span> : <a href="'.dol_buildpath('/public/ticket/index.php', 1).'" target="_blank" >'.dol_buildpath('/public/ticket/index.php', 2).'</a>';
+print '<span class="opacitymedium">'.$langs->trans("TicketPublicAccess").'</span> : <a class="wordbreak" href="'.dol_buildpath('/public/ticket/index.php', 1).'" target="_blank" >'.dol_buildpath('/public/ticket/index.php', 2).'</a>';
 
 dol_fiche_end();
 
@@ -176,14 +176,14 @@ $enabledisablehtml = $langs->trans("TicketsActivatePublicInterface").' ';
 if (empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE))
 {
     // Button off, click to enable
-    $enabledisablehtml .= '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?action=setTICKET_ENABLE_PUBLIC_INTERFACE&value=1'.$param.'">';
+    $enabledisablehtml .= '<a class="reposition valignmiddle" href="'.$_SERVER["PHP_SELF"].'?action=setTICKET_ENABLE_PUBLIC_INTERFACE&value=1'.$param.'">';
     $enabledisablehtml .= img_picto($langs->trans("Disabled"), 'switch_off');
     $enabledisablehtml .= '</a>';
 }
 else
 {
     // Button on, click to disable
-    $enabledisablehtml .= '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?action=setTICKET_ENABLE_PUBLIC_INTERFACE&value=0'.$param.'">';
+    $enabledisablehtml .= '<a class="reposition valignmiddle" href="'.$_SERVER["PHP_SELF"].'?action=setTICKET_ENABLE_PUBLIC_INTERFACE&value=0'.$param.'">';
     $enabledisablehtml .= img_picto($langs->trans("Activated"), 'switch_on');
     $enabledisablehtml .= '</a>';
 }
@@ -200,6 +200,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE))
         print '<input type="hidden" name="action" value="setvarother">';
     }
 
+    print '<div class="div-table-responsive-no-min">';
     print '<table class="noborder centpercent">';
     print '<tr class="liste_titre"><td>'.$langs->trans("Parameters").'</td>';
     print '<td class="left">';
@@ -279,7 +280,9 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE))
         print '</tr>';
     }
 
-    print '</table><br>';
+    print '</table>';
+    print '</div>';
+    print '<br>';
 
     if (!$conf->use_javascript_ajax) {
         print '</form>';
@@ -288,6 +291,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE))
     // Admin var of module
     print load_fiche_titre($langs->trans("TicketParamMail"));
 
+    print '<div class="div-table-responsive-no-min">';
     print '<table class="noborder centpercent">';
 
     print '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data" >';
@@ -369,13 +373,14 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE))
     $url_interface = $conf->global->TICKET_URL_PUBLIC_INTERFACE;
     print '<tr><td>'.$langs->trans("TicketUrlPublicInterfaceLabelAdmin").'</label>';
     print '</td><td>';
-    print '<input type="text" name="TICKET_URL_PUBLIC_INTERFACE" value="'.$conf->global->TICKET_URL_PUBLIC_INTERFACE.'" size="40" ></td>';
+    print '<input type="text" class="minwidth500" name="TICKET_URL_PUBLIC_INTERFACE" value="'.$conf->global->TICKET_URL_PUBLIC_INTERFACE.'"></td>';
     print '</td>';
     print '<td class="center">';
     print $form->textwithpicto('', $langs->trans("TicketUrlPublicInterfaceHelpAdmin"), 1, 'help');
     print '</td></tr>';
 
     print '</table>';
+	print '</div>';
 
     print '<div class="center"><input type="submit" class="button" value="'.$langs->trans("Save").'"></div>';
 

htdocs/admin/tools/export_files.php

@@ -173,9 +173,6 @@ if ($errormsg)
 	setEventMessages($langs->trans("Error")." : ".$errormsg, null, 'errors');
 }
 
-print '<br>';
-
-
 // Redirect t backup page
 header("Location: dolibarr_export.php");
 

htdocs/admin/translation.php

@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2007-2016	Laurent Destailleur	<eldy@users.sourceforge.net>
+/* Copyright (C) 2007-2020	Laurent Destailleur	<eldy@users.sourceforge.net>
  * Copyright (C) 2009-2017	Regis Houssin		<regis.houssin@inodbox.com>
  * Copyright (C) 2017       Frédéric France     <frederic.france@free.fr>
  *
@@ -35,9 +35,9 @@ if (!$user->admin) accessforbidden();
 $id = GETPOST('rowid', 'int');
 $action = GETPOST('action', 'alpha');
 
-$langcode = GETPOST('langcode', 'alpha');
-$transkey = GETPOST('transkey', 'alpha');
-$transvalue = GETPOST('transvalue', 'alpha');
+$langcode = GETPOST('langcode', 'alphanohtml');
+$transkey = GETPOST('transkey', 'alphanohtml');
+$transvalue = GETPOST('transvalue', 'none');
 
 
 $mode = GETPOST('mode', 'aZ09') ?GETPOST('mode', 'aZ09') : 'overwrite';
@@ -190,7 +190,6 @@ if ($action == 'delete')
 
 
 
-
 /*
  * View
  */
@@ -231,9 +230,9 @@ print '<span class="opacitymedium">'.$form->textwithpicto($langs->trans("Current
 
 print '<br>';
 
-if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
-if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
-if ($optioncss != '') $param.='&optioncss='.$optioncss;
+if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
+if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
+if ($optioncss != '') $param.='&optioncss='.urlencode($optioncss);
 if ($langcode)        $param.='&langcode='.urlencode($langcode);
 if ($transkey)        $param.='&transkey='.urlencode($transkey);
 if ($transvalue)      $param.='&transvalue='.urlencode($transvalue);
@@ -348,11 +347,11 @@ if ($mode == 'overwrite')
     		*/
     		if ($action == 'edit' && $obj->rowid == GETPOST('rowid', 'int'))
     		{
-    			print '<input type="text" class="quatrevingtpercent" name="transvalue" value="'.$obj->transvalue.'">';
+    			print '<input type="text" class="quatrevingtpercent" name="transvalue" value="'.dol_escape_htmltag($obj->transvalue).'">';
     		}
     		else
     		{
-    			print $obj->transvalue;
+    			print dol_escape_htmltag($obj->transvalue);
     		}
     		print '</td>';
 

htdocs/api/class/api_documents.class.php

@@ -230,7 +230,7 @@ class Documents extends DolibarrApi
 	/**
 	 * Return the list of documents of a dedicated element (from its ID or Ref)
 	 *
-	 * @param   string 	$modulepart		Name of module or area concerned ('thirdparty', 'member', 'proposal', 'order', 'invoice', 'shipment', 'project',  ...)
+	 * @param   string 	$modulepart		Name of module or area concerned ('thirdparty', 'member', 'proposal', 'order', 'invoice', 'supplier_invoice', 'shipment', 'project',  ...)
 	 * @param	int		$id				ID of element
 	 * @param	string	$ref			Ref of element
 	 * @param	string	$sortfield		Sort criteria ('','fullname','relativename','name','date','size')
@@ -355,6 +355,24 @@ class Documents extends DolibarrApi
 
 			$upload_dir = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice');
 		}
+		elseif ($modulepart == 'facture_fournisseur' || $modulepart == 'supplier_invoice')
+		{
+			$modulepart = 'supplier_invoice';
+
+			require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
+
+			if (!DolibarrApiAccess::$user->rights->fournisseur->facture->lire) {
+				throw new RestException(401);
+			}
+
+			$object = new FactureFournisseur($this->db);
+			$result = $object->fetch($id, $ref);
+			if (!$result) {
+				throw new RestException(404, 'Invoice not found');
+			}
+
+			$upload_dir = $conf->fournisseur->dir_output."/facture/".get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').dol_sanitizeFileName($object->ref);
+		}
         elseif ($modulepart == 'produit' || $modulepart == 'product')
 		{
 			require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
@@ -387,6 +405,22 @@ class Documents extends DolibarrApi
 
 			$upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref);
 		}
+		elseif ($modulepart == 'expensereport')
+		{
+			require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
+
+			if (!DolibarrApiAccess::$user->rights->expensereport->read && !DolibarrApiAccess::$user->rights->expensereport->read) {
+				throw new RestException(401);
+			}
+
+			$object = new ExpenseReport($this->db);
+			$result = $object->fetch($id, $ref);
+			if (!$result) {
+				throw new RestException(404, 'Expense report not found');
+			}
+
+			$upload_dir = $conf->expensereport->dir_output.'/'.dol_sanitizeFileName($object->ref);
+		}
 		else
 		{
 			throw new RestException(500, 'Modulepart '.$modulepart.' not implemented yet.');
@@ -418,8 +452,9 @@ class Documents extends DolibarrApi
 	/**
 	 * Upload a file.
 	 *
-	 * Test sample 1: { "filename": "mynewfile.txt", "modulepart": "facture", "ref": "FA1701-001", "subdir": "", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.
-	 * Test sample 2: { "filename": "mynewfile.txt", "modulepart": "medias", "ref": "", "subdir": "image/mywebsite", "filecontent": "Y29udGVudCB0ZXh0Cg==", "fileencoding": "base64", "overwriteifexists": "0" }.
+	 * Test sample for invoice: { "filename": "mynewfile.txt", "modulepart": "invoice", "ref": "FA1701-001", "subdir": "", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.
+	 * Test sample for supplier invoice: { "filename": "mynewfile.txt", "modulepart": "supplier_invoice", "ref": "FA1701-001", "subdir": "", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.
+	 * Test sample for medias file: { "filename": "mynewfile.txt", "modulepart": "medias", "ref": "", "subdir": "image/mywebsite", "filecontent": "Y29udGVudCB0ZXh0Cg==", "fileencoding": "base64", "overwriteifexists": "0" }.
 	 *
 	 * @param   string  $filename           Name of file to create ('FA1705-0123.txt')
 	 * @param   string  $modulepart         Name of module or area concerned by file upload ('facture', 'project', 'project_task', ...)
@@ -476,6 +511,13 @@ class Documents extends DolibarrApi
 				require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
 				$object = new Facture($this->db);
 			}
+			elseif ($modulepart == 'facture_fournisseur' || $modulepart == 'supplier_invoice')
+			{
+				$modulepart = 'supplier_invoice';
+
+				require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
+				$object = new FactureFournisseur($this->db);
+			}
 			elseif ($modulepart == 'project')
 			{
 				require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
@@ -510,6 +552,11 @@ class Documents extends DolibarrApi
 				require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
 				$object = new Product($this->db);
 			}
+			elseif ($modulepart == 'expensereport')
+			{
+				require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
+				$object = new ExpenseReport($this->db);
+			}
 			// TODO Implement additional moduleparts
 			else
 			{
@@ -535,6 +582,12 @@ class Documents extends DolibarrApi
    				throw new RestException(404, 'The object '.$modulepart." with ref '".$ref."' was not found.");
 			}
 
+			// Special cases that need to use get_exdir to get real dir of object
+			// If future, all object should use this to define path of documents.
+			if ($modulepart == 'supplier_invoice') {
+				$tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
+			}
+
 			$relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
 
 			$tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, $ref, 'write');

htdocs/api/class/api_setup.class.php

@@ -53,7 +53,7 @@ class Setup extends DolibarrApi
      * @param int       $limit      Number of items per page
      * @param int       $page       Page number {@min 0}
      * @param int       $active     Payment type is active or not {@min 0} {@max 1}
-     * @param string    $sqlfilters SQL criteria to filter with. Syntax example "(t.code:=:'CHQ')"
+     * @param string    $sqlfilters SQL criteria to filter with. Syntax example "(t.code:=:'OrderByWWW')"
      *
      * @url     GET dictionary/ordering_methods
      *

htdocs/barcode/printsheet.php

@@ -278,6 +278,7 @@ dol_htmloutput_errors($mesg);
 print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
 print '<input type="hidden" name="mode" value="label">';
 print '<input type="hidden" name="action" value="builddoc">';
+print '<input type="hidden" name="token" value="'.newtoken().'">';
 
 print '<div class="tagtable">';
 

htdocs/bom/bom_card.php

@@ -155,6 +155,8 @@ if (empty($reshook))
 
 		if (!$error)
 		{
+			$lastposition = 0;
+
     		$bomline = new BOMLine($db);
     		$bomline->fk_bom = $id;
     		$bomline->fk_product = $idprod;
@@ -163,6 +165,12 @@ if (empty($reshook))
     		$bomline->disable_stock_change = (int) $disable_stock_change;
     		$bomline->efficiency = $efficiency;
 
+    		// Rang to use
+   			$rangmax = $object->line_max(0);
+   			$ranktouse = $rangmax + 1;
+
+   			$bomline->position = ($ranktouse + 1);
+
     		$result = $bomline->create($user);
     		if ($result <= 0)
     		{

htdocs/bookmarks/bookmarks.lib.php

@@ -34,6 +34,7 @@ function printBookmarksList()
 
 	if (! empty($conf->use_javascript_ajax)) {		// Bookmark autosubmit can't work when javascript is off.
 		require_once DOL_DOCUMENT_ROOT.'/bookmarks/class/bookmark.class.php';
+		require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php';
 		if (! isset($conf->global->BOOKMARKS_SHOW_IN_MENU)) $conf->global->BOOKMARKS_SHOW_IN_MENU=5;
 
 		$langs->load("bookmarks");

htdocs/categories/viewcat.php

@@ -207,7 +207,7 @@ elseif ($type == Categorie::TYPE_MEMBER)    $title = $langs->trans("MembersCateg
 elseif ($type == Categorie::TYPE_CONTACT)   $title = $langs->trans("ContactCategoriesShort");
 elseif ($type == Categorie::TYPE_ACCOUNT)   $title = $langs->trans("AccountsCategoriesShort");
 elseif ($type == Categorie::TYPE_PROJECT)   $title = $langs->trans("ProjectsCategoriesShort");
-elseif ($type == Categorie::TYPE_USER)      $title = $langs->trans("ProjectsCategoriesShort");
+elseif ($type == Categorie::TYPE_USER)      $title = $langs->trans("UsersCategoriesShort");
 else                                        $title = $langs->trans("Category");
 
 $head = categories_prepare_head($object, $type);

htdocs/comm/action/card.php

@@ -831,7 +831,7 @@ if ($action == 'create')
 	print '<input type="hidden" name="token" value="'.newToken().'">';
 	print '<input type="hidden" name="action" value="add">';
 	print '<input type="hidden" name="donotclearsession" value="1">';
-	if ($backtopage) print '<input type="hidden" name="backtopage" value="'.($backtopage != '1' ? $backtopage : $_SERVER["HTTP_REFERER"]).'">';
+	if ($backtopage) print '<input type="hidden" name="backtopage" value="'.($backtopage != '1' ? $backtopage : htmlentities($_SERVER["HTTP_REFERER"])).'">';
 	if (empty($conf->global->AGENDA_USE_EVENT_TYPE)) print '<input type="hidden" name="actioncode" value="'.dol_getIdFromCode($db, 'AC_OTH', 'c_actioncomm').'">';
 
 	if (GETPOST("actioncode", 'aZ09') == 'AC_RDV') print load_fiche_titre($langs->trans("AddActionRendezVous"), '', 'title_agenda');
@@ -1053,7 +1053,7 @@ if ($action == 'create')
 		$numproject = $formproject->select_projects((!empty($societe->id) ? $societe->id : -1), $projectid, 'projectid', 0, 0, 1, 1);
 
 		print ' <a href="'.DOL_URL_ROOT.'/projet/card.php?socid='.$societe->id.'&action=create"><span class="fa fa-plus-circle valignmiddle paddingleft" title="'.$langs->trans("AddProject").'"></span></a>';
-		$urloption = '?action=create';
+		$urloption = '?action=create&donotclearsession=1';
 		$url = dol_buildpath('comm/action/card.php', 2).$urloption;
 
 		// update task list
@@ -1232,7 +1232,7 @@ if ($id > 0)
 		print '<input type="hidden" name="action" value="update">';
 		print '<input type="hidden" name="id" value="'.$id.'">';
 		print '<input type="hidden" name="ref_ext" value="'.$object->ref_ext.'">';
-		if ($backtopage) print '<input type="hidden" name="backtopage" value="'.($backtopage != '1' ? $backtopage : $_SERVER["HTTP_REFERER"]).'">';
+		if ($backtopage) print '<input type="hidden" name="backtopage" value="'.($backtopage != '1' ? $backtopage : htmlentities($_SERVER["HTTP_REFERER"])).'">';
 		if (empty($conf->global->AGENDA_USE_EVENT_TYPE)) print '<input type="hidden" name="actioncode" value="'.$object->type_code.'">';
 
 		dol_fiche_head($head, 'card', $langs->trans("Action"), 0, 'action');
@@ -1449,10 +1449,10 @@ if ($id > 0)
 			$langs->load("projects");
 
 			print '<tr><td class="titlefieldcreate">'.$langs->trans("Project").'</td><td>';
-			$numprojet = $formproject->select_projects(($object->socid > 0 ? $object->socid : -1), $object->fk_project, 'projectid', 0, 0, 1, 0, 0, 0, 0, '', 0);
+			$numprojet = $formproject->select_projects(($object->socid > 0 ? $object->socid : -1), $object->fk_project, 'projectid', 0, 0, 1, 0, 0, 0, 0, '', 0, 0, 'maxwidth500');
 			if ($numprojet == 0)
 			{
-				print ' &nbsp; <a href="'.DOL_URL_ROOT.'/projet/card.php?socid='.$object->socid.'&action=create&backtopage='.urlencode($_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit').'"><span class="valignmiddle text-plus-circle">'.$langs->trans("AddProject").'</span><span class="fa fa-plus-circle valignmiddle paddingleft"></span></a>';
+				print ' &nbsp; <a href="'.DOL_URL_ROOT.'/projet/card.php?socid='.$object->socid.'&action=create&backtopage='.urlencode($_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit').'"><span class="fa fa-plus-circle valignmiddle paddingleft" title="'.$langs->trans("AddProject").'"></span></a>';
 			}
 			print '</td></tr>';
 		}
@@ -1473,7 +1473,7 @@ if ($id > 0)
 			{
 			    print '<td id="project-task-input-container" >';
 
-			    $urloption = '?action=create'; // we use create not edit for more flexibility
+				$urloption = '?action=create&donotclearsession=1'; // we use create not edit for more flexibility
 			    $url = DOL_URL_ROOT.'/comm/action/card.php'.$urloption;
 
 			    // update task list
@@ -1789,7 +1789,7 @@ if ($id > 0)
 
 		// Description
 		print '<tr><td class="tdtop">'.$langs->trans("Description").'</td><td colspan="3">';
-		print dol_htmlentitiesbr($object->note);
+		print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note_private));
 		print '</td></tr>';
 
         // Other attributes

htdocs/comm/action/list.php

@@ -43,7 +43,7 @@ $action = GETPOST('action', 'alpha');
 $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'actioncommlist'; // To manage different context of search
 $resourceid = GETPOST("search_resourceid", "int") ?GETPOST("search_resourceid", "int") : GETPOST("resourceid", "int");
 $pid = GETPOST("search_projectid", 'int', 3) ?GETPOST("search_projectid", 'int', 3) : GETPOST("projectid", 'int', 3);
-$status = (GETPOST("search_status", 'alpha') != '') ?GETPOST("search_status", 'alpha') : GETPOST("status", 'alpha');
+$search_status = (GETPOST("search_status", 'alpha') != '') ?GETPOST("search_status", 'alpha') : GETPOST("status", 'alpha');
 $type = GETPOST('search_type', 'alphanohtml') ?GETPOST('search_type', 'alphanohtml') : GETPOST('type', 'alphanohtml');
 $optioncss = GETPOST('optioncss', 'alpha');
 $year = GETPOST("year", 'int');
@@ -67,8 +67,8 @@ $search_note = GETPOST('search_note', 'alpha');
 $dateselect = dol_mktime(0, 0, 0, GETPOST('dateselectmonth', 'int'), GETPOST('dateselectday', 'int'), GETPOST('dateselectyear', 'int'));
 $datestart = dol_mktime(0, 0, 0, GETPOST('datestartmonth', 'int'), GETPOST('datestartday', 'int'), GETPOST('datestartyear', 'int'));
 $dateend = dol_mktime(0, 0, 0, GETPOST('dateendmonth', 'int'), GETPOST('dateendday', 'int'), GETPOST('dateendyear', 'int'));
-if ($status == '' && !isset($_GET['status']) && !isset($_POST['status'])) $status = (empty($conf->global->AGENDA_DEFAULT_FILTER_STATUS) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_STATUS);
-if (empty($action) && !isset($_GET['action']) && !isset($_POST['action'])) $action = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW);
+if ($search_status == '' && ! GETPOSTISSET('search_status')) $search_status = (empty($conf->global->AGENDA_DEFAULT_FILTER_STATUS) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_STATUS);
+if (empty($action) && ! GETPOSTISSET('action')) $action = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW);
 
 $filter = GETPOST("search_filter", 'alpha', 3) ?GETPOST("search_filter", 'alpha', 3) : GETPOST("filter", 'alpha', 3);
 $filtert = GETPOST("search_filtert", "int", 3) ?GETPOST("search_filtert", "int", 3) : GETPOST("filtert", "int", 3);
@@ -100,12 +100,12 @@ $offset = $limit * $page;
 if (!$sortorder)
 {
 	$sortorder = "DESC,DESC";
-	if ($status == 'todo') $sortorder = "DESC,DESC";
+	if ($search_status == 'todo') $sortorder = "DESC,DESC";
 }
 if (!$sortfield)
 {
 	$sortfield = "a.datep,a.id";
-	if ($status == 'todo') $sortfield = "a.datep,a.id";
+	if ($search_status == 'todo') $sortfield = "a.datep,a.id";
 }
 
 // Security check
@@ -184,7 +184,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x'
     $search_note = '';
     $datestart = '';
     $dateend = '';
-    $status = '';
+    $search_status = '';
     $search_array_options = array();
 }
 
@@ -218,7 +218,7 @@ if ($actioncode != '') {
 	} else $param .= "&search_actioncode=".urlencode($actioncode);
 }
 if ($resourceid > 0) $param .= "&search_resourceid=".urlencode($resourceid);
-if ($status != '' && $status > -1) $param .= "&search_status=".urlencode($status);
+if ($search_status != '' && $search_status > -1) $param .= "&search_status=".urlencode($search_status);
 if ($filter) $param .= "&search_filter=".urlencode($filter);
 if ($filtert) $param .= "&search_filtert=".urlencode($filtert);
 if ($socid) $param .= "&search_socid=".urlencode($socid);
@@ -309,12 +309,12 @@ if ($socid > 0) $sql .= " AND s.rowid = ".$socid;
 // We must filter on assignement table
 if ($filtert > 0 || $usergroup > 0) $sql .= " AND ar.fk_actioncomm = a.id AND ar.element_type='user'";
 if ($type) $sql .= " AND c.id = ".(int) $type;
-if ($status == '0') { $sql .= " AND a.percent = 0"; }
-if ($status == '-1') { $sql .= " AND a.percent = -1"; }	// Not applicable
-if ($status == '50') { $sql .= " AND (a.percent > 0 AND a.percent < 100)"; }	// Running already started
-if ($status == '100') { $sql .= " AND a.percent = 100"; }
-if ($status == 'done') { $sql .= " AND (a.percent = 100)"; }
-if ($status == 'todo') { $sql .= " AND (a.percent >= 0 AND a.percent < 100)"; }
+if ($search_status == '0') { $sql .= " AND a.percent = 0"; }
+if ($search_status == '-1') { $sql .= " AND a.percent = -1"; }	// Not applicable
+if ($search_status == '50') { $sql .= " AND (a.percent > 0 AND a.percent < 100)"; }	// Running already started
+if ($search_status == '100') { $sql .= " AND a.percent = 100"; }
+if ($search_status == 'done') { $sql .= " AND (a.percent = 100)"; }
+if ($search_status == 'todo') { $sql .= " AND (a.percent >= 0 AND a.percent < 100)"; }
 if ($search_id) $sql .= natural_search("a.id", $search_id, 1);
 if ($search_title) $sql .= natural_search("a.label", $search_title);
 if ($search_note) $sql .= natural_search('a.note', $search_note);
@@ -397,7 +397,7 @@ if ($resql)
 	print $nav;
 
     dol_fiche_head($head, $tabactive, $langs->trans('Agenda'), 0, 'action');
-    print_actions_filter($form, $canedit, $status, $year, $month, $day, $showbirthday, 0, $filtert, 0, $pid, $socid, $action, -1, $actioncode, $usergroup, '', $resourceid);
+    print_actions_filter($form, $canedit, $search_status, $year, $month, $day, $showbirthday, 0, $filtert, 0, $pid, $socid, $action, -1, $actioncode, $usergroup, '', $resourceid);
     dol_fiche_end();
 
     // Add link to show birthdays
@@ -488,8 +488,8 @@ if ($resql)
 	if (!empty($arrayfields['a.tms']['checked']))		print '<td class="liste_titre"></td>';
 	if (!empty($arrayfields['a.percent']['checked'])) {
 		print '<td class="liste_titre center">';
-        $formactions->form_select_status_action('formaction', $status, 1, 'status', 1, 2, 'minwidth100imp maxwidth125');
-    	print ajax_combobox('selectstatus');
+        $formactions->form_select_status_action('formaction', $search_status, 1, 'search_status', 1, 2, 'minwidth100imp maxwidth125');
+    	print ajax_combobox('selectsearch_status');
     	print '</td>';
     }
 	// Action column

htdocs/comm/action/peruser.php

@@ -49,10 +49,10 @@ $usergroup = GETPOST("search_usergroup", "int", 3) ?GETPOST("search_usergroup",
 $showbirthday = 0;
 
 // If not choice done on calendar owner, we filter on user.
-if (empty($filtert) && empty($conf->global->AGENDA_ALL_CALENDARS))
+/*if (empty($filtert) && empty($conf->global->AGENDA_ALL_CALENDARS))
 {
 	$filtert = $user->id;
-}
+}*/
 
 $sortfield = GETPOST("sortfield", 'alpha');
 $sortorder = GETPOST("sortorder", 'alpha');

htdocs/comm/card.php

@@ -666,7 +666,7 @@ if ($object->id > 0)
 	$now = dol_now();
 
 	/*
-	 * Last proposals
+	 * Latest proposals
 	 */
 	if (!empty($conf->propal->enabled) && $user->rights->propal->lire)
 	{
@@ -738,7 +738,7 @@ if ($object->id > 0)
 	}
 
 	/*
-	 * Last orders
+	 * Latest orders
 	 */
 	if (!empty($conf->commande->enabled) && $user->rights->commande->lire)
 	{
@@ -751,7 +751,7 @@ if ($object->id > 0)
 		$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
 		$sql .= " WHERE c.fk_soc = s.rowid ";
 		$sql .= " AND s.rowid = ".$object->id;
-		$sql .= " AND c.entity = ".$conf->entity;
+		$sql .= " AND c.entity IN (".getEntity('commande').')';
 		$sql .= " ORDER BY c.date_commande DESC";
 
 		$resql = $db->query($sql);
@@ -824,7 +824,7 @@ if ($object->id > 0)
 	}
 
     /*
-     *   Last shipments
+     *   Latest shipments
      */
     if (!empty($conf->expedition->enabled) && $user->rights->expedition->lire)
     {
@@ -897,7 +897,7 @@ if ($object->id > 0)
     }
 
 	/*
-	 * Last linked contracts
+	 * Latest linked contracts
 	 */
 	if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire)
 	{
@@ -905,7 +905,7 @@ if ($object->id > 0)
 		$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
 		$sql .= " WHERE c.fk_soc = s.rowid ";
 		$sql .= " AND s.rowid = ".$object->id;
-		$sql .= " AND c.entity = ".$conf->entity;
+		$sql .= " AND c.entity IN (".getEntity('contract').")";
 		$sql .= " ORDER BY c.datec DESC";
 
 		$resql = $db->query($sql);
@@ -967,7 +967,7 @@ if ($object->id > 0)
 	}
 
 	/*
-	 * Last interventions
+	 * Latest interventions
 	 */
 	if (!empty($conf->ficheinter->enabled) && $user->rights->ficheinter->lire)
 	{
@@ -975,7 +975,7 @@ if ($object->id > 0)
 		$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f";
 		$sql .= " WHERE f.fk_soc = s.rowid";
 		$sql .= " AND s.rowid = ".$object->id;
-		$sql .= " AND f.entity = ".$conf->entity;
+		$sql .= " AND f.entity IN (".getEntity('intervention').")";
 		$sql .= " ORDER BY f.tms DESC";
 
 		$resql = $db->query($sql);
@@ -1028,7 +1028,7 @@ if ($object->id > 0)
 	}
 
 	/*
-	 *   Last invoices templates
+	 *   Latest invoices templates
 	 */
 	if (!empty($conf->facture->enabled) && $user->rights->facture->lire)
 	{
@@ -1044,7 +1044,7 @@ if ($object->id > 0)
 		$sql .= ', s.nom, s.rowid as socid';
 		$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_rec as f";
 		$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id;
-		$sql .= " AND f.entity = ".$conf->entity;
+		$sql .= " AND f.entity IN (".getEntity('invoice').")";
 		$sql .= ' GROUP BY f.rowid, f.titre, f.amount, f.total, f.tva, f.total_ttc,';
 		$sql .= ' f.date_last_gen, f.datec, f.frequency, f.unit_frequency,';
 		$sql .= ' f.suspended, f.date_when,';
@@ -1063,7 +1063,7 @@ if ($object->id > 0)
 				print '<table class="noborder centpercent lastrecordtable">';
 
 				print '<tr class="liste_titre">';
-				print '<td colspan="4"><table width="100%" class="nobordernopadding"><tr><td>'.$langs->trans("LatestCustomerTemplateInvoices", ($num <= $MAXLIST ? "" : $MAXLIST)).'</td><td class="right"><a class="notasortlink" href="'.DOL_URL_ROOT.'/compta/facture/list.php?socid='.$object->id.'">'.$langs->trans("AllCustomerTemplateInvoices").'<span class="badge marginleftonlyshort">'.$num.'</span></a></td>';
+				print '<td colspan="4"><table width="100%" class="nobordernopadding"><tr><td>'.$langs->trans("LatestCustomerTemplateInvoices", ($num <= $MAXLIST ? "" : $MAXLIST)).'</td><td class="right"><a class="notasortlink" href="'.DOL_URL_ROOT.'/compta/facture/invoicetemplate_list.php?socid='.$object->id.'">'.$langs->trans("AllCustomerTemplateInvoices").'<span class="badge marginleftonlyshort">'.$num.'</span></a></td>';
 				print '</tr></table></td>';
 				print '</tr>';
 			}

htdocs/comm/index.php

@@ -4,6 +4,7 @@
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@inodbox.com>
  * Copyright (C) 2015      Jean-François Ferry	<jfefe@aternatik.fr>
  * Copyright (C) 2019      Nicolas ZABOURI      <info@inovea-conseil.com>
+ * Copyright (C) 2020      Pierre Ardoin        <mapiolca@me.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -149,6 +150,9 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire)
 
 	$sql = "SELECT p.rowid, p.ref, p.ref_client, p.total_ht, p.tva as total_tva, p.total as total_ttc, s.rowid as socid, s.nom as name, s.client, s.canvas";
     $sql .= ", s.code_client";
+	$sql .= ", s.email";
+    $sql .= ", s.entity";
+    $sql .= ", s.code_compta";
 	$sql .= " FROM ".MAIN_DB_PREFIX."propal as p";
 	$sql .= ", ".MAIN_DB_PREFIX."societe as s";
 	if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
@@ -193,6 +197,9 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire)
                 $companystatic->code_client = $obj->code_client;
                 $companystatic->code_fournisseur = $obj->code_fournisseur;
 				$companystatic->canvas = $obj->canvas;
+				$companystatic->entity = $obj->entity;
+                $companystatic->email = $obj->email;
+                $companystatic->code_compta = $obj->code_compta;
 				print $companystatic->getNomUrl(1, 'customer', 16);
 				print '</td>';
 				print '<td class="nowrap right">'.price($obj->total_ht).'</td></tr>';
@@ -233,6 +240,9 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
 
     $sql = "SELECT p.rowid, p.ref, p.total_ht, p.tva as total_tva, p.total as total_ttc, s.rowid as socid, s.nom as name, s.client, s.canvas";
     $sql .= ", s.code_client";
+    $sql .= ", s.code_fournisseur";
+	$sql .= ", s.entity";
+    $sql .= ", s.email";
     $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p";
     $sql .= ", ".MAIN_DB_PREFIX."societe as s";
     if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
@@ -276,6 +286,8 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
                 $companystatic->code_client = $obj->code_client;
                 $companystatic->code_fournisseur = $obj->code_fournisseur;
                 $companystatic->canvas = $obj->canvas;
+				$companystatic->entity = $obj->entity;
+                $companystatic->email = $obj->email;
                 print $companystatic->getNomUrl(1, 'supplier', 16);
                 print '</td>';
                 print '<td class="nowrap right">'.price($obj->total_ht).'</td></tr>';
@@ -315,6 +327,9 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire)
 
 	$sql = "SELECT c.rowid, c.ref, c.ref_client, c.total_ht, c.tva as total_tva, c.total_ttc, s.rowid as socid, s.nom as name, s.client, s.canvas";
     $sql .= ", s.code_client";
+	$sql .= ", s.email";
+    $sql .= ", s.entity";
+    $sql .= ", s.code_compta";
 	$sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
 	$sql .= ", ".MAIN_DB_PREFIX."societe as s";
 	if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
@@ -358,6 +373,8 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire)
                 $companystatic->code_client = $obj->code_client;
                 $companystatic->code_fournisseur = $obj->code_fournisseur;
                 $companystatic->canvas = $obj->canvas;
+                $companystatic->email = $obj->email;
+                $companystatic->entity = $obj->entity;
 				print $companystatic->getNomUrl(1, 'customer', 16);
 				print '</td>';
 				if (!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT)) {
@@ -404,6 +421,8 @@ if (!empty($conf->fournisseur->enabled) && $user->rights->fournisseur->commande-
     $sql = "SELECT cf.rowid, cf.ref, cf.ref_supplier, cf.total_ttc, s.rowid as socid, s.nom as name, s.client, s.canvas";
     $sql .= ", s.code_client";
     $sql .= ", s.code_fournisseur";
+	$sql .= ", s.entity";
+    $sql .= ", s.email";
     $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as cf";
     $sql .= ", ".MAIN_DB_PREFIX."societe as s";
     if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
@@ -447,6 +466,8 @@ if (!empty($conf->fournisseur->enabled) && $user->rights->fournisseur->commande-
                 $companystatic->code_client = $obj->code_client;
                 $companystatic->code_fournisseur = $obj->code_fournisseur;
                 $companystatic->canvas = $obj->canvas;
+				$companystatic->entity = $obj->entity;
+                $companystatic->email = $obj->email;
                 print $companystatic->getNomUrl(1, 'supplier', 16);
                 print '</td>';
 				if (!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT)) {
@@ -496,6 +517,9 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire)
 
 	$sql = "SELECT s.rowid, s.nom as name, s.client, s.datec, s.tms, s.canvas";
     $sql .= ", s.code_client";
+	$sql .= ", s.code_compta";
+    $sql .= ", s.entity";
+    $sql .= ", s.email";
 	$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
 	if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 	$sql .= " WHERE s.client IN (1, 2, 3)";
@@ -532,6 +556,9 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire)
                 $companystatic->code_client = $objp->code_client;
                 $companystatic->code_fournisseur = $objp->code_fournisseur;
                 $companystatic->canvas = $objp->canvas;
+				$companystatic->code_compta = $objp->code_compta;
+                $companystatic->entity = $objp->entity;
+                $companystatic->email = $objp->email;
 				print '<tr class="oddeven">';
 				print '<td class="nowrap">'.$companystatic->getNomUrl(1, 'customer', 48).'</td>';
 				print '<td class="right" nowrap>';
@@ -560,6 +587,8 @@ if (!empty($conf->fournisseur->enabled) && $user->rights->societe->lire)
 
 	$sql = "SELECT s.nom as name, s.rowid, s.datec as dc, s.canvas, s.tms as dm";
     $sql .= ", s.code_fournisseur";
+	$sql .= ", s.entity";
+    $sql .= ", s.email";
 	$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
 	if (!$user->rights->societe->client->voir && !$user->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 	$sql .= " WHERE s.fournisseur = 1";
@@ -591,6 +620,8 @@ if (!empty($conf->fournisseur->enabled) && $user->rights->societe->lire)
                 $companystatic->code_client = $objp->code_client;
                 $companystatic->code_fournisseur = $objp->code_fournisseur;
                 $companystatic->canvas = $objp->canvas;
+				$companystatic->entity = $objp->entity;
+                $companystatic->email = $objp->email;
                 print '<tr class="oddeven">';
 				print '<td class="nowrap">'.$companystatic->getNomUrl(1, 'supplier', 44).'</td>';
 				print '<td class="right">'.dol_print_date($db->jdate($objp->dm), 'day').'</td>';
@@ -636,6 +667,8 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) // TOD
 
 	$sql = "SELECT s.nom as name, s.rowid, s.canvas, ";
     $sql .= ", s.code_client";
+	$sql .= ", s.entity";
+    $sql .= ", s.email";
 	$sql .= " c.statut, c.rowid as contratid, p.ref, c.mise_en_service as datemes, c.fin_validite as datefin, c.date_cloture as dateclo";
 	$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
 	$sql .= ", ".MAIN_DB_PREFIX."contrat as c";
@@ -673,6 +706,8 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) // TOD
                 $companystatic->code_client = $objp->code_client;
                 $companystatic->code_fournisseur = $objp->code_fournisseur;
                 $companystatic->canvas = $objp->canvas;
+				$companystatic->entity = $objp->entity;
+                $companystatic->email = $objp->email;
                 print $companystatic->getNomUrl(1, 'customer', 44);
 				print '</td>'."\n";
 				print "<td class=\"right\">".$staticcontrat->LibStatut($obj->statut, 3)."</td></tr>\n";
@@ -697,6 +732,8 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire)
 	$langs->load("propal");
 
 	$sql = "SELECT s.nom as name, s.rowid, s.code_client";
+	$sql .= ", s.entity";
+    $sql .= ", s.email";
 	$sql .= ", p.rowid as propalid, p.entity, p.total as total_ttc, p.total_ht, p.tva as total_tva, p.ref, p.ref_client, p.fk_statut, p.datep as dp, p.fin_validite as dfv";
 	$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
 	$sql .= ", ".MAIN_DB_PREFIX."propal as p";
@@ -760,6 +797,8 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire)
                 $companystatic->code_client = $obj->code_client;
                 $companystatic->code_fournisseur = $obj->code_fournisseur;
                 $companystatic->canvas = $obj->canvas;
+				$companystatic->entity = $obj->entity;
+                $companystatic->email = $obj->email;
                 print $companystatic->getNomUrl(1, 'customer', 44);
                 print '</td>';
 				print '<td class="right">';
@@ -802,6 +841,8 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire)
 
 	$sql = "SELECT s.nom as name, s.rowid, c.rowid as commandeid, c.total_ttc, c.total_ht, c.tva as total_tva, c.ref, c.ref_client, c.fk_statut, c.date_valid as dv, c.facture as billed";
     $sql .= ", s.code_client";
+	$sql .= ", s.entity";
+    $sql .= ", s.email";
 	$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
 	$sql .= ", ".MAIN_DB_PREFIX."commande as c";
 	if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
@@ -864,6 +905,8 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire)
                 $companystatic->code_client = $obj->code_client;
                 $companystatic->code_fournisseur = $obj->code_fournisseur;
                 $companystatic->canvas = $obj->canvas;
+				$companystatic->entity = $obj->entity;
+                $companystatic->email = $obj->email;
                 print $companystatic->getNomUrl(1, 'customer', 44);
                 print '</td>';
 				print '<td class="right">';

htdocs/comm/mailing/advtargetemailing.php

@@ -423,24 +423,24 @@ if ($object->fetch($id) >= 0) {
 
 	$linkback = '<a href="'.DOL_URL_ROOT.'/comm/mailing/liste.php">'.$langs->trans("BackToList").'</a>';
 
-	print '<tr><td width="25%">'.$langs->trans("Ref").'</td>';
+	print '<tr><td>'.$langs->trans("Ref").'</td>';
 	print '<td colspan="3">';
 	print $form->showrefnav($object, 'id', $linkback);
 	print '</td></tr>';
 
-	print '<tr><td width="25%">'.$langs->trans("MailTitle").'</td><td colspan="3">'.$object->titre.'</td></tr>';
+	print '<tr><td>'.$langs->trans("MailTitle").'</td><td colspan="3">'.$object->titre.'</td></tr>';
 
-	print '<tr><td width="25%">'.$langs->trans("MailFrom").'</td><td colspan="3">'.dol_print_email($object->email_from, 0, 0, 0, 0, 1).'</td></tr>';
+	print '<tr><td>'.$langs->trans("MailFrom").'</td><td colspan="3">'.dol_print_email($object->email_from, 0, 0, 0, 0, 1).'</td></tr>';
 
 	// Errors to
-	print '<tr><td width="25%">'.$langs->trans("MailErrorsTo").'</td><td colspan="3">'.dol_print_email($object->email_errorsto, 0, 0, 0, 0, 1);
+	print '<tr><td>'.$langs->trans("MailErrorsTo").'</td><td colspan="3">'.dol_print_email($object->email_errorsto, 0, 0, 0, 0, 1);
 	print '</td></tr>';
 
 	// Status
-	print '<tr><td width="25%">'.$langs->trans("Status").'</td><td colspan="3">'.$object->getLibStatut(4).'</td></tr>';
+	print '<tr><td>'.$langs->trans("Status").'</td><td colspan="3">'.$object->getLibStatut(4).'</td></tr>';
 
 	// Nb of distinct emails
-	print '<tr><td width="25%">';
+	print '<tr><td>';
 	print $langs->trans("TotalNbOfDistinctRecipients");
 	print '</td><td colspan="3">';
 	$nbemail = ($object->nbemail ? $object->nbemail : '0');

htdocs/comm/mailing/cibles.php

@@ -673,7 +673,8 @@ if ($object->fetch($id) >= 0)
 					// Date sent
 					print '<td align="center">&nbsp;</td>';
 
-					print '<td class="nowrap right">'.$langs->trans("MailingStatusNotSent");
+					print '<td class="nowrap right">';
+					print $object::libStatutDest($obj->statut, 2, '');
 					print '</td>';
 				}
 				else

htdocs/comm/mailing/class/advtargetemailing.class.php

@@ -141,7 +141,7 @@ class AdvanceTargetingMailing extends CommonObject
 		$sql .= " ".(!isset($this->filtervalue) ? 'NULL' : "'".$this->db->escape($this->filtervalue)."'").",";
 		$sql .= " ".$user->id.",";
 		$sql .= " '".$this->db->idate(dol_now())."',";
-		$sql .= " null";
+		$sql.= " ".$user->id;
 		$sql .= ")";
 
 		$this->db->begin();

htdocs/comm/mailing/class/html.formadvtargetemailing.class.php

@@ -65,7 +65,7 @@ class FormAdvTargetEmailing extends Form
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_prospectlevel";
 		$sql .= " WHERE active > 0";
 		$sql .= " ORDER BY sortorder";
-		dol_syslog(get_class($this).'::multiselectProspectionStatus sql='.$sql, LOG_DEBUG);
+
 		$resql = $this->db->query($sql);
 		if ($resql) {
 			$num = $this->db->num_rows($resql);
@@ -111,7 +111,6 @@ class FormAdvTargetEmailing extends Form
 		$sql .= " WHERE active = 1 AND code<>''";
 		$sql .= " ORDER BY code ASC";
 
-		dol_syslog(get_class($this)."::select_country sql=".$sql);
 		$resql = $this->db->query($sql);
 		if ($resql) {
 			$num = $this->db->num_rows($resql);
@@ -260,7 +259,6 @@ class FormAdvTargetEmailing extends Form
 			}
 			// $sql.= ' WHERE entity = '.$conf->entity;
 
-			dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
 			$resql = $this->db->query($sql);
 			if ($resql) {
 				$num = $this->db->num_rows($resql);
@@ -297,7 +295,7 @@ class FormAdvTargetEmailing extends Form
 		$sql = "SELECT rowid, code, label as civilite, active FROM ".MAIN_DB_PREFIX."c_civility";
 		$sql .= " WHERE active = 1";
 
-		dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
+		dol_syslog(__METHOD__, LOG_DEBUG);
 		$resql = $this->db->query($sql);
 		if ($resql)
 		{
@@ -385,7 +383,7 @@ class FormAdvTargetEmailing extends Form
 		$sql = "SELECT rowid, label FROM ".MAIN_DB_PREFIX."categorie";
 		$sql .= " WHERE type=".$type;
 
-		dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
+		dol_syslog(__METHOD__, LOG_DEBUG);
 		$resql = $this->db->query($sql);
 		if ($resql)
 		{
@@ -418,9 +416,10 @@ class FormAdvTargetEmailing extends Form
 	 * @param	integer 	$selected  		defaut selected
 	 * @param	integer 	$showempty 		empty lines
 	 * @param	string		$type_element	Type element. Example: 'mailing'
+	 * @param	string		$morecss		More CSS
 	 * @return	string 						HTML combo
 	 */
-    public function selectAdvtargetemailingTemplate($htmlname = 'template_id', $selected = 0, $showempty = 0, $type_element = 'mailing')
+    public function selectAdvtargetemailingTemplate($htmlname = 'template_id', $selected = 0, $showempty = 0, $type_element = 'mailing', $morecss = '')
     {
 		global $conf, $user, $langs;
 
@@ -431,10 +430,10 @@ class FormAdvTargetEmailing extends Form
 		$sql .= " WHERE type_element='$type_element'";
 		$sql .= " ORDER BY c.name";
 
-		dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
+		dol_syslog(__METHOD__, LOG_DEBUG);
 		$resql = $this->db->query($sql);
 		if ($resql) {
-			$out .= '<select id="'.$htmlname.'" class="flat" name="'.$htmlname.'">';
+			$out .= '<select id="'.$htmlname.'" class="flat'.($morecss?' '.$morecss:'').'" name="'.$htmlname.'">';
 			if ($showempty)
 				$out .= '<option value=""></option>';
 			$num = $this->db->num_rows($resql);

htdocs/comm/mailing/class/mailing.class.php

@@ -662,10 +662,12 @@ class Mailing extends CommonObject
 		$labelStatusShort = array();
 
 		$labelStatus[-1] = $langs->trans('MailingStatusError');
+		$labelStatus[0] = $langs->trans('MailingStatusNotSent');
 		$labelStatus[1] = $langs->trans('MailingStatusSent');
 		$labelStatus[2] = $langs->trans('MailingStatusRead');
 		$labelStatus[3] = $langs->trans('MailingStatusNotContact');
 		$labelStatusShort[-1] = $langs->trans('MailingStatusError');
+		$labelStatusShort[0] = $langs->trans('MailingStatusNotSent');
 		$labelStatusShort[1] = $langs->trans('MailingStatusSent');
 		$labelStatusShort[2] = $langs->trans('MailingStatusRead');
 		$labelStatusShort[3] = $langs->trans('MailingStatusNotContact');

htdocs/comm/propal/class/propal.class.php

@@ -223,6 +223,90 @@ class Propal extends CommonObject
 
 	public $oldcopy;
 
+
+	/**
+	 *  'type' if the field format ('integer', 'integer:ObjectClass:PathToClass[:AddCreateButtonOrNot[:Filter]]', 'varchar(x)', 'double(24,8)', 'real', 'price', 'text', 'html', 'date', 'datetime', 'timestamp', 'duration', 'mail', 'phone', 'url', 'password')
+	 *         Note: Filter can be a string like "(t.ref:like:'SO-%') or (t.date_creation:<:'20160101') or (t.nature:is:NULL)"
+	 *  'label' the translation key.
+	 *  'enabled' is a condition when the field must be managed.
+	 *  'position' is the sort order of field.
+	 *  'notnull' is set to 1 if not null in database. Set to -1 if we must set data to null if empty ('' or 0).
+	 *  'visible' says if field is visible in list (Examples: 0=Not visible, 1=Visible on list and create/update/view forms, 2=Visible on list only, 3=Visible on create/update/view form only (not list), 4=Visible on list and update/view form only (not create). 5=Visible on list and view only (not create/not update). Using a negative value means field is not shown by default on list but can be selected for viewing)
+	 *  'noteditable' says if field is not editable (1 or 0)
+	 *  'default' is a default value for creation (can still be overwrote by the Setup of Default Values if field is editable in creation form). Note: If default is set to '(PROV)' and field is 'ref', the default value will be set to '(PROVid)' where id is rowid when a new record is created.
+	 *  'index' if we want an index in database.
+	 *  'foreignkey'=>'tablename.field' if the field is a foreign key (it is recommanded to name the field fk_...).
+	 *  'searchall' is 1 if we want to search in this field when making a search from the quick search button.
+	 *  'isameasure' must be set to 1 if you want to have a total on list for this field. Field type must be summable like integer or double(24,8).
+	 *  'css' is the CSS style to use on field. For example: 'maxwidth200'
+	 *  'help' is a string visible as a tooltip on field
+	 *  'showoncombobox' if value of the field must be visible into the label of the combobox that list record
+	 *  'disabled' is 1 if we want to have the field locked by a 'disabled' attribute. In most cases, this is never set into the definition of $fields into class, but is set dynamically by some part of code.
+	 *  'arraykeyval' to set list of value if type is a list of predefined values. For example: array("0"=>"Draft","1"=>"Active","-1"=>"Cancel")
+	 *  'comment' is not used. You can store here any text of your choice. It is not used by application.
+	 *
+	 *  Note: To have value dynamic, you can set value to 0 in definition and edit the value on the fly into the constructor.
+	 */
+
+	// BEGIN MODULEBUILDER PROPERTIES
+	/**
+	 * @var array  Array with all fields and their property. Do not use it as a static var. It may be modified by constructor.
+	 */
+	public $fields=array(
+		'rowid' =>array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>10),
+		'fk_soc' =>array('type'=>'integer:Societe:societe/class/societe.class.php', 'label'=>'ThirdParty', 'enabled'=>1, 'visible'=>-1, 'position'=>15),
+		'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Fk projet', 'enabled'=>1, 'visible'=>-1, 'position'=>20),
+		'tms' =>array('type'=>'timestamp', 'label'=>'DateModification', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>25),
+		'ref' =>array('type'=>'varchar(30)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'showoncombobox'=>1, 'position'=>30),
+		'entity' =>array('type'=>'integer', 'label'=>'Entity', 'default'=>1, 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'position'=>35, 'index'=>1),
+		'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'Ref ext', 'enabled'=>1, 'visible'=>0, 'position'=>40),
+		'ref_int' =>array('type'=>'varchar(255)', 'label'=>'Ref int', 'enabled'=>1, 'visible'=>-1, 'position'=>45),
+		'ref_client' =>array('type'=>'varchar(255)', 'label'=>'Ref client', 'enabled'=>1, 'visible'=>-1, 'position'=>50),
+		'datec' =>array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>1, 'visible'=>-1, 'position'=>55),
+		'datep' =>array('type'=>'date', 'label'=>'Datep', 'enabled'=>1, 'visible'=>-1, 'position'=>60),
+		'fin_validite' =>array('type'=>'datetime', 'label'=>'Fin validite', 'enabled'=>1, 'visible'=>-1, 'position'=>65),
+		'date_valid' =>array('type'=>'datetime', 'label'=>'DateValidation', 'enabled'=>1, 'visible'=>-1, 'position'=>70),
+		'date_cloture' =>array('type'=>'datetime', 'label'=>'Date cloture', 'enabled'=>1, 'visible'=>-1, 'position'=>75),
+		'fk_user_author' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'Fk user author', 'enabled'=>1, 'visible'=>-1, 'position'=>80),
+		'fk_user_modif' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserModif', 'enabled'=>1, 'visible'=>-2, 'notnull'=>-1, 'position'=>85),
+		'fk_user_valid' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserValidation', 'enabled'=>1, 'visible'=>-1, 'position'=>90),
+		'fk_user_cloture' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'Fk user cloture', 'enabled'=>1, 'visible'=>-1, 'position'=>95),
+		'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Fk statut', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>500),
+		'price' =>array('type'=>'double', 'label'=>'Price', 'enabled'=>1, 'visible'=>-1, 'position'=>105),
+		'remise_percent' =>array('type'=>'double', 'label'=>'Remise percent', 'enabled'=>1, 'visible'=>-1, 'position'=>110),
+		'remise_absolue' =>array('type'=>'double', 'label'=>'Remise absolue', 'enabled'=>1, 'visible'=>-1, 'position'=>115),
+		'remise' =>array('type'=>'double', 'label'=>'Remise', 'enabled'=>1, 'visible'=>-1, 'position'=>120),
+		'total_ht' =>array('type'=>'double(24,8)', 'label'=>'Total ht', 'enabled'=>1, 'visible'=>-1, 'position'=>125),
+		'tva' =>array('type'=>'double(24,8)', 'label'=>'Tva', 'enabled'=>1, 'visible'=>-1, 'position'=>130),
+		'localtax1' =>array('type'=>'double(24,8)', 'label'=>'Localtax1', 'enabled'=>1, 'visible'=>-1, 'position'=>135),
+		'localtax2' =>array('type'=>'double(24,8)', 'label'=>'Localtax2', 'enabled'=>1, 'visible'=>-1, 'position'=>140),
+		'total' =>array('type'=>'double(24,8)', 'label'=>'Total', 'enabled'=>1, 'visible'=>-1, 'position'=>145),
+		'fk_account' =>array('type'=>'integer', 'label'=>'Fk account', 'enabled'=>1, 'visible'=>-1, 'position'=>150),
+		'fk_currency' =>array('type'=>'varchar(3)', 'label'=>'Fk currency', 'enabled'=>1, 'visible'=>-1, 'position'=>155),
+		'fk_cond_reglement' =>array('type'=>'integer', 'label'=>'Fk cond reglement', 'enabled'=>1, 'visible'=>-1, 'position'=>160),
+		'fk_mode_reglement' =>array('type'=>'integer', 'label'=>'Fk mode reglement', 'enabled'=>1, 'visible'=>-1, 'position'=>165),
+		'note_private' =>array('type'=>'text', 'label'=>'NotePublic', 'enabled'=>1, 'visible'=>0, 'position'=>170),
+		'note_public' =>array('type'=>'text', 'label'=>'NotePrivate', 'enabled'=>1, 'visible'=>0, 'position'=>175),
+		'model_pdf' =>array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>1, 'visible'=>0, 'position'=>180),
+		'date_livraison' =>array('type'=>'date', 'label'=>'Date livraison', 'enabled'=>1, 'visible'=>-1, 'position'=>185),
+		'fk_shipping_method' =>array('type'=>'integer', 'label'=>'Fk shipping method', 'enabled'=>1, 'visible'=>-1, 'position'=>190),
+		'fk_availability' =>array('type'=>'integer', 'label'=>'Fk availability', 'enabled'=>1, 'visible'=>-1, 'position'=>195),
+		'fk_delivery_address' =>array('type'=>'integer', 'label'=>'Fk delivery address', 'enabled'=>1, 'visible'=>-1, 'position'=>200),
+		'fk_input_reason' =>array('type'=>'integer', 'label'=>'Fk input reason', 'enabled'=>1, 'visible'=>-1, 'position'=>205),
+		'import_key' =>array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>-2, 'position'=>900),
+		'extraparams' =>array('type'=>'varchar(255)', 'label'=>'Extraparams', 'enabled'=>1, 'visible'=>-1, 'position'=>215),
+		'fk_incoterms' =>array('type'=>'integer', 'label'=>'Fk incoterms', 'enabled'=>1, 'visible'=>-1, 'position'=>220),
+		'location_incoterms' =>array('type'=>'varchar(255)', 'label'=>'Location incoterms', 'enabled'=>1, 'visible'=>-1, 'position'=>225),
+		'fk_multicurrency' =>array('type'=>'integer', 'label'=>'Fk multicurrency', 'enabled'=>1, 'visible'=>-1, 'position'=>230),
+		'multicurrency_code' =>array('type'=>'varchar(255)', 'label'=>'Multicurrency code', 'enabled'=>1, 'visible'=>-1, 'position'=>235),
+		'multicurrency_tx' =>array('type'=>'double(24,8)', 'label'=>'Multicurrency tx', 'enabled'=>1, 'visible'=>-1, 'position'=>240),
+		'multicurrency_total_ht' =>array('type'=>'double(24,8)', 'label'=>'Multicurrency total ht', 'enabled'=>1, 'visible'=>-1, 'position'=>245),
+		'multicurrency_total_tva' =>array('type'=>'double(24,8)', 'label'=>'Multicurrency total tva', 'enabled'=>1, 'visible'=>-1, 'position'=>250),
+		'multicurrency_total_ttc' =>array('type'=>'double(24,8)', 'label'=>'Multicurrency total ttc', 'enabled'=>1, 'visible'=>-1, 'position'=>255),
+		'last_main_doc' =>array('type'=>'varchar(255)', 'label'=>'Last main doc', 'enabled'=>1, 'visible'=>-1, 'position'=>260),
+	);
+	// END MODULEBUILDER PROPERTIES
+
 	/**
 	 * Draft status
 	 */

htdocs/comm/propal/list.php

@@ -164,8 +164,8 @@ $arrayfields = array(
 	'p.total_ht'=>array('label'=>"AmountHT", 'checked'=>1),
 	'p.total_vat'=>array('label'=>"AmountVAT", 'checked'=>0),
 	'p.total_ttc'=>array('label'=>"AmountTTC", 'checked'=>0),
-	'p.total_ht_invoiced'=>array('label'=>$langs->trans("AmountInvoicedHT"), 'checked'=>0, 'enabled'=>$conf->global->PROPOSAL_SHOW_INVOICED_AMOUNT),
-	'p.total_invoiced'=>array('label'=>$langs->trans("AmountInvoicedTTC"), 'checked'=>0, 'enabled'=>$conf->global->PROPOSAL_SHOW_INVOICED_AMOUNT),
+	'p.total_ht_invoiced'=>array('label'=>"AmountInvoicedHT", 'checked'=>0, 'enabled'=>$conf->global->PROPOSAL_SHOW_INVOICED_AMOUNT),
+	'p.total_invoiced'=>array('label'=>"AmountInvoicedTTC", 'checked'=>0, 'enabled'=>$conf->global->PROPOSAL_SHOW_INVOICED_AMOUNT),
 	'u.login'=>array('label'=>"Author", 'checked'=>1, 'position'=>10),
 	'sale_representative'=>array('label'=>"SaleRepresentativesOfThirdParty", 'checked'=>1),
 	'p.datec'=>array('label'=>"DateCreation", 'checked'=>0, 'position'=>500),
@@ -765,6 +765,7 @@ if ($resql)
 
 		$objectstatic->id = $obj->rowid;
 		$objectstatic->ref = $obj->ref;
+		$objectstatic->ref_client = $obj->ref_client;
 		$objectstatic->note_public = $obj->note_public;
 		$objectstatic->note_private = $obj->note_private;
 
@@ -813,7 +814,7 @@ if ($resql)
 		if (!empty($arrayfields['p.ref_client']['checked']))
 		{
 			// Customer ref
-			print '<td class="nowrap">';
+			print '<td class="nowrap tdoverflowmax200">';
 			print $obj->ref_client;
 			print '</td>';
 			if (!$i) $totalarray['nbfield']++;
@@ -1028,9 +1029,7 @@ if ($resql)
 				$nbofsalesrepresentative = count($listsalesrepresentatives);
 				if ($nbofsalesrepresentative > 3)   // We print only number
 				{
-					print '<a href="'.DOL_URL_ROOT.'/societe/commerciaux.php?socid='.$companystatic->id.'">';
 					print $nbofsalesrepresentative;
-					print '</a>';
 				}
 				elseif ($nbofsalesrepresentative > 0)
 				{

htdocs/comm/propal/stats/index.php

@@ -242,7 +242,9 @@ print '<div class="fichecenter"><div class="fichethirdleft">';
 //{
 	// Show filter box
 	print '<form name="stats" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
+	print '<input type="hidden" name="token" value="'.newToken().'">';
 	print '<input type="hidden" name="mode" value="'.$mode.'">';
+
 	print '<table class="noborder centpercent">';
 	print '<tr class="liste_titre"><td class="liste_titre" colspan="2">'.$langs->trans("Filter").'</td></tr>';
 	// Company

htdocs/comm/remx.php

@@ -111,6 +111,7 @@ if ($action == 'confirm_split' && GETPOST("confirm") == 'yes')
 			$newdiscount1->description = $discount->description.' (1)';
 			$newdiscount2->description = $discount->description.' (2)';
 		}
+
 		$newdiscount1->fk_user = $discount->fk_user;
 		$newdiscount2->fk_user = $discount->fk_user;
 		$newdiscount1->fk_soc = $discount->fk_soc;
@@ -121,7 +122,7 @@ if ($action == 'confirm_split' && GETPOST("confirm") == 'yes')
 		$newdiscount2->datec = $discount->datec;
 		$newdiscount1->tva_tx = $discount->tva_tx;
 		$newdiscount2->tva_tx = $discount->tva_tx;
-		$newdiscount1->amount_ttc = $_POST["amount_ttc_1"];
+		$newdiscount1->amount_ttc = $amount_ttc_1;
 		$newdiscount2->amount_ttc = price2num($discount->amount_ttc - $newdiscount1->amount_ttc);
 		$newdiscount1->amount_ht = price2num($newdiscount1->amount_ttc / (1 + $newdiscount1->tva_tx / 100), 'MT');
 		$newdiscount2->amount_ht = price2num($newdiscount2->amount_ttc / (1 + $newdiscount2->tva_tx / 100), 'MT');

htdocs/commande/class/commande.class.php

@@ -232,6 +232,94 @@ class Commande extends CommonOrder
 	//! key of pos source ('0', '1', ...)
 	public $pos_source;
 
+
+	/**
+	 *  'type' if the field format ('integer', 'integer:ObjectClass:PathToClass[:AddCreateButtonOrNot[:Filter]]', 'varchar(x)', 'double(24,8)', 'real', 'price', 'text', 'html', 'date', 'datetime', 'timestamp', 'duration', 'mail', 'phone', 'url', 'password')
+	 *         Note: Filter can be a string like "(t.ref:like:'SO-%') or (t.date_creation:<:'20160101') or (t.nature:is:NULL)"
+	 *  'label' the translation key.
+	 *  'enabled' is a condition when the field must be managed.
+	 *  'position' is the sort order of field.
+	 *  'notnull' is set to 1 if not null in database. Set to -1 if we must set data to null if empty ('' or 0).
+	 *  'visible' says if field is visible in list (Examples: 0=Not visible, 1=Visible on list and create/update/view forms, 2=Visible on list only, 3=Visible on create/update/view form only (not list), 4=Visible on list and update/view form only (not create). 5=Visible on list and view only (not create/not update). Using a negative value means field is not shown by default on list but can be selected for viewing)
+	 *  'noteditable' says if field is not editable (1 or 0)
+	 *  'default' is a default value for creation (can still be overwrote by the Setup of Default Values if field is editable in creation form). Note: If default is set to '(PROV)' and field is 'ref', the default value will be set to '(PROVid)' where id is rowid when a new record is created.
+	 *  'index' if we want an index in database.
+	 *  'foreignkey'=>'tablename.field' if the field is a foreign key (it is recommanded to name the field fk_...).
+	 *  'searchall' is 1 if we want to search in this field when making a search from the quick search button.
+	 *  'isameasure' must be set to 1 if you want to have a total on list for this field. Field type must be summable like integer or double(24,8).
+	 *  'css' is the CSS style to use on field. For example: 'maxwidth200'
+	 *  'help' is a string visible as a tooltip on field
+	 *  'showoncombobox' if value of the field must be visible into the label of the combobox that list record
+	 *  'disabled' is 1 if we want to have the field locked by a 'disabled' attribute. In most cases, this is never set into the definition of $fields into class, but is set dynamically by some part of code.
+	 *  'arraykeyval' to set list of value if type is a list of predefined values. For example: array("0"=>"Draft","1"=>"Active","-1"=>"Cancel")
+	 *  'comment' is not used. You can store here any text of your choice. It is not used by application.
+	 *
+	 *  Note: To have value dynamic, you can set value to 0 in definition and edit the value on the fly into the constructor.
+	 */
+
+	// BEGIN MODULEBUILDER PROPERTIES
+	/**
+	 * @var array  Array with all fields and their property. Do not use it as a static var. It may be modified by constructor.
+	 */
+	public $fields=array(
+		'rowid' =>array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>10),
+		'tms' =>array('type'=>'timestamp', 'label'=>'DateModification', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>15),
+		'fk_soc' =>array('type'=>'integer:Societe:societe/class/societe.class.php', 'label'=>'ThirdParty', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>20),
+		'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Fk projet', 'enabled'=>1, 'visible'=>-1, 'position'=>25),
+		'ref' =>array('type'=>'varchar(30)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'showoncombobox'=>1, 'position'=>30),
+		'entity' =>array('type'=>'integer', 'label'=>'Entity', 'default'=>1, 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'position'=>35, 'index'=>1),
+		'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'Ref ext', 'enabled'=>1, 'visible'=>0, 'position'=>40),
+		'ref_int' =>array('type'=>'varchar(255)', 'label'=>'Ref int', 'enabled'=>1, 'visible'=>-1, 'position'=>45),
+		'ref_client' =>array('type'=>'varchar(255)', 'label'=>'Ref client', 'enabled'=>1, 'visible'=>-1, 'position'=>50),
+		'date_creation' =>array('type'=>'datetime', 'label'=>'Date creation', 'enabled'=>1, 'visible'=>-1, 'position'=>55),
+		'date_valid' =>array('type'=>'datetime', 'label'=>'DateValidation', 'enabled'=>1, 'visible'=>-1, 'position'=>60),
+		'date_cloture' =>array('type'=>'datetime', 'label'=>'Date cloture', 'enabled'=>1, 'visible'=>-1, 'position'=>65),
+		'date_commande' =>array('type'=>'date', 'label'=>'Date commande', 'enabled'=>1, 'visible'=>-1, 'position'=>70),
+		'fk_user_author' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'Fk user author', 'enabled'=>1, 'visible'=>-1, 'position'=>75),
+		'fk_user_modif' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserModif', 'enabled'=>1, 'visible'=>-2, 'notnull'=>-1, 'position'=>80),
+		'fk_user_valid' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserValidation', 'enabled'=>1, 'visible'=>-1, 'position'=>85),
+		'fk_user_cloture' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'Fk user cloture', 'enabled'=>1, 'visible'=>-1, 'position'=>90),
+		'source' =>array('type'=>'smallint(6)', 'label'=>'Source', 'enabled'=>1, 'visible'=>-1, 'position'=>95),
+		'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Fk statut', 'enabled'=>1, 'visible'=>-1, 'position'=>500),
+		'amount_ht' =>array('type'=>'double(24,8)', 'label'=>'Amount ht', 'enabled'=>1, 'visible'=>-1, 'position'=>105),
+		'remise_percent' =>array('type'=>'double', 'label'=>'Remise percent', 'enabled'=>1, 'visible'=>-1, 'position'=>110),
+		'remise_absolue' =>array('type'=>'double', 'label'=>'Remise absolue', 'enabled'=>1, 'visible'=>-1, 'position'=>115),
+		'remise' =>array('type'=>'double', 'label'=>'Remise', 'enabled'=>1, 'visible'=>-1, 'position'=>120),
+		'tva' =>array('type'=>'double(24,8)', 'label'=>'Tva', 'enabled'=>1, 'visible'=>-1, 'position'=>125),
+		'localtax1' =>array('type'=>'double(24,8)', 'label'=>'Localtax1', 'enabled'=>1, 'visible'=>-1, 'position'=>130),
+		'localtax2' =>array('type'=>'double(24,8)', 'label'=>'Localtax2', 'enabled'=>1, 'visible'=>-1, 'position'=>135),
+		'total_ht' =>array('type'=>'double(24,8)', 'label'=>'Total ht', 'enabled'=>1, 'visible'=>-1, 'position'=>140),
+		'total_ttc' =>array('type'=>'double(24,8)', 'label'=>'Total ttc', 'enabled'=>1, 'visible'=>-1, 'position'=>145),
+		'note_private' =>array('type'=>'text', 'label'=>'NotePublic', 'enabled'=>1, 'visible'=>0, 'position'=>150),
+		'note_public' =>array('type'=>'text', 'label'=>'NotePrivate', 'enabled'=>1, 'visible'=>0, 'position'=>155),
+		'model_pdf' =>array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>1, 'visible'=>0, 'position'=>160),
+		'facture' =>array('type'=>'tinyint(4)', 'label'=>'Facture', 'enabled'=>1, 'visible'=>-1, 'position'=>165),
+		'fk_account' =>array('type'=>'integer', 'label'=>'Fk account', 'enabled'=>1, 'visible'=>-1, 'position'=>170),
+		'fk_currency' =>array('type'=>'varchar(3)', 'label'=>'Fk currency', 'enabled'=>1, 'visible'=>-1, 'position'=>175),
+		'fk_cond_reglement' =>array('type'=>'integer', 'label'=>'Fk cond reglement', 'enabled'=>1, 'visible'=>-1, 'position'=>180),
+		'fk_mode_reglement' =>array('type'=>'integer', 'label'=>'Fk mode reglement', 'enabled'=>1, 'visible'=>-1, 'position'=>185),
+		'date_livraison' =>array('type'=>'date', 'label'=>'Date livraison', 'enabled'=>1, 'visible'=>-1, 'position'=>190),
+		'fk_shipping_method' =>array('type'=>'integer', 'label'=>'Fk shipping method', 'enabled'=>1, 'visible'=>-1, 'position'=>195),
+		'fk_warehouse' =>array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php', 'label'=>'Fk warehouse', 'enabled'=>1, 'visible'=>-1, 'position'=>200),
+		'fk_availability' =>array('type'=>'integer', 'label'=>'Fk availability', 'enabled'=>1, 'visible'=>-1, 'position'=>205),
+		'fk_input_reason' =>array('type'=>'integer', 'label'=>'Fk input reason', 'enabled'=>1, 'visible'=>-1, 'position'=>210),
+		'fk_delivery_address' =>array('type'=>'integer', 'label'=>'Fk delivery address', 'enabled'=>1, 'visible'=>-1, 'position'=>215),
+		'import_key' =>array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>-2, 'position'=>900),
+		'extraparams' =>array('type'=>'varchar(255)', 'label'=>'Extraparams', 'enabled'=>1, 'visible'=>-1, 'position'=>225),
+		'fk_incoterms' =>array('type'=>'integer', 'label'=>'Fk incoterms', 'enabled'=>1, 'visible'=>-1, 'position'=>230),
+		'location_incoterms' =>array('type'=>'varchar(255)', 'label'=>'Location incoterms', 'enabled'=>1, 'visible'=>-1, 'position'=>235),
+		'fk_multicurrency' =>array('type'=>'integer', 'label'=>'Fk multicurrency', 'enabled'=>1, 'visible'=>-1, 'position'=>240),
+		'multicurrency_code' =>array('type'=>'varchar(255)', 'label'=>'Multicurrency code', 'enabled'=>1, 'visible'=>-1, 'position'=>245),
+		'multicurrency_tx' =>array('type'=>'double(24,8)', 'label'=>'Multicurrency tx', 'enabled'=>1, 'visible'=>-1, 'position'=>250),
+		'multicurrency_total_ht' =>array('type'=>'double(24,8)', 'label'=>'Multicurrency total ht', 'enabled'=>1, 'visible'=>-1, 'position'=>255),
+		'multicurrency_total_tva' =>array('type'=>'double(24,8)', 'label'=>'Multicurrency total tva', 'enabled'=>1, 'visible'=>-1, 'position'=>260),
+		'multicurrency_total_ttc' =>array('type'=>'double(24,8)', 'label'=>'Multicurrency total ttc', 'enabled'=>1, 'visible'=>-1, 'position'=>265),
+		'last_main_doc' =>array('type'=>'varchar(255)', 'label'=>'Last main doc', 'enabled'=>1, 'visible'=>-1, 'position'=>270),
+		'module_source' =>array('type'=>'varchar(32)', 'label'=>'Module source', 'enabled'=>1, 'visible'=>-1, 'position'=>275),
+		'pos_source' =>array('type'=>'varchar(32)', 'label'=>'Pos source', 'enabled'=>1, 'visible'=>-1, 'position'=>280),
+	);
+	// END MODULEBUILDER PROPERTIES
+
 	/**
 	 * ERR Not enough stock
 	 */

htdocs/commande/list.php

@@ -941,7 +941,7 @@ if ($resql)
 		// Ref customer
 		if (!empty($arrayfields['c.ref_client']['checked']))
 		{
-			print '<td>'.$obj->ref_client.'</td>';
+			print '<td class="nowrap tdoverflowmax200">'.$obj->ref_client.'</td>';
 			if (!$i) $totalarray['nbfield']++;
 		}
 

htdocs/commande/stats/index.php

@@ -255,7 +255,9 @@ print '<div class="fichecenter"><div class="fichethirdleft">';
 
 // Show filter box
 print '<form name="stats" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
+print '<input type="hidden" name="token" value="'.newToken().'">';
 print '<input type="hidden" name="mode" value="'.$mode.'">';
+
 print '<table class="noborder centpercent">';
 print '<tr class="liste_titre"><td class="liste_titre" colspan="2">'.$langs->trans("Filter").'</td></tr>';
 // Company

htdocs/compta/accounting-files.php

@@ -16,11 +16,17 @@
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <https://www.gnu.org/licenses/>.
  */
-/**
+
+ /**
  *  \file       htdocs/compta/accounting-files.php
  *  \ingroup    compta
  *  \brief      Page to show portoflio and files of a thirdparty and download it
  */
+
+if ($_GET['action'] == 'dl' || $_POST['action'] == 'dl') {	// To not replace token when downloading file
+	if (! defined('NOTOKENRENEWAL'))           define('NOTOKENRENEWAL','1');
+}
+
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@@ -77,7 +83,22 @@ if ($user->socid > 0) {
     accessforbidden();
 }
 
-$entity = GETPOST('entity', 'int') ?GETPOST('entity', 'int') : $conf->entity;
+// Define $arrayofentities if multientity is set.
+$arrayofentities = array();
+if (!empty($conf->multicompany->enabled) && is_object($mc)) {
+	$arrayofentities = $mc->getEntitiesList();
+}
+
+$entity = (GETPOSTISSET('entity') ? GETPOST('entity', 'int') : (GETPOSTISSET('search_entity') ? GETPOST('search_entity', 'int') : $conf->entity));
+if (!empty($conf->multicompany->enabled) && is_object($mc)) {
+	if (empty($entity) && ! empty($conf->global->MULTICOMPANY_ALLOW_EXPORT_ACCOUNTING_DOC_FOR_ALL_ENTITIES)) {
+		$entity = '0,'.join(',', array_keys($arrayofentities));
+	}
+}
+if (empty($entity)) $entity = $conf->entity;
+
+$error = 0;
+
 
 
 /*
@@ -91,7 +112,7 @@ $entity = GETPOST('entity', 'int') ?GETPOST('entity', 'int') : $conf->entity;
 
 $filesarray = array();
 $result = false;
-if (($action == "searchfiles" || $action == "dl")) {
+if (($action == 'searchfiles' || $action == 'dl')) {
 	if (empty($date_start))
 	{
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("DateStart")), null, 'errors');
@@ -108,42 +129,42 @@ if (($action == "searchfiles" || $action == "dl")) {
 		$wheretail = " '".$db->idate($date_start)."' AND '".$db->idate($date_stop)."'";
 
 		// Customer invoices
-		$sql = "SELECT t.rowid as id, t.ref, t.paye as paid, total as total_ht, total_ttc, tva as total_vat, fk_soc, t.datef as date, 'Invoice' as item, s.nom as thirdparty_name, s.code_client as thirdparty_code, c.code as country_code, s.tva_intra as vatnum";
+		$sql = "SELECT t.rowid as id, t.entity, t.ref, t.paye as paid, total as total_ht, total_ttc, tva as total_vat, fk_soc, t.datef as date, 'Invoice' as item, s.nom as thirdparty_name, s.code_client as thirdparty_code, c.code as country_code, s.tva_intra as vatnum";
 	    $sql .= " FROM ".MAIN_DB_PREFIX."facture as t LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = t.fk_soc LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = s.fk_pays";
 	    $sql .= " WHERE datef between ".$wheretail;
 	    $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
 	    $sql .= " AND t.fk_statut <> ".Facture::STATUS_DRAFT;
 	    $sql .= " UNION ALL";
 	    // Vendor invoices
-	    $sql .= " SELECT t.rowid as id, t.ref, paye as paid, total_ht, total_ttc, total_tva as total_vat, fk_soc, datef as date, 'SupplierInvoice' as item, s.nom as thirdparty_name, s.code_fournisseur as thirdparty_code, c.code as country_code, s.tva_intra as vatnum";
+	    $sql .= " SELECT t.rowid as id, t.entity, t.ref, paye as paid, total_ht, total_ttc, total_tva as total_vat, fk_soc, datef as date, 'SupplierInvoice' as item, s.nom as thirdparty_name, s.code_fournisseur as thirdparty_code, c.code as country_code, s.tva_intra as vatnum";
 	    $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as t LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = t.fk_soc LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = s.fk_pays";
 	    $sql .= " WHERE datef between ".$wheretail;
 	    $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
 	    $sql .= " AND t.fk_statut <> ".FactureFournisseur::STATUS_DRAFT;
 	    $sql .= " UNION ALL";
 	    // Expense reports
-	    $sql .= " SELECT t.rowid as id, t.ref, paid, total_ht, total_ttc, total_tva as total_vat, fk_user_author as fk_soc, date_fin as date, 'ExpenseReport' as item, CONCAT(CONCAT(u.lastname, ' '), u.firstname) as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum";
+	    $sql .= " SELECT t.rowid as id, t.entity, t.ref, paid, total_ht, total_ttc, total_tva as total_vat, fk_user_author as fk_soc, date_fin as date, 'ExpenseReport' as item, CONCAT(CONCAT(u.lastname, ' '), u.firstname) as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum";
 	    $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as t LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = t.fk_user_author LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = u.fk_country";
 	    $sql .= " WHERE date_fin between  ".$wheretail;
 	    $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
 	    $sql .= " AND t.fk_statut <> ".ExpenseReport::STATUS_DRAFT;
 	    $sql .= " UNION ALL";
 	    // Donations
-	    $sql .= " SELECT t.rowid as id, t.ref, paid, amount as total_ht, amount as total_ttc, 0 as total_vat, 0 as fk_soc, datedon as date, 'Donation' as item, t.societe as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum";
+	    $sql .= " SELECT t.rowid as id, t.entity, t.ref, paid, amount as total_ht, amount as total_ttc, 0 as total_vat, 0 as fk_soc, datedon as date, 'Donation' as item, t.societe as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum";
 	    $sql .= " FROM ".MAIN_DB_PREFIX."don as t LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = t.fk_country";
 	    $sql .= " WHERE datedon between ".$wheretail;
 	    $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
 	    $sql .= " AND t.fk_statut <> ".Don::STATUS_DRAFT;
 	    $sql .= " UNION ALL";
 	    // Paiements of salaries
-	    $sql .= " SELECT t.rowid as id, t.ref as ref, 1 as paid, amount as total_ht, amount as total_ttc, 0 as total_vat, t.fk_user as fk_soc, datep as date, 'SalaryPayment' as item, CONCAT(CONCAT(u.lastname, ' '), u.firstname)  as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum";
+	    $sql .= " SELECT t.rowid as id, t.entity, t.ref as ref, 1 as paid, amount as total_ht, amount as total_ttc, 0 as total_vat, t.fk_user as fk_soc, datep as date, 'SalaryPayment' as item, CONCAT(CONCAT(u.lastname, ' '), u.firstname)  as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum";
 	    $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as t LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = t.fk_user LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = u.fk_country";
 	    $sql .= " WHERE datep between ".$wheretail;
 	    $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
 	    //$sql.=" AND fk_statut <> ".PaymentSalary::STATUS_DRAFT;
 	    $sql .= " UNION ALL";
 	    // Social contributions
-	    $sql .= " SELECT t.rowid as id, t.libelle as ref, paye as paid, amount as total_ht, amount as total_ttc, 0 as total_tva, 0 as fk_soc, date_creation as date, 'SocialContributions' as item, '' as thirdparty_name, '' as thirdparty_code, '' as country_code, '' as vatnum";
+	    $sql .= " SELECT t.rowid as id, t.entity, t.libelle as ref, paye as paid, amount as total_ht, amount as total_ttc, 0 as total_tva, 0 as fk_soc, date_creation as date, 'SocialContributions' as item, '' as thirdparty_name, '' as thirdparty_code, '' as country_code, '' as vatnum";
 	    $sql .= " FROM ".MAIN_DB_PREFIX."chargesociales as t";
 	    $sql .= " WHERE date_creation between ".$wheretail;
 	    $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
@@ -220,7 +241,7 @@ if (($action == "searchfiles" || $action == "dl")) {
 	            {
 	                $result = true;
 
-	                $files = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview\.png)$', '', SORT_ASC, 1);
+	                $files = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', '', SORT_ASC, 1);
 	                //var_dump($upload_dir);
 	                //var_dump($files);
 
@@ -228,6 +249,7 @@ if (($action == "searchfiles" || $action == "dl")) {
 	                {
 	                	$nofile = array();
 	                	$nofile['id'] = $objd->id;
+	                	$nofile['entity'] = $objd->entity;
 	                	$nofile['date'] = $db->idate($objd->date);
 	                    $nofile['paid'] = $objd->paid;
 	                    $nofile['amount_ht'] = $objd->total_ht;
@@ -248,6 +270,7 @@ if (($action == "searchfiles" || $action == "dl")) {
 	                    foreach ($files as $key => $file)
 	                    {
 	                    	$file['id'] = $objd->id;
+	                    	$file['entity'] = $objd->entity;
 	                    	$file['date'] = $db->idate($objd->date);
 	                        $file['paid'] = $objd->paid;
 	                        $file['amount_ht'] = $objd->total_ht;
@@ -314,6 +337,10 @@ if ($result && $action == "dl" && !$error)
     dol_mkdir($dirfortmpfile);
 
     $log = $langs->transnoentitiesnoconv("Type");
+    if (!empty($conf->multicompany->enabled) && is_object($mc))
+    {
+    	$log .= ','.$langs->transnoentitiesnoconv("Entity");
+    }
     $log .= ','.$langs->transnoentitiesnoconv("Date");
     $log .= ','.$langs->transnoentitiesnoconv("Ref");
     $log .= ','.$langs->transnoentitiesnoconv("TotalHT");
@@ -342,6 +369,10 @@ if ($result && $action == "dl" && !$error)
         	}
 
             $log .= $file['item'];
+            if (!empty($conf->multicompany->enabled) && is_object($mc))
+            {
+            	$log .= ','.(empty($arrayofentities[$file['entity']]) ? $file['entity'] : $arrayofentities[$file['entity']]);
+            }
             $log .= ','.dol_print_date($file['date'], 'dayrfc');
             $log .= ','.$file['ref'];
             $log .= ','.$file['amount_ht'];
@@ -383,11 +414,13 @@ $form = new Form($db);
 $userstatic = new User($db);
 
 $title = $langs->trans("ComptaFiles").' - '.$langs->trans("List");
+$help_url = '';
 
 llxHeader('', $title, $help_url);
 
 $h = 0;
-$head[$h][0] = $_SERVER["PHP_SELF"].$varlink;
+$head = array();
+$head[$h][0] = $_SERVER["PHP_SELF"];
 $head[$h][1] = $langs->trans("AccountantFiles");
 $head[$h][2] = 'AccountancyFiles';
 
@@ -400,13 +433,18 @@ print '<input type="hidden" name="token" value="'.newToken().'">';
 print $langs->trans("ReportPeriod").': '.$form->selectDate($date_start, 'date_start', 0, 0, 0, "", 1, 1, 0);
 print ' - '.$form->selectDate($date_stop, 'date_stop', 0, 0, 0, "", 1, 1, 0)."\n</a>";
 
-// Export is for current company only !
+// Export is for current company only
 if (!empty($conf->multicompany->enabled) && is_object($mc))
 {
+	$mc->getInfo($conf->entity);
 	print '<span class="marginleftonly marginrightonly">('.$langs->trans("Entity").' : ';
-	$mc->dao->getEntities();
-	$mc->dao->fetch($conf->entity);
-	print $mc->dao->label;
+	print "<td>";
+	if (! empty($conf->global->MULTICOMPANY_ALLOW_EXPORT_ACCOUNTING_DOC_FOR_ALL_ENTITIES)) {
+		print $mc->select_entities(GETPOSTISSET('search_entity') ? GETPOST('search_entity', 'int') : $mc->id, 'search_entity', '', false, false, false, false, true);
+	} else {
+		print $mc->label;
+	}
+	print "</td>";
 	print ")</span>\n";
 }
 
@@ -427,7 +465,7 @@ if (!empty($date_start) && !empty($date_stop))
     $param .= '&date_stopyear='.GETPOST('date_stopyear', 'int');
 
     print '<form name="dl" action="?action=dl" method="POST" >'."\n";
-    print '<input type="hidden" name="token" value="'.newToken().'">';
+    print '<input type="hidden" name="token" value="'.currentToken().'">';
 
     echo dol_print_date($date_start, 'day')." - ".dol_print_date($date_stop, 'day');
 

htdocs/compta/bank/account_statement_document.php

@@ -137,9 +137,9 @@ if ($id > 0 || !empty($ref)) {
 		$modulepart = 'bank';
 		$permission = $user->rights->banque->modifier;
 		$permtoedit = $user->rights->banque->modifier;
-		$param = '&id='.$object->id.'&num='.$num;
-		$uri = '&num='.$num;
-		$relativepathwithnofile = $id."/statement/".$num."/";
+		$param = '&id='.$object->id.'&num='.urlencode($num);
+		$moreparam = '&num='.urlencode($num);;
+		$relativepathwithnofile = $id."/statement/".dol_sanitizeFileName($num)."/";
 		include_once DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php';
 	}
 	else {

htdocs/compta/bank/bankentries_list.php

@@ -353,8 +353,13 @@ if (GETPOST('save') && !$cancel && $user->rights->banque->modifier)
 if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->banque->modifier)
 {
     $accline = new AccountLine($db);
-    $result = $accline->fetch(GETPOST("rowid"));
+    $result = $accline->fetch(GETPOST("rowid", "int"));
     $result = $accline->delete($user);
+    if ($result <= 0) {
+    	setEventMessages($accline->error, $accline->errors, 'errors');
+    } else {
+    	setEventMessages('RecordDeleted', null, 'mesgs');
+    }
 }
 
 
@@ -1152,14 +1157,14 @@ if ($resql)
                 } else {
                     $color = '#'.$conf->global->BANK_COLORIZE_MOVEMENT_COLOR1;
                 }
-                $backgroundcolor = 'style="background-color: '.$color.';"';
+                $backgroundcolor = 'style="background: '.$color.';"';
             } else {
                 if (empty($conf->global->BANK_COLORIZE_MOVEMENT_COLOR2)) {
                     $color = '#7fdb86';
                 } else {
                     $color = '#'.$conf->global->BANK_COLORIZE_MOVEMENT_COLOR2;
                 }
-                $backgroundcolor = 'style="background-color: '.$color.';"';
+                $backgroundcolor = 'style="background: '.$color.';"';
             }
         }
         print '<tr class="oddeven" '.$backgroundcolor.'>';

htdocs/compta/bank/class/account.class.php

@@ -1883,13 +1883,15 @@ class AccountLine extends CommonObject
 	}
 
 	/**
-	 *      Delete transaction bank line record
+	 *      Delete bank transaction record
 	 *
 	 *		@param	User	$user	User object that delete
 	 *      @return	int 			<0 if KO, >0 if OK
 	 */
     public function delete(User $user = null)
 	{
+    	global $conf;
+
 		$nbko = 0;
 
 		if ($this->rappro)
@@ -1901,6 +1903,26 @@ class AccountLine extends CommonObject
 
 		$this->db->begin();
 
+		// Protection to avoid any delete of accounted lines. Protection on by default
+		if (empty($conf->global->BANK_ALLOW_TRANSACTION_DELETION_EVEN_IF_IN_ACCOUNTING))
+		{
+			$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id;
+			$resql = $this->db->query($sql);
+			if ($resql) {
+				$obj = $this->db->fetch_object($resql);
+				if ($obj && $obj->nb) {
+					$this->error = 'ErrorRecordAlreadyInAccountingDeletionNotPossible';
+					$this->db->rollback();
+					return -1;
+				}
+			}
+			else {
+				$this->error = $this->db->lasterror();
+				$this->db->rollback();
+				return -1;
+			}
+		}
+
 		// Delete urls
 		$result = $this->delete_urls($user);
 		if ($result < 0)
@@ -2250,11 +2272,11 @@ class AccountLine extends CommonObject
 
 
 	/**
-	 *    	Return clicable name (with picto eventually)
+	 *    	Return clickable name (with picto eventually)
 	 *
 	 *		@param	int		$withpicto		0=No picto, 1=Include picto into link, 2=Only picto
 	 *		@param	int		$maxlen			Longueur max libelle
-	 *		@param	string	$option			Option ('showall')
+	 *		@param	string	$option			Option ('', 'showall', 'showconciliated', 'showconciliatedandaccounted'). Options may be slow.
 	 * 		@param	int     $notooltip		1=Disable tooltip
 	 *		@return	string					Chaine avec URL
 	 */
@@ -2272,7 +2294,7 @@ class AccountLine extends CommonObject
 		if ($withpicto != 2) $result .= ($this->ref ? $this->ref : $this->rowid);
 		$result .= $linkend;
 
-		if ($option == 'showall' || $option == 'showconciliated') $result .= ' (';
+		if ($option == 'showall' || $option == 'showconciliated' || $option == 'showconciliatedandaccounted') $result .= ' <span class="opacitymedium">(';
 		if ($option == 'showall')
 		{
 			$result .= $langs->trans("BankAccount").': ';
@@ -2282,12 +2304,25 @@ class AccountLine extends CommonObject
 			$accountstatic->label = $this->bank_account_label;
 			$result .= $accountstatic->getNomUrl(0).', ';
 		}
-		if ($option == 'showall' || $option == 'showconciliated')
+		if ($option == 'showall' || $option == 'showconciliated' || $option == 'showconciliatedandaccounted')
 		{
 			$result .= $langs->trans("BankLineConciliated").': ';
 			$result .= yn($this->rappro);
 		}
-		if ($option == 'showall' || $option == 'showconciliated') $result .= ')';
+		if ($option == 'showall' || $option == 'showconciliatedandaccounted')
+		{
+			$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id;
+			$resql = $this->db->query($sql);
+			if ($resql) {
+				$obj = $this->db->fetch_object($resql);
+				if ($obj && $obj->nb) {
+					$result .= ' - '.$langs->trans("Accounted").': '.yn(1);
+				} else {
+					$result .= ' - '.$langs->trans("Accounted").': '.yn(0);
+				}
+			}
+		}
+		if ($option == 'showall' || $option == 'showconciliated' || $option == 'showconciliatedandaccounted') $result .= ')</span>';
 
 		return $result;
 	}

htdocs/compta/bank/releve.php

@@ -49,7 +49,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php';
 $langs->loadLangs(array("banks", "categories", "companies", "bills", "trips", "donations", "loan"));
 
 $action = GETPOST('action', 'alpha');
-$id = GETPOST('account', 'int');
+$id = GETPOST('account', 'int') ? GETPOST('account', 'int') : GETPOST('id', 'int');
 $ref = GETPOST('ref', 'alpha');
 $dvid = GETPOST('dvid', 'alpha');
 $numref = GETPOST('num', 'alpha');

htdocs/compta/bank/treso.php

@@ -286,11 +286,14 @@ if ($_REQUEST["account"] || $_REQUEST["ref"])
     			else print $langs->trans("NotDefined");
     			print "</td>";
     			print "<td>".$ref."</td>";
-				if($conf->global->MULTICOMPANY_INVOICE_SHARING_ENABLED ){
+				if ($conf->global->MULTICOMPANY_INVOICE_SHARING_ENABLED) {
 					if($obj->family == 'invoice'){
 						$mc->getInfo($obj->entity);
 						print "<td>".$mc->label."</td>";
-					}else print "<td></td>";
+					}
+					else {
+						print "<td></td>";
+					}
 				}
     			print "<td>".$refcomp."</td>";
     			if ($obj->total_ttc < 0) { print '<td class="nowrap right">'.price(abs($total_ttc))."</td><td>&nbsp;</td>"; };

htdocs/compta/cashcontrol/cashcontrol_card.php

@@ -345,7 +345,8 @@ if ($action == "create" || $action == "start")
     print '<td>';
 
     $array = array();
-    for($i = 1; $i <= max(1, $conf->global->TAKEPOS_NUM_TERMINALS); $i++) {
+    $numterminals = max(1, $conf->global->TAKEPOS_NUM_TERMINALS);
+    for($i = 1; $i <= $numterminals; $i++) {
     	$array[$i] = $i;
     }
     $selectedposnumber = 0; $showempty = 1;

htdocs/compta/deplacement/card.php

@@ -281,7 +281,7 @@ if ($action == 'create')
     print '<td class="tdtop">'.$langs->trans('NotePublic').'</td>';
     print '<td>';
 
-    $doleditor = new DolEditor('note_public', GETPOST('note_public', 'alpha'), '', 200, 'dolibarr_notes', 'In', false, true, true, ROWS_8, '90%');
+    $doleditor = new DolEditor('note_public', GETPOST('note_public', 'restricthtml'), '', 200, 'dolibarr_notes', 'In', false, true, true, ROWS_8, '90%');
     print $doleditor->Create(1);
 
     print '</td></tr>';
@@ -293,7 +293,7 @@ if ($action == 'create')
         print '<td class="tdtop">'.$langs->trans('NotePrivate').'</td>';
         print '<td>';
 
-        $doleditor = new DolEditor('note_private', GETPOST('note_private', 'alpha'), '', 200, 'dolibarr_notes', 'In', false, true, true, ROWS_8, '90%');
+        $doleditor = new DolEditor('note_private', GETPOST('note_private', 'restricthtml'), '', 200, 'dolibarr_notes', 'In', false, true, true, ROWS_8, '90%');
         print $doleditor->Create(1);
 
         print '</td></tr>';

htdocs/compta/deplacement/stats/index.php

@@ -227,7 +227,9 @@ print '<div class="fichecenter"><div class="fichethirdleft">';
 
 // Show filter box
 print '<form name="stats" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
+print '<input type="hidden" name="token" value="'.newToken().'">';
 print '<input type="hidden" name="mode" value="'.$mode.'">';
+
 print '<table class="border centpercent">';
 print '<tr class="liste_titre"><td class="liste_titre" colspan="2">'.$langs->trans("Filter").'</td></tr>';
 // Company

htdocs/compta/facture/card.php

@@ -101,6 +101,9 @@ $usehm = (!empty($conf->global->MAIN_USE_HOURMIN_IN_DATE_RANGE) ? $conf->global-
 $object = new Facture($db);
 $extrafields = new ExtraFields($db);
 
+// Fetch optionals attributes and labels
+$extrafields->fetch_name_optionals_label($object->table_element);
+
 // Load object
 if ($id > 0 || !empty($ref)) {
 	if ($action != 'add') {
@@ -138,6 +141,7 @@ $result = restrictedArea($user, 'facture', $id, '', '', 'fk_soc', $fieldid, $isd
 
 
 
+
 /*
  * Actions
  */
@@ -293,31 +297,32 @@ if (empty($reshook))
 
 			// Also negative lines should not be allowed on 'non Credit notes' invoices. A test is done when adding or updating lines but we must
 			// do it again in validation to avoid cases where invoice is created from another object that allow negative lines.
-			// Note that we can accept the negative line if sum with other lines with same vat is positivie: Because all the lines will be merged together
+			// Note that we can accept the negative line if sum with other lines with same vat makes total positive: Because all the lines will be merged together
 			// when converted into 'available credit' and we will get a positive available credit line.
 			// Note: Other solution if you want to add a negative line on invoice, is to create a discount for customer and consumme it (but this is possible on standard invoice only).
-			$array_of_pu_ht_per_vat_rate = array();
-			$array_of_pu_ht_devise_per_vat_rate = array();
+			$array_of_total_ht_per_vat_rate = array();
+			$array_of_total_ht_devise_per_vat_rate = array();
 			foreach($object->lines as $line) {
-				if (empty($array_of_pu_ht_per_vat_rate[$line->tva_tx.'_'.$line->vat_src_code])) $array_of_pu_ht_per_vat_rate[$line->tva_tx.'_'.$line->vat_src_code] = 0;
-				if (empty($array_of_pu_ht_devise_per_vat_rate[$line->tva_tx.'_'.$line->vat_src_code])) $array_of_pu_ht_devise_per_vat_rate[$line->tva_tx.'_'.$line->vat_src_code] = 0;
-				$array_of_pu_ht_per_vat_rate[$line->tva_tx.'_'.$line->vat_src_code] += $line->subprice;
-				$array_of_pu_ht_devise_per_vat_rate[$line->tva_tx.'_'.$line->vat_src_code] += $line->multicurrency_subprice;
+				if (empty($array_of_total_ht_per_vat_rate[$line->tva_tx.'_'.$line->vat_src_code])) $array_of_total_ht_per_vat_rate[$line->tva_tx.'_'.$line->vat_src_code] = 0;
+				if (empty($array_of_total_ht_devise_per_vat_rate[$line->tva_tx.'_'.$line->vat_src_code])) $array_of_total_ht_devise_per_vat_rate[$line->tva_tx.'_'.$line->vat_src_code] = 0;
+				$array_of_total_ht_per_vat_rate[$line->tva_tx.'_'.$line->vat_src_code] += $line->total_ht;
+				$array_of_total_ht_devise_per_vat_rate[$line->tva_tx.'_'.$line->vat_src_code] += $line->multicurrency_total_ht;
 			}
-			//var_dump($array_of_pu_ht_per_vat_rate);exit;
-			foreach($array_of_pu_ht_per_vat_rate as $vatrate => $tmpvalue)
-			{
-				$pu_ht = $array_of_pu_ht_per_vat_rate[$vatrate];
-				$pu_ht_devise = $array_of_pu_ht_devise_per_vat_rate[$vatrate];
 
-				if (($pu_ht < 0 || $pu_ht_devise < 0) && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES))
+			//var_dump($array_of_total_ht_per_vat_rate);exit;
+			foreach($array_of_total_ht_per_vat_rate as $vatrate => $tmpvalue)
+			{
+				$tmp_total_ht = $array_of_total_ht_per_vat_rate[$vatrate];
+				$tmp_total_ht_devise = $array_of_total_ht_devise_per_vat_rate[$vatrate];
+
+				if (($tmp_total_ht < 0 || $tmp_total_ht_devise < 0) && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES))
 				{
 					$langs->load("errors");
 					if ($object->type == $object::TYPE_DEPOSIT) {
 						// Using negative lines on deposit lead to headach and blocking problems when you want to consume them.
 						setEventMessages($langs->trans("ErrorLinesCantBeNegativeOnDeposits"), null, 'errors');
 					} else {
-						setEventMessages($langs->trans("ErrorFieldCantBeNegativeOnInvoice", $langs->transnoentitiesnoconv("UnitPriceHT"), $langs->transnoentitiesnoconv("CustomerAbsoluteDiscountShort")), null, 'errors');
+						setEventMessages($langs->trans("ErrorLinesCantBeNegativeForOneVATRate"), null, 'errors');
 					}
 					$error++;
 					$action = '';
@@ -793,7 +798,7 @@ if (empty($reshook))
 
 		$canconvert = 0;
 		if ($object->type == Facture::TYPE_DEPOSIT && empty($discountcheck->id)) $canconvert = 1; // we can convert deposit into discount if deposit is payed (completely, partially or not at all) and not already converted (see real condition into condition used to show button converttoreduc)
-		if (($object->type == Facture::TYPE_CREDIT_NOTE || $object->type == Facture::TYPE_STANDARD) && $object->paye == 0 && empty($discountcheck->id)) $canconvert = 1; // we can convert credit note into discount if credit note is not payed back and not already converted and amount of payment is 0 (see real condition into condition used to show button converttoreduc)
+		if (($object->type == Facture::TYPE_CREDIT_NOTE || $object->type == Facture::TYPE_STANDARD || $object->type == Facture::TYPE_SITUATION) && $object->paye == 0 && empty($discountcheck->id)) $canconvert = 1; // we can convert credit note into discount if credit note is not payed back and not already converted and amount of payment is 0 (see real condition into condition used to show button converttoreduc)
 		if ($canconvert)
 		{
 			$db->begin();
@@ -1694,7 +1699,17 @@ if (empty($reshook))
 				$object->fk_facture_source = $_POST['situations'];
 				$object->type = Facture::TYPE_SITUATION;
 
-				if (!empty($origin) && !empty($originid))
+
+                $object->retained_warranty = GETPOST('retained_warranty', 'int');
+                $object->retained_warranty_fk_cond_reglement = GETPOST('retained_warranty_fk_cond_reglement', 'int');
+
+                $retained_warranty_date_limit = GETPOST('retained_warranty_date_limit');
+                if (!empty($retained_warranty_date_limit) && $db->jdate($retained_warranty_date_limit)) {
+                    $object->retained_warranty_date_limit = $db->jdate($retained_warranty_date_limit);
+                }
+                $object->retained_warranty_date_limit = !empty($object->retained_warranty_date_limit) ? $object->retained_warranty_date_limit : $object->calculate_date_lim_reglement($object->retained_warranty_fk_cond_reglement);
+
+                if (!empty($origin) && !empty($originid))
 				{
 					$object->origin = $origin;
 					$object->origin_id = $originid;
@@ -2536,7 +2551,12 @@ if (empty($reshook))
                     $pa_ht = $originLine->pa_ht;
                     $label = $originLine->label;
                     $array_options = $originLine->array_options;
-                    $situation_percent = 100;
+                    if($object->type == Facture::TYPE_SITUATION){
+                        $situation_percent = 0;
+                    }
+                    else{
+                        $situation_percent = 100;
+                    }
                     $fk_prev_id = '';
                     $fk_unit = $originLine->fk_unit;
                     $pu_ht_devise = $originLine->multicurrency_subprice;
@@ -3012,7 +3032,7 @@ if ($action == 'create')
 			// First situation invoice
 			print '<div class="tagtr listofinvoicetype"><div class="tagtd listofinvoicetype">';
 			$tmp = '<input id="radio_situation" type="radio" name="type" value="5"'.(GETPOST('type') == 5 ? ' checked' : '').'> ';
-			$tmp  = $tmp.'<label for="radio_situation invoice" >'.$langs->trans("InvoiceFirstSituationAsk").'</label>';
+			$tmp  = $tmp.'<label for="radio_situation" >'.$langs->trans("InvoiceFirstSituationAsk").'</label>';
 			$desc = $form->textwithpicto($tmp, $langs->transnoentities("InvoiceFirstSituationDesc"), 1, 'help', '', 0, 3);
 			print $desc;
 			print '</div></div>';
@@ -3299,14 +3319,28 @@ if ($action == 'create')
 	        }
 
 	        $retained_warranty = GETPOST('retained_warranty', 'int');
-	        $retained_warranty = !empty($retained_warranty) ? $retained_warranty : $conf->global->INVOICE_SITUATION_DEFAULT_RETAINED_WARRANTY_PERCENT;
+	        if(empty($retained_warranty)){
+                if(!empty($objectsrc->retained_warranty)){ // use previous situation value
+                    $retained_warranty = $objectsrc->retained_warranty;
+                }else{
+                    $retained_warranty = $conf->global->INVOICE_SITUATION_DEFAULT_RETAINED_WARRANTY_PERCENT;
+                }
+            }
+
 	        print '<tr class="retained-warranty-line" style="'.$rwStyle.'" ><td class="nowrap">'.$langs->trans('RetainedWarranty').'</td><td colspan="2">';
 	        print '<input id="new-situation-invoice-retained-warranty" name="retained_warranty" type="number" value="'.$retained_warranty.'" step="0.01" min="0" max="100" />%';
 
 	        // Retained warranty payment term
 	        print '<tr class="retained-warranty-line" style="'.$rwStyle.'" ><td class="nowrap">'.$langs->trans('PaymentConditionsShortRetainedWarranty').'</td><td colspan="2">';
 	        $retained_warranty_fk_cond_reglement = GETPOST('retained_warranty_fk_cond_reglement', 'int');
-	        $retained_warranty_fk_cond_reglement = !empty($retained_warranty_fk_cond_reglement) ? $retained_warranty_fk_cond_reglement : $conf->global->INVOICE_SITUATION_DEFAULT_RETAINED_WARRANTY_COND_ID;
+	        if(empty($retained_warranty_fk_cond_reglement)){
+                $retained_warranty_fk_cond_reglement = $conf->global->INVOICE_SITUATION_DEFAULT_RETAINED_WARRANTY_COND_ID;
+                if(!empty($objectsrc->retained_warranty_fk_cond_reglement)){ // use previous situation value
+                    $retained_warranty_fk_cond_reglement = $objectsrc->retained_warranty_fk_cond_reglement;
+                }else{
+                    $retained_warranty_fk_cond_reglement = $conf->global->INVOICE_SITUATION_DEFAULT_RETAINED_WARRANTY_COND_ID;
+                }
+            }
 	        $form->select_conditions_paiements($retained_warranty_fk_cond_reglement, 'retained_warranty_fk_cond_reglement', -1, 1);
 	        print '</td></tr>';
 
@@ -3621,7 +3655,7 @@ elseif ($id > 0 || !empty($ref))
 
 	// Confirmation de la conversion de l'avoir en reduc
 	if ($action == 'converttoreduc') {
-		if ($object->type == Facture::TYPE_STANDARD) $type_fac = 'ExcessReceived';
+		if ($object->type == Facture::TYPE_STANDARD || $object->type == Facture::TYPE_SITUATION) $type_fac = 'ExcessReceived';
 		elseif ($object->type == Facture::TYPE_CREDIT_NOTE) $type_fac = 'CreditNote';
 		elseif ($object->type == Facture::TYPE_DEPOSIT) $type_fac = 'Deposit';
 		$text = $langs->trans('ConfirmConvertToReduc', strtolower($langs->transnoentities($type_fac)));
@@ -3889,7 +3923,7 @@ elseif ($id > 0 || !empty($ref))
 	}
 
 	// Call Hook formConfirm
-	$parameters = array('formConfirm' => $formconfirm, 'lineid' => $lineid);
+	$parameters = array('formConfirm' => $formconfirm, 'lineid' => $lineid, 'remainingtopay' => &$resteapayer);
 	$reshook = $hookmanager->executeHooks('formConfirm', $parameters, $object, $action); // Note that $action and $object may have been modified by hook
 	if (empty($reshook)) $formconfirm .= $hookmanager->resPrint;
 	elseif ($reshook > 0) $formconfirm = $hookmanager->resPrint;
@@ -4498,7 +4532,7 @@ elseif ($id > 0 || !empty($ref))
 
 	        $current_situation_counter = array();
 	        foreach ($object->tab_previous_situation_invoice as $prev_invoice) {
-	            $totalpaye = $prev_invoice->getSommePaiement();
+	            $totalpaye_prev = $prev_invoice->getSommePaiement();
 	            $total_prev_ht += $prev_invoice->total_ht;
 	            $total_prev_ttc += $prev_invoice->total_ttc;
 	            $current_situation_counter[] = (($prev_invoice->type == Facture::TYPE_CREDIT_NOTE) ?-1 : 1) * $prev_invoice->situation_counter;
@@ -4509,7 +4543,7 @@ elseif ($id > 0 || !empty($ref))
 	            if (!empty($conf->banque->enabled)) print '<td class="right"></td>';
 	            print '<td class="right">'.price($prev_invoice->total_ht).'</td>';
 	            print '<td class="right">'.price($prev_invoice->total_ttc).'</td>';
-	            print '<td class="right">'.$prev_invoice->getLibStatut(3, $totalpaye).'</td>';
+	            print '<td class="right">'.$prev_invoice->getLibStatut(3, $totalpaye_prev).'</td>';
 	            print '</tr>';
 	        }
 	    }
@@ -5074,9 +5108,9 @@ elseif ($id > 0 || !empty($ref))
 			}
 
 			// Reverse back money or convert to reduction
-			if ($object->type == Facture::TYPE_CREDIT_NOTE || $object->type == Facture::TYPE_DEPOSIT || $object->type == Facture::TYPE_STANDARD) {
+			if ($object->type == Facture::TYPE_CREDIT_NOTE || $object->type == Facture::TYPE_DEPOSIT || $object->type == Facture::TYPE_STANDARD || $object->type == Facture::TYPE_SITUATION) {
 				// For credit note only
-				if ($object->type == Facture::TYPE_CREDIT_NOTE && $object->statut == 1 && $object->paye == 0 && $usercanissuepayment)
+				if ($object->type == Facture::TYPE_CREDIT_NOTE && $object->statut == Facture::STATUS_VALIDATED && $object->paye == 0 && $usercanissuepayment)
 				{
 					if ($resteapayer == 0)
 					{
@@ -5089,12 +5123,12 @@ elseif ($id > 0 || !empty($ref))
 				}
 
 				// For standard invoice with excess received
-				if ($object->type == Facture::TYPE_STANDARD && empty($object->paye) && ($object->total_ttc - $totalpaye - $totalcreditnotes - $totaldeposits) < 0 && $usercancreate && empty($discount->id))
+				if (($object->type == Facture::TYPE_STANDARD || $object->type == Facture::TYPE_SITUATION) && $object->statut == Facture::STATUS_VALIDATED && empty($object->paye) && $resteapayer < 0 && $usercancreate && empty($discount->id))
 				{
 					print '<a class="butAction'.($conf->use_javascript_ajax ? ' reposition' : '').'" href="'.$_SERVER["PHP_SELF"].'?facid='.$object->id.'&amp;action=converttoreduc">'.$langs->trans('ConvertExcessReceivedToReduc').'</a>';
 				}
 				// For credit note
-				if ($object->type == Facture::TYPE_CREDIT_NOTE && $object->statut == 1 && $object->paye == 0 && $usercancreate
+				if ($object->type == Facture::TYPE_CREDIT_NOTE && $object->statut == Facture::STATUS_VALIDATED && $object->paye == 0 && $usercancreate
 					&& (! empty($conf->global->INVOICE_ALLOW_REUSE_OF_CREDIT_WHEN_PARTIALLY_REFUNDED) || $object->getSommePaiement() == 0)
 					) {
 					print '<a class="butAction'.($conf->use_javascript_ajax ? ' reposition' : '').'" href="'.$_SERVER["PHP_SELF"].'?facid='.$object->id.'&amp;action=converttoreduc" title="'.dol_escape_htmltag($langs->trans("ConfirmConvertToReduc2")).'">'.$langs->trans('ConvertToReduc').'</a>';
@@ -5107,7 +5141,7 @@ elseif ($id > 0 || !empty($ref))
 			}
 
 			// Classify paid
-			if (($object->statut == 1 && $object->paye == 0 && $usercanissuepayment && (($object->type != Facture::TYPE_CREDIT_NOTE && $object->type != Facture::TYPE_DEPOSIT && $resteapayer <= 0) || ($object->type == Facture::TYPE_CREDIT_NOTE && $resteapayer >= 0)))
+			if (($object->statut == Facture::STATUS_VALIDATED && $object->paye == 0 && $usercanissuepayment && (($object->type != Facture::TYPE_CREDIT_NOTE && $object->type != Facture::TYPE_DEPOSIT && $resteapayer <= 0) || ($object->type == Facture::TYPE_CREDIT_NOTE && $resteapayer >= 0)))
 				|| ($object->type == Facture::TYPE_DEPOSIT && $object->paye == 0 && $object->total_ttc > 0 && $resteapayer == 0 && $usercanissuepayment && empty($discount->id))
 			)
 			{
@@ -5116,7 +5150,7 @@ elseif ($id > 0 || !empty($ref))
 
 			// Classify 'closed not completely paid' (possible si validee et pas encore classee payee)
 
-			if ($object->statut == 1 && $object->paye == 0 && $resteapayer > 0 && $usercanissuepayment)
+			if ($object->statut == Facture::STATUS_VALIDATED && $object->paye == 0 && $resteapayer > 0 && $usercanissuepayment)
 			{
 				if ($totalpaye > 0 || $totalcreditnotes > 0)
 				{

htdocs/compta/facture/class/facture.class.php

@@ -221,6 +221,102 @@ class Facture extends CommonInvoice
 	 */
 	public $retained_warranty_fk_cond_reglement;
 
+
+	/**
+	 *  'type' if the field format ('integer', 'integer:ObjectClass:PathToClass[:AddCreateButtonOrNot[:Filter]]', 'varchar(x)', 'double(24,8)', 'real', 'price', 'text', 'html', 'date', 'datetime', 'timestamp', 'duration', 'mail', 'phone', 'url', 'password')
+	 *         Note: Filter can be a string like "(t.ref:like:'SO-%') or (t.date_creation:<:'20160101') or (t.nature:is:NULL)"
+	 *  'label' the translation key.
+	 *  'enabled' is a condition when the field must be managed.
+	 *  'position' is the sort order of field.
+	 *  'notnull' is set to 1 if not null in database. Set to -1 if we must set data to null if empty ('' or 0).
+	 *  'visible' says if field is visible in list (Examples: 0=Not visible, 1=Visible on list and create/update/view forms, 2=Visible on list only, 3=Visible on create/update/view form only (not list), 4=Visible on list and update/view form only (not create). 5=Visible on list and view only (not create/not update). Using a negative value means field is not shown by default on list but can be selected for viewing)
+	 *  'noteditable' says if field is not editable (1 or 0)
+	 *  'default' is a default value for creation (can still be overwrote by the Setup of Default Values if field is editable in creation form). Note: If default is set to '(PROV)' and field is 'ref', the default value will be set to '(PROVid)' where id is rowid when a new record is created.
+	 *  'index' if we want an index in database.
+	 *  'foreignkey'=>'tablename.field' if the field is a foreign key (it is recommanded to name the field fk_...).
+	 *  'searchall' is 1 if we want to search in this field when making a search from the quick search button.
+	 *  'isameasure' must be set to 1 if you want to have a total on list for this field. Field type must be summable like integer or double(24,8).
+	 *  'css' is the CSS style to use on field. For example: 'maxwidth200'
+	 *  'help' is a string visible as a tooltip on field
+	 *  'showoncombobox' if value of the field must be visible into the label of the combobox that list record
+	 *  'disabled' is 1 if we want to have the field locked by a 'disabled' attribute. In most cases, this is never set into the definition of $fields into class, but is set dynamically by some part of code.
+	 *  'arraykeyval' to set list of value if type is a list of predefined values. For example: array("0"=>"Draft","1"=>"Active","-1"=>"Cancel")
+	 *  'comment' is not used. You can store here any text of your choice. It is not used by application.
+	 *
+	 *  Note: To have value dynamic, you can set value to 0 in definition and edit the value on the fly into the constructor.
+	 */
+
+	// BEGIN MODULEBUILDER PROPERTIES
+	/**
+	 * @var array  Array with all fields and their property. Do not use it as a static var. It may be modified by constructor.
+	 */
+	public $fields = array(
+		'rowid' =>array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>10),
+		'ref' =>array('type'=>'varchar(30)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'showoncombobox'=>1, 'position'=>15),
+		'entity' =>array('type'=>'integer', 'label'=>'Entity', 'default'=>1, 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'position'=>20, 'index'=>1),
+		'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'Ref ext', 'enabled'=>1, 'visible'=>0, 'position'=>25),
+		'ref_int' =>array('type'=>'varchar(255)', 'label'=>'Ref int', 'enabled'=>1, 'visible'=>0, 'position'=>30),
+		'type' =>array('type'=>'smallint(6)', 'label'=>'Type', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>35),
+		'ref_client' =>array('type'=>'varchar(255)', 'label'=>'Ref client', 'enabled'=>1, 'visible'=>-1, 'position'=>40),
+		'increment' =>array('type'=>'varchar(10)', 'label'=>'Increment', 'enabled'=>1, 'visible'=>-1, 'position'=>45),
+		'fk_soc' =>array('type'=>'integer:Societe:societe/class/societe.class.php', 'label'=>'ThirdParty', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>50),
+		'datec' =>array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>1, 'visible'=>-1, 'position'=>55),
+		'datef' =>array('type'=>'date', 'label'=>'DateInvoice', 'enabled'=>1, 'visible'=>-1, 'position'=>60),
+		'date_valid' =>array('type'=>'date', 'label'=>'DateValidation', 'enabled'=>1, 'visible'=>-1, 'position'=>65),
+		'date_closing' =>array('type'=>'datetime', 'label'=>'Date closing', 'enabled'=>1, 'visible'=>-1, 'position'=>70),
+		'tms' =>array('type'=>'timestamp', 'label'=>'DateModification', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>75),
+		'paye' =>array('type'=>'smallint(6)', 'label'=>'InvoicePaidCompletely', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>80),
+		//'amount' =>array('type'=>'double(24,8)', 'label'=>'Amount', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>85),
+		'remise_percent' =>array('type'=>'double', 'label'=>'Remise percent', 'enabled'=>1, 'visible'=>-1, 'position'=>90),
+		'remise_absolue' =>array('type'=>'double', 'label'=>'Remise absolue', 'enabled'=>1, 'visible'=>-1, 'position'=>95),
+		'remise' =>array('type'=>'double', 'label'=>'Remise', 'enabled'=>1, 'visible'=>-1, 'position'=>100),
+		'close_code' =>array('type'=>'varchar(16)', 'label'=>'EarlyClosingReason', 'enabled'=>1, 'visible'=>-1, 'position'=>105),
+		'close_note' =>array('type'=>'varchar(128)', 'label'=>'EarlyClosingComment', 'enabled'=>1, 'visible'=>-1, 'position'=>110),
+		'tva' =>array('type'=>'double(24,8)', 'label'=>'TotalVAT', 'enabled'=>1, 'visible'=>-1, 'position'=>115, 'isameasure'=>1),
+		'localtax1' =>array('type'=>'double(24,8)', 'label'=>'Localtax1', 'enabled'=>1, 'visible'=>-1, 'position'=>120, 'isameasure'=>1),
+		'localtax2' =>array('type'=>'double(24,8)', 'label'=>'Localtax2', 'enabled'=>1, 'visible'=>-1, 'position'=>125, 'isameasure'=>1),
+		'revenuestamp' =>array('type'=>'double(24,8)', 'label'=>'RevenueStamp', 'enabled'=>1, 'visible'=>-1, 'position'=>130, 'isameasure'=>1),
+		'total' =>array('type'=>'double(24,8)', 'label'=>'TotalHT', 'enabled'=>1, 'visible'=>-1, 'position'=>135, 'isameasure'=>1),
+		'total_ttc' =>array('type'=>'double(24,8)', 'label'=>'TotalTTC', 'enabled'=>1, 'visible'=>-1, 'position'=>140, 'isameasure'=>1),
+		'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Status', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>500, 'arrayofkeyval'=>array(0=>'Draft', 1=>'Validated', 2=>'Paid', 3=>'Abandonned')),
+		'fk_user_author' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserAuthor', 'enabled'=>1, 'visible'=>-1, 'position'=>150),
+		'fk_user_modif' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserModif', 'enabled'=>1, 'visible'=>-2, 'notnull'=>-1, 'position'=>155),
+		'fk_user_valid' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserValidation', 'enabled'=>1, 'visible'=>-1, 'position'=>160),
+		'fk_user_closing' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserClosing', 'enabled'=>1, 'visible'=>-1, 'position'=>165),
+		'fk_facture_source' =>array('type'=>'integer', 'label'=>'SourceInvoice', 'enabled'=>1, 'visible'=>-1, 'position'=>170),
+		'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'enabled'=>1, 'visible'=>-1, 'position'=>175),
+		'fk_account' =>array('type'=>'integer', 'label'=>'Fk account', 'enabled'=>1, 'visible'=>-1, 'position'=>180),
+		'fk_currency' =>array('type'=>'varchar(3)', 'label'=>'CurrencyCode', 'enabled'=>1, 'visible'=>-1, 'position'=>185),
+		'fk_cond_reglement' =>array('type'=>'integer', 'label'=>'PaymentTerm', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>190),
+		'fk_mode_reglement' =>array('type'=>'integer', 'label'=>'PaymentMode', 'enabled'=>1, 'visible'=>-1, 'position'=>195),
+		'date_lim_reglement' =>array('type'=>'date', 'label'=>'DateDue', 'enabled'=>1, 'visible'=>-1, 'position'=>200),
+		'note_private' =>array('type'=>'text', 'label'=>'NotePublic', 'enabled'=>1, 'visible'=>0, 'position'=>205),
+		'note_public' =>array('type'=>'text', 'label'=>'NotePrivate', 'enabled'=>1, 'visible'=>0, 'position'=>210),
+		'model_pdf' =>array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>1, 'visible'=>0, 'position'=>215),
+		'extraparams' =>array('type'=>'varchar(255)', 'label'=>'Extraparams', 'enabled'=>1, 'visible'=>-1, 'position'=>225),
+		'situation_cycle_ref' =>array('type'=>'smallint(6)', 'label'=>'Situation cycle ref', 'enabled'=>'$conf->global->INVOICE_USE_SITUATION', 'visible'=>-1, 'position'=>230),
+		'situation_counter' =>array('type'=>'smallint(6)', 'label'=>'Situation counter', 'enabled'=>'$conf->global->INVOICE_USE_SITUATION', 'visible'=>-1, 'position'=>235),
+		'situation_final' =>array('type'=>'smallint(6)', 'label'=>'Situation final', 'enabled'=>'empty($conf->global->INVOICE_USE_SITUATION) ? 0 : 1', 'visible'=>-1, 'position'=>240),
+		'retained_warranty' =>array('type'=>'double', 'label'=>'Retained warranty', 'enabled'=>'$conf->global->INVOICE_USE_SITUATION_RETAINED_WARRANTY', 'visible'=>-1, 'position'=>245),
+		'retained_warranty_date_limit' =>array('type'=>'date', 'label'=>'Retained warranty date limit', 'enabled'=>'$conf->global->INVOICE_USE_SITUATION_RETAINED_WARRANTY', 'visible'=>-1, 'position'=>250),
+		'retained_warranty_fk_cond_reglement' =>array('type'=>'integer', 'label'=>'Retained warranty fk cond reglement', 'enabled'=>'$conf->global->INVOICE_USE_SITUATION_RETAINED_WARRANTY', 'visible'=>-1, 'position'=>255),
+		'fk_incoterms' =>array('type'=>'integer', 'label'=>'IncotermsCode', 'enabled'=>'$conf->incoterm->enabled', 'visible'=>-1, 'position'=>260),
+		'location_incoterms' =>array('type'=>'varchar(255)', 'label'=>'IncotermsLocation', 'enabled'=>'$conf->incoterm->enabled', 'visible'=>-1, 'position'=>265),
+		'date_pointoftax' =>array('type'=>'date', 'label'=>'DatePointOfTax', 'enabled'=>'$conf->global->INVOICE_POINTOFTAX_DATE', 'visible'=>-1, 'position'=>270),
+		'fk_multicurrency' =>array('type'=>'integer', 'label'=>'MulticurrencyID', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>275),
+		'multicurrency_code' =>array('type'=>'varchar(255)', 'label'=>'MulticurrencyCode', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>280),
+		'multicurrency_tx' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyRate', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>285),
+		'multicurrency_total_ht' =>array('type'=>'double(24,8)', 'label'=>'Multicurrency total ht', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>290),
+		'multicurrency_total_tva' =>array('type'=>'double(24,8)', 'label'=>'Multicurrency total tva', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>295),
+		'multicurrency_total_ttc' =>array('type'=>'double(24,8)', 'label'=>'Multicurrency total ttc', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>300),
+		'fk_fac_rec_source' =>array('type'=>'integer', 'label'=>'RecurringInvoiceSource', 'enabled'=>1, 'visible'=>-1, 'position'=>305),
+		'last_main_doc' =>array('type'=>'varchar(255)', 'label'=>'Last main doc', 'enabled'=>1, 'visible'=>-1, 'position'=>310),
+		'module_source' =>array('type'=>'varchar(32)', 'label'=>'POSModule', 'enabled'=>1, 'visible'=>-1, 'position'=>315),
+		'pos_source' =>array('type'=>'varchar(32)', 'label'=>'POSTerminal', 'enabled'=>1, 'visible'=>-1, 'position'=>320),
+		'import_key' =>array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>-2, 'position'=>220),
+	);
+	// END MODULEBUILDER PROPERTIES
+
     /**
      * Standard invoice
      */
@@ -380,7 +476,7 @@ class Facture extends CommonInvoice
 			$this->fk_project        = GETPOST('projectid', 'int') > 0 ? ((int) GETPOST('projectid', 'int')) : $_facrec->fk_project;
 			$this->note_public       = GETPOST('note_public', 'none') ? GETPOST('note_public', 'none') : $_facrec->note_public;
 			$this->note_private      = GETPOST('note_private', 'none') ? GETPOST('note_private', 'none') : $_facrec->note_private;
-			$this->modelpdf          = GETPOST('model', 'alpha') ? GETPOST('model', 'apha') : $_facrec->modelpdf;
+			$this->modelpdf          = GETPOST('model', 'alpha') ? GETPOST('model', 'alpha') : $_facrec->modelpdf;
 			$this->cond_reglement_id = GETPOST('cond_reglement_id', 'int') > 0 ? ((int) GETPOST('cond_reglement_id', 'int')) : $_facrec->cond_reglement_id;
 			$this->mode_reglement_id = GETPOST('mode_reglement_id', 'int') > 0 ? ((int) GETPOST('mode_reglement_id', 'int')) : $_facrec->mode_reglement_id;
 			$this->fk_account        = GETPOST('fk_account') > 0 ? ((int) GETPOST('fk_account')) : $_facrec->fk_account;
@@ -956,6 +1052,11 @@ class Facture extends CommonInvoice
 		$facture->situation_cycle_ref = $this->situation_cycle_ref;
 		$facture->situation_final = $this->situation_final;
 
+        $facture->retained_warranty = $this->retained_warranty;
+        $facture->retained_warranty_fk_cond_reglement = $this->retained_warranty_fk_cond_reglement;
+        $facture->retained_warranty_date_limit = $this->retained_warranty_date_limit;
+
+
 		// Loop on each line of new invoice
 		foreach ($facture->lines as $i => $tmpline)
 		{
@@ -1156,6 +1257,14 @@ class Facture extends CommonInvoice
 			$line->date_start = $object->lines[$i]->date_start;
 			$line->date_end = $object->lines[$i]->date_end;
 
+			// Multicurrency
+			$line->fk_multicurrency = $object->lines[$i]->fk_multicurrency;
+			$line->multicurrency_code = $object->lines[$i]->multicurrency_code;
+			$line->multicurrency_subprice = $object->lines[$i]->multicurrency_subprice;
+			$line->multicurrency_total_ht = $object->lines[$i]->multicurrency_total_ht;
+			$line->multicurrency_total_tva = $object->lines[$i]->multicurrency_total_tva;
+			$line->multicurrency_total_ttc = $object->lines[$i]->multicurrency_total_ttc;
+
 			$line->fk_fournprice = $object->lines[$i]->fk_fournprice;
 			$marginInfos			= getMarginInfos($object->lines[$i]->subprice, $object->lines[$i]->remise_percent, $object->lines[$i]->tva_tx, $object->lines[$i]->localtax1_tx, $object->lines[$i]->localtax2_tx, $object->lines[$i]->fk_fournprice, $object->lines[$i]->pa_ht);
 			$line->pa_ht			= $marginInfos[0];
@@ -1170,6 +1279,7 @@ class Facture extends CommonInvoice
 
 		$this->socid                = $object->socid;
 		$this->fk_project           = $object->fk_project;
+		$this->fk_account = $object->fk_account;
 		$this->cond_reglement_id    = $object->cond_reglement_id;
 		$this->mode_reglement_id    = $object->mode_reglement_id;
 		$this->availability_id      = $object->availability_id;
@@ -4481,15 +4591,40 @@ class Facture extends CommonInvoice
 		// Paid invoices have status STATUS_CLOSED
 		if ($this->statut != Facture::STATUS_VALIDATED) return false;
 
-		return $this->date_lim_reglement < ($now - $conf->facture->client->warning_delay);
+		$hasDelay = $this->date_lim_reglement < ($now - $conf->facture->client->warning_delay);
+		if($hasDelay && !empty($this->retained_warranty) && !empty($this->retained_warranty_date_limit))
+		{
+		    $totalpaye = $this->getSommePaiement();
+		    $totalpaye = floatval($totalpaye);
+		    $RetainedWarrantyAmount = $this->getRetainedWarrantyAmount();
+		    if($totalpaye >= 0 &&  $RetainedWarrantyAmount>= 0)
+		    {
+		        if( ($totalpaye < $this->total_ttc - $RetainedWarrantyAmount) && $this->date_lim_reglement < ($now - $conf->facture->client->warning_delay) )
+		        {
+		            $hasDelay = 1;
+		        }
+		        elseif($totalpaye < $this->total_ttc && $this->retained_warranty_date_limit < ($now - $conf->facture->client->warning_delay) )
+		        {
+		            $hasDelay = 1;
+		        }
+		        else
+		        {
+		            $hasDelay = 0;
+		        }
+		    }
+		}
+
+		return $hasDelay;
 	}
 
 
 	/**
+	 * @param	int			$rounding		Minimum number of decimal to show. If 0, no change, if -1, we use min($conf->global->MAIN_MAX_DECIMALS_UNIT,$conf->global->MAIN_MAX_DECIMALS_TOT)
 	 * @return number or -1 if not available
 	 */
-	public function getRetainedWarrantyAmount()
+	public function getRetainedWarrantyAmount($rounding = -1)
 	{
+		global $conf;
 	    if (empty($this->retained_warranty)) {
 	        return -1;
 	    }
@@ -4533,6 +4668,11 @@ class Facture extends CommonInvoice
 	        $retainedWarrantyAmount = $this->total_ttc * $this->retained_warranty / 100;
 	    }
 
+		if ($rounding < 0){
+			$rounding=min($conf->global->MAIN_MAX_DECIMALS_UNIT, $conf->global->MAIN_MAX_DECIMALS_TOT);
+			return round($retainedWarrantyAmount, 2);
+		}
+
 	    return $retainedWarrantyAmount;
 	}
 

htdocs/compta/facture/invoicetemplate_list.php

@@ -33,10 +33,7 @@ require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture-rec.class.php';
 require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
-if (!empty($conf->projet->enabled)) {
-	require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
-	//require_once DOL_DOCUMENT_ROOT . '/core/class/html.formprojet.class.php';
-}
+require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/invoice.lib.php';
@@ -54,6 +51,8 @@ $cancel     = GETPOST('cancel', 'alpha');
 $toselect   = GETPOST('toselect', 'array');
 $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'invoicetemplatelist'; // To manage different context of search
 
+$socid = GETPOST('socid', 'int');
+
 // Security check
 $id = (GETPOST('facid', 'int') ?GETPOST('facid', 'int') : GETPOST('id', 'int'));
 $lineid = GETPOST('lineid', 'int');
@@ -62,7 +61,6 @@ if ($user->socid) $socid = $user->socid;
 $objecttype = 'facture_rec';
 if ($action == "create" || $action == "add") $objecttype = '';
 $result = restrictedArea($user, 'facture', $id, $objecttype);
-$projectid = GETPOST('projectid', 'int');
 
 $search_ref = GETPOST('search_ref');
 $search_societe = GETPOST('search_societe');
@@ -146,6 +144,13 @@ if (is_array($extrafields->attributes[$object->table_element]['label']) && count
 $object->fields = dol_sort_array($object->fields, 'position');
 $arrayfields = dol_sort_array($arrayfields, 'position');
 
+if ($socid > 0) {
+	$tmpthirdparty = new Societe($db);
+	$res = $tmpthirdparty->fetch($socid);
+	if ($res > 0) $search_societe = $tmpthirdparty->name;
+}
+
+
 
 /*
  * Actions
@@ -218,6 +223,7 @@ $today = dol_mktime(23, 59, 59, $tmparray['mon'], $tmparray['mday'], $tmparray['
 /*
  *  List mode
  */
+
 $sql = "SELECT s.nom as name, s.rowid as socid, f.rowid as facid, f.titre as title, f.total, f.tva as total_vat, f.total_ttc, f.frequency, f.unit_frequency,";
 $sql .= " f.nb_gen_done, f.nb_gen_max, f.date_last_gen, f.date_when, f.suspended,";
 $sql .= " f.datec, f.tms,";
@@ -243,6 +249,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
 	$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 }
 if ($search_ref)                  $sql .= natural_search('f.titre', $search_ref);
+if ($socid)                       $sql .= ' AND s.rowid = '.(int) $socid;
 if ($search_societe)              $sql .= natural_search('s.nom', $search_societe);
 if ($search_montant_ht != '')     $sql .= natural_search('f.total', $search_montant_ht, 1);
 if ($search_montant_vat != '')    $sql .= natural_search('f.tva', $search_montant_vat, 1);
@@ -286,7 +293,7 @@ if ($resql)
 	$param = '';
 	if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.urlencode($contextpage);
 	if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.urlencode($limit);
-	if ($socid)                     $param .= '&socid='.urlencode($socid);
+	if ($socid > 0)                 $param .= '&socid='.urlencode($socid);
 	if ($search_day)                $param .= '&search_day='.urlencode($search_day);
 	if ($search_month)              $param .= '&search_month='.urlencode($search_month);
 	if ($search_year)               $param .= '&search_year='.urlencode($search_year);
@@ -299,12 +306,11 @@ if ($resql)
 	if ($search_montant_vat != '')  $param .= '&search_montant_vat='.urlencode($search_montant_vat);
 	if ($search_montant_ttc != '')  $param .= '&search_montant_ttc='.urlencode($search_montant_ttc);
 	if ($search_payment_mode != '') $param .= '&search_payment_mode='.urlencode($search_payment_mode);
-	if ($search_payment_type != '') $param .= '&search_payment_type='.urlencode($search_payment_type);
+	if ($search_payment_term != '') $param .= '&search_payment_term='.urlencode($search_payment_term);
 	if ($search_recurring != '' && $search_recurrning != '-1')    $param .= '&search_recurring='.urlencode($search_recurring);
 	if ($search_frequency > 0)        $param .= '&search_frequency='.urlencode($search_frequency);
 	if ($search_unit_frequency != '') $param .= '&search_unit_frequency='.urlencode($search_unit_frequency);
 	if ($search_status != '')		$param .= '&search_status='.urlencode($search_status);
-	if ($option)                    $param .= "&option=".urlencode($option);
 	if ($optioncss != '')           $param .= '&optioncss='.urlencode($optioncss);
 	// Add $param from extra fields
 	include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
@@ -326,12 +332,16 @@ if ($resql)
 	print '<input type="hidden" name="contextpage" value="'.$contextpage.'">';
 	print '<input type="hidden" name="viewstatut" value="'.$viewstatut.'">';
 
-	print_barre_liste($langs->trans("RepeatableInvoices"), $page, $_SERVER['PHP_SELF'], $param, $sortfield, $sortorder, '', $num, $nbtotalofrecords, 'invoicing', 0, '', '', $limit);
+	$title = $langs->trans("RepeatableInvoices");
+
+	print_barre_liste($title, $page, $_SERVER['PHP_SELF'], $param, $sortfield, $sortorder, '', $num, $nbtotalofrecords, 'invoicing', 0, '', '', $limit);
 
 	print '<span class="opacitymedium">'.$langs->trans("ToCreateAPredefinedInvoice", $langs->transnoentitiesnoconv("ChangeIntoRepeatableInvoice")).'</span><br><br>';
 
 	$i = 0;
 
+	$moreforfilter = '';
+
 	print '<div class="div-table-responsive">';
 	print '<table class="tagtable liste'.($moreforfilter ? " listwithfilterbefore" : "").'">'."\n";
 
@@ -467,7 +477,6 @@ if ($resql)
 	print '</td>';
 	print "</tr>\n";
 
-
 	print '<tr class="liste_titre">';
 	if (!empty($arrayfields['f.titre']['checked']))         print_liste_field_titre($arrayfields['f.titre']['label'], $_SERVER['PHP_SELF'], "f.titre", "", $param, "", $sortfield, $sortorder);
 	if (!empty($arrayfields['s.nom']['checked']))           print_liste_field_titre($arrayfields['s.nom']['label'], $_SERVER['PHP_SELF'], "s.nom", "", $param, "", $sortfield, $sortorder);

htdocs/compta/facture/list.php

@@ -982,6 +982,7 @@ if ($resql)
 
 			$facturestatic->id = $obj->id;
 			$facturestatic->ref = $obj->ref;
+			$facturestatic->ref_client = $obj->ref_client;
 			$facturestatic->type = $obj->type;
             $facturestatic->total_ht = $obj->total_ht;
             $facturestatic->total_tva = $obj->total_vat;
@@ -1071,7 +1072,7 @@ if ($resql)
 			// Customer ref
 			if (!empty($arrayfields['f.ref_client']['checked']))
 			{
-				print '<td class="nowrap">';
+				print '<td class="nowrap tdoverflowmax200">';
 				print $obj->ref_client;
 				print '</td>';
 				if (!$i) $totalarray['nbfield']++;

htdocs/compta/facture/stats/index.php

@@ -235,7 +235,9 @@ print '<div class="fichecenter"><div class="fichethirdleft">';
 
 // Show filter box
 print '<form name="stats" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
+print '<input type="hidden" name="token" value="'.newToken().'">';
 print '<input type="hidden" name="mode" value="'.$mode.'">';
+
 print '<table class="noborder centpercent">';
 print '<tr class="liste_titre"><td class="liste_titre" colspan="2">'.$langs->trans("Filter").'</td></tr>';
 // Company

htdocs/compta/index.php

@@ -455,7 +455,7 @@ if (!empty($conf->fournisseur->enabled) && $user->rights->fournisseur->facture->
 	$sql = "SELECT ff.rowid, ff.ref, ff.fk_statut, ff.libelle, ff.total_ht, ff.total_tva, ff.total_ttc, ff.tms, ff.paye";
 	$sql .= ", s.nom as name";
     $sql .= ", s.rowid as socid";
-    $sql .= ", s.code_fournisseur, s.code_compta_fournisseur";
+    $sql .= ", s.code_fournisseur, s.code_compta_fournisseur, s.email";
 	$sql .= ", SUM(pf.amount) as am";
 	$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_fourn as ff";
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiementfourn_facturefourn as pf on ff.rowid=pf.fk_facturefourn";
@@ -503,10 +503,14 @@ if (!empty($conf->fournisseur->enabled) && $user->rights->fournisseur->facture->
 
 				$thirdpartystatic->id = $obj->socid;
 				$thirdpartystatic->name = $obj->name;
+				$thirdpartystatic->email = $obj->email;
+				$thirdpartystatic->country_id = 0;
+				$thirdpartystatic->country_code = '';
+				$thirdpartystatic->client = 0;
 				$thirdpartystatic->fournisseur = 1;
-				//$thirdpartystatic->code_client = $obj->code_client;
+				$thirdpartystatic->code_client = '';
 				$thirdpartystatic->code_fournisseur = $obj->code_fournisseur;
-				//$thirdpartystatic->code_compta = $obj->code_compta;
+				$thirdpartystatic->code_compta = '';
 				$thirdpartystatic->code_compta_fournisseur = $obj->code_compta_fournisseur;
 
 				print '<tr class="oddeven nowraponall"><td>';

htdocs/compta/paiement.php

@@ -95,6 +95,8 @@ if (empty($reshook))
 	    $totalpayment = 0;
 		$multicurrency_totalpayment = 0;
 	    $atleastonepaymentnotnull = 0;
+		$formquestion = array();
+		$i = 0;
 
 	    // Generate payment array and check if there is payment higher than invoice and payment date before invoice date
 	    $tmpinvoice = new Facture($db);
@@ -214,7 +216,7 @@ if (empty($reshook))
 	{
 	    $error = 0;
 
-	    $datepaye = dol_mktime(12, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear'));
+	    $datepaye = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int'));
 
 	    $db->begin();
 
@@ -260,8 +262,10 @@ if (empty($reshook))
 	    $paiement->amounts      = $amounts; // Array with all payments dispatching with invoice id
 	    $paiement->multicurrency_amounts = $multicurrency_amounts; // Array with all payments dispatching
 	    $paiement->paiementid   = dol_getIdFromCode($db, GETPOST('paiementcode'), 'c_paiement', 'code', 'id', 1);
-	    $paiement->num_paiement = GETPOST('num_paiement', 'alpha');
-	    $paiement->note         = GETPOST('comment', 'alpha');
+	    $paiement->num_payment  = GETPOST('num_paiement', 'alpha');
+	    $paiement->note_private = GETPOST('comment', 'alpha');
+	    $paiement->num_paiement = $paiement->num_payment;		// For bacward compatibility
+	    $paiement->note         = $paiement->note_private;		// For bacward compatibility
 
 	    if (!$error)
 	    {

htdocs/compta/paiement/card.php

@@ -222,7 +222,7 @@ print '</td></tr>';
 // Payment type (VIR, LIQ, ...)
 $labeltype = $langs->trans("PaymentType".$object->type_code) != ("PaymentType".$object->type_code) ? $langs->trans("PaymentType".$object->type_code) : $object->type_label;
 print '<tr><td>'.$langs->trans('PaymentMode').'</td><td>'.$labeltype;
-print $object->num_paiement ? ' - '.$object->num_paiement : '';
+print $object->num_payment? ' - '.$object->num_payment : '';
 print '</td></tr>';
 
 // Amount
@@ -297,7 +297,7 @@ if (!empty($conf->banque->enabled))
 	print '<tr>';
 	print '<td>'.$langs->trans('BankTransactionLine').'</td>';
 	print '<td>';
-	print $bankline->getNomUrl(1, 0, 'showconciliated');
+	print $bankline->getNomUrl(1, 0, 'showconciliatedandaccounted');
 	print '</td>';
 	print '</tr>';
 }

htdocs/compta/paiement/class/paiement.class.php

@@ -608,7 +608,7 @@ class Paiement extends CommonObject
      */
     public function addPaymentToBank($user, $mode, $label, $accountid, $emetteur_nom, $emetteur_banque, $notrigger = 0)
     {
-        global $conf,$langs,$user;
+        global $conf, $langs, $user;
 
         $error=0;
         $bank_line_id=0;
@@ -628,7 +628,7 @@ class Paiement extends CommonObject
 
         	include_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
 
-            dol_syslog("$user->id,$mode,$label,$this->fk_account,$emetteur_nom,$emetteur_banque");
+            dol_syslog("$user->id, $mode, $label, $this->fk_account, $emetteur_nom, $emetteur_banque");
 
             $acc = new Account($this->db);
             $result=$acc->fetch($this->fk_account);
@@ -647,7 +647,7 @@ class Paiement extends CommonObject
                 $this->paiementid,  // Payment mode id or code ("CHQ or VIR for example")
                 $label,
                 $totalamount,		// Sign must be positive when we receive money (customer payment), negative when you give money (supplier invoice or credit note)
-                $this->num_paiement,
+                $this->num_payment,
                 '',
                 $user,
                 $emetteur_nom,

htdocs/compta/resultat/clientfourn.php

@@ -67,8 +67,7 @@ if (!$sortorder) $sortorder = 'ASC';
 
 // Date range
 $year = GETPOST('year', 'int');
-if (empty($year))
-{
+if (empty($year)) {
     $year_current = strftime("%Y", dol_now());
     $month_current = strftime("%m", dol_now());
     $year_start = $year_current;
@@ -114,7 +113,7 @@ $tmps = dol_getdate($date_start);
 $year_start = $tmps['year'];
 $tmpe = dol_getdate($date_end);
 $year_end = $tmpe['year'];
-$nbofyear = ($year_end - $start_year) + 1;
+$nbofyear = ($year_end - $year_start) + 1;
 //var_dump("year_start=".$year_start." year_end=".$year_end." nbofyear=".$nbofyear." date_start=".dol_print_date($date_start, 'dayhour')." date_end=".dol_print_date($date_end, 'dayhour'));
 
 // Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES' or 'BOOKKEEPING')
@@ -193,17 +192,21 @@ if (!empty($conf->accounting->enabled) && $modecompta != 'BOOKKEEPING')
 }
 
 // Show report array
-$param = '&modecompta='.$modecompta;
+$param = '&modecompta='.urlencode($modecompta).'&showaccountdetail='.urlencode($showaccountdetail);
 if ($date_startday) $param .= '&date_startday='.$date_startday;
 if ($date_startmonth) $param .= '&date_startmonth='.$date_startmonth;
 if ($date_startyear) $param .= '&date_startyear='.$date_startyear;
 if ($date_endday) $param .= '&date_endday='.$date_endday;
 if ($date_endmonth) $param .= '&date_endmonth='.$date_endmonth;
-if ($date_endyear) $param .= '&date_endyear='.$date_startyear;
+if ($date_endyear) $param .= '&date_endyear='.$date_endyear;
 
 print '<table class="noborder centpercent">';
 print '<tr class="liste_titre">';
-print_liste_field_titre("PredefinedGroups", $_SERVER["PHP_SELF"], 'f.thirdparty_code,f.rowid', '', $param, '', $sortfield, $sortorder, 'width200 ');
+if ($modecompta == 'BOOKKEEPING') {
+	print_liste_field_titre("PredefinedGroups", $_SERVER["PHP_SELF"], 'f.thirdparty_code,f.rowid', '', $param, '', $sortfield, $sortorder, 'width200 ');
+} else {
+	print_liste_field_titre("", $_SERVER["PHP_SELF"], '', '', $param, '', $sortfield, $sortorder, 'width200 ');
+}
 print_liste_field_titre('');
 if ($modecompta == 'BOOKKEEPING')
 {

htdocs/compta/stats/cabyprodserv.php

@@ -123,23 +123,25 @@ $year_end = $tmpe['year'];
 $nbofyear = ($year_end - $year_start) + 1;
 
 $commonparams=array();
-$commonparams['modecompta']=$modecompta;
-$commonparams['sortorder'] = $sortorder;
-$commonparams['sortfield'] = $sortfield;
+if (!empty($modecompta)) $commonparams['modecompta']=$modecompta;
+if (!empty($sortorder)) $commonparams['sortorder'] = $sortorder;
+if (!empty($sortfield)) $commonparams['sortfield'] = $sortfield;
 
 $headerparams = array();
-$headerparams['date_startyear'] = $date_startyear;
-$headerparams['date_startmonth'] = $date_startmonth;
-$headerparams['date_startday'] = $date_startday;
-$headerparams['date_endyear'] = $date_endyear;
-$headerparams['date_endmonth'] = $date_endmonth;
-$headerparams['date_endday'] = $date_endday;
+if (!empty($date_startyear)) $headerparams['date_startyear'] = $date_startyear;
+if (!empty($date_startmonth)) $headerparams['date_startmonth'] = $date_startmonth;
+if (!empty($date_startday)) $headerparams['date_startday'] = $date_startday;
+if (!empty($date_endyear)) $headerparams['date_endyear'] = $date_endyear;
+if (!empty($date_endmonth)) $headerparams['date_endmonth'] = $date_endmonth;
+if (!empty($date_endday)) $headerparams['date_endday'] = $date_endday;
+if (!empty($year)) $headerparams['year'] = $year;
+if (!empty($month)) $headerparams['month'] = $month;
 $headerparams['q'] = $q;
 
 $tableparams = array();
-$tableparams['search_categ'] = $selected_cat;
-$tableparams['search_soc'] = $selected_soc;
-$tableparams['search_type'] = $selected_type;
+if (!empty($selected_cat)) $tableparams['search_categ'] = $selected_cat;
+if (!empty($selected_soc)) $tableparams['search_soc'] = $selected_soc;
+if (!empty($selected_type)) $tableparams['search_type'] = $selected_type;
 $tableparams['subcat'] = ($subcat === true)?'yes':'';
 
 // Adding common parameters

htdocs/compta/tva/card.php

@@ -38,6 +38,9 @@ $action=GETPOST("action", "alpha");
 $refund=GETPOST("refund", "int");
 if (empty($refund)) $refund=0;
 
+$datev=dol_mktime(12, 0, 0, GETPOST("datevmonth", 'int'), GETPOST("datevday", 'int'), GETPOST("datevyear", 'int'));
+$datep=dol_mktime(12, 0, 0, GETPOST("datepmonth", 'int'), GETPOST("datepday", 'int'), GETPOST("datepyear", 'int'));
+
 // Security check
 $socid = GETPOST('socid', 'int');
 if ($user->socid) $socid=$user->socid;
@@ -81,12 +84,9 @@ if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel"))
 {
     $error=0;
 
-	$datev=dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]);
-    $datep=dol_mktime(12, 0, 0, $_POST["datepmonth"], $_POST["datepday"], $_POST["datepyear"]);
-
-    $object->accountid=GETPOST("accountid");
-    $object->type_payment=GETPOST("type_payment");
-	$object->num_payment=GETPOST("num_payment");
+    $object->accountid=GETPOST("accountid", 'int');
+    $object->type_payment=GETPOST("type_payment", 'alphanohtml');
+	$object->num_payment=GETPOST("num_payment", 'alphanohtml');
     $object->datev=$datev;
     $object->datep=$datep;
 
@@ -277,7 +277,7 @@ if ($action == 'create')
     if (! empty($conf->banque->enabled))
     {
 		print '<tr><td class="fieldrequired">'.$langs->trans("BankAccount").'</td><td>';
-        $form->select_comptes($_POST["accountid"], "accountid", 0, "courant=1", 1);  // Affiche liste des comptes courant
+		$form->select_comptes(GETPOST("accountid", 'int'), "accountid", 0, "courant=1", 2);  // List of bank account available
         print '</td></tr>';
     }
 

htdocs/compta/tva/document.php

@@ -70,8 +70,7 @@ if (! $sortfield) $sortfield="name";
 $object = new Tva($db);
 if ($id > 0) $object->fetch($id);
 
-$upload_dir = $conf->tax->dir_output.'/'.dol_sanitizeFileName($object->ref);
-$modulepart='tax';
+$upload_dir = $conf->tax->dir_output.'/vat/'.dol_sanitizeFileName($object->ref);
 
 
 /*
@@ -144,7 +143,7 @@ if ($object->id)
 
     dol_fiche_end();
 
-    $modulepart = 'tax';
+    $modulepart = 'tax-vat';
     $permission = $user->rights->tax->charges->creer;
     $permtoedit = $user->rights->fournisseur->facture->creer;
     $param = '&id=' . $object->id;

htdocs/contact/card.php

@@ -218,6 +218,8 @@ if (empty($reshook))
         $object->priv = GETPOST("priv", 'int');
         $object->note_public = GETPOST("note_public", 'none');
         $object->note_private = GETPOST("note_private", 'none');
+        $object->roles = GETPOST("roles", 'array');
+
         $object->statut			= 1; //Defult status to Actif
 
         // Note: Correct date should be completed with location to have exact GM time of birth.

htdocs/contact/class/contact.class.php

@@ -72,8 +72,8 @@ class Contact extends CommonObject
 		'entity' =>array('type'=>'integer', 'label'=>'Entity', 'default'=>1, 'enabled'=>1, 'visible'=>0, 'notnull'=>1, 'position'=>30, 'index'=>1),
 		'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'Ref ext', 'enabled'=>1, 'visible'=>0, 'position'=>35),
 		'civility' =>array('type'=>'varchar(6)', 'label'=>'Civility', 'enabled'=>1, 'visible'=>-1, 'position'=>40),
-		'lastname' =>array('type'=>'varchar(50)', 'label'=>'Lastname', 'enabled'=>1, 'visible'=>-1, 'position'=>45),
-		'firstname' =>array('type'=>'varchar(50)', 'label'=>'Firstname', 'enabled'=>1, 'visible'=>-1, 'position'=>50),
+		'lastname' =>array('type'=>'varchar(50)', 'label'=>'Lastname', 'enabled'=>1, 'visible'=>-1, 'position'=>45, 'showoncombobox'=>1),
+		'firstname' =>array('type'=>'varchar(50)', 'label'=>'Firstname', 'enabled'=>1, 'visible'=>-1, 'position'=>50, 'showoncombobox'=>1),
 		'address' =>array('type'=>'varchar(255)', 'label'=>'Address', 'enabled'=>1, 'visible'=>-1, 'position'=>55),
 		'zip' =>array('type'=>'varchar(25)', 'label'=>'Zip', 'enabled'=>1, 'visible'=>-1, 'position'=>60),
 		'town' =>array('type'=>'text', 'label'=>'Town', 'enabled'=>1, 'visible'=>-1, 'position'=>65),
@@ -354,7 +354,7 @@ class Contact extends CommonObject
 
 			if (!$error)
 			{
-                $result = $this->update($this->id, $user, 1, 'add');
+                $result = $this->update($this->id, $user, 1, 'add');	// This include updateRoles(), ...
                 if ($result < 0)
                 {
                     $error++;
@@ -988,19 +988,25 @@ class Contact extends CommonObject
 	}
 
 
+
 	/**
-	 * Set property ->gender from property ->civility_id
+	 * Set the property "gender" of this class, based on the property "civility_id"
+	 * or use property "civility_code" as fallback, when "civility_id" is not available.
 	 *
 	 * @return void
 	 */
 	public function setGenderFromCivility()
 	{
-	    unset($this->gender);
-    	if (in_array($this->civility_id, array('MR'))) {
-    	    $this->gender = 'man';
-    	} elseif (in_array($this->civility_id, array('MME', 'MLE'))) {
-    	    $this->gender = 'woman';
-    	}
+		unset($this->gender);
+
+		if (in_array($this->civility_id, array('MR')) || in_array($this->civility_code, array('MR')))
+		{
+			$this->gender = 'man';
+		}
+		elseif(in_array($this->civility_id, array('MME','MLE')) || in_array($this->civility_code, array('MME','MLE')))
+		{
+			$this->gender = 'woman';
+		}
 	}
 
     // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
@@ -1266,9 +1272,16 @@ class Contact extends CommonObject
 	{
 		global $conf, $langs, $hookmanager;
 
-		$result = '';
+		$result = ''; $label = '';
 
-        $label = '<u>'.$langs->trans("ShowContact").'</u>';
+		if (!empty($this->photo) && class_exists('Form'))
+		{
+			$label .= '<div class="photointooltip">';
+			$label .= Form::showphoto('contact', $this, 0, 40, 0, '', 'mini', 0); // Important, we must force height so image will have height tags and if image is inside a tooltip, the tooltip manager can calculate height and position correctly the tooltip.
+			$label .= '</div><div style="clear: both;"></div>';
+		}
+
+        $label .= '<u>'.$langs->trans("ShowContact").'</u>';
         $label .= '<br><b>'.$langs->trans("Name").':</b> '.$this->getFullName($langs);
         //if ($this->civility_id) $label.= '<br><b>' . $langs->trans("Civility") . ':</b> '.$this->civility_id;		// TODO Translate cibilty_id code
         if (!empty($this->poste)) $label .= '<br><b>'.$langs->trans("Poste").':</b> '.$this->poste;
@@ -1589,7 +1602,7 @@ class Contact extends CommonObject
 		$sql .= " AND tc.source = 'external' AND tc.active=1";
 		$sql .= " AND sc.entity IN (".getEntity('societe').')';
 
-		dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
+		dol_syslog(__METHOD__, LOG_DEBUG);
 
 		$this->roles = array();
 		$resql = $this->db->query($sql);
@@ -1626,6 +1639,10 @@ class Contact extends CommonObject
 	{
 		$tab = array();
 
+		if ($element == 'action') {
+			$element = 'agenda';
+		}
+
 		$sql = "SELECT sc.fk_socpeople as id, sc.fk_c_type_contact";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_type_contact tc";
 		$sql .= ", ".MAIN_DB_PREFIX."societe_contacts sc";
@@ -1634,7 +1651,7 @@ class Contact extends CommonObject
 		$sql .= " AND tc.element='".$element."'";
 		$sql .= " AND tc.active=1";
 
-		dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
+		dol_syslog(__METHOD__, LOG_DEBUG);
 		$resql = $this->db->query($sql);
 		if ($resql)
 		{
@@ -1674,7 +1691,7 @@ class Contact extends CommonObject
 
 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".$this->socid." AND fk_socpeople=".$this->id; ;
 
-		dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
+		dol_syslog(__METHOD__, LOG_DEBUG);
 		$result = $this->db->query($sql);
 		if (!$result) {
 			$this->errors[] = $this->db->lasterror().' sql='.$sql;
@@ -1694,7 +1711,7 @@ class Contact extends CommonObject
 					$sql .= $valRoles." , ";
 					$sql .= $this->id;
 					$sql .= ")";
-					dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
+					dol_syslog(__METHOD__, LOG_DEBUG);
 
 					$result = $this->db->query($sql);
 					if (!$result)

htdocs/contact/list.php

@@ -290,7 +290,7 @@ $title = (!empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("C
 
 $sql = "SELECT s.rowid as socid, s.nom as name,";
 $sql .= " p.rowid, p.lastname as lastname, p.statut, p.firstname, p.zip, p.town, p.poste, p.email, p.no_email,";
-$sql .= " p.socialnetworks,";
+$sql .= " p.socialnetworks, p.photo,";
 $sql .= " p.phone as phone_pro, p.phone_mobile, p.phone_perso, p.fax, p.fk_pays, p.priv, p.datec as date_creation, p.tms as date_update,";
 $sql .= " co.label as country, co.code as country_code";
 // Add fields from extrafields
@@ -786,7 +786,6 @@ while ($i < min($num, $limit))
 {
 	$obj = $db->fetch_object($result);
 
-	print '<tr class="oddeven">';
 	$arraysocialnetworks = (array) json_decode($obj->socialnetworks, true);
 	$contactstatic->lastname = $obj->lastname;
 	$contactstatic->firstname = '';
@@ -802,6 +801,9 @@ while ($i < min($num, $limit))
 	$contactstatic->socialnetworks = $arraysocialnetworks;
 	$contactstatic->country = $obj->country;
 	$contactstatic->country_code = $obj->country_code;
+	$contactstatic->photo = $obj->photo;
+
+	print '<tr class="oddeven">';
 
 	// ID
 	if (!empty($arrayfields['p.rowid']['checked']))

htdocs/contrat/class/contrat.class.php

@@ -2749,8 +2749,8 @@ class ContratLigne extends CommonObjectLine
 	/**
 	 *  Return label of this contract line status
 	 *
-	 *	@param	int		$mode       0=libelle long, 1=libelle court, 2=Picto + Libelle court, 3=Picto, 4=Picto + Libelle long, 5=Libelle court + Picto
-	 *  @return string      		Libelle
+	 *  @param  int		$mode       0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto, 6=Long label + Picto
+	 *  @return string      		Label of status
 	 */
 	public function getLibStatut($mode)
 	{
@@ -2762,10 +2762,10 @@ class ContratLigne extends CommonObjectLine
 	 *  Return label of a contract line status
 	 *
 	 *  @param	int		$status     Id status
-	 *	@param  int		$mode       0=libelle long, 1=libelle court, 2=Picto + Libelle court, 3=Picto, 4=Picto + Libelle long, 5=Libelle court + Picto
+	 *  @param  int		$mode       0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto, 6=Long label + Picto
 	 *	@param	int		$expired	0=Not expired, 1=Expired, -1=Both or unknown
 	 *  @param	string	$moreatt	More attribute
-	 *  @return string      		Libelle
+	 *  @return string      		Label of status
 	 */
 	public static function LibStatut($status, $mode, $expired = -1, $moreatt = '')
 	{

htdocs/contrat/list.php

@@ -705,9 +705,7 @@ while ($i < min($num, $limit))
 			$nbofsalesrepresentative = count($listsalesrepresentatives);
 			if ($nbofsalesrepresentative > 3) {
 				// We print only number
-				print '<a href="'.DOL_URL_ROOT.'/societe/commerciaux.php?socid='.$socstatic->id.'">';
 				print $nbofsalesrepresentative;
-				print '</a>';
 			}
 			elseif ($nbofsalesrepresentative > 0)
 			{
@@ -741,7 +739,7 @@ while ($i < min($num, $limit))
 	// Date
 	if (!empty($arrayfields['c.date_contrat']['checked']))
 	{
-		print '<td class="center">'.dol_print_date($db->jdate($obj->date_contrat), 'day', 'tzuser').'</td>';
+		print '<td class="center">'.dol_print_date($db->jdate($obj->date_contrat), 'day', 'tzserver').'</td>';
 	}
 	// Extra fields
 	include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_print_fields.tpl.php';

htdocs/core/actions_addupdatedelete.inc.php

@@ -76,7 +76,7 @@ if ($action == 'add' && !empty($permissiontoadd))
 		} elseif (preg_match('/^(integer|price|real|double)/', $object->fields[$key]['type'])) {
 			$value = price2num(GETPOST($key, 'none')); // To fix decimal separator according to lang setup
 		} else {
-			$value = GETPOST($key, 'alpha');
+			$value = GETPOST($key, 'alphanohtml');
 		}
 		if (preg_match('/^integer:/i', $object->fields[$key]['type']) && $value == '-1') $value = ''; // This is an implicit foreign key field
 		if (!empty($object->fields[$key]['foreignkey']) && $value == '-1') $value = ''; // This is an explicit foreign key field

htdocs/core/actions_massactions.inc.php

@@ -691,11 +691,11 @@ if ($massaction == 'confirm_createbills')   // Create bills from orders
 
 				for ($i = 0; $i < $num; $i++)
 				{
-					$desc = ($lines[$i]->desc ? $lines[$i]->desc : $lines[$i]->libelle);
+					$desc = ($lines[$i]->desc ? $lines[$i]->desc : '');
 					// If we build one invoice for several order, we must put the invoice of order on the line
 					if (!empty($createbills_onebythird))
 					{
-					    $desc = dol_concatdesc($desc, $langs->trans("Order").' '.$cmd->ref.' - '.dol_print_date($cmd->date, 'day', $langs));
+					    $desc = dol_concatdesc($desc, $langs->trans("Order").' '.$cmd->ref.' - '.dol_print_date($cmd->date, 'day'));
 					}
 
 					if ($lines[$i]->subprice < 0)
@@ -1215,6 +1215,8 @@ if (!$error && $massaction == 'closed' && $objectclass == "Propal" && $permissio
         $db->rollback();
     }
 }
+
+
 // Delete record from mass action (massaction = 'delete' for direct delete, action/confirm='delete'/'yes' with a confirmation step before)
 if (!$error && ($massaction == 'delete' || ($action == 'delete' && $confirm == 'yes')) && $permissiontodelete)
 {

htdocs/core/actions_setmoduleoptions.inc.php

@@ -64,6 +64,7 @@ if ($action == 'setModuleOptions')
     {
         foreach($_POST as $key => $val)
         {
+        	$reg = array();
             if (preg_match('/^param(\d*)$/', $key, $reg))    // Works for POST['param'], POST['param1'], POST['param2'], ...
             {
                 $param=GETPOST("param".$reg[1], 'alpha');

htdocs/core/ajax/pingresult.php

@@ -53,8 +53,8 @@ print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"])
 // If ok
 if ($action == 'firstpingok')
 {
-	// Note: pings are by installation, done on entity 1.
-	// Once this constant are set, no more ping will be tried (except if we add parameter &forceping=1 on URL). So we can say this are 'first' ping.
+	// Note: pings are per installed instances / entity.
+	// Once this constants are set, no more ping will be tried (except if we add parameter &forceping=1 on URL). So we can say this are 'first' ping.
 	dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_DATE', dol_print_date($now, 'dayhourlog', 'gmt'));
 	dolibarr_set_const($db, 'MAIN_FIRST_PING_OK_ID', $hash_unique_id);
 

htdocs/core/boxes/box_clients.php

@@ -95,7 +95,7 @@ class box_clients extends ModeleBoxes
             $sql.= ", s.code_compta_fournisseur";
             $sql.= ", s.logo";
             $sql.= ", s.email";
-            $sql.= ", s.datec, s.tms, s.status";
+            $sql.= ", s.datec, s.tms, s.status, s.entity";
 			$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
 			if (!$user->rights->societe->client->voir && !$user->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 			$sql.= " WHERE s.client IN (1, 3)";
@@ -127,6 +127,7 @@ class box_clients extends ModeleBoxes
                     $thirdpartystatic->fournisseur = $objp->fournisseur;
                     $thirdpartystatic->logo = $objp->logo;
                     $thirdpartystatic->email = $objp->email;
+					$thirdpartystatic->entity = $objp->entity;
 
                     $this->info_box_contents[$line][] = array(
                         'td' => '',

htdocs/core/boxes/box_commandes.php

@@ -72,6 +72,7 @@ class box_commandes extends ModeleBoxes
     public function loadBox($max = 5)
     {
         global $user, $langs, $conf;
+        $langs->load('orders');
 
         $this->max = $max;
 

htdocs/core/boxes/box_contacts.php

@@ -4,6 +4,7 @@
  * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@inodbox.com>
  * Copyright (C) 2015      Frederic France      <frederic.france@free.fr>
  * Copyright (C) 2018      Josep Lluís Amador   <joseplluis@lliuretic.cat>
+ * Copyright (C) 2020      Ferran Marcet	    <fmarcet@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -83,6 +84,7 @@ class box_contacts extends ModeleBoxes
 		if ($user->rights->societe->lire && $user->rights->societe->contact->lire)
 		{
 			$sql = "SELECT sp.rowid as id, sp.lastname, sp.firstname, sp.civility as civility_id, sp.datec, sp.tms, sp.fk_soc, sp.statut as status";
+
 			$sql .= ", sp.address, sp.zip, sp.town, sp.phone, sp.phone_perso, sp.phone_mobile, sp.email as spemail";
 			$sql .= ", s.nom as socname, s.name_alias, s.email as semail";
 			$sql .= ", s.client, s.fournisseur, s.code_client, s.code_fournisseur";

htdocs/core/boxes/box_fournisseurs.php

@@ -2,6 +2,7 @@
 /* Copyright (C) 2004-2006 Destailleur Laurent  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@inodbox.com>
  * Copyright (C) 2015-2019 Frederic France      <frederic.france@free.fr>
+ * Copyright (C) 2020      Pierre Ardoin      <mapiolca@me.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -86,7 +87,7 @@ class box_fournisseurs extends ModeleBoxes
         {
             $sql = "SELECT s.nom as name, s.rowid as socid, s.datec, s.tms, s.status,";
             $sql.= " s.code_fournisseur, s.email as semail,";
-            $sql.= " s.logo";
+            $sql.= " s.logo, s.code_compta_fournisseur, s.entity";
             $sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
             if (!$user->rights->societe->client->voir && !$user->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
             $sql.= " WHERE s.fournisseur = 1";
@@ -112,6 +113,8 @@ class box_fournisseurs extends ModeleBoxes
                     $thirdpartytmp->email = $objp->semail;
                     $thirdpartytmp->code_client = $objp->code_client;
                     $thirdpartytmp->logo = $objp->logo;
+                    $thirdpartytmp->code_compta_fournisseur = $objp->code_compta_fournisseur;
+                    $thirdpartytmp->entity = $objp->entity;
 
                    	$this->info_box_contents[$line][] = array(
                         'td' => '',

htdocs/core/boxes/box_graph_product_distribution.php

@@ -146,6 +146,7 @@ class box_graph_product_distribution extends ModeleBoxes
 				$mode = 'customer';
 				$stats_invoice = new FactureStats($this->db, $socid, $mode, ($userid > 0 ? $userid : 0));
 				$data1 = $stats_invoice->getAllByProductEntry($year, (GETPOST('action', 'aZ09') == $refreshaction ?-1 : (3600 * 24)));
+
 				if (empty($data1))
 				{
 					$showpointvalue = 0;
@@ -160,7 +161,7 @@ class box_graph_product_distribution extends ModeleBoxes
 				if (!$mesg)
 				{
 					$i = 0; $tot = count($data1); $legend = array();
-					while ($i <= $tot)
+					while ($i < $tot)
 					{
 						$data1[$i][0] = dol_trunc($data1[$i][0], 5); // Required to avoid error "Could not draw pie with labels contained inside canvas"
 						$legend[] = $data1[$i][0];
@@ -218,7 +219,7 @@ class box_graph_product_distribution extends ModeleBoxes
 				if (!$mesg)
 				{
 					$i = 0; $tot = count($data2); $legend = array();
-					while ($i <= $tot)
+					while ($i < $tot)
 					{
 						$data2[$i][0] = dol_trunc($data2[$i][0], 5); // Required to avoid error "Could not draw pie with labels contained inside canvas"
 						$legend[] = $data2[$i][0];
@@ -277,7 +278,7 @@ class box_graph_product_distribution extends ModeleBoxes
 				if (!$mesg)
 				{
 					$i = 0; $tot = count($data3); $legend = array();
-					while ($i <= $tot)
+					while ($i < $tot)
 					{
 						$data3[$i][0] = dol_trunc($data3[$i][0], 5); // Required to avoid error "Could not draw pie with labels contained inside canvas"
 						$legend[] = $data3[$i][0];

htdocs/core/boxes/box_project.php

@@ -3,6 +3,7 @@
  * Copyright (C) 2014      Marcos García          <marcosgdf@gmail.com>
  * Copyright (C) 2015      Frederic France        <frederic.france@free.fr>
  * Copyright (C) 2016      Juan José Menent       <jmenent@2byte.es>
+ * Copyright (C) 2020      Pierre Ardoin          <mapiolca@me.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -95,9 +96,10 @@ class box_project extends ModeleBoxes
             $projectsListId='';
             if (! $user->rights->projet->all->lire) $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, $socid);
 
-            $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public";
+            $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut as status, p.public";
             $sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
-            $sql.= " WHERE p.fk_statut = 1"; // Only open projects
+            $sql.= " WHERE p.entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok
+			$sql.= " AND p.fk_statut = 1"; // Only open projects
             if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users
 
             $sql.= " ORDER BY p.datec DESC";
@@ -115,6 +117,7 @@ class box_project extends ModeleBoxes
                     $projectstatic->ref = $objp->ref;
                     $projectstatic->title = $objp->title;
                     $projectstatic->public = $objp->public;
+                    $projectstatic->statut = $objp->status;
 
                     $this->info_box_contents[$i][] = array(
                         'td' => 'class="nowraponall"',
@@ -150,6 +153,7 @@ class box_project extends ModeleBoxes
                         $this->info_box_contents[$i][] = array('td' => 'class="right"', 'text' => round(0));
                         $this->info_box_contents[$i][] = array('td' => 'class="right"', 'text' => "N/A&nbsp;");
                     }
+                    $this->info_box_contents[$i][] = array('td' => 'class="right"', 'text' => $projectstatic->getLibStatut(3));
 
                     $i++;
                 }
@@ -164,22 +168,26 @@ class box_project extends ModeleBoxes
 
         // Add the sum à the bottom of the boxes
         $this->info_box_contents[$i][] = array(
-            'td' => '',
+            'td' => 'class="liste_total"',
             'text' => $langs->trans("Total")."&nbsp;".$textHead,
              'text' => "&nbsp;",
         );
         $this->info_box_contents[$i][] = array(
-            'td' => 'class="right" ',
+            'td' => 'class="right liste_total" ',
             'text' => round($num, 0)."&nbsp;".$langs->trans("Projects"),
         );
         $this->info_box_contents[$i][] = array(
-            'td' => 'class="right" ',
+            'td' => 'class="right liste_total" ',
             'text' => (($max < $num) ? '' : (round($totalnbTask, 0)."&nbsp;".$langs->trans("Tasks"))),
         );
         $this->info_box_contents[$i][] = array(
-            'td' => '',
+            'td' => 'class="liste_total"',
             'text' => "&nbsp;",
         );
+        $this->info_box_contents[$i][] = array(
+        	'td' => 'class="liste_total"',
+        	'text' => "&nbsp;",
+        );
     }
 
     /**

htdocs/core/boxes/box_propales.php

@@ -3,6 +3,7 @@
  * Copyright (C) 2004-2007 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@inodbox.com>
  * Copyright (C) 2015-2019 Frederic France      <frederic.france@netlogic.fr>
+ * Copyright (C) 2020      Pierre Ardoin        <mapiolca@me.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -84,7 +85,7 @@ class box_propales extends ModeleBoxes
 
     	if ($user->rights->propale->lire)
     	{
-    		$sql = "SELECT s.nom as name, s.rowid as socid, s.code_client, s.logo, s.email,";
+    		$sql = "SELECT s.nom as name, s.rowid as socid, s.code_client, s.logo, s.entity, s.email,";
     		$sql.= " p.rowid, p.ref, p.fk_statut, p.datep as dp, p.datec, p.fin_validite, p.date_cloture, p.total_ht, p.tva as total_tva, p.total as total_ttc, p.tms";
     		$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
     		$sql.= ", ".MAIN_DB_PREFIX."propal as p";
@@ -122,6 +123,7 @@ class box_propales extends ModeleBoxes
                     $societestatic->code_client = $objp->code_client;
                     $societestatic->logo = $objp->logo;
                     $societestatic->email = $objp->email;
+					$societestatic->entity = $objp->entity;
 
     				$late = '';
     				if ($objp->fk_statut == 1 && $dateterm < ($now - $conf->propal->cloture->warning_delay)) {

htdocs/core/boxes/box_shipments.php

@@ -77,6 +77,7 @@ class box_shipments extends ModeleBoxes
         $this->max = $max;
 
         include_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php';
+        include_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
         include_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
 
         $shipmentstatic = new Expedition($this->db);

htdocs/core/boxes/box_task.php

@@ -86,6 +86,7 @@ class box_task extends ModeleBoxes
 		$form = new Form($this->db);
         $cookie_name = 'boxfilter_task';
         $boxcontent = '';
+        $socid = $user->socid;
 
         $textHead = $langs->trans("CurentlyOpenedTasks");
 
@@ -97,7 +98,6 @@ class box_task extends ModeleBoxes
             $filterValue = $_COOKIE[$cookie_name];
         }
 
-
         if ($filterValue == 'im_task_contact') {
             $textHead .= ' : '.$langs->trans("WhichIamLinkedTo");
         }
@@ -127,15 +127,17 @@ class box_task extends ModeleBoxes
             $boxcontent .= '<button type="submit" class="button">'.$langs->trans("Refresh").'</button>';
             $boxcontent .= '</form>'."\n";
             $boxcontent .= '</div>'."\n";
-            $boxcontent .= '<script type="text/javascript" language="javascript">
-					jQuery(document).ready(function() {
-						jQuery("#idsubimg'.$this->boxcode.'").click(function() {
-							jQuery(".showiffilter'.$this->boxcode.'").toggle();
+            if (! empty($conf->use_javascript_ajax)) {
+	            $boxcontent .= '<script type="text/javascript" language="javascript">
+						jQuery(document).ready(function() {
+							jQuery("#idsubimg'.$this->boxcode.'").click(function() {
+								jQuery(".showiffilter'.$this->boxcode.'").toggle();
+							});
 						});
-					});
-					</script>';
-            // set cookie by js
-            $boxcontent .= '<script>date = new Date(); date.setTime(date.getTime()+(30*86400000)); document.cookie = "'.$cookie_name.'='.$filterValue.'; expires= " + date.toGMTString() + "; path=/ "; </script>';
+						</script>';
+	            // set cookie by js
+	            $boxcontent .= '<script>date = new Date(); date.setTime(date.getTime()+(30*86400000)); document.cookie = "'.$cookie_name.'='.$filterValue.'; expires= " + date.toGMTString() + "; path=/ "; </script>';
+            }
             $this->info_box_contents[0][] = array(
                 'tr'=>'class="nohover showiffilter'.$this->boxcode.' hideobject"',
                 'td' => 'class="nohover"',
@@ -143,6 +145,10 @@ class box_task extends ModeleBoxes
             );
 
 
+            // Get list of project id allowed to user (in a string list separated by coma)
+            $projectsListId = '';
+            if (!$user->rights->projet->all->lire) $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, $socid);
+
             $sql = "SELECT pt.rowid, pt.ref, pt.fk_projet, pt.fk_task_parent, pt.datec, pt.dateo, pt.datee, pt.datev, pt.label, pt.description, pt.duration_effective, pt.planned_workload, pt.progress";
 			$sql .= ", p.rowid project_id, p.ref project_ref, p.title project_title";
 
@@ -163,7 +169,7 @@ class box_task extends ModeleBoxes
 			$sql .= " AND p.fk_statut = ".Project::STATUS_VALIDATED;
 			$sql .= " AND (pt.progress < 100 OR pt.progress IS NULL ) "; // 100% is done and not displayed
             $sql .= " AND p.usage_task = 1 ";
-
+            if (!$user->rights->projet->all->lire) $sql .= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users
 
 			$sql .= " ORDER BY pt.datee ASC, pt.dateo ASC";
 			$sql .= $this->db->plimit($max, 0);